1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "jingle/glue/proxy_resolving_client_socket.h"
6
7#include "base/basictypes.h"
8#include "base/bind.h"
9#include "base/bind_helpers.h"
10#include "base/compiler_specific.h"
11#include "base/logging.h"
12#include "net/base/io_buffer.h"
13#include "net/base/net_errors.h"
14#include "net/http/http_network_session.h"
15#include "net/socket/client_socket_handle.h"
16#include "net/socket/client_socket_pool_manager.h"
17#include "net/url_request/url_request_context.h"
18#include "net/url_request/url_request_context_getter.h"
19
20namespace jingle_glue {
21
22ProxyResolvingClientSocket::ProxyResolvingClientSocket(
23    net::ClientSocketFactory* socket_factory,
24    const scoped_refptr<net::URLRequestContextGetter>& request_context_getter,
25    const net::SSLConfig& ssl_config,
26    const net::HostPortPair& dest_host_port_pair)
27        : proxy_resolve_callback_(
28              base::Bind(&ProxyResolvingClientSocket::ProcessProxyResolveDone,
29                         base::Unretained(this))),
30          connect_callback_(
31              base::Bind(&ProxyResolvingClientSocket::ProcessConnectDone,
32                         base::Unretained(this))),
33          ssl_config_(ssl_config),
34          pac_request_(NULL),
35          dest_host_port_pair_(dest_host_port_pair),
36          // Assume that we intend to do TLS on this socket; all
37          // current use cases do.
38          proxy_url_("https://" + dest_host_port_pair_.ToString()),
39          tried_direct_connect_fallback_(false),
40          bound_net_log_(
41              net::BoundNetLog::Make(
42                  request_context_getter->GetURLRequestContext()->net_log(),
43                  net::NetLog::SOURCE_SOCKET)),
44          weak_factory_(this) {
45  DCHECK(request_context_getter.get());
46  net::URLRequestContext* request_context =
47      request_context_getter->GetURLRequestContext();
48  DCHECK(request_context);
49  DCHECK(!dest_host_port_pair_.host().empty());
50  DCHECK_GT(dest_host_port_pair_.port(), 0);
51  DCHECK(proxy_url_.is_valid());
52
53  net::HttpNetworkSession::Params session_params;
54  session_params.client_socket_factory = socket_factory;
55  session_params.host_resolver = request_context->host_resolver();
56  session_params.cert_verifier = request_context->cert_verifier();
57  session_params.transport_security_state =
58      request_context->transport_security_state();
59  // TODO(rkn): This is NULL because ServerBoundCertService is not thread safe.
60  session_params.server_bound_cert_service = NULL;
61  session_params.proxy_service = request_context->proxy_service();
62  session_params.ssl_config_service = request_context->ssl_config_service();
63  session_params.http_auth_handler_factory =
64      request_context->http_auth_handler_factory();
65  session_params.network_delegate = request_context->network_delegate();
66  session_params.http_server_properties =
67      request_context->http_server_properties();
68  session_params.net_log = request_context->net_log();
69
70  const net::HttpNetworkSession::Params* reference_params =
71      request_context->GetNetworkSessionParams();
72  if (reference_params) {
73    // TODO(mmenke):  Just copying specific parameters seems highly regression
74    // prone.  Should have a better way to do this.
75    session_params.host_mapping_rules = reference_params->host_mapping_rules;
76    session_params.ignore_certificate_errors =
77        reference_params->ignore_certificate_errors;
78    session_params.testing_fixed_http_port =
79        reference_params->testing_fixed_http_port;
80    session_params.testing_fixed_https_port =
81        reference_params->testing_fixed_https_port;
82    session_params.next_protos = reference_params->next_protos;
83    session_params.trusted_spdy_proxy = reference_params->trusted_spdy_proxy;
84    session_params.force_spdy_over_ssl = reference_params->force_spdy_over_ssl;
85    session_params.force_spdy_always = reference_params->force_spdy_always;
86    session_params.forced_spdy_exclusions =
87        reference_params->forced_spdy_exclusions;
88    session_params.use_alternate_protocols =
89        reference_params->use_alternate_protocols;
90  }
91
92  network_session_ = new net::HttpNetworkSession(session_params);
93}
94
95ProxyResolvingClientSocket::~ProxyResolvingClientSocket() {
96  Disconnect();
97}
98
99int ProxyResolvingClientSocket::Read(net::IOBuffer* buf, int buf_len,
100                                     const net::CompletionCallback& callback) {
101  if (transport_.get() && transport_->socket())
102    return transport_->socket()->Read(buf, buf_len, callback);
103  NOTREACHED();
104  return net::ERR_SOCKET_NOT_CONNECTED;
105}
106
107int ProxyResolvingClientSocket::Write(
108    net::IOBuffer* buf,
109    int buf_len,
110    const net::CompletionCallback& callback) {
111  if (transport_.get() && transport_->socket())
112    return transport_->socket()->Write(buf, buf_len, callback);
113  NOTREACHED();
114  return net::ERR_SOCKET_NOT_CONNECTED;
115}
116
117int ProxyResolvingClientSocket::SetReceiveBufferSize(int32 size) {
118  if (transport_.get() && transport_->socket())
119    return transport_->socket()->SetReceiveBufferSize(size);
120  NOTREACHED();
121  return net::ERR_SOCKET_NOT_CONNECTED;
122}
123
124int ProxyResolvingClientSocket::SetSendBufferSize(int32 size) {
125  if (transport_.get() && transport_->socket())
126    return transport_->socket()->SetSendBufferSize(size);
127  NOTREACHED();
128  return net::ERR_SOCKET_NOT_CONNECTED;
129}
130
131int ProxyResolvingClientSocket::Connect(
132    const net::CompletionCallback& callback) {
133  DCHECK(user_connect_callback_.is_null());
134
135  tried_direct_connect_fallback_ = false;
136
137  // First we try and resolve the proxy.
138  int status = network_session_->proxy_service()->ResolveProxy(
139      proxy_url_,
140      &proxy_info_,
141      proxy_resolve_callback_,
142      &pac_request_,
143      bound_net_log_);
144  if (status != net::ERR_IO_PENDING) {
145    // We defer execution of ProcessProxyResolveDone instead of calling it
146    // directly here for simplicity. From the caller's point of view,
147    // the connect always happens asynchronously.
148    base::MessageLoop* message_loop = base::MessageLoop::current();
149    CHECK(message_loop);
150    message_loop->PostTask(
151        FROM_HERE,
152        base::Bind(&ProxyResolvingClientSocket::ProcessProxyResolveDone,
153                   weak_factory_.GetWeakPtr(), status));
154  }
155  user_connect_callback_ = callback;
156  return net::ERR_IO_PENDING;
157}
158
159void ProxyResolvingClientSocket::RunUserConnectCallback(int status) {
160  DCHECK_LE(status, net::OK);
161  net::CompletionCallback user_connect_callback = user_connect_callback_;
162  user_connect_callback_.Reset();
163  user_connect_callback.Run(status);
164}
165
166// Always runs asynchronously.
167void ProxyResolvingClientSocket::ProcessProxyResolveDone(int status) {
168  pac_request_ = NULL;
169
170  DCHECK_NE(status, net::ERR_IO_PENDING);
171  if (status == net::OK) {
172    // Remove unsupported proxies from the list.
173    proxy_info_.RemoveProxiesWithoutScheme(
174        net::ProxyServer::SCHEME_DIRECT |
175        net::ProxyServer::SCHEME_HTTP | net::ProxyServer::SCHEME_HTTPS |
176        net::ProxyServer::SCHEME_SOCKS4 | net::ProxyServer::SCHEME_SOCKS5);
177
178    if (proxy_info_.is_empty()) {
179      // No proxies/direct to choose from. This happens when we don't support
180      // any of the proxies in the returned list.
181      status = net::ERR_NO_SUPPORTED_PROXIES;
182    }
183  }
184
185  // Since we are faking the URL, it is possible that no proxies match our URL.
186  // Try falling back to a direct connection if we have not tried that before.
187  if (status != net::OK) {
188    if (!tried_direct_connect_fallback_) {
189      tried_direct_connect_fallback_ = true;
190      proxy_info_.UseDirect();
191    } else {
192      CloseTransportSocket();
193      RunUserConnectCallback(status);
194      return;
195    }
196  }
197
198  transport_.reset(new net::ClientSocketHandle);
199  // Now that we have resolved the proxy, we need to connect.
200  status = net::InitSocketHandleForRawConnect(
201      dest_host_port_pair_, network_session_.get(), proxy_info_, ssl_config_,
202      ssl_config_, net::PRIVACY_MODE_DISABLED, bound_net_log_, transport_.get(),
203      connect_callback_);
204  if (status != net::ERR_IO_PENDING) {
205    // Since this method is always called asynchronously. it is OK to call
206    // ProcessConnectDone synchronously.
207    ProcessConnectDone(status);
208  }
209}
210
211void ProxyResolvingClientSocket::ProcessConnectDone(int status) {
212  if (status != net::OK) {
213    // If the connection fails, try another proxy.
214    status = ReconsiderProxyAfterError(status);
215    // ReconsiderProxyAfterError either returns an error (in which case it is
216    // not reconsidering a proxy) or returns ERR_IO_PENDING if it is considering
217    // another proxy.
218    DCHECK_NE(status, net::OK);
219    if (status == net::ERR_IO_PENDING)
220      // Proxy reconsideration pending. Return.
221      return;
222    CloseTransportSocket();
223  } else {
224    ReportSuccessfulProxyConnection();
225  }
226  RunUserConnectCallback(status);
227}
228
229// TODO(sanjeevr): This has largely been copied from
230// HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError. This should be
231// refactored into some common place.
232// This method reconsiders the proxy on certain errors. If it does reconsider
233// a proxy it always returns ERR_IO_PENDING and posts a call to
234// ProcessProxyResolveDone with the result of the reconsideration.
235int ProxyResolvingClientSocket::ReconsiderProxyAfterError(int error) {
236  DCHECK(!pac_request_);
237  DCHECK_NE(error, net::OK);
238  DCHECK_NE(error, net::ERR_IO_PENDING);
239  // A failure to resolve the hostname or any error related to establishing a
240  // TCP connection could be grounds for trying a new proxy configuration.
241  //
242  // Why do this when a hostname cannot be resolved?  Some URLs only make sense
243  // to proxy servers.  The hostname in those URLs might fail to resolve if we
244  // are still using a non-proxy config.  We need to check if a proxy config
245  // now exists that corresponds to a proxy server that could load the URL.
246  //
247  switch (error) {
248    case net::ERR_PROXY_CONNECTION_FAILED:
249    case net::ERR_NAME_NOT_RESOLVED:
250    case net::ERR_INTERNET_DISCONNECTED:
251    case net::ERR_ADDRESS_UNREACHABLE:
252    case net::ERR_CONNECTION_CLOSED:
253    case net::ERR_CONNECTION_RESET:
254    case net::ERR_CONNECTION_REFUSED:
255    case net::ERR_CONNECTION_ABORTED:
256    case net::ERR_TIMED_OUT:
257    case net::ERR_TUNNEL_CONNECTION_FAILED:
258    case net::ERR_SOCKS_CONNECTION_FAILED:
259      break;
260    case net::ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
261      // Remap the SOCKS-specific "host unreachable" error to a more
262      // generic error code (this way consumers like the link doctor
263      // know to substitute their error page).
264      //
265      // Note that if the host resolving was done by the SOCSK5 proxy, we can't
266      // differentiate between a proxy-side "host not found" versus a proxy-side
267      // "address unreachable" error, and will report both of these failures as
268      // ERR_ADDRESS_UNREACHABLE.
269      return net::ERR_ADDRESS_UNREACHABLE;
270    default:
271      return error;
272  }
273
274  if (proxy_info_.is_https() && ssl_config_.send_client_cert) {
275    network_session_->ssl_client_auth_cache()->Remove(
276        proxy_info_.proxy_server().host_port_pair());
277  }
278
279  int rv = network_session_->proxy_service()->ReconsiderProxyAfterError(
280      proxy_url_, error, &proxy_info_, proxy_resolve_callback_, &pac_request_,
281      bound_net_log_);
282  if (rv == net::OK || rv == net::ERR_IO_PENDING) {
283    CloseTransportSocket();
284  } else {
285    // If ReconsiderProxyAfterError() failed synchronously, it means
286    // there was nothing left to fall-back to, so fail the transaction
287    // with the last connection error we got.
288    rv = error;
289  }
290
291  // We either have new proxy info or there was an error in falling back.
292  // In both cases we want to post ProcessProxyResolveDone (in the error case
293  // we might still want to fall back a direct connection).
294  if (rv != net::ERR_IO_PENDING) {
295    base::MessageLoop* message_loop = base::MessageLoop::current();
296    CHECK(message_loop);
297    message_loop->PostTask(
298        FROM_HERE,
299        base::Bind(&ProxyResolvingClientSocket::ProcessProxyResolveDone,
300                   weak_factory_.GetWeakPtr(), rv));
301    // Since we potentially have another try to go (trying the direct connect)
302    // set the return code code to ERR_IO_PENDING.
303    rv = net::ERR_IO_PENDING;
304  }
305  return rv;
306}
307
308void ProxyResolvingClientSocket::ReportSuccessfulProxyConnection() {
309  network_session_->proxy_service()->ReportSuccess(proxy_info_);
310}
311
312void ProxyResolvingClientSocket::Disconnect() {
313  CloseTransportSocket();
314  if (pac_request_) {
315    network_session_->proxy_service()->CancelPacRequest(pac_request_);
316    pac_request_ = NULL;
317  }
318  user_connect_callback_.Reset();
319}
320
321bool ProxyResolvingClientSocket::IsConnected() const {
322  if (!transport_.get() || !transport_->socket())
323    return false;
324  return transport_->socket()->IsConnected();
325}
326
327bool ProxyResolvingClientSocket::IsConnectedAndIdle() const {
328  if (!transport_.get() || !transport_->socket())
329    return false;
330  return transport_->socket()->IsConnectedAndIdle();
331}
332
333int ProxyResolvingClientSocket::GetPeerAddress(
334    net::IPEndPoint* address) const {
335  if (transport_.get() && transport_->socket())
336    return transport_->socket()->GetPeerAddress(address);
337  NOTREACHED();
338  return net::ERR_SOCKET_NOT_CONNECTED;
339}
340
341int ProxyResolvingClientSocket::GetLocalAddress(
342    net::IPEndPoint* address) const {
343  if (transport_.get() && transport_->socket())
344    return transport_->socket()->GetLocalAddress(address);
345  NOTREACHED();
346  return net::ERR_SOCKET_NOT_CONNECTED;
347}
348
349const net::BoundNetLog& ProxyResolvingClientSocket::NetLog() const {
350  if (transport_.get() && transport_->socket())
351    return transport_->socket()->NetLog();
352  NOTREACHED();
353  return bound_net_log_;
354}
355
356void ProxyResolvingClientSocket::SetSubresourceSpeculation() {
357  if (transport_.get() && transport_->socket())
358    transport_->socket()->SetSubresourceSpeculation();
359  else
360    NOTREACHED();
361}
362
363void ProxyResolvingClientSocket::SetOmniboxSpeculation() {
364  if (transport_.get() && transport_->socket())
365    transport_->socket()->SetOmniboxSpeculation();
366  else
367    NOTREACHED();
368}
369
370bool ProxyResolvingClientSocket::WasEverUsed() const {
371  if (transport_.get() && transport_->socket())
372    return transport_->socket()->WasEverUsed();
373  NOTREACHED();
374  return false;
375}
376
377bool ProxyResolvingClientSocket::UsingTCPFastOpen() const {
378  if (transport_.get() && transport_->socket())
379    return transport_->socket()->UsingTCPFastOpen();
380  NOTREACHED();
381  return false;
382}
383
384bool ProxyResolvingClientSocket::WasNpnNegotiated() const {
385  return false;
386}
387
388net::NextProto ProxyResolvingClientSocket::GetNegotiatedProtocol() const {
389  if (transport_.get() && transport_->socket())
390    return transport_->socket()->GetNegotiatedProtocol();
391  NOTREACHED();
392  return net::kProtoUnknown;
393}
394
395bool ProxyResolvingClientSocket::GetSSLInfo(net::SSLInfo* ssl_info) {
396  return false;
397}
398
399void ProxyResolvingClientSocket::CloseTransportSocket() {
400  if (transport_.get() && transport_->socket())
401    transport_->socket()->Disconnect();
402  transport_.reset();
403}
404
405}  // namespace jingle_glue
406