Google Git
Sign in
chromium / chromium / src.git / b076d6c95f54f59edf352c0d95a1dab61ca7bb31 / . / net / socket / ssl_client_socket_pool.cc
blob: 06a27f4603aaae155f7056f1a2cd4b9f8bad2252 [file] [log] [blame]
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/socket/ssl_client_socket_pool.h"
6
[email protected]c63248d42011-02-18 17:54:39[diff] [blame]7#include "base/metrics/field_trial.h"
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]8#include "base/metrics/histogram.h"
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]9#include "base/values.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]10#include "net/base/net_errors.h"
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]11#include "net/base/host_port_pair.h"
[email protected]277d5942010-08-11 21:02:35[diff] [blame]12#include "net/base/ssl_cert_request_info.h"
[email protected]33b511c2010-08-11 00:04:43[diff] [blame]13#include "net/http/http_proxy_client_socket.h"
14#include "net/http/http_proxy_client_socket_pool.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]15#include "net/socket/client_socket_factory.h"
16#include "net/socket/client_socket_handle.h"
[email protected]33b511c2010-08-11 00:04:43[diff] [blame]17#include "net/socket/socks_client_socket_pool.h"
18#include "net/socket/ssl_client_socket.h"
[email protected]d0672be2010-10-20 16:30:19[diff] [blame]19#include "net/socket/ssl_host_info.h"
[email protected]ab739042011-04-07 15:22:28[diff] [blame]20#include "net/socket/transport_client_socket_pool.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]21
22namespace net {
23
24SSLSocketParams::SSLSocketParams(
[email protected]ab739042011-04-07 15:22:28[diff] [blame]25 const scoped_refptr<TransportSocketParams>& transport_params,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]26 const scoped_refptr<SOCKSSocketParams>& socks_params,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]27 const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]28 ProxyServer::Scheme proxy,
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]29 const HostPortPair& host_and_port,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]30 const SSLConfig& ssl_config,
31 int load_flags,
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]32 bool force_spdy_over_ssl,
33 bool want_spdy_over_npn)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]34 : transport_params_(transport_params),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]35 http_proxy_params_(http_proxy_params),
36 socks_params_(socks_params),
37 proxy_(proxy),
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]38 host_and_port_(host_and_port),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]39 ssl_config_(ssl_config),
40 load_flags_(load_flags),
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]41 force_spdy_over_ssl_(force_spdy_over_ssl),
[email protected]0e14e87d2011-06-21 21:24:19[diff] [blame]42 want_spdy_over_npn_(want_spdy_over_npn),
43 ignore_limits_(false) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]44 switch (proxy_) {
45 case ProxyServer::SCHEME_DIRECT:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]46 DCHECK(transport_params_.get() != NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]47 DCHECK(http_proxy_params_.get() == NULL);
48 DCHECK(socks_params_.get() == NULL);
[email protected]ab739042011-04-07 15:22:28[diff] [blame]49 ignore_limits_ = transport_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]50 break;
51 case ProxyServer::SCHEME_HTTP:
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]52 case ProxyServer::SCHEME_HTTPS:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]53 DCHECK(transport_params_.get() == NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]54 DCHECK(http_proxy_params_.get() != NULL);
55 DCHECK(socks_params_.get() == NULL);
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]56 ignore_limits_ = http_proxy_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]57 break;
58 case ProxyServer::SCHEME_SOCKS4:
59 case ProxyServer::SCHEME_SOCKS5:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]60 DCHECK(transport_params_.get() == NULL);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]61 DCHECK(http_proxy_params_.get() == NULL);
62 DCHECK(socks_params_.get() != NULL);
[email protected]5acdce12011-03-30 13:00:20[diff] [blame]63 ignore_limits_ = socks_params_->ignore_limits();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]64 break;
65 default:
66 LOG(DFATAL) << "unknown proxy type";
67 break;
68 }
69}
70
71SSLSocketParams::~SSLSocketParams() {}
72
73// Timeout for the SSL handshake portion of the connect.
74static const int kSSLHandshakeTimeoutInSeconds = 30;
75
76SSLConnectJob::SSLConnectJob(
77 const std::string& group_name,
78 const scoped_refptr<SSLSocketParams>& params,
79 const base::TimeDelta& timeout_duration,
[email protected]ab739042011-04-07 15:22:28[diff] [blame]80 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]81 SOCKSClientSocketPool* socks_pool,
82 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]83 ClientSocketFactory* client_socket_factory,
[email protected]73c45322010-10-01 23:57:54[diff] [blame]84 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]85 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]86 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]87 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]88 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]89 Delegate* delegate,
90 NetLog* net_log)
91 : ConnectJob(group_name, timeout_duration, delegate,
92 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
93 params_(params),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]94 transport_pool_(transport_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]95 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]96 http_proxy_pool_(http_proxy_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]97 client_socket_factory_(client_socket_factory),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]98 host_resolver_(host_resolver),
99 cert_verifier_(cert_verifier),
[email protected]2db580532010-10-08 14:32:37[diff] [blame]100 dnsrr_resolver_(dnsrr_resolver),
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]101 dns_cert_checker_(dns_cert_checker),
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]102 ssl_host_info_factory_(ssl_host_info_factory),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]103 ALLOW_THIS_IN_INITIALIZER_LIST(
104 callback_(this, &SSLConnectJob::OnIOComplete)) {}
105
106SSLConnectJob::~SSLConnectJob() {}
107
108LoadState SSLConnectJob::GetLoadState() const {
109 switch (next_state_) {
[email protected]135e2262010-07-17 00:32:04[diff] [blame]110 case STATE_TUNNEL_CONNECT_COMPLETE:
111 if (transport_socket_handle_->socket())
112 return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL;
113 // else, fall through.
[email protected]ab739042011-04-07 15:22:28[diff] [blame]114 case STATE_TRANSPORT_CONNECT:
115 case STATE_TRANSPORT_CONNECT_COMPLETE:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]116 case STATE_SOCKS_CONNECT:
117 case STATE_SOCKS_CONNECT_COMPLETE:
118 case STATE_TUNNEL_CONNECT:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]119 return transport_socket_handle_->GetLoadState();
120 case STATE_SSL_CONNECT:
121 case STATE_SSL_CONNECT_COMPLETE:
122 return LOAD_STATE_SSL_HANDSHAKE;
123 default:
124 NOTREACHED();
125 return LOAD_STATE_IDLE;
126 }
127}
128
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]129void SSLConnectJob::GetAdditionalErrorState(ClientSocketHandle * handle) {
130 // Headers in |error_response_info_| indicate a proxy tunnel setup
131 // problem. See DoTunnelConnectComplete.
132 if (error_response_info_.headers) {
133 handle->set_pending_http_proxy_connection(
134 transport_socket_handle_.release());
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]135 }
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]136 handle->set_ssl_error_response_info(error_response_info_);
137 if (!ssl_connect_start_time_.is_null())
138 handle->set_is_ssl_error(true);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]139}
140
141void SSLConnectJob::OnIOComplete(int result) {
142 int rv = DoLoop(result);
143 if (rv != ERR_IO_PENDING)
144 NotifyDelegateOfCompletion(rv); // Deletes |this|.
145}
146
147int SSLConnectJob::DoLoop(int result) {
148 DCHECK_NE(next_state_, STATE_NONE);
149
150 int rv = result;
151 do {
152 State state = next_state_;
153 next_state_ = STATE_NONE;
154 switch (state) {
[email protected]ab739042011-04-07 15:22:28[diff] [blame]155 case STATE_TRANSPORT_CONNECT:
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]156 DCHECK_EQ(OK, rv);
[email protected]ab739042011-04-07 15:22:28[diff] [blame]157 rv = DoTransportConnect();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]158 break;
[email protected]ab739042011-04-07 15:22:28[diff] [blame]159 case STATE_TRANSPORT_CONNECT_COMPLETE:
160 rv = DoTransportConnectComplete(rv);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]161 break;
162 case STATE_SOCKS_CONNECT:
163 DCHECK_EQ(OK, rv);
164 rv = DoSOCKSConnect();
165 break;
166 case STATE_SOCKS_CONNECT_COMPLETE:
167 rv = DoSOCKSConnectComplete(rv);
168 break;
169 case STATE_TUNNEL_CONNECT:
170 DCHECK_EQ(OK, rv);
171 rv = DoTunnelConnect();
172 break;
173 case STATE_TUNNEL_CONNECT_COMPLETE:
174 rv = DoTunnelConnectComplete(rv);
175 break;
176 case STATE_SSL_CONNECT:
177 DCHECK_EQ(OK, rv);
178 rv = DoSSLConnect();
179 break;
180 case STATE_SSL_CONNECT_COMPLETE:
181 rv = DoSSLConnectComplete(rv);
182 break;
183 default:
184 NOTREACHED() << "bad state";
185 rv = ERR_FAILED;
186 break;
187 }
188 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
189
190 return rv;
191}
192
[email protected]ab739042011-04-07 15:22:28[diff] [blame]193int SSLConnectJob::DoTransportConnect() {
194 DCHECK(transport_pool_);
[email protected]899c3e92010-08-28 15:53:50[diff] [blame]195
[email protected]fd348122010-12-16 22:17:35[diff] [blame]196 if (ssl_host_info_factory_) {
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]197 ssl_host_info_.reset(
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]198 ssl_host_info_factory_->GetForHost(params_->host_and_port().host(),
[email protected]98f397e2010-10-26 13:56:57[diff] [blame]199 params_->ssl_config()));
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]200 }
[email protected]c6781de2011-01-06 19:49:43[diff] [blame]201
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]202 if (ssl_host_info_.get()) {
[email protected]0bc64522011-01-14 15:42:38[diff] [blame]203 if (dnsrr_resolver_)
204 ssl_host_info_->StartDnsLookup(dnsrr_resolver_);
205
[email protected]e1b261e2011-05-31 19:33:25[diff] [blame]206 // This starts fetching the SSL host info from the disk cache for early
207 // certificate verification and the TLS cached information extension.
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]208 ssl_host_info_->Start();
[email protected]4d52f192010-10-11 17:00:30[diff] [blame]209 }
210
[email protected]ab739042011-04-07 15:22:28[diff] [blame]211 next_state_ = STATE_TRANSPORT_CONNECT_COMPLETE;
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]212 transport_socket_handle_.reset(new ClientSocketHandle());
[email protected]ab739042011-04-07 15:22:28[diff] [blame]213 scoped_refptr<TransportSocketParams> transport_params =
214 params_->transport_params();
215 return transport_socket_handle_->Init(
216 group_name(),
217 transport_params,
218 transport_params->destination().priority(),
219 &callback_, transport_pool_, net_log());
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]220}
221
[email protected]ab739042011-04-07 15:22:28[diff] [blame]222int SSLConnectJob::DoTransportConnectComplete(int result) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]223 if (result == OK)
224 next_state_ = STATE_SSL_CONNECT;
225
226 return result;
227}
228
229int SSLConnectJob::DoSOCKSConnect() {
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]230 DCHECK(socks_pool_);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]231 next_state_ = STATE_SOCKS_CONNECT_COMPLETE;
232 transport_socket_handle_.reset(new ClientSocketHandle());
233 scoped_refptr<SOCKSSocketParams> socks_params = params_->socks_params();
234 return transport_socket_handle_->Init(group_name(), socks_params,
235 socks_params->destination().priority(),
236 &callback_, socks_pool_, net_log());
237}
238
239int SSLConnectJob::DoSOCKSConnectComplete(int result) {
240 if (result == OK)
241 next_state_ = STATE_SSL_CONNECT;
242
243 return result;
244}
245
246int SSLConnectJob::DoTunnelConnect() {
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]247 DCHECK(http_proxy_pool_);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]248 next_state_ = STATE_TUNNEL_CONNECT_COMPLETE;
[email protected]394816e92010-08-03 07:38:59[diff] [blame]249
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]250 transport_socket_handle_.reset(new ClientSocketHandle());
251 scoped_refptr<HttpProxySocketParams> http_proxy_params =
252 params_->http_proxy_params();
253 return transport_socket_handle_->Init(
254 group_name(), http_proxy_params,
[email protected]2df19bb2010-08-25 20:13:46[diff] [blame]255 http_proxy_params->destination().priority(), &callback_,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]256 http_proxy_pool_, net_log());
257}
258
259int SSLConnectJob::DoTunnelConnectComplete(int result) {
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]260 // Extract the information needed to prompt for appropriate proxy
261 // authentication so that when ClientSocketPoolBaseHelper calls
262 // |GetAdditionalErrorState|, we can easily set the state.
263 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
264 error_response_info_ = transport_socket_handle_->ssl_error_response_info();
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]265 } else if (result == ERR_PROXY_AUTH_REQUESTED ||
266 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]267 StreamSocket* socket = transport_socket_handle_->socket();
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]268 HttpProxyClientSocket* tunnel_socket =
269 static_cast<HttpProxyClientSocket*>(socket);
[email protected]511f6f52010-12-17 03:58:29[diff] [blame]270 error_response_info_ = *tunnel_socket->GetConnectResponseInfo();
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]271 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]272 if (result < 0)
273 return result;
274
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]275 next_state_ = STATE_SSL_CONNECT;
276 return result;
277}
278
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]279int SSLConnectJob::DoSSLConnect() {
280 next_state_ = STATE_SSL_CONNECT_COMPLETE;
281 // Reset the timeout to just the time allowed for the SSL handshake.
282 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds));
283 ssl_connect_start_time_ = base::TimeTicks::Now();
284
285 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]286 transport_socket_handle_.release(), params_->host_and_port(),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]287 params_->ssl_config(), ssl_host_info_.release(), cert_verifier_,
288 dns_cert_checker_));
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]289 return ssl_socket_->Connect(&callback_);
290}
291
292int SSLConnectJob::DoSSLConnectComplete(int result) {
293 SSLClientSocket::NextProtoStatus status =
294 SSLClientSocket::kNextProtoUnsupported;
295 std::string proto;
296 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket
297 // that hasn't had SSL_ImportFD called on it. If we get a certificate error
298 // here, then we know that we called SSL_ImportFD.
299 if (result == OK || IsCertificateError(result))
300 status = ssl_socket_->GetNextProto(&proto);
301
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]302 // If we want spdy over npn, make sure it succeeded.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]303 if (status == SSLClientSocket::kNextProtoNegotiated) {
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]304 ssl_socket_->set_was_npn_negotiated(true);
[email protected]bace48c2010-08-03 20:52:02[diff] [blame]305 SSLClientSocket::NextProto next_protocol =
306 SSLClientSocket::NextProtoFromString(proto);
307 // If we negotiated either version of SPDY, we must have
308 // advertised it, so allow it.
309 // TODO(mbelshe): verify it was a protocol we advertised?
310 if (next_protocol == SSLClientSocket::kProtoSPDY1 ||
311 next_protocol == SSLClientSocket::kProtoSPDY2) {
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]312 ssl_socket_->set_was_spdy_negotiated(true);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]313 }
314 }
[email protected]d7c9f422010-08-27 22:54:53[diff] [blame]315 if (params_->want_spdy_over_npn() && !ssl_socket_->was_spdy_negotiated())
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]316 return ERR_NPN_NEGOTIATION_FAILED;
317
[email protected]9e9e842e2010-07-23 23:09:15[diff] [blame]318 // Spdy might be turned on by default, or it might be over npn.
319 bool using_spdy = params_->force_spdy_over_ssl() ||
320 params_->want_spdy_over_npn();
321
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]322 if (result == OK ||
323 ssl_socket_->IgnoreCertError(result, params_->load_flags())) {
324 DCHECK(ssl_connect_start_time_ != base::TimeTicks());
325 base::TimeDelta connect_duration =
326 base::TimeTicks::Now() - ssl_connect_start_time_;
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]327 if (using_spdy) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]328 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SpdyConnectionLatency",
329 connect_duration,
330 base::TimeDelta::FromMilliseconds(1),
331 base::TimeDelta::FromMinutes(10),
332 100);
[email protected]f906bfe2011-06-09 16:35:24[diff] [blame]333 }
334
335 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency",
336 connect_duration,
337 base::TimeDelta::FromMilliseconds(1),
338 base::TimeDelta::FromMinutes(10),
339 100);
340
[email protected]b076d6c2011-06-29 14:47:51[diff] [blame^]341 SSLInfo ssl_info;
342 ssl_socket_->GetSSLInfo(&ssl_info);
343
344 if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) {
345 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Resume_Handshake",
346 connect_duration,
347 base::TimeDelta::FromMilliseconds(1),
348 base::TimeDelta::FromMinutes(1),
349 100);
350 } else if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_FULL) {
351 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Full_Handshake",
352 connect_duration,
353 base::TimeDelta::FromMilliseconds(1),
354 base::TimeDelta::FromMinutes(1),
355 100);
356 }
357
[email protected]f906bfe2011-06-09 16:35:24[diff] [blame]358 const std::string& host = params_->host_and_port().host();
359 bool is_google = host == "google.com" ||
360 (host.size() > 11 &&
361 host.rfind(".google.com") == host.size() - 11);
362 if (is_google) {
363 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google",
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]364 connect_duration,
365 base::TimeDelta::FromMilliseconds(1),
366 base::TimeDelta::FromMinutes(10),
367 100);
[email protected]b076d6c2011-06-29 14:47:51[diff] [blame^]368 if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_RESUME) {
369 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google_"
370 "Resume_Handshake",
371 connect_duration,
372 base::TimeDelta::FromMilliseconds(1),
373 base::TimeDelta::FromMinutes(1),
374 100);
375 } else if (ssl_info.handshake_type == SSLInfo::HANDSHAKE_FULL) {
376 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency_Google_"
377 "Full_Handshake",
378 connect_duration,
379 base::TimeDelta::FromMilliseconds(1),
380 base::TimeDelta::FromMinutes(1),
381 100);
382 }
[email protected]835d7c82010-10-14 04:38:38[diff] [blame]383 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]384 }
[email protected]8b498692010-07-16 17:11:43[diff] [blame]385
386 if (result == OK || IsCertificateError(result)) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]387 set_socket(ssl_socket_.release());
[email protected]8b498692010-07-16 17:11:43[diff] [blame]388 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
389 error_response_info_.cert_request_info = new SSLCertRequestInfo;
390 ssl_socket_->GetSSLCertRequestInfo(error_response_info_.cert_request_info);
391 }
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]392
393 return result;
394}
395
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]396int SSLConnectJob::ConnectInternal() {
397 switch (params_->proxy()) {
398 case ProxyServer::SCHEME_DIRECT:
[email protected]ab739042011-04-07 15:22:28[diff] [blame]399 next_state_ = STATE_TRANSPORT_CONNECT;
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]400 break;
401 case ProxyServer::SCHEME_HTTP:
402 case ProxyServer::SCHEME_HTTPS:
403 next_state_ = STATE_TUNNEL_CONNECT;
404 break;
405 case ProxyServer::SCHEME_SOCKS4:
406 case ProxyServer::SCHEME_SOCKS5:
407 next_state_ = STATE_SOCKS_CONNECT;
408 break;
409 default:
410 NOTREACHED() << "unknown proxy type";
411 break;
412 }
413 return DoLoop(OK);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]414}
415
416SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
[email protected]ab739042011-04-07 15:22:28[diff] [blame]417 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]418 SOCKSClientSocketPool* socks_pool,
419 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]420 ClientSocketFactory* client_socket_factory,
421 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]422 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]423 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]424 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]425 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]426 NetLog* net_log)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]427 : transport_pool_(transport_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]428 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]429 http_proxy_pool_(http_proxy_pool),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]430 client_socket_factory_(client_socket_factory),
431 host_resolver_(host_resolver),
[email protected]822581d2010-12-16 17:27:15[diff] [blame]432 cert_verifier_(cert_verifier),
[email protected]2db580532010-10-08 14:32:37[diff] [blame]433 dnsrr_resolver_(dnsrr_resolver),
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]434 dns_cert_checker_(dns_cert_checker),
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]435 ssl_host_info_factory_(ssl_host_info_factory),
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]436 net_log_(net_log) {
437 base::TimeDelta max_transport_timeout = base::TimeDelta();
438 base::TimeDelta pool_timeout;
[email protected]ab739042011-04-07 15:22:28[diff] [blame]439 if (transport_pool_)
440 max_transport_timeout = transport_pool_->ConnectionTimeout();
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]441 if (socks_pool_) {
442 pool_timeout = socks_pool_->ConnectionTimeout();
443 if (pool_timeout > max_transport_timeout)
444 max_transport_timeout = pool_timeout;
445 }
446 if (http_proxy_pool_) {
447 pool_timeout = http_proxy_pool_->ConnectionTimeout();
448 if (pool_timeout > max_transport_timeout)
449 max_transport_timeout = pool_timeout;
450 }
451 timeout_ = max_transport_timeout +
452 base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds);
453}
454
455SSLClientSocketPool::SSLClientSocketPool(
456 int max_sockets,
457 int max_sockets_per_group,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]458 ClientSocketPoolHistograms* histograms,
[email protected]73c45322010-10-01 23:57:54[diff] [blame]459 HostResolver* host_resolver,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]460 CertVerifier* cert_verifier,
[email protected]2db580532010-10-08 14:32:37[diff] [blame]461 DnsRRResolver* dnsrr_resolver,
[email protected]345c613b2010-11-22 19:33:18[diff] [blame]462 DnsCertProvenanceChecker* dns_cert_checker,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]463 SSLHostInfoFactory* ssl_host_info_factory,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]464 ClientSocketFactory* client_socket_factory,
[email protected]ab739042011-04-07 15:22:28[diff] [blame]465 TransportClientSocketPool* transport_pool,
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]466 SOCKSClientSocketPool* socks_pool,
467 HttpProxyClientSocketPool* http_proxy_pool,
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]468 SSLConfigService* ssl_config_service,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]469 NetLog* net_log)
[email protected]ab739042011-04-07 15:22:28[diff] [blame]470 : transport_pool_(transport_pool),
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]471 socks_pool_(socks_pool),
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]472 http_proxy_pool_(http_proxy_pool),
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]473 base_(max_sockets, max_sockets_per_group, histograms,
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]474 base::TimeDelta::FromSeconds(
475 ClientSocketPool::unused_idle_socket_timeout()),
476 base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]477 new SSLConnectJobFactory(transport_pool,
478 socks_pool,
479 http_proxy_pool,
480 client_socket_factory,
481 host_resolver,
482 cert_verifier,
483 dnsrr_resolver,
484 dns_cert_checker,
485 ssl_host_info_factory,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]486 net_log)),
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]487 ssl_config_service_(ssl_config_service) {
488 if (ssl_config_service_)
489 ssl_config_service_->AddObserver(this);
490}
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]491
[email protected]7abf7d22010-09-04 01:41:59[diff] [blame]492SSLClientSocketPool::~SSLClientSocketPool() {
493 if (ssl_config_service_)
494 ssl_config_service_->RemoveObserver(this);
495}
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]496
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]497ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
498 const std::string& group_name,
499 const PoolBase::Request& request,
500 ConnectJob::Delegate* delegate) const {
501 return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(),
[email protected]ab739042011-04-07 15:22:28[diff] [blame]502 transport_pool_, socks_pool_, http_proxy_pool_,
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]503 client_socket_factory_, host_resolver_,
504 cert_verifier_, dnsrr_resolver_, dns_cert_checker_,
505 ssl_host_info_factory_, delegate, net_log_);
506}
507
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]508int SSLClientSocketPool::RequestSocket(const std::string& group_name,
509 const void* socket_params,
510 RequestPriority priority,
511 ClientSocketHandle* handle,
512 CompletionCallback* callback,
513 const BoundNetLog& net_log) {
514 const scoped_refptr<SSLSocketParams>* casted_socket_params =
515 static_cast<const scoped_refptr<SSLSocketParams>*>(socket_params);
516
517 return base_.RequestSocket(group_name, *casted_socket_params, priority,
518 handle, callback, net_log);
519}
520
[email protected]2c2bef152010-10-13 00:55:03[diff] [blame]521void SSLClientSocketPool::RequestSockets(
522 const std::string& group_name,
523 const void* params,
524 int num_sockets,
525 const BoundNetLog& net_log) {
526 const scoped_refptr<SSLSocketParams>* casted_params =
527 static_cast<const scoped_refptr<SSLSocketParams>*>(params);
528
529 base_.RequestSockets(group_name, *casted_params, num_sockets, net_log);
530}
531
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]532void SSLClientSocketPool::CancelRequest(const std::string& group_name,
[email protected]05ea9ff2010-07-15 19:08:21[diff] [blame]533 ClientSocketHandle* handle) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]534 base_.CancelRequest(group_name, handle);
535}
536
537void SSLClientSocketPool::ReleaseSocket(const std::string& group_name,
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]538 StreamSocket* socket, int id) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]539 base_.ReleaseSocket(group_name, socket, id);
540}
541
542void SSLClientSocketPool::Flush() {
543 base_.Flush();
544}
545
546void SSLClientSocketPool::CloseIdleSockets() {
547 base_.CloseIdleSockets();
548}
549
[email protected]ddb1e5a2010-12-13 20:10:45[diff] [blame]550int SSLClientSocketPool::IdleSocketCount() const {
551 return base_.idle_socket_count();
552}
553
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]554int SSLClientSocketPool::IdleSocketCountInGroup(
555 const std::string& group_name) const {
556 return base_.IdleSocketCountInGroup(group_name);
557}
558
559LoadState SSLClientSocketPool::GetLoadState(
560 const std::string& group_name, const ClientSocketHandle* handle) const {
561 return base_.GetLoadState(group_name, handle);
562}
563
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]564DictionaryValue* SSLClientSocketPool::GetInfoAsValue(
565 const std::string& name,
566 const std::string& type,
567 bool include_nested_pools) const {
568 DictionaryValue* dict = base_.GetInfoAsValue(name, type);
569 if (include_nested_pools) {
570 ListValue* list = new ListValue();
[email protected]ab739042011-04-07 15:22:28[diff] [blame]571 if (transport_pool_) {
572 list->Append(transport_pool_->GetInfoAsValue("transport_socket_pool",
573 "transport_socket_pool",
574 false));
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]575 }
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]576 if (socks_pool_) {
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]577 list->Append(socks_pool_->GetInfoAsValue("socks_pool",
578 "socks_pool",
579 true));
580 }
[email protected]2431756e2010-09-29 20:26:13[diff] [blame]581 if (http_proxy_pool_) {
582 list->Append(http_proxy_pool_->GetInfoAsValue("http_proxy_pool",
583 "http_proxy_pool",
584 true));
585 }
[email protected]ba00b492010-09-08 14:53:38[diff] [blame]586 dict->Set("nested_pools", list);
587 }
588 return dict;
589}
590
[email protected]ddb1e5a2010-12-13 20:10:45[diff] [blame]591base::TimeDelta SSLClientSocketPool::ConnectionTimeout() const {
592 return base_.ConnectionTimeout();
593}
594
595ClientSocketPoolHistograms* SSLClientSocketPool::histograms() const {
596 return base_.histograms();
597}
598
[email protected]ad74a592011-01-21 18:40:55[diff] [blame]599void SSLClientSocketPool::OnSSLConfigChanged() {
600 Flush();
601}
602
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]603} // namespace net