Google Git
Sign in
chromium / chromium / src.git / 1fd259a0929d9c8ee68923e29ec1bd60d88f5690 / . / net / http / http_network_transaction.cc
blob: 5a70587ceb2caf09f465da3094611638755004b4 [file] [log] [blame]
[email protected]49ed6cc2012-02-02 08:59:16[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]d102f542010-06-30 14:51:05[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
license.botbf09a502008-08-24 00:55:55[diff] [blame]3// found in the LICENSE file.
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]4
5#include "net/http/http_network_transaction.h"
6
danakj1fd259a02016-04-16 03:17:09[diff] [blame^]7#include <memory>
[email protected]2fbaecf22010-07-22 22:20:35[diff] [blame]8#include <set>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]9#include <utility>
[email protected]2fbaecf22010-07-22 22:20:35[diff] [blame]10#include <vector>
11
nharperb7441ef2016-01-25 23:54:14[diff] [blame]12#include "base/base64url.h"
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]13#include "base/bind.h"
14#include "base/bind_helpers.h"
[email protected]68bf9152008-09-25 19:47:30[diff] [blame]15#include "base/compiler_specific.h"
[email protected]270c6412010-03-29 22:02:47[diff] [blame]16#include "base/format_macros.h"
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]17#include "base/metrics/field_trial.h"
asvitkinec3c93722015-06-17 14:48:37[diff] [blame]18#include "base/metrics/histogram_macros.h"
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]19#include "base/metrics/sparse_histogram.h"
vadimt09e7ebe2014-10-29 22:10:41[diff] [blame]20#include "base/profiler/scoped_tracker.h"
[email protected]7286e3fc2011-07-19 22:13:24[diff] [blame]21#include "base/stl_util.h"
[email protected]125ef482013-06-11 18:32:47[diff] [blame]22#include "base/strings/string_number_conversions.h"
23#include "base/strings/string_util.h"
24#include "base/strings/stringprintf.h"
[email protected]3d498f72013-10-28 21:17:40[diff] [blame]25#include "base/time/time.h"
[email protected]db74b0102012-05-31 19:55:53[diff] [blame]26#include "base/values.h"
[email protected]68bf9152008-09-25 19:47:30[diff] [blame]27#include "build/build_config.h"
[email protected]277d5942010-08-11 21:02:35[diff] [blame]28#include "net/base/auth.h"
[email protected]2d6728692011-03-12 01:39:55[diff] [blame]29#include "net/base/host_port_pair.h"
[email protected]74a85ce2009-02-12 00:03:19[diff] [blame]30#include "net/base/io_buffer.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]31#include "net/base/load_flags.h"
[email protected]58e32bb2013-01-21 18:23:25[diff] [blame]32#include "net/base/load_timing_info.h"
[email protected]597cf6e2009-05-29 09:43:26[diff] [blame]33#include "net/base/net_errors.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]34#include "net/base/upload_data_stream.h"
tfarina7a4a7fd2016-01-20 14:23:44[diff] [blame]35#include "net/base/url_util.h"
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]36#include "net/http/http_auth.h"
37#include "net/http/http_auth_handler.h"
[email protected]fa82f932010-05-20 11:09:24[diff] [blame]38#include "net/http/http_auth_handler_factory.h"
[email protected]8d5a34e2009-06-11 21:21:36[diff] [blame]39#include "net/http/http_basic_stream.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]40#include "net/http/http_chunked_decoder.h"
41#include "net/http/http_network_session.h"
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]42#include "net/http/http_proxy_client_socket.h"
[email protected]e772db3f2010-07-12 18:11:13[diff] [blame]43#include "net/http/http_proxy_client_socket_pool.h"
[email protected]270c6412010-03-29 22:02:47[diff] [blame]44#include "net/http/http_request_headers.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]45#include "net/http/http_request_info.h"
[email protected]319d9e6f2009-02-18 19:47:21[diff] [blame]46#include "net/http/http_response_headers.h"
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]47#include "net/http/http_response_info.h"
[email protected]17291a022011-10-10 07:32:53[diff] [blame]48#include "net/http/http_server_properties.h"
[email protected]9094b602012-02-27 21:44:58[diff] [blame]49#include "net/http/http_status_code.h"
yhiranoa7e05bb2014-11-06 05:40:39[diff] [blame]50#include "net/http/http_stream.h"
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]51#include "net/http/http_stream_factory.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]52#include "net/http/http_util.h"
[email protected]158ac972013-04-19 23:29:23[diff] [blame]53#include "net/http/transport_security_state.h"
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]54#include "net/http/url_security_manager.h"
[email protected]f7984fc62009-06-22 23:26:44[diff] [blame]55#include "net/socket/client_socket_factory.h"
[email protected]a796bcec2010-03-22 17:17:26[diff] [blame]56#include "net/socket/socks_client_socket_pool.h"
[email protected]f7984fc62009-06-22 23:26:44[diff] [blame]57#include "net/socket/ssl_client_socket.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]58#include "net/socket/ssl_client_socket_pool.h"
[email protected]ab739042011-04-07 15:22:28[diff] [blame]59#include "net/socket/transport_client_socket_pool.h"
[email protected]65d56aa2010-06-14 04:13:40[diff] [blame]60#include "net/spdy/spdy_http_stream.h"
[email protected]dab9c7d2010-02-06 21:44:32[diff] [blame]61#include "net/spdy/spdy_session.h"
62#include "net/spdy/spdy_session_pool.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]63#include "net/ssl/ssl_cert_request_info.h"
64#include "net/ssl/ssl_connection_status_flags.h"
svaldez7872fd02015-11-19 21:10:54[diff] [blame]65#include "net/ssl/ssl_private_key.h"
nharperb7441ef2016-01-25 23:54:14[diff] [blame]66#include "net/ssl/token_binding.h"
[email protected]f89276a72013-07-12 06:41:54[diff] [blame]67#include "url/gurl.h"
[email protected]e69c1cd2014-07-29 07:42:29[diff] [blame]68#include "url/url_canon.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]69
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]70namespace net {
71
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]72namespace {
73
danakj1fd259a02016-04-16 03:17:09[diff] [blame^]74std::unique_ptr<base::Value> NetLogSSLVersionFallbackCallback(
[email protected]ea5ef4c2013-06-13 22:50:27[diff] [blame]75 const GURL* url,
76 int net_error,
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]77 SSLFailureState ssl_failure_state,
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]78 uint16_t version_before,
79 uint16_t version_after,
eroman001c3742015-04-23 03:11:17[diff] [blame]80 NetLogCaptureMode /* capture_mode */) {
danakj1fd259a02016-04-16 03:17:09[diff] [blame^]81 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
[email protected]b6754252012-06-13 23:14:38[diff] [blame]82 dict->SetString("host_and_port", GetHostAndPort(*url));
83 dict->SetInteger("net_error", net_error);
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]84 dict->SetInteger("ssl_failure_state", ssl_failure_state);
[email protected]b6754252012-06-13 23:14:38[diff] [blame]85 dict->SetInteger("version_before", version_before);
86 dict->SetInteger("version_after", version_after);
dchengc7eeda422015-12-26 03:56:48[diff] [blame]87 return std::move(dict);
[email protected]b6754252012-06-13 23:14:38[diff] [blame]88}
[email protected]db74b0102012-05-31 19:55:53[diff] [blame]89
danakj1fd259a02016-04-16 03:17:09[diff] [blame^]90std::unique_ptr<base::Value> NetLogSSLCipherFallbackCallback(
eroman001c3742015-04-23 03:11:17[diff] [blame]91 const GURL* url,
92 int net_error,
93 NetLogCaptureMode /* capture_mode */) {
danakj1fd259a02016-04-16 03:17:09[diff] [blame^]94 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
davidbena4c9d062015-04-03 22:34:25[diff] [blame]95 dict->SetString("host_and_port", GetHostAndPort(*url));
96 dict->SetInteger("net_error", net_error);
dchengc7eeda422015-12-26 03:56:48[diff] [blame]97 return std::move(dict);
davidbena4c9d062015-04-03 22:34:25[diff] [blame]98}
99
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]100} // namespace
101
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]102//-----------------------------------------------------------------------------
103
[email protected]262eec82013-03-19 21:01:36[diff] [blame]104HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
105 HttpNetworkSession* session)
[email protected]0757e7702009-03-27 04:00:22[diff] [blame]106 : pending_auth_target_(HttpAuth::AUTH_NONE),
[email protected]aa249b52013-04-30 01:04:32[diff] [blame]107 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete,
108 base::Unretained(this))),
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]109 session_(session),
110 request_(NULL),
[email protected]262eec82013-03-19 21:01:36[diff] [blame]111 priority_(priority),
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]112 headers_valid_(false),
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]113 server_ssl_failure_state_(SSL_FAILURE_NONE),
[email protected]a53e4d12013-12-07 16:37:24[diff] [blame]114 fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK),
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]115 fallback_failure_state_(SSL_FAILURE_NONE),
[email protected]b94f92d2010-10-27 16:45:20[diff] [blame]116 request_headers_(),
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]117 read_buf_len_(0),
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]118 total_received_bytes_(0),
sclittlefb249892015-09-10 21:33:22[diff] [blame]119 total_sent_bytes_(0),
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]120 next_state_(STATE_NONE),
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]121 establishing_tunnel_(false),
zhongyi48704c182015-12-07 07:52:02[diff] [blame]122 websocket_handshake_stream_base_create_helper_(NULL),
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]123 net_error_details_() {
[email protected]102957f2011-09-02 17:10:14[diff] [blame]124 session->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
bnc1f295372015-10-21 23:24:22[diff] [blame]125 session->GetAlpnProtos(&server_ssl_config_.alpn_protos);
126 session->GetNpnProtos(&server_ssl_config_.npn_protos);
[email protected]99ffa5a2011-10-06 04:20:19[diff] [blame]127 proxy_ssl_config_ = server_ssl_config_;
[email protected]3ce7df0f2010-03-03 00:30:50[diff] [blame]128}
129
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]130HttpNetworkTransaction::~HttpNetworkTransaction() {
131 if (stream_.get()) {
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]132 // TODO(mbelshe): The stream_ should be able to compute whether or not the
133 // stream should be kept alive. No reason to compute here
134 // and pass it in.
mmenkebd84c392015-09-02 14:12:34[diff] [blame]135 if (!stream_->CanReuseConnection() || next_state_ != STATE_NONE) {
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]136 stream_->Close(true /* not reusable */);
mmenkebd84c392015-09-02 14:12:34[diff] [blame]137 } else if (stream_->IsResponseBodyComplete()) {
138 // If the response body is complete, we can just reuse the socket.
139 stream_->Close(false /* reusable */);
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]140 } else {
mmenkebd84c392015-09-02 14:12:34[diff] [blame]141 // Otherwise, we try to drain the response body.
142 HttpStream* stream = stream_.release();
143 stream->Drain(session_);
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]144 }
145 }
[email protected]02cad5d2013-10-02 08:14:03[diff] [blame]146
147 if (request_ && request_->upload_data_stream)
148 request_->upload_data_stream->Reset(); // Invalidate pending callbacks.
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]149}
150
[email protected]684970b2009-08-14 04:54:46[diff] [blame]151int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]152 const CompletionCallback& callback,
[email protected]9e743cd2010-03-16 07:03:53[diff] [blame]153 const BoundNetLog& net_log) {
[email protected]9e743cd2010-03-16 07:03:53[diff] [blame]154 net_log_ = net_log;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]155 request_ = request_info;
156
[email protected]99ffa5a2011-10-06 04:20:19[diff] [blame]157 if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) {
[email protected]102957f2011-09-02 17:10:14[diff] [blame]158 server_ssl_config_.rev_checking_enabled = false;
[email protected]99ffa5a2011-10-06 04:20:19[diff] [blame]159 proxy_ssl_config_.rev_checking_enabled = false;
160 }
[email protected]6fbac162011-06-20 00:29:04[diff] [blame]161
jkarlinfb1d5172015-01-12 14:10:29[diff] [blame]162 if (request_->load_flags & LOAD_PREFETCH)
163 response_.unused_since_prefetch = true;
164
[email protected]1ea4f46a2014-04-22 22:33:56[diff] [blame]165 // Channel ID is disabled if privacy mode is enabled for this request.
nharper2fa640082016-04-06 20:15:01[diff] [blame]166 if (request_->privacy_mode == PRIVACY_MODE_ENABLED) {
[email protected]66eeb52e2014-05-22 06:53:49[diff] [blame]167 server_ssl_config_.channel_id_enabled = false;
nharper2fa640082016-04-06 20:15:01[diff] [blame]168 } else if (session_->params().enable_token_binding &&
169 session_->params().channel_id_service) {
nharperb7441ef2016-01-25 23:54:14[diff] [blame]170 server_ssl_config_.token_binding_params.push_back(TB_PARAM_ECDSAP256);
171 }
172
[email protected]1826a402014-01-08 15:40:48[diff] [blame]173 next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]174 int rv = DoLoop(OK);
175 if (rv == ERR_IO_PENDING)
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]176 callback_ = callback;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]177 return rv;
178}
179
180int HttpNetworkTransaction::RestartIgnoringLastError(
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]181 const CompletionCallback& callback) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]182 DCHECK(!stream_.get());
183 DCHECK(!stream_request_.get());
184 DCHECK_EQ(STATE_NONE, next_state_);
185
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]186 next_state_ = STATE_CREATE_STREAM;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]187
[email protected]ccb40e52008-09-17 20:54:40[diff] [blame]188 int rv = DoLoop(OK);
189 if (rv == ERR_IO_PENDING)
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]190 callback_ = callback;
[email protected]aaead502008-10-15 00:20:11[diff] [blame]191 return rv;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]192}
193
[email protected]0b45559b2009-06-12 21:45:11[diff] [blame]194int HttpNetworkTransaction::RestartWithCertificate(
svaldez7872fd02015-11-19 21:10:54[diff] [blame]195 X509Certificate* client_cert,
196 SSLPrivateKey* client_private_key,
197 const CompletionCallback& callback) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]198 // In HandleCertificateRequest(), we always tear down existing stream
199 // requests to force a new connection. So we shouldn't have one here.
200 DCHECK(!stream_request_.get());
201 DCHECK(!stream_.get());
202 DCHECK_EQ(STATE_NONE, next_state_);
203
[email protected]102957f2011-09-02 17:10:14[diff] [blame]204 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
205 &proxy_ssl_config_ : &server_ssl_config_;
206 ssl_config->send_client_cert = true;
207 ssl_config->client_cert = client_cert;
svaldez7872fd02015-11-19 21:10:54[diff] [blame]208 ssl_config->client_private_key = client_private_key;
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]209 session_->ssl_client_auth_cache()->Add(
svaldez7872fd02015-11-19 21:10:54[diff] [blame]210 response_.cert_request_info->host_and_port, client_cert,
211 client_private_key);
[email protected]0b45559b2009-06-12 21:45:11[diff] [blame]212 // Reset the other member variables.
213 // Note: this is necessary only with SSL renegotiation.
214 ResetStateForRestart();
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]215 next_state_ = STATE_CREATE_STREAM;
[email protected]0b45559b2009-06-12 21:45:11[diff] [blame]216 int rv = DoLoop(OK);
217 if (rv == ERR_IO_PENDING)
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]218 callback_ = callback;
[email protected]0b45559b2009-06-12 21:45:11[diff] [blame]219 return rv;
220}
221
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]222int HttpNetworkTransaction::RestartWithAuth(
223 const AuthCredentials& credentials, const CompletionCallback& callback) {
[email protected]0757e7702009-03-27 04:00:22[diff] [blame]224 HttpAuth::Target target = pending_auth_target_;
225 if (target == HttpAuth::AUTH_NONE) {
226 NOTREACHED();
227 return ERR_UNEXPECTED;
228 }
[email protected]0757e7702009-03-27 04:00:22[diff] [blame]229 pending_auth_target_ = HttpAuth::AUTH_NONE;
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]230
[email protected]f3cf9802011-10-28 18:44:58[diff] [blame]231 auth_controllers_[target]->ResetAuth(credentials);
[email protected]e772db3f2010-07-12 18:11:13[diff] [blame]232
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]233 DCHECK(callback_.is_null());
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]234
235 int rv = OK;
236 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) {
237 // In this case, we've gathered credentials for use with proxy
238 // authentication of a tunnel.
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]239 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]240 DCHECK(stream_request_ != NULL);
[email protected]394816e92010-08-03 07:38:59[diff] [blame]241 auth_controllers_[target] = NULL;
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]242 ResetStateForRestart();
[email protected]f3cf9802011-10-28 18:44:58[diff] [blame]243 rv = stream_request_->RestartTunnelWithProxyAuth(credentials);
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]244 } else {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]245 // In this case, we've gathered credentials for the server or the proxy
246 // but it is not during the tunneling phase.
247 DCHECK(stream_request_ == NULL);
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]248 PrepareForAuthRestart(target);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]249 rv = DoLoop(OK);
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]250 }
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]251
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]252 if (rv == ERR_IO_PENDING)
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]253 callback_ = callback;
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]254 return rv;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]255}
256
[email protected]f9ee6b52008-11-08 06:46:23[diff] [blame]257void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) {
258 DCHECK(HaveAuth(target));
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]259 DCHECK(!stream_request_.get());
260
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]261 bool keep_alive = false;
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]262 // Even if the server says the connection is keep-alive, we have to be
263 // able to find the end of each response in order to reuse the connection.
mmenkebd84c392015-09-02 14:12:34[diff] [blame]264 if (stream_->CanReuseConnection()) {
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]265 // If the response body hasn't been completely read, we need to drain
266 // it first.
[email protected]351ab642010-08-05 16:55:31[diff] [blame]267 if (!stream_->IsResponseBodyComplete()) {
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]268 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]269 read_buf_ = new IOBuffer(kDrainBodyBufferSize); // A bit bucket.
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]270 read_buf_len_ = kDrainBodyBufferSize;
271 return;
272 }
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]273 keep_alive = true;
[email protected]37832c6d2009-06-05 19:44:09[diff] [blame]274 }
275
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]276 // We don't need to drain the response body, so we act as if we had drained
277 // the response body.
278 DidDrainBodyForAuthRestart(keep_alive);
279}
280
281void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]282 DCHECK(!stream_request_.get());
283
284 if (stream_.get()) {
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]285 total_received_bytes_ += stream_->GetTotalReceivedBytes();
sclittlefb249892015-09-10 21:33:22[diff] [blame]286 total_sent_bytes_ += stream_->GetTotalSentBytes();
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]287 HttpStream* new_stream = NULL;
mmenkebd84c392015-09-02 14:12:34[diff] [blame]288 if (keep_alive && stream_->CanReuseConnection()) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]289 // We should call connection_->set_idle_time(), but this doesn't occur
290 // often enough to be worth the trouble.
291 stream_->SetConnectionReused();
yhiranoa7e05bb2014-11-06 05:40:39[diff] [blame]292 new_stream = stream_->RenewStreamForAuth();
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]293 }
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]294
295 if (!new_stream) {
[email protected]2d0a4f92011-05-05 16:38:46[diff] [blame]296 // Close the stream and mark it as not_reusable. Even in the
297 // keep_alive case, we've determined that the stream_ is not
298 // reusable if new_stream is NULL.
299 stream_->Close(true);
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]300 next_state_ = STATE_CREATE_STREAM;
301 } else {
sclittlefb249892015-09-10 21:33:22[diff] [blame]302 // Renewed streams shouldn't carry over sent or received bytes.
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]303 DCHECK_EQ(0, new_stream->GetTotalReceivedBytes());
sclittlefb249892015-09-10 21:33:22[diff] [blame]304 DCHECK_EQ(0, new_stream->GetTotalSentBytes());
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]305 next_state_ = STATE_INIT_STREAM;
306 }
307 stream_.reset(new_stream);
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]308 }
[email protected]f9ee6b52008-11-08 06:46:23[diff] [blame]309
310 // Reset the other member variables.
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]311 ResetStateForAuthRestart();
[email protected]f9ee6b52008-11-08 06:46:23[diff] [blame]312}
313
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]314bool HttpNetworkTransaction::IsReadyToRestartForAuth() {
315 return pending_auth_target_ != HttpAuth::AUTH_NONE &&
316 HaveAuth(pending_auth_target_);
317}
318
[email protected]9dea9e1f2009-01-29 00:30:47[diff] [blame]319int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len,
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]320 const CompletionCallback& callback) {
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]321 DCHECK(buf);
[email protected]e0c27be2009-07-15 13:09:35[diff] [blame]322 DCHECK_LT(0, buf_len);
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]323
[email protected]1f14a912009-12-21 20:32:44[diff] [blame]324 State next_state = STATE_NONE;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]325
[email protected]ad8e04a2010-11-01 04:16:27[diff] [blame]326 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]327 if (headers_valid_ && headers.get() && stream_request_.get()) {
[email protected]8a1f3312010-05-25 19:25:04[diff] [blame]328 // We're trying to read the body of the response but we're still trying
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]329 // to establish an SSL tunnel through an HTTP proxy. We can't read these
[email protected]8a1f3312010-05-25 19:25:04[diff] [blame]330 // bytes when establishing a tunnel because they might be controlled by
331 // an active network attacker. We don't worry about this for HTTP
332 // because an active network attacker can already control HTTP sessions.
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]333 // We reach this case when the user cancels a 407 proxy auth prompt. We
334 // also don't worry about this for an HTTPS Proxy, because the
335 // communication with the proxy is secure.
[email protected]8a1f3312010-05-25 19:25:04[diff] [blame]336 // See http://crbug.com/8473.
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]337 DCHECK(proxy_info_.is_http() || proxy_info_.is_https());
[email protected]9094b602012-02-27 21:44:58[diff] [blame]338 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED);
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]339 LOG(WARNING) << "Blocked proxy response with status "
340 << headers->response_code() << " to CONNECT request for "
341 << GetHostAndPort(request_->url) << ".";
[email protected]8a1f3312010-05-25 19:25:04[diff] [blame]342 return ERR_TUNNEL_CONNECTION_FAILED;
[email protected]a8e9b162009-03-12 00:06:44[diff] [blame]343 }
344
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]345 // Are we using SPDY or HTTP?
[email protected]351ab642010-08-05 16:55:31[diff] [blame]346 next_state = STATE_READ_BODY;
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]347
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]348 read_buf_ = buf;
349 read_buf_len_ = buf_len;
350
[email protected]1f14a912009-12-21 20:32:44[diff] [blame]351 next_state_ = next_state;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]352 int rv = DoLoop(OK);
353 if (rv == ERR_IO_PENDING)
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]354 callback_ = callback;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]355 return rv;
356}
357
[email protected]8cd06c02014-01-25 07:50:14[diff] [blame]358void HttpNetworkTransaction::StopCaching() {}
359
[email protected]79e1fd62013-06-20 06:50:04[diff] [blame]360bool HttpNetworkTransaction::GetFullRequestHeaders(
361 HttpRequestHeaders* headers) const {
362 // TODO(ttuttle): Make sure we've populated request_headers_.
363 *headers = request_headers_;
364 return true;
365}
366
sclittle4de1bab92015-09-22 21:28:24[diff] [blame]367int64_t HttpNetworkTransaction::GetTotalReceivedBytes() const {
368 int64_t total_received_bytes = total_received_bytes_;
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]369 if (stream_)
370 total_received_bytes += stream_->GetTotalReceivedBytes();
371 return total_received_bytes;
372}
373
sclittlefb249892015-09-10 21:33:22[diff] [blame]374int64_t HttpNetworkTransaction::GetTotalSentBytes() const {
375 int64_t total_sent_bytes = total_sent_bytes_;
376 if (stream_)
377 total_sent_bytes += stream_->GetTotalSentBytes();
378 return total_sent_bytes;
379}
380
[email protected]8cd06c02014-01-25 07:50:14[diff] [blame]381void HttpNetworkTransaction::DoneReading() {}
382
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]383const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const {
ttuttlec0c828492015-05-15 01:25:55[diff] [blame]384 return &response_;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]385}
386
387LoadState HttpNetworkTransaction::GetLoadState() const {
388 // TODO(wtc): Define a new LoadState value for the
389 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request.
390 switch (next_state_) {
[email protected]1826a402014-01-08 15:40:48[diff] [blame]391 case STATE_CREATE_STREAM:
392 return LOAD_STATE_WAITING_FOR_DELEGATE;
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]393 case STATE_CREATE_STREAM_COMPLETE:
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]394 return stream_request_->GetLoadState();
[email protected]044de0642010-06-17 10:42:15[diff] [blame]395 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
396 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]397 case STATE_SEND_REQUEST_COMPLETE:
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]398 return LOAD_STATE_SENDING_REQUEST;
399 case STATE_READ_HEADERS_COMPLETE:
400 return LOAD_STATE_WAITING_FOR_RESPONSE;
401 case STATE_READ_BODY_COMPLETE:
402 return LOAD_STATE_READING_RESPONSE;
403 default:
404 return LOAD_STATE_IDLE;
405 }
406}
407
[email protected]196d18a2012-08-30 03:47:31[diff] [blame]408UploadProgress HttpNetworkTransaction::GetUploadProgress() const {
[email protected]351ab642010-08-05 16:55:31[diff] [blame]409 if (!stream_.get())
[email protected]196d18a2012-08-30 03:47:31[diff] [blame]410 return UploadProgress();
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]411
yhiranoa7e05bb2014-11-06 05:40:39[diff] [blame]412 return stream_->GetUploadProgress();
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]413}
414
[email protected]8cd06c02014-01-25 07:50:14[diff] [blame]415void HttpNetworkTransaction::SetQuicServerInfo(
416 QuicServerInfo* quic_server_info) {}
417
[email protected]5033ab82013-03-22 20:17:46[diff] [blame]418bool HttpNetworkTransaction::GetLoadTimingInfo(
419 LoadTimingInfo* load_timing_info) const {
420 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info))
421 return false;
422
423 load_timing_info->proxy_resolve_start =
424 proxy_info_.proxy_resolve_start_time();
425 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time();
426 load_timing_info->send_start = send_start_time_;
427 load_timing_info->send_end = send_end_time_;
[email protected]5033ab82013-03-22 20:17:46[diff] [blame]428 return true;
429}
430
ttuttled9dbc652015-09-29 20:00:59[diff] [blame]431bool HttpNetworkTransaction::GetRemoteEndpoint(IPEndPoint* endpoint) const {
432 if (!remote_endpoint_.address().size())
433 return false;
434
435 *endpoint = remote_endpoint_;
436 return true;
437}
438
zhongyi48704c182015-12-07 07:52:02[diff] [blame]439void HttpNetworkTransaction::PopulateNetErrorDetails(
440 NetErrorDetails* details) const {
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]441 *details = net_error_details_;
442 if (stream_)
443 stream_->PopulateNetErrorDetails(details);
zhongyi48704c182015-12-07 07:52:02[diff] [blame]444}
445
[email protected]5033ab82013-03-22 20:17:46[diff] [blame]446void HttpNetworkTransaction::SetPriority(RequestPriority priority) {
447 priority_ = priority;
[email protected]bf828982013-08-14 18:01:47[diff] [blame]448 if (stream_request_)
449 stream_request_->SetPriority(priority);
[email protected]e86839fd2013-08-14 18:29:03[diff] [blame]450 if (stream_)
451 stream_->SetPriority(priority);
[email protected]5033ab82013-03-22 20:17:46[diff] [blame]452}
453
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]454void HttpNetworkTransaction::SetWebSocketHandshakeStreamCreateHelper(
455 WebSocketHandshakeStreamBase::CreateHelper* create_helper) {
456 websocket_handshake_stream_base_create_helper_ = create_helper;
457}
458
[email protected]1826a402014-01-08 15:40:48[diff] [blame]459void HttpNetworkTransaction::SetBeforeNetworkStartCallback(
460 const BeforeNetworkStartCallback& callback) {
461 before_network_start_callback_ = callback;
462}
463
[email protected]597a1ab2014-06-26 08:12:27[diff] [blame]464void HttpNetworkTransaction::SetBeforeProxyHeadersSentCallback(
465 const BeforeProxyHeadersSentCallback& callback) {
466 before_proxy_headers_sent_callback_ = callback;
467}
468
[email protected]1826a402014-01-08 15:40:48[diff] [blame]469int HttpNetworkTransaction::ResumeNetworkStart() {
470 DCHECK_EQ(next_state_, STATE_CREATE_STREAM);
471 return DoLoop(OK);
472}
473
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]474void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
475 const ProxyInfo& used_proxy_info,
yhiranoa7e05bb2014-11-06 05:40:39[diff] [blame]476 HttpStream* stream) {
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]477 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]478 DCHECK(stream_request_.get());
479
sclittlefb249892015-09-10 21:33:22[diff] [blame]480 if (stream_) {
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]481 total_received_bytes_ += stream_->GetTotalReceivedBytes();
sclittlefb249892015-09-10 21:33:22[diff] [blame]482 total_sent_bytes_ += stream_->GetTotalSentBytes();
483 }
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]484 stream_.reset(stream);
[email protected]102957f2011-09-02 17:10:14[diff] [blame]485 server_ssl_config_ = used_ssl_config;
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]486 proxy_info_ = used_proxy_info;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]487 response_.was_npn_negotiated = stream_request_->was_npn_negotiated();
[email protected]c30bcce2011-12-20 17:50:51[diff] [blame]488 response_.npn_negotiated_protocol = SSLClientSocket::NextProtoToString(
489 stream_request_->protocol_negotiated());
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]490 response_.was_fetched_via_spdy = stream_request_->using_spdy();
491 response_.was_fetched_via_proxy = !proxy_info_.is_direct();
[email protected]d8fc4722014-06-13 13:17:15[diff] [blame]492 if (response_.was_fetched_via_proxy && !proxy_info_.is_empty())
493 response_.proxy_server = proxy_info_.proxy_server().host_port_pair();
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]494 OnIOComplete(OK);
495}
496
xunjieli5749218c2016-03-22 16:43:06[diff] [blame]497void HttpNetworkTransaction::OnBidirectionalStreamImplReady(
xunjieli11834f02015-12-22 04:27:08[diff] [blame]498 const SSLConfig& used_ssl_config,
499 const ProxyInfo& used_proxy_info,
xunjieli5749218c2016-03-22 16:43:06[diff] [blame]500 BidirectionalStreamImpl* stream) {
xunjieli11834f02015-12-22 04:27:08[diff] [blame]501 NOTREACHED();
502}
503
[email protected]a9cf2b92013-10-30 12:08:49[diff] [blame]504void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady(
[email protected]3732cea2013-06-21 06:50:50[diff] [blame]505 const SSLConfig& used_ssl_config,
506 const ProxyInfo& used_proxy_info,
[email protected]a9cf2b92013-10-30 12:08:49[diff] [blame]507 WebSocketHandshakeStreamBase* stream) {
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]508 OnStreamReady(used_ssl_config, used_proxy_info, stream);
[email protected]3732cea2013-06-21 06:50:50[diff] [blame]509}
510
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]511void HttpNetworkTransaction::OnStreamFailed(int result,
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]512 const SSLConfig& used_ssl_config,
513 SSLFailureState ssl_failure_state) {
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]514 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]515 DCHECK_NE(OK, result);
516 DCHECK(stream_request_.get());
517 DCHECK(!stream_.get());
[email protected]102957f2011-09-02 17:10:14[diff] [blame]518 server_ssl_config_ = used_ssl_config;
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]519 server_ssl_failure_state_ = ssl_failure_state;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]520
521 OnIOComplete(result);
522}
523
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]524void HttpNetworkTransaction::OnCertificateError(
525 int result,
526 const SSLConfig& used_ssl_config,
527 const SSLInfo& ssl_info) {
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]528 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]529 DCHECK_NE(OK, result);
530 DCHECK(stream_request_.get());
531 DCHECK(!stream_.get());
532
533 response_.ssl_info = ssl_info;
[email protected]102957f2011-09-02 17:10:14[diff] [blame]534 server_ssl_config_ = used_ssl_config;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]535
536 // TODO(mbelshe): For now, we're going to pass the error through, and that
537 // will close the stream_request in all cases. This means that we're always
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]538 // going to restart an entire STATE_CREATE_STREAM, even if the connection is
539 // good and the user chooses to ignore the error. This is not ideal, but not
540 // the end of the world either.
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]541
542 OnIOComplete(result);
543}
544
545void HttpNetworkTransaction::OnNeedsProxyAuth(
[email protected]6dc476da2010-09-01 04:43:50[diff] [blame]546 const HttpResponseInfo& proxy_response,
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]547 const SSLConfig& used_ssl_config,
548 const ProxyInfo& used_proxy_info,
[email protected]6dc476da2010-09-01 04:43:50[diff] [blame]549 HttpAuthController* auth_controller) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]550 DCHECK(stream_request_.get());
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]551 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]552
553 establishing_tunnel_ = true;
554 response_.headers = proxy_response.headers;
555 response_.auth_challenge = proxy_response.auth_challenge;
556 headers_valid_ = true;
[email protected]102957f2011-09-02 17:10:14[diff] [blame]557 server_ssl_config_ = used_ssl_config;
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]558 proxy_info_ = used_proxy_info;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]559
560 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
561 pending_auth_target_ = HttpAuth::AUTH_PROXY;
562
563 DoCallback(OK);
564}
565
566void HttpNetworkTransaction::OnNeedsClientAuth(
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]567 const SSLConfig& used_ssl_config,
[email protected]6dc476da2010-09-01 04:43:50[diff] [blame]568 SSLCertRequestInfo* cert_info) {
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]569 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]570
[email protected]102957f2011-09-02 17:10:14[diff] [blame]571 server_ssl_config_ = used_ssl_config;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]572 response_.cert_request_info = cert_info;
[email protected]65a3b912010-08-21 05:46:58[diff] [blame]573 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]574}
575
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]576void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
577 const HttpResponseInfo& response_info,
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]578 const SSLConfig& used_ssl_config,
579 const ProxyInfo& used_proxy_info,
yhiranoa7e05bb2014-11-06 05:40:39[diff] [blame]580 HttpStream* stream) {
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]581 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
582
ttuttle1f2d7e92015-04-28 16:17:47[diff] [blame]583 CopyConnectionAttemptsFromStreamRequest();
584
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]585 headers_valid_ = true;
586 response_ = response_info;
[email protected]102957f2011-09-02 17:10:14[diff] [blame]587 server_ssl_config_ = used_ssl_config;
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]588 proxy_info_ = used_proxy_info;
sclittlefb249892015-09-10 21:33:22[diff] [blame]589 if (stream_) {
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]590 total_received_bytes_ += stream_->GetTotalReceivedBytes();
sclittlefb249892015-09-10 21:33:22[diff] [blame]591 total_sent_bytes_ += stream_->GetTotalSentBytes();
592 }
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]593 stream_.reset(stream);
594 stream_request_.reset(); // we're done with the stream request
595 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
596}
597
zhongyi48704c182015-12-07 07:52:02[diff] [blame]598void HttpNetworkTransaction::OnQuicBroken() {
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]599 net_error_details_.quic_broken = true;
zhongyi48704c182015-12-07 07:52:02[diff] [blame]600}
601
ttuttle1f2d7e92015-04-28 16:17:47[diff] [blame]602void HttpNetworkTransaction::GetConnectionAttempts(
603 ConnectionAttempts* out) const {
604 *out = connection_attempts_;
605}
606
Adam Ricecb76ac62015-02-20 05:33:25[diff] [blame]607bool HttpNetworkTransaction::IsSecureRequest() const {
lgarrona774b922015-05-14 22:56:37[diff] [blame]608 return request_->url.SchemeIsCryptographic();
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]609}
610
nharperb7441ef2016-01-25 23:54:14[diff] [blame]611bool HttpNetworkTransaction::IsTokenBindingEnabled() const {
612 if (!IsSecureRequest())
613 return false;
614 SSLInfo ssl_info;
615 stream_->GetSSLInfo(&ssl_info);
616 return ssl_info.token_binding_negotiated &&
617 ssl_info.token_binding_key_param == TB_PARAM_ECDSAP256 &&
618 session_->params().channel_id_service;
619}
620
621void HttpNetworkTransaction::RecordTokenBindingSupport() const {
622 // This enum is used for an UMA histogram - do not change or re-use values.
623 enum {
624 DISABLED = 0,
625 CLIENT_ONLY = 1,
626 CLIENT_AND_SERVER = 2,
627 CLIENT_NO_CHANNEL_ID_SERVICE = 3,
628 TOKEN_BINDING_SUPPORT_MAX
629 } supported;
630 if (!IsSecureRequest())
631 return;
632 SSLInfo ssl_info;
633 stream_->GetSSLInfo(&ssl_info);
634 if (!session_->params().enable_token_binding) {
635 supported = DISABLED;
636 } else if (!session_->params().channel_id_service) {
637 supported = CLIENT_NO_CHANNEL_ID_SERVICE;
638 } else if (ssl_info.token_binding_negotiated) {
639 supported = CLIENT_AND_SERVER;
640 } else {
641 supported = CLIENT_ONLY;
642 }
643 UMA_HISTOGRAM_ENUMERATION("Net.TokenBinding.Support", supported,
644 TOKEN_BINDING_SUPPORT_MAX);
645}
646
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]647bool HttpNetworkTransaction::UsingHttpProxyWithoutTunnel() const {
tbansal7cec3812015-02-05 21:25:12[diff] [blame]648 return (proxy_info_.is_http() || proxy_info_.is_https() ||
649 proxy_info_.is_quic()) &&
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]650 !(request_->url.SchemeIs("https") || request_->url.SchemeIsWSOrWSS());
651}
652
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]653void HttpNetworkTransaction::DoCallback(int rv) {
[email protected]0b0bf032010-09-21 18:08:50[diff] [blame]654 DCHECK_NE(rv, ERR_IO_PENDING);
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]655 DCHECK(!callback_.is_null());
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]656
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]657 // Since Run may result in Read being called, clear user_callback_ up front.
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]658 CompletionCallback c = callback_;
659 callback_.Reset();
660 c.Run(rv);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]661}
662
663void HttpNetworkTransaction::OnIOComplete(int result) {
664 int rv = DoLoop(result);
665 if (rv != ERR_IO_PENDING)
666 DoCallback(rv);
667}
668
669int HttpNetworkTransaction::DoLoop(int result) {
670 DCHECK(next_state_ != STATE_NONE);
671
672 int rv = result;
673 do {
674 State state = next_state_;
675 next_state_ = STATE_NONE;
676 switch (state) {
[email protected]1826a402014-01-08 15:40:48[diff] [blame]677 case STATE_NOTIFY_BEFORE_CREATE_STREAM:
678 DCHECK_EQ(OK, rv);
679 rv = DoNotifyBeforeCreateStream();
680 break;
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]681 case STATE_CREATE_STREAM:
682 DCHECK_EQ(OK, rv);
683 rv = DoCreateStream();
684 break;
685 case STATE_CREATE_STREAM_COMPLETE:
686 rv = DoCreateStreamComplete(rv);
687 break;
[email protected]351ab642010-08-05 16:55:31[diff] [blame]688 case STATE_INIT_STREAM:
689 DCHECK_EQ(OK, rv);
690 rv = DoInitStream();
691 break;
692 case STATE_INIT_STREAM_COMPLETE:
693 rv = DoInitStreamComplete(rv);
694 break;
[email protected]044de0642010-06-17 10:42:15[diff] [blame]695 case STATE_GENERATE_PROXY_AUTH_TOKEN:
696 DCHECK_EQ(OK, rv);
697 rv = DoGenerateProxyAuthToken();
698 break;
699 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
700 rv = DoGenerateProxyAuthTokenComplete(rv);
701 break;
702 case STATE_GENERATE_SERVER_AUTH_TOKEN:
703 DCHECK_EQ(OK, rv);
704 rv = DoGenerateServerAuthToken();
705 break;
706 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
707 rv = DoGenerateServerAuthTokenComplete(rv);
708 break;
nharperd6e65822016-03-30 23:05:48[diff] [blame]709 case STATE_GET_PROVIDED_TOKEN_BINDING_KEY:
nharperb7441ef2016-01-25 23:54:14[diff] [blame]710 DCHECK_EQ(OK, rv);
nharperd6e65822016-03-30 23:05:48[diff] [blame]711 rv = DoGetProvidedTokenBindingKey();
nharperb7441ef2016-01-25 23:54:14[diff] [blame]712 break;
nharperd6e65822016-03-30 23:05:48[diff] [blame]713 case STATE_GET_PROVIDED_TOKEN_BINDING_KEY_COMPLETE:
714 rv = DoGetProvidedTokenBindingKeyComplete(rv);
715 break;
716 case STATE_GET_REFERRED_TOKEN_BINDING_KEY:
717 DCHECK_EQ(OK, rv);
718 rv = DoGetReferredTokenBindingKey();
719 break;
720 case STATE_GET_REFERRED_TOKEN_BINDING_KEY_COMPLETE:
721 rv = DoGetReferredTokenBindingKeyComplete(rv);
nharperb7441ef2016-01-25 23:54:14[diff] [blame]722 break;
[email protected]daddea62012-09-19 05:51:13[diff] [blame]723 case STATE_INIT_REQUEST_BODY:
724 DCHECK_EQ(OK, rv);
725 rv = DoInitRequestBody();
726 break;
727 case STATE_INIT_REQUEST_BODY_COMPLETE:
728 rv = DoInitRequestBodyComplete(rv);
729 break;
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]730 case STATE_BUILD_REQUEST:
[email protected]725355a2009-03-25 20:42:55[diff] [blame]731 DCHECK_EQ(OK, rv);
[email protected]b6754252012-06-13 23:14:38[diff] [blame]732 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST);
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]733 rv = DoBuildRequest();
734 break;
735 case STATE_BUILD_REQUEST_COMPLETE:
736 rv = DoBuildRequestComplete(rv);
737 break;
738 case STATE_SEND_REQUEST:
739 DCHECK_EQ(OK, rv);
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]740 rv = DoSendRequest();
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]741 break;
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]742 case STATE_SEND_REQUEST_COMPLETE:
743 rv = DoSendRequestComplete(rv);
[email protected]d7fd1782011-02-08 19:16:43[diff] [blame]744 net_log_.EndEventWithNetErrorCode(
745 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]746 break;
747 case STATE_READ_HEADERS:
[email protected]725355a2009-03-25 20:42:55[diff] [blame]748 DCHECK_EQ(OK, rv);
[email protected]b6754252012-06-13 23:14:38[diff] [blame]749 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]750 rv = DoReadHeaders();
751 break;
752 case STATE_READ_HEADERS_COMPLETE:
753 rv = DoReadHeadersComplete(rv);
[email protected]d7fd1782011-02-08 19:16:43[diff] [blame]754 net_log_.EndEventWithNetErrorCode(
755 NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]756 break;
757 case STATE_READ_BODY:
[email protected]725355a2009-03-25 20:42:55[diff] [blame]758 DCHECK_EQ(OK, rv);
[email protected]b6754252012-06-13 23:14:38[diff] [blame]759 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]760 rv = DoReadBody();
761 break;
762 case STATE_READ_BODY_COMPLETE:
763 rv = DoReadBodyComplete(rv);
[email protected]d7fd1782011-02-08 19:16:43[diff] [blame]764 net_log_.EndEventWithNetErrorCode(
765 NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]766 break;
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]767 case STATE_DRAIN_BODY_FOR_AUTH_RESTART:
[email protected]725355a2009-03-25 20:42:55[diff] [blame]768 DCHECK_EQ(OK, rv);
[email protected]9e743cd2010-03-16 07:03:53[diff] [blame]769 net_log_.BeginEvent(
[email protected]b6754252012-06-13 23:14:38[diff] [blame]770 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART);
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]771 rv = DoDrainBodyForAuthRestart();
772 break;
773 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE:
774 rv = DoDrainBodyForAuthRestartComplete(rv);
[email protected]d7fd1782011-02-08 19:16:43[diff] [blame]775 net_log_.EndEventWithNetErrorCode(
776 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv);
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]777 break;
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]778 default:
779 NOTREACHED() << "bad state";
780 rv = ERR_FAILED;
[email protected]96d570e42008-08-05 22:43:04[diff] [blame]781 break;
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]782 }
783 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
784
785 return rv;
786}
787
[email protected]1826a402014-01-08 15:40:48[diff] [blame]788int HttpNetworkTransaction::DoNotifyBeforeCreateStream() {
789 next_state_ = STATE_CREATE_STREAM;
790 bool defer = false;
791 if (!before_network_start_callback_.is_null())
792 before_network_start_callback_.Run(&defer);
793 if (!defer)
794 return OK;
795 return ERR_IO_PENDING;
796}
797
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]798int HttpNetworkTransaction::DoCreateStream() {
pkastingec2cdb52015-05-02 01:19:34[diff] [blame]799 // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed.
pkastinga9269aa42015-04-10 01:42:26[diff] [blame]800 tracked_objects::ScopedTracker tracking_profile(
801 FROM_HERE_WITH_EXPLICIT_FUNCTION(
802 "424359 HttpNetworkTransaction::DoCreateStream"));
803
ttuttlec0c828492015-05-15 01:25:55[diff] [blame]804 response_.network_accessed = true;
805
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]806 next_state_ = STATE_CREATE_STREAM_COMPLETE;
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]807 if (ForWebSocketHandshake()) {
808 stream_request_.reset(
[email protected]0191b51c2013-11-18 10:55:23[diff] [blame]809 session_->http_stream_factory_for_websocket()
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]810 ->RequestWebSocketHandshakeStream(
811 *request_,
812 priority_,
813 server_ssl_config_,
814 proxy_ssl_config_,
815 this,
816 websocket_handshake_stream_base_create_helper_,
817 net_log_));
818 } else {
819 stream_request_.reset(
820 session_->http_stream_factory()->RequestStream(
821 *request_,
822 priority_,
823 server_ssl_config_,
824 proxy_ssl_config_,
825 this,
826 net_log_));
827 }
[email protected]26816882010-10-14 18:03:09[diff] [blame]828 DCHECK(stream_request_.get());
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]829 return ERR_IO_PENDING;
[email protected]351ab642010-08-05 16:55:31[diff] [blame]830}
831
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]832int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
ttuttle1f2d7e92015-04-28 16:17:47[diff] [blame]833 // If |result| is ERR_HTTPS_PROXY_TUNNEL_RESPONSE, then
834 // DoCreateStreamComplete is being called from OnHttpsProxyTunnelResponse,
835 // which resets the stream request first. Therefore, we have to grab the
836 // connection attempts in *that* function instead of here in that case.
837 if (result != ERR_HTTPS_PROXY_TUNNEL_RESPONSE)
838 CopyConnectionAttemptsFromStreamRequest();
839
davidben701ca982015-05-18 21:21:42[diff] [blame]840 if (request_->url.SchemeIsCryptographic())
841 RecordSSLFallbackMetrics(result);
842
[email protected]394816e92010-08-03 07:38:59[diff] [blame]843 if (result == OK) {
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]844 next_state_ = STATE_INIT_STREAM;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]845 DCHECK(stream_.get());
[email protected]adb00242010-10-29 03:04:33[diff] [blame]846 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
847 result = HandleCertificateRequest(result);
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]848 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
849 // Return OK and let the caller read the proxy's error page
850 next_state_ = STATE_NONE;
851 return OK;
bncfacdd852015-01-09 19:22:54[diff] [blame]852 } else if (result == ERR_HTTP_1_1_REQUIRED ||
853 result == ERR_PROXY_HTTP_1_1_REQUIRED) {
854 return HandleHttp11Required(result);
[email protected]394816e92010-08-03 07:38:59[diff] [blame]855 }
856
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]857 // Handle possible handshake errors that may have occurred if the stream
858 // used SSL for one or more of the layers.
859 result = HandleSSLHandshakeError(result);
860
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]861 // At this point we are done with the stream_request_.
[email protected]26816882010-10-14 18:03:09[diff] [blame]862 stream_request_.reset();
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]863 return result;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]864}
865
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]866int HttpNetworkTransaction::DoInitStream() {
867 DCHECK(stream_.get());
868 next_state_ = STATE_INIT_STREAM_COMPLETE;
ttuttled9dbc652015-09-29 20:00:59[diff] [blame]869
870 stream_->GetRemoteEndpoint(&remote_endpoint_);
871
[email protected]262eec82013-03-19 21:01:36[diff] [blame]872 return stream_->InitializeStream(request_, priority_, net_log_, io_callback_);
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]873}
874
875int HttpNetworkTransaction::DoInitStreamComplete(int result) {
876 if (result == OK) {
877 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]878 } else {
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]879 if (result < 0)
[email protected]044dcc52010-09-17 15:44:26[diff] [blame]880 result = HandleIOError(result);
881
882 // The stream initialization failed, so this stream will never be useful.
sclittlefb249892015-09-10 21:33:22[diff] [blame]883 if (stream_) {
884 total_received_bytes_ += stream_->GetTotalReceivedBytes();
885 total_sent_bytes_ += stream_->GetTotalSentBytes();
886 }
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]887 CacheNetErrorDetailsAndResetStream();
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]888 }
889
890 return result;
891}
892
[email protected]044de0642010-06-17 10:42:15[diff] [blame]893int HttpNetworkTransaction::DoGenerateProxyAuthToken() {
894 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
895 if (!ShouldApplyProxyAuth())
896 return OK;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]897 HttpAuth::Target target = HttpAuth::AUTH_PROXY;
898 if (!auth_controllers_[target].get())
[email protected]3598c6022010-09-17 23:13:09[diff] [blame]899 auth_controllers_[target] =
900 new HttpAuthController(target,
901 AuthURL(target),
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]902 session_->http_auth_cache(),
[email protected]3598c6022010-09-17 23:13:09[diff] [blame]903 session_->http_auth_handler_factory());
[email protected]394816e92010-08-03 07:38:59[diff] [blame]904 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]905 io_callback_,
[email protected]394816e92010-08-03 07:38:59[diff] [blame]906 net_log_);
[email protected]044de0642010-06-17 10:42:15[diff] [blame]907}
908
909int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) {
910 DCHECK_NE(ERR_IO_PENDING, rv);
911 if (rv == OK)
912 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN;
913 return rv;
914}
915
916int HttpNetworkTransaction::DoGenerateServerAuthToken() {
917 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]918 HttpAuth::Target target = HttpAuth::AUTH_SERVER;
[email protected]2217aa22013-10-11 03:03:54[diff] [blame]919 if (!auth_controllers_[target].get()) {
[email protected]3598c6022010-09-17 23:13:09[diff] [blame]920 auth_controllers_[target] =
921 new HttpAuthController(target,
922 AuthURL(target),
[email protected]102e27c2011-02-23 01:01:31[diff] [blame]923 session_->http_auth_cache(),
[email protected]3598c6022010-09-17 23:13:09[diff] [blame]924 session_->http_auth_handler_factory());
[email protected]2217aa22013-10-11 03:03:54[diff] [blame]925 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY)
926 auth_controllers_[target]->DisableEmbeddedIdentity();
927 }
[email protected]044de0642010-06-17 10:42:15[diff] [blame]928 if (!ShouldApplyServerAuth())
929 return OK;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]930 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]931 io_callback_,
[email protected]394816e92010-08-03 07:38:59[diff] [blame]932 net_log_);
[email protected]044de0642010-06-17 10:42:15[diff] [blame]933}
934
935int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
936 DCHECK_NE(ERR_IO_PENDING, rv);
937 if (rv == OK)
nharperd6e65822016-03-30 23:05:48[diff] [blame]938 next_state_ = STATE_GET_PROVIDED_TOKEN_BINDING_KEY;
[email protected]044de0642010-06-17 10:42:15[diff] [blame]939 return rv;
940}
941
nharperd6e65822016-03-30 23:05:48[diff] [blame]942int HttpNetworkTransaction::DoGetProvidedTokenBindingKey() {
943 next_state_ = STATE_GET_PROVIDED_TOKEN_BINDING_KEY_COMPLETE;
nharperb7441ef2016-01-25 23:54:14[diff] [blame]944 if (!IsTokenBindingEnabled())
945 return OK;
946
947 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY);
948 ChannelIDService* channel_id_service = session_->params().channel_id_service;
949 return channel_id_service->GetOrCreateChannelID(
nharperd6e65822016-03-30 23:05:48[diff] [blame]950 request_->url.host(), &provided_token_binding_key_, io_callback_,
nharperb7441ef2016-01-25 23:54:14[diff] [blame]951 &token_binding_request_);
952}
953
nharperd6e65822016-03-30 23:05:48[diff] [blame]954int HttpNetworkTransaction::DoGetProvidedTokenBindingKeyComplete(int rv) {
nharperb7441ef2016-01-25 23:54:14[diff] [blame]955 DCHECK_NE(ERR_IO_PENDING, rv);
nharperd6e65822016-03-30 23:05:48[diff] [blame]956 if (IsTokenBindingEnabled()) {
957 net_log_.EndEventWithNetErrorCode(
958 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv);
959 }
960
961 if (rv == OK)
962 next_state_ = STATE_GET_REFERRED_TOKEN_BINDING_KEY;
963 return rv;
964}
965
966int HttpNetworkTransaction::DoGetReferredTokenBindingKey() {
967 next_state_ = STATE_GET_REFERRED_TOKEN_BINDING_KEY_COMPLETE;
968 if (!IsTokenBindingEnabled() || request_->token_binding_referrer.empty())
nharperb7441ef2016-01-25 23:54:14[diff] [blame]969 return OK;
970
nharperd6e65822016-03-30 23:05:48[diff] [blame]971 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY);
972 ChannelIDService* channel_id_service = session_->params().channel_id_service;
973 return channel_id_service->GetOrCreateChannelID(
974 request_->token_binding_referrer, &referred_token_binding_key_,
975 io_callback_, &token_binding_request_);
976}
977
978int HttpNetworkTransaction::DoGetReferredTokenBindingKeyComplete(int rv) {
979 DCHECK_NE(ERR_IO_PENDING, rv);
980 if (IsTokenBindingEnabled() && !request_->token_binding_referrer.empty()) {
981 net_log_.EndEventWithNetErrorCode(
982 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv);
983 }
984 if (rv == OK)
985 next_state_ = STATE_INIT_REQUEST_BODY;
nharperb7441ef2016-01-25 23:54:14[diff] [blame]986 return rv;
987}
988
989int HttpNetworkTransaction::BuildRequestHeaders(
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]990 bool using_http_proxy_without_tunnel) {
[email protected]2979a492011-04-06 00:29:14[diff] [blame]991 request_headers_.SetHeader(HttpRequestHeaders::kHost,
992 GetHostAndOptionalPort(request_->url));
993
994 // For compat with HTTP/1.0 servers and proxies:
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]995 if (using_http_proxy_without_tunnel) {
[email protected]2979a492011-04-06 00:29:14[diff] [blame]996 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
997 "keep-alive");
998 } else {
999 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
1000 }
1001
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1002 // Add a content length header?
[email protected]bf3eb002012-11-15 05:50:11[diff] [blame]1003 if (request_->upload_data_stream) {
1004 if (request_->upload_data_stream->is_chunked()) {
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1005 request_headers_.SetHeader(
1006 HttpRequestHeaders::kTransferEncoding, "chunked");
1007 } else {
1008 request_headers_.SetHeader(
1009 HttpRequestHeaders::kContentLength,
[email protected]bf3eb002012-11-15 05:50:11[diff] [blame]1010 base::Uint64ToString(request_->upload_data_stream->size()));
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1011 }
csharrisonf473dd192015-08-18 13:54:13[diff] [blame]1012 } else if (request_->method == "POST" || request_->method == "PUT") {
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1013 // An empty POST/PUT request still needs a content length. As for HEAD,
1014 // IE and Safari also add a content length header. Presumably it is to
1015 // support sending a HEAD request to an URL that only expects to be sent a
1016 // POST or some other method that normally would have a message body.
csharrisonf473dd192015-08-18 13:54:13[diff] [blame]1017 // Firefox (40.0) does not send the header, and RFC 7230 & 7231
1018 // specify that it should not be sent due to undefined behavior.
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1019 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
1020 }
1021
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1022 RecordTokenBindingSupport();
nharperd6e65822016-03-30 23:05:48[diff] [blame]1023 if (provided_token_binding_key_) {
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1024 std::string token_binding_header;
1025 int rv = BuildTokenBindingHeader(&token_binding_header);
1026 if (rv != OK)
1027 return rv;
1028 request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding,
1029 token_binding_header);
1030 }
1031
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1032 // Honor load flags that impact proxy caches.
1033 if (request_->load_flags & LOAD_BYPASS_CACHE) {
1034 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
1035 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
1036 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
1037 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
1038 }
1039
1040 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
1041 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
1042 &request_headers_);
1043 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
1044 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
1045 &request_headers_);
1046
[email protected]c10450102011-06-27 09:06:16[diff] [blame]1047 request_headers_.MergeFrom(request_->extra_headers);
[email protected]1252d42f2014-07-01 21:20:20[diff] [blame]1048
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]1049 if (using_http_proxy_without_tunnel &&
1050 !before_proxy_headers_sent_callback_.is_null())
[email protected]1252d42f2014-07-01 21:20:20[diff] [blame]1051 before_proxy_headers_sent_callback_.Run(proxy_info_, &request_headers_);
1052
[email protected]173f8e22013-04-10 04:18:20[diff] [blame]1053 response_.did_use_http_auth =
1054 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
1055 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1056 return OK;
1057}
1058
1059int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) {
nharpercb66ad0202016-03-11 18:17:47[diff] [blame]1060 base::TimeTicks start = base::TimeTicks::Now();
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1061 std::vector<uint8_t> signed_ekm;
nharperd6e65822016-03-30 23:05:48[diff] [blame]1062 int rv = stream_->GetSignedEKMForTokenBinding(
1063 provided_token_binding_key_.get(), &signed_ekm);
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1064 if (rv != OK)
1065 return rv;
1066 std::string provided_token_binding;
nharperd6e65822016-03-30 23:05:48[diff] [blame]1067 rv = BuildTokenBinding(TokenBindingType::PROVIDED,
1068 provided_token_binding_key_.get(), signed_ekm,
1069 &provided_token_binding);
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1070 if (rv != OK)
1071 return rv;
nharperd6e65822016-03-30 23:05:48[diff] [blame]1072
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1073 std::vector<base::StringPiece> token_bindings;
1074 token_bindings.push_back(provided_token_binding);
nharperd6e65822016-03-30 23:05:48[diff] [blame]1075
1076 std::string referred_token_binding;
1077 if (referred_token_binding_key_) {
1078 std::vector<uint8_t> referred_signed_ekm;
1079 int rv = stream_->GetSignedEKMForTokenBinding(
1080 referred_token_binding_key_.get(), &referred_signed_ekm);
1081 if (rv != OK)
1082 return rv;
1083 rv = BuildTokenBinding(TokenBindingType::REFERRED,
1084 referred_token_binding_key_.get(),
1085 referred_signed_ekm, &referred_token_binding);
1086 if (rv != OK)
1087 return rv;
1088 token_bindings.push_back(referred_token_binding);
1089 }
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1090 std::string header;
1091 rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header);
1092 if (rv != OK)
1093 return rv;
1094 base::Base64UrlEncode(header, base::Base64UrlEncodePolicy::INCLUDE_PADDING,
1095 out);
nharpercb66ad0202016-03-11 18:17:47[diff] [blame]1096 base::TimeDelta header_creation_time = base::TimeTicks::Now() - start;
1097 UMA_HISTOGRAM_CUSTOM_TIMES("Net.TokenBinding.HeaderCreationTime",
1098 header_creation_time,
1099 base::TimeDelta::FromMilliseconds(1),
1100 base::TimeDelta::FromMinutes(1), 50);
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1101 return OK;
[email protected]2979a492011-04-06 00:29:14[diff] [blame]1102}
1103
[email protected]daddea62012-09-19 05:51:13[diff] [blame]1104int HttpNetworkTransaction::DoInitRequestBody() {
1105 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
[email protected]daddea62012-09-19 05:51:13[diff] [blame]1106 int rv = OK;
[email protected]bf3eb002012-11-15 05:50:11[diff] [blame]1107 if (request_->upload_data_stream)
1108 rv = request_->upload_data_stream->Init(io_callback_);
[email protected]daddea62012-09-19 05:51:13[diff] [blame]1109 return rv;
1110}
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]1111
[email protected]daddea62012-09-19 05:51:13[diff] [blame]1112int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
1113 if (result == OK)
1114 next_state_ = STATE_BUILD_REQUEST;
[email protected]daddea62012-09-19 05:51:13[diff] [blame]1115 return result;
1116}
1117
1118int HttpNetworkTransaction::DoBuildRequest() {
1119 next_state_ = STATE_BUILD_REQUEST_COMPLETE;
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]1120 headers_valid_ = false;
1121
1122 // This is constructed lazily (instead of within our Start method), so that
1123 // we have proxy info available.
1124 if (request_headers_.IsEmpty()) {
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]1125 bool using_http_proxy_without_tunnel = UsingHttpProxyWithoutTunnel();
nharperb7441ef2016-01-25 23:54:14[diff] [blame]1126 return BuildRequestHeaders(using_http_proxy_without_tunnel);
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]1127 }
1128
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]1129 return OK;
1130}
1131
1132int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
[email protected]9f489d72011-04-04 23:29:24[diff] [blame]1133 if (result == OK)
1134 next_state_ = STATE_SEND_REQUEST;
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]1135 return result;
1136}
1137
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1138int HttpNetworkTransaction::DoSendRequest() {
pkastingec2cdb52015-05-02 01:19:34[diff] [blame]1139 // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed.
pkastinga9269aa42015-04-10 01:42:26[diff] [blame]1140 tracked_objects::ScopedTracker tracking_profile(
1141 FROM_HERE_WITH_EXPLICIT_FUNCTION(
1142 "424359 HttpNetworkTransaction::DoSendRequest"));
1143
[email protected]58e32bb2013-01-21 18:23:25[diff] [blame]1144 send_start_time_ = base::TimeTicks::Now();
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1145 next_state_ = STATE_SEND_REQUEST_COMPLETE;
1146
[email protected]bf3eb002012-11-15 05:50:11[diff] [blame]1147 return stream_->SendRequest(request_headers_, &response_, io_callback_);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1148}
1149
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1150int HttpNetworkTransaction::DoSendRequestComplete(int result) {
[email protected]58e32bb2013-01-21 18:23:25[diff] [blame]1151 send_end_time_ = base::TimeTicks::Now();
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1152 if (result < 0)
1153 return HandleIOError(result);
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1154 next_state_ = STATE_READ_HEADERS;
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1155 return OK;
1156}
1157
1158int HttpNetworkTransaction::DoReadHeaders() {
1159 next_state_ = STATE_READ_HEADERS_COMPLETE;
[email protected]49639fa2011-12-20 23:22:41[diff] [blame]1160 return stream_->ReadResponseHeaders(io_callback_);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1161}
1162
1163int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
[email protected]0b45559b2009-06-12 21:45:11[diff] [blame]1164 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here
1165 // due to SSL renegotiation.
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1166 if (IsCertificateError(result)) {
1167 // We don't handle a certificate error during SSL renegotiation, so we
1168 // have to return an error that's not in the certificate error range
1169 // (-2xx).
1170 LOG(ERROR) << "Got a server certificate with error " << result
1171 << " during SSL renegotiation";
1172 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
1173 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
1174 // TODO(wtc): Need a test case for this code path!
1175 DCHECK(stream_.get());
Adam Ricecb76ac62015-02-20 05:33:25[diff] [blame]1176 DCHECK(IsSecureRequest());
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1177 response_.cert_request_info = new SSLCertRequestInfo;
[email protected]90499482013-06-01 00:39:50[diff] [blame]1178 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get());
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1179 result = HandleCertificateRequest(result);
1180 if (result == OK)
1181 return result;
[email protected]2181ea002009-06-09 01:37:27[diff] [blame]1182 }
1183
bncfacdd852015-01-09 19:22:54[diff] [blame]1184 if (result == ERR_HTTP_1_1_REQUIRED ||
1185 result == ERR_PROXY_HTTP_1_1_REQUIRED) {
1186 return HandleHttp11Required(result);
1187 }
1188
[email protected]c871864d72014-03-13 19:56:19[diff] [blame]1189 // ERR_CONNECTION_CLOSED is treated differently at this point; if partial
1190 // response headers were received, we do the best we can to make sense of it
1191 // and send it back up the stack.
1192 //
1193 // TODO(davidben): Consider moving this to HttpBasicStream, It's a little
1194 // bizarre for SPDY. Assuming this logic is useful at all.
1195 // TODO(davidben): Bubble the error code up so we do not cache?
1196 if (result == ERR_CONNECTION_CLOSED && response_.headers.get())
1197 result = OK;
1198
1199 if (result < 0)
1200 return HandleIOError(result);
1201
[email protected]90499482013-06-01 00:39:50[diff] [blame]1202 DCHECK(response_.headers.get());
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1203
[email protected]d58ceea82014-06-04 10:55:54[diff] [blame]1204 // On a 408 response from the server ("Request Timeout") on a stale socket,
1205 // retry the request.
[email protected]0aff0d82014-06-14 08:49:04[diff] [blame]1206 // Headers can be NULL because of http://crbug.com/384554.
1207 if (response_.headers.get() && response_.headers->response_code() == 408 &&
[email protected]d58ceea82014-06-04 10:55:54[diff] [blame]1208 stream_->IsConnectionReused()) {
1209 net_log_.AddEventWithNetErrorCode(
1210 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR,
1211 response_.headers->response_code());
1212 // This will close the socket - it would be weird to try and reuse it, even
1213 // if the server doesn't actually close it.
1214 ResetConnectionAndRequestForResend();
1215 return OK;
1216 }
1217
[email protected]93f8b562012-03-27 01:00:16[diff] [blame]1218 // Like Net.HttpResponseCode, but only for MAIN_FRAME loads.
1219 if (request_->load_flags & LOAD_MAIN_FRAME) {
1220 const int response_code = response_.headers->response_code();
1221 UMA_HISTOGRAM_ENUMERATION(
1222 "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10);
1223 }
1224
[email protected]3abacd62012-06-10 20:20:32[diff] [blame]1225 net_log_.AddEvent(
1226 NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS,
1227 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers));
[email protected]dbb83db2010-05-11 18:13:39[diff] [blame]1228
bncbe0f6af2015-10-15 17:49:56[diff] [blame]1229 if (response_.headers->GetHttpVersion() < HttpVersion(1, 0)) {
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1230 // HTTP/0.9 doesn't support the PUT method, so lack of response headers
1231 // indicates a buggy server. See:
1232 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921
1233 if (request_->method == "PUT")
1234 return ERR_METHOD_NOT_SUPPORTED;
1235 }
[email protected]4ddaf2502008-10-23 18:26:19[diff] [blame]1236
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1237 // Check for an intermediate 100 Continue response. An origin server is
1238 // allowed to send this response even if we didn't ask for it, so we just
1239 // need to skip over it.
1240 // We treat any other 1xx in this same way (although in practice getting
1241 // a 1xx that isn't a 100 is rare).
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]1242 // Unless this is a WebSocket request, in which case we pass it on up.
1243 if (response_.headers->response_code() / 100 == 1 &&
1244 !ForWebSocketHandshake()) {
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]1245 response_.headers = new HttpResponseHeaders(std::string());
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1246 next_state_ = STATE_READ_HEADERS;
1247 return OK;
1248 }
1249
xunjielib3a648e2016-03-22 03:39:51[diff] [blame]1250 session_->http_stream_factory()->ProcessAlternativeServices(
1251 session_, response_.headers.get(), HostPortPair::FromURL(request_->url));
[email protected]564b4912010-03-09 16:30:42[diff] [blame]1252
asanka5ffd5d72016-03-23 16:20:49[diff] [blame]1253 if (IsSecureRequest())
1254 stream_->GetSSLInfo(&response_.ssl_info);
1255
[email protected]e772db3f2010-07-12 18:11:13[diff] [blame]1256 int rv = HandleAuthChallenge();
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1257 if (rv != OK)
1258 return rv;
1259
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1260 headers_valid_ = true;
1261 return OK;
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1262}
1263
1264int HttpNetworkTransaction::DoReadBody() {
[email protected]90499482013-06-01 00:39:50[diff] [blame]1265 DCHECK(read_buf_.get());
[email protected]6501bc02009-06-25 20:55:13[diff] [blame]1266 DCHECK_GT(read_buf_len_, 0);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1267 DCHECK(stream_ != NULL);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1268
1269 next_state_ = STATE_READ_BODY_COMPLETE;
[email protected]90499482013-06-01 00:39:50[diff] [blame]1270 return stream_->ReadResponseBody(
1271 read_buf_.get(), read_buf_len_, io_callback_);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1272}
1273
1274int HttpNetworkTransaction::DoReadBodyComplete(int result) {
1275 // We are done with the Read call.
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1276 bool done = false;
1277 if (result <= 0) {
1278 DCHECK_NE(ERR_IO_PENDING, result);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1279 done = true;
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1280 }
[email protected]9492e4a2010-02-24 00:58:46[diff] [blame]1281
mmenkebd84c392015-09-02 14:12:34[diff] [blame]1282 // Clean up connection if we are done.
1283 if (done) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1284 // Note: Just because IsResponseBodyComplete is true, we're not
1285 // necessarily "done". We're only "done" when it is the last
1286 // read on this HttpNetworkTransaction, which will be signified
1287 // by a zero-length read.
mmenkebd84c392015-09-02 14:12:34[diff] [blame]1288 // TODO(mbelshe): The keep-alive property is really a property of
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1289 // the stream. No need to compute it here just to pass back
1290 // to the stream's Close function.
mmenkebd84c392015-09-02 14:12:34[diff] [blame]1291 bool keep_alive =
1292 stream_->IsResponseBodyComplete() && stream_->CanReuseConnection();
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1293
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1294 stream_->Close(!keep_alive);
[email protected]e2a915a2010-08-19 07:55:01[diff] [blame]1295 // Note: we don't reset the stream here. We've closed it, but we still
1296 // need it around so that callers can call methods such as
1297 // GetUploadProgress() and have them be meaningful.
1298 // TODO(mbelshe): This means we closed the stream here, and we close it
1299 // again in ~HttpNetworkTransaction. Clean that up.
1300
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1301 // The next Read call will return 0 (EOF).
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1302 }
1303
1304 // Clear these to avoid leaving around old state.
1305 read_buf_ = NULL;
1306 read_buf_len_ = 0;
1307
1308 return result;
1309}
1310
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]1311int HttpNetworkTransaction::DoDrainBodyForAuthRestart() {
1312 // This method differs from DoReadBody only in the next_state_. So we just
1313 // call DoReadBody and override the next_state_. Perhaps there is a more
1314 // elegant way for these two methods to share code.
1315 int rv = DoReadBody();
1316 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE);
1317 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE;
1318 return rv;
1319}
1320
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1321// TODO(wtc): This method and the DoReadBodyComplete method are almost
1322// the same. Figure out a good way for these two methods to share code.
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]1323int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) {
[email protected]68873ba2009-06-04 21:49:23[diff] [blame]1324 // keep_alive defaults to true because the very reason we're draining the
1325 // response body is to reuse the connection for auth restart.
1326 bool done = false, keep_alive = true;
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]1327 if (result < 0) {
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1328 // Error or closed connection while reading the socket.
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]1329 done = true;
[email protected]68873ba2009-06-04 21:49:23[diff] [blame]1330 keep_alive = false;
[email protected]351ab642010-08-05 16:55:31[diff] [blame]1331 } else if (stream_->IsResponseBodyComplete()) {
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1332 done = true;
[email protected]2d2697f92009-02-18 21:00:32[diff] [blame]1333 }
1334
1335 if (done) {
1336 DidDrainBodyForAuthRestart(keep_alive);
1337 } else {
1338 // Keep draining.
1339 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
1340 }
1341
1342 return OK;
1343}
1344
[email protected]5e363962009-06-19 19:57:01[diff] [blame]1345int HttpNetworkTransaction::HandleCertificateRequest(int error) {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1346 // There are two paths through which the server can request a certificate
1347 // from us. The first is during the initial handshake, the second is
1348 // during SSL renegotiation.
1349 //
1350 // In both cases, we want to close the connection before proceeding.
1351 // We do this for two reasons:
1352 // First, we don't want to keep the connection to the server hung for a
1353 // long time while the user selects a certificate.
1354 // Second, even if we did keep the connection open, NSS has a bug where
1355 // restarting the handshake for ClientAuth is currently broken.
[email protected]65a3b912010-08-21 05:46:58[diff] [blame]1356 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1357
1358 if (stream_.get()) {
1359 // Since we already have a stream, we're being called as part of SSL
1360 // renegotiation.
1361 DCHECK(!stream_request_.get());
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]1362 total_received_bytes_ += stream_->GetTotalReceivedBytes();
sclittlefb249892015-09-10 21:33:22[diff] [blame]1363 total_sent_bytes_ += stream_->GetTotalSentBytes();
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1364 stream_->Close(true);
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]1365 CacheNetErrorDetailsAndResetStream();
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1366 }
1367
[email protected]26816882010-10-14 18:03:09[diff] [blame]1368 // The server is asking for a client certificate during the initial
1369 // handshake.
1370 stream_request_.reset();
[email protected]5e363962009-06-19 19:57:01[diff] [blame]1371
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1372 // If the user selected one of the certificates in client_certs or declined
1373 // to provide one for this server before, use the past decision
1374 // automatically.
1375 scoped_refptr<X509Certificate> client_cert;
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1376 scoped_refptr<SSLPrivateKey> client_private_key;
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1377 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup(
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1378 response_.cert_request_info->host_and_port, &client_cert,
1379 &client_private_key);
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1380 if (!found_cached_cert)
1381 return error;
1382
1383 // Check that the certificate selected is still a certificate the server
1384 // is likely to accept, based on the criteria supplied in the
1385 // CertificateRequest message.
[email protected]90499482013-06-01 00:39:50[diff] [blame]1386 if (client_cert.get()) {
[email protected]f1958c382013-02-07 00:15:26[diff] [blame]1387 const std::vector<std::string>& cert_authorities =
1388 response_.cert_request_info->cert_authorities;
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1389
[email protected]f1958c382013-02-07 00:15:26[diff] [blame]1390 bool cert_still_valid = cert_authorities.empty() ||
1391 client_cert->IsIssuedByEncoded(cert_authorities);
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1392 if (!cert_still_valid)
1393 return error;
[email protected]5e363962009-06-19 19:57:01[diff] [blame]1394 }
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1395
1396 // TODO(davidben): Add a unit test which covers this path; we need to be
1397 // able to send a legitimate certificate and also bypass/clear the
1398 // SSL session cache.
[email protected]102957f2011-09-02 17:10:14[diff] [blame]1399 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
1400 &proxy_ssl_config_ : &server_ssl_config_;
1401 ssl_config->send_client_cert = true;
1402 ssl_config->client_cert = client_cert;
svaldez7872fd02015-11-19 21:10:54[diff] [blame]1403 ssl_config->client_private_key = client_private_key;
[email protected]ec229bc92010-11-22 09:51:45[diff] [blame]1404 next_state_ = STATE_CREATE_STREAM;
1405 // Reset the other member variables.
1406 // Note: this is necessary only with SSL renegotiation.
1407 ResetStateForRestart();
1408 return OK;
[email protected]0b45559b2009-06-12 21:45:11[diff] [blame]1409}
1410
bncfacdd852015-01-09 19:22:54[diff] [blame]1411int HttpNetworkTransaction::HandleHttp11Required(int error) {
1412 DCHECK(error == ERR_HTTP_1_1_REQUIRED ||
1413 error == ERR_PROXY_HTTP_1_1_REQUIRED);
1414
1415 if (error == ERR_HTTP_1_1_REQUIRED) {
1416 HttpServerProperties::ForceHTTP11(&server_ssl_config_);
1417 } else {
1418 HttpServerProperties::ForceHTTP11(&proxy_ssl_config_);
1419 }
1420 ResetConnectionAndRequestForResend();
1421 return OK;
1422}
1423
[email protected]384cc73a2013-12-08 22:41:03[diff] [blame]1424void HttpNetworkTransaction::HandleClientAuthError(int error) {
1425 if (server_ssl_config_.send_client_cert &&
1426 (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
1427 session_->ssl_client_auth_cache()->Remove(
[email protected]791879c2013-12-17 07:22:41[diff] [blame]1428 HostPortPair::FromURL(request_->url));
[email protected]384cc73a2013-12-08 22:41:03[diff] [blame]1429 }
1430}
1431
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1432// TODO(rch): This does not correctly handle errors when an SSL proxy is
1433// being used, as all of the errors are handled as if they were generated
1434// by the endpoint host, request_->url, rather than considering if they were
[email protected]1c53a1f2011-01-13 00:36:38[diff] [blame]1435// generated by the SSL proxy. http://crbug.com/69329
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1436int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
1437 DCHECK(request_);
[email protected]384cc73a2013-12-08 22:41:03[diff] [blame]1438 HandleClientAuthError(error);
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1439
davidbena4c9d062015-04-03 22:34:25[diff] [blame]1440 // Accept deprecated cipher suites, but only on a fallback. This makes UMA
1441 // reflect servers require a deprecated cipher rather than merely prefer
1442 // it. This, however, has no security benefit until the ciphers are actually
1443 // removed.
davidben14b1a532015-10-30 16:01:09[diff] [blame]1444 if (!server_ssl_config_.deprecated_cipher_suites_enabled &&
davidbena4c9d062015-04-03 22:34:25[diff] [blame]1445 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH ||
1446 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) {
1447 net_log_.AddEvent(
1448 NetLog::TYPE_SSL_CIPHER_FALLBACK,
1449 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error));
davidben14b1a532015-10-30 16:01:09[diff] [blame]1450 server_ssl_config_.deprecated_cipher_suites_enabled = true;
davidbena4c9d062015-04-03 22:34:25[diff] [blame]1451 ResetConnectionAndRequestForResend();
1452 return OK;
1453 }
1454
davidben3b267512016-02-24 19:46:55[diff] [blame]1455 // TODO(davidben): Remove this code once the dedicated error code is no
1456 // longer needed and the flags to re-enable the fallback expire.
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1457 bool should_fallback = false;
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]1458 uint16_t version_max = server_ssl_config_.version_max;
[email protected]158ac972013-04-19 23:29:23[diff] [blame]1459
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1460 switch (error) {
davidben3b267512016-02-24 19:46:55[diff] [blame]1461 // This could be a TLS-intolerant server or a server that chose a
1462 // cipher suite defined only for higher protocol versions (such as
1463 // an TLS 1.1 server that chose a TLS-1.2-only cipher suite). Fall
1464 // back to the next lower version and retry.
[email protected]12833302014-07-02 01:57:31[diff] [blame]1465 case ERR_CONNECTION_CLOSED:
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1466 case ERR_SSL_PROTOCOL_ERROR:
1467 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
davidben3b267512016-02-24 19:46:55[diff] [blame]1468 // Some servers trigger the TLS 1.1 fallback with ERR_CONNECTION_RESET
1469 // (https://crbug.com/433406).
[email protected]12833302014-07-02 01:57:31[diff] [blame]1470 case ERR_CONNECTION_RESET:
davidben3b267512016-02-24 19:46:55[diff] [blame]1471 // This was added for the TLS 1.0 fallback (https://crbug.com/260358) which
1472 // has since been removed, but other servers may be relying on it for the
1473 // TLS 1.1 fallback. It will be removed with the remainder of the fallback.
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1474 case ERR_SSL_BAD_RECORD_MAC_ALERT:
davidben3b267512016-02-24 19:46:55[diff] [blame]1475 // Fallback down to a TLS 1.1 ClientHello. By default, this is rejected
1476 // but surfaces ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION to help diagnose
1477 // server bugs.
1478 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_2 &&
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1479 version_max > server_ssl_config_.version_min) {
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1480 version_max--;
1481 should_fallback = true;
1482 }
1483 break;
[email protected]a53e4d12013-12-07 16:37:24[diff] [blame]1484 case ERR_SSL_INAPPROPRIATE_FALLBACK:
1485 // The server told us that we should not have fallen back. A buggy server
1486 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial
1487 // connection. |fallback_error_code_| is initialised to
1488 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case.
1489 error = fallback_error_code_;
1490 break;
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1491 }
1492
1493 if (should_fallback) {
1494 net_log_.AddEvent(
1495 NetLog::TYPE_SSL_VERSION_FALLBACK,
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]1496 base::Bind(&NetLogSSLVersionFallbackCallback, &request_->url, error,
1497 server_ssl_failure_state_, server_ssl_config_.version_max,
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1498 version_max));
[email protected]a53e4d12013-12-07 16:37:24[diff] [blame]1499 fallback_error_code_ = error;
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]1500 fallback_failure_state_ = server_ssl_failure_state_;
[email protected]02d1d442013-08-10 13:38:26[diff] [blame]1501 server_ssl_config_.version_max = version_max;
1502 server_ssl_config_.version_fallback = true;
1503 ResetConnectionAndRequestForResend();
1504 error = OK;
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1505 }
[email protected]158ac972013-04-19 23:29:23[diff] [blame]1506
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]1507 return error;
1508}
1509
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1510// This method determines whether it is safe to resend the request after an
1511// IO error. It can only be called in response to request header or body
1512// write errors or response header read errors. It should not be used in
1513// other cases, such as a Connect error.
1514int HttpNetworkTransaction::HandleIOError(int error) {
[email protected]384cc73a2013-12-08 22:41:03[diff] [blame]1515 // Because the peer may request renegotiation with client authentication at
1516 // any time, check and handle client authentication errors.
1517 HandleClientAuthError(error);
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1518
1519 switch (error) {
1520 // If we try to reuse a connection that the server is in the process of
1521 // closing, we may end up successfully writing out our request (or a
1522 // portion of our request) only to find a connection error when we try to
1523 // read from (or finish writing to) the socket.
1524 case ERR_CONNECTION_RESET:
1525 case ERR_CONNECTION_CLOSED:
1526 case ERR_CONNECTION_ABORTED:
[email protected]202965992011-12-07 23:04:51[diff] [blame]1527 // There can be a race between the socket pool checking checking whether a
1528 // socket is still connected, receiving the FIN, and sending/reading data
1529 // on a reused socket. If we receive the FIN between the connectedness
1530 // check and writing/reading from the socket, we may first learn the socket
1531 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most
1532 // likely happen when trying to retrieve its IP address.
1533 // See http://crbug.com/105824 for more details.
1534 case ERR_SOCKET_NOT_CONNECTED:
[email protected]a34f61ee2014-03-18 20:59:49[diff] [blame]1535 // If a socket is closed on its initial request, HttpStreamParser returns
1536 // ERR_EMPTY_RESPONSE. This may still be close/reuse race if the socket was
1537 // preconnected but failed to be used before the server timed it out.
1538 case ERR_EMPTY_RESPONSE:
1539 if (ShouldResendRequest()) {
[email protected]b6754252012-06-13 23:14:38[diff] [blame]1540 net_log_.AddEventWithNetErrorCode(
1541 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1542 ResetConnectionAndRequestForResend();
1543 error = OK;
1544 }
1545 break;
[email protected]8753a122011-10-16 08:05:08[diff] [blame]1546 case ERR_SPDY_PING_FAILED:
[email protected]721c0ce2011-10-13 02:41:00[diff] [blame]1547 case ERR_SPDY_SERVER_REFUSED_STREAM:
[email protected]4d283b32013-10-17 12:57:27[diff] [blame]1548 case ERR_QUIC_HANDSHAKE_FAILED:
[email protected]b6754252012-06-13 23:14:38[diff] [blame]1549 net_log_.AddEventWithNetErrorCode(
1550 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
[email protected]721c0ce2011-10-13 02:41:00[diff] [blame]1551 ResetConnectionAndRequestForResend();
1552 error = OK;
1553 break;
[email protected]bd0b6772011-01-11 19:59:30[diff] [blame]1554 }
1555 return error;
1556}
1557
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1558void HttpNetworkTransaction::ResetStateForRestart() {
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]1559 ResetStateForAuthRestart();
sclittlefb249892015-09-10 21:33:22[diff] [blame]1560 if (stream_) {
[email protected]b8015c42013-12-24 15:18:19[diff] [blame]1561 total_received_bytes_ += stream_->GetTotalReceivedBytes();
sclittlefb249892015-09-10 21:33:22[diff] [blame]1562 total_sent_bytes_ += stream_->GetTotalSentBytes();
1563 }
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]1564 CacheNetErrorDetailsAndResetStream();
[email protected]697ef4c2010-10-14 16:38:58[diff] [blame]1565}
1566
1567void HttpNetworkTransaction::ResetStateForAuthRestart() {
[email protected]58e32bb2013-01-21 18:23:25[diff] [blame]1568 send_start_time_ = base::TimeTicks();
1569 send_end_time_ = base::TimeTicks();
[email protected]58e32bb2013-01-21 18:23:25[diff] [blame]1570
[email protected]0757e7702009-03-27 04:00:22[diff] [blame]1571 pending_auth_target_ = HttpAuth::AUTH_NONE;
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1572 read_buf_ = NULL;
1573 read_buf_len_ = 0;
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1574 headers_valid_ = false;
[email protected]b94f92d2010-10-27 16:45:20[diff] [blame]1575 request_headers_.Clear();
[email protected]a7e41312009-12-16 23:18:14[diff] [blame]1576 response_ = HttpResponseInfo();
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1577 establishing_tunnel_ = false;
ttuttled9dbc652015-09-29 20:00:59[diff] [blame]1578 remote_endpoint_ = IPEndPoint();
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]1579 net_error_details_.quic_broken = false;
1580 net_error_details_.quic_connection_error = QUIC_NO_ERROR;
nharperd6e65822016-03-30 23:05:48[diff] [blame]1581 provided_token_binding_key_.reset();
1582 referred_token_binding_key_.reset();
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]1583}
1584
1585void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() {
1586 if (stream_)
1587 stream_->PopulateNetErrorDetails(&net_error_details_);
1588 stream_.reset();
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1589}
1590
davidben701ca982015-05-18 21:21:42[diff] [blame]1591void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) {
1592 if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK)
1593 return;
1594
1595 const std::string& host = request_->url.host();
brettwa7ff1b292015-07-16 17:49:29[diff] [blame]1596 bool is_google = base::EndsWith(host, "google.com",
1597 base::CompareCase::SENSITIVE) &&
davidben701ca982015-05-18 21:21:42[diff] [blame]1598 (host.size() == 10 || host[host.size() - 11] == '.');
1599 if (is_google) {
1600 // Some fraction of successful connections use the fallback, but only due to
1601 // a spurious network failure. To estimate this fraction, compare handshakes
1602 // to Google servers which succeed against those that fail with an
1603 // inappropriate_fallback alert. Google servers are known to implement
1604 // FALLBACK_SCSV, so a spurious network failure while connecting would
1605 // trigger the fallback, successfully connect, but fail with this alert.
1606 UMA_HISTOGRAM_BOOLEAN("Net.GoogleConnectionInappropriateFallback",
1607 result == ERR_SSL_INAPPROPRIATE_FALLBACK);
1608 }
1609
1610 if (result != OK)
1611 return;
1612
davidbenca9d69162015-05-04 20:18:45[diff] [blame]1613 // Note: these values are used in histograms, so new values must be appended.
1614 enum FallbackVersion {
davidbenb937d6c2015-05-14 04:53:42[diff] [blame]1615 FALLBACK_NONE = 0, // SSL version fallback did not occur.
1616 // Obsolete: FALLBACK_SSL3 = 1,
davidbenca9d69162015-05-04 20:18:45[diff] [blame]1617 FALLBACK_TLS1 = 2, // Fell back to TLS 1.0.
1618 FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1.
1619 FALLBACK_MAX,
1620 };
1621
1622 FallbackVersion fallback = FALLBACK_NONE;
1623 if (server_ssl_config_.version_fallback) {
1624 switch (server_ssl_config_.version_max) {
davidbenca9d69162015-05-04 20:18:45[diff] [blame]1625 case SSL_PROTOCOL_VERSION_TLS1:
1626 fallback = FALLBACK_TLS1;
1627 break;
1628 case SSL_PROTOCOL_VERSION_TLS1_1:
1629 fallback = FALLBACK_TLS1_1;
1630 break;
1631 default:
1632 NOTREACHED();
1633 }
1634 }
1635 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback2", fallback,
1636 FALLBACK_MAX);
1637
1638 // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it
1639 // should be impossible to successfully connect to them with the fallback.
1640 // This helps estimate intolerant locally-configured SSL MITMs.
davidben701ca982015-05-18 21:21:42[diff] [blame]1641 if (is_google) {
davidbenca9d69162015-05-04 20:18:45[diff] [blame]1642 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2",
1643 fallback, FALLBACK_MAX);
1644 }
1645
1646 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2",
davidben14b1a532015-10-30 16:01:09[diff] [blame]1647 server_ssl_config_.deprecated_cipher_suites_enabled);
davidbenf2eaaf92015-05-15 22:18:42[diff] [blame]1648
1649 if (server_ssl_config_.version_fallback) {
1650 // Record the error code which triggered the fallback and the state the
1651 // handshake was in.
1652 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLFallbackErrorCode",
1653 -fallback_error_code_);
1654 UMA_HISTOGRAM_ENUMERATION("Net.SSLFallbackFailureState",
1655 fallback_failure_state_, SSL_FAILURE_MAX);
1656 }
davidbenca9d69162015-05-04 20:18:45[diff] [blame]1657}
1658
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1659HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
[email protected]90499482013-06-01 00:39:50[diff] [blame]1660 return response_.headers.get();
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1661}
1662
[email protected]a34f61ee2014-03-18 20:59:49[diff] [blame]1663bool HttpNetworkTransaction::ShouldResendRequest() const {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1664 bool connection_is_proven = stream_->IsConnectionReused();
1665 bool has_received_headers = GetResponseHeaders() != NULL;
[email protected]58cebf8f2010-07-31 19:20:16[diff] [blame]1666
[email protected]2a5c76b2008-09-25 22:15:16[diff] [blame]1667 // NOTE: we resend a request only if we reused a keep-alive connection.
1668 // This automatically prevents an infinite resend loop because we'll run
1669 // out of the cached keep-alive connections eventually.
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1670 if (connection_is_proven && !has_received_headers)
1671 return true;
1672 return false;
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]1673}
1674
1675void HttpNetworkTransaction::ResetConnectionAndRequestForResend() {
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1676 if (stream_.get()) {
1677 stream_->Close(true);
zhongyica364fbb2015-12-12 03:39:12[diff] [blame]1678 CacheNetErrorDetailsAndResetStream();
[email protected]58cebf8f2010-07-31 19:20:16[diff] [blame]1679 }
1680
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1681 // We need to clear request_headers_ because it contains the real request
1682 // headers, but we may need to resend the CONNECT request first to recreate
1683 // the SSL tunnel.
[email protected]b94f92d2010-10-27 16:45:20[diff] [blame]1684 request_headers_.Clear();
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]1685 next_state_ = STATE_CREATE_STREAM; // Resend the request.
[email protected]86ec30d2008-09-29 21:53:54[diff] [blame]1686}
1687
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]1688bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
Adam Rice425cf122015-01-19 06:18:24[diff] [blame]1689 return UsingHttpProxyWithoutTunnel();
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]1690}
license.botbf09a502008-08-24 00:55:55[diff] [blame]1691
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]1692bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
[email protected]8a1f3312010-05-25 19:25:04[diff] [blame]1693 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
[email protected]1c773ea12009-04-28 19:58:42[diff] [blame]1694}
1695
[email protected]e772db3f2010-07-12 18:11:13[diff] [blame]1696int HttpNetworkTransaction::HandleAuthChallenge() {
[email protected]ad8e04a2010-11-01 04:16:27[diff] [blame]1697 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
[email protected]90499482013-06-01 00:39:50[diff] [blame]1698 DCHECK(headers.get());
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1699
[email protected]0877e3d2009-10-17 22:29:57[diff] [blame]1700 int status = headers->response_code();
[email protected]9094b602012-02-27 21:44:58[diff] [blame]1701 if (status != HTTP_UNAUTHORIZED &&
1702 status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1703 return OK;
[email protected]9094b602012-02-27 21:44:58[diff] [blame]1704 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ?
[email protected]2227c692010-05-04 15:36:11[diff] [blame]1705 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
[email protected]038e9a32008-10-08 22:40:16[diff] [blame]1706 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
1707 return ERR_UNEXPECTED_PROXY_AUTH;
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1708
[email protected]9094b602012-02-27 21:44:58[diff] [blame]1709 // This case can trigger when an HTTPS server responds with a "Proxy
1710 // authentication required" status code through a non-authenticating
1711 // proxy.
[email protected]7a67a8152010-11-05 18:31:10[diff] [blame]1712 if (!auth_controllers_[target].get())
1713 return ERR_UNEXPECTED_PROXY_AUTH;
1714
[email protected]a7ea8832010-07-12 17:54:54[diff] [blame]1715 int rv = auth_controllers_[target]->HandleAuthChallenge(
asanka5ffd5d72016-03-23 16:20:49[diff] [blame]1716 headers, response_.ssl_info,
1717 (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
[email protected]560c0432010-07-13 20:45:31[diff] [blame]1718 net_log_);
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1719 if (auth_controllers_[target]->HaveAuthHandler())
asanka5ffd5d72016-03-23 16:20:49[diff] [blame]1720 pending_auth_target_ = target;
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1721
1722 scoped_refptr<AuthChallengeInfo> auth_info =
1723 auth_controllers_[target]->auth_info();
1724 if (auth_info.get())
1725 response_.auth_challenge = auth_info;
1726
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1727 return rv;
[email protected]f9ee6b52008-11-08 06:46:23[diff] [blame]1728}
1729
[email protected]8e6441ca2010-08-19 05:56:38[diff] [blame]1730bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
1731 return auth_controllers_[target].get() &&
1732 auth_controllers_[target]->HaveAuth();
1733}
1734
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1735GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
1736 switch (target) {
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]1737 case HttpAuth::AUTH_PROXY: {
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1738 if (!proxy_info_.proxy_server().is_valid() ||
1739 proxy_info_.proxy_server().is_direct()) {
1740 return GURL(); // There is no proxy server.
1741 }
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]1742 const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
1743 return GURL(scheme +
[email protected]2fbaecf22010-07-22 22:20:35[diff] [blame]1744 proxy_info_.proxy_server().host_port_pair().ToString());
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]1745 }
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1746 case HttpAuth::AUTH_SERVER:
[email protected]e69c1cd2014-07-29 07:42:29[diff] [blame]1747 if (ForWebSocketHandshake()) {
1748 const GURL& url = request_->url;
1749 url::Replacements<char> ws_to_http;
1750 if (url.SchemeIs("ws")) {
1751 ws_to_http.SetScheme("http", url::Component(0, 4));
1752 } else {
1753 DCHECK(url.SchemeIs("wss"));
1754 ws_to_http.SetScheme("https", url::Component(0, 5));
1755 }
1756 return url.ReplaceComponents(ws_to_http);
1757 }
[email protected]228404f2010-06-24 04:31:41[diff] [blame]1758 return request_->url;
1759 default:
1760 return GURL();
1761 }
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1762}
1763
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]1764bool HttpNetworkTransaction::ForWebSocketHandshake() const {
[email protected]23d3e022013-11-23 20:38:14[diff] [blame]1765 return websocket_handshake_stream_base_create_helper_ &&
1766 request_->url.SchemeIsWSOrWSS();
[email protected]831e4a32013-11-14 02:14:44[diff] [blame]1767}
1768
[email protected]d8eb84242010-09-25 02:25:06[diff] [blame]1769#define STATE_CASE(s) \
1770 case s: \
1771 description = base::StringPrintf("%s (0x%08X)", #s, s); \
1772 break
[email protected]aef04272010-06-28 18:03:04[diff] [blame]1773
1774std::string HttpNetworkTransaction::DescribeState(State state) {
1775 std::string description;
1776 switch (state) {
[email protected]1826a402014-01-08 15:40:48[diff] [blame]1777 STATE_CASE(STATE_NOTIFY_BEFORE_CREATE_STREAM);
[email protected]82918cc2010-08-25 17:24:50[diff] [blame]1778 STATE_CASE(STATE_CREATE_STREAM);
1779 STATE_CASE(STATE_CREATE_STREAM_COMPLETE);
[email protected]daddea62012-09-19 05:51:13[diff] [blame]1780 STATE_CASE(STATE_INIT_REQUEST_BODY);
1781 STATE_CASE(STATE_INIT_REQUEST_BODY_COMPLETE);
[email protected]4875ba12011-03-30 22:31:51[diff] [blame]1782 STATE_CASE(STATE_BUILD_REQUEST);
1783 STATE_CASE(STATE_BUILD_REQUEST_COMPLETE);
[email protected]aef04272010-06-28 18:03:04[diff] [blame]1784 STATE_CASE(STATE_SEND_REQUEST);
1785 STATE_CASE(STATE_SEND_REQUEST_COMPLETE);
1786 STATE_CASE(STATE_READ_HEADERS);
1787 STATE_CASE(STATE_READ_HEADERS_COMPLETE);
[email protected]aef04272010-06-28 18:03:04[diff] [blame]1788 STATE_CASE(STATE_READ_BODY);
1789 STATE_CASE(STATE_READ_BODY_COMPLETE);
1790 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART);
1791 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE);
[email protected]aef04272010-06-28 18:03:04[diff] [blame]1792 STATE_CASE(STATE_NONE);
1793 default:
[email protected]d8eb84242010-09-25 02:25:06[diff] [blame]1794 description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
1795 state);
[email protected]aef04272010-06-28 18:03:04[diff] [blame]1796 break;
1797 }
1798 return description;
1799}
1800
1801#undef STATE_CASE
1802
ttuttle1f2d7e92015-04-28 16:17:47[diff] [blame]1803void HttpNetworkTransaction::CopyConnectionAttemptsFromStreamRequest() {
1804 DCHECK(stream_request_);
1805
1806 // Since the transaction can restart with auth credentials, it may create a
1807 // stream more than once. Accumulate all of the connection attempts across
1808 // those streams by appending them to the vector:
1809 for (const auto& attempt : stream_request_->connection_attempts())
1810 connection_attempts_.push_back(attempt);
1811}
1812
[email protected]c3b35c22008-09-27 03:19:42[diff] [blame]1813} // namespace net