diff options
Diffstat (limited to 'chromium/net/http/http_stream_factory_impl_job.cc')
-rw-r--r-- | chromium/net/http/http_stream_factory_impl_job.cc | 1480 |
1 files changed, 1480 insertions, 0 deletions
diff --git a/chromium/net/http/http_stream_factory_impl_job.cc b/chromium/net/http/http_stream_factory_impl_job.cc new file mode 100644 index 00000000000..c0383f4772d --- /dev/null +++ b/chromium/net/http/http_stream_factory_impl_job.cc @@ -0,0 +1,1480 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/http/http_stream_factory_impl_job.h" + +#include <algorithm> +#include <string> + +#include "base/bind.h" +#include "base/bind_helpers.h" +#include "base/logging.h" +#include "base/stl_util.h" +#include "base/strings/string_util.h" +#include "base/strings/stringprintf.h" +#include "base/values.h" +#include "build/build_config.h" +#include "net/base/connection_type_histograms.h" +#include "net/base/net_log.h" +#include "net/base/net_util.h" +#include "net/http/http_basic_stream.h" +#include "net/http/http_network_session.h" +#include "net/http/http_pipelined_connection.h" +#include "net/http/http_pipelined_host.h" +#include "net/http/http_pipelined_host_pool.h" +#include "net/http/http_pipelined_stream.h" +#include "net/http/http_proxy_client_socket.h" +#include "net/http/http_proxy_client_socket_pool.h" +#include "net/http/http_request_info.h" +#include "net/http/http_server_properties.h" +#include "net/http/http_stream_factory.h" +#include "net/http/http_stream_factory_impl_request.h" +#include "net/quic/quic_http_stream.h" +#include "net/socket/client_socket_handle.h" +#include "net/socket/client_socket_pool.h" +#include "net/socket/client_socket_pool_manager.h" +#include "net/socket/socks_client_socket_pool.h" +#include "net/socket/ssl_client_socket.h" +#include "net/socket/ssl_client_socket_pool.h" +#include "net/spdy/spdy_http_stream.h" +#include "net/spdy/spdy_session.h" +#include "net/spdy/spdy_session_pool.h" +#include "net/ssl/ssl_cert_request_info.h" + +namespace net { + +// Returns parameters associated with the start of a HTTP stream job. +base::Value* NetLogHttpStreamJobCallback(const GURL* original_url, + const GURL* url, + RequestPriority priority, + NetLog::LogLevel /* log_level */) { + base::DictionaryValue* dict = new base::DictionaryValue(); + dict->SetString("original_url", original_url->GetOrigin().spec()); + dict->SetString("url", url->GetOrigin().spec()); + dict->SetInteger("priority", priority); + return dict; +} + +// Returns parameters associated with the Proto (with NPN negotiation) of a HTTP +// stream. +base::Value* NetLogHttpStreamProtoCallback( + const SSLClientSocket::NextProtoStatus status, + const std::string* proto, + const std::string* server_protos, + NetLog::LogLevel /* log_level */) { + base::DictionaryValue* dict = new base::DictionaryValue(); + + dict->SetString("next_proto_status", + SSLClientSocket::NextProtoStatusToString(status)); + dict->SetString("proto", *proto); + dict->SetString("server_protos", + SSLClientSocket::ServerProtosToString(*server_protos)); + return dict; +} + +HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory, + HttpNetworkSession* session, + const HttpRequestInfo& request_info, + RequestPriority priority, + const SSLConfig& server_ssl_config, + const SSLConfig& proxy_ssl_config, + NetLog* net_log) + : request_(NULL), + request_info_(request_info), + priority_(priority), + server_ssl_config_(server_ssl_config), + proxy_ssl_config_(proxy_ssl_config), + net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP_STREAM_JOB)), + io_callback_(base::Bind(&Job::OnIOComplete, base::Unretained(this))), + connection_(new ClientSocketHandle), + session_(session), + stream_factory_(stream_factory), + next_state_(STATE_NONE), + pac_request_(NULL), + blocking_job_(NULL), + waiting_job_(NULL), + using_ssl_(false), + using_spdy_(false), + using_quic_(false), + quic_request_(session_->quic_stream_factory()), + force_spdy_always_(HttpStreamFactory::force_spdy_always()), + force_spdy_over_ssl_(HttpStreamFactory::force_spdy_over_ssl()), + spdy_certificate_error_(OK), + establishing_tunnel_(false), + was_npn_negotiated_(false), + protocol_negotiated_(kProtoUnknown), + num_streams_(0), + spdy_session_direct_(false), + existing_available_pipeline_(false), + ptr_factory_(this) { + DCHECK(stream_factory); + DCHECK(session); +} + +HttpStreamFactoryImpl::Job::~Job() { + net_log_.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB); + + // When we're in a partially constructed state, waiting for the user to + // provide certificate handling information or authentication, we can't reuse + // this stream at all. + if (next_state_ == STATE_WAITING_USER_ACTION) { + connection_->socket()->Disconnect(); + connection_.reset(); + } + + if (pac_request_) + session_->proxy_service()->CancelPacRequest(pac_request_); + + // The stream could be in a partial state. It is not reusable. + if (stream_.get() && next_state_ != STATE_DONE) + stream_->Close(true /* not reusable */); +} + +void HttpStreamFactoryImpl::Job::Start(Request* request) { + DCHECK(request); + request_ = request; + StartInternal(); +} + +int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) { + DCHECK_GT(num_streams, 0); + HostPortPair origin_server = + HostPortPair(request_info_.url.HostNoBrackets(), + request_info_.url.EffectiveIntPort()); + base::WeakPtr<HttpServerProperties> http_server_properties = + session_->http_server_properties(); + if (http_server_properties && + http_server_properties->SupportsSpdy(origin_server)) { + num_streams_ = 1; + } else { + num_streams_ = num_streams; + } + return StartInternal(); +} + +int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth( + const AuthCredentials& credentials) { + DCHECK(establishing_tunnel_); + next_state_ = STATE_RESTART_TUNNEL_AUTH; + stream_.reset(); + return RunLoop(OK); +} + +LoadState HttpStreamFactoryImpl::Job::GetLoadState() const { + switch (next_state_) { + case STATE_RESOLVE_PROXY_COMPLETE: + return session_->proxy_service()->GetLoadState(pac_request_); + case STATE_INIT_CONNECTION_COMPLETE: + case STATE_CREATE_STREAM_COMPLETE: + return using_quic_ ? LOAD_STATE_CONNECTING : connection_->GetLoadState(); + default: + return LOAD_STATE_IDLE; + } +} + +void HttpStreamFactoryImpl::Job::MarkAsAlternate( + const GURL& original_url, + PortAlternateProtocolPair alternate) { + DCHECK(!original_url_.get()); + original_url_.reset(new GURL(original_url)); + if (alternate.protocol == QUIC) { + DCHECK(session_->params().enable_quic); + using_quic_ = true; + } +} + +void HttpStreamFactoryImpl::Job::WaitFor(Job* job) { + DCHECK_EQ(STATE_NONE, next_state_); + DCHECK_EQ(STATE_NONE, job->next_state_); + DCHECK(!blocking_job_); + DCHECK(!job->waiting_job_); + blocking_job_ = job; + job->waiting_job_ = this; +} + +void HttpStreamFactoryImpl::Job::Resume(Job* job) { + DCHECK_EQ(blocking_job_, job); + blocking_job_ = NULL; + + // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE. + // Unblock |this|. + if (next_state_ == STATE_WAIT_FOR_JOB_COMPLETE) { + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete, + ptr_factory_.GetWeakPtr(), OK)); + } +} + +void HttpStreamFactoryImpl::Job::Orphan(const Request* request) { + DCHECK_EQ(request_, request); + request_ = NULL; + if (blocking_job_) { + // We've been orphaned, but there's a job we're blocked on. Don't bother + // racing, just cancel ourself. + DCHECK(blocking_job_->waiting_job_); + blocking_job_->waiting_job_ = NULL; + blocking_job_ = NULL; + if (stream_factory_->for_websockets_ && + connection_ && connection_->socket()) + connection_->socket()->Disconnect(); + stream_factory_->OnOrphanedJobComplete(this); + } else if (stream_factory_->for_websockets_) { + // We cancel this job because WebSocketStream can't be created + // without a WebSocketStreamBase::Factory which is stored in Request class + // and isn't accessible from this job. + if (connection_ && connection_->socket()) + connection_->socket()->Disconnect(); + stream_factory_->OnOrphanedJobComplete(this); + } +} + +void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) { + priority_ = priority; + // TODO(akalin): Propagate this to |connection_| and maybe the + // preconnect state. +} + +bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const { + return was_npn_negotiated_; +} + +NextProto HttpStreamFactoryImpl::Job::protocol_negotiated() const { + return protocol_negotiated_; +} + +bool HttpStreamFactoryImpl::Job::using_spdy() const { + return using_spdy_; +} + +const SSLConfig& HttpStreamFactoryImpl::Job::server_ssl_config() const { + return server_ssl_config_; +} + +const SSLConfig& HttpStreamFactoryImpl::Job::proxy_ssl_config() const { + return proxy_ssl_config_; +} + +const ProxyInfo& HttpStreamFactoryImpl::Job::proxy_info() const { + return proxy_info_; +} + +void HttpStreamFactoryImpl::Job::GetSSLInfo() { + DCHECK(using_ssl_); + DCHECK(!establishing_tunnel_); + DCHECK(connection_.get() && connection_->socket()); + SSLClientSocket* ssl_socket = + static_cast<SSLClientSocket*>(connection_->socket()); + ssl_socket->GetSSLInfo(&ssl_info_); +} + +SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const { + // In the case that we're using an HTTPS proxy for an HTTP url, + // we look for a SPDY session *to* the proxy, instead of to the + // origin server. + PrivacyMode privacy_mode = request_info_.privacy_mode; + if (IsHttpsProxyAndHttpUrl()) { + return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(), + ProxyServer::Direct(), + privacy_mode); + } else { + return SpdySessionKey(origin_, + proxy_info_.proxy_server(), + privacy_mode); + } +} + +bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const { + // We need to make sure that if a spdy session was created for + // https://somehost/ that we don't use that session for http://somehost:443/. + // The only time we can use an existing session is if the request URL is + // https (the normal case) or if we're connection to a SPDY proxy, or + // if we're running with force_spdy_always_. crbug.com/133176 + return request_info_.url.SchemeIs("https") || + request_info_.url.SchemeIs("wss") || + proxy_info_.proxy_server().is_https() || + force_spdy_always_; +} + +void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() { + DCHECK(stream_.get()); + DCHECK(!IsPreconnecting()); + DCHECK(!stream_factory_->for_websockets_); + if (IsOrphaned()) { + stream_factory_->OnOrphanedJobComplete(this); + } else { + request_->Complete(was_npn_negotiated(), + protocol_negotiated(), + using_spdy(), + net_log_); + request_->OnStreamReady(this, server_ssl_config_, proxy_info_, + stream_.release()); + } + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnWebSocketStreamReadyCallback() { + DCHECK(websocket_stream_); + DCHECK(!IsPreconnecting()); + DCHECK(stream_factory_->for_websockets_); + // An orphaned WebSocket job will be closed immediately and + // never be ready. + DCHECK(!IsOrphaned()); + request_->Complete(was_npn_negotiated(), + protocol_negotiated(), + using_spdy(), + net_log_); + request_->OnWebSocketStreamReady(this, + server_ssl_config_, + proxy_info_, + websocket_stream_.release()); + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() { + DCHECK(!stream_.get()); + DCHECK(!IsPreconnecting()); + DCHECK(using_spdy()); + if (!new_spdy_session_) + return; + base::WeakPtr<SpdySession> spdy_session = new_spdy_session_; + new_spdy_session_.reset(); + if (IsOrphaned()) { + stream_factory_->OnNewSpdySessionReady( + spdy_session, spdy_session_direct_, server_ssl_config_, proxy_info_, + was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_); + stream_factory_->OnOrphanedJobComplete(this); + } else { + request_->OnNewSpdySessionReady(this, spdy_session, spdy_session_direct_); + } + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result) { + DCHECK(!IsPreconnecting()); + if (IsOrphaned()) + stream_factory_->OnOrphanedJobComplete(this); + else + request_->OnStreamFailed(this, result, server_ssl_config_); + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback( + int result, const SSLInfo& ssl_info) { + DCHECK(!IsPreconnecting()); + if (IsOrphaned()) + stream_factory_->OnOrphanedJobComplete(this); + else + request_->OnCertificateError(this, result, server_ssl_config_, ssl_info); + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback( + const HttpResponseInfo& response, + HttpAuthController* auth_controller) { + DCHECK(!IsPreconnecting()); + if (IsOrphaned()) + stream_factory_->OnOrphanedJobComplete(this); + else + request_->OnNeedsProxyAuth( + this, response, server_ssl_config_, proxy_info_, auth_controller); + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback( + SSLCertRequestInfo* cert_info) { + DCHECK(!IsPreconnecting()); + if (IsOrphaned()) + stream_factory_->OnOrphanedJobComplete(this); + else + request_->OnNeedsClientAuth(this, server_ssl_config_, cert_info); + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback( + const HttpResponseInfo& response_info, + HttpStream* stream) { + DCHECK(!IsPreconnecting()); + if (IsOrphaned()) + stream_factory_->OnOrphanedJobComplete(this); + else + request_->OnHttpsProxyTunnelResponse( + this, response_info, server_ssl_config_, proxy_info_, stream); + // |this| may be deleted after this call. +} + +void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() { + DCHECK(!request_); + if (new_spdy_session_.get()) { + stream_factory_->OnNewSpdySessionReady(new_spdy_session_, + spdy_session_direct_, + server_ssl_config_, + proxy_info_, + was_npn_negotiated(), + protocol_negotiated(), + using_spdy(), + net_log_); + } + stream_factory_->OnPreconnectsComplete(this); + // |this| may be deleted after this call. +} + +// static +int HttpStreamFactoryImpl::Job::OnHostResolution( + SpdySessionPool* spdy_session_pool, + const SpdySessionKey& spdy_session_key, + const AddressList& addresses, + const BoundNetLog& net_log) { + // It is OK to dereference spdy_session_pool, because the + // ClientSocketPoolManager will be destroyed in the same callback that + // destroys the SpdySessionPool. + return + spdy_session_pool->FindAvailableSession(spdy_session_key, net_log) ? + ERR_SPDY_SESSION_ALREADY_EXISTS : OK; +} + +void HttpStreamFactoryImpl::Job::OnIOComplete(int result) { + RunLoop(result); +} + +int HttpStreamFactoryImpl::Job::RunLoop(int result) { + result = DoLoop(result); + + if (result == ERR_IO_PENDING) + return result; + + // If there was an error, we should have already resumed the |waiting_job_|, + // if there was one. + DCHECK(result == OK || waiting_job_ == NULL); + + if (IsPreconnecting()) { + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &HttpStreamFactoryImpl::Job::OnPreconnectsComplete, + ptr_factory_.GetWeakPtr())); + return ERR_IO_PENDING; + } + + if (IsCertificateError(result)) { + // Retrieve SSL information from the socket. + GetSSLInfo(); + + next_state_ = STATE_WAITING_USER_ACTION; + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &HttpStreamFactoryImpl::Job::OnCertificateErrorCallback, + ptr_factory_.GetWeakPtr(), + result, ssl_info_)); + return ERR_IO_PENDING; + } + + switch (result) { + case ERR_PROXY_AUTH_REQUESTED: + { + DCHECK(connection_.get()); + DCHECK(connection_->socket()); + DCHECK(establishing_tunnel_); + + ProxyClientSocket* proxy_socket = + static_cast<ProxyClientSocket*>(connection_->socket()); + const HttpResponseInfo* tunnel_auth_response = + proxy_socket->GetConnectResponseInfo(); + + next_state_ = STATE_WAITING_USER_ACTION; + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &Job::OnNeedsProxyAuthCallback, + ptr_factory_.GetWeakPtr(), + *tunnel_auth_response, + proxy_socket->GetAuthController())); + } + return ERR_IO_PENDING; + + case ERR_SSL_CLIENT_AUTH_CERT_NEEDED: + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &Job::OnNeedsClientAuthCallback, + ptr_factory_.GetWeakPtr(), + connection_->ssl_error_response_info().cert_request_info)); + return ERR_IO_PENDING; + + case ERR_HTTPS_PROXY_TUNNEL_RESPONSE: + { + DCHECK(connection_.get()); + DCHECK(connection_->socket()); + DCHECK(establishing_tunnel_); + + ProxyClientSocket* proxy_socket = + static_cast<ProxyClientSocket*>(connection_->socket()); + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &Job::OnHttpsProxyTunnelResponseCallback, + ptr_factory_.GetWeakPtr(), + *proxy_socket->GetConnectResponseInfo(), + proxy_socket->CreateConnectResponseStream())); + return ERR_IO_PENDING; + } + + case OK: + next_state_ = STATE_DONE; + if (new_spdy_session_.get()) { + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind(&Job::OnNewSpdySessionReadyCallback, + ptr_factory_.GetWeakPtr())); + } else if (stream_factory_->for_websockets_) { + DCHECK(websocket_stream_); + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &Job::OnWebSocketStreamReadyCallback, + ptr_factory_.GetWeakPtr())); + } else { + DCHECK(stream_.get()); + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &Job::OnStreamReadyCallback, + ptr_factory_.GetWeakPtr())); + } + return ERR_IO_PENDING; + + default: + base::MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind( + &Job::OnStreamFailedCallback, + ptr_factory_.GetWeakPtr(), + result)); + return ERR_IO_PENDING; + } + return result; +} + +int HttpStreamFactoryImpl::Job::DoLoop(int result) { + DCHECK_NE(next_state_, STATE_NONE); + int rv = result; + do { + State state = next_state_; + next_state_ = STATE_NONE; + switch (state) { + case STATE_START: + DCHECK_EQ(OK, rv); + rv = DoStart(); + break; + case STATE_RESOLVE_PROXY: + DCHECK_EQ(OK, rv); + rv = DoResolveProxy(); + break; + case STATE_RESOLVE_PROXY_COMPLETE: + rv = DoResolveProxyComplete(rv); + break; + case STATE_WAIT_FOR_JOB: + DCHECK_EQ(OK, rv); + rv = DoWaitForJob(); + break; + case STATE_WAIT_FOR_JOB_COMPLETE: + rv = DoWaitForJobComplete(rv); + break; + case STATE_INIT_CONNECTION: + DCHECK_EQ(OK, rv); + rv = DoInitConnection(); + break; + case STATE_INIT_CONNECTION_COMPLETE: + rv = DoInitConnectionComplete(rv); + break; + case STATE_WAITING_USER_ACTION: + rv = DoWaitingUserAction(rv); + break; + case STATE_RESTART_TUNNEL_AUTH: + DCHECK_EQ(OK, rv); + rv = DoRestartTunnelAuth(); + break; + case STATE_RESTART_TUNNEL_AUTH_COMPLETE: + rv = DoRestartTunnelAuthComplete(rv); + break; + case STATE_CREATE_STREAM: + DCHECK_EQ(OK, rv); + rv = DoCreateStream(); + break; + case STATE_CREATE_STREAM_COMPLETE: + rv = DoCreateStreamComplete(rv); + break; + default: + NOTREACHED() << "bad state"; + rv = ERR_FAILED; + break; + } + } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); + return rv; +} + +int HttpStreamFactoryImpl::Job::StartInternal() { + CHECK_EQ(STATE_NONE, next_state_); + next_state_ = STATE_START; + int rv = RunLoop(OK); + DCHECK_EQ(ERR_IO_PENDING, rv); + return rv; +} + +int HttpStreamFactoryImpl::Job::DoStart() { + int port = request_info_.url.EffectiveIntPort(); + origin_ = HostPortPair(request_info_.url.HostNoBrackets(), port); + origin_url_ = stream_factory_->ApplyHostMappingRules( + request_info_.url, &origin_); + http_pipelining_key_.reset(new HttpPipelinedHost::Key(origin_)); + + net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_JOB, + base::Bind(&NetLogHttpStreamJobCallback, + &request_info_.url, &origin_url_, + priority_)); + + // Don't connect to restricted ports. + bool is_port_allowed = IsPortAllowedByDefault(port); + if (request_info_.url.SchemeIs("ftp")) { + // Never share connection with other jobs for FTP requests. + DCHECK(!waiting_job_); + + is_port_allowed = IsPortAllowedByFtp(port); + } + if (!is_port_allowed && !IsPortAllowedByOverride(port)) { + if (waiting_job_) { + waiting_job_->Resume(this); + waiting_job_ = NULL; + } + return ERR_UNSAFE_PORT; + } + + next_state_ = STATE_RESOLVE_PROXY; + return OK; +} + +int HttpStreamFactoryImpl::Job::DoResolveProxy() { + DCHECK(!pac_request_); + + next_state_ = STATE_RESOLVE_PROXY_COMPLETE; + + if (request_info_.load_flags & LOAD_BYPASS_PROXY) { + proxy_info_.UseDirect(); + return OK; + } + + return session_->proxy_service()->ResolveProxy( + request_info_.url, &proxy_info_, io_callback_, &pac_request_, net_log_); +} + +int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) { + pac_request_ = NULL; + + if (result == OK) { + // Remove unsupported proxies from the list. + proxy_info_.RemoveProxiesWithoutScheme( + ProxyServer::SCHEME_DIRECT | + ProxyServer::SCHEME_HTTP | ProxyServer::SCHEME_HTTPS | + ProxyServer::SCHEME_SOCKS4 | ProxyServer::SCHEME_SOCKS5); + + if (proxy_info_.is_empty()) { + // No proxies/direct to choose from. This happens when we don't support + // any of the proxies in the returned list. + result = ERR_NO_SUPPORTED_PROXIES; + } + } + + if (result != OK) { + if (waiting_job_) { + waiting_job_->Resume(this); + waiting_job_ = NULL; + } + return result; + } + + if (blocking_job_) + next_state_ = STATE_WAIT_FOR_JOB; + else + next_state_ = STATE_INIT_CONNECTION; + return OK; +} + +bool HttpStreamFactoryImpl::Job::ShouldForceSpdySSL() const { + bool rv = force_spdy_always_ && force_spdy_over_ssl_; + return rv && !HttpStreamFactory::HasSpdyExclusion(origin_); +} + +bool HttpStreamFactoryImpl::Job::ShouldForceSpdyWithoutSSL() const { + bool rv = force_spdy_always_ && !force_spdy_over_ssl_; + return rv && !HttpStreamFactory::HasSpdyExclusion(origin_); +} + +bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const { + return session_->params().enable_quic && + session_->params().origin_to_force_quic_on.Equals(origin_) && + proxy_info_.is_direct(); +} + +int HttpStreamFactoryImpl::Job::DoWaitForJob() { + DCHECK(blocking_job_); + next_state_ = STATE_WAIT_FOR_JOB_COMPLETE; + return ERR_IO_PENDING; +} + +int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result) { + DCHECK(!blocking_job_); + DCHECK_EQ(OK, result); + next_state_ = STATE_INIT_CONNECTION; + return OK; +} + +int HttpStreamFactoryImpl::Job::DoInitConnection() { + DCHECK(!blocking_job_); + DCHECK(!connection_->is_initialized()); + DCHECK(proxy_info_.proxy_server().is_valid()); + next_state_ = STATE_INIT_CONNECTION_COMPLETE; + + using_ssl_ = request_info_.url.SchemeIs("https") || + request_info_.url.SchemeIs("wss") || ShouldForceSpdySSL(); + using_spdy_ = false; + + if (ShouldForceQuic()) + using_quic_ = true; + + if (using_quic_) { + DCHECK(session_->params().enable_quic); + if (!proxy_info_.is_direct()) { + NOTREACHED(); + // TODO(rch): support QUIC proxies. + return ERR_NOT_IMPLEMENTED; + } + next_state_ = STATE_INIT_CONNECTION_COMPLETE; + const ProxyServer& proxy_server = proxy_info_.proxy_server(); + int rv = quic_request_.Request(HostPortProxyPair(origin_, proxy_server), + using_ssl_, session_->cert_verifier(), + net_log_, io_callback_); + if (rv != OK) { + // OK, there's no available QUIC session. Let |waiting_job_| resume + // if it's paused. + if (waiting_job_) { + waiting_job_->Resume(this); + waiting_job_ = NULL; + } + } + return rv; + } + + // Check first if we have a spdy session for this group. If so, then go + // straight to using that. + SpdySessionKey spdy_session_key = GetSpdySessionKey(); + base::WeakPtr<SpdySession> spdy_session = + session_->spdy_session_pool()->FindAvailableSession( + spdy_session_key, net_log_); + if (spdy_session && CanUseExistingSpdySession()) { + // If we're preconnecting, but we already have a SpdySession, we don't + // actually need to preconnect any sockets, so we're done. + if (IsPreconnecting()) + return OK; + using_spdy_ = true; + next_state_ = STATE_CREATE_STREAM; + existing_spdy_session_ = spdy_session; + return OK; + } else if (request_ && (using_ssl_ || ShouldForceSpdyWithoutSSL())) { + // Update the spdy session key for the request that launched this job. + request_->SetSpdySessionKey(spdy_session_key); + } else if (IsRequestEligibleForPipelining()) { + // TODO(simonjam): With pipelining, we might be better off using fewer + // connections and thus should make fewer preconnections. Explore + // preconnecting fewer than the requested num_connections. + // + // Separate note: A forced pipeline is always available if one exists for + // this key. This is different than normal pipelines, which may be + // unavailable or unusable. So, there is no need to worry about a race + // between when a pipeline becomes available and when this job blocks. + existing_available_pipeline_ = stream_factory_->http_pipelined_host_pool_. + IsExistingPipelineAvailableForKey(*http_pipelining_key_.get()); + if (existing_available_pipeline_) { + return OK; + } else { + bool was_new_key = request_->SetHttpPipeliningKey( + *http_pipelining_key_.get()); + if (!was_new_key && session_->force_http_pipelining()) { + return ERR_IO_PENDING; + } + } + } + + // OK, there's no available SPDY session. Let |waiting_job_| resume if it's + // paused. + + if (waiting_job_) { + waiting_job_->Resume(this); + waiting_job_ = NULL; + } + + if (proxy_info_.is_http() || proxy_info_.is_https()) + establishing_tunnel_ = using_ssl_; + + bool want_spdy_over_npn = original_url_ != NULL; + + if (proxy_info_.is_https()) { + InitSSLConfig(proxy_info_.proxy_server().host_port_pair(), + &proxy_ssl_config_, + true /* is a proxy server */); + // Disable revocation checking for HTTPS proxies since the revocation + // requests are probably going to need to go through the proxy too. + proxy_ssl_config_.rev_checking_enabled = false; + } + if (using_ssl_) { + InitSSLConfig(origin_, &server_ssl_config_, + false /* not a proxy server */); + } + + if (IsPreconnecting()) { + DCHECK(!stream_factory_->for_websockets_); + return PreconnectSocketsForHttpRequest( + origin_url_, + request_info_.extra_headers, + request_info_.load_flags, + priority_, + session_, + proxy_info_, + ShouldForceSpdySSL(), + want_spdy_over_npn, + server_ssl_config_, + proxy_ssl_config_, + request_info_.privacy_mode, + net_log_, + num_streams_); + } else { + // If we can't use a SPDY session, don't both checking for one after + // the hostname is resolved. + OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ? + base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(), + GetSpdySessionKey()) : + OnHostResolutionCallback(); + if (stream_factory_->for_websockets_) { + return InitSocketHandleForWebSocketRequest( + origin_url_, request_info_.extra_headers, request_info_.load_flags, + priority_, session_, proxy_info_, ShouldForceSpdySSL(), + want_spdy_over_npn, server_ssl_config_, proxy_ssl_config_, + request_info_.privacy_mode, net_log_, + connection_.get(), resolution_callback, io_callback_); + } + return InitSocketHandleForHttpRequest( + origin_url_, request_info_.extra_headers, request_info_.load_flags, + priority_, session_, proxy_info_, ShouldForceSpdySSL(), + want_spdy_over_npn, server_ssl_config_, proxy_ssl_config_, + request_info_.privacy_mode, net_log_, + connection_.get(), resolution_callback, io_callback_); + } +} + +int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) { + if (IsPreconnecting()) { + if (using_quic_) + return result; + DCHECK_EQ(OK, result); + return OK; + } + + if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) { + // We found a SPDY connection after resolving the host. This is + // probably an IP pooled connection. + SpdySessionKey spdy_session_key = GetSpdySessionKey(); + existing_spdy_session_ = + session_->spdy_session_pool()->FindAvailableSession( + spdy_session_key, net_log_); + if (existing_spdy_session_) { + using_spdy_ = true; + next_state_ = STATE_CREATE_STREAM; + } else { + // It is possible that the spdy session no longer exists. + ReturnToStateInitConnection(true /* close connection */); + } + return OK; + } + + // TODO(willchan): Make this a bit more exact. Maybe there are recoverable + // errors, such as ignoring certificate errors for Alternate-Protocol. + if (result < 0 && waiting_job_) { + waiting_job_->Resume(this); + waiting_job_ = NULL; + } + + if (result < 0 && session_->force_http_pipelining()) { + stream_factory_->AbortPipelinedRequestsWithKey( + this, *http_pipelining_key_.get(), result, server_ssl_config_); + } + + // |result| may be the result of any of the stacked pools. The following + // logic is used when determining how to interpret an error. + // If |result| < 0: + // and connection_->socket() != NULL, then the SSL handshake ran and it + // is a potentially recoverable error. + // and connection_->socket == NULL and connection_->is_ssl_error() is true, + // then the SSL handshake ran with an unrecoverable error. + // otherwise, the error came from one of the other pools. + bool ssl_started = using_ssl_ && (result == OK || connection_->socket() || + connection_->is_ssl_error()); + + if (ssl_started && (result == OK || IsCertificateError(result))) { + if (using_quic_ && result == OK) { + was_npn_negotiated_ = true; + NextProto protocol_negotiated = + SSLClientSocket::NextProtoFromString("quic/1+spdy/3"); + protocol_negotiated_ = protocol_negotiated; + } else { + SSLClientSocket* ssl_socket = + static_cast<SSLClientSocket*>(connection_->socket()); + if (ssl_socket->WasNpnNegotiated()) { + was_npn_negotiated_ = true; + std::string proto; + std::string server_protos; + SSLClientSocket::NextProtoStatus status = + ssl_socket->GetNextProto(&proto, &server_protos); + NextProto protocol_negotiated = + SSLClientSocket::NextProtoFromString(proto); + protocol_negotiated_ = protocol_negotiated; + net_log_.AddEvent( + NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO, + base::Bind(&NetLogHttpStreamProtoCallback, + status, &proto, &server_protos)); + if (ssl_socket->was_spdy_negotiated()) + SwitchToSpdyMode(); + } + if (ShouldForceSpdySSL()) + SwitchToSpdyMode(); + } + } else if (proxy_info_.is_https() && connection_->socket() && + result == OK) { + ProxyClientSocket* proxy_socket = + static_cast<ProxyClientSocket*>(connection_->socket()); + if (proxy_socket->IsUsingSpdy()) { + was_npn_negotiated_ = true; + protocol_negotiated_ = proxy_socket->GetProtocolNegotiated(); + SwitchToSpdyMode(); + } + } + + // We may be using spdy without SSL + if (ShouldForceSpdyWithoutSSL()) + SwitchToSpdyMode(); + + if (result == ERR_PROXY_AUTH_REQUESTED || + result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { + DCHECK(!ssl_started); + // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an + // SSL socket, but there was an error before that could happen. This + // puts the in progress HttpProxy socket into |connection_| in order to + // complete the auth (or read the response body). The tunnel restart code + // is careful to remove it before returning control to the rest of this + // class. + connection_.reset(connection_->release_pending_http_proxy_connection()); + return result; + } + + if (!ssl_started && result < 0 && original_url_.get()) { + // Mark the alternate protocol as broken and fallback. + session_->http_server_properties()->SetBrokenAlternateProtocol( + HostPortPair::FromURL(*original_url_)); + return result; + } + + if (using_quic_) { + if (result < 0) + return result; + stream_ = quic_request_.ReleaseStream(); + next_state_ = STATE_NONE; + return OK; + } + + if (result < 0 && !ssl_started) + return ReconsiderProxyAfterError(result); + establishing_tunnel_ = false; + + if (connection_->socket()) { + LogHttpConnectedMetrics(*connection_); + + // We officially have a new connection. Record the type. + if (!connection_->is_reused()) { + ConnectionType type = using_spdy_ ? CONNECTION_SPDY : CONNECTION_HTTP; + UpdateConnectionTypeHistograms(type); + } + } + + // Handle SSL errors below. + if (using_ssl_) { + DCHECK(ssl_started); + if (IsCertificateError(result)) { + if (using_spdy_ && original_url_.get() && + original_url_->SchemeIs("http")) { + // We ignore certificate errors for http over spdy. + spdy_certificate_error_ = result; + result = OK; + } else { + result = HandleCertificateError(result); + if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { + ReturnToStateInitConnection(true /* close connection */); + return result; + } + } + } + if (result < 0) + return result; + } + + next_state_ = STATE_CREATE_STREAM; + return OK; +} + +int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result) { + // This state indicates that the stream request is in a partially + // completed state, and we've called back to the delegate for more + // information. + + // We're always waiting here for the delegate to call us back. + return ERR_IO_PENDING; +} + +int HttpStreamFactoryImpl::Job::DoCreateStream() { + DCHECK(connection_->socket() || existing_spdy_session_.get() || + existing_available_pipeline_ || using_quic_); + + next_state_ = STATE_CREATE_STREAM_COMPLETE; + + // We only set the socket motivation if we're the first to use + // this socket. Is there a race for two SPDY requests? We really + // need to plumb this through to the connect level. + if (connection_->socket() && !connection_->is_reused()) + SetSocketMotivation(); + + if (!using_spdy_) { + // We may get ftp scheme when fetching ftp resources through proxy. + bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) && + (request_info_.url.SchemeIs("http") || + request_info_.url.SchemeIs("ftp")); + if (stream_factory_->http_pipelined_host_pool_. + IsExistingPipelineAvailableForKey(*http_pipelining_key_.get())) { + DCHECK(!stream_factory_->for_websockets_); + stream_.reset(stream_factory_->http_pipelined_host_pool_. + CreateStreamOnExistingPipeline( + *http_pipelining_key_.get())); + CHECK(stream_.get()); + } else if (stream_factory_->for_websockets_) { + DCHECK(request_); + DCHECK(request_->websocket_stream_factory()); + websocket_stream_.reset( + request_->websocket_stream_factory()->CreateBasicStream( + connection_.release(), using_proxy)); + } else if (!using_proxy && IsRequestEligibleForPipelining()) { + // TODO(simonjam): Support proxies. + stream_.reset( + stream_factory_->http_pipelined_host_pool_.CreateStreamOnNewPipeline( + *http_pipelining_key_.get(), + connection_.release(), + server_ssl_config_, + proxy_info_, + net_log_, + was_npn_negotiated_, + protocol_negotiated_)); + CHECK(stream_.get()); + } else { + stream_.reset(new HttpBasicStream(connection_.release(), NULL, + using_proxy)); + } + return OK; + } + + CHECK(!stream_.get()); + + bool direct = true; + const ProxyServer& proxy_server = proxy_info_.proxy_server(); + PrivacyMode privacy_mode = request_info_.privacy_mode; + SpdySessionKey spdy_session_key(origin_, proxy_server, privacy_mode); + if (IsHttpsProxyAndHttpUrl()) { + // If we don't have a direct SPDY session, and we're using an HTTPS + // proxy, then we might have a SPDY session to the proxy. + // We never use privacy mode for connection to proxy server. + spdy_session_key = SpdySessionKey(proxy_server.host_port_pair(), + ProxyServer::Direct(), + kPrivacyModeDisabled); + direct = false; + } + + base::WeakPtr<SpdySession> spdy_session; + if (existing_spdy_session_.get()) { + // We picked up an existing session, so we don't need our socket. + if (connection_->socket()) + connection_->socket()->Disconnect(); + connection_->Reset(); + std::swap(spdy_session, existing_spdy_session_); + } else { + SpdySessionPool* spdy_pool = session_->spdy_session_pool(); + spdy_session = spdy_pool->FindAvailableSession(spdy_session_key, net_log_); + if (!spdy_session) { + int error = + spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key, + connection_.Pass(), + net_log_, + spdy_certificate_error_, + &new_spdy_session_, + using_ssl_); + if (error != OK) + return error; + const HostPortPair& host_port_pair = spdy_session_key.host_port_pair(); + base::WeakPtr<HttpServerProperties> http_server_properties = + session_->http_server_properties(); + if (http_server_properties) + http_server_properties->SetSupportsSpdy(host_port_pair, true); + spdy_session_direct_ = direct; + return OK; + } + } + + if (!spdy_session) + return ERR_CONNECTION_CLOSED; + + // TODO(willchan): Delete this code, because eventually, the + // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it + // will know when SpdySessions become available. + + if (stream_factory_->for_websockets_) { + DCHECK(request_); + DCHECK(request_->websocket_stream_factory()); + bool use_relative_url = direct || request_info_.url.SchemeIs("wss"); + websocket_stream_.reset( + request_->websocket_stream_factory()->CreateSpdyStream( + spdy_session, use_relative_url)); + } else { + bool use_relative_url = direct || request_info_.url.SchemeIs("https"); + stream_.reset(new SpdyHttpStream(spdy_session, use_relative_url)); + } + return OK; +} + +int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result) { + if (result < 0) + return result; + + session_->proxy_service()->ReportSuccess(proxy_info_); + next_state_ = STATE_NONE; + return OK; +} + +int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() { + next_state_ = STATE_RESTART_TUNNEL_AUTH_COMPLETE; + ProxyClientSocket* proxy_socket = + static_cast<ProxyClientSocket*>(connection_->socket()); + return proxy_socket->RestartWithAuth(io_callback_); +} + +int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result) { + if (result == ERR_PROXY_AUTH_REQUESTED) + return result; + + if (result == OK) { + // Now that we've got the HttpProxyClientSocket connected. We have + // to release it as an idle socket into the pool and start the connection + // process from the beginning. Trying to pass it in with the + // SSLSocketParams might cause a deadlock since params are dispatched + // interchangeably. This request won't necessarily get this http proxy + // socket, but there will be forward progress. + establishing_tunnel_ = false; + ReturnToStateInitConnection(false /* do not close connection */); + return OK; + } + + return ReconsiderProxyAfterError(result); +} + +void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection( + bool close_connection) { + if (close_connection && connection_->socket()) + connection_->socket()->Disconnect(); + connection_->Reset(); + + if (request_) { + request_->RemoveRequestFromSpdySessionRequestMap(); + request_->RemoveRequestFromHttpPipeliningRequestMap(); + } + + next_state_ = STATE_INIT_CONNECTION; +} + +void HttpStreamFactoryImpl::Job::SetSocketMotivation() { + if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED) + connection_->socket()->SetSubresourceSpeculation(); + else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED) + connection_->socket()->SetOmniboxSpeculation(); + // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED). +} + +bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const { + if (!proxy_info_.is_https()) + return false; + if (original_url_.get()) { + // We currently only support Alternate-Protocol where the original scheme + // is http. + DCHECK(original_url_->SchemeIs("http")); + return original_url_->SchemeIs("http"); + } + return request_info_.url.SchemeIs("http"); +} + +// Sets several fields of ssl_config for the given origin_server based on the +// proxy info and other factors. +void HttpStreamFactoryImpl::Job::InitSSLConfig( + const HostPortPair& origin_server, + SSLConfig* ssl_config, + bool is_proxy) const { + if (proxy_info_.is_https() && ssl_config->send_client_cert) { + // When connecting through an HTTPS proxy, disable TLS False Start so + // that client authentication errors can be distinguished between those + // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and + // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR / + // ERR_BAD_SSL_CLIENT_AUTH_CERT). + // TODO(rch): This assumes that the HTTPS proxy will only request a + // client certificate during the initial handshake. + // http://crbug.com/59292 + ssl_config->false_start_enabled = false; + } + + enum { + FALLBACK_NONE = 0, // SSL version fallback did not occur. + FALLBACK_SSL3 = 1, // Fell back to SSL 3.0. + FALLBACK_TLS1 = 2, // Fell back to TLS 1.0. + FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1. + FALLBACK_MAX + }; + + int fallback = FALLBACK_NONE; + if (ssl_config->version_fallback) { + switch (ssl_config->version_max) { + case SSL_PROTOCOL_VERSION_SSL3: + fallback = FALLBACK_SSL3; + break; + case SSL_PROTOCOL_VERSION_TLS1: + fallback = FALLBACK_TLS1; + break; + case SSL_PROTOCOL_VERSION_TLS1_1: + fallback = FALLBACK_TLS1_1; + break; + } + } + UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback", + fallback, FALLBACK_MAX); + + // We also wish to measure the amount of fallback connections for a host that + // we know implements TLS up to 1.2. Ideally there would be no fallback here + // but high numbers of SSLv3 would suggest that SSLv3 fallback is being + // caused by network middleware rather than buggy HTTPS servers. + const std::string& host = origin_server.host(); + if (!is_proxy && + host.size() >= 10 && + host.compare(host.size() - 10, 10, "google.com") == 0 && + (host.size() == 10 || host[host.size()-11] == '.')) { + UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback", + fallback, FALLBACK_MAX); + } + + if (request_info_.load_flags & LOAD_VERIFY_EV_CERT) + ssl_config->verify_ev_cert = true; + + // Disable Channel ID if privacy mode is enabled. + if (request_info_.privacy_mode == kPrivacyModeEnabled) + ssl_config->channel_id_enabled = false; +} + + +int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) { + DCHECK(!pac_request_); + + // A failure to resolve the hostname or any error related to establishing a + // TCP connection could be grounds for trying a new proxy configuration. + // + // Why do this when a hostname cannot be resolved? Some URLs only make sense + // to proxy servers. The hostname in those URLs might fail to resolve if we + // are still using a non-proxy config. We need to check if a proxy config + // now exists that corresponds to a proxy server that could load the URL. + // + switch (error) { + case ERR_PROXY_CONNECTION_FAILED: + case ERR_NAME_NOT_RESOLVED: + case ERR_INTERNET_DISCONNECTED: + case ERR_ADDRESS_UNREACHABLE: + case ERR_CONNECTION_CLOSED: + case ERR_CONNECTION_TIMED_OUT: + case ERR_CONNECTION_RESET: + case ERR_CONNECTION_REFUSED: + case ERR_CONNECTION_ABORTED: + case ERR_TIMED_OUT: + case ERR_TUNNEL_CONNECTION_FAILED: + case ERR_SOCKS_CONNECTION_FAILED: + // This can happen in the case of trying to talk to a proxy using SSL, and + // ending up talking to a captive portal that supports SSL instead. + case ERR_PROXY_CERTIFICATE_INVALID: + // This can happen when trying to talk SSL to a non-SSL server (Like a + // captive portal). + case ERR_SSL_PROTOCOL_ERROR: + break; + case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE: + // Remap the SOCKS-specific "host unreachable" error to a more + // generic error code (this way consumers like the link doctor + // know to substitute their error page). + // + // Note that if the host resolving was done by the SOCKS5 proxy, we can't + // differentiate between a proxy-side "host not found" versus a proxy-side + // "address unreachable" error, and will report both of these failures as + // ERR_ADDRESS_UNREACHABLE. + return ERR_ADDRESS_UNREACHABLE; + default: + return error; + } + + if (request_info_.load_flags & LOAD_BYPASS_PROXY) { + return error; + } + + if (proxy_info_.is_https() && proxy_ssl_config_.send_client_cert) { + session_->ssl_client_auth_cache()->Remove( + proxy_info_.proxy_server().host_port_pair().ToString()); + } + + int rv = session_->proxy_service()->ReconsiderProxyAfterError( + request_info_.url, &proxy_info_, io_callback_, &pac_request_, net_log_); + if (rv == OK || rv == ERR_IO_PENDING) { + // If the error was during connection setup, there is no socket to + // disconnect. + if (connection_->socket()) + connection_->socket()->Disconnect(); + connection_->Reset(); + if (request_) { + request_->RemoveRequestFromSpdySessionRequestMap(); + request_->RemoveRequestFromHttpPipeliningRequestMap(); + } + next_state_ = STATE_RESOLVE_PROXY_COMPLETE; + } else { + // If ReconsiderProxyAfterError() failed synchronously, it means + // there was nothing left to fall-back to, so fail the transaction + // with the last connection error we got. + // TODO(eroman): This is a confusing contract, make it more obvious. + rv = error; + } + + return rv; +} + +int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) { + DCHECK(using_ssl_); + DCHECK(IsCertificateError(error)); + + SSLClientSocket* ssl_socket = + static_cast<SSLClientSocket*>(connection_->socket()); + ssl_socket->GetSSLInfo(&ssl_info_); + + // Add the bad certificate to the set of allowed certificates in the + // SSL config object. This data structure will be consulted after calling + // RestartIgnoringLastError(). And the user will be asked interactively + // before RestartIgnoringLastError() is ever called. + SSLConfig::CertAndStatus bad_cert; + + // |ssl_info_.cert| may be NULL if we failed to create + // X509Certificate for whatever reason, but normally it shouldn't + // happen, unless this code is used inside sandbox. + if (ssl_info_.cert.get() == NULL || + !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(), + &bad_cert.der_cert)) { + return error; + } + bad_cert.cert_status = ssl_info_.cert_status; + server_ssl_config_.allowed_bad_certs.push_back(bad_cert); + + int load_flags = request_info_.load_flags; + if (session_->params().ignore_certificate_errors) + load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; + if (ssl_socket->IgnoreCertError(error, load_flags)) + return OK; + return error; +} + +void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() { + if (HttpStreamFactory::spdy_enabled()) + using_spdy_ = true; +} + +// static +void HttpStreamFactoryImpl::Job::LogHttpConnectedMetrics( + const ClientSocketHandle& handle) { + UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(), + ClientSocketHandle::NUM_TYPES); + + switch (handle.reuse_type()) { + case ClientSocketHandle::UNUSED: + UMA_HISTOGRAM_CUSTOM_TIMES("Net.HttpConnectionLatency", + handle.setup_time(), + base::TimeDelta::FromMilliseconds(1), + base::TimeDelta::FromMinutes(10), + 100); + break; + case ClientSocketHandle::UNUSED_IDLE: + UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_UnusedSocket", + handle.idle_time(), + base::TimeDelta::FromMilliseconds(1), + base::TimeDelta::FromMinutes(6), + 100); + break; + case ClientSocketHandle::REUSED_IDLE: + UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_ReusedSocket", + handle.idle_time(), + base::TimeDelta::FromMilliseconds(1), + base::TimeDelta::FromMinutes(6), + 100); + break; + default: + NOTREACHED(); + break; + } +} + +bool HttpStreamFactoryImpl::Job::IsPreconnecting() const { + DCHECK_GE(num_streams_, 0); + return num_streams_ > 0; +} + +bool HttpStreamFactoryImpl::Job::IsOrphaned() const { + return !IsPreconnecting() && !request_; +} + +bool HttpStreamFactoryImpl::Job::IsRequestEligibleForPipelining() { + if (IsPreconnecting() || !request_) { + return false; + } + if (stream_factory_->for_websockets_) { + return false; + } + if (session_->force_http_pipelining()) { + return true; + } + if (!session_->params().http_pipelining_enabled) { + return false; + } + if (using_ssl_) { + return false; + } + if (request_info_.method != "GET" && request_info_.method != "HEAD") { + return false; + } + if (request_info_.load_flags & + (net::LOAD_MAIN_FRAME | net::LOAD_SUB_FRAME | net::LOAD_PREFETCH | + net::LOAD_IS_DOWNLOAD)) { + // Avoid pipelining resources that may be streamed for a long time. + return false; + } + return stream_factory_->http_pipelined_host_pool_.IsKeyEligibleForPipelining( + *http_pipelining_key_.get()); +} + +} // namespace net |