Google Git
Sign in
chromium / chromium / src.git / 0e14e87dac939b7d26f042250e93fe32883ae087 / . / net / socket / ssl_client_socket_pool.cc
blob: aea8887230790049a3975fb817b71ef0d774b264 [file] [log] [blame]
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/socket/ssl_client_socket_pool.h"
6
[email protected]c63248d42011-02-18 17:54:39[diff] [blame]7#include "base/metrics/field_trial.h"
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]8#include "base/metrics/histogram.h"
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]9#include "base/values.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]10#include "net/base/net_errors.h"
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]11#include "net/base/host_port_pair.h"
[email protected]277d5942010-08-11 21:02:35[diff] [blame]12#include "net/base/ssl_cert_request_info.h"
[email protected]33b511c2010-08-11 00:04:43[diff] [blame]13#include "net/http/http_proxy_client_socket.h"
14#include "net/http/http_proxy_client_socket_pool.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]15#include "net/socket/client_socket_factory.h"
16#include "net/socket/client_socket_handle.h"
[email protected]33b511c2010-08-11 00:04:43[diff] [blame]17#include "net/socket/socks_client_socket_pool.h"
18#include "net/socket/ssl_client_socket.h"
[email protected]d0672be2010-10-20 16:30:19[diff] [blame]19#include "net/socket/ssl_host_info.h"
[email protected]ab739042011-04-07 15:22:28[diff] [blame]20#include "net/socket/transport_client_socket_pool.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]21
22namespace net {
23
24SSLSocketParams::SSLSocketParams(
[email protected]ab739042011-04-07 15:22:28[diff] [blame]25 const scoped_refptr<TransportSocketParams>& transport_params,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]26 const scoped_refptr<SOCKSSocketParams>& socks_params,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]27 const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]28 ProxyServer::Scheme proxy,
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]29 const HostPortPair& host_and_port,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]30 const SSLConfig& ssl_config,
31 int load_flags,
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]32 bool force_spdy_over_ssl,
33 bool want_spdy_over_npn)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]34 : transport_params_(transport_params),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]35 http_proxy_params_(http_proxy_params),
36 socks_params_(socks_params),
37 proxy_(proxy),
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]38 host_and_port_(host_and_port),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]39 ssl_config_(ssl_config),
40 load_flags_(load_flags),
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]41 force_spdy_over_ssl_(force_spdy_over_ssl),
[email protected]0e14e87d2011-06-21 21:24:19[diff] [blame^]42 want_spdy_over_npn_(want_spdy_over_npn),
43 ignore_limits_(false) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]44 switch (proxy_) {
45 case ProxyServer::SCHEME_DIRECT:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]46 DCHECK(transport_params_.get() != NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]47 DCHECK(http_proxy_params_.get() == NULL);
48 DCHECK(socks_params_.get() == NULL);
[email protected]ab739042011-04-07 15:22:28[diff] [blame]49 ignore_limits_ = transport_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]50 break;
51 case ProxyServer::SCHEME_HTTP:
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]52 case ProxyServer::SCHEME_HTTPS:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]53 DCHECK(transport_params_.get() == NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]54 DCHECK(http_proxy_params_.get() != NULL);
55 DCHECK(socks_params_.get() == NULL);
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]56 ignore_limits_ = http_proxy_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]57 break;
58 case ProxyServer::SCHEME_SOCKS4:
59 case ProxyServer::SCHEME_SOCKS5:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]60 DCHECK(transport_params_.get() == NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]61 DCHECK(http_proxy_params_.get() == NULL);
62 DCHECK(socks_params_.get() != NULL);
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]63 ignore_limits_ = socks_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]64 break;
65 default:
66 LOG(DFATAL) << "unknown proxy type";
67 break;
68 }
69}
70
71SSLSocketParams::~SSLSocketParams() {}
72
73// Timeout for the SSL handshake portion of the connect.
74static const int kSSLHandshakeTimeoutInSeconds = 30;
75
76SSLConnectJob::SSLConnectJob(
77 const std::string& group_name,
78 const scoped_refptr<SSLSocketParams>& params,
79 const base::TimeDelta& timeout_duration,
[email protected]ab739042011-04-07 15:22:28[diff] [blame]80 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]81 SOCKSClientSocketPool* socks_pool,
82 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]83 ClientSocketFactory* client_socket_factory,
[email protected]73c45322010-10-01 23:57:54[diff] [blame]84 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]85 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]86 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]87 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]88 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]89 Delegate* delegate,
90 NetLog* net_log)
91 : ConnectJob(group_name, timeout_duration, delegate,
92 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
93 params_(params),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]94 transport_pool_(transport_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]95 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]96 http_proxy_pool_(http_proxy_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]97 client_socket_factory_(client_socket_factory),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]98 host_resolver_(host_resolver),
99 cert_verifier_(cert_verifier),
[email protected]2db580532010-10-08 14:32:37[diff] [blame]100 dnsrr_resolver_(dnsrr_resolver),
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]101 dns_cert_checker_(dns_cert_checker),
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]102 ssl_host_info_factory_(ssl_host_info_factory),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]103 ALLOW_THIS_IN_INITIALIZER_LIST(
104 callback_(this, &SSLConnectJob::OnIOComplete)) {}
105
106SSLConnectJob::~SSLConnectJob() {}
107
108LoadState SSLConnectJob::GetLoadState() const {
109 switch (next_state_) {
[email protected]135e2262010-07-17 00:32:04[diff] [blame]110 case STATE_TUNNEL_CONNECT_COMPLETE:
111 if (transport_socket_handle_->socket())
112 return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL;
113 // else, fall through.
[email protected]ab739042011-04-07 15:22:28[diff] [blame]114 case STATE_TRANSPORT_CONNECT:
115 case STATE_TRANSPORT_CONNECT_COMPLETE:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]116 case STATE_SOCKS_CONNECT:
117 case STATE_SOCKS_CONNECT_COMPLETE:
118 case STATE_TUNNEL_CONNECT:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]119 return transport_socket_handle_->GetLoadState();
120 case STATE_SSL_CONNECT:
121 case STATE_SSL_CONNECT_COMPLETE:
122 return LOAD_STATE_SSL_HANDSHAKE;
123 default:
124 NOTREACHED();
125 return LOAD_STATE_IDLE;
126 }
127}
128
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]129void SSLConnectJob::GetAdditionalErrorState(ClientSocketHandle * handle) {
130 // Headers in |error_response_info_| indicate a proxy tunnel setup
131 // problem. See DoTunnelConnectComplete.
132 if (error_response_info_.headers) {
133 handle->set_pending_http_proxy_connection(
134 transport_socket_handle_.release());
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]135 }
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]136 handle->set_ssl_error_response_info(error_response_info_);
137 if (!ssl_connect_start_time_.is_null())
138 handle->set_is_ssl_error(true);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]139}
140
141void SSLConnectJob::OnIOComplete(int result) {
142 int rv = DoLoop(result);
143 if (rv != ERR_IO_PENDING)
144 NotifyDelegateOfCompletion(rv); // Deletes |this|.
145}
146
147int SSLConnectJob::DoLoop(int result) {
148 DCHECK_NE(next_state_, STATE_NONE);
149
150 int rv = result;
151 do {
152 State state = next_state_;
153 next_state_ = STATE_NONE;
154 switch (state) {
[email protected]ab739042011-04-07 15:22:28[diff] [blame]155 case STATE_TRANSPORT_CONNECT:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]156 DCHECK_EQ(OK, rv);
[email protected]ab739042011-04-07 15:22:28[diff] [blame]157 rv = DoTransportConnect();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]158 break;
[email protected]ab739042011-04-07 15:22:28[diff] [blame]159 case STATE_TRANSPORT_CONNECT_COMPLETE:
160 rv = DoTransportConnectComplete(rv);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]161 break;
162 case STATE_SOCKS_CONNECT:
163 DCHECK_EQ(OK, rv);
164 rv = DoSOCKSConnect();
165 break;
166 case STATE_SOCKS_CONNECT_COMPLETE:
167 rv = DoSOCKSConnectComplete(rv);
168 break;
169 case STATE_TUNNEL_CONNECT:
170 DCHECK_EQ(OK, rv);
171 rv = DoTunnelConnect();
172 break;
173 case STATE_TUNNEL_CONNECT_COMPLETE:
174 rv = DoTunnelConnectComplete(rv);
175 break;
176 case STATE_SSL_CONNECT:
177 DCHECK_EQ(OK, rv);
178 rv = DoSSLConnect();
179 break;
180 case STATE_SSL_CONNECT_COMPLETE:
181 rv = DoSSLConnectComplete(rv);
182 break;
183 default:
184 NOTREACHED() << "bad state";
185 rv = ERR_FAILED;
186 break;
187 }
188 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
189
190 return rv;
191}
192
[email protected]ab739042011-04-07 15:22:28[diff] [blame]193int SSLConnectJob::DoTransportConnect() {
194 DCHECK(transport_pool_);
[email protected]899c3e92010-08-28 15:53:50[diff] [blame]195
[email protected]fd348122010-12-16 22:17:35[diff] [blame]196 if (ssl_host_info_factory_) {
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]197 ssl_host_info_.reset(
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]198 ssl_host_info_factory_->GetForHost(params_->host_and_port().host(),
[email protected]98f397e2010-10-26 13:56:57[diff] [blame]199 params_->ssl_config()));
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]200 }
[email protected]c6781de2011-01-06 19:49:43[diff] [blame]201
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]202 if (ssl_host_info_.get()) {
[email protected]0bc64522011-01-14 15:42:38[diff] [blame]203 if (dnsrr_resolver_)
204 ssl_host_info_->StartDnsLookup(dnsrr_resolver_);
205
[email protected]e1b261e2011-05-31 19:33:25[diff] [blame]206 // This starts fetching the SSL host info from the disk cache for early
207 // certificate verification and the TLS cached information extension.
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]208 ssl_host_info_->Start();
[email protected]4d52f192010-10-11 17:00:30[diff] [blame]209 }
210
[email protected]ab739042011-04-07 15:22:28[diff] [blame]211 next_state_ = STATE_TRANSPORT_CONNECT_COMPLETE;
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]212 transport_socket_handle_.reset(new ClientSocketHandle());
[email protected]ab739042011-04-07 15:22:28[diff] [blame]213 scoped_refptr<TransportSocketParams> transport_params =
214 params_->transport_params();
215 return transport_socket_handle_->Init(
216 group_name(),
217 transport_params,
218 transport_params->destination().priority(),
219 &callback_, transport_pool_, net_log());
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]220}
221
[email protected]ab739042011-04-07 15:22:28[diff] [blame]222int SSLConnectJob::DoTransportConnectComplete(int result) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]223 if (result == OK)
224 next_state_ = STATE_SSL_CONNECT;
225
226 return result;
227}
228
229int SSLConnectJob::DoSOCKSConnect() {
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]230 DCHECK(socks_pool_);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]231 next_state_ = STATE_SOCKS_CONNECT_COMPLETE;
232 transport_socket_handle_.reset(new ClientSocketHandle());
233 scoped_refptr<SOCKSSocketParams> socks_params = params_->socks_params();
234 return transport_socket_handle_->Init(group_name(), socks_params,
235 socks_params->destination().priority(),
236 &callback_, socks_pool_, net_log());
237}
238
239int SSLConnectJob::DoSOCKSConnectComplete(int result) {
240 if (result == OK)
241 next_state_ = STATE_SSL_CONNECT;
242
243 return result;
244}
245
246int SSLConnectJob::DoTunnelConnect() {
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]247 DCHECK(http_proxy_pool_);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]248 next_state_ = STATE_TUNNEL_CONNECT_COMPLETE;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]249
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]250 transport_socket_handle_.reset(new ClientSocketHandle());
251 scoped_refptr<HttpProxySocketParams> http_proxy_params =
252 params_->http_proxy_params();
253 return transport_socket_handle_->Init(
254 group_name(), http_proxy_params,
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]255 http_proxy_params->destination().priority(), &callback_,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]256 http_proxy_pool_, net_log());
257}
258
259int SSLConnectJob::DoTunnelConnectComplete(int result) {
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]260 // Extract the information needed to prompt for appropriate proxy
261 // authentication so that when ClientSocketPoolBaseHelper calls
262 // |GetAdditionalErrorState|, we can easily set the state.
263 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
264 error_response_info_ = transport_socket_handle_->ssl_error_response_info();
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]265 } else if (result == ERR_PROXY_AUTH_REQUESTED ||
266 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]267 StreamSocket* socket = transport_socket_handle_->socket();
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]268 HttpProxyClientSocket* tunnel_socket =
269 static_cast<HttpProxyClientSocket*>(socket);
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]270 error_response_info_ = *tunnel_socket->GetConnectResponseInfo();
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]271 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]272 if (result < 0)
273 return result;
274
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]275 next_state_ = STATE_SSL_CONNECT;
276 return result;
277}
278
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]279int SSLConnectJob::DoSSLConnect() {
280 next_state_ = STATE_SSL_CONNECT_COMPLETE;
281 // Reset the timeout to just the time allowed for the SSL handshake.
282 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds));
283 ssl_connect_start_time_ = base::TimeTicks::Now();
284
285 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]286 transport_socket_handle_.release(), params_->host_and_port(),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]287 params_->ssl_config(), ssl_host_info_.release(), cert_verifier_,
288 dns_cert_checker_));
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]289 return ssl_socket_->Connect(&callback_);
290}
291
292int SSLConnectJob::DoSSLConnectComplete(int result) {
293 SSLClientSocket::NextProtoStatus status =
294 SSLClientSocket::kNextProtoUnsupported;
295 std::string proto;
296 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket
297 // that hasn't had SSL_ImportFD called on it. If we get a certificate error
298 // here, then we know that we called SSL_ImportFD.
299 if (result == OK || IsCertificateError(result))
300 status = ssl_socket_->GetNextProto(&proto);
301
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]302 // If we want spdy over npn, make sure it succeeded.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]303 if (status == SSLClientSocket::kNextProtoNegotiated) {
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]304 ssl_socket_->set_was_npn_negotiated(true);
[email protected]bace48c2010-08-03 20:52:02[diff] [blame]305 SSLClientSocket::NextProto next_protocol =
306 SSLClientSocket::NextProtoFromString(proto);
307 // If we negotiated either version of SPDY, we must have
308 // advertised it, so allow it.
309 // TODO(mbelshe): verify it was a protocol we advertised?
310 if (next_protocol == SSLClientSocket::kProtoSPDY1 ||
311 next_protocol == SSLClientSocket::kProtoSPDY2) {
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]312 ssl_socket_->set_was_spdy_negotiated(true);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]313 }
314 }
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]315 if (params_->want_spdy_over_npn() && !ssl_socket_->was_spdy_negotiated())
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]316 return ERR_NPN_NEGOTIATION_FAILED;
317
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]318 // Spdy might be turned on by default, or it might be over npn.
319 bool using_spdy = params_->force_spdy_over_ssl() ||
320 params_->want_spdy_over_npn();
321
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]322 if (result == OK ||
323 ssl_socket_->IgnoreCertError(result, params_->load_flags())) {
324 DCHECK(ssl_connect_start_time_ != base::TimeTicks());
325 base::TimeDelta connect_duration =
326 base::TimeTicks::Now() - ssl_connect_start_time_;
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]327 if (using_spdy) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]328 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SpdyConnectionLatency",
329 connect_duration,
330 base::TimeDelta::FromMilliseconds(1),
331 base::TimeDelta::FromMinutes(10),
332 100);
[email protected]f906bfe2011-06-09 16:35:24[diff] [blame]333 }
334
335 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency",
336 connect_duration,
337 base::TimeDelta::FromMilliseconds(1),
338 base::TimeDelta::FromMinutes(10),
339 100);
340
341 const std::string& host = params_->host_and_port().host();
342 bool is_google = host == "google.com" ||
343 (host.size() > 11 &&
344 host.rfind(".google.com") == host.size() - 11);
345 if (is_google) {
346 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google",
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]347 connect_duration,
348 base::TimeDelta::FromMilliseconds(1),
349 base::TimeDelta::FromMinutes(10),
350 100);
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]351 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]352 }
[email protected]8b498692010-07-16 17:11:43[diff] [blame]353
354 if (result == OK || IsCertificateError(result)) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]355 set_socket(ssl_socket_.release());
[email protected]8b498692010-07-16 17:11:43[diff] [blame]356 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
357 error_response_info_.cert_request_info = new SSLCertRequestInfo;
358 ssl_socket_->GetSSLCertRequestInfo(error_response_info_.cert_request_info);
359 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]360
361 return result;
362}
363
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]364int SSLConnectJob::ConnectInternal() {
365 switch (params_->proxy()) {
366 case ProxyServer::SCHEME_DIRECT:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]367 next_state_ = STATE_TRANSPORT_CONNECT;
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]368 break;
369 case ProxyServer::SCHEME_HTTP:
370 case ProxyServer::SCHEME_HTTPS:
371 next_state_ = STATE_TUNNEL_CONNECT;
372 break;
373 case ProxyServer::SCHEME_SOCKS4:
374 case ProxyServer::SCHEME_SOCKS5:
375 next_state_ = STATE_SOCKS_CONNECT;
376 break;
377 default:
378 NOTREACHED() << "unknown proxy type";
379 break;
380 }
381 return DoLoop(OK);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]382}
383
384SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
[email protected]ab739042011-04-07 15:22:28[diff] [blame]385 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]386 SOCKSClientSocketPool* socks_pool,
387 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]388 ClientSocketFactory* client_socket_factory,
389 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]390 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]391 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]392 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]393 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]394 NetLog* net_log)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]395 : transport_pool_(transport_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]396 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]397 http_proxy_pool_(http_proxy_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]398 client_socket_factory_(client_socket_factory),
399 host_resolver_(host_resolver),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]400 cert_verifier_(cert_verifier),
[email protected]2db580532010-10-08 14:32:37[diff] [blame]401 dnsrr_resolver_(dnsrr_resolver),
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]402 dns_cert_checker_(dns_cert_checker),
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]403 ssl_host_info_factory_(ssl_host_info_factory),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]404 net_log_(net_log) {
405 base::TimeDelta max_transport_timeout = base::TimeDelta();
406 base::TimeDelta pool_timeout;
[email protected]ab739042011-04-07 15:22:28[diff] [blame]407 if (transport_pool_)
408 max_transport_timeout = transport_pool_->ConnectionTimeout();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]409 if (socks_pool_) {
410 pool_timeout = socks_pool_->ConnectionTimeout();
411 if (pool_timeout > max_transport_timeout)
412 max_transport_timeout = pool_timeout;
413 }
414 if (http_proxy_pool_) {
415 pool_timeout = http_proxy_pool_->ConnectionTimeout();
416 if (pool_timeout > max_transport_timeout)
417 max_transport_timeout = pool_timeout;
418 }
419 timeout_ = max_transport_timeout +
420 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds);
421}
422
423SSLClientSocketPool::SSLClientSocketPool(
424 int max_sockets,
425 int max_sockets_per_group,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]426 ClientSocketPoolHistograms* histograms,
[email protected]73c45322010-10-01 23:57:54[diff] [blame]427 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]428 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]429 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]430 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]431 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]432 ClientSocketFactory* client_socket_factory,
[email protected]ab739042011-04-07 15:22:28[diff] [blame]433 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]434 SOCKSClientSocketPool* socks_pool,
435 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]436 SSLConfigService* ssl_config_service,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]437 NetLog* net_log)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]438 : transport_pool_(transport_pool),
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]439 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]440 http_proxy_pool_(http_proxy_pool),
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]441 base_(max_sockets, max_sockets_per_group, histograms,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]442 base::TimeDelta::FromSeconds(
443 ClientSocketPool::unused_idle_socket_timeout()),
444 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]445 new SSLConnectJobFactory(transport_pool,
446 socks_pool,
447 http_proxy_pool,
448 client_socket_factory,
449 host_resolver,
450 cert_verifier,
451 dnsrr_resolver,
452 dns_cert_checker,
453 ssl_host_info_factory,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]454 net_log)),
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]455 ssl_config_service_(ssl_config_service) {
456 if (ssl_config_service_)
457 ssl_config_service_->AddObserver(this);
458}
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]459
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]460SSLClientSocketPool::~SSLClientSocketPool() {
461 if (ssl_config_service_)
462 ssl_config_service_->RemoveObserver(this);
463}
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]464
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]465ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
466 const std::string& group_name,
467 const PoolBase::Request& request,
468 ConnectJob::Delegate* delegate) const {
469 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]470 transport_pool_, socks_pool_, http_proxy_pool_,
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]471 client_socket_factory_, host_resolver_,
472 cert_verifier_, dnsrr_resolver_, dns_cert_checker_,
473 ssl_host_info_factory_, delegate, net_log_);
474}
475
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]476int SSLClientSocketPool::RequestSocket(const std::string& group_name,
477 const void* socket_params,
478 RequestPriority priority,
479 ClientSocketHandle* handle,
480 CompletionCallback* callback,
481 const BoundNetLog& net_log) {
482 const scoped_refptr<SSLSocketParams>* casted_socket_params =
483 static_cast<const scoped_refptr<SSLSocketParams>*>(socket_params);
484
485 return base_.RequestSocket(group_name, *casted_socket_params, priority,
486 handle, callback, net_log);
487}
488
[email protected]2c2bef152010-10-13 00:55:03[diff] [blame]489void SSLClientSocketPool::RequestSockets(
490 const std::string& group_name,
491 const void* params,
492 int num_sockets,
493 const BoundNetLog& net_log) {
494 const scoped_refptr<SSLSocketParams>* casted_params =
495 static_cast<const scoped_refptr<SSLSocketParams>*>(params);
496
497 base_.RequestSockets(group_name, *casted_params, num_sockets, net_log);
498}
499
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]500void SSLClientSocketPool::CancelRequest(const std::string& group_name,
[email protected]05ea9ff2010-07-15 19:08:21[diff] [blame]501 ClientSocketHandle* handle) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]502 base_.CancelRequest(group_name, handle);
503}
504
505void SSLClientSocketPool::ReleaseSocket(const std::string& group_name,
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]506 StreamSocket* socket, int id) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]507 base_.ReleaseSocket(group_name, socket, id);
508}
509
510void SSLClientSocketPool::Flush() {
511 base_.Flush();
512}
513
514void SSLClientSocketPool::CloseIdleSockets() {
515 base_.CloseIdleSockets();
516}
517
[email protected]ddb1e5a2010-12-13 20:10:45[diff] [blame]518int SSLClientSocketPool::IdleSocketCount() const {
519 return base_.idle_socket_count();
520}
521
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]522int SSLClientSocketPool::IdleSocketCountInGroup(
523 const std::string& group_name) const {
524 return base_.IdleSocketCountInGroup(group_name);
525}
526
527LoadState SSLClientSocketPool::GetLoadState(
528 const std::string& group_name, const ClientSocketHandle* handle) const {
529 return base_.GetLoadState(group_name, handle);
530}
531
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]532DictionaryValue* SSLClientSocketPool::GetInfoAsValue(
533 const std::string& name,
534 const std::string& type,
535 bool include_nested_pools) const {
536 DictionaryValue* dict = base_.GetInfoAsValue(name, type);
537 if (include_nested_pools) {
538 ListValue* list = new ListValue();
[email protected]ab739042011-04-07 15:22:28[diff] [blame]539 if (transport_pool_) {
540 list->Append(transport_pool_->GetInfoAsValue("transport_socket_pool",
541 "transport_socket_pool",
542 false));
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]543 }
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]544 if (socks_pool_) {
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]545 list->Append(socks_pool_->GetInfoAsValue("socks_pool",
546 "socks_pool",
547 true));
548 }
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]549 if (http_proxy_pool_) {
550 list->Append(http_proxy_pool_->GetInfoAsValue("http_proxy_pool",
551 "http_proxy_pool",
552 true));
553 }
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]554 dict->Set("nested_pools", list);
555 }
556 return dict;
557}
558
[email protected]ddb1e5a2010-12-13 20:10:45[diff] [blame]559base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const {
560 return base_.ConnectionTimeout();
561}
562
563ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const {
564 return base_.histograms();
565}
566
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]567void SSLClientSocketPool::OnSSLConfigChanged() {
568 Flush();
569}
570
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]571} // namespace net