1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_network_transaction.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/compiler_specific.h"
13 #include "base/format_macros.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/metrics/field_trial.h"
16 #include "base/metrics/histogram.h"
17 #include "base/metrics/stats_counters.h"
18 #include "base/stl_util.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/string_util.h"
21 #include "base/strings/stringprintf.h"
22 #include "base/time/time.h"
23 #include "base/values.h"
24 #include "build/build_config.h"
25 #include "net/base/auth.h"
26 #include "net/base/host_port_pair.h"
27 #include "net/base/io_buffer.h"
28 #include "net/base/load_flags.h"
29 #include "net/base/load_timing_info.h"
30 #include "net/base/net_errors.h"
31 #include "net/base/net_util.h"
32 #include "net/base/upload_data_stream.h"
33 #include "net/http/http_auth.h"
34 #include "net/http/http_auth_handler.h"
35 #include "net/http/http_auth_handler_factory.h"
36 #include "net/http/http_basic_stream.h"
37 #include "net/http/http_chunked_decoder.h"
38 #include "net/http/http_network_session.h"
39 #include "net/http/http_proxy_client_socket.h"
40 #include "net/http/http_proxy_client_socket_pool.h"
41 #include "net/http/http_request_headers.h"
42 #include "net/http/http_request_info.h"
43 #include "net/http/http_response_headers.h"
44 #include "net/http/http_response_info.h"
45 #include "net/http/http_server_properties.h"
46 #include "net/http/http_status_code.h"
47 #include "net/http/http_stream_base.h"
48 #include "net/http/http_stream_factory.h"
49 #include "net/http/http_util.h"
50 #include "net/http/transport_security_state.h"
51 #include "net/http/url_security_manager.h"
52 #include "net/socket/client_socket_factory.h"
53 #include "net/socket/socks_client_socket_pool.h"
54 #include "net/socket/ssl_client_socket.h"
55 #include "net/socket/ssl_client_socket_pool.h"
56 #include "net/socket/transport_client_socket_pool.h"
57 #include "net/spdy/hpack_huffman_aggregator.h"
58 #include "net/spdy/spdy_http_stream.h"
59 #include "net/spdy/spdy_session.h"
60 #include "net/spdy/spdy_session_pool.h"
61 #include "net/ssl/ssl_cert_request_info.h"
62 #include "net/ssl/ssl_connection_status_flags.h"
65 #if defined(SPDY_PROXY_AUTH_ORIGIN)
67 #include "net/proxy/proxy_server.h"
72 using base::TimeDelta;
78 void ProcessAlternateProtocol(
79 HttpNetworkSession* session,
80 const HttpResponseHeaders& headers,
81 const HostPortPair& http_host_port_pair) {
82 std::string alternate_protocol_str;
84 if (!headers.EnumerateHeader(NULL, kAlternateProtocolHeader,
85 &alternate_protocol_str)) {
86 // Header is not present.
90 session->http_stream_factory()->ProcessAlternateProtocol(
91 session->http_server_properties(),
92 alternate_protocol_str,
97 // Returns true if |error| is a client certificate authentication error.
98 bool IsClientCertificateError(int error) {
100 case ERR_BAD_SSL_CLIENT_AUTH_CERT:
101 case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED:
102 case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY:
103 case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED:
110 base::Value* NetLogSSLVersionFallbackCallback(
113 uint16 version_before,
114 uint16 version_after,
115 NetLog::LogLevel /* log_level */) {
116 base::DictionaryValue* dict = new base::DictionaryValue();
117 dict->SetString("host_and_port", GetHostAndPort(*url));
118 dict->SetInteger("net_error", net_error);
119 dict->SetInteger("version_before", version_before);
120 dict->SetInteger("version_after", version_after);
126 //-----------------------------------------------------------------------------
128 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
129 HttpNetworkSession* session)
130 : pending_auth_target_(HttpAuth::AUTH_NONE),
131 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete,
132 base::Unretained(this))),
136 headers_valid_(false),
137 logged_response_time_(false),
138 fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK),
141 total_received_bytes_(0),
142 next_state_(STATE_NONE),
143 establishing_tunnel_(false),
144 websocket_handshake_stream_base_create_helper_(NULL) {
145 session->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
146 session->GetNextProtos(&server_ssl_config_.next_protos);
147 proxy_ssl_config_ = server_ssl_config_;
150 HttpNetworkTransaction::~HttpNetworkTransaction() {
152 HttpResponseHeaders* headers = GetResponseHeaders();
153 // TODO(mbelshe): The stream_ should be able to compute whether or not the
154 // stream should be kept alive. No reason to compute here
156 bool try_to_keep_alive =
157 next_state_ == STATE_NONE &&
158 stream_->CanFindEndOfResponse() &&
159 (!headers || headers->IsKeepAlive());
160 if (!try_to_keep_alive) {
161 stream_->Close(true /* not reusable */);
163 if (stream_->IsResponseBodyComplete()) {
164 // If the response body is complete, we can just reuse the socket.
165 stream_->Close(false /* reusable */);
166 } else if (stream_->IsSpdyHttpStream()) {
167 // Doesn't really matter for SpdyHttpStream. Just close it.
168 stream_->Close(true /* not reusable */);
170 // Otherwise, we try to drain the response body.
171 HttpStreamBase* stream = stream_.release();
172 stream->Drain(session_);
177 if (request_ && request_->upload_data_stream)
178 request_->upload_data_stream->Reset(); // Invalidate pending callbacks.
181 int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
182 const CompletionCallback& callback,
183 const BoundNetLog& net_log) {
184 SIMPLE_STATS_COUNTER("HttpNetworkTransaction.Count");
187 request_ = request_info;
188 start_time_ = base::Time::Now();
190 if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) {
191 server_ssl_config_.rev_checking_enabled = false;
192 proxy_ssl_config_.rev_checking_enabled = false;
195 // Channel ID is disabled if privacy mode is enabled for this request.
196 if (request_->privacy_mode == PRIVACY_MODE_ENABLED)
197 server_ssl_config_.channel_id_enabled = false;
199 next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
201 if (rv == ERR_IO_PENDING)
202 callback_ = callback;
206 int HttpNetworkTransaction::RestartIgnoringLastError(
207 const CompletionCallback& callback) {
208 DCHECK(!stream_.get());
209 DCHECK(!stream_request_.get());
210 DCHECK_EQ(STATE_NONE, next_state_);
212 next_state_ = STATE_CREATE_STREAM;
215 if (rv == ERR_IO_PENDING)
216 callback_ = callback;
220 int HttpNetworkTransaction::RestartWithCertificate(
221 X509Certificate* client_cert, const CompletionCallback& callback) {
222 // In HandleCertificateRequest(), we always tear down existing stream
223 // requests to force a new connection. So we shouldn't have one here.
224 DCHECK(!stream_request_.get());
225 DCHECK(!stream_.get());
226 DCHECK_EQ(STATE_NONE, next_state_);
228 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
229 &proxy_ssl_config_ : &server_ssl_config_;
230 ssl_config->send_client_cert = true;
231 ssl_config->client_cert = client_cert;
232 session_->ssl_client_auth_cache()->Add(
233 response_.cert_request_info->host_and_port, client_cert);
234 // Reset the other member variables.
235 // Note: this is necessary only with SSL renegotiation.
236 ResetStateForRestart();
237 next_state_ = STATE_CREATE_STREAM;
239 if (rv == ERR_IO_PENDING)
240 callback_ = callback;
244 int HttpNetworkTransaction::RestartWithAuth(
245 const AuthCredentials& credentials, const CompletionCallback& callback) {
246 HttpAuth::Target target = pending_auth_target_;
247 if (target == HttpAuth::AUTH_NONE) {
249 return ERR_UNEXPECTED;
251 pending_auth_target_ = HttpAuth::AUTH_NONE;
253 auth_controllers_[target]->ResetAuth(credentials);
255 DCHECK(callback_.is_null());
258 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) {
259 // In this case, we've gathered credentials for use with proxy
260 // authentication of a tunnel.
261 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
262 DCHECK(stream_request_ != NULL);
263 auth_controllers_[target] = NULL;
264 ResetStateForRestart();
265 rv = stream_request_->RestartTunnelWithProxyAuth(credentials);
267 // In this case, we've gathered credentials for the server or the proxy
268 // but it is not during the tunneling phase.
269 DCHECK(stream_request_ == NULL);
270 PrepareForAuthRestart(target);
274 if (rv == ERR_IO_PENDING)
275 callback_ = callback;
279 void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) {
280 DCHECK(HaveAuth(target));
281 DCHECK(!stream_request_.get());
283 bool keep_alive = false;
284 // Even if the server says the connection is keep-alive, we have to be
285 // able to find the end of each response in order to reuse the connection.
286 if (GetResponseHeaders()->IsKeepAlive() &&
287 stream_->CanFindEndOfResponse()) {
288 // If the response body hasn't been completely read, we need to drain
290 if (!stream_->IsResponseBodyComplete()) {
291 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
292 read_buf_ = new IOBuffer(kDrainBodyBufferSize); // A bit bucket.
293 read_buf_len_ = kDrainBodyBufferSize;
299 // We don't need to drain the response body, so we act as if we had drained
300 // the response body.
301 DidDrainBodyForAuthRestart(keep_alive);
304 void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) {
305 DCHECK(!stream_request_.get());
308 total_received_bytes_ += stream_->GetTotalReceivedBytes();
309 HttpStream* new_stream = NULL;
310 if (keep_alive && stream_->IsConnectionReusable()) {
311 // We should call connection_->set_idle_time(), but this doesn't occur
312 // often enough to be worth the trouble.
313 stream_->SetConnectionReused();
315 static_cast<HttpStream*>(stream_.get())->RenewStreamForAuth();
319 // Close the stream and mark it as not_reusable. Even in the
320 // keep_alive case, we've determined that the stream_ is not
321 // reusable if new_stream is NULL.
322 stream_->Close(true);
323 next_state_ = STATE_CREATE_STREAM;
325 // Renewed streams shouldn't carry over received bytes.
326 DCHECK_EQ(0, new_stream->GetTotalReceivedBytes());
327 next_state_ = STATE_INIT_STREAM;
329 stream_.reset(new_stream);
332 // Reset the other member variables.
333 ResetStateForAuthRestart();
336 bool HttpNetworkTransaction::IsReadyToRestartForAuth() {
337 return pending_auth_target_ != HttpAuth::AUTH_NONE &&
338 HaveAuth(pending_auth_target_);
341 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len,
342 const CompletionCallback& callback) {
344 DCHECK_LT(0, buf_len);
346 State next_state = STATE_NONE;
348 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
349 if (headers_valid_ && headers.get() && stream_request_.get()) {
350 // We're trying to read the body of the response but we're still trying
351 // to establish an SSL tunnel through an HTTP proxy. We can't read these
352 // bytes when establishing a tunnel because they might be controlled by
353 // an active network attacker. We don't worry about this for HTTP
354 // because an active network attacker can already control HTTP sessions.
355 // We reach this case when the user cancels a 407 proxy auth prompt. We
356 // also don't worry about this for an HTTPS Proxy, because the
357 // communication with the proxy is secure.
358 // See http://crbug.com/8473.
359 DCHECK(proxy_info_.is_http() || proxy_info_.is_https());
360 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED);
361 LOG(WARNING) << "Blocked proxy response with status "
362 << headers->response_code() << " to CONNECT request for "
363 << GetHostAndPort(request_->url) << ".";
364 return ERR_TUNNEL_CONNECTION_FAILED;
367 // Are we using SPDY or HTTP?
368 next_state = STATE_READ_BODY;
371 read_buf_len_ = buf_len;
373 next_state_ = next_state;
375 if (rv == ERR_IO_PENDING)
376 callback_ = callback;
380 void HttpNetworkTransaction::StopCaching() {}
382 bool HttpNetworkTransaction::GetFullRequestHeaders(
383 HttpRequestHeaders* headers) const {
384 // TODO(ttuttle): Make sure we've populated request_headers_.
385 *headers = request_headers_;
389 int64 HttpNetworkTransaction::GetTotalReceivedBytes() const {
390 int64 total_received_bytes = total_received_bytes_;
392 total_received_bytes += stream_->GetTotalReceivedBytes();
393 return total_received_bytes;
396 void HttpNetworkTransaction::DoneReading() {}
398 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const {
399 return ((headers_valid_ && response_.headers.get()) ||
400 response_.ssl_info.cert.get() || response_.cert_request_info.get())
405 LoadState HttpNetworkTransaction::GetLoadState() const {
406 // TODO(wtc): Define a new LoadState value for the
407 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request.
408 switch (next_state_) {
409 case STATE_CREATE_STREAM:
410 return LOAD_STATE_WAITING_FOR_DELEGATE;
411 case STATE_CREATE_STREAM_COMPLETE:
412 return stream_request_->GetLoadState();
413 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
414 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
415 case STATE_SEND_REQUEST_COMPLETE:
416 return LOAD_STATE_SENDING_REQUEST;
417 case STATE_READ_HEADERS_COMPLETE:
418 return LOAD_STATE_WAITING_FOR_RESPONSE;
419 case STATE_READ_BODY_COMPLETE:
420 return LOAD_STATE_READING_RESPONSE;
422 return LOAD_STATE_IDLE;
426 UploadProgress HttpNetworkTransaction::GetUploadProgress() const {
428 return UploadProgress();
430 // TODO(bashi): This cast is temporary. Remove later.
431 return static_cast<HttpStream*>(stream_.get())->GetUploadProgress();
434 void HttpNetworkTransaction::SetQuicServerInfo(
435 QuicServerInfo* quic_server_info) {}
437 bool HttpNetworkTransaction::GetLoadTimingInfo(
438 LoadTimingInfo* load_timing_info) const {
439 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info))
442 load_timing_info->proxy_resolve_start =
443 proxy_info_.proxy_resolve_start_time();
444 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time();
445 load_timing_info->send_start = send_start_time_;
446 load_timing_info->send_end = send_end_time_;
450 void HttpNetworkTransaction::SetPriority(RequestPriority priority) {
451 priority_ = priority;
453 stream_request_->SetPriority(priority);
455 stream_->SetPriority(priority);
458 void HttpNetworkTransaction::SetWebSocketHandshakeStreamCreateHelper(
459 WebSocketHandshakeStreamBase::CreateHelper* create_helper) {
460 websocket_handshake_stream_base_create_helper_ = create_helper;
463 void HttpNetworkTransaction::SetBeforeNetworkStartCallback(
464 const BeforeNetworkStartCallback& callback) {
465 before_network_start_callback_ = callback;
468 int HttpNetworkTransaction::ResumeNetworkStart() {
469 DCHECK_EQ(next_state_, STATE_CREATE_STREAM);
473 void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
474 const ProxyInfo& used_proxy_info,
475 HttpStreamBase* stream) {
476 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
477 DCHECK(stream_request_.get());
480 total_received_bytes_ += stream_->GetTotalReceivedBytes();
481 stream_.reset(stream);
482 server_ssl_config_ = used_ssl_config;
483 proxy_info_ = used_proxy_info;
484 response_.was_npn_negotiated = stream_request_->was_npn_negotiated();
485 response_.npn_negotiated_protocol = SSLClientSocket::NextProtoToString(
486 stream_request_->protocol_negotiated());
487 response_.was_fetched_via_spdy = stream_request_->using_spdy();
488 response_.was_fetched_via_proxy = !proxy_info_.is_direct();
489 if (response_.was_fetched_via_proxy && !proxy_info_.is_empty())
490 response_.proxy_server = proxy_info_.proxy_server().host_port_pair();
494 void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady(
495 const SSLConfig& used_ssl_config,
496 const ProxyInfo& used_proxy_info,
497 WebSocketHandshakeStreamBase* stream) {
498 OnStreamReady(used_ssl_config, used_proxy_info, stream);
501 void HttpNetworkTransaction::OnStreamFailed(int result,
502 const SSLConfig& used_ssl_config) {
503 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
504 DCHECK_NE(OK, result);
505 DCHECK(stream_request_.get());
506 DCHECK(!stream_.get());
507 server_ssl_config_ = used_ssl_config;
509 OnIOComplete(result);
512 void HttpNetworkTransaction::OnCertificateError(
514 const SSLConfig& used_ssl_config,
515 const SSLInfo& ssl_info) {
516 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
517 DCHECK_NE(OK, result);
518 DCHECK(stream_request_.get());
519 DCHECK(!stream_.get());
521 response_.ssl_info = ssl_info;
522 server_ssl_config_ = used_ssl_config;
524 // TODO(mbelshe): For now, we're going to pass the error through, and that
525 // will close the stream_request in all cases. This means that we're always
526 // going to restart an entire STATE_CREATE_STREAM, even if the connection is
527 // good and the user chooses to ignore the error. This is not ideal, but not
528 // the end of the world either.
530 OnIOComplete(result);
533 void HttpNetworkTransaction::OnNeedsProxyAuth(
534 const HttpResponseInfo& proxy_response,
535 const SSLConfig& used_ssl_config,
536 const ProxyInfo& used_proxy_info,
537 HttpAuthController* auth_controller) {
538 DCHECK(stream_request_.get());
539 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
541 establishing_tunnel_ = true;
542 response_.headers = proxy_response.headers;
543 response_.auth_challenge = proxy_response.auth_challenge;
544 headers_valid_ = true;
545 server_ssl_config_ = used_ssl_config;
546 proxy_info_ = used_proxy_info;
548 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
549 pending_auth_target_ = HttpAuth::AUTH_PROXY;
554 void HttpNetworkTransaction::OnNeedsClientAuth(
555 const SSLConfig& used_ssl_config,
556 SSLCertRequestInfo* cert_info) {
557 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
559 server_ssl_config_ = used_ssl_config;
560 response_.cert_request_info = cert_info;
561 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
564 void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
565 const HttpResponseInfo& response_info,
566 const SSLConfig& used_ssl_config,
567 const ProxyInfo& used_proxy_info,
568 HttpStreamBase* stream) {
569 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
571 headers_valid_ = true;
572 response_ = response_info;
573 server_ssl_config_ = used_ssl_config;
574 proxy_info_ = used_proxy_info;
576 total_received_bytes_ += stream_->GetTotalReceivedBytes();
577 stream_.reset(stream);
578 stream_request_.reset(); // we're done with the stream request
579 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
582 bool HttpNetworkTransaction::is_https_request() const {
583 return request_->url.SchemeIs("https");
586 void HttpNetworkTransaction::DoCallback(int rv) {
587 DCHECK_NE(rv, ERR_IO_PENDING);
588 DCHECK(!callback_.is_null());
590 // Since Run may result in Read being called, clear user_callback_ up front.
591 CompletionCallback c = callback_;
596 void HttpNetworkTransaction::OnIOComplete(int result) {
597 int rv = DoLoop(result);
598 if (rv != ERR_IO_PENDING)
602 int HttpNetworkTransaction::DoLoop(int result) {
603 DCHECK(next_state_ != STATE_NONE);
607 State state = next_state_;
608 next_state_ = STATE_NONE;
610 case STATE_NOTIFY_BEFORE_CREATE_STREAM:
612 rv = DoNotifyBeforeCreateStream();
614 case STATE_CREATE_STREAM:
616 rv = DoCreateStream();
618 case STATE_CREATE_STREAM_COMPLETE:
619 rv = DoCreateStreamComplete(rv);
621 case STATE_INIT_STREAM:
625 case STATE_INIT_STREAM_COMPLETE:
626 rv = DoInitStreamComplete(rv);
628 case STATE_GENERATE_PROXY_AUTH_TOKEN:
630 rv = DoGenerateProxyAuthToken();
632 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
633 rv = DoGenerateProxyAuthTokenComplete(rv);
635 case STATE_GENERATE_SERVER_AUTH_TOKEN:
637 rv = DoGenerateServerAuthToken();
639 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
640 rv = DoGenerateServerAuthTokenComplete(rv);
642 case STATE_INIT_REQUEST_BODY:
644 rv = DoInitRequestBody();
646 case STATE_INIT_REQUEST_BODY_COMPLETE:
647 rv = DoInitRequestBodyComplete(rv);
649 case STATE_BUILD_REQUEST:
651 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST);
652 rv = DoBuildRequest();
654 case STATE_BUILD_REQUEST_COMPLETE:
655 rv = DoBuildRequestComplete(rv);
657 case STATE_SEND_REQUEST:
659 rv = DoSendRequest();
661 case STATE_SEND_REQUEST_COMPLETE:
662 rv = DoSendRequestComplete(rv);
663 net_log_.EndEventWithNetErrorCode(
664 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv);
666 case STATE_READ_HEADERS:
668 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS);
669 rv = DoReadHeaders();
671 case STATE_READ_HEADERS_COMPLETE:
672 rv = DoReadHeadersComplete(rv);
673 net_log_.EndEventWithNetErrorCode(
674 NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv);
676 case STATE_READ_BODY:
678 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY);
681 case STATE_READ_BODY_COMPLETE:
682 rv = DoReadBodyComplete(rv);
683 net_log_.EndEventWithNetErrorCode(
684 NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv);
686 case STATE_DRAIN_BODY_FOR_AUTH_RESTART:
689 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART);
690 rv = DoDrainBodyForAuthRestart();
692 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE:
693 rv = DoDrainBodyForAuthRestartComplete(rv);
694 net_log_.EndEventWithNetErrorCode(
695 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv);
698 NOTREACHED() << "bad state";
702 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
707 int HttpNetworkTransaction::DoNotifyBeforeCreateStream() {
708 next_state_ = STATE_CREATE_STREAM;
710 if (!before_network_start_callback_.is_null())
711 before_network_start_callback_.Run(&defer);
714 return ERR_IO_PENDING;
717 int HttpNetworkTransaction::DoCreateStream() {
718 next_state_ = STATE_CREATE_STREAM_COMPLETE;
719 if (ForWebSocketHandshake()) {
720 stream_request_.reset(
721 session_->http_stream_factory_for_websocket()
722 ->RequestWebSocketHandshakeStream(
728 websocket_handshake_stream_base_create_helper_,
731 stream_request_.reset(
732 session_->http_stream_factory()->RequestStream(
740 DCHECK(stream_request_.get());
741 return ERR_IO_PENDING;
744 int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
746 next_state_ = STATE_INIT_STREAM;
747 DCHECK(stream_.get());
748 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
749 result = HandleCertificateRequest(result);
750 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
751 // Return OK and let the caller read the proxy's error page
752 next_state_ = STATE_NONE;
756 // Handle possible handshake errors that may have occurred if the stream
757 // used SSL for one or more of the layers.
758 result = HandleSSLHandshakeError(result);
760 // At this point we are done with the stream_request_.
761 stream_request_.reset();
765 int HttpNetworkTransaction::DoInitStream() {
766 DCHECK(stream_.get());
767 next_state_ = STATE_INIT_STREAM_COMPLETE;
768 return stream_->InitializeStream(request_, priority_, net_log_, io_callback_);
771 int HttpNetworkTransaction::DoInitStreamComplete(int result) {
773 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
776 result = HandleIOError(result);
778 // The stream initialization failed, so this stream will never be useful.
780 total_received_bytes_ += stream_->GetTotalReceivedBytes();
787 int HttpNetworkTransaction::DoGenerateProxyAuthToken() {
788 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
789 if (!ShouldApplyProxyAuth())
791 HttpAuth::Target target = HttpAuth::AUTH_PROXY;
792 if (!auth_controllers_[target].get())
793 auth_controllers_[target] =
794 new HttpAuthController(target,
796 session_->http_auth_cache(),
797 session_->http_auth_handler_factory());
798 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
803 int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) {
804 DCHECK_NE(ERR_IO_PENDING, rv);
806 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN;
810 int HttpNetworkTransaction::DoGenerateServerAuthToken() {
811 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE;
812 HttpAuth::Target target = HttpAuth::AUTH_SERVER;
813 if (!auth_controllers_[target].get()) {
814 auth_controllers_[target] =
815 new HttpAuthController(target,
817 session_->http_auth_cache(),
818 session_->http_auth_handler_factory());
819 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY)
820 auth_controllers_[target]->DisableEmbeddedIdentity();
822 if (!ShouldApplyServerAuth())
824 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
829 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
830 DCHECK_NE(ERR_IO_PENDING, rv);
832 next_state_ = STATE_INIT_REQUEST_BODY;
836 void HttpNetworkTransaction::BuildRequestHeaders(bool using_proxy) {
837 request_headers_.SetHeader(HttpRequestHeaders::kHost,
838 GetHostAndOptionalPort(request_->url));
840 // For compat with HTTP/1.0 servers and proxies:
842 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
845 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
848 // Add a content length header?
849 if (request_->upload_data_stream) {
850 if (request_->upload_data_stream->is_chunked()) {
851 request_headers_.SetHeader(
852 HttpRequestHeaders::kTransferEncoding, "chunked");
854 request_headers_.SetHeader(
855 HttpRequestHeaders::kContentLength,
856 base::Uint64ToString(request_->upload_data_stream->size()));
858 } else if (request_->method == "POST" || request_->method == "PUT" ||
859 request_->method == "HEAD") {
860 // An empty POST/PUT request still needs a content length. As for HEAD,
861 // IE and Safari also add a content length header. Presumably it is to
862 // support sending a HEAD request to an URL that only expects to be sent a
863 // POST or some other method that normally would have a message body.
864 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
867 // Honor load flags that impact proxy caches.
868 if (request_->load_flags & LOAD_BYPASS_CACHE) {
869 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
870 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
871 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
872 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
875 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
876 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
878 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
879 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
882 request_headers_.MergeFrom(request_->extra_headers);
883 response_.did_use_http_auth =
884 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
885 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
888 int HttpNetworkTransaction::DoInitRequestBody() {
889 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
891 if (request_->upload_data_stream)
892 rv = request_->upload_data_stream->Init(io_callback_);
896 int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
898 next_state_ = STATE_BUILD_REQUEST;
902 int HttpNetworkTransaction::DoBuildRequest() {
903 next_state_ = STATE_BUILD_REQUEST_COMPLETE;
904 headers_valid_ = false;
906 // This is constructed lazily (instead of within our Start method), so that
907 // we have proxy info available.
908 if (request_headers_.IsEmpty()) {
909 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
911 BuildRequestHeaders(using_proxy);
917 int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
919 next_state_ = STATE_SEND_REQUEST;
923 int HttpNetworkTransaction::DoSendRequest() {
924 send_start_time_ = base::TimeTicks::Now();
925 next_state_ = STATE_SEND_REQUEST_COMPLETE;
927 return stream_->SendRequest(request_headers_, &response_, io_callback_);
930 int HttpNetworkTransaction::DoSendRequestComplete(int result) {
931 send_end_time_ = base::TimeTicks::Now();
933 return HandleIOError(result);
934 response_.network_accessed = true;
935 next_state_ = STATE_READ_HEADERS;
939 int HttpNetworkTransaction::DoReadHeaders() {
940 next_state_ = STATE_READ_HEADERS_COMPLETE;
941 return stream_->ReadResponseHeaders(io_callback_);
944 int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
945 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here
946 // due to SSL renegotiation.
947 if (IsCertificateError(result)) {
948 // We don't handle a certificate error during SSL renegotiation, so we
949 // have to return an error that's not in the certificate error range
951 LOG(ERROR) << "Got a server certificate with error " << result
952 << " during SSL renegotiation";
953 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
954 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
955 // TODO(wtc): Need a test case for this code path!
956 DCHECK(stream_.get());
957 DCHECK(is_https_request());
958 response_.cert_request_info = new SSLCertRequestInfo;
959 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get());
960 result = HandleCertificateRequest(result);
965 if (result == ERR_QUIC_HANDSHAKE_FAILED) {
966 ResetConnectionAndRequestForResend();
970 // After we call RestartWithAuth a new response_time will be recorded, and
971 // we need to be cautious about incorrectly logging the duration across the
972 // authentication activity.
974 LogTransactionConnectedMetrics();
976 // ERR_CONNECTION_CLOSED is treated differently at this point; if partial
977 // response headers were received, we do the best we can to make sense of it
978 // and send it back up the stack.
980 // TODO(davidben): Consider moving this to HttpBasicStream, It's a little
981 // bizarre for SPDY. Assuming this logic is useful at all.
982 // TODO(davidben): Bubble the error code up so we do not cache?
983 if (result == ERR_CONNECTION_CLOSED && response_.headers.get())
987 return HandleIOError(result);
989 DCHECK(response_.headers.get());
991 // On a 408 response from the server ("Request Timeout") on a stale socket,
992 // retry the request.
993 // Headers can be NULL because of http://crbug.com/384554.
994 if (response_.headers.get() && response_.headers->response_code() == 408 &&
995 stream_->IsConnectionReused()) {
996 net_log_.AddEventWithNetErrorCode(
997 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR,
998 response_.headers->response_code());
999 // This will close the socket - it would be weird to try and reuse it, even
1000 // if the server doesn't actually close it.
1001 ResetConnectionAndRequestForResend();
1005 // Like Net.HttpResponseCode, but only for MAIN_FRAME loads.
1006 if (request_->load_flags & LOAD_MAIN_FRAME) {
1007 const int response_code = response_.headers->response_code();
1008 UMA_HISTOGRAM_ENUMERATION(
1009 "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10);
1013 NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS,
1014 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers));
1016 if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0)) {
1017 // HTTP/0.9 doesn't support the PUT method, so lack of response headers
1018 // indicates a buggy server. See:
1019 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921
1020 if (request_->method == "PUT")
1021 return ERR_METHOD_NOT_SUPPORTED;
1024 // Check for an intermediate 100 Continue response. An origin server is
1025 // allowed to send this response even if we didn't ask for it, so we just
1026 // need to skip over it.
1027 // We treat any other 1xx in this same way (although in practice getting
1028 // a 1xx that isn't a 100 is rare).
1029 // Unless this is a WebSocket request, in which case we pass it on up.
1030 if (response_.headers->response_code() / 100 == 1 &&
1031 !ForWebSocketHandshake()) {
1032 response_.headers = new HttpResponseHeaders(std::string());
1033 next_state_ = STATE_READ_HEADERS;
1037 HostPortPair endpoint = HostPortPair(request_->url.HostNoBrackets(),
1038 request_->url.EffectiveIntPort());
1039 ProcessAlternateProtocol(session_,
1040 *response_.headers.get(),
1043 int rv = HandleAuthChallenge();
1047 if (is_https_request())
1048 stream_->GetSSLInfo(&response_.ssl_info);
1050 headers_valid_ = true;
1052 if (session_->huffman_aggregator()) {
1053 session_->huffman_aggregator()->AggregateTransactionCharacterCounts(
1056 proxy_info_.proxy_server(),
1057 *response_.headers);
1062 int HttpNetworkTransaction::DoReadBody() {
1063 DCHECK(read_buf_.get());
1064 DCHECK_GT(read_buf_len_, 0);
1065 DCHECK(stream_ != NULL);
1067 next_state_ = STATE_READ_BODY_COMPLETE;
1068 return stream_->ReadResponseBody(
1069 read_buf_.get(), read_buf_len_, io_callback_);
1072 int HttpNetworkTransaction::DoReadBodyComplete(int result) {
1073 // We are done with the Read call.
1076 DCHECK_NE(ERR_IO_PENDING, result);
1080 bool keep_alive = false;
1081 if (stream_->IsResponseBodyComplete()) {
1082 // Note: Just because IsResponseBodyComplete is true, we're not
1083 // necessarily "done". We're only "done" when it is the last
1084 // read on this HttpNetworkTransaction, which will be signified
1085 // by a zero-length read.
1086 // TODO(mbelshe): The keepalive property is really a property of
1087 // the stream. No need to compute it here just to pass back
1088 // to the stream's Close function.
1089 // TODO(rtenneti): CanFindEndOfResponse should return false if there are no
1091 if (stream_->CanFindEndOfResponse()) {
1092 HttpResponseHeaders* headers = GetResponseHeaders();
1094 keep_alive = headers->IsKeepAlive();
1098 // Clean up connection if we are done.
1100 LogTransactionMetrics();
1101 stream_->Close(!keep_alive);
1102 // Note: we don't reset the stream here. We've closed it, but we still
1103 // need it around so that callers can call methods such as
1104 // GetUploadProgress() and have them be meaningful.
1105 // TODO(mbelshe): This means we closed the stream here, and we close it
1106 // again in ~HttpNetworkTransaction. Clean that up.
1108 // The next Read call will return 0 (EOF).
1111 // Clear these to avoid leaving around old state.
1118 int HttpNetworkTransaction::DoDrainBodyForAuthRestart() {
1119 // This method differs from DoReadBody only in the next_state_. So we just
1120 // call DoReadBody and override the next_state_. Perhaps there is a more
1121 // elegant way for these two methods to share code.
1122 int rv = DoReadBody();
1123 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE);
1124 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE;
1128 // TODO(wtc): This method and the DoReadBodyComplete method are almost
1129 // the same. Figure out a good way for these two methods to share code.
1130 int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) {
1131 // keep_alive defaults to true because the very reason we're draining the
1132 // response body is to reuse the connection for auth restart.
1133 bool done = false, keep_alive = true;
1135 // Error or closed connection while reading the socket.
1138 } else if (stream_->IsResponseBodyComplete()) {
1143 DidDrainBodyForAuthRestart(keep_alive);
1146 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
1152 void HttpNetworkTransaction::LogTransactionConnectedMetrics() {
1153 if (logged_response_time_)
1156 logged_response_time_ = true;
1158 base::TimeDelta total_duration = response_.response_time - start_time_;
1160 UMA_HISTOGRAM_CUSTOM_TIMES(
1161 "Net.Transaction_Connected",
1163 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1166 bool reused_socket = stream_->IsConnectionReused();
1167 if (!reused_socket) {
1168 UMA_HISTOGRAM_CUSTOM_TIMES(
1169 "Net.Transaction_Connected_New_b",
1171 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1175 // Currently, non-HIGHEST priority requests are frame or sub-frame resource
1176 // types. This will change when we also prioritize certain subresources like
1178 if (priority_ != HIGHEST) {
1179 UMA_HISTOGRAM_CUSTOM_TIMES(
1180 "Net.Priority_High_Latency_b",
1182 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1185 UMA_HISTOGRAM_CUSTOM_TIMES(
1186 "Net.Priority_Low_Latency_b",
1188 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1193 void HttpNetworkTransaction::LogTransactionMetrics() const {
1194 base::TimeDelta duration = base::Time::Now() -
1195 response_.request_time;
1196 if (60 < duration.InMinutes())
1199 base::TimeDelta total_duration = base::Time::Now() - start_time_;
1201 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_b", duration,
1202 base::TimeDelta::FromMilliseconds(1),
1203 base::TimeDelta::FromMinutes(10),
1205 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_Total",
1207 base::TimeDelta::FromMilliseconds(1),
1208 base::TimeDelta::FromMinutes(10), 100);
1210 if (!stream_->IsConnectionReused()) {
1211 UMA_HISTOGRAM_CUSTOM_TIMES(
1212 "Net.Transaction_Latency_Total_New_Connection",
1213 total_duration, base::TimeDelta::FromMilliseconds(1),
1214 base::TimeDelta::FromMinutes(10), 100);
1218 int HttpNetworkTransaction::HandleCertificateRequest(int error) {
1219 // There are two paths through which the server can request a certificate
1220 // from us. The first is during the initial handshake, the second is
1221 // during SSL renegotiation.
1223 // In both cases, we want to close the connection before proceeding.
1224 // We do this for two reasons:
1225 // First, we don't want to keep the connection to the server hung for a
1226 // long time while the user selects a certificate.
1227 // Second, even if we did keep the connection open, NSS has a bug where
1228 // restarting the handshake for ClientAuth is currently broken.
1229 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
1231 if (stream_.get()) {
1232 // Since we already have a stream, we're being called as part of SSL
1234 DCHECK(!stream_request_.get());
1235 total_received_bytes_ += stream_->GetTotalReceivedBytes();
1236 stream_->Close(true);
1240 // The server is asking for a client certificate during the initial
1242 stream_request_.reset();
1244 // If the user selected one of the certificates in client_certs or declined
1245 // to provide one for this server before, use the past decision
1247 scoped_refptr<X509Certificate> client_cert;
1248 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup(
1249 response_.cert_request_info->host_and_port, &client_cert);
1250 if (!found_cached_cert)
1253 // Check that the certificate selected is still a certificate the server
1254 // is likely to accept, based on the criteria supplied in the
1255 // CertificateRequest message.
1256 if (client_cert.get()) {
1257 const std::vector<std::string>& cert_authorities =
1258 response_.cert_request_info->cert_authorities;
1260 bool cert_still_valid = cert_authorities.empty() ||
1261 client_cert->IsIssuedByEncoded(cert_authorities);
1262 if (!cert_still_valid)
1266 // TODO(davidben): Add a unit test which covers this path; we need to be
1267 // able to send a legitimate certificate and also bypass/clear the
1268 // SSL session cache.
1269 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
1270 &proxy_ssl_config_ : &server_ssl_config_;
1271 ssl_config->send_client_cert = true;
1272 ssl_config->client_cert = client_cert;
1273 next_state_ = STATE_CREATE_STREAM;
1274 // Reset the other member variables.
1275 // Note: this is necessary only with SSL renegotiation.
1276 ResetStateForRestart();
1280 void HttpNetworkTransaction::HandleClientAuthError(int error) {
1281 if (server_ssl_config_.send_client_cert &&
1282 (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
1283 session_->ssl_client_auth_cache()->Remove(
1284 HostPortPair::FromURL(request_->url));
1288 // TODO(rch): This does not correctly handle errors when an SSL proxy is
1289 // being used, as all of the errors are handled as if they were generated
1290 // by the endpoint host, request_->url, rather than considering if they were
1291 // generated by the SSL proxy. http://crbug.com/69329
1292 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
1294 HandleClientAuthError(error);
1296 bool should_fallback = false;
1297 uint16 version_max = server_ssl_config_.version_max;
1300 case ERR_SSL_PROTOCOL_ERROR:
1301 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1302 if (version_max >= SSL_PROTOCOL_VERSION_TLS1 &&
1303 version_max > server_ssl_config_.version_min) {
1304 // This could be a TLS-intolerant server or a server that chose a
1305 // cipher suite defined only for higher protocol versions (such as
1306 // an SSL 3.0 server that chose a TLS-only cipher suite). Fall
1307 // back to the next lower version and retry.
1308 // NOTE: if the SSLClientSocket class doesn't support TLS 1.1,
1309 // specifying TLS 1.1 in version_max will result in a TLS 1.0
1310 // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply
1311 // repeat the TLS 1.0 handshake. To avoid this problem, the default
1312 // version_max should match the maximum protocol version supported
1313 // by the SSLClientSocket class.
1316 // Fallback to the lower SSL version.
1317 // While SSL 3.0 fallback should be eliminated because of security
1318 // reasons, there is a high risk of breaking the servers if this is
1320 should_fallback = true;
1323 case ERR_SSL_BAD_RECORD_MAC_ALERT:
1324 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
1325 version_max > server_ssl_config_.version_min) {
1326 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or
1327 // 1.2 ClientHello, but then return a bad_record_mac alert. See
1328 // crbug.com/260358. In order to make the fallback as minimal as
1329 // possible, this fallback is only triggered for >= TLS 1.1.
1331 should_fallback = true;
1334 case ERR_SSL_INAPPROPRIATE_FALLBACK:
1335 // The server told us that we should not have fallen back. A buggy server
1336 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial
1337 // connection. |fallback_error_code_| is initialised to
1338 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case.
1339 error = fallback_error_code_;
1343 if (should_fallback) {
1345 NetLog::TYPE_SSL_VERSION_FALLBACK,
1346 base::Bind(&NetLogSSLVersionFallbackCallback,
1347 &request_->url, error, server_ssl_config_.version_max,
1349 fallback_error_code_ = error;
1350 server_ssl_config_.version_max = version_max;
1351 server_ssl_config_.version_fallback = true;
1352 ResetConnectionAndRequestForResend();
1359 // This method determines whether it is safe to resend the request after an
1360 // IO error. It can only be called in response to request header or body
1361 // write errors or response header read errors. It should not be used in
1362 // other cases, such as a Connect error.
1363 int HttpNetworkTransaction::HandleIOError(int error) {
1364 // Because the peer may request renegotiation with client authentication at
1365 // any time, check and handle client authentication errors.
1366 HandleClientAuthError(error);
1369 // If we try to reuse a connection that the server is in the process of
1370 // closing, we may end up successfully writing out our request (or a
1371 // portion of our request) only to find a connection error when we try to
1372 // read from (or finish writing to) the socket.
1373 case ERR_CONNECTION_RESET:
1374 case ERR_CONNECTION_CLOSED:
1375 case ERR_CONNECTION_ABORTED:
1376 // There can be a race between the socket pool checking checking whether a
1377 // socket is still connected, receiving the FIN, and sending/reading data
1378 // on a reused socket. If we receive the FIN between the connectedness
1379 // check and writing/reading from the socket, we may first learn the socket
1380 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most
1381 // likely happen when trying to retrieve its IP address.
1382 // See http://crbug.com/105824 for more details.
1383 case ERR_SOCKET_NOT_CONNECTED:
1384 // If a socket is closed on its initial request, HttpStreamParser returns
1385 // ERR_EMPTY_RESPONSE. This may still be close/reuse race if the socket was
1386 // preconnected but failed to be used before the server timed it out.
1387 case ERR_EMPTY_RESPONSE:
1388 if (ShouldResendRequest()) {
1389 net_log_.AddEventWithNetErrorCode(
1390 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1391 ResetConnectionAndRequestForResend();
1395 case ERR_SPDY_PING_FAILED:
1396 case ERR_SPDY_SERVER_REFUSED_STREAM:
1397 case ERR_QUIC_HANDSHAKE_FAILED:
1398 net_log_.AddEventWithNetErrorCode(
1399 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1400 ResetConnectionAndRequestForResend();
1407 void HttpNetworkTransaction::ResetStateForRestart() {
1408 ResetStateForAuthRestart();
1410 total_received_bytes_ += stream_->GetTotalReceivedBytes();
1414 void HttpNetworkTransaction::ResetStateForAuthRestart() {
1415 send_start_time_ = base::TimeTicks();
1416 send_end_time_ = base::TimeTicks();
1418 pending_auth_target_ = HttpAuth::AUTH_NONE;
1421 headers_valid_ = false;
1422 request_headers_.Clear();
1423 response_ = HttpResponseInfo();
1424 establishing_tunnel_ = false;
1427 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
1428 return response_.headers.get();
1431 bool HttpNetworkTransaction::ShouldResendRequest() const {
1432 bool connection_is_proven = stream_->IsConnectionReused();
1433 bool has_received_headers = GetResponseHeaders() != NULL;
1435 // NOTE: we resend a request only if we reused a keep-alive connection.
1436 // This automatically prevents an infinite resend loop because we'll run
1437 // out of the cached keep-alive connections eventually.
1438 if (connection_is_proven && !has_received_headers)
1443 void HttpNetworkTransaction::ResetConnectionAndRequestForResend() {
1444 if (stream_.get()) {
1445 stream_->Close(true);
1449 // We need to clear request_headers_ because it contains the real request
1450 // headers, but we may need to resend the CONNECT request first to recreate
1452 request_headers_.Clear();
1453 next_state_ = STATE_CREATE_STREAM; // Resend the request.
1456 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
1457 return !is_https_request() &&
1458 (proxy_info_.is_https() || proxy_info_.is_http());
1461 bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
1462 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
1465 int HttpNetworkTransaction::HandleAuthChallenge() {
1466 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
1467 DCHECK(headers.get());
1469 int status = headers->response_code();
1470 if (status != HTTP_UNAUTHORIZED &&
1471 status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
1473 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ?
1474 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
1475 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
1476 return ERR_UNEXPECTED_PROXY_AUTH;
1478 // This case can trigger when an HTTPS server responds with a "Proxy
1479 // authentication required" status code through a non-authenticating
1481 if (!auth_controllers_[target].get())
1482 return ERR_UNEXPECTED_PROXY_AUTH;
1484 int rv = auth_controllers_[target]->HandleAuthChallenge(
1485 headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
1487 if (auth_controllers_[target]->HaveAuthHandler())
1488 pending_auth_target_ = target;
1490 scoped_refptr<AuthChallengeInfo> auth_info =
1491 auth_controllers_[target]->auth_info();
1492 if (auth_info.get())
1493 response_.auth_challenge = auth_info;
1498 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
1499 return auth_controllers_[target].get() &&
1500 auth_controllers_[target]->HaveAuth();
1503 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
1505 case HttpAuth::AUTH_PROXY: {
1506 if (!proxy_info_.proxy_server().is_valid() ||
1507 proxy_info_.proxy_server().is_direct()) {
1508 return GURL(); // There is no proxy server.
1510 const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
1511 return GURL(scheme +
1512 proxy_info_.proxy_server().host_port_pair().ToString());
1514 case HttpAuth::AUTH_SERVER:
1515 return request_->url;
1521 bool HttpNetworkTransaction::ForWebSocketHandshake() const {
1522 return websocket_handshake_stream_base_create_helper_ &&
1523 request_->url.SchemeIsWSOrWSS();
1526 #define STATE_CASE(s) \
1528 description = base::StringPrintf("%s (0x%08X)", #s, s); \
1531 std::string HttpNetworkTransaction::DescribeState(State state) {
1532 std::string description;
1534 STATE_CASE(STATE_NOTIFY_BEFORE_CREATE_STREAM);
1535 STATE_CASE(STATE_CREATE_STREAM);
1536 STATE_CASE(STATE_CREATE_STREAM_COMPLETE);
1537 STATE_CASE(STATE_INIT_REQUEST_BODY);
1538 STATE_CASE(STATE_INIT_REQUEST_BODY_COMPLETE);
1539 STATE_CASE(STATE_BUILD_REQUEST);
1540 STATE_CASE(STATE_BUILD_REQUEST_COMPLETE);
1541 STATE_CASE(STATE_SEND_REQUEST);
1542 STATE_CASE(STATE_SEND_REQUEST_COMPLETE);
1543 STATE_CASE(STATE_READ_HEADERS);
1544 STATE_CASE(STATE_READ_HEADERS_COMPLETE);
1545 STATE_CASE(STATE_READ_BODY);
1546 STATE_CASE(STATE_READ_BODY_COMPLETE);
1547 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART);
1548 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE);
1549 STATE_CASE(STATE_NONE);
1551 description = base::StringPrintf("Unknown state 0x%08X (%u)", state,