http_network_transaction.cc revision a02191e04bc25c4935f804f2c080ae28663d096d
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/http/http_network_transaction.h" 6 7#include <set> 8#include <vector> 9 10#include "base/bind.h" 11#include "base/bind_helpers.h" 12#include "base/compiler_specific.h" 13#include "base/format_macros.h" 14#include "base/memory/scoped_ptr.h" 15#include "base/metrics/field_trial.h" 16#include "base/metrics/histogram.h" 17#include "base/metrics/stats_counters.h" 18#include "base/stl_util.h" 19#include "base/strings/string_number_conversions.h" 20#include "base/strings/string_util.h" 21#include "base/strings/stringprintf.h" 22#include "base/time/time.h" 23#include "base/values.h" 24#include "build/build_config.h" 25#include "net/base/auth.h" 26#include "net/base/host_port_pair.h" 27#include "net/base/io_buffer.h" 28#include "net/base/load_flags.h" 29#include "net/base/load_timing_info.h" 30#include "net/base/net_errors.h" 31#include "net/base/net_util.h" 32#include "net/base/upload_data_stream.h" 33#include "net/http/http_auth.h" 34#include "net/http/http_auth_handler.h" 35#include "net/http/http_auth_handler_factory.h" 36#include "net/http/http_basic_stream.h" 37#include "net/http/http_chunked_decoder.h" 38#include "net/http/http_network_session.h" 39#include "net/http/http_proxy_client_socket.h" 40#include "net/http/http_proxy_client_socket_pool.h" 41#include "net/http/http_request_headers.h" 42#include "net/http/http_request_info.h" 43#include "net/http/http_response_headers.h" 44#include "net/http/http_response_info.h" 45#include "net/http/http_server_properties.h" 46#include "net/http/http_status_code.h" 47#include "net/http/http_stream_base.h" 48#include "net/http/http_stream_factory.h" 49#include "net/http/http_util.h" 50#include "net/http/transport_security_state.h" 51#include "net/http/url_security_manager.h" 52#include "net/socket/client_socket_factory.h" 53#include "net/socket/socks_client_socket_pool.h" 54#include "net/socket/ssl_client_socket.h" 55#include "net/socket/ssl_client_socket_pool.h" 56#include "net/socket/transport_client_socket_pool.h" 57#include "net/spdy/spdy_http_stream.h" 58#include "net/spdy/spdy_session.h" 59#include "net/spdy/spdy_session_pool.h" 60#include "net/ssl/ssl_cert_request_info.h" 61#include "net/ssl/ssl_connection_status_flags.h" 62#include "url/gurl.h" 63 64#if defined(SPDY_PROXY_AUTH_ORIGIN) 65#include <algorithm> 66#include "net/proxy/proxy_server.h" 67#endif 68 69 70using base::Time; 71using base::TimeDelta; 72 73namespace net { 74 75namespace { 76 77void ProcessAlternateProtocol( 78 HttpStreamFactory* factory, 79 const base::WeakPtr<HttpServerProperties>& http_server_properties, 80 const HttpResponseHeaders& headers, 81 const HostPortPair& http_host_port_pair) { 82 std::string alternate_protocol_str; 83 84 if (!headers.EnumerateHeader(NULL, kAlternateProtocolHeader, 85 &alternate_protocol_str)) { 86 // Header is not present. 87 return; 88 } 89 90 factory->ProcessAlternateProtocol(http_server_properties, 91 alternate_protocol_str, 92 http_host_port_pair); 93} 94 95// Returns true if |error| is a client certificate authentication error. 96bool IsClientCertificateError(int error) { 97 switch (error) { 98 case ERR_BAD_SSL_CLIENT_AUTH_CERT: 99 case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED: 100 case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY: 101 case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: 102 return true; 103 default: 104 return false; 105 } 106} 107 108base::Value* NetLogSSLVersionFallbackCallback( 109 const GURL* url, 110 int net_error, 111 uint16 version_before, 112 uint16 version_after, 113 NetLog::LogLevel /* log_level */) { 114 base::DictionaryValue* dict = new base::DictionaryValue(); 115 dict->SetString("host_and_port", GetHostAndPort(*url)); 116 dict->SetInteger("net_error", net_error); 117 dict->SetInteger("version_before", version_before); 118 dict->SetInteger("version_after", version_after); 119 return dict; 120} 121 122} // namespace 123 124//----------------------------------------------------------------------------- 125 126HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority, 127 HttpNetworkSession* session) 128 : pending_auth_target_(HttpAuth::AUTH_NONE), 129 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete, 130 base::Unretained(this))), 131 session_(session), 132 request_(NULL), 133 priority_(priority), 134 headers_valid_(false), 135 logged_response_time_(false), 136 fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK), 137 request_headers_(), 138 read_buf_len_(0), 139 total_received_bytes_(0), 140 next_state_(STATE_NONE), 141 establishing_tunnel_(false), 142 websocket_handshake_stream_base_create_helper_(NULL) { 143 session->ssl_config_service()->GetSSLConfig(&server_ssl_config_); 144 if (session->http_stream_factory()->has_next_protos()) { 145 server_ssl_config_.next_protos = 146 session->http_stream_factory()->next_protos(); 147 } 148 proxy_ssl_config_ = server_ssl_config_; 149} 150 151HttpNetworkTransaction::~HttpNetworkTransaction() { 152 if (stream_.get()) { 153 HttpResponseHeaders* headers = GetResponseHeaders(); 154 // TODO(mbelshe): The stream_ should be able to compute whether or not the 155 // stream should be kept alive. No reason to compute here 156 // and pass it in. 157 bool try_to_keep_alive = 158 next_state_ == STATE_NONE && 159 stream_->CanFindEndOfResponse() && 160 (!headers || headers->IsKeepAlive()); 161 if (!try_to_keep_alive) { 162 stream_->Close(true /* not reusable */); 163 } else { 164 if (stream_->IsResponseBodyComplete()) { 165 // If the response body is complete, we can just reuse the socket. 166 stream_->Close(false /* reusable */); 167 } else if (stream_->IsSpdyHttpStream()) { 168 // Doesn't really matter for SpdyHttpStream. Just close it. 169 stream_->Close(true /* not reusable */); 170 } else { 171 // Otherwise, we try to drain the response body. 172 HttpStreamBase* stream = stream_.release(); 173 stream->Drain(session_); 174 } 175 } 176 } 177 178 if (request_ && request_->upload_data_stream) 179 request_->upload_data_stream->Reset(); // Invalidate pending callbacks. 180} 181 182int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info, 183 const CompletionCallback& callback, 184 const BoundNetLog& net_log) { 185 SIMPLE_STATS_COUNTER("HttpNetworkTransaction.Count"); 186 187 net_log_ = net_log; 188 request_ = request_info; 189 start_time_ = base::Time::Now(); 190 191 if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) { 192 server_ssl_config_.rev_checking_enabled = false; 193 proxy_ssl_config_.rev_checking_enabled = false; 194 } 195 196 // Channel ID is enabled unless --disable-tls-channel-id flag is set, 197 // or if privacy mode is enabled. 198 bool channel_id_enabled = server_ssl_config_.channel_id_enabled && 199 (request_->privacy_mode == PRIVACY_MODE_DISABLED); 200 server_ssl_config_.channel_id_enabled = channel_id_enabled; 201 202 next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM; 203 int rv = DoLoop(OK); 204 if (rv == ERR_IO_PENDING) 205 callback_ = callback; 206 return rv; 207} 208 209int HttpNetworkTransaction::RestartIgnoringLastError( 210 const CompletionCallback& callback) { 211 DCHECK(!stream_.get()); 212 DCHECK(!stream_request_.get()); 213 DCHECK_EQ(STATE_NONE, next_state_); 214 215 next_state_ = STATE_CREATE_STREAM; 216 217 int rv = DoLoop(OK); 218 if (rv == ERR_IO_PENDING) 219 callback_ = callback; 220 return rv; 221} 222 223int HttpNetworkTransaction::RestartWithCertificate( 224 X509Certificate* client_cert, const CompletionCallback& callback) { 225 // In HandleCertificateRequest(), we always tear down existing stream 226 // requests to force a new connection. So we shouldn't have one here. 227 DCHECK(!stream_request_.get()); 228 DCHECK(!stream_.get()); 229 DCHECK_EQ(STATE_NONE, next_state_); 230 231 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? 232 &proxy_ssl_config_ : &server_ssl_config_; 233 ssl_config->send_client_cert = true; 234 ssl_config->client_cert = client_cert; 235 session_->ssl_client_auth_cache()->Add( 236 response_.cert_request_info->host_and_port, client_cert); 237 // Reset the other member variables. 238 // Note: this is necessary only with SSL renegotiation. 239 ResetStateForRestart(); 240 next_state_ = STATE_CREATE_STREAM; 241 int rv = DoLoop(OK); 242 if (rv == ERR_IO_PENDING) 243 callback_ = callback; 244 return rv; 245} 246 247int HttpNetworkTransaction::RestartWithAuth( 248 const AuthCredentials& credentials, const CompletionCallback& callback) { 249 HttpAuth::Target target = pending_auth_target_; 250 if (target == HttpAuth::AUTH_NONE) { 251 NOTREACHED(); 252 return ERR_UNEXPECTED; 253 } 254 pending_auth_target_ = HttpAuth::AUTH_NONE; 255 256 auth_controllers_[target]->ResetAuth(credentials); 257 258 DCHECK(callback_.is_null()); 259 260 int rv = OK; 261 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) { 262 // In this case, we've gathered credentials for use with proxy 263 // authentication of a tunnel. 264 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 265 DCHECK(stream_request_ != NULL); 266 auth_controllers_[target] = NULL; 267 ResetStateForRestart(); 268 rv = stream_request_->RestartTunnelWithProxyAuth(credentials); 269 } else { 270 // In this case, we've gathered credentials for the server or the proxy 271 // but it is not during the tunneling phase. 272 DCHECK(stream_request_ == NULL); 273 PrepareForAuthRestart(target); 274 rv = DoLoop(OK); 275 } 276 277 if (rv == ERR_IO_PENDING) 278 callback_ = callback; 279 return rv; 280} 281 282void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) { 283 DCHECK(HaveAuth(target)); 284 DCHECK(!stream_request_.get()); 285 286 bool keep_alive = false; 287 // Even if the server says the connection is keep-alive, we have to be 288 // able to find the end of each response in order to reuse the connection. 289 if (GetResponseHeaders()->IsKeepAlive() && 290 stream_->CanFindEndOfResponse()) { 291 // If the response body hasn't been completely read, we need to drain 292 // it first. 293 if (!stream_->IsResponseBodyComplete()) { 294 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART; 295 read_buf_ = new IOBuffer(kDrainBodyBufferSize); // A bit bucket. 296 read_buf_len_ = kDrainBodyBufferSize; 297 return; 298 } 299 keep_alive = true; 300 } 301 302 // We don't need to drain the response body, so we act as if we had drained 303 // the response body. 304 DidDrainBodyForAuthRestart(keep_alive); 305} 306 307void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) { 308 DCHECK(!stream_request_.get()); 309 310 if (stream_.get()) { 311 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 312 HttpStream* new_stream = NULL; 313 if (keep_alive && stream_->IsConnectionReusable()) { 314 // We should call connection_->set_idle_time(), but this doesn't occur 315 // often enough to be worth the trouble. 316 stream_->SetConnectionReused(); 317 new_stream = 318 static_cast<HttpStream*>(stream_.get())->RenewStreamForAuth(); 319 } 320 321 if (!new_stream) { 322 // Close the stream and mark it as not_reusable. Even in the 323 // keep_alive case, we've determined that the stream_ is not 324 // reusable if new_stream is NULL. 325 stream_->Close(true); 326 next_state_ = STATE_CREATE_STREAM; 327 } else { 328 // Renewed streams shouldn't carry over received bytes. 329 DCHECK_EQ(0, new_stream->GetTotalReceivedBytes()); 330 next_state_ = STATE_INIT_STREAM; 331 } 332 stream_.reset(new_stream); 333 } 334 335 // Reset the other member variables. 336 ResetStateForAuthRestart(); 337} 338 339bool HttpNetworkTransaction::IsReadyToRestartForAuth() { 340 return pending_auth_target_ != HttpAuth::AUTH_NONE && 341 HaveAuth(pending_auth_target_); 342} 343 344int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, 345 const CompletionCallback& callback) { 346 DCHECK(buf); 347 DCHECK_LT(0, buf_len); 348 349 State next_state = STATE_NONE; 350 351 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); 352 if (headers_valid_ && headers.get() && stream_request_.get()) { 353 // We're trying to read the body of the response but we're still trying 354 // to establish an SSL tunnel through an HTTP proxy. We can't read these 355 // bytes when establishing a tunnel because they might be controlled by 356 // an active network attacker. We don't worry about this for HTTP 357 // because an active network attacker can already control HTTP sessions. 358 // We reach this case when the user cancels a 407 proxy auth prompt. We 359 // also don't worry about this for an HTTPS Proxy, because the 360 // communication with the proxy is secure. 361 // See http://crbug.com/8473. 362 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); 363 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED); 364 LOG(WARNING) << "Blocked proxy response with status " 365 << headers->response_code() << " to CONNECT request for " 366 << GetHostAndPort(request_->url) << "."; 367 return ERR_TUNNEL_CONNECTION_FAILED; 368 } 369 370 // Are we using SPDY or HTTP? 371 next_state = STATE_READ_BODY; 372 373 read_buf_ = buf; 374 read_buf_len_ = buf_len; 375 376 next_state_ = next_state; 377 int rv = DoLoop(OK); 378 if (rv == ERR_IO_PENDING) 379 callback_ = callback; 380 return rv; 381} 382 383void HttpNetworkTransaction::StopCaching() {} 384 385bool HttpNetworkTransaction::GetFullRequestHeaders( 386 HttpRequestHeaders* headers) const { 387 // TODO(ttuttle): Make sure we've populated request_headers_. 388 *headers = request_headers_; 389 return true; 390} 391 392int64 HttpNetworkTransaction::GetTotalReceivedBytes() const { 393 int64 total_received_bytes = total_received_bytes_; 394 if (stream_) 395 total_received_bytes += stream_->GetTotalReceivedBytes(); 396 return total_received_bytes; 397} 398 399void HttpNetworkTransaction::DoneReading() {} 400 401const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const { 402 return ((headers_valid_ && response_.headers.get()) || 403 response_.ssl_info.cert.get() || response_.cert_request_info.get()) 404 ? &response_ 405 : NULL; 406} 407 408LoadState HttpNetworkTransaction::GetLoadState() const { 409 // TODO(wtc): Define a new LoadState value for the 410 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request. 411 switch (next_state_) { 412 case STATE_CREATE_STREAM: 413 return LOAD_STATE_WAITING_FOR_DELEGATE; 414 case STATE_CREATE_STREAM_COMPLETE: 415 return stream_request_->GetLoadState(); 416 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: 417 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE: 418 case STATE_SEND_REQUEST_COMPLETE: 419 return LOAD_STATE_SENDING_REQUEST; 420 case STATE_READ_HEADERS_COMPLETE: 421 return LOAD_STATE_WAITING_FOR_RESPONSE; 422 case STATE_READ_BODY_COMPLETE: 423 return LOAD_STATE_READING_RESPONSE; 424 default: 425 return LOAD_STATE_IDLE; 426 } 427} 428 429UploadProgress HttpNetworkTransaction::GetUploadProgress() const { 430 if (!stream_.get()) 431 return UploadProgress(); 432 433 // TODO(bashi): This cast is temporary. Remove later. 434 return static_cast<HttpStream*>(stream_.get())->GetUploadProgress(); 435} 436 437void HttpNetworkTransaction::SetQuicServerInfo( 438 QuicServerInfo* quic_server_info) {} 439 440bool HttpNetworkTransaction::GetLoadTimingInfo( 441 LoadTimingInfo* load_timing_info) const { 442 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info)) 443 return false; 444 445 load_timing_info->proxy_resolve_start = 446 proxy_info_.proxy_resolve_start_time(); 447 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time(); 448 load_timing_info->send_start = send_start_time_; 449 load_timing_info->send_end = send_end_time_; 450 return true; 451} 452 453void HttpNetworkTransaction::SetPriority(RequestPriority priority) { 454 priority_ = priority; 455 if (stream_request_) 456 stream_request_->SetPriority(priority); 457 if (stream_) 458 stream_->SetPriority(priority); 459} 460 461void HttpNetworkTransaction::SetWebSocketHandshakeStreamCreateHelper( 462 WebSocketHandshakeStreamBase::CreateHelper* create_helper) { 463 websocket_handshake_stream_base_create_helper_ = create_helper; 464} 465 466void HttpNetworkTransaction::SetBeforeNetworkStartCallback( 467 const BeforeNetworkStartCallback& callback) { 468 before_network_start_callback_ = callback; 469} 470 471int HttpNetworkTransaction::ResumeNetworkStart() { 472 DCHECK_EQ(next_state_, STATE_CREATE_STREAM); 473 return DoLoop(OK); 474} 475 476void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config, 477 const ProxyInfo& used_proxy_info, 478 HttpStreamBase* stream) { 479 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 480 DCHECK(stream_request_.get()); 481 482 if (stream_) 483 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 484 stream_.reset(stream); 485 server_ssl_config_ = used_ssl_config; 486 proxy_info_ = used_proxy_info; 487 response_.was_npn_negotiated = stream_request_->was_npn_negotiated(); 488 response_.npn_negotiated_protocol = SSLClientSocket::NextProtoToString( 489 stream_request_->protocol_negotiated()); 490 response_.was_fetched_via_spdy = stream_request_->using_spdy(); 491 response_.was_fetched_via_proxy = !proxy_info_.is_direct(); 492 493 OnIOComplete(OK); 494} 495 496void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady( 497 const SSLConfig& used_ssl_config, 498 const ProxyInfo& used_proxy_info, 499 WebSocketHandshakeStreamBase* stream) { 500 OnStreamReady(used_ssl_config, used_proxy_info, stream); 501} 502 503void HttpNetworkTransaction::OnStreamFailed(int result, 504 const SSLConfig& used_ssl_config) { 505 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 506 DCHECK_NE(OK, result); 507 DCHECK(stream_request_.get()); 508 DCHECK(!stream_.get()); 509 server_ssl_config_ = used_ssl_config; 510 511 OnIOComplete(result); 512} 513 514void HttpNetworkTransaction::OnCertificateError( 515 int result, 516 const SSLConfig& used_ssl_config, 517 const SSLInfo& ssl_info) { 518 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 519 DCHECK_NE(OK, result); 520 DCHECK(stream_request_.get()); 521 DCHECK(!stream_.get()); 522 523 response_.ssl_info = ssl_info; 524 server_ssl_config_ = used_ssl_config; 525 526 // TODO(mbelshe): For now, we're going to pass the error through, and that 527 // will close the stream_request in all cases. This means that we're always 528 // going to restart an entire STATE_CREATE_STREAM, even if the connection is 529 // good and the user chooses to ignore the error. This is not ideal, but not 530 // the end of the world either. 531 532 OnIOComplete(result); 533} 534 535void HttpNetworkTransaction::OnNeedsProxyAuth( 536 const HttpResponseInfo& proxy_response, 537 const SSLConfig& used_ssl_config, 538 const ProxyInfo& used_proxy_info, 539 HttpAuthController* auth_controller) { 540 DCHECK(stream_request_.get()); 541 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 542 543 establishing_tunnel_ = true; 544 response_.headers = proxy_response.headers; 545 response_.auth_challenge = proxy_response.auth_challenge; 546 headers_valid_ = true; 547 server_ssl_config_ = used_ssl_config; 548 proxy_info_ = used_proxy_info; 549 550 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller; 551 pending_auth_target_ = HttpAuth::AUTH_PROXY; 552 553 DoCallback(OK); 554} 555 556void HttpNetworkTransaction::OnNeedsClientAuth( 557 const SSLConfig& used_ssl_config, 558 SSLCertRequestInfo* cert_info) { 559 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 560 561 server_ssl_config_ = used_ssl_config; 562 response_.cert_request_info = cert_info; 563 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); 564} 565 566void HttpNetworkTransaction::OnHttpsProxyTunnelResponse( 567 const HttpResponseInfo& response_info, 568 const SSLConfig& used_ssl_config, 569 const ProxyInfo& used_proxy_info, 570 HttpStreamBase* stream) { 571 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 572 573 headers_valid_ = true; 574 response_ = response_info; 575 server_ssl_config_ = used_ssl_config; 576 proxy_info_ = used_proxy_info; 577 if (stream_) 578 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 579 stream_.reset(stream); 580 stream_request_.reset(); // we're done with the stream request 581 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE); 582} 583 584bool HttpNetworkTransaction::is_https_request() const { 585 return request_->url.SchemeIs("https"); 586} 587 588void HttpNetworkTransaction::DoCallback(int rv) { 589 DCHECK_NE(rv, ERR_IO_PENDING); 590 DCHECK(!callback_.is_null()); 591 592 // Since Run may result in Read being called, clear user_callback_ up front. 593 CompletionCallback c = callback_; 594 callback_.Reset(); 595 c.Run(rv); 596} 597 598void HttpNetworkTransaction::OnIOComplete(int result) { 599 int rv = DoLoop(result); 600 if (rv != ERR_IO_PENDING) 601 DoCallback(rv); 602} 603 604int HttpNetworkTransaction::DoLoop(int result) { 605 DCHECK(next_state_ != STATE_NONE); 606 607 int rv = result; 608 do { 609 State state = next_state_; 610 next_state_ = STATE_NONE; 611 switch (state) { 612 case STATE_NOTIFY_BEFORE_CREATE_STREAM: 613 DCHECK_EQ(OK, rv); 614 rv = DoNotifyBeforeCreateStream(); 615 break; 616 case STATE_CREATE_STREAM: 617 DCHECK_EQ(OK, rv); 618 rv = DoCreateStream(); 619 break; 620 case STATE_CREATE_STREAM_COMPLETE: 621 rv = DoCreateStreamComplete(rv); 622 break; 623 case STATE_INIT_STREAM: 624 DCHECK_EQ(OK, rv); 625 rv = DoInitStream(); 626 break; 627 case STATE_INIT_STREAM_COMPLETE: 628 rv = DoInitStreamComplete(rv); 629 break; 630 case STATE_GENERATE_PROXY_AUTH_TOKEN: 631 DCHECK_EQ(OK, rv); 632 rv = DoGenerateProxyAuthToken(); 633 break; 634 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: 635 rv = DoGenerateProxyAuthTokenComplete(rv); 636 break; 637 case STATE_GENERATE_SERVER_AUTH_TOKEN: 638 DCHECK_EQ(OK, rv); 639 rv = DoGenerateServerAuthToken(); 640 break; 641 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE: 642 rv = DoGenerateServerAuthTokenComplete(rv); 643 break; 644 case STATE_INIT_REQUEST_BODY: 645 DCHECK_EQ(OK, rv); 646 rv = DoInitRequestBody(); 647 break; 648 case STATE_INIT_REQUEST_BODY_COMPLETE: 649 rv = DoInitRequestBodyComplete(rv); 650 break; 651 case STATE_BUILD_REQUEST: 652 DCHECK_EQ(OK, rv); 653 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST); 654 rv = DoBuildRequest(); 655 break; 656 case STATE_BUILD_REQUEST_COMPLETE: 657 rv = DoBuildRequestComplete(rv); 658 break; 659 case STATE_SEND_REQUEST: 660 DCHECK_EQ(OK, rv); 661 rv = DoSendRequest(); 662 break; 663 case STATE_SEND_REQUEST_COMPLETE: 664 rv = DoSendRequestComplete(rv); 665 net_log_.EndEventWithNetErrorCode( 666 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv); 667 break; 668 case STATE_READ_HEADERS: 669 DCHECK_EQ(OK, rv); 670 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS); 671 rv = DoReadHeaders(); 672 break; 673 case STATE_READ_HEADERS_COMPLETE: 674 rv = DoReadHeadersComplete(rv); 675 net_log_.EndEventWithNetErrorCode( 676 NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv); 677 break; 678 case STATE_READ_BODY: 679 DCHECK_EQ(OK, rv); 680 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY); 681 rv = DoReadBody(); 682 break; 683 case STATE_READ_BODY_COMPLETE: 684 rv = DoReadBodyComplete(rv); 685 net_log_.EndEventWithNetErrorCode( 686 NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv); 687 break; 688 case STATE_DRAIN_BODY_FOR_AUTH_RESTART: 689 DCHECK_EQ(OK, rv); 690 net_log_.BeginEvent( 691 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART); 692 rv = DoDrainBodyForAuthRestart(); 693 break; 694 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE: 695 rv = DoDrainBodyForAuthRestartComplete(rv); 696 net_log_.EndEventWithNetErrorCode( 697 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv); 698 break; 699 default: 700 NOTREACHED() << "bad state"; 701 rv = ERR_FAILED; 702 break; 703 } 704 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); 705 706 return rv; 707} 708 709int HttpNetworkTransaction::DoNotifyBeforeCreateStream() { 710 next_state_ = STATE_CREATE_STREAM; 711 bool defer = false; 712 if (!before_network_start_callback_.is_null()) 713 before_network_start_callback_.Run(&defer); 714 if (!defer) 715 return OK; 716 return ERR_IO_PENDING; 717} 718 719int HttpNetworkTransaction::DoCreateStream() { 720 next_state_ = STATE_CREATE_STREAM_COMPLETE; 721 if (ForWebSocketHandshake()) { 722 stream_request_.reset( 723 session_->http_stream_factory_for_websocket() 724 ->RequestWebSocketHandshakeStream( 725 *request_, 726 priority_, 727 server_ssl_config_, 728 proxy_ssl_config_, 729 this, 730 websocket_handshake_stream_base_create_helper_, 731 net_log_)); 732 } else { 733 stream_request_.reset( 734 session_->http_stream_factory()->RequestStream( 735 *request_, 736 priority_, 737 server_ssl_config_, 738 proxy_ssl_config_, 739 this, 740 net_log_)); 741 } 742 DCHECK(stream_request_.get()); 743 return ERR_IO_PENDING; 744} 745 746int HttpNetworkTransaction::DoCreateStreamComplete(int result) { 747 if (result == OK) { 748 next_state_ = STATE_INIT_STREAM; 749 DCHECK(stream_.get()); 750 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 751 result = HandleCertificateRequest(result); 752 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { 753 // Return OK and let the caller read the proxy's error page 754 next_state_ = STATE_NONE; 755 return OK; 756 } 757 758 // Handle possible handshake errors that may have occurred if the stream 759 // used SSL for one or more of the layers. 760 result = HandleSSLHandshakeError(result); 761 762 // At this point we are done with the stream_request_. 763 stream_request_.reset(); 764 return result; 765} 766 767int HttpNetworkTransaction::DoInitStream() { 768 DCHECK(stream_.get()); 769 next_state_ = STATE_INIT_STREAM_COMPLETE; 770 return stream_->InitializeStream(request_, priority_, net_log_, io_callback_); 771} 772 773int HttpNetworkTransaction::DoInitStreamComplete(int result) { 774 if (result == OK) { 775 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; 776 } else { 777 if (result < 0) 778 result = HandleIOError(result); 779 780 // The stream initialization failed, so this stream will never be useful. 781 if (stream_) 782 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 783 stream_.reset(); 784 } 785 786 return result; 787} 788 789int HttpNetworkTransaction::DoGenerateProxyAuthToken() { 790 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; 791 if (!ShouldApplyProxyAuth()) 792 return OK; 793 HttpAuth::Target target = HttpAuth::AUTH_PROXY; 794 if (!auth_controllers_[target].get()) 795 auth_controllers_[target] = 796 new HttpAuthController(target, 797 AuthURL(target), 798 session_->http_auth_cache(), 799 session_->http_auth_handler_factory()); 800 return auth_controllers_[target]->MaybeGenerateAuthToken(request_, 801 io_callback_, 802 net_log_); 803} 804 805int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) { 806 DCHECK_NE(ERR_IO_PENDING, rv); 807 if (rv == OK) 808 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN; 809 return rv; 810} 811 812int HttpNetworkTransaction::DoGenerateServerAuthToken() { 813 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE; 814 HttpAuth::Target target = HttpAuth::AUTH_SERVER; 815 if (!auth_controllers_[target].get()) { 816 auth_controllers_[target] = 817 new HttpAuthController(target, 818 AuthURL(target), 819 session_->http_auth_cache(), 820 session_->http_auth_handler_factory()); 821 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY) 822 auth_controllers_[target]->DisableEmbeddedIdentity(); 823 } 824 if (!ShouldApplyServerAuth()) 825 return OK; 826 return auth_controllers_[target]->MaybeGenerateAuthToken(request_, 827 io_callback_, 828 net_log_); 829} 830 831int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) { 832 DCHECK_NE(ERR_IO_PENDING, rv); 833 if (rv == OK) 834 next_state_ = STATE_INIT_REQUEST_BODY; 835 return rv; 836} 837 838void HttpNetworkTransaction::BuildRequestHeaders(bool using_proxy) { 839 request_headers_.SetHeader(HttpRequestHeaders::kHost, 840 GetHostAndOptionalPort(request_->url)); 841 842 // For compat with HTTP/1.0 servers and proxies: 843 if (using_proxy) { 844 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection, 845 "keep-alive"); 846 } else { 847 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive"); 848 } 849 850 // Add a content length header? 851 if (request_->upload_data_stream) { 852 if (request_->upload_data_stream->is_chunked()) { 853 request_headers_.SetHeader( 854 HttpRequestHeaders::kTransferEncoding, "chunked"); 855 } else { 856 request_headers_.SetHeader( 857 HttpRequestHeaders::kContentLength, 858 base::Uint64ToString(request_->upload_data_stream->size())); 859 } 860 } else if (request_->method == "POST" || request_->method == "PUT" || 861 request_->method == "HEAD") { 862 // An empty POST/PUT request still needs a content length. As for HEAD, 863 // IE and Safari also add a content length header. Presumably it is to 864 // support sending a HEAD request to an URL that only expects to be sent a 865 // POST or some other method that normally would have a message body. 866 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0"); 867 } 868 869 // Honor load flags that impact proxy caches. 870 if (request_->load_flags & LOAD_BYPASS_CACHE) { 871 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache"); 872 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache"); 873 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) { 874 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0"); 875 } 876 877 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY)) 878 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader( 879 &request_headers_); 880 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER)) 881 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader( 882 &request_headers_); 883 884 request_headers_.MergeFrom(request_->extra_headers); 885 response_.did_use_http_auth = 886 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) || 887 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization); 888} 889 890int HttpNetworkTransaction::DoInitRequestBody() { 891 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE; 892 int rv = OK; 893 if (request_->upload_data_stream) 894 rv = request_->upload_data_stream->Init(io_callback_); 895 return rv; 896} 897 898int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) { 899 if (result == OK) 900 next_state_ = STATE_BUILD_REQUEST; 901 return result; 902} 903 904int HttpNetworkTransaction::DoBuildRequest() { 905 next_state_ = STATE_BUILD_REQUEST_COMPLETE; 906 headers_valid_ = false; 907 908 // This is constructed lazily (instead of within our Start method), so that 909 // we have proxy info available. 910 if (request_headers_.IsEmpty()) { 911 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) && 912 !is_https_request(); 913 BuildRequestHeaders(using_proxy); 914 } 915 916 return OK; 917} 918 919int HttpNetworkTransaction::DoBuildRequestComplete(int result) { 920 if (result == OK) 921 next_state_ = STATE_SEND_REQUEST; 922 return result; 923} 924 925int HttpNetworkTransaction::DoSendRequest() { 926 send_start_time_ = base::TimeTicks::Now(); 927 next_state_ = STATE_SEND_REQUEST_COMPLETE; 928 929 return stream_->SendRequest(request_headers_, &response_, io_callback_); 930} 931 932int HttpNetworkTransaction::DoSendRequestComplete(int result) { 933 send_end_time_ = base::TimeTicks::Now(); 934 if (result < 0) 935 return HandleIOError(result); 936 response_.network_accessed = true; 937 next_state_ = STATE_READ_HEADERS; 938 return OK; 939} 940 941int HttpNetworkTransaction::DoReadHeaders() { 942 next_state_ = STATE_READ_HEADERS_COMPLETE; 943 return stream_->ReadResponseHeaders(io_callback_); 944} 945 946int HttpNetworkTransaction::DoReadHeadersComplete(int result) { 947 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here 948 // due to SSL renegotiation. 949 if (IsCertificateError(result)) { 950 // We don't handle a certificate error during SSL renegotiation, so we 951 // have to return an error that's not in the certificate error range 952 // (-2xx). 953 LOG(ERROR) << "Got a server certificate with error " << result 954 << " during SSL renegotiation"; 955 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION; 956 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 957 // TODO(wtc): Need a test case for this code path! 958 DCHECK(stream_.get()); 959 DCHECK(is_https_request()); 960 response_.cert_request_info = new SSLCertRequestInfo; 961 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get()); 962 result = HandleCertificateRequest(result); 963 if (result == OK) 964 return result; 965 } 966 967 if (result == ERR_QUIC_HANDSHAKE_FAILED) { 968 ResetConnectionAndRequestForResend(); 969 return OK; 970 } 971 972 // After we call RestartWithAuth a new response_time will be recorded, and 973 // we need to be cautious about incorrectly logging the duration across the 974 // authentication activity. 975 if (result == OK) 976 LogTransactionConnectedMetrics(); 977 978 // ERR_CONNECTION_CLOSED is treated differently at this point; if partial 979 // response headers were received, we do the best we can to make sense of it 980 // and send it back up the stack. 981 // 982 // TODO(davidben): Consider moving this to HttpBasicStream, It's a little 983 // bizarre for SPDY. Assuming this logic is useful at all. 984 // TODO(davidben): Bubble the error code up so we do not cache? 985 if (result == ERR_CONNECTION_CLOSED && response_.headers.get()) 986 result = OK; 987 988 if (result < 0) 989 return HandleIOError(result); 990 991 DCHECK(response_.headers.get()); 992 993#if defined(SPDY_PROXY_AUTH_ORIGIN) 994 // Server-induced fallback; see: http://crbug.com/143712 995 if (response_.was_fetched_via_proxy) { 996 ProxyService::DataReductionProxyBypassEventType proxy_bypass_event = 997 ProxyService::BYPASS_EVENT_TYPE_MAX; 998 bool data_reduction_proxy_used = 999 proxy_info_.proxy_server().isDataReductionProxy(); 1000 bool data_reduction_fallback_proxy_used = false; 1001#if defined(DATA_REDUCTION_FALLBACK_HOST) 1002 if (!data_reduction_proxy_used) { 1003 data_reduction_fallback_proxy_used = 1004 proxy_info_.proxy_server().isDataReductionProxyFallback(); 1005 } 1006#endif 1007 1008 if (data_reduction_proxy_used || data_reduction_fallback_proxy_used) { 1009 net::HttpResponseHeaders::DataReductionProxyInfo 1010 data_reduction_proxy_info; 1011 proxy_bypass_event 1012 = response_.headers->GetDataReductionProxyBypassEventType( 1013 &data_reduction_proxy_info); 1014 if (proxy_bypass_event < ProxyService::BYPASS_EVENT_TYPE_MAX) { 1015 ProxyService* proxy_service = session_->proxy_service(); 1016 1017 proxy_service->RecordDataReductionProxyBypassInfo( 1018 data_reduction_proxy_used, proxy_info_.proxy_server(), 1019 proxy_bypass_event); 1020 1021 ProxyServer proxy_server; 1022#if defined(DATA_REDUCTION_FALLBACK_HOST) 1023 if (data_reduction_proxy_used && data_reduction_proxy_info.bypass_all) { 1024 // TODO(bengr): Rename as DATA_REDUCTION_FALLBACK_ORIGIN. 1025 GURL proxy_url(DATA_REDUCTION_FALLBACK_HOST); 1026 if (proxy_url.SchemeIsHTTPOrHTTPS()) { 1027 proxy_server = ProxyServer(proxy_url.SchemeIs("http") ? 1028 ProxyServer::SCHEME_HTTP : 1029 ProxyServer::SCHEME_HTTPS, 1030 HostPortPair::FromURL(proxy_url)); 1031 } 1032 } 1033#endif 1034 if (proxy_service->MarkProxiesAsBadUntil( 1035 proxy_info_, 1036 data_reduction_proxy_info.bypass_duration, 1037 proxy_server, 1038 net_log_)) { 1039 // Only retry idempotent methods. We don't want to resubmit a POST 1040 // if the proxy took some action. 1041 if (request_->method == "GET" || 1042 request_->method == "OPTIONS" || 1043 request_->method == "HEAD" || 1044 request_->method == "PUT" || 1045 request_->method == "DELETE" || 1046 request_->method == "TRACE") { 1047 ResetConnectionAndRequestForResend(); 1048 return OK; 1049 } 1050 } 1051 } 1052 } 1053 } 1054#endif // defined(SPDY_PROXY_AUTH_ORIGIN) 1055 1056 // Like Net.HttpResponseCode, but only for MAIN_FRAME loads. 1057 if (request_->load_flags & LOAD_MAIN_FRAME) { 1058 const int response_code = response_.headers->response_code(); 1059 UMA_HISTOGRAM_ENUMERATION( 1060 "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10); 1061 } 1062 1063 net_log_.AddEvent( 1064 NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS, 1065 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers)); 1066 1067 if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0)) { 1068 // HTTP/0.9 doesn't support the PUT method, so lack of response headers 1069 // indicates a buggy server. See: 1070 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921 1071 if (request_->method == "PUT") 1072 return ERR_METHOD_NOT_SUPPORTED; 1073 } 1074 1075 // Check for an intermediate 100 Continue response. An origin server is 1076 // allowed to send this response even if we didn't ask for it, so we just 1077 // need to skip over it. 1078 // We treat any other 1xx in this same way (although in practice getting 1079 // a 1xx that isn't a 100 is rare). 1080 // Unless this is a WebSocket request, in which case we pass it on up. 1081 if (response_.headers->response_code() / 100 == 1 && 1082 !ForWebSocketHandshake()) { 1083 response_.headers = new HttpResponseHeaders(std::string()); 1084 next_state_ = STATE_READ_HEADERS; 1085 return OK; 1086 } 1087 1088 HostPortPair endpoint = HostPortPair(request_->url.HostNoBrackets(), 1089 request_->url.EffectiveIntPort()); 1090 ProcessAlternateProtocol(session_->http_stream_factory(), 1091 session_->http_server_properties(), 1092 *response_.headers.get(), 1093 endpoint); 1094 1095 int rv = HandleAuthChallenge(); 1096 if (rv != OK) 1097 return rv; 1098 1099 if (is_https_request()) 1100 stream_->GetSSLInfo(&response_.ssl_info); 1101 1102 headers_valid_ = true; 1103 return OK; 1104} 1105 1106int HttpNetworkTransaction::DoReadBody() { 1107 DCHECK(read_buf_.get()); 1108 DCHECK_GT(read_buf_len_, 0); 1109 DCHECK(stream_ != NULL); 1110 1111 next_state_ = STATE_READ_BODY_COMPLETE; 1112 return stream_->ReadResponseBody( 1113 read_buf_.get(), read_buf_len_, io_callback_); 1114} 1115 1116int HttpNetworkTransaction::DoReadBodyComplete(int result) { 1117 // We are done with the Read call. 1118 bool done = false; 1119 if (result <= 0) { 1120 DCHECK_NE(ERR_IO_PENDING, result); 1121 done = true; 1122 } 1123 1124 bool keep_alive = false; 1125 if (stream_->IsResponseBodyComplete()) { 1126 // Note: Just because IsResponseBodyComplete is true, we're not 1127 // necessarily "done". We're only "done" when it is the last 1128 // read on this HttpNetworkTransaction, which will be signified 1129 // by a zero-length read. 1130 // TODO(mbelshe): The keepalive property is really a property of 1131 // the stream. No need to compute it here just to pass back 1132 // to the stream's Close function. 1133 // TODO(rtenneti): CanFindEndOfResponse should return false if there are no 1134 // ResponseHeaders. 1135 if (stream_->CanFindEndOfResponse()) { 1136 HttpResponseHeaders* headers = GetResponseHeaders(); 1137 if (headers) 1138 keep_alive = headers->IsKeepAlive(); 1139 } 1140 } 1141 1142 // Clean up connection if we are done. 1143 if (done) { 1144 LogTransactionMetrics(); 1145 stream_->Close(!keep_alive); 1146 // Note: we don't reset the stream here. We've closed it, but we still 1147 // need it around so that callers can call methods such as 1148 // GetUploadProgress() and have them be meaningful. 1149 // TODO(mbelshe): This means we closed the stream here, and we close it 1150 // again in ~HttpNetworkTransaction. Clean that up. 1151 1152 // The next Read call will return 0 (EOF). 1153 } 1154 1155 // Clear these to avoid leaving around old state. 1156 read_buf_ = NULL; 1157 read_buf_len_ = 0; 1158 1159 return result; 1160} 1161 1162int HttpNetworkTransaction::DoDrainBodyForAuthRestart() { 1163 // This method differs from DoReadBody only in the next_state_. So we just 1164 // call DoReadBody and override the next_state_. Perhaps there is a more 1165 // elegant way for these two methods to share code. 1166 int rv = DoReadBody(); 1167 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE); 1168 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE; 1169 return rv; 1170} 1171 1172// TODO(wtc): This method and the DoReadBodyComplete method are almost 1173// the same. Figure out a good way for these two methods to share code. 1174int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) { 1175 // keep_alive defaults to true because the very reason we're draining the 1176 // response body is to reuse the connection for auth restart. 1177 bool done = false, keep_alive = true; 1178 if (result < 0) { 1179 // Error or closed connection while reading the socket. 1180 done = true; 1181 keep_alive = false; 1182 } else if (stream_->IsResponseBodyComplete()) { 1183 done = true; 1184 } 1185 1186 if (done) { 1187 DidDrainBodyForAuthRestart(keep_alive); 1188 } else { 1189 // Keep draining. 1190 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART; 1191 } 1192 1193 return OK; 1194} 1195 1196void HttpNetworkTransaction::LogTransactionConnectedMetrics() { 1197 if (logged_response_time_) 1198 return; 1199 1200 logged_response_time_ = true; 1201 1202 base::TimeDelta total_duration = response_.response_time - start_time_; 1203 1204 UMA_HISTOGRAM_CUSTOM_TIMES( 1205 "Net.Transaction_Connected", 1206 total_duration, 1207 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1208 100); 1209 1210 bool reused_socket = stream_->IsConnectionReused(); 1211 if (!reused_socket) { 1212 UMA_HISTOGRAM_CUSTOM_TIMES( 1213 "Net.Transaction_Connected_New_b", 1214 total_duration, 1215 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1216 100); 1217 } 1218 1219 // Currently, non-HIGHEST priority requests are frame or sub-frame resource 1220 // types. This will change when we also prioritize certain subresources like 1221 // css, js, etc. 1222 if (priority_ != HIGHEST) { 1223 UMA_HISTOGRAM_CUSTOM_TIMES( 1224 "Net.Priority_High_Latency_b", 1225 total_duration, 1226 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1227 100); 1228 } else { 1229 UMA_HISTOGRAM_CUSTOM_TIMES( 1230 "Net.Priority_Low_Latency_b", 1231 total_duration, 1232 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1233 100); 1234 } 1235} 1236 1237void HttpNetworkTransaction::LogTransactionMetrics() const { 1238 base::TimeDelta duration = base::Time::Now() - 1239 response_.request_time; 1240 if (60 < duration.InMinutes()) 1241 return; 1242 1243 base::TimeDelta total_duration = base::Time::Now() - start_time_; 1244 1245 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_b", duration, 1246 base::TimeDelta::FromMilliseconds(1), 1247 base::TimeDelta::FromMinutes(10), 1248 100); 1249 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_Total", 1250 total_duration, 1251 base::TimeDelta::FromMilliseconds(1), 1252 base::TimeDelta::FromMinutes(10), 100); 1253 1254 if (!stream_->IsConnectionReused()) { 1255 UMA_HISTOGRAM_CUSTOM_TIMES( 1256 "Net.Transaction_Latency_Total_New_Connection", 1257 total_duration, base::TimeDelta::FromMilliseconds(1), 1258 base::TimeDelta::FromMinutes(10), 100); 1259 } 1260} 1261 1262int HttpNetworkTransaction::HandleCertificateRequest(int error) { 1263 // There are two paths through which the server can request a certificate 1264 // from us. The first is during the initial handshake, the second is 1265 // during SSL renegotiation. 1266 // 1267 // In both cases, we want to close the connection before proceeding. 1268 // We do this for two reasons: 1269 // First, we don't want to keep the connection to the server hung for a 1270 // long time while the user selects a certificate. 1271 // Second, even if we did keep the connection open, NSS has a bug where 1272 // restarting the handshake for ClientAuth is currently broken. 1273 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED); 1274 1275 if (stream_.get()) { 1276 // Since we already have a stream, we're being called as part of SSL 1277 // renegotiation. 1278 DCHECK(!stream_request_.get()); 1279 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 1280 stream_->Close(true); 1281 stream_.reset(); 1282 } 1283 1284 // The server is asking for a client certificate during the initial 1285 // handshake. 1286 stream_request_.reset(); 1287 1288 // If the user selected one of the certificates in client_certs or declined 1289 // to provide one for this server before, use the past decision 1290 // automatically. 1291 scoped_refptr<X509Certificate> client_cert; 1292 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( 1293 response_.cert_request_info->host_and_port, &client_cert); 1294 if (!found_cached_cert) 1295 return error; 1296 1297 // Check that the certificate selected is still a certificate the server 1298 // is likely to accept, based on the criteria supplied in the 1299 // CertificateRequest message. 1300 if (client_cert.get()) { 1301 const std::vector<std::string>& cert_authorities = 1302 response_.cert_request_info->cert_authorities; 1303 1304 bool cert_still_valid = cert_authorities.empty() || 1305 client_cert->IsIssuedByEncoded(cert_authorities); 1306 if (!cert_still_valid) 1307 return error; 1308 } 1309 1310 // TODO(davidben): Add a unit test which covers this path; we need to be 1311 // able to send a legitimate certificate and also bypass/clear the 1312 // SSL session cache. 1313 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? 1314 &proxy_ssl_config_ : &server_ssl_config_; 1315 ssl_config->send_client_cert = true; 1316 ssl_config->client_cert = client_cert; 1317 next_state_ = STATE_CREATE_STREAM; 1318 // Reset the other member variables. 1319 // Note: this is necessary only with SSL renegotiation. 1320 ResetStateForRestart(); 1321 return OK; 1322} 1323 1324void HttpNetworkTransaction::HandleClientAuthError(int error) { 1325 if (server_ssl_config_.send_client_cert && 1326 (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) { 1327 session_->ssl_client_auth_cache()->Remove( 1328 HostPortPair::FromURL(request_->url)); 1329 } 1330} 1331 1332// TODO(rch): This does not correctly handle errors when an SSL proxy is 1333// being used, as all of the errors are handled as if they were generated 1334// by the endpoint host, request_->url, rather than considering if they were 1335// generated by the SSL proxy. http://crbug.com/69329 1336int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { 1337 DCHECK(request_); 1338 HandleClientAuthError(error); 1339 1340 bool should_fallback = false; 1341 uint16 version_max = server_ssl_config_.version_max; 1342 1343 switch (error) { 1344 case ERR_SSL_PROTOCOL_ERROR: 1345 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: 1346 if (version_max >= SSL_PROTOCOL_VERSION_TLS1 && 1347 version_max > server_ssl_config_.version_min) { 1348 // This could be a TLS-intolerant server or a server that chose a 1349 // cipher suite defined only for higher protocol versions (such as 1350 // an SSL 3.0 server that chose a TLS-only cipher suite). Fall 1351 // back to the next lower version and retry. 1352 // NOTE: if the SSLClientSocket class doesn't support TLS 1.1, 1353 // specifying TLS 1.1 in version_max will result in a TLS 1.0 1354 // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply 1355 // repeat the TLS 1.0 handshake. To avoid this problem, the default 1356 // version_max should match the maximum protocol version supported 1357 // by the SSLClientSocket class. 1358 version_max--; 1359 1360 // Fallback to the lower SSL version. 1361 // While SSL 3.0 fallback should be eliminated because of security 1362 // reasons, there is a high risk of breaking the servers if this is 1363 // done in general. 1364 should_fallback = true; 1365 } 1366 break; 1367 case ERR_SSL_BAD_RECORD_MAC_ALERT: 1368 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 && 1369 version_max > server_ssl_config_.version_min) { 1370 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1371 // 1.2 ClientHello, but then return a bad_record_mac alert. See 1372 // crbug.com/260358. In order to make the fallback as minimal as 1373 // possible, this fallback is only triggered for >= TLS 1.1. 1374 version_max--; 1375 should_fallback = true; 1376 } 1377 break; 1378 case ERR_SSL_INAPPROPRIATE_FALLBACK: 1379 // The server told us that we should not have fallen back. A buggy server 1380 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial 1381 // connection. |fallback_error_code_| is initialised to 1382 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case. 1383 error = fallback_error_code_; 1384 break; 1385 } 1386 1387 if (should_fallback) { 1388 net_log_.AddEvent( 1389 NetLog::TYPE_SSL_VERSION_FALLBACK, 1390 base::Bind(&NetLogSSLVersionFallbackCallback, 1391 &request_->url, error, server_ssl_config_.version_max, 1392 version_max)); 1393 fallback_error_code_ = error; 1394 server_ssl_config_.version_max = version_max; 1395 server_ssl_config_.version_fallback = true; 1396 ResetConnectionAndRequestForResend(); 1397 error = OK; 1398 } 1399 1400 return error; 1401} 1402 1403// This method determines whether it is safe to resend the request after an 1404// IO error. It can only be called in response to request header or body 1405// write errors or response header read errors. It should not be used in 1406// other cases, such as a Connect error. 1407int HttpNetworkTransaction::HandleIOError(int error) { 1408 // Because the peer may request renegotiation with client authentication at 1409 // any time, check and handle client authentication errors. 1410 HandleClientAuthError(error); 1411 1412 switch (error) { 1413 // If we try to reuse a connection that the server is in the process of 1414 // closing, we may end up successfully writing out our request (or a 1415 // portion of our request) only to find a connection error when we try to 1416 // read from (or finish writing to) the socket. 1417 case ERR_CONNECTION_RESET: 1418 case ERR_CONNECTION_CLOSED: 1419 case ERR_CONNECTION_ABORTED: 1420 // There can be a race between the socket pool checking checking whether a 1421 // socket is still connected, receiving the FIN, and sending/reading data 1422 // on a reused socket. If we receive the FIN between the connectedness 1423 // check and writing/reading from the socket, we may first learn the socket 1424 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most 1425 // likely happen when trying to retrieve its IP address. 1426 // See http://crbug.com/105824 for more details. 1427 case ERR_SOCKET_NOT_CONNECTED: 1428 // If a socket is closed on its initial request, HttpStreamParser returns 1429 // ERR_EMPTY_RESPONSE. This may still be close/reuse race if the socket was 1430 // preconnected but failed to be used before the server timed it out. 1431 case ERR_EMPTY_RESPONSE: 1432 if (ShouldResendRequest()) { 1433 net_log_.AddEventWithNetErrorCode( 1434 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); 1435 ResetConnectionAndRequestForResend(); 1436 error = OK; 1437 } 1438 break; 1439 case ERR_PIPELINE_EVICTION: 1440 if (!session_->force_http_pipelining()) { 1441 net_log_.AddEventWithNetErrorCode( 1442 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); 1443 ResetConnectionAndRequestForResend(); 1444 error = OK; 1445 } 1446 break; 1447 case ERR_SPDY_PING_FAILED: 1448 case ERR_SPDY_SERVER_REFUSED_STREAM: 1449 case ERR_QUIC_HANDSHAKE_FAILED: 1450 net_log_.AddEventWithNetErrorCode( 1451 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); 1452 ResetConnectionAndRequestForResend(); 1453 error = OK; 1454 break; 1455 } 1456 return error; 1457} 1458 1459void HttpNetworkTransaction::ResetStateForRestart() { 1460 ResetStateForAuthRestart(); 1461 if (stream_) 1462 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 1463 stream_.reset(); 1464} 1465 1466void HttpNetworkTransaction::ResetStateForAuthRestart() { 1467 send_start_time_ = base::TimeTicks(); 1468 send_end_time_ = base::TimeTicks(); 1469 1470 pending_auth_target_ = HttpAuth::AUTH_NONE; 1471 read_buf_ = NULL; 1472 read_buf_len_ = 0; 1473 headers_valid_ = false; 1474 request_headers_.Clear(); 1475 response_ = HttpResponseInfo(); 1476 establishing_tunnel_ = false; 1477} 1478 1479HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const { 1480 return response_.headers.get(); 1481} 1482 1483bool HttpNetworkTransaction::ShouldResendRequest() const { 1484 bool connection_is_proven = stream_->IsConnectionReused(); 1485 bool has_received_headers = GetResponseHeaders() != NULL; 1486 1487 // NOTE: we resend a request only if we reused a keep-alive connection. 1488 // This automatically prevents an infinite resend loop because we'll run 1489 // out of the cached keep-alive connections eventually. 1490 if (connection_is_proven && !has_received_headers) 1491 return true; 1492 return false; 1493} 1494 1495void HttpNetworkTransaction::ResetConnectionAndRequestForResend() { 1496 if (stream_.get()) { 1497 stream_->Close(true); 1498 stream_.reset(); 1499 } 1500 1501 // We need to clear request_headers_ because it contains the real request 1502 // headers, but we may need to resend the CONNECT request first to recreate 1503 // the SSL tunnel. 1504 request_headers_.Clear(); 1505 next_state_ = STATE_CREATE_STREAM; // Resend the request. 1506} 1507 1508bool HttpNetworkTransaction::ShouldApplyProxyAuth() const { 1509 return !is_https_request() && 1510 (proxy_info_.is_https() || proxy_info_.is_http()); 1511} 1512 1513bool HttpNetworkTransaction::ShouldApplyServerAuth() const { 1514 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA); 1515} 1516 1517int HttpNetworkTransaction::HandleAuthChallenge() { 1518 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); 1519 DCHECK(headers.get()); 1520 1521 int status = headers->response_code(); 1522 if (status != HTTP_UNAUTHORIZED && 1523 status != HTTP_PROXY_AUTHENTICATION_REQUIRED) 1524 return OK; 1525 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ? 1526 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER; 1527 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct()) 1528 return ERR_UNEXPECTED_PROXY_AUTH; 1529 1530 // This case can trigger when an HTTPS server responds with a "Proxy 1531 // authentication required" status code through a non-authenticating 1532 // proxy. 1533 if (!auth_controllers_[target].get()) 1534 return ERR_UNEXPECTED_PROXY_AUTH; 1535 1536 int rv = auth_controllers_[target]->HandleAuthChallenge( 1537 headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false, 1538 net_log_); 1539 if (auth_controllers_[target]->HaveAuthHandler()) 1540 pending_auth_target_ = target; 1541 1542 scoped_refptr<AuthChallengeInfo> auth_info = 1543 auth_controllers_[target]->auth_info(); 1544 if (auth_info.get()) 1545 response_.auth_challenge = auth_info; 1546 1547 return rv; 1548} 1549 1550bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const { 1551 return auth_controllers_[target].get() && 1552 auth_controllers_[target]->HaveAuth(); 1553} 1554 1555GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const { 1556 switch (target) { 1557 case HttpAuth::AUTH_PROXY: { 1558 if (!proxy_info_.proxy_server().is_valid() || 1559 proxy_info_.proxy_server().is_direct()) { 1560 return GURL(); // There is no proxy server. 1561 } 1562 const char* scheme = proxy_info_.is_https() ? "https://" : "http://"; 1563 return GURL(scheme + 1564 proxy_info_.proxy_server().host_port_pair().ToString()); 1565 } 1566 case HttpAuth::AUTH_SERVER: 1567 return request_->url; 1568 default: 1569 return GURL(); 1570 } 1571} 1572 1573bool HttpNetworkTransaction::ForWebSocketHandshake() const { 1574 return websocket_handshake_stream_base_create_helper_ && 1575 request_->url.SchemeIsWSOrWSS(); 1576} 1577 1578#define STATE_CASE(s) \ 1579 case s: \ 1580 description = base::StringPrintf("%s (0x%08X)", #s, s); \ 1581 break 1582 1583std::string HttpNetworkTransaction::DescribeState(State state) { 1584 std::string description; 1585 switch (state) { 1586 STATE_CASE(STATE_NOTIFY_BEFORE_CREATE_STREAM); 1587 STATE_CASE(STATE_CREATE_STREAM); 1588 STATE_CASE(STATE_CREATE_STREAM_COMPLETE); 1589 STATE_CASE(STATE_INIT_REQUEST_BODY); 1590 STATE_CASE(STATE_INIT_REQUEST_BODY_COMPLETE); 1591 STATE_CASE(STATE_BUILD_REQUEST); 1592 STATE_CASE(STATE_BUILD_REQUEST_COMPLETE); 1593 STATE_CASE(STATE_SEND_REQUEST); 1594 STATE_CASE(STATE_SEND_REQUEST_COMPLETE); 1595 STATE_CASE(STATE_READ_HEADERS); 1596 STATE_CASE(STATE_READ_HEADERS_COMPLETE); 1597 STATE_CASE(STATE_READ_BODY); 1598 STATE_CASE(STATE_READ_BODY_COMPLETE); 1599 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART); 1600 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE); 1601 STATE_CASE(STATE_NONE); 1602 default: 1603 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, 1604 state); 1605 break; 1606 } 1607 return description; 1608} 1609 1610#undef STATE_CASE 1611 1612} // namespace net 1613