1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_proxy_client_socket_pool.h"
10 #include "base/values.h"
11 #include "googleurl/src/gurl.h"
12 #include "net/base/load_flags.h"
13 #include "net/base/net_errors.h"
14 #include "net/base/ssl_cert_request_info.h"
15 #include "net/http/http_network_session.h"
16 #include "net/http/http_proxy_client_socket.h"
17 #include "net/socket/client_socket_factory.h"
18 #include "net/socket/client_socket_handle.h"
19 #include "net/socket/client_socket_pool_base.h"
20 #include "net/socket/ssl_client_socket.h"
21 #include "net/socket/ssl_client_socket_pool.h"
22 #include "net/socket/transport_client_socket_pool.h"
23 #include "net/spdy/spdy_proxy_client_socket.h"
24 #include "net/spdy/spdy_session.h"
25 #include "net/spdy/spdy_session_pool.h"
26 #include "net/spdy/spdy_stream.h"
30 HttpProxySocketParams::HttpProxySocketParams(
31 const scoped_refptr
<TransportSocketParams
>& transport_params
,
32 const scoped_refptr
<SSLSocketParams
>& ssl_params
,
33 const GURL
& request_url
,
34 const std::string
& user_agent
,
35 const HostPortPair
& endpoint
,
36 HttpAuthCache
* http_auth_cache
,
37 HttpAuthHandlerFactory
* http_auth_handler_factory
,
38 SpdySessionPool
* spdy_session_pool
,
40 : transport_params_(transport_params
),
41 ssl_params_(ssl_params
),
42 spdy_session_pool_(spdy_session_pool
),
43 request_url_(request_url
),
44 user_agent_(user_agent
),
46 http_auth_cache_(tunnel
? http_auth_cache
: NULL
),
47 http_auth_handler_factory_(tunnel
? http_auth_handler_factory
: NULL
),
49 DCHECK((transport_params
== NULL
&& ssl_params
!= NULL
) ||
50 (transport_params
!= NULL
&& ssl_params
== NULL
));
51 if (transport_params_
) {
52 ignore_limits_
= transport_params
->ignore_limits();
54 ignore_limits_
= ssl_params
->ignore_limits();
58 const HostResolver::RequestInfo
& HttpProxySocketParams::destination() const {
59 if (transport_params_
== NULL
) {
60 return ssl_params_
->transport_params()->destination();
62 return transport_params_
->destination();
66 HttpProxySocketParams::~HttpProxySocketParams() {}
68 // HttpProxyConnectJobs will time out after this many seconds. Note this is on
69 // top of the timeout for the transport socket.
70 static const int kHttpProxyConnectJobTimeoutInSeconds
= 30;
72 HttpProxyConnectJob::HttpProxyConnectJob(
73 const std::string
& group_name
,
74 const scoped_refptr
<HttpProxySocketParams
>& params
,
75 const base::TimeDelta
& timeout_duration
,
76 TransportClientSocketPool
* transport_pool
,
77 SSLClientSocketPool
* ssl_pool
,
78 HostResolver
* host_resolver
,
81 : ConnectJob(group_name
, timeout_duration
, delegate
,
82 BoundNetLog::Make(net_log
, NetLog::SOURCE_CONNECT_JOB
)),
84 transport_pool_(transport_pool
),
86 resolver_(host_resolver
),
87 ALLOW_THIS_IN_INITIALIZER_LIST(
88 callback_(base::Bind(&HttpProxyConnectJob::OnIOComplete
,
89 base::Unretained(this)))),
91 protocol_negotiated_(kProtoUnknown
) {
94 HttpProxyConnectJob::~HttpProxyConnectJob() {}
96 LoadState
HttpProxyConnectJob::GetLoadState() const {
97 switch (next_state_
) {
98 case STATE_TCP_CONNECT
:
99 case STATE_TCP_CONNECT_COMPLETE
:
100 case STATE_SSL_CONNECT
:
101 case STATE_SSL_CONNECT_COMPLETE
:
102 return transport_socket_handle_
->GetLoadState();
103 case STATE_HTTP_PROXY_CONNECT
:
104 case STATE_HTTP_PROXY_CONNECT_COMPLETE
:
105 case STATE_SPDY_PROXY_CREATE_STREAM
:
106 case STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE
:
107 return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL
;
110 return LOAD_STATE_IDLE
;
114 void HttpProxyConnectJob::GetAdditionalErrorState(ClientSocketHandle
* handle
) {
115 if (error_response_info_
.cert_request_info
) {
116 handle
->set_ssl_error_response_info(error_response_info_
);
117 handle
->set_is_ssl_error(true);
121 void HttpProxyConnectJob::OnIOComplete(int result
) {
122 int rv
= DoLoop(result
);
123 if (rv
!= ERR_IO_PENDING
)
124 NotifyDelegateOfCompletion(rv
); // Deletes |this|
127 int HttpProxyConnectJob::DoLoop(int result
) {
128 DCHECK_NE(next_state_
, STATE_NONE
);
132 State state
= next_state_
;
133 next_state_
= STATE_NONE
;
135 case STATE_TCP_CONNECT
:
137 rv
= DoTransportConnect();
139 case STATE_TCP_CONNECT_COMPLETE
:
140 rv
= DoTransportConnectComplete(rv
);
142 case STATE_SSL_CONNECT
:
146 case STATE_SSL_CONNECT_COMPLETE
:
147 rv
= DoSSLConnectComplete(rv
);
149 case STATE_HTTP_PROXY_CONNECT
:
151 rv
= DoHttpProxyConnect();
153 case STATE_HTTP_PROXY_CONNECT_COMPLETE
:
154 rv
= DoHttpProxyConnectComplete(rv
);
156 case STATE_SPDY_PROXY_CREATE_STREAM
:
158 rv
= DoSpdyProxyCreateStream();
160 case STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE
:
161 rv
= DoSpdyProxyCreateStreamComplete(rv
);
164 NOTREACHED() << "bad state";
168 } while (rv
!= ERR_IO_PENDING
&& next_state_
!= STATE_NONE
);
173 int HttpProxyConnectJob::DoTransportConnect() {
174 next_state_
= STATE_TCP_CONNECT_COMPLETE
;
175 transport_socket_handle_
.reset(new ClientSocketHandle());
176 return transport_socket_handle_
->Init(
177 group_name(), params_
->transport_params(),
178 params_
->transport_params()->destination().priority(), callback_
,
179 transport_pool_
, net_log());
182 int HttpProxyConnectJob::DoTransportConnectComplete(int result
) {
184 return ERR_PROXY_CONNECTION_FAILED
;
186 // Reset the timer to just the length of time allowed for HttpProxy handshake
187 // so that a fast TCP connection plus a slow HttpProxy failure doesn't take
188 // longer to timeout than it should.
189 ResetTimer(base::TimeDelta::FromSeconds(
190 kHttpProxyConnectJobTimeoutInSeconds
));
192 next_state_
= STATE_HTTP_PROXY_CONNECT
;
196 int HttpProxyConnectJob::DoSSLConnect() {
197 if (params_
->tunnel()) {
198 HostPortProxyPair
pair(params_
->destination().host_port_pair(),
199 ProxyServer::Direct());
200 if (params_
->spdy_session_pool()->HasSession(pair
)) {
202 next_state_
= STATE_SPDY_PROXY_CREATE_STREAM
;
206 next_state_
= STATE_SSL_CONNECT_COMPLETE
;
207 transport_socket_handle_
.reset(new ClientSocketHandle());
208 return transport_socket_handle_
->Init(
209 group_name(), params_
->ssl_params(),
210 params_
->ssl_params()->transport_params()->destination().priority(),
211 callback_
, ssl_pool_
, net_log());
214 int HttpProxyConnectJob::DoSSLConnectComplete(int result
) {
215 if (result
== ERR_SSL_CLIENT_AUTH_CERT_NEEDED
) {
216 error_response_info_
= transport_socket_handle_
->ssl_error_response_info();
217 DCHECK(error_response_info_
.cert_request_info
.get());
218 error_response_info_
.cert_request_info
->is_proxy
= true;
221 if (IsCertificateError(result
)) {
222 if (params_
->ssl_params()->load_flags() & LOAD_IGNORE_ALL_CERT_ERRORS
) {
225 // TODO(rch): allow the user to deal with proxy cert errors in the
226 // same way as server cert errors.
227 transport_socket_handle_
->socket()->Disconnect();
228 return ERR_PROXY_CERTIFICATE_INVALID
;
232 if (transport_socket_handle_
->socket())
233 transport_socket_handle_
->socket()->Disconnect();
234 return ERR_PROXY_CONNECTION_FAILED
;
237 SSLClientSocket
* ssl
=
238 static_cast<SSLClientSocket
*>(transport_socket_handle_
->socket());
239 using_spdy_
= ssl
->was_spdy_negotiated();
240 protocol_negotiated_
= ssl
->GetNegotiatedProtocol();
242 // Reset the timer to just the length of time allowed for HttpProxy handshake
243 // so that a fast SSL connection plus a slow HttpProxy failure doesn't take
244 // longer to timeout than it should.
245 ResetTimer(base::TimeDelta::FromSeconds(
246 kHttpProxyConnectJobTimeoutInSeconds
));
247 // TODO(rch): If we ever decide to implement a "trusted" SPDY proxy
248 // (one that we speak SPDY over SSL to, but to which we send HTTPS
249 // request directly instead of through CONNECT tunnels, then we
250 // need to add a predicate to this if statement so we fall through
251 // to the else case. (HttpProxyClientSocket currently acts as
252 // a "trusted" SPDY proxy).
253 if (using_spdy_
&& params_
->tunnel()) {
254 next_state_
= STATE_SPDY_PROXY_CREATE_STREAM
;
256 next_state_
= STATE_HTTP_PROXY_CONNECT
;
261 int HttpProxyConnectJob::DoHttpProxyConnect() {
262 next_state_
= STATE_HTTP_PROXY_CONNECT_COMPLETE
;
263 const HostResolver::RequestInfo
& tcp_destination
= params_
->destination();
264 const HostPortPair
& proxy_server
= tcp_destination
.host_port_pair();
266 // Add a HttpProxy connection on top of the tcp socket.
267 transport_socket_
.reset(
268 new HttpProxyClientSocket(transport_socket_handle_
.release(),
269 params_
->request_url(),
270 params_
->user_agent(),
273 params_
->http_auth_cache(),
274 params_
->http_auth_handler_factory(),
277 protocol_negotiated_
,
278 params_
->ssl_params() != NULL
));
279 return transport_socket_
->Connect(callback_
);
282 int HttpProxyConnectJob::DoHttpProxyConnectComplete(int result
) {
283 if (result
== OK
|| result
== ERR_PROXY_AUTH_REQUESTED
||
284 result
== ERR_HTTPS_PROXY_TUNNEL_RESPONSE
) {
285 set_socket(transport_socket_
.release());
291 int HttpProxyConnectJob::DoSpdyProxyCreateStream() {
293 DCHECK(params_
->tunnel());
295 HostPortProxyPair
pair(params_
->destination().host_port_pair(),
296 ProxyServer::Direct());
297 SpdySessionPool
* spdy_pool
= params_
->spdy_session_pool();
298 scoped_refptr
<SpdySession
> spdy_session
;
299 // It's possible that a session to the proxy has recently been created
300 if (spdy_pool
->HasSession(pair
)) {
301 if (transport_socket_handle_
.get()) {
302 if (transport_socket_handle_
->socket())
303 transport_socket_handle_
->socket()->Disconnect();
304 transport_socket_handle_
->Reset();
306 spdy_session
= spdy_pool
->Get(pair
, net_log());
308 // Create a session direct to the proxy itself
309 int rv
= spdy_pool
->GetSpdySessionFromSocket(
310 pair
, transport_socket_handle_
.release(),
311 net_log(), OK
, &spdy_session
, /*using_ssl_*/ true);
316 next_state_
= STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE
;
317 return spdy_session
->CreateStream(
318 params_
->request_url(), params_
->destination().priority(),
319 &spdy_stream_
, spdy_session
->net_log(), callback_
);
322 int HttpProxyConnectJob::DoSpdyProxyCreateStreamComplete(int result
) {
326 next_state_
= STATE_HTTP_PROXY_CONNECT_COMPLETE
;
327 transport_socket_
.reset(
328 new SpdyProxyClientSocket(spdy_stream_
,
329 params_
->user_agent(),
331 params_
->request_url(),
332 params_
->destination().host_port_pair(),
333 params_
->http_auth_cache(),
334 params_
->http_auth_handler_factory()));
335 return transport_socket_
->Connect(callback_
);
338 int HttpProxyConnectJob::ConnectInternal() {
339 if (params_
->transport_params()) {
340 next_state_
= STATE_TCP_CONNECT
;
342 next_state_
= STATE_SSL_CONNECT
;
347 HttpProxyClientSocketPool::
348 HttpProxyConnectJobFactory::HttpProxyConnectJobFactory(
349 TransportClientSocketPool
* transport_pool
,
350 SSLClientSocketPool
* ssl_pool
,
351 HostResolver
* host_resolver
,
353 : transport_pool_(transport_pool
),
355 host_resolver_(host_resolver
),
357 base::TimeDelta max_pool_timeout
= base::TimeDelta();
359 max_pool_timeout
= transport_pool_
->ConnectionTimeout();
361 max_pool_timeout
= std::max(max_pool_timeout
,
362 ssl_pool_
->ConnectionTimeout());
363 timeout_
= max_pool_timeout
+
364 base::TimeDelta::FromSeconds(kHttpProxyConnectJobTimeoutInSeconds
);
369 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::NewConnectJob(
370 const std::string
& group_name
,
371 const PoolBase::Request
& request
,
372 ConnectJob::Delegate
* delegate
) const {
373 return new HttpProxyConnectJob(group_name
,
384 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::ConnectionTimeout(
389 HttpProxyClientSocketPool::HttpProxyClientSocketPool(
391 int max_sockets_per_group
,
392 ClientSocketPoolHistograms
* histograms
,
393 HostResolver
* host_resolver
,
394 TransportClientSocketPool
* transport_pool
,
395 SSLClientSocketPool
* ssl_pool
,
397 : transport_pool_(transport_pool
),
399 base_(max_sockets
, max_sockets_per_group
, histograms
,
400 ClientSocketPool::unused_idle_socket_timeout(),
401 ClientSocketPool::used_idle_socket_timeout(),
402 new HttpProxyConnectJobFactory(transport_pool
,
406 // We should always have a |transport_pool_| except in unit tests.
408 transport_pool_
->AddLayeredPool(this);
410 ssl_pool_
->AddLayeredPool(this);
413 HttpProxyClientSocketPool::~HttpProxyClientSocketPool() {
415 ssl_pool_
->RemoveLayeredPool(this);
416 // We should always have a |transport_pool_| except in unit tests.
418 transport_pool_
->RemoveLayeredPool(this);
421 int HttpProxyClientSocketPool::RequestSocket(
422 const std::string
& group_name
, const void* socket_params
,
423 RequestPriority priority
, ClientSocketHandle
* handle
,
424 const CompletionCallback
& callback
, const BoundNetLog
& net_log
) {
425 const scoped_refptr
<HttpProxySocketParams
>* casted_socket_params
=
426 static_cast<const scoped_refptr
<HttpProxySocketParams
>*>(socket_params
);
428 return base_
.RequestSocket(group_name
, *casted_socket_params
, priority
,
429 handle
, callback
, net_log
);
432 void HttpProxyClientSocketPool::RequestSockets(
433 const std::string
& group_name
,
436 const BoundNetLog
& net_log
) {
437 const scoped_refptr
<HttpProxySocketParams
>* casted_params
=
438 static_cast<const scoped_refptr
<HttpProxySocketParams
>*>(params
);
440 base_
.RequestSockets(group_name
, *casted_params
, num_sockets
, net_log
);
443 void HttpProxyClientSocketPool::CancelRequest(
444 const std::string
& group_name
,
445 ClientSocketHandle
* handle
) {
446 base_
.CancelRequest(group_name
, handle
);
449 void HttpProxyClientSocketPool::ReleaseSocket(const std::string
& group_name
,
450 StreamSocket
* socket
, int id
) {
451 base_
.ReleaseSocket(group_name
, socket
, id
);
454 void HttpProxyClientSocketPool::Flush() {
458 bool HttpProxyClientSocketPool::IsStalled() const {
459 return base_
.IsStalled() ||
460 (transport_pool_
&& transport_pool_
->IsStalled()) ||
461 (ssl_pool_
&& ssl_pool_
->IsStalled());
464 void HttpProxyClientSocketPool::CloseIdleSockets() {
465 base_
.CloseIdleSockets();
468 int HttpProxyClientSocketPool::IdleSocketCount() const {
469 return base_
.idle_socket_count();
472 int HttpProxyClientSocketPool::IdleSocketCountInGroup(
473 const std::string
& group_name
) const {
474 return base_
.IdleSocketCountInGroup(group_name
);
477 LoadState
HttpProxyClientSocketPool::GetLoadState(
478 const std::string
& group_name
, const ClientSocketHandle
* handle
) const {
479 return base_
.GetLoadState(group_name
, handle
);
482 void HttpProxyClientSocketPool::AddLayeredPool(LayeredPool
* layered_pool
) {
483 base_
.AddLayeredPool(layered_pool
);
486 void HttpProxyClientSocketPool::RemoveLayeredPool(LayeredPool
* layered_pool
) {
487 base_
.RemoveLayeredPool(layered_pool
);
490 DictionaryValue
* HttpProxyClientSocketPool::GetInfoAsValue(
491 const std::string
& name
,
492 const std::string
& type
,
493 bool include_nested_pools
) const {
494 DictionaryValue
* dict
= base_
.GetInfoAsValue(name
, type
);
495 if (include_nested_pools
) {
496 ListValue
* list
= new ListValue();
497 if (transport_pool_
) {
498 list
->Append(transport_pool_
->GetInfoAsValue("transport_socket_pool",
499 "transport_socket_pool",
503 list
->Append(ssl_pool_
->GetInfoAsValue("ssl_socket_pool",
507 dict
->Set("nested_pools", list
);
512 base::TimeDelta
HttpProxyClientSocketPool::ConnectionTimeout() const {
513 return base_
.ConnectionTimeout();
516 ClientSocketPoolHistograms
* HttpProxyClientSocketPool::histograms() const {
517 return base_
.histograms();
520 bool HttpProxyClientSocketPool::CloseOneIdleConnection() {
521 if (base_
.CloseOneIdleSocket())
523 return base_
.CloseOneIdleConnectionInLayeredPool();