Google Git
Sign in
chromium / chromium / src.git / 3268023f1382463baf9ac9537664b90ab4ae6883 / . / net / socket / ssl_client_socket_pool.cc
blob: 5f8daa7eee8578dfe579889a55c534e4507d363e [file] [log] [blame]
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/socket/ssl_client_socket_pool.h"
6
[email protected]c63248d42011-02-18 17:54:39[diff] [blame]7#include "base/metrics/field_trial.h"
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]8#include "base/metrics/histogram.h"
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]9#include "base/values.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]10#include "net/base/net_errors.h"
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]11#include "net/base/host_port_pair.h"
[email protected]277d5942010-08-11 21:02:35[diff] [blame]12#include "net/base/ssl_cert_request_info.h"
[email protected]33b511c2010-08-11 00:04:43[diff] [blame]13#include "net/http/http_proxy_client_socket.h"
14#include "net/http/http_proxy_client_socket_pool.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]15#include "net/socket/client_socket_factory.h"
16#include "net/socket/client_socket_handle.h"
[email protected]33b511c2010-08-11 00:04:43[diff] [blame]17#include "net/socket/socks_client_socket_pool.h"
18#include "net/socket/ssl_client_socket.h"
[email protected]d0672be2010-10-20 16:30:19[diff] [blame]19#include "net/socket/ssl_host_info.h"
[email protected]ab739042011-04-07 15:22:28[diff] [blame]20#include "net/socket/transport_client_socket_pool.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]21
22namespace net {
23
24SSLSocketParams::SSLSocketParams(
[email protected]ab739042011-04-07 15:22:28[diff] [blame]25 const scoped_refptr<TransportSocketParams>& transport_params,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]26 const scoped_refptr<SOCKSSocketParams>& socks_params,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]27 const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]28 ProxyServer::Scheme proxy,
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]29 const HostPortPair& host_and_port,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]30 const SSLConfig& ssl_config,
31 int load_flags,
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]32 bool force_spdy_over_ssl,
33 bool want_spdy_over_npn)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]34 : transport_params_(transport_params),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]35 http_proxy_params_(http_proxy_params),
36 socks_params_(socks_params),
37 proxy_(proxy),
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]38 host_and_port_(host_and_port),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]39 ssl_config_(ssl_config),
40 load_flags_(load_flags),
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]41 force_spdy_over_ssl_(force_spdy_over_ssl),
[email protected]9cf1e9da72010-09-30 16:13:15[diff] [blame]42 want_spdy_over_npn_(want_spdy_over_npn) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]43 switch (proxy_) {
44 case ProxyServer::SCHEME_DIRECT:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]45 DCHECK(transport_params_.get() != NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]46 DCHECK(http_proxy_params_.get() == NULL);
47 DCHECK(socks_params_.get() == NULL);
[email protected]ab739042011-04-07 15:22:28[diff] [blame]48 ignore_limits_ = transport_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]49 break;
50 case ProxyServer::SCHEME_HTTP:
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]51 case ProxyServer::SCHEME_HTTPS:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]52 DCHECK(transport_params_.get() == NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]53 DCHECK(http_proxy_params_.get() != NULL);
54 DCHECK(socks_params_.get() == NULL);
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]55 ignore_limits_ = http_proxy_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]56 break;
57 case ProxyServer::SCHEME_SOCKS4:
58 case ProxyServer::SCHEME_SOCKS5:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]59 DCHECK(transport_params_.get() == NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]60 DCHECK(http_proxy_params_.get() == NULL);
61 DCHECK(socks_params_.get() != NULL);
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]62 ignore_limits_ = socks_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]63 break;
64 default:
65 LOG(DFATAL) << "unknown proxy type";
66 break;
67 }
68}
69
70SSLSocketParams::~SSLSocketParams() {}
71
72// Timeout for the SSL handshake portion of the connect.
73static const int kSSLHandshakeTimeoutInSeconds = 30;
74
75SSLConnectJob::SSLConnectJob(
76 const std::string& group_name,
77 const scoped_refptr<SSLSocketParams>& params,
78 const base::TimeDelta& timeout_duration,
[email protected]ab739042011-04-07 15:22:28[diff] [blame]79 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]80 SOCKSClientSocketPool* socks_pool,
81 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]82 ClientSocketFactory* client_socket_factory,
[email protected]73c45322010-10-01 23:57:54[diff] [blame]83 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]84 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]85 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]86 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]87 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]88 Delegate* delegate,
89 NetLog* net_log)
90 : ConnectJob(group_name, timeout_duration, delegate,
91 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
92 params_(params),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]93 transport_pool_(transport_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]94 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]95 http_proxy_pool_(http_proxy_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]96 client_socket_factory_(client_socket_factory),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]97 host_resolver_(host_resolver),
98 cert_verifier_(cert_verifier),
[email protected]2db580532010-10-08 14:32:37[diff] [blame]99 dnsrr_resolver_(dnsrr_resolver),
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]100 dns_cert_checker_(dns_cert_checker),
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]101 ssl_host_info_factory_(ssl_host_info_factory),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]102 ALLOW_THIS_IN_INITIALIZER_LIST(
103 callback_(this, &SSLConnectJob::OnIOComplete)) {}
104
105SSLConnectJob::~SSLConnectJob() {}
106
107LoadState SSLConnectJob::GetLoadState() const {
108 switch (next_state_) {
[email protected]135e2262010-07-17 00:32:04[diff] [blame]109 case STATE_TUNNEL_CONNECT_COMPLETE:
110 if (transport_socket_handle_->socket())
111 return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL;
112 // else, fall through.
[email protected]ab739042011-04-07 15:22:28[diff] [blame]113 case STATE_TRANSPORT_CONNECT:
114 case STATE_TRANSPORT_CONNECT_COMPLETE:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]115 case STATE_SOCKS_CONNECT:
116 case STATE_SOCKS_CONNECT_COMPLETE:
117 case STATE_TUNNEL_CONNECT:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]118 return transport_socket_handle_->GetLoadState();
119 case STATE_SSL_CONNECT:
120 case STATE_SSL_CONNECT_COMPLETE:
121 return LOAD_STATE_SSL_HANDSHAKE;
122 default:
123 NOTREACHED();
124 return LOAD_STATE_IDLE;
125 }
126}
127
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]128void SSLConnectJob::GetAdditionalErrorState(ClientSocketHandle * handle) {
129 // Headers in |error_response_info_| indicate a proxy tunnel setup
130 // problem. See DoTunnelConnectComplete.
131 if (error_response_info_.headers) {
132 handle->set_pending_http_proxy_connection(
133 transport_socket_handle_.release());
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]134 }
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]135 handle->set_ssl_error_response_info(error_response_info_);
136 if (!ssl_connect_start_time_.is_null())
137 handle->set_is_ssl_error(true);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]138}
139
140void SSLConnectJob::OnIOComplete(int result) {
141 int rv = DoLoop(result);
142 if (rv != ERR_IO_PENDING)
143 NotifyDelegateOfCompletion(rv); // Deletes |this|.
144}
145
146int SSLConnectJob::DoLoop(int result) {
147 DCHECK_NE(next_state_, STATE_NONE);
148
149 int rv = result;
150 do {
151 State state = next_state_;
152 next_state_ = STATE_NONE;
153 switch (state) {
[email protected]ab739042011-04-07 15:22:28[diff] [blame]154 case STATE_TRANSPORT_CONNECT:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]155 DCHECK_EQ(OK, rv);
[email protected]ab739042011-04-07 15:22:28[diff] [blame]156 rv = DoTransportConnect();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]157 break;
[email protected]ab739042011-04-07 15:22:28[diff] [blame]158 case STATE_TRANSPORT_CONNECT_COMPLETE:
159 rv = DoTransportConnectComplete(rv);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]160 break;
161 case STATE_SOCKS_CONNECT:
162 DCHECK_EQ(OK, rv);
163 rv = DoSOCKSConnect();
164 break;
165 case STATE_SOCKS_CONNECT_COMPLETE:
166 rv = DoSOCKSConnectComplete(rv);
167 break;
168 case STATE_TUNNEL_CONNECT:
169 DCHECK_EQ(OK, rv);
170 rv = DoTunnelConnect();
171 break;
172 case STATE_TUNNEL_CONNECT_COMPLETE:
173 rv = DoTunnelConnectComplete(rv);
174 break;
175 case STATE_SSL_CONNECT:
176 DCHECK_EQ(OK, rv);
177 rv = DoSSLConnect();
178 break;
179 case STATE_SSL_CONNECT_COMPLETE:
180 rv = DoSSLConnectComplete(rv);
181 break;
182 default:
183 NOTREACHED() << "bad state";
184 rv = ERR_FAILED;
185 break;
186 }
187 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
188
189 return rv;
190}
191
[email protected]ab739042011-04-07 15:22:28[diff] [blame]192int SSLConnectJob::DoTransportConnect() {
193 DCHECK(transport_pool_);
[email protected]899c3e92010-08-28 15:53:50[diff] [blame]194
[email protected]fd348122010-12-16 22:17:35[diff] [blame]195 if (ssl_host_info_factory_) {
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]196 ssl_host_info_.reset(
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]197 ssl_host_info_factory_->GetForHost(params_->host_and_port().host(),
[email protected]98f397e2010-10-26 13:56:57[diff] [blame]198 params_->ssl_config()));
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]199 }
[email protected]c6781de2011-01-06 19:49:43[diff] [blame]200
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]201 if (ssl_host_info_.get()) {
[email protected]0bc64522011-01-14 15:42:38[diff] [blame]202 if (dnsrr_resolver_)
203 ssl_host_info_->StartDnsLookup(dnsrr_resolver_);
204
[email protected]4d52f192010-10-11 17:00:30[diff] [blame]205 // This starts fetching the SSL host info from the disk cache for Snap
206 // Start.
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]207 ssl_host_info_->Start();
[email protected]4d52f192010-10-11 17:00:30[diff] [blame]208 }
209
[email protected]ab739042011-04-07 15:22:28[diff] [blame]210 next_state_ = STATE_TRANSPORT_CONNECT_COMPLETE;
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]211 transport_socket_handle_.reset(new ClientSocketHandle());
[email protected]ab739042011-04-07 15:22:28[diff] [blame]212 scoped_refptr<TransportSocketParams> transport_params =
213 params_->transport_params();
214 return transport_socket_handle_->Init(
215 group_name(),
216 transport_params,
217 transport_params->destination().priority(),
218 &callback_, transport_pool_, net_log());
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]219}
220
[email protected]ab739042011-04-07 15:22:28[diff] [blame]221int SSLConnectJob::DoTransportConnectComplete(int result) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]222 if (result == OK)
223 next_state_ = STATE_SSL_CONNECT;
224
225 return result;
226}
227
228int SSLConnectJob::DoSOCKSConnect() {
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]229 DCHECK(socks_pool_);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]230 next_state_ = STATE_SOCKS_CONNECT_COMPLETE;
231 transport_socket_handle_.reset(new ClientSocketHandle());
232 scoped_refptr<SOCKSSocketParams> socks_params = params_->socks_params();
233 return transport_socket_handle_->Init(group_name(), socks_params,
234 socks_params->destination().priority(),
235 &callback_, socks_pool_, net_log());
236}
237
238int SSLConnectJob::DoSOCKSConnectComplete(int result) {
239 if (result == OK)
240 next_state_ = STATE_SSL_CONNECT;
241
242 return result;
243}
244
245int SSLConnectJob::DoTunnelConnect() {
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]246 DCHECK(http_proxy_pool_);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]247 next_state_ = STATE_TUNNEL_CONNECT_COMPLETE;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]248
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]249 transport_socket_handle_.reset(new ClientSocketHandle());
250 scoped_refptr<HttpProxySocketParams> http_proxy_params =
251 params_->http_proxy_params();
252 return transport_socket_handle_->Init(
253 group_name(), http_proxy_params,
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]254 http_proxy_params->destination().priority(), &callback_,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]255 http_proxy_pool_, net_log());
256}
257
258int SSLConnectJob::DoTunnelConnectComplete(int result) {
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]259 // Extract the information needed to prompt for appropriate proxy
260 // authentication so that when ClientSocketPoolBaseHelper calls
261 // |GetAdditionalErrorState|, we can easily set the state.
262 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
263 error_response_info_ = transport_socket_handle_->ssl_error_response_info();
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]264 } else if (result == ERR_PROXY_AUTH_REQUESTED ||
265 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
[email protected]3268023f2011-05-05 00:08:10[diff] [blame^]266 StreamSocket* socket = transport_socket_handle_->socket();
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]267 HttpProxyClientSocket* tunnel_socket =
268 static_cast<HttpProxyClientSocket*>(socket);
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]269 error_response_info_ = *tunnel_socket->GetConnectResponseInfo();
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]270 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]271 if (result < 0)
272 return result;
273
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]274 next_state_ = STATE_SSL_CONNECT;
275 return result;
276}
277
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]278int SSLConnectJob::DoSSLConnect() {
279 next_state_ = STATE_SSL_CONNECT_COMPLETE;
280 // Reset the timeout to just the time allowed for the SSL handshake.
281 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds));
282 ssl_connect_start_time_ = base::TimeTicks::Now();
283
284 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]285 transport_socket_handle_.release(), params_->host_and_port(),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]286 params_->ssl_config(), ssl_host_info_.release(), cert_verifier_,
287 dns_cert_checker_));
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]288 return ssl_socket_->Connect(&callback_);
289}
290
291int SSLConnectJob::DoSSLConnectComplete(int result) {
292 SSLClientSocket::NextProtoStatus status =
293 SSLClientSocket::kNextProtoUnsupported;
294 std::string proto;
295 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket
296 // that hasn't had SSL_ImportFD called on it. If we get a certificate error
297 // here, then we know that we called SSL_ImportFD.
298 if (result == OK || IsCertificateError(result))
299 status = ssl_socket_->GetNextProto(&proto);
300
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]301 // If we want spdy over npn, make sure it succeeded.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]302 if (status == SSLClientSocket::kNextProtoNegotiated) {
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]303 ssl_socket_->set_was_npn_negotiated(true);
[email protected]bace48c2010-08-03 20:52:02[diff] [blame]304 SSLClientSocket::NextProto next_protocol =
305 SSLClientSocket::NextProtoFromString(proto);
306 // If we negotiated either version of SPDY, we must have
307 // advertised it, so allow it.
308 // TODO(mbelshe): verify it was a protocol we advertised?
309 if (next_protocol == SSLClientSocket::kProtoSPDY1 ||
310 next_protocol == SSLClientSocket::kProtoSPDY2) {
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]311 ssl_socket_->set_was_spdy_negotiated(true);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]312 }
313 }
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]314 if (params_->want_spdy_over_npn() && !ssl_socket_->was_spdy_negotiated())
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]315 return ERR_NPN_NEGOTIATION_FAILED;
316
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]317 // Spdy might be turned on by default, or it might be over npn.
318 bool using_spdy = params_->force_spdy_over_ssl() ||
319 params_->want_spdy_over_npn();
320
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]321 if (result == OK ||
322 ssl_socket_->IgnoreCertError(result, params_->load_flags())) {
323 DCHECK(ssl_connect_start_time_ != base::TimeTicks());
324 base::TimeDelta connect_duration =
325 base::TimeTicks::Now() - ssl_connect_start_time_;
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]326 if (using_spdy) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]327 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SpdyConnectionLatency",
328 connect_duration,
329 base::TimeDelta::FromMilliseconds(1),
330 base::TimeDelta::FromMinutes(10),
331 100);
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]332 } else {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]333 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency",
334 connect_duration,
335 base::TimeDelta::FromMilliseconds(1),
336 base::TimeDelta::FromMinutes(10),
337 100);
[email protected]c63248d42011-02-18 17:54:39[diff] [blame]338
[email protected]09a401962011-04-04 14:44:39[diff] [blame]339 const std::string& host = params_->host_and_port().host();
340 bool is_google = host == "google.com" ||
341 host.rfind(".google.com") == host.size() - 11;
342 if (is_google) {
343 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google",
344 connect_duration,
345 base::TimeDelta::FromMilliseconds(1),
346 base::TimeDelta::FromMinutes(10),
347 100);
348 }
349
[email protected]c63248d42011-02-18 17:54:39[diff] [blame]350 static bool false_start_trial(
351 base::FieldTrialList::Find("SSLFalseStart") &&
352 !base::FieldTrialList::Find("SSLFalseStart")->group_name().empty());
353 if (false_start_trial) {
354 UMA_HISTOGRAM_CUSTOM_TIMES(base::FieldTrial::MakeName(
355 "Net.SSL_Connection_Latency",
356 "SSLFalseStart"),
357 connect_duration,
358 base::TimeDelta::FromMilliseconds(1),
359 base::TimeDelta::FromMinutes(10),
360 100);
361 }
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]362 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]363 }
[email protected]8b498692010-07-16 17:11:43[diff] [blame]364
365 if (result == OK || IsCertificateError(result)) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]366 set_socket(ssl_socket_.release());
[email protected]8b498692010-07-16 17:11:43[diff] [blame]367 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
368 error_response_info_.cert_request_info = new SSLCertRequestInfo;
369 ssl_socket_->GetSSLCertRequestInfo(error_response_info_.cert_request_info);
370 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]371
372 return result;
373}
374
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]375int SSLConnectJob::ConnectInternal() {
376 switch (params_->proxy()) {
377 case ProxyServer::SCHEME_DIRECT:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]378 next_state_ = STATE_TRANSPORT_CONNECT;
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]379 break;
380 case ProxyServer::SCHEME_HTTP:
381 case ProxyServer::SCHEME_HTTPS:
382 next_state_ = STATE_TUNNEL_CONNECT;
383 break;
384 case ProxyServer::SCHEME_SOCKS4:
385 case ProxyServer::SCHEME_SOCKS5:
386 next_state_ = STATE_SOCKS_CONNECT;
387 break;
388 default:
389 NOTREACHED() << "unknown proxy type";
390 break;
391 }
392 return DoLoop(OK);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]393}
394
395SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
[email protected]ab739042011-04-07 15:22:28[diff] [blame]396 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]397 SOCKSClientSocketPool* socks_pool,
398 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]399 ClientSocketFactory* client_socket_factory,
400 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]401 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]402 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]403 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]404 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]405 NetLog* net_log)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]406 : transport_pool_(transport_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]407 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]408 http_proxy_pool_(http_proxy_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]409 client_socket_factory_(client_socket_factory),
410 host_resolver_(host_resolver),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]411 cert_verifier_(cert_verifier),
[email protected]2db580532010-10-08 14:32:37[diff] [blame]412 dnsrr_resolver_(dnsrr_resolver),
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]413 dns_cert_checker_(dns_cert_checker),
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]414 ssl_host_info_factory_(ssl_host_info_factory),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]415 net_log_(net_log) {
416 base::TimeDelta max_transport_timeout = base::TimeDelta();
417 base::TimeDelta pool_timeout;
[email protected]ab739042011-04-07 15:22:28[diff] [blame]418 if (transport_pool_)
419 max_transport_timeout = transport_pool_->ConnectionTimeout();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]420 if (socks_pool_) {
421 pool_timeout = socks_pool_->ConnectionTimeout();
422 if (pool_timeout > max_transport_timeout)
423 max_transport_timeout = pool_timeout;
424 }
425 if (http_proxy_pool_) {
426 pool_timeout = http_proxy_pool_->ConnectionTimeout();
427 if (pool_timeout > max_transport_timeout)
428 max_transport_timeout = pool_timeout;
429 }
430 timeout_ = max_transport_timeout +
431 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds);
432}
433
434SSLClientSocketPool::SSLClientSocketPool(
435 int max_sockets,
436 int max_sockets_per_group,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]437 ClientSocketPoolHistograms* histograms,
[email protected]73c45322010-10-01 23:57:54[diff] [blame]438 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]439 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]440 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]441 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]442 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]443 ClientSocketFactory* client_socket_factory,
[email protected]ab739042011-04-07 15:22:28[diff] [blame]444 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]445 SOCKSClientSocketPool* socks_pool,
446 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]447 SSLConfigService* ssl_config_service,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]448 NetLog* net_log)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]449 : transport_pool_(transport_pool),
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]450 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]451 http_proxy_pool_(http_proxy_pool),
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]452 base_(max_sockets, max_sockets_per_group, histograms,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]453 base::TimeDelta::FromSeconds(
454 ClientSocketPool::unused_idle_socket_timeout()),
455 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]456 new SSLConnectJobFactory(transport_pool,
457 socks_pool,
458 http_proxy_pool,
459 client_socket_factory,
460 host_resolver,
461 cert_verifier,
462 dnsrr_resolver,
463 dns_cert_checker,
464 ssl_host_info_factory,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]465 net_log)),
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]466 ssl_config_service_(ssl_config_service) {
467 if (ssl_config_service_)
468 ssl_config_service_->AddObserver(this);
469}
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]470
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]471SSLClientSocketPool::~SSLClientSocketPool() {
472 if (ssl_config_service_)
473 ssl_config_service_->RemoveObserver(this);
474}
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]475
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]476ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
477 const std::string& group_name,
478 const PoolBase::Request& request,
479 ConnectJob::Delegate* delegate) const {
480 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]481 transport_pool_, socks_pool_, http_proxy_pool_,
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]482 client_socket_factory_, host_resolver_,
483 cert_verifier_, dnsrr_resolver_, dns_cert_checker_,
484 ssl_host_info_factory_, delegate, net_log_);
485}
486
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]487int SSLClientSocketPool::RequestSocket(const std::string& group_name,
488 const void* socket_params,
489 RequestPriority priority,
490 ClientSocketHandle* handle,
491 CompletionCallback* callback,
492 const BoundNetLog& net_log) {
493 const scoped_refptr<SSLSocketParams>* casted_socket_params =
494 static_cast<const scoped_refptr<SSLSocketParams>*>(socket_params);
495
496 return base_.RequestSocket(group_name, *casted_socket_params, priority,
497 handle, callback, net_log);
498}
499
[email protected]2c2bef152010-10-13 00:55:03[diff] [blame]500void SSLClientSocketPool::RequestSockets(
501 const std::string& group_name,
502 const void* params,
503 int num_sockets,
504 const BoundNetLog& net_log) {
505 const scoped_refptr<SSLSocketParams>* casted_params =
506 static_cast<const scoped_refptr<SSLSocketParams>*>(params);
507
508 base_.RequestSockets(group_name, *casted_params, num_sockets, net_log);
509}
510
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]511void SSLClientSocketPool::CancelRequest(const std::string& group_name,
[email protected]05ea9ff2010-07-15 19:08:21[diff] [blame]512 ClientSocketHandle* handle) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]513 base_.CancelRequest(group_name, handle);
514}
515
516void SSLClientSocketPool::ReleaseSocket(const std::string& group_name,
[email protected]3268023f2011-05-05 00:08:10[diff] [blame^]517 StreamSocket* socket, int id) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]518 base_.ReleaseSocket(group_name, socket, id);
519}
520
521void SSLClientSocketPool::Flush() {
522 base_.Flush();
523}
524
525void SSLClientSocketPool::CloseIdleSockets() {
526 base_.CloseIdleSockets();
527}
528
[email protected]ddb1e5a2010-12-13 20:10:45[diff] [blame]529int SSLClientSocketPool::IdleSocketCount() const {
530 return base_.idle_socket_count();
531}
532
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]533int SSLClientSocketPool::IdleSocketCountInGroup(
534 const std::string& group_name) const {
535 return base_.IdleSocketCountInGroup(group_name);
536}
537
538LoadState SSLClientSocketPool::GetLoadState(
539 const std::string& group_name, const ClientSocketHandle* handle) const {
540 return base_.GetLoadState(group_name, handle);
541}
542
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]543DictionaryValue* SSLClientSocketPool::GetInfoAsValue(
544 const std::string& name,
545 const std::string& type,
546 bool include_nested_pools) const {
547 DictionaryValue* dict = base_.GetInfoAsValue(name, type);
548 if (include_nested_pools) {
549 ListValue* list = new ListValue();
[email protected]ab739042011-04-07 15:22:28[diff] [blame]550 if (transport_pool_) {
551 list->Append(transport_pool_->GetInfoAsValue("transport_socket_pool",
552 "transport_socket_pool",
553 false));
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]554 }
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]555 if (socks_pool_) {
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]556 list->Append(socks_pool_->GetInfoAsValue("socks_pool",
557 "socks_pool",
558 true));
559 }
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]560 if (http_proxy_pool_) {
561 list->Append(http_proxy_pool_->GetInfoAsValue("http_proxy_pool",
562 "http_proxy_pool",
563 true));
564 }
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]565 dict->Set("nested_pools", list);
566 }
567 return dict;
568}
569
[email protected]ddb1e5a2010-12-13 20:10:45[diff] [blame]570base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const {
571 return base_.ConnectionTimeout();
572}
573
574ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const {
575 return base_.histograms();
576}
577
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]578void SSLClientSocketPool::OnSSLConfigChanged() {
579 Flush();
580}
581
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]582} // namespace net