1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/socket/client_socket_pool_manager_impl.h"
7 #include "base/logging.h"
8 #include "base/values.h"
9 #include "net/http/http_network_session.h"
10 #include "net/http/http_proxy_client_socket_pool.h"
11 #include "net/socket/socks_client_socket_pool.h"
12 #include "net/socket/ssl_client_socket_pool.h"
13 #include "net/socket/transport_client_socket_pool.h"
14 #include "net/socket/websocket_transport_client_socket_pool.h"
15 #include "net/ssl/ssl_config_service.h"
21 // Appends information about all |socket_pools| to the end of |list|.
22 template <class MapType>
23 void AddSocketPoolsToList(base::ListValue* list,
24 const MapType& socket_pools,
25 const std::string& type,
26 bool include_nested_pools) {
27 for (typename MapType::const_iterator it = socket_pools.begin();
28 it != socket_pools.end(); it++) {
29 list->Append(it->second->GetInfoAsValue(it->first.ToString(),
31 include_nested_pools));
37 ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
39 ClientSocketFactory* socket_factory,
40 HostResolver* host_resolver,
41 CertVerifier* cert_verifier,
42 ChannelIDService* channel_id_service,
43 TransportSecurityState* transport_security_state,
44 CTVerifier* cert_transparency_verifier,
45 const std::string& ssl_session_cache_shard,
46 ProxyService* proxy_service,
47 SSLConfigService* ssl_config_service,
48 bool enable_ssl_connect_job_waiting,
49 ProxyDelegate* proxy_delegate,
50 HttpNetworkSession::SocketPoolType pool_type)
52 socket_factory_(socket_factory),
53 host_resolver_(host_resolver),
54 cert_verifier_(cert_verifier),
55 channel_id_service_(channel_id_service),
56 transport_security_state_(transport_security_state),
57 cert_transparency_verifier_(cert_transparency_verifier),
58 ssl_session_cache_shard_(ssl_session_cache_shard),
59 proxy_service_(proxy_service),
60 ssl_config_service_(ssl_config_service),
61 enable_ssl_connect_job_waiting_(enable_ssl_connect_job_waiting),
62 pool_type_(pool_type),
63 transport_pool_histograms_("TCP"),
64 transport_socket_pool_(
65 pool_type == HttpNetworkSession::WEBSOCKET_SOCKET_POOL
66 ? new WebSocketTransportClientSocketPool(
67 max_sockets_per_pool(pool_type),
68 max_sockets_per_group(pool_type),
69 &transport_pool_histograms_,
73 : new TransportClientSocketPool(max_sockets_per_pool(pool_type),
74 max_sockets_per_group(pool_type),
75 &transport_pool_histograms_,
79 ssl_pool_histograms_("SSL2"),
80 ssl_socket_pool_(new SSLClientSocketPool(max_sockets_per_pool(pool_type),
81 max_sockets_per_group(pool_type),
82 &ssl_pool_histograms_,
86 transport_security_state,
87 cert_transparency_verifier,
88 ssl_session_cache_shard,
90 transport_socket_pool_.get(),
91 NULL /* no socks proxy */,
92 NULL /* no http proxy */,
94 enable_ssl_connect_job_waiting,
96 transport_for_socks_pool_histograms_("TCPforSOCKS"),
97 socks_pool_histograms_("SOCK"),
98 transport_for_http_proxy_pool_histograms_("TCPforHTTPProxy"),
99 transport_for_https_proxy_pool_histograms_("TCPforHTTPSProxy"),
100 ssl_for_https_proxy_pool_histograms_("SSLforHTTPSProxy"),
101 http_proxy_pool_histograms_("HTTPProxy"),
102 ssl_socket_pool_for_proxies_histograms_("SSLForProxies"),
103 proxy_delegate_(proxy_delegate) {
104 CertDatabase::GetInstance()->AddObserver(this);
107 ClientSocketPoolManagerImpl::~ClientSocketPoolManagerImpl() {
108 CertDatabase::GetInstance()->RemoveObserver(this);
111 void ClientSocketPoolManagerImpl::FlushSocketPoolsWithError(int error) {
112 // Flush the highest level pools first, since higher level pools may release
113 // stuff to the lower level pools.
115 for (SSLSocketPoolMap::const_iterator it =
116 ssl_socket_pools_for_proxies_.begin();
117 it != ssl_socket_pools_for_proxies_.end();
119 it->second->FlushWithError(error);
121 for (HTTPProxySocketPoolMap::const_iterator it =
122 http_proxy_socket_pools_.begin();
123 it != http_proxy_socket_pools_.end();
125 it->second->FlushWithError(error);
127 for (SSLSocketPoolMap::const_iterator it =
128 ssl_socket_pools_for_https_proxies_.begin();
129 it != ssl_socket_pools_for_https_proxies_.end();
131 it->second->FlushWithError(error);
133 for (TransportSocketPoolMap::const_iterator it =
134 transport_socket_pools_for_https_proxies_.begin();
135 it != transport_socket_pools_for_https_proxies_.end();
137 it->second->FlushWithError(error);
139 for (TransportSocketPoolMap::const_iterator it =
140 transport_socket_pools_for_http_proxies_.begin();
141 it != transport_socket_pools_for_http_proxies_.end();
143 it->second->FlushWithError(error);
145 for (SOCKSSocketPoolMap::const_iterator it =
146 socks_socket_pools_.begin();
147 it != socks_socket_pools_.end();
149 it->second->FlushWithError(error);
151 for (TransportSocketPoolMap::const_iterator it =
152 transport_socket_pools_for_socks_proxies_.begin();
153 it != transport_socket_pools_for_socks_proxies_.end();
155 it->second->FlushWithError(error);
157 ssl_socket_pool_->FlushWithError(error);
158 transport_socket_pool_->FlushWithError(error);
161 void ClientSocketPoolManagerImpl::CloseIdleSockets() {
162 // Close sockets in the highest level pools first, since higher level pools'
163 // sockets may release stuff to the lower level pools.
164 for (SSLSocketPoolMap::const_iterator it =
165 ssl_socket_pools_for_proxies_.begin();
166 it != ssl_socket_pools_for_proxies_.end();
168 it->second->CloseIdleSockets();
170 for (HTTPProxySocketPoolMap::const_iterator it =
171 http_proxy_socket_pools_.begin();
172 it != http_proxy_socket_pools_.end();
174 it->second->CloseIdleSockets();
176 for (SSLSocketPoolMap::const_iterator it =
177 ssl_socket_pools_for_https_proxies_.begin();
178 it != ssl_socket_pools_for_https_proxies_.end();
180 it->second->CloseIdleSockets();
182 for (TransportSocketPoolMap::const_iterator it =
183 transport_socket_pools_for_https_proxies_.begin();
184 it != transport_socket_pools_for_https_proxies_.end();
186 it->second->CloseIdleSockets();
188 for (TransportSocketPoolMap::const_iterator it =
189 transport_socket_pools_for_http_proxies_.begin();
190 it != transport_socket_pools_for_http_proxies_.end();
192 it->second->CloseIdleSockets();
194 for (SOCKSSocketPoolMap::const_iterator it =
195 socks_socket_pools_.begin();
196 it != socks_socket_pools_.end();
198 it->second->CloseIdleSockets();
200 for (TransportSocketPoolMap::const_iterator it =
201 transport_socket_pools_for_socks_proxies_.begin();
202 it != transport_socket_pools_for_socks_proxies_.end();
204 it->second->CloseIdleSockets();
206 ssl_socket_pool_->CloseIdleSockets();
207 transport_socket_pool_->CloseIdleSockets();
210 TransportClientSocketPool*
211 ClientSocketPoolManagerImpl::GetTransportSocketPool() {
212 return transport_socket_pool_.get();
215 SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSSLSocketPool() {
216 return ssl_socket_pool_.get();
219 SOCKSClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSOCKSProxy(
220 const HostPortPair& socks_proxy) {
221 SOCKSSocketPoolMap::const_iterator it = socks_socket_pools_.find(socks_proxy);
222 if (it != socks_socket_pools_.end()) {
223 DCHECK(ContainsKey(transport_socket_pools_for_socks_proxies_, socks_proxy));
227 DCHECK(!ContainsKey(transport_socket_pools_for_socks_proxies_, socks_proxy));
229 std::pair<TransportSocketPoolMap::iterator, bool> tcp_ret =
230 transport_socket_pools_for_socks_proxies_.insert(
233 new TransportClientSocketPool(
234 max_sockets_per_proxy_server(pool_type_),
235 max_sockets_per_group(pool_type_),
236 &transport_for_socks_pool_histograms_,
240 DCHECK(tcp_ret.second);
242 std::pair<SOCKSSocketPoolMap::iterator, bool> ret =
243 socks_socket_pools_.insert(
244 std::make_pair(socks_proxy, new SOCKSClientSocketPool(
245 max_sockets_per_proxy_server(pool_type_),
246 max_sockets_per_group(pool_type_),
247 &socks_pool_histograms_,
249 tcp_ret.first->second,
252 return ret.first->second;
255 HttpProxyClientSocketPool*
256 ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy(
257 const HostPortPair& http_proxy) {
258 HTTPProxySocketPoolMap::const_iterator it =
259 http_proxy_socket_pools_.find(http_proxy);
260 if (it != http_proxy_socket_pools_.end()) {
261 DCHECK(ContainsKey(transport_socket_pools_for_http_proxies_, http_proxy));
262 DCHECK(ContainsKey(transport_socket_pools_for_https_proxies_, http_proxy));
263 DCHECK(ContainsKey(ssl_socket_pools_for_https_proxies_, http_proxy));
267 DCHECK(!ContainsKey(transport_socket_pools_for_http_proxies_, http_proxy));
268 DCHECK(!ContainsKey(transport_socket_pools_for_https_proxies_, http_proxy));
269 DCHECK(!ContainsKey(ssl_socket_pools_for_https_proxies_, http_proxy));
271 std::pair<TransportSocketPoolMap::iterator, bool> tcp_http_ret =
272 transport_socket_pools_for_http_proxies_.insert(
275 new TransportClientSocketPool(
276 max_sockets_per_proxy_server(pool_type_),
277 max_sockets_per_group(pool_type_),
278 &transport_for_http_proxy_pool_histograms_,
282 DCHECK(tcp_http_ret.second);
284 std::pair<TransportSocketPoolMap::iterator, bool> tcp_https_ret =
285 transport_socket_pools_for_https_proxies_.insert(
288 new TransportClientSocketPool(
289 max_sockets_per_proxy_server(pool_type_),
290 max_sockets_per_group(pool_type_),
291 &transport_for_https_proxy_pool_histograms_,
295 DCHECK(tcp_https_ret.second);
297 std::pair<SSLSocketPoolMap::iterator, bool> ssl_https_ret =
298 ssl_socket_pools_for_https_proxies_.insert(std::make_pair(
300 new SSLClientSocketPool(max_sockets_per_proxy_server(pool_type_),
301 max_sockets_per_group(pool_type_),
302 &ssl_for_https_proxy_pool_histograms_,
306 transport_security_state_,
307 cert_transparency_verifier_,
308 ssl_session_cache_shard_,
310 tcp_https_ret.first->second /* https proxy */,
311 NULL /* no socks proxy */,
312 NULL /* no http proxy */,
313 ssl_config_service_.get(),
314 enable_ssl_connect_job_waiting_,
316 DCHECK(tcp_https_ret.second);
318 std::pair<HTTPProxySocketPoolMap::iterator, bool> ret =
319 http_proxy_socket_pools_.insert(
322 new HttpProxyClientSocketPool(
323 max_sockets_per_proxy_server(pool_type_),
324 max_sockets_per_group(pool_type_),
325 &http_proxy_pool_histograms_,
327 tcp_http_ret.first->second,
328 ssl_https_ret.first->second,
332 return ret.first->second;
335 SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy(
336 const HostPortPair& proxy_server) {
337 SSLSocketPoolMap::const_iterator it =
338 ssl_socket_pools_for_proxies_.find(proxy_server);
339 if (it != ssl_socket_pools_for_proxies_.end())
342 SSLClientSocketPool* new_pool = new SSLClientSocketPool(
343 max_sockets_per_proxy_server(pool_type_),
344 max_sockets_per_group(pool_type_),
345 &ssl_pool_histograms_,
349 transport_security_state_,
350 cert_transparency_verifier_,
351 ssl_session_cache_shard_,
353 NULL, /* no tcp pool, we always go through a proxy */
354 GetSocketPoolForSOCKSProxy(proxy_server),
355 GetSocketPoolForHTTPProxy(proxy_server),
356 ssl_config_service_.get(),
357 enable_ssl_connect_job_waiting_,
360 std::pair<SSLSocketPoolMap::iterator, bool> ret =
361 ssl_socket_pools_for_proxies_.insert(std::make_pair(proxy_server,
364 return ret.first->second;
367 base::Value* ClientSocketPoolManagerImpl::SocketPoolInfoToValue() const {
368 base::ListValue* list = new base::ListValue();
369 list->Append(transport_socket_pool_->GetInfoAsValue("transport_socket_pool",
370 "transport_socket_pool",
372 // Third parameter is false because |ssl_socket_pool_| uses
373 // |transport_socket_pool_| internally, and do not want to add it a second
375 list->Append(ssl_socket_pool_->GetInfoAsValue("ssl_socket_pool",
378 AddSocketPoolsToList(list,
379 http_proxy_socket_pools_,
380 "http_proxy_socket_pool",
382 AddSocketPoolsToList(list,
387 // Third parameter is false because |ssl_socket_pools_for_proxies_| use
388 // socket pools in |http_proxy_socket_pools_| and |socks_socket_pools_|.
389 AddSocketPoolsToList(list,
390 ssl_socket_pools_for_proxies_,
391 "ssl_socket_pool_for_proxies",
396 void ClientSocketPoolManagerImpl::OnCertAdded(const X509Certificate* cert) {
397 FlushSocketPoolsWithError(ERR_NETWORK_CHANGED);
400 void ClientSocketPoolManagerImpl::OnCACertChanged(
401 const X509Certificate* cert) {
402 // We should flush the socket pools if we removed trust from a
403 // cert, because a previously trusted server may have become
406 // We should not flush the socket pools if we added trust to a
409 // Since the OnCACertChanged method doesn't tell us what
410 // kind of change it is, we have to flush the socket
412 FlushSocketPoolsWithError(ERR_NETWORK_CHANGED);