1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_proxy_client_socket_pool.h"
9 #include "base/compiler_specific.h"
10 #include "base/time/time.h"
11 #include "base/values.h"
12 #include "net/base/load_flags.h"
13 #include "net/base/net_errors.h"
14 #include "net/http/http_network_session.h"
15 #include "net/http/http_proxy_client_socket.h"
16 #include "net/socket/client_socket_factory.h"
17 #include "net/socket/client_socket_handle.h"
18 #include "net/socket/client_socket_pool_base.h"
19 #include "net/socket/ssl_client_socket.h"
20 #include "net/socket/ssl_client_socket_pool.h"
21 #include "net/socket/transport_client_socket_pool.h"
22 #include "net/spdy/spdy_proxy_client_socket.h"
23 #include "net/spdy/spdy_session.h"
24 #include "net/spdy/spdy_session_pool.h"
25 #include "net/spdy/spdy_stream.h"
26 #include "net/ssl/ssl_cert_request_info.h"
31 HttpProxySocketParams::HttpProxySocketParams(
32 const scoped_refptr
<TransportSocketParams
>& transport_params
,
33 const scoped_refptr
<SSLSocketParams
>& ssl_params
,
34 const GURL
& request_url
,
35 const std::string
& user_agent
,
36 const HostPortPair
& endpoint
,
37 HttpAuthCache
* http_auth_cache
,
38 HttpAuthHandlerFactory
* http_auth_handler_factory
,
39 SpdySessionPool
* spdy_session_pool
,
41 : transport_params_(transport_params
),
42 ssl_params_(ssl_params
),
43 spdy_session_pool_(spdy_session_pool
),
44 request_url_(request_url
),
45 user_agent_(user_agent
),
47 http_auth_cache_(tunnel
? http_auth_cache
: NULL
),
48 http_auth_handler_factory_(tunnel
? http_auth_handler_factory
: NULL
),
50 DCHECK((transport_params
.get() == NULL
&& ssl_params
.get() != NULL
) ||
51 (transport_params
.get() != NULL
&& ssl_params
.get() == NULL
));
52 if (transport_params_
.get()) {
53 ignore_limits_
= transport_params
->ignore_limits();
55 ignore_limits_
= ssl_params
->ignore_limits();
59 const HostResolver::RequestInfo
& HttpProxySocketParams::destination() const {
60 if (transport_params_
.get() == NULL
) {
61 return ssl_params_
->GetDirectConnectionParams()->destination();
63 return transport_params_
->destination();
67 HttpProxySocketParams::~HttpProxySocketParams() {}
69 // HttpProxyConnectJobs will time out after this many seconds. Note this is on
70 // top of the timeout for the transport socket.
71 #if (defined(OS_ANDROID) || defined(OS_IOS)) && defined(SPDY_PROXY_AUTH_ORIGIN)
72 static const int kHttpProxyConnectJobTimeoutInSeconds
= 10;
74 static const int kHttpProxyConnectJobTimeoutInSeconds
= 30;
78 HttpProxyConnectJob::HttpProxyConnectJob(
79 const std::string
& group_name
,
80 RequestPriority priority
,
81 const scoped_refptr
<HttpProxySocketParams
>& params
,
82 const base::TimeDelta
& timeout_duration
,
83 TransportClientSocketPool
* transport_pool
,
84 SSLClientSocketPool
* ssl_pool
,
85 HostResolver
* host_resolver
,
88 : ConnectJob(group_name
, timeout_duration
, priority
, delegate
,
89 BoundNetLog::Make(net_log
, NetLog::SOURCE_CONNECT_JOB
)),
90 weak_ptr_factory_(this),
92 transport_pool_(transport_pool
),
94 resolver_(host_resolver
),
95 callback_(base::Bind(&HttpProxyConnectJob::OnIOComplete
,
96 weak_ptr_factory_
.GetWeakPtr())),
98 protocol_negotiated_(kProtoUnknown
) {
101 HttpProxyConnectJob::~HttpProxyConnectJob() {}
103 LoadState
HttpProxyConnectJob::GetLoadState() const {
104 switch (next_state_
) {
105 case STATE_TCP_CONNECT
:
106 case STATE_TCP_CONNECT_COMPLETE
:
107 case STATE_SSL_CONNECT
:
108 case STATE_SSL_CONNECT_COMPLETE
:
109 return transport_socket_handle_
->GetLoadState();
110 case STATE_HTTP_PROXY_CONNECT
:
111 case STATE_HTTP_PROXY_CONNECT_COMPLETE
:
112 case STATE_SPDY_PROXY_CREATE_STREAM
:
113 case STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE
:
114 return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL
;
117 return LOAD_STATE_IDLE
;
121 void HttpProxyConnectJob::GetAdditionalErrorState(ClientSocketHandle
* handle
) {
122 if (error_response_info_
.cert_request_info
.get()) {
123 handle
->set_ssl_error_response_info(error_response_info_
);
124 handle
->set_is_ssl_error(true);
128 void HttpProxyConnectJob::OnIOComplete(int result
) {
129 int rv
= DoLoop(result
);
130 if (rv
!= ERR_IO_PENDING
)
131 NotifyDelegateOfCompletion(rv
); // Deletes |this|
134 int HttpProxyConnectJob::DoLoop(int result
) {
135 DCHECK_NE(next_state_
, STATE_NONE
);
139 State state
= next_state_
;
140 next_state_
= STATE_NONE
;
142 case STATE_TCP_CONNECT
:
144 rv
= DoTransportConnect();
146 case STATE_TCP_CONNECT_COMPLETE
:
147 rv
= DoTransportConnectComplete(rv
);
149 case STATE_SSL_CONNECT
:
153 case STATE_SSL_CONNECT_COMPLETE
:
154 rv
= DoSSLConnectComplete(rv
);
156 case STATE_HTTP_PROXY_CONNECT
:
158 rv
= DoHttpProxyConnect();
160 case STATE_HTTP_PROXY_CONNECT_COMPLETE
:
161 rv
= DoHttpProxyConnectComplete(rv
);
163 case STATE_SPDY_PROXY_CREATE_STREAM
:
165 rv
= DoSpdyProxyCreateStream();
167 case STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE
:
168 rv
= DoSpdyProxyCreateStreamComplete(rv
);
171 NOTREACHED() << "bad state";
175 } while (rv
!= ERR_IO_PENDING
&& next_state_
!= STATE_NONE
);
180 int HttpProxyConnectJob::DoTransportConnect() {
181 next_state_
= STATE_TCP_CONNECT_COMPLETE
;
182 transport_socket_handle_
.reset(new ClientSocketHandle());
183 return transport_socket_handle_
->Init(group_name(),
184 params_
->transport_params(),
191 int HttpProxyConnectJob::DoTransportConnectComplete(int result
) {
193 return ERR_PROXY_CONNECTION_FAILED
;
195 // Reset the timer to just the length of time allowed for HttpProxy handshake
196 // so that a fast TCP connection plus a slow HttpProxy failure doesn't take
197 // longer to timeout than it should.
198 ResetTimer(base::TimeDelta::FromSeconds(
199 kHttpProxyConnectJobTimeoutInSeconds
));
201 next_state_
= STATE_HTTP_PROXY_CONNECT
;
205 int HttpProxyConnectJob::DoSSLConnect() {
206 if (params_
->tunnel()) {
207 SpdySessionKey
key(params_
->destination().host_port_pair(),
208 ProxyServer::Direct(),
209 PRIVACY_MODE_DISABLED
);
210 if (params_
->spdy_session_pool()->FindAvailableSession(key
, net_log())) {
212 next_state_
= STATE_SPDY_PROXY_CREATE_STREAM
;
216 next_state_
= STATE_SSL_CONNECT_COMPLETE
;
217 transport_socket_handle_
.reset(new ClientSocketHandle());
218 return transport_socket_handle_
->Init(
219 group_name(), params_
->ssl_params(), priority(), callback_
,
220 ssl_pool_
, net_log());
223 int HttpProxyConnectJob::DoSSLConnectComplete(int result
) {
224 if (result
== ERR_SSL_CLIENT_AUTH_CERT_NEEDED
) {
225 error_response_info_
= transport_socket_handle_
->ssl_error_response_info();
226 DCHECK(error_response_info_
.cert_request_info
.get());
227 error_response_info_
.cert_request_info
->is_proxy
= true;
230 if (IsCertificateError(result
)) {
231 if (params_
->ssl_params()->load_flags() & LOAD_IGNORE_ALL_CERT_ERRORS
) {
234 // TODO(rch): allow the user to deal with proxy cert errors in the
235 // same way as server cert errors.
236 transport_socket_handle_
->socket()->Disconnect();
237 return ERR_PROXY_CERTIFICATE_INVALID
;
241 if (transport_socket_handle_
->socket())
242 transport_socket_handle_
->socket()->Disconnect();
243 return ERR_PROXY_CONNECTION_FAILED
;
246 SSLClientSocket
* ssl
=
247 static_cast<SSLClientSocket
*>(transport_socket_handle_
->socket());
248 using_spdy_
= ssl
->was_spdy_negotiated();
249 protocol_negotiated_
= ssl
->GetNegotiatedProtocol();
251 // Reset the timer to just the length of time allowed for HttpProxy handshake
252 // so that a fast SSL connection plus a slow HttpProxy failure doesn't take
253 // longer to timeout than it should.
254 ResetTimer(base::TimeDelta::FromSeconds(
255 kHttpProxyConnectJobTimeoutInSeconds
));
256 // TODO(rch): If we ever decide to implement a "trusted" SPDY proxy
257 // (one that we speak SPDY over SSL to, but to which we send HTTPS
258 // request directly instead of through CONNECT tunnels, then we
259 // need to add a predicate to this if statement so we fall through
260 // to the else case. (HttpProxyClientSocket currently acts as
261 // a "trusted" SPDY proxy).
262 if (using_spdy_
&& params_
->tunnel()) {
263 next_state_
= STATE_SPDY_PROXY_CREATE_STREAM
;
265 next_state_
= STATE_HTTP_PROXY_CONNECT
;
270 int HttpProxyConnectJob::DoHttpProxyConnect() {
271 next_state_
= STATE_HTTP_PROXY_CONNECT_COMPLETE
;
272 const HostResolver::RequestInfo
& tcp_destination
= params_
->destination();
273 const HostPortPair
& proxy_server
= tcp_destination
.host_port_pair();
275 // Add a HttpProxy connection on top of the tcp socket.
276 transport_socket_
.reset(
277 new HttpProxyClientSocket(transport_socket_handle_
.release(),
278 params_
->request_url(),
279 params_
->user_agent(),
282 params_
->http_auth_cache(),
283 params_
->http_auth_handler_factory(),
286 protocol_negotiated_
,
287 params_
->ssl_params().get() != NULL
));
288 return transport_socket_
->Connect(callback_
);
291 int HttpProxyConnectJob::DoHttpProxyConnectComplete(int result
) {
292 if (result
== OK
|| result
== ERR_PROXY_AUTH_REQUESTED
||
293 result
== ERR_HTTPS_PROXY_TUNNEL_RESPONSE
) {
294 SetSocket(transport_socket_
.PassAs
<StreamSocket
>());
300 int HttpProxyConnectJob::DoSpdyProxyCreateStream() {
302 DCHECK(params_
->tunnel());
303 SpdySessionKey
key(params_
->destination().host_port_pair(),
304 ProxyServer::Direct(),
305 PRIVACY_MODE_DISABLED
);
306 SpdySessionPool
* spdy_pool
= params_
->spdy_session_pool();
307 base::WeakPtr
<SpdySession
> spdy_session
=
308 spdy_pool
->FindAvailableSession(key
, net_log());
309 // It's possible that a session to the proxy has recently been created
311 if (transport_socket_handle_
.get()) {
312 if (transport_socket_handle_
->socket())
313 transport_socket_handle_
->socket()->Disconnect();
314 transport_socket_handle_
->Reset();
317 // Create a session direct to the proxy itself
319 spdy_pool
->CreateAvailableSessionFromSocket(
320 key
, transport_socket_handle_
.Pass(),
321 net_log(), OK
, /*using_ssl_*/ true);
322 DCHECK(spdy_session
);
325 next_state_
= STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE
;
326 return spdy_stream_request_
.StartRequest(SPDY_BIDIRECTIONAL_STREAM
,
328 params_
->request_url(),
330 spdy_session
->net_log(),
334 int HttpProxyConnectJob::DoSpdyProxyCreateStreamComplete(int result
) {
338 next_state_
= STATE_HTTP_PROXY_CONNECT_COMPLETE
;
339 base::WeakPtr
<SpdyStream
> stream
= spdy_stream_request_
.ReleaseStream();
340 DCHECK(stream
.get());
341 // |transport_socket_| will set itself as |stream|'s delegate.
342 transport_socket_
.reset(
343 new SpdyProxyClientSocket(stream
,
344 params_
->user_agent(),
346 params_
->request_url(),
347 params_
->destination().host_port_pair(),
349 params_
->http_auth_cache(),
350 params_
->http_auth_handler_factory()));
351 return transport_socket_
->Connect(callback_
);
354 int HttpProxyConnectJob::ConnectInternal() {
355 if (params_
->transport_params().get()) {
356 next_state_
= STATE_TCP_CONNECT
;
358 next_state_
= STATE_SSL_CONNECT
;
363 HttpProxyClientSocketPool::
364 HttpProxyConnectJobFactory::HttpProxyConnectJobFactory(
365 TransportClientSocketPool
* transport_pool
,
366 SSLClientSocketPool
* ssl_pool
,
367 HostResolver
* host_resolver
,
369 : transport_pool_(transport_pool
),
371 host_resolver_(host_resolver
),
373 base::TimeDelta max_pool_timeout
= base::TimeDelta();
375 #if (defined(OS_ANDROID) || defined(OS_IOS)) && defined(SPDY_PROXY_AUTH_ORIGIN)
378 max_pool_timeout
= transport_pool_
->ConnectionTimeout();
380 max_pool_timeout
= std::max(max_pool_timeout
,
381 ssl_pool_
->ConnectionTimeout());
383 timeout_
= max_pool_timeout
+
384 base::TimeDelta::FromSeconds(kHttpProxyConnectJobTimeoutInSeconds
);
388 scoped_ptr
<ConnectJob
>
389 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::NewConnectJob(
390 const std::string
& group_name
,
391 const PoolBase::Request
& request
,
392 ConnectJob::Delegate
* delegate
) const {
393 return scoped_ptr
<ConnectJob
>(new HttpProxyConnectJob(group_name
,
405 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::ConnectionTimeout(
410 HttpProxyClientSocketPool::HttpProxyClientSocketPool(
412 int max_sockets_per_group
,
413 ClientSocketPoolHistograms
* histograms
,
414 HostResolver
* host_resolver
,
415 TransportClientSocketPool
* transport_pool
,
416 SSLClientSocketPool
* ssl_pool
,
418 : transport_pool_(transport_pool
),
420 base_(this, max_sockets
, max_sockets_per_group
, histograms
,
421 ClientSocketPool::unused_idle_socket_timeout(),
422 ClientSocketPool::used_idle_socket_timeout(),
423 new HttpProxyConnectJobFactory(transport_pool
,
427 // We should always have a |transport_pool_| except in unit tests.
429 base_
.AddLowerLayeredPool(transport_pool_
);
431 base_
.AddLowerLayeredPool(ssl_pool_
);
434 HttpProxyClientSocketPool::~HttpProxyClientSocketPool() {
437 int HttpProxyClientSocketPool::RequestSocket(
438 const std::string
& group_name
, const void* socket_params
,
439 RequestPriority priority
, ClientSocketHandle
* handle
,
440 const CompletionCallback
& callback
, const BoundNetLog
& net_log
) {
441 const scoped_refptr
<HttpProxySocketParams
>* casted_socket_params
=
442 static_cast<const scoped_refptr
<HttpProxySocketParams
>*>(socket_params
);
444 return base_
.RequestSocket(group_name
, *casted_socket_params
, priority
,
445 handle
, callback
, net_log
);
448 void HttpProxyClientSocketPool::RequestSockets(
449 const std::string
& group_name
,
452 const BoundNetLog
& net_log
) {
453 const scoped_refptr
<HttpProxySocketParams
>* casted_params
=
454 static_cast<const scoped_refptr
<HttpProxySocketParams
>*>(params
);
456 base_
.RequestSockets(group_name
, *casted_params
, num_sockets
, net_log
);
459 void HttpProxyClientSocketPool::CancelRequest(
460 const std::string
& group_name
,
461 ClientSocketHandle
* handle
) {
462 base_
.CancelRequest(group_name
, handle
);
465 void HttpProxyClientSocketPool::ReleaseSocket(const std::string
& group_name
,
466 scoped_ptr
<StreamSocket
> socket
,
468 base_
.ReleaseSocket(group_name
, socket
.Pass(), id
);
471 void HttpProxyClientSocketPool::FlushWithError(int error
) {
472 base_
.FlushWithError(error
);
475 void HttpProxyClientSocketPool::CloseIdleSockets() {
476 base_
.CloseIdleSockets();
479 int HttpProxyClientSocketPool::IdleSocketCount() const {
480 return base_
.idle_socket_count();
483 int HttpProxyClientSocketPool::IdleSocketCountInGroup(
484 const std::string
& group_name
) const {
485 return base_
.IdleSocketCountInGroup(group_name
);
488 LoadState
HttpProxyClientSocketPool::GetLoadState(
489 const std::string
& group_name
, const ClientSocketHandle
* handle
) const {
490 return base_
.GetLoadState(group_name
, handle
);
493 base::DictionaryValue
* HttpProxyClientSocketPool::GetInfoAsValue(
494 const std::string
& name
,
495 const std::string
& type
,
496 bool include_nested_pools
) const {
497 base::DictionaryValue
* dict
= base_
.GetInfoAsValue(name
, type
);
498 if (include_nested_pools
) {
499 base::ListValue
* list
= new base::ListValue();
500 if (transport_pool_
) {
501 list
->Append(transport_pool_
->GetInfoAsValue("transport_socket_pool",
502 "transport_socket_pool",
506 list
->Append(ssl_pool_
->GetInfoAsValue("ssl_socket_pool",
510 dict
->Set("nested_pools", list
);
515 base::TimeDelta
HttpProxyClientSocketPool::ConnectionTimeout() const {
516 return base_
.ConnectionTimeout();
519 ClientSocketPoolHistograms
* HttpProxyClientSocketPool::histograms() const {
520 return base_
.histograms();
523 bool HttpProxyClientSocketPool::IsStalled() const {
524 return base_
.IsStalled();
527 void HttpProxyClientSocketPool::AddHigherLayeredPool(
528 HigherLayeredPool
* higher_pool
) {
529 base_
.AddHigherLayeredPool(higher_pool
);
532 void HttpProxyClientSocketPool::RemoveHigherLayeredPool(
533 HigherLayeredPool
* higher_pool
) {
534 base_
.RemoveHigherLayeredPool(higher_pool
);
537 bool HttpProxyClientSocketPool::CloseOneIdleConnection() {
538 if (base_
.CloseOneIdleSocket())
540 return base_
.CloseOneIdleConnectionInHigherLayeredPool();