http_network_transaction.cc revision a1401311d1ab56c4ed0a474bd38c108f75cb0cd9
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/http/http_network_transaction.h" 6 7#include <set> 8#include <vector> 9 10#include "base/bind.h" 11#include "base/bind_helpers.h" 12#include "base/compiler_specific.h" 13#include "base/format_macros.h" 14#include "base/memory/scoped_ptr.h" 15#include "base/metrics/field_trial.h" 16#include "base/metrics/histogram.h" 17#include "base/metrics/stats_counters.h" 18#include "base/stl_util.h" 19#include "base/strings/string_number_conversions.h" 20#include "base/strings/string_util.h" 21#include "base/strings/stringprintf.h" 22#include "base/time/time.h" 23#include "base/values.h" 24#include "build/build_config.h" 25#include "net/base/auth.h" 26#include "net/base/host_port_pair.h" 27#include "net/base/io_buffer.h" 28#include "net/base/load_flags.h" 29#include "net/base/load_timing_info.h" 30#include "net/base/net_errors.h" 31#include "net/base/net_util.h" 32#include "net/base/upload_data_stream.h" 33#include "net/http/http_auth.h" 34#include "net/http/http_auth_handler.h" 35#include "net/http/http_auth_handler_factory.h" 36#include "net/http/http_basic_stream.h" 37#include "net/http/http_chunked_decoder.h" 38#include "net/http/http_network_session.h" 39#include "net/http/http_proxy_client_socket.h" 40#include "net/http/http_proxy_client_socket_pool.h" 41#include "net/http/http_request_headers.h" 42#include "net/http/http_request_info.h" 43#include "net/http/http_response_headers.h" 44#include "net/http/http_response_info.h" 45#include "net/http/http_server_properties.h" 46#include "net/http/http_status_code.h" 47#include "net/http/http_stream_base.h" 48#include "net/http/http_stream_factory.h" 49#include "net/http/http_util.h" 50#include "net/http/transport_security_state.h" 51#include "net/http/url_security_manager.h" 52#include "net/socket/client_socket_factory.h" 53#include "net/socket/socks_client_socket_pool.h" 54#include "net/socket/ssl_client_socket.h" 55#include "net/socket/ssl_client_socket_pool.h" 56#include "net/socket/transport_client_socket_pool.h" 57#include "net/spdy/spdy_http_stream.h" 58#include "net/spdy/spdy_session.h" 59#include "net/spdy/spdy_session_pool.h" 60#include "net/ssl/ssl_cert_request_info.h" 61#include "net/ssl/ssl_connection_status_flags.h" 62#include "url/gurl.h" 63 64#if defined(SPDY_PROXY_AUTH_ORIGIN) 65#include <algorithm> 66#include "net/proxy/proxy_server.h" 67#endif 68 69 70using base::Time; 71using base::TimeDelta; 72 73namespace net { 74 75namespace { 76 77void ProcessAlternateProtocol( 78 HttpStreamFactory* factory, 79 const base::WeakPtr<HttpServerProperties>& http_server_properties, 80 const HttpResponseHeaders& headers, 81 const HostPortPair& http_host_port_pair) { 82 std::string alternate_protocol_str; 83 84 if (!headers.EnumerateHeader(NULL, kAlternateProtocolHeader, 85 &alternate_protocol_str)) { 86 // Header is not present. 87 return; 88 } 89 90 factory->ProcessAlternateProtocol(http_server_properties, 91 alternate_protocol_str, 92 http_host_port_pair); 93} 94 95// Returns true if |error| is a client certificate authentication error. 96bool IsClientCertificateError(int error) { 97 switch (error) { 98 case ERR_BAD_SSL_CLIENT_AUTH_CERT: 99 case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED: 100 case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY: 101 case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: 102 return true; 103 default: 104 return false; 105 } 106} 107 108base::Value* NetLogSSLVersionFallbackCallback( 109 const GURL* url, 110 int net_error, 111 uint16 version_before, 112 uint16 version_after, 113 NetLog::LogLevel /* log_level */) { 114 base::DictionaryValue* dict = new base::DictionaryValue(); 115 dict->SetString("host_and_port", GetHostAndPort(*url)); 116 dict->SetInteger("net_error", net_error); 117 dict->SetInteger("version_before", version_before); 118 dict->SetInteger("version_after", version_after); 119 return dict; 120} 121 122} // namespace 123 124//----------------------------------------------------------------------------- 125 126HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority, 127 HttpNetworkSession* session) 128 : pending_auth_target_(HttpAuth::AUTH_NONE), 129 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete, 130 base::Unretained(this))), 131 session_(session), 132 request_(NULL), 133 priority_(priority), 134 headers_valid_(false), 135 logged_response_time_(false), 136 fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK), 137 request_headers_(), 138 read_buf_len_(0), 139 total_received_bytes_(0), 140 next_state_(STATE_NONE), 141 establishing_tunnel_(false), 142 websocket_handshake_stream_base_create_helper_(NULL) { 143 session->ssl_config_service()->GetSSLConfig(&server_ssl_config_); 144 if (session->http_stream_factory()->has_next_protos()) { 145 server_ssl_config_.next_protos = 146 session->http_stream_factory()->next_protos(); 147 } 148 proxy_ssl_config_ = server_ssl_config_; 149} 150 151HttpNetworkTransaction::~HttpNetworkTransaction() { 152 if (stream_.get()) { 153 HttpResponseHeaders* headers = GetResponseHeaders(); 154 // TODO(mbelshe): The stream_ should be able to compute whether or not the 155 // stream should be kept alive. No reason to compute here 156 // and pass it in. 157 bool try_to_keep_alive = 158 next_state_ == STATE_NONE && 159 stream_->CanFindEndOfResponse() && 160 (!headers || headers->IsKeepAlive()); 161 if (!try_to_keep_alive) { 162 stream_->Close(true /* not reusable */); 163 } else { 164 if (stream_->IsResponseBodyComplete()) { 165 // If the response body is complete, we can just reuse the socket. 166 stream_->Close(false /* reusable */); 167 } else if (stream_->IsSpdyHttpStream()) { 168 // Doesn't really matter for SpdyHttpStream. Just close it. 169 stream_->Close(true /* not reusable */); 170 } else { 171 // Otherwise, we try to drain the response body. 172 HttpStreamBase* stream = stream_.release(); 173 stream->Drain(session_); 174 } 175 } 176 } 177 178 if (request_ && request_->upload_data_stream) 179 request_->upload_data_stream->Reset(); // Invalidate pending callbacks. 180} 181 182int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info, 183 const CompletionCallback& callback, 184 const BoundNetLog& net_log) { 185 SIMPLE_STATS_COUNTER("HttpNetworkTransaction.Count"); 186 187 net_log_ = net_log; 188 request_ = request_info; 189 start_time_ = base::Time::Now(); 190 191 if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) { 192 server_ssl_config_.rev_checking_enabled = false; 193 proxy_ssl_config_.rev_checking_enabled = false; 194 } 195 196 // Channel ID is enabled unless --disable-tls-channel-id flag is set, 197 // or if privacy mode is enabled. 198 bool channel_id_enabled = server_ssl_config_.channel_id_enabled && 199 (request_->privacy_mode == kPrivacyModeDisabled); 200 server_ssl_config_.channel_id_enabled = channel_id_enabled; 201 202 next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM; 203 int rv = DoLoop(OK); 204 if (rv == ERR_IO_PENDING) 205 callback_ = callback; 206 return rv; 207} 208 209int HttpNetworkTransaction::RestartIgnoringLastError( 210 const CompletionCallback& callback) { 211 DCHECK(!stream_.get()); 212 DCHECK(!stream_request_.get()); 213 DCHECK_EQ(STATE_NONE, next_state_); 214 215 next_state_ = STATE_CREATE_STREAM; 216 217 int rv = DoLoop(OK); 218 if (rv == ERR_IO_PENDING) 219 callback_ = callback; 220 return rv; 221} 222 223int HttpNetworkTransaction::RestartWithCertificate( 224 X509Certificate* client_cert, const CompletionCallback& callback) { 225 // In HandleCertificateRequest(), we always tear down existing stream 226 // requests to force a new connection. So we shouldn't have one here. 227 DCHECK(!stream_request_.get()); 228 DCHECK(!stream_.get()); 229 DCHECK_EQ(STATE_NONE, next_state_); 230 231 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? 232 &proxy_ssl_config_ : &server_ssl_config_; 233 ssl_config->send_client_cert = true; 234 ssl_config->client_cert = client_cert; 235 session_->ssl_client_auth_cache()->Add( 236 response_.cert_request_info->host_and_port, client_cert); 237 // Reset the other member variables. 238 // Note: this is necessary only with SSL renegotiation. 239 ResetStateForRestart(); 240 next_state_ = STATE_CREATE_STREAM; 241 int rv = DoLoop(OK); 242 if (rv == ERR_IO_PENDING) 243 callback_ = callback; 244 return rv; 245} 246 247int HttpNetworkTransaction::RestartWithAuth( 248 const AuthCredentials& credentials, const CompletionCallback& callback) { 249 HttpAuth::Target target = pending_auth_target_; 250 if (target == HttpAuth::AUTH_NONE) { 251 NOTREACHED(); 252 return ERR_UNEXPECTED; 253 } 254 pending_auth_target_ = HttpAuth::AUTH_NONE; 255 256 auth_controllers_[target]->ResetAuth(credentials); 257 258 DCHECK(callback_.is_null()); 259 260 int rv = OK; 261 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) { 262 // In this case, we've gathered credentials for use with proxy 263 // authentication of a tunnel. 264 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 265 DCHECK(stream_request_ != NULL); 266 auth_controllers_[target] = NULL; 267 ResetStateForRestart(); 268 rv = stream_request_->RestartTunnelWithProxyAuth(credentials); 269 } else { 270 // In this case, we've gathered credentials for the server or the proxy 271 // but it is not during the tunneling phase. 272 DCHECK(stream_request_ == NULL); 273 PrepareForAuthRestart(target); 274 rv = DoLoop(OK); 275 } 276 277 if (rv == ERR_IO_PENDING) 278 callback_ = callback; 279 return rv; 280} 281 282void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) { 283 DCHECK(HaveAuth(target)); 284 DCHECK(!stream_request_.get()); 285 286 bool keep_alive = false; 287 // Even if the server says the connection is keep-alive, we have to be 288 // able to find the end of each response in order to reuse the connection. 289 if (GetResponseHeaders()->IsKeepAlive() && 290 stream_->CanFindEndOfResponse()) { 291 // If the response body hasn't been completely read, we need to drain 292 // it first. 293 if (!stream_->IsResponseBodyComplete()) { 294 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART; 295 read_buf_ = new IOBuffer(kDrainBodyBufferSize); // A bit bucket. 296 read_buf_len_ = kDrainBodyBufferSize; 297 return; 298 } 299 keep_alive = true; 300 } 301 302 // We don't need to drain the response body, so we act as if we had drained 303 // the response body. 304 DidDrainBodyForAuthRestart(keep_alive); 305} 306 307void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) { 308 DCHECK(!stream_request_.get()); 309 310 if (stream_.get()) { 311 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 312 HttpStream* new_stream = NULL; 313 if (keep_alive && stream_->IsConnectionReusable()) { 314 // We should call connection_->set_idle_time(), but this doesn't occur 315 // often enough to be worth the trouble. 316 stream_->SetConnectionReused(); 317 new_stream = 318 static_cast<HttpStream*>(stream_.get())->RenewStreamForAuth(); 319 } 320 321 if (!new_stream) { 322 // Close the stream and mark it as not_reusable. Even in the 323 // keep_alive case, we've determined that the stream_ is not 324 // reusable if new_stream is NULL. 325 stream_->Close(true); 326 next_state_ = STATE_CREATE_STREAM; 327 } else { 328 // Renewed streams shouldn't carry over received bytes. 329 DCHECK_EQ(0, new_stream->GetTotalReceivedBytes()); 330 next_state_ = STATE_INIT_STREAM; 331 } 332 stream_.reset(new_stream); 333 } 334 335 // Reset the other member variables. 336 ResetStateForAuthRestart(); 337} 338 339bool HttpNetworkTransaction::IsReadyToRestartForAuth() { 340 return pending_auth_target_ != HttpAuth::AUTH_NONE && 341 HaveAuth(pending_auth_target_); 342} 343 344int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, 345 const CompletionCallback& callback) { 346 DCHECK(buf); 347 DCHECK_LT(0, buf_len); 348 349 State next_state = STATE_NONE; 350 351 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); 352 if (headers_valid_ && headers.get() && stream_request_.get()) { 353 // We're trying to read the body of the response but we're still trying 354 // to establish an SSL tunnel through an HTTP proxy. We can't read these 355 // bytes when establishing a tunnel because they might be controlled by 356 // an active network attacker. We don't worry about this for HTTP 357 // because an active network attacker can already control HTTP sessions. 358 // We reach this case when the user cancels a 407 proxy auth prompt. We 359 // also don't worry about this for an HTTPS Proxy, because the 360 // communication with the proxy is secure. 361 // See http://crbug.com/8473. 362 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); 363 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED); 364 LOG(WARNING) << "Blocked proxy response with status " 365 << headers->response_code() << " to CONNECT request for " 366 << GetHostAndPort(request_->url) << "."; 367 return ERR_TUNNEL_CONNECTION_FAILED; 368 } 369 370 // Are we using SPDY or HTTP? 371 next_state = STATE_READ_BODY; 372 373 read_buf_ = buf; 374 read_buf_len_ = buf_len; 375 376 next_state_ = next_state; 377 int rv = DoLoop(OK); 378 if (rv == ERR_IO_PENDING) 379 callback_ = callback; 380 return rv; 381} 382 383void HttpNetworkTransaction::StopCaching() {} 384 385bool HttpNetworkTransaction::GetFullRequestHeaders( 386 HttpRequestHeaders* headers) const { 387 // TODO(ttuttle): Make sure we've populated request_headers_. 388 *headers = request_headers_; 389 return true; 390} 391 392int64 HttpNetworkTransaction::GetTotalReceivedBytes() const { 393 int64 total_received_bytes = total_received_bytes_; 394 if (stream_) 395 total_received_bytes += stream_->GetTotalReceivedBytes(); 396 return total_received_bytes; 397} 398 399void HttpNetworkTransaction::DoneReading() {} 400 401const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const { 402 return ((headers_valid_ && response_.headers.get()) || 403 response_.ssl_info.cert.get() || response_.cert_request_info.get()) 404 ? &response_ 405 : NULL; 406} 407 408LoadState HttpNetworkTransaction::GetLoadState() const { 409 // TODO(wtc): Define a new LoadState value for the 410 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request. 411 switch (next_state_) { 412 case STATE_CREATE_STREAM: 413 return LOAD_STATE_WAITING_FOR_DELEGATE; 414 case STATE_CREATE_STREAM_COMPLETE: 415 return stream_request_->GetLoadState(); 416 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: 417 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE: 418 case STATE_SEND_REQUEST_COMPLETE: 419 return LOAD_STATE_SENDING_REQUEST; 420 case STATE_READ_HEADERS_COMPLETE: 421 return LOAD_STATE_WAITING_FOR_RESPONSE; 422 case STATE_READ_BODY_COMPLETE: 423 return LOAD_STATE_READING_RESPONSE; 424 default: 425 return LOAD_STATE_IDLE; 426 } 427} 428 429UploadProgress HttpNetworkTransaction::GetUploadProgress() const { 430 if (!stream_.get()) 431 return UploadProgress(); 432 433 // TODO(bashi): This cast is temporary. Remove later. 434 return static_cast<HttpStream*>(stream_.get())->GetUploadProgress(); 435} 436 437void HttpNetworkTransaction::SetQuicServerInfo( 438 QuicServerInfo* quic_server_info) {} 439 440bool HttpNetworkTransaction::GetLoadTimingInfo( 441 LoadTimingInfo* load_timing_info) const { 442 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info)) 443 return false; 444 445 load_timing_info->proxy_resolve_start = 446 proxy_info_.proxy_resolve_start_time(); 447 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time(); 448 load_timing_info->send_start = send_start_time_; 449 load_timing_info->send_end = send_end_time_; 450 return true; 451} 452 453void HttpNetworkTransaction::SetPriority(RequestPriority priority) { 454 priority_ = priority; 455 if (stream_request_) 456 stream_request_->SetPriority(priority); 457 if (stream_) 458 stream_->SetPriority(priority); 459} 460 461void HttpNetworkTransaction::SetWebSocketHandshakeStreamCreateHelper( 462 WebSocketHandshakeStreamBase::CreateHelper* create_helper) { 463 websocket_handshake_stream_base_create_helper_ = create_helper; 464} 465 466void HttpNetworkTransaction::SetBeforeNetworkStartCallback( 467 const BeforeNetworkStartCallback& callback) { 468 before_network_start_callback_ = callback; 469} 470 471int HttpNetworkTransaction::ResumeNetworkStart() { 472 DCHECK_EQ(next_state_, STATE_CREATE_STREAM); 473 return DoLoop(OK); 474} 475 476void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config, 477 const ProxyInfo& used_proxy_info, 478 HttpStreamBase* stream) { 479 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 480 DCHECK(stream_request_.get()); 481 482 if (stream_) 483 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 484 stream_.reset(stream); 485 server_ssl_config_ = used_ssl_config; 486 proxy_info_ = used_proxy_info; 487 response_.was_npn_negotiated = stream_request_->was_npn_negotiated(); 488 response_.npn_negotiated_protocol = SSLClientSocket::NextProtoToString( 489 stream_request_->protocol_negotiated()); 490 response_.was_fetched_via_spdy = stream_request_->using_spdy(); 491 response_.was_fetched_via_proxy = !proxy_info_.is_direct(); 492 493 OnIOComplete(OK); 494} 495 496void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady( 497 const SSLConfig& used_ssl_config, 498 const ProxyInfo& used_proxy_info, 499 WebSocketHandshakeStreamBase* stream) { 500 OnStreamReady(used_ssl_config, used_proxy_info, stream); 501} 502 503void HttpNetworkTransaction::OnStreamFailed(int result, 504 const SSLConfig& used_ssl_config) { 505 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 506 DCHECK_NE(OK, result); 507 DCHECK(stream_request_.get()); 508 DCHECK(!stream_.get()); 509 server_ssl_config_ = used_ssl_config; 510 511 OnIOComplete(result); 512} 513 514void HttpNetworkTransaction::OnCertificateError( 515 int result, 516 const SSLConfig& used_ssl_config, 517 const SSLInfo& ssl_info) { 518 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 519 DCHECK_NE(OK, result); 520 DCHECK(stream_request_.get()); 521 DCHECK(!stream_.get()); 522 523 response_.ssl_info = ssl_info; 524 server_ssl_config_ = used_ssl_config; 525 526 // TODO(mbelshe): For now, we're going to pass the error through, and that 527 // will close the stream_request in all cases. This means that we're always 528 // going to restart an entire STATE_CREATE_STREAM, even if the connection is 529 // good and the user chooses to ignore the error. This is not ideal, but not 530 // the end of the world either. 531 532 OnIOComplete(result); 533} 534 535void HttpNetworkTransaction::OnNeedsProxyAuth( 536 const HttpResponseInfo& proxy_response, 537 const SSLConfig& used_ssl_config, 538 const ProxyInfo& used_proxy_info, 539 HttpAuthController* auth_controller) { 540 DCHECK(stream_request_.get()); 541 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 542 543 establishing_tunnel_ = true; 544 response_.headers = proxy_response.headers; 545 response_.auth_challenge = proxy_response.auth_challenge; 546 headers_valid_ = true; 547 server_ssl_config_ = used_ssl_config; 548 proxy_info_ = used_proxy_info; 549 550 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller; 551 pending_auth_target_ = HttpAuth::AUTH_PROXY; 552 553 DoCallback(OK); 554} 555 556void HttpNetworkTransaction::OnNeedsClientAuth( 557 const SSLConfig& used_ssl_config, 558 SSLCertRequestInfo* cert_info) { 559 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 560 561 server_ssl_config_ = used_ssl_config; 562 response_.cert_request_info = cert_info; 563 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); 564} 565 566void HttpNetworkTransaction::OnHttpsProxyTunnelResponse( 567 const HttpResponseInfo& response_info, 568 const SSLConfig& used_ssl_config, 569 const ProxyInfo& used_proxy_info, 570 HttpStreamBase* stream) { 571 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); 572 573 headers_valid_ = true; 574 response_ = response_info; 575 server_ssl_config_ = used_ssl_config; 576 proxy_info_ = used_proxy_info; 577 if (stream_) 578 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 579 stream_.reset(stream); 580 stream_request_.reset(); // we're done with the stream request 581 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE); 582} 583 584bool HttpNetworkTransaction::is_https_request() const { 585 return request_->url.SchemeIs("https"); 586} 587 588void HttpNetworkTransaction::DoCallback(int rv) { 589 DCHECK_NE(rv, ERR_IO_PENDING); 590 DCHECK(!callback_.is_null()); 591 592 // Since Run may result in Read being called, clear user_callback_ up front. 593 CompletionCallback c = callback_; 594 callback_.Reset(); 595 c.Run(rv); 596} 597 598void HttpNetworkTransaction::OnIOComplete(int result) { 599 int rv = DoLoop(result); 600 if (rv != ERR_IO_PENDING) 601 DoCallback(rv); 602} 603 604int HttpNetworkTransaction::DoLoop(int result) { 605 DCHECK(next_state_ != STATE_NONE); 606 607 int rv = result; 608 do { 609 State state = next_state_; 610 next_state_ = STATE_NONE; 611 switch (state) { 612 case STATE_NOTIFY_BEFORE_CREATE_STREAM: 613 DCHECK_EQ(OK, rv); 614 rv = DoNotifyBeforeCreateStream(); 615 break; 616 case STATE_CREATE_STREAM: 617 DCHECK_EQ(OK, rv); 618 rv = DoCreateStream(); 619 break; 620 case STATE_CREATE_STREAM_COMPLETE: 621 rv = DoCreateStreamComplete(rv); 622 break; 623 case STATE_INIT_STREAM: 624 DCHECK_EQ(OK, rv); 625 rv = DoInitStream(); 626 break; 627 case STATE_INIT_STREAM_COMPLETE: 628 rv = DoInitStreamComplete(rv); 629 break; 630 case STATE_GENERATE_PROXY_AUTH_TOKEN: 631 DCHECK_EQ(OK, rv); 632 rv = DoGenerateProxyAuthToken(); 633 break; 634 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: 635 rv = DoGenerateProxyAuthTokenComplete(rv); 636 break; 637 case STATE_GENERATE_SERVER_AUTH_TOKEN: 638 DCHECK_EQ(OK, rv); 639 rv = DoGenerateServerAuthToken(); 640 break; 641 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE: 642 rv = DoGenerateServerAuthTokenComplete(rv); 643 break; 644 case STATE_INIT_REQUEST_BODY: 645 DCHECK_EQ(OK, rv); 646 rv = DoInitRequestBody(); 647 break; 648 case STATE_INIT_REQUEST_BODY_COMPLETE: 649 rv = DoInitRequestBodyComplete(rv); 650 break; 651 case STATE_BUILD_REQUEST: 652 DCHECK_EQ(OK, rv); 653 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST); 654 rv = DoBuildRequest(); 655 break; 656 case STATE_BUILD_REQUEST_COMPLETE: 657 rv = DoBuildRequestComplete(rv); 658 break; 659 case STATE_SEND_REQUEST: 660 DCHECK_EQ(OK, rv); 661 rv = DoSendRequest(); 662 break; 663 case STATE_SEND_REQUEST_COMPLETE: 664 rv = DoSendRequestComplete(rv); 665 net_log_.EndEventWithNetErrorCode( 666 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv); 667 break; 668 case STATE_READ_HEADERS: 669 DCHECK_EQ(OK, rv); 670 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS); 671 rv = DoReadHeaders(); 672 break; 673 case STATE_READ_HEADERS_COMPLETE: 674 rv = DoReadHeadersComplete(rv); 675 net_log_.EndEventWithNetErrorCode( 676 NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv); 677 break; 678 case STATE_READ_BODY: 679 DCHECK_EQ(OK, rv); 680 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY); 681 rv = DoReadBody(); 682 break; 683 case STATE_READ_BODY_COMPLETE: 684 rv = DoReadBodyComplete(rv); 685 net_log_.EndEventWithNetErrorCode( 686 NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv); 687 break; 688 case STATE_DRAIN_BODY_FOR_AUTH_RESTART: 689 DCHECK_EQ(OK, rv); 690 net_log_.BeginEvent( 691 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART); 692 rv = DoDrainBodyForAuthRestart(); 693 break; 694 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE: 695 rv = DoDrainBodyForAuthRestartComplete(rv); 696 net_log_.EndEventWithNetErrorCode( 697 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv); 698 break; 699 default: 700 NOTREACHED() << "bad state"; 701 rv = ERR_FAILED; 702 break; 703 } 704 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); 705 706 return rv; 707} 708 709int HttpNetworkTransaction::DoNotifyBeforeCreateStream() { 710 next_state_ = STATE_CREATE_STREAM; 711 bool defer = false; 712 if (!before_network_start_callback_.is_null()) 713 before_network_start_callback_.Run(&defer); 714 if (!defer) 715 return OK; 716 return ERR_IO_PENDING; 717} 718 719int HttpNetworkTransaction::DoCreateStream() { 720 next_state_ = STATE_CREATE_STREAM_COMPLETE; 721 if (ForWebSocketHandshake()) { 722 stream_request_.reset( 723 session_->http_stream_factory_for_websocket() 724 ->RequestWebSocketHandshakeStream( 725 *request_, 726 priority_, 727 server_ssl_config_, 728 proxy_ssl_config_, 729 this, 730 websocket_handshake_stream_base_create_helper_, 731 net_log_)); 732 } else { 733 stream_request_.reset( 734 session_->http_stream_factory()->RequestStream( 735 *request_, 736 priority_, 737 server_ssl_config_, 738 proxy_ssl_config_, 739 this, 740 net_log_)); 741 } 742 DCHECK(stream_request_.get()); 743 return ERR_IO_PENDING; 744} 745 746int HttpNetworkTransaction::DoCreateStreamComplete(int result) { 747 if (result == OK) { 748 next_state_ = STATE_INIT_STREAM; 749 DCHECK(stream_.get()); 750 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 751 result = HandleCertificateRequest(result); 752 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { 753 // Return OK and let the caller read the proxy's error page 754 next_state_ = STATE_NONE; 755 return OK; 756 } 757 758 // Handle possible handshake errors that may have occurred if the stream 759 // used SSL for one or more of the layers. 760 result = HandleSSLHandshakeError(result); 761 762 // At this point we are done with the stream_request_. 763 stream_request_.reset(); 764 return result; 765} 766 767int HttpNetworkTransaction::DoInitStream() { 768 DCHECK(stream_.get()); 769 next_state_ = STATE_INIT_STREAM_COMPLETE; 770 return stream_->InitializeStream(request_, priority_, net_log_, io_callback_); 771} 772 773int HttpNetworkTransaction::DoInitStreamComplete(int result) { 774 if (result == OK) { 775 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; 776 } else { 777 if (result < 0) 778 result = HandleIOError(result); 779 780 // The stream initialization failed, so this stream will never be useful. 781 if (stream_) 782 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 783 stream_.reset(); 784 } 785 786 return result; 787} 788 789int HttpNetworkTransaction::DoGenerateProxyAuthToken() { 790 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; 791 if (!ShouldApplyProxyAuth()) 792 return OK; 793 HttpAuth::Target target = HttpAuth::AUTH_PROXY; 794 if (!auth_controllers_[target].get()) 795 auth_controllers_[target] = 796 new HttpAuthController(target, 797 AuthURL(target), 798 session_->http_auth_cache(), 799 session_->http_auth_handler_factory()); 800 return auth_controllers_[target]->MaybeGenerateAuthToken(request_, 801 io_callback_, 802 net_log_); 803} 804 805int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) { 806 DCHECK_NE(ERR_IO_PENDING, rv); 807 if (rv == OK) 808 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN; 809 return rv; 810} 811 812int HttpNetworkTransaction::DoGenerateServerAuthToken() { 813 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE; 814 HttpAuth::Target target = HttpAuth::AUTH_SERVER; 815 if (!auth_controllers_[target].get()) { 816 auth_controllers_[target] = 817 new HttpAuthController(target, 818 AuthURL(target), 819 session_->http_auth_cache(), 820 session_->http_auth_handler_factory()); 821 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY) 822 auth_controllers_[target]->DisableEmbeddedIdentity(); 823 } 824 if (!ShouldApplyServerAuth()) 825 return OK; 826 return auth_controllers_[target]->MaybeGenerateAuthToken(request_, 827 io_callback_, 828 net_log_); 829} 830 831int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) { 832 DCHECK_NE(ERR_IO_PENDING, rv); 833 if (rv == OK) 834 next_state_ = STATE_INIT_REQUEST_BODY; 835 return rv; 836} 837 838void HttpNetworkTransaction::BuildRequestHeaders(bool using_proxy) { 839 request_headers_.SetHeader(HttpRequestHeaders::kHost, 840 GetHostAndOptionalPort(request_->url)); 841 842 // For compat with HTTP/1.0 servers and proxies: 843 if (using_proxy) { 844 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection, 845 "keep-alive"); 846 } else { 847 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive"); 848 } 849 850 // Add a content length header? 851 if (request_->upload_data_stream) { 852 if (request_->upload_data_stream->is_chunked()) { 853 request_headers_.SetHeader( 854 HttpRequestHeaders::kTransferEncoding, "chunked"); 855 } else { 856 request_headers_.SetHeader( 857 HttpRequestHeaders::kContentLength, 858 base::Uint64ToString(request_->upload_data_stream->size())); 859 } 860 } else if (request_->method == "POST" || request_->method == "PUT" || 861 request_->method == "HEAD") { 862 // An empty POST/PUT request still needs a content length. As for HEAD, 863 // IE and Safari also add a content length header. Presumably it is to 864 // support sending a HEAD request to an URL that only expects to be sent a 865 // POST or some other method that normally would have a message body. 866 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0"); 867 } 868 869 // Honor load flags that impact proxy caches. 870 if (request_->load_flags & LOAD_BYPASS_CACHE) { 871 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache"); 872 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache"); 873 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) { 874 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0"); 875 } 876 877 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY)) 878 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader( 879 &request_headers_); 880 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER)) 881 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader( 882 &request_headers_); 883 884 request_headers_.MergeFrom(request_->extra_headers); 885 response_.did_use_http_auth = 886 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) || 887 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization); 888} 889 890int HttpNetworkTransaction::DoInitRequestBody() { 891 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE; 892 int rv = OK; 893 if (request_->upload_data_stream) 894 rv = request_->upload_data_stream->Init(io_callback_); 895 return rv; 896} 897 898int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) { 899 if (result == OK) 900 next_state_ = STATE_BUILD_REQUEST; 901 return result; 902} 903 904int HttpNetworkTransaction::DoBuildRequest() { 905 next_state_ = STATE_BUILD_REQUEST_COMPLETE; 906 headers_valid_ = false; 907 908 // This is constructed lazily (instead of within our Start method), so that 909 // we have proxy info available. 910 if (request_headers_.IsEmpty()) { 911 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) && 912 !is_https_request(); 913 BuildRequestHeaders(using_proxy); 914 } 915 916 return OK; 917} 918 919int HttpNetworkTransaction::DoBuildRequestComplete(int result) { 920 if (result == OK) 921 next_state_ = STATE_SEND_REQUEST; 922 return result; 923} 924 925int HttpNetworkTransaction::DoSendRequest() { 926 send_start_time_ = base::TimeTicks::Now(); 927 next_state_ = STATE_SEND_REQUEST_COMPLETE; 928 929 return stream_->SendRequest(request_headers_, &response_, io_callback_); 930} 931 932int HttpNetworkTransaction::DoSendRequestComplete(int result) { 933 send_end_time_ = base::TimeTicks::Now(); 934 if (result < 0) 935 return HandleIOError(result); 936 response_.network_accessed = true; 937 next_state_ = STATE_READ_HEADERS; 938 return OK; 939} 940 941int HttpNetworkTransaction::DoReadHeaders() { 942 next_state_ = STATE_READ_HEADERS_COMPLETE; 943 return stream_->ReadResponseHeaders(io_callback_); 944} 945 946int HttpNetworkTransaction::DoReadHeadersComplete(int result) { 947 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here 948 // due to SSL renegotiation. 949 if (IsCertificateError(result)) { 950 // We don't handle a certificate error during SSL renegotiation, so we 951 // have to return an error that's not in the certificate error range 952 // (-2xx). 953 LOG(ERROR) << "Got a server certificate with error " << result 954 << " during SSL renegotiation"; 955 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION; 956 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 957 // TODO(wtc): Need a test case for this code path! 958 DCHECK(stream_.get()); 959 DCHECK(is_https_request()); 960 response_.cert_request_info = new SSLCertRequestInfo; 961 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get()); 962 result = HandleCertificateRequest(result); 963 if (result == OK) 964 return result; 965 } 966 967 if (result == ERR_QUIC_HANDSHAKE_FAILED) { 968 ResetConnectionAndRequestForResend(); 969 return OK; 970 } 971 972 // After we call RestartWithAuth a new response_time will be recorded, and 973 // we need to be cautious about incorrectly logging the duration across the 974 // authentication activity. 975 if (result == OK) 976 LogTransactionConnectedMetrics(); 977 978 // ERR_CONNECTION_CLOSED is treated differently at this point; if partial 979 // response headers were received, we do the best we can to make sense of it 980 // and send it back up the stack. 981 // 982 // TODO(davidben): Consider moving this to HttpBasicStream, It's a little 983 // bizarre for SPDY. Assuming this logic is useful at all. 984 // TODO(davidben): Bubble the error code up so we do not cache? 985 if (result == ERR_CONNECTION_CLOSED && response_.headers.get()) 986 result = OK; 987 988 if (result < 0) 989 return HandleIOError(result); 990 991 DCHECK(response_.headers.get()); 992 993#if defined(SPDY_PROXY_AUTH_ORIGIN) 994 // Server-induced fallback; see: http://crbug.com/143712 995 if (response_.was_fetched_via_proxy) { 996 ProxyService::DataReductionProxyBypassEventType proxy_bypass_event = 997 ProxyService::BYPASS_EVENT_TYPE_MAX; 998 net::HttpResponseHeaders::ChromeProxyInfo chrome_proxy_info; 999 bool chrome_proxy_used = 1000 proxy_info_.proxy_server().isDataReductionProxy(); 1001 bool chrome_fallback_proxy_used = false; 1002#if defined(DATA_REDUCTION_FALLBACK_HOST) 1003 if (!chrome_proxy_used) { 1004 chrome_fallback_proxy_used = 1005 proxy_info_.proxy_server().isDataReductionProxyFallback(); 1006 } 1007#endif 1008 1009 if (chrome_proxy_used || chrome_fallback_proxy_used) { 1010 // A Via header might not be present in a 304. Since the goal of a 304 1011 // response is to minimize information transfer, a sender in general 1012 // should not generate representation metadata other than Cache-Control, 1013 // Content-Location, Date, ETag, Expires, and Vary. 1014 if (!response_.headers->IsChromeProxyResponse() && 1015 (response_.headers->response_code() != HTTP_NOT_MODIFIED)) { 1016 proxy_bypass_event = ProxyService::MISSING_VIA_HEADER; 1017 } else if (response_.headers->GetChromeProxyInfo(&chrome_proxy_info)) { 1018 if (chrome_proxy_info.bypass_duration < TimeDelta::FromMinutes(30)) 1019 proxy_bypass_event = ProxyService::SHORT_BYPASS; 1020 else 1021 proxy_bypass_event = ProxyService::LONG_BYPASS; 1022 } else { 1023 // Additionally, fallback if a 500, 502 or 503 is returned via the data 1024 // reduction proxy. This is conservative, as the 500, 502 or 503 might 1025 // have been generated by the origin, and not the proxy. 1026 if (response_.headers->response_code() == HTTP_INTERNAL_SERVER_ERROR || 1027 response_.headers->response_code() == HTTP_BAD_GATEWAY || 1028 response_.headers->response_code() == HTTP_SERVICE_UNAVAILABLE) { 1029 proxy_bypass_event = ProxyService::INTERNAL_SERVER_ERROR_BYPASS; 1030 } 1031 } 1032 1033 if (proxy_bypass_event < ProxyService::BYPASS_EVENT_TYPE_MAX) { 1034 ProxyService* proxy_service = session_->proxy_service(); 1035 1036 proxy_service->RecordDataReductionProxyBypassInfo( 1037 chrome_proxy_used, proxy_info_.proxy_server(), proxy_bypass_event); 1038 1039 ProxyServer proxy_server; 1040#if defined(DATA_REDUCTION_FALLBACK_HOST) 1041 if (chrome_proxy_used && chrome_proxy_info.bypass_all) { 1042 // TODO(bengr): Rename as DATA_REDUCTION_FALLBACK_ORIGIN. 1043 GURL proxy_url(DATA_REDUCTION_FALLBACK_HOST); 1044 if (proxy_url.SchemeIsHTTPOrHTTPS()) { 1045 proxy_server = ProxyServer(proxy_url.SchemeIs("http") ? 1046 ProxyServer::SCHEME_HTTP : 1047 ProxyServer::SCHEME_HTTPS, 1048 HostPortPair::FromURL(proxy_url)); 1049 } 1050 } 1051#endif 1052 if (proxy_service->MarkProxiesAsBadUntil( 1053 proxy_info_, 1054 chrome_proxy_info.bypass_duration, 1055 proxy_server, 1056 net_log_)) { 1057 // Only retry idempotent methods. We don't want to resubmit a POST 1058 // if the proxy took some action. 1059 if (request_->method == "GET" || 1060 request_->method == "OPTIONS" || 1061 request_->method == "HEAD" || 1062 request_->method == "PUT" || 1063 request_->method == "DELETE" || 1064 request_->method == "TRACE") { 1065 ResetConnectionAndRequestForResend(); 1066 return OK; 1067 } 1068 } 1069 } 1070 } 1071 } 1072#endif // defined(SPDY_PROXY_AUTH_ORIGIN) 1073 1074 // Like Net.HttpResponseCode, but only for MAIN_FRAME loads. 1075 if (request_->load_flags & LOAD_MAIN_FRAME) { 1076 const int response_code = response_.headers->response_code(); 1077 UMA_HISTOGRAM_ENUMERATION( 1078 "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10); 1079 } 1080 1081 net_log_.AddEvent( 1082 NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS, 1083 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers)); 1084 1085 if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0)) { 1086 // HTTP/0.9 doesn't support the PUT method, so lack of response headers 1087 // indicates a buggy server. See: 1088 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921 1089 if (request_->method == "PUT") 1090 return ERR_METHOD_NOT_SUPPORTED; 1091 } 1092 1093 // Check for an intermediate 100 Continue response. An origin server is 1094 // allowed to send this response even if we didn't ask for it, so we just 1095 // need to skip over it. 1096 // We treat any other 1xx in this same way (although in practice getting 1097 // a 1xx that isn't a 100 is rare). 1098 // Unless this is a WebSocket request, in which case we pass it on up. 1099 if (response_.headers->response_code() / 100 == 1 && 1100 !ForWebSocketHandshake()) { 1101 response_.headers = new HttpResponseHeaders(std::string()); 1102 next_state_ = STATE_READ_HEADERS; 1103 return OK; 1104 } 1105 1106 HostPortPair endpoint = HostPortPair(request_->url.HostNoBrackets(), 1107 request_->url.EffectiveIntPort()); 1108 ProcessAlternateProtocol(session_->http_stream_factory(), 1109 session_->http_server_properties(), 1110 *response_.headers.get(), 1111 endpoint); 1112 1113 int rv = HandleAuthChallenge(); 1114 if (rv != OK) 1115 return rv; 1116 1117 if (is_https_request()) 1118 stream_->GetSSLInfo(&response_.ssl_info); 1119 1120 headers_valid_ = true; 1121 return OK; 1122} 1123 1124int HttpNetworkTransaction::DoReadBody() { 1125 DCHECK(read_buf_.get()); 1126 DCHECK_GT(read_buf_len_, 0); 1127 DCHECK(stream_ != NULL); 1128 1129 next_state_ = STATE_READ_BODY_COMPLETE; 1130 return stream_->ReadResponseBody( 1131 read_buf_.get(), read_buf_len_, io_callback_); 1132} 1133 1134int HttpNetworkTransaction::DoReadBodyComplete(int result) { 1135 // We are done with the Read call. 1136 bool done = false; 1137 if (result <= 0) { 1138 DCHECK_NE(ERR_IO_PENDING, result); 1139 done = true; 1140 } 1141 1142 bool keep_alive = false; 1143 if (stream_->IsResponseBodyComplete()) { 1144 // Note: Just because IsResponseBodyComplete is true, we're not 1145 // necessarily "done". We're only "done" when it is the last 1146 // read on this HttpNetworkTransaction, which will be signified 1147 // by a zero-length read. 1148 // TODO(mbelshe): The keepalive property is really a property of 1149 // the stream. No need to compute it here just to pass back 1150 // to the stream's Close function. 1151 // TODO(rtenneti): CanFindEndOfResponse should return false if there are no 1152 // ResponseHeaders. 1153 if (stream_->CanFindEndOfResponse()) { 1154 HttpResponseHeaders* headers = GetResponseHeaders(); 1155 if (headers) 1156 keep_alive = headers->IsKeepAlive(); 1157 } 1158 } 1159 1160 // Clean up connection if we are done. 1161 if (done) { 1162 LogTransactionMetrics(); 1163 stream_->Close(!keep_alive); 1164 // Note: we don't reset the stream here. We've closed it, but we still 1165 // need it around so that callers can call methods such as 1166 // GetUploadProgress() and have them be meaningful. 1167 // TODO(mbelshe): This means we closed the stream here, and we close it 1168 // again in ~HttpNetworkTransaction. Clean that up. 1169 1170 // The next Read call will return 0 (EOF). 1171 } 1172 1173 // Clear these to avoid leaving around old state. 1174 read_buf_ = NULL; 1175 read_buf_len_ = 0; 1176 1177 return result; 1178} 1179 1180int HttpNetworkTransaction::DoDrainBodyForAuthRestart() { 1181 // This method differs from DoReadBody only in the next_state_. So we just 1182 // call DoReadBody and override the next_state_. Perhaps there is a more 1183 // elegant way for these two methods to share code. 1184 int rv = DoReadBody(); 1185 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE); 1186 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE; 1187 return rv; 1188} 1189 1190// TODO(wtc): This method and the DoReadBodyComplete method are almost 1191// the same. Figure out a good way for these two methods to share code. 1192int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) { 1193 // keep_alive defaults to true because the very reason we're draining the 1194 // response body is to reuse the connection for auth restart. 1195 bool done = false, keep_alive = true; 1196 if (result < 0) { 1197 // Error or closed connection while reading the socket. 1198 done = true; 1199 keep_alive = false; 1200 } else if (stream_->IsResponseBodyComplete()) { 1201 done = true; 1202 } 1203 1204 if (done) { 1205 DidDrainBodyForAuthRestart(keep_alive); 1206 } else { 1207 // Keep draining. 1208 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART; 1209 } 1210 1211 return OK; 1212} 1213 1214void HttpNetworkTransaction::LogTransactionConnectedMetrics() { 1215 if (logged_response_time_) 1216 return; 1217 1218 logged_response_time_ = true; 1219 1220 base::TimeDelta total_duration = response_.response_time - start_time_; 1221 1222 UMA_HISTOGRAM_CUSTOM_TIMES( 1223 "Net.Transaction_Connected", 1224 total_duration, 1225 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1226 100); 1227 1228 bool reused_socket = stream_->IsConnectionReused(); 1229 if (!reused_socket) { 1230 UMA_HISTOGRAM_CUSTOM_TIMES( 1231 "Net.Transaction_Connected_New_b", 1232 total_duration, 1233 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1234 100); 1235 } 1236 1237 // Currently, non-HIGHEST priority requests are frame or sub-frame resource 1238 // types. This will change when we also prioritize certain subresources like 1239 // css, js, etc. 1240 if (priority_ != HIGHEST) { 1241 UMA_HISTOGRAM_CUSTOM_TIMES( 1242 "Net.Priority_High_Latency_b", 1243 total_duration, 1244 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1245 100); 1246 } else { 1247 UMA_HISTOGRAM_CUSTOM_TIMES( 1248 "Net.Priority_Low_Latency_b", 1249 total_duration, 1250 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), 1251 100); 1252 } 1253} 1254 1255void HttpNetworkTransaction::LogTransactionMetrics() const { 1256 base::TimeDelta duration = base::Time::Now() - 1257 response_.request_time; 1258 if (60 < duration.InMinutes()) 1259 return; 1260 1261 base::TimeDelta total_duration = base::Time::Now() - start_time_; 1262 1263 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_b", duration, 1264 base::TimeDelta::FromMilliseconds(1), 1265 base::TimeDelta::FromMinutes(10), 1266 100); 1267 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_Total", 1268 total_duration, 1269 base::TimeDelta::FromMilliseconds(1), 1270 base::TimeDelta::FromMinutes(10), 100); 1271 1272 if (!stream_->IsConnectionReused()) { 1273 UMA_HISTOGRAM_CUSTOM_TIMES( 1274 "Net.Transaction_Latency_Total_New_Connection", 1275 total_duration, base::TimeDelta::FromMilliseconds(1), 1276 base::TimeDelta::FromMinutes(10), 100); 1277 } 1278} 1279 1280int HttpNetworkTransaction::HandleCertificateRequest(int error) { 1281 // There are two paths through which the server can request a certificate 1282 // from us. The first is during the initial handshake, the second is 1283 // during SSL renegotiation. 1284 // 1285 // In both cases, we want to close the connection before proceeding. 1286 // We do this for two reasons: 1287 // First, we don't want to keep the connection to the server hung for a 1288 // long time while the user selects a certificate. 1289 // Second, even if we did keep the connection open, NSS has a bug where 1290 // restarting the handshake for ClientAuth is currently broken. 1291 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED); 1292 1293 if (stream_.get()) { 1294 // Since we already have a stream, we're being called as part of SSL 1295 // renegotiation. 1296 DCHECK(!stream_request_.get()); 1297 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 1298 stream_->Close(true); 1299 stream_.reset(); 1300 } 1301 1302 // The server is asking for a client certificate during the initial 1303 // handshake. 1304 stream_request_.reset(); 1305 1306 // If the user selected one of the certificates in client_certs or declined 1307 // to provide one for this server before, use the past decision 1308 // automatically. 1309 scoped_refptr<X509Certificate> client_cert; 1310 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( 1311 response_.cert_request_info->host_and_port, &client_cert); 1312 if (!found_cached_cert) 1313 return error; 1314 1315 // Check that the certificate selected is still a certificate the server 1316 // is likely to accept, based on the criteria supplied in the 1317 // CertificateRequest message. 1318 if (client_cert.get()) { 1319 const std::vector<std::string>& cert_authorities = 1320 response_.cert_request_info->cert_authorities; 1321 1322 bool cert_still_valid = cert_authorities.empty() || 1323 client_cert->IsIssuedByEncoded(cert_authorities); 1324 if (!cert_still_valid) 1325 return error; 1326 } 1327 1328 // TODO(davidben): Add a unit test which covers this path; we need to be 1329 // able to send a legitimate certificate and also bypass/clear the 1330 // SSL session cache. 1331 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? 1332 &proxy_ssl_config_ : &server_ssl_config_; 1333 ssl_config->send_client_cert = true; 1334 ssl_config->client_cert = client_cert; 1335 next_state_ = STATE_CREATE_STREAM; 1336 // Reset the other member variables. 1337 // Note: this is necessary only with SSL renegotiation. 1338 ResetStateForRestart(); 1339 return OK; 1340} 1341 1342void HttpNetworkTransaction::HandleClientAuthError(int error) { 1343 if (server_ssl_config_.send_client_cert && 1344 (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) { 1345 session_->ssl_client_auth_cache()->Remove( 1346 HostPortPair::FromURL(request_->url)); 1347 } 1348} 1349 1350// TODO(rch): This does not correctly handle errors when an SSL proxy is 1351// being used, as all of the errors are handled as if they were generated 1352// by the endpoint host, request_->url, rather than considering if they were 1353// generated by the SSL proxy. http://crbug.com/69329 1354int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { 1355 DCHECK(request_); 1356 HandleClientAuthError(error); 1357 1358 bool should_fallback = false; 1359 uint16 version_max = server_ssl_config_.version_max; 1360 1361 switch (error) { 1362 case ERR_SSL_PROTOCOL_ERROR: 1363 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: 1364 if (version_max >= SSL_PROTOCOL_VERSION_TLS1 && 1365 version_max > server_ssl_config_.version_min) { 1366 // This could be a TLS-intolerant server or a server that chose a 1367 // cipher suite defined only for higher protocol versions (such as 1368 // an SSL 3.0 server that chose a TLS-only cipher suite). Fall 1369 // back to the next lower version and retry. 1370 // NOTE: if the SSLClientSocket class doesn't support TLS 1.1, 1371 // specifying TLS 1.1 in version_max will result in a TLS 1.0 1372 // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply 1373 // repeat the TLS 1.0 handshake. To avoid this problem, the default 1374 // version_max should match the maximum protocol version supported 1375 // by the SSLClientSocket class. 1376 version_max--; 1377 1378 // Fallback to the lower SSL version. 1379 // While SSL 3.0 fallback should be eliminated because of security 1380 // reasons, there is a high risk of breaking the servers if this is 1381 // done in general. 1382 should_fallback = true; 1383 } 1384 break; 1385 case ERR_SSL_BAD_RECORD_MAC_ALERT: 1386 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 && 1387 version_max > server_ssl_config_.version_min) { 1388 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1389 // 1.2 ClientHello, but then return a bad_record_mac alert. See 1390 // crbug.com/260358. In order to make the fallback as minimal as 1391 // possible, this fallback is only triggered for >= TLS 1.1. 1392 version_max--; 1393 should_fallback = true; 1394 } 1395 break; 1396 case ERR_SSL_INAPPROPRIATE_FALLBACK: 1397 // The server told us that we should not have fallen back. A buggy server 1398 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial 1399 // connection. |fallback_error_code_| is initialised to 1400 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case. 1401 error = fallback_error_code_; 1402 break; 1403 } 1404 1405 if (should_fallback) { 1406 net_log_.AddEvent( 1407 NetLog::TYPE_SSL_VERSION_FALLBACK, 1408 base::Bind(&NetLogSSLVersionFallbackCallback, 1409 &request_->url, error, server_ssl_config_.version_max, 1410 version_max)); 1411 fallback_error_code_ = error; 1412 server_ssl_config_.version_max = version_max; 1413 server_ssl_config_.version_fallback = true; 1414 ResetConnectionAndRequestForResend(); 1415 error = OK; 1416 } 1417 1418 return error; 1419} 1420 1421// This method determines whether it is safe to resend the request after an 1422// IO error. It can only be called in response to request header or body 1423// write errors or response header read errors. It should not be used in 1424// other cases, such as a Connect error. 1425int HttpNetworkTransaction::HandleIOError(int error) { 1426 // Because the peer may request renegotiation with client authentication at 1427 // any time, check and handle client authentication errors. 1428 HandleClientAuthError(error); 1429 1430 switch (error) { 1431 // If we try to reuse a connection that the server is in the process of 1432 // closing, we may end up successfully writing out our request (or a 1433 // portion of our request) only to find a connection error when we try to 1434 // read from (or finish writing to) the socket. 1435 case ERR_CONNECTION_RESET: 1436 case ERR_CONNECTION_CLOSED: 1437 case ERR_CONNECTION_ABORTED: 1438 // There can be a race between the socket pool checking checking whether a 1439 // socket is still connected, receiving the FIN, and sending/reading data 1440 // on a reused socket. If we receive the FIN between the connectedness 1441 // check and writing/reading from the socket, we may first learn the socket 1442 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most 1443 // likely happen when trying to retrieve its IP address. 1444 // See http://crbug.com/105824 for more details. 1445 case ERR_SOCKET_NOT_CONNECTED: 1446 if (ShouldResendRequest(error)) { 1447 net_log_.AddEventWithNetErrorCode( 1448 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); 1449 ResetConnectionAndRequestForResend(); 1450 error = OK; 1451 } 1452 break; 1453 case ERR_PIPELINE_EVICTION: 1454 if (!session_->force_http_pipelining()) { 1455 net_log_.AddEventWithNetErrorCode( 1456 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); 1457 ResetConnectionAndRequestForResend(); 1458 error = OK; 1459 } 1460 break; 1461 case ERR_SPDY_PING_FAILED: 1462 case ERR_SPDY_SERVER_REFUSED_STREAM: 1463 case ERR_QUIC_HANDSHAKE_FAILED: 1464 net_log_.AddEventWithNetErrorCode( 1465 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); 1466 ResetConnectionAndRequestForResend(); 1467 error = OK; 1468 break; 1469 } 1470 return error; 1471} 1472 1473void HttpNetworkTransaction::ResetStateForRestart() { 1474 ResetStateForAuthRestart(); 1475 if (stream_) 1476 total_received_bytes_ += stream_->GetTotalReceivedBytes(); 1477 stream_.reset(); 1478} 1479 1480void HttpNetworkTransaction::ResetStateForAuthRestart() { 1481 send_start_time_ = base::TimeTicks(); 1482 send_end_time_ = base::TimeTicks(); 1483 1484 pending_auth_target_ = HttpAuth::AUTH_NONE; 1485 read_buf_ = NULL; 1486 read_buf_len_ = 0; 1487 headers_valid_ = false; 1488 request_headers_.Clear(); 1489 response_ = HttpResponseInfo(); 1490 establishing_tunnel_ = false; 1491} 1492 1493HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const { 1494 return response_.headers.get(); 1495} 1496 1497bool HttpNetworkTransaction::ShouldResendRequest(int error) const { 1498 bool connection_is_proven = stream_->IsConnectionReused(); 1499 bool has_received_headers = GetResponseHeaders() != NULL; 1500 1501 // NOTE: we resend a request only if we reused a keep-alive connection. 1502 // This automatically prevents an infinite resend loop because we'll run 1503 // out of the cached keep-alive connections eventually. 1504 if (connection_is_proven && !has_received_headers) 1505 return true; 1506 return false; 1507} 1508 1509void HttpNetworkTransaction::ResetConnectionAndRequestForResend() { 1510 if (stream_.get()) { 1511 stream_->Close(true); 1512 stream_.reset(); 1513 } 1514 1515 // We need to clear request_headers_ because it contains the real request 1516 // headers, but we may need to resend the CONNECT request first to recreate 1517 // the SSL tunnel. 1518 request_headers_.Clear(); 1519 next_state_ = STATE_CREATE_STREAM; // Resend the request. 1520} 1521 1522bool HttpNetworkTransaction::ShouldApplyProxyAuth() const { 1523 return !is_https_request() && 1524 (proxy_info_.is_https() || proxy_info_.is_http()); 1525} 1526 1527bool HttpNetworkTransaction::ShouldApplyServerAuth() const { 1528 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA); 1529} 1530 1531int HttpNetworkTransaction::HandleAuthChallenge() { 1532 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); 1533 DCHECK(headers.get()); 1534 1535 int status = headers->response_code(); 1536 if (status != HTTP_UNAUTHORIZED && 1537 status != HTTP_PROXY_AUTHENTICATION_REQUIRED) 1538 return OK; 1539 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ? 1540 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER; 1541 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct()) 1542 return ERR_UNEXPECTED_PROXY_AUTH; 1543 1544 // This case can trigger when an HTTPS server responds with a "Proxy 1545 // authentication required" status code through a non-authenticating 1546 // proxy. 1547 if (!auth_controllers_[target].get()) 1548 return ERR_UNEXPECTED_PROXY_AUTH; 1549 1550 int rv = auth_controllers_[target]->HandleAuthChallenge( 1551 headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false, 1552 net_log_); 1553 if (auth_controllers_[target]->HaveAuthHandler()) 1554 pending_auth_target_ = target; 1555 1556 scoped_refptr<AuthChallengeInfo> auth_info = 1557 auth_controllers_[target]->auth_info(); 1558 if (auth_info.get()) 1559 response_.auth_challenge = auth_info; 1560 1561 return rv; 1562} 1563 1564bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const { 1565 return auth_controllers_[target].get() && 1566 auth_controllers_[target]->HaveAuth(); 1567} 1568 1569GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const { 1570 switch (target) { 1571 case HttpAuth::AUTH_PROXY: { 1572 if (!proxy_info_.proxy_server().is_valid() || 1573 proxy_info_.proxy_server().is_direct()) { 1574 return GURL(); // There is no proxy server. 1575 } 1576 const char* scheme = proxy_info_.is_https() ? "https://" : "http://"; 1577 return GURL(scheme + 1578 proxy_info_.proxy_server().host_port_pair().ToString()); 1579 } 1580 case HttpAuth::AUTH_SERVER: 1581 return request_->url; 1582 default: 1583 return GURL(); 1584 } 1585} 1586 1587bool HttpNetworkTransaction::ForWebSocketHandshake() const { 1588 return websocket_handshake_stream_base_create_helper_ && 1589 request_->url.SchemeIsWSOrWSS(); 1590} 1591 1592#define STATE_CASE(s) \ 1593 case s: \ 1594 description = base::StringPrintf("%s (0x%08X)", #s, s); \ 1595 break 1596 1597std::string HttpNetworkTransaction::DescribeState(State state) { 1598 std::string description; 1599 switch (state) { 1600 STATE_CASE(STATE_NOTIFY_BEFORE_CREATE_STREAM); 1601 STATE_CASE(STATE_CREATE_STREAM); 1602 STATE_CASE(STATE_CREATE_STREAM_COMPLETE); 1603 STATE_CASE(STATE_INIT_REQUEST_BODY); 1604 STATE_CASE(STATE_INIT_REQUEST_BODY_COMPLETE); 1605 STATE_CASE(STATE_BUILD_REQUEST); 1606 STATE_CASE(STATE_BUILD_REQUEST_COMPLETE); 1607 STATE_CASE(STATE_SEND_REQUEST); 1608 STATE_CASE(STATE_SEND_REQUEST_COMPLETE); 1609 STATE_CASE(STATE_READ_HEADERS); 1610 STATE_CASE(STATE_READ_HEADERS_COMPLETE); 1611 STATE_CASE(STATE_READ_BODY); 1612 STATE_CASE(STATE_READ_BODY_COMPLETE); 1613 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART); 1614 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE); 1615 STATE_CASE(STATE_NONE); 1616 default: 1617 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, 1618 state); 1619 break; 1620 } 1621 return description; 1622} 1623 1624#undef STATE_CASE 1625 1626} // namespace net 1627