projects / platform / framework / web / crosswalk.git / blob
? search:


7404ff34a4c4b658041026ef5db5b2758138e8ab
[platform/framework/web/crosswalk.git] / src / net / socket_stream / socket_stream.cc
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // TODO(ukai): code is similar with http_network_transaction.cc.  We should
6 //   think about ways to share code, if possible.
7
8 #include "net/socket_stream/socket_stream.h"
9
10 #include <set>
11 #include <string>
12 #include <vector>
13
14 #include "base/bind.h"
15 #include "base/bind_helpers.h"
16 #include "base/compiler_specific.h"
17 #include "base/logging.h"
18 #include "base/message_loop/message_loop.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/strings/utf_string_conversions.h"
22 #include "net/base/auth.h"
23 #include "net/base/io_buffer.h"
24 #include "net/base/net_errors.h"
25 #include "net/base/net_util.h"
26 #include "net/dns/host_resolver.h"
27 #include "net/http/http_auth_controller.h"
28 #include "net/http/http_network_session.h"
29 #include "net/http/http_request_headers.h"
30 #include "net/http/http_request_info.h"
31 #include "net/http/http_response_headers.h"
32 #include "net/http/http_stream_factory.h"
33 #include "net/http/http_transaction_factory.h"
34 #include "net/http/http_util.h"
35 #include "net/socket/client_socket_factory.h"
36 #include "net/socket/client_socket_handle.h"
37 #include "net/socket/socks5_client_socket.h"
38 #include "net/socket/socks_client_socket.h"
39 #include "net/socket/ssl_client_socket.h"
40 #include "net/socket/tcp_client_socket.h"
41 #include "net/socket_stream/socket_stream_metrics.h"
42 #include "net/ssl/ssl_cert_request_info.h"
43 #include "net/ssl/ssl_info.h"
44 #include "net/url_request/url_request.h"
45 #include "net/url_request/url_request_context.h"
46
47 static const int kMaxPendingSendAllowed = 32768;  // 32 kilobytes.
48 static const int kReadBufferSize = 4096;
49
50 namespace net {
51
52 int SocketStream::Delegate::OnStartOpenConnection(
53     SocketStream* socket, const CompletionCallback& callback) {
54   return OK;
55 }
56
57 void SocketStream::Delegate::OnAuthRequired(SocketStream* socket,
58                                             AuthChallengeInfo* auth_info) {
59   // By default, no credential is available and close the connection.
60   socket->Close();
61 }
62
63 void SocketStream::Delegate::OnSSLCertificateError(
64     SocketStream* socket,
65     const SSLInfo& ssl_info,
66     bool fatal) {
67   socket->CancelWithSSLError(ssl_info);
68 }
69
70 bool SocketStream::Delegate::CanGetCookies(SocketStream* socket,
71                                            const GURL& url) {
72   return true;
73 }
74
75 bool SocketStream::Delegate::CanSetCookie(SocketStream* request,
76                                           const GURL& url,
77                                           const std::string& cookie_line,
78                                           CookieOptions* options) {
79   return true;
80 }
81
82 SocketStream::ResponseHeaders::ResponseHeaders() : IOBuffer() {}
83
84 void SocketStream::ResponseHeaders::Realloc(size_t new_size) {
85   headers_.reset(static_cast<char*>(realloc(headers_.release(), new_size)));
86 }
87
88 SocketStream::ResponseHeaders::~ResponseHeaders() { data_ = NULL; }
89
90 SocketStream::SocketStream(const GURL& url, Delegate* delegate,
91                            URLRequestContext* context,
92                            CookieStore* cookie_store)
93     : delegate_(delegate),
94       url_(url),
95       max_pending_send_allowed_(kMaxPendingSendAllowed),
96       context_(context),
97       next_state_(STATE_NONE),
98       factory_(ClientSocketFactory::GetDefaultFactory()),
99       proxy_mode_(kDirectConnection),
100       proxy_url_(url),
101       pac_request_(NULL),
102       connection_(new ClientSocketHandle),
103       privacy_mode_(PRIVACY_MODE_DISABLED),
104       // Unretained() is required; without it, Bind() creates a circular
105       // dependency and the SocketStream object will not be freed.
106       io_callback_(base::Bind(&SocketStream::OnIOCompleted,
107                               base::Unretained(this))),
108       read_buf_(NULL),
109       current_write_buf_(NULL),
110       waiting_for_write_completion_(false),
111       closing_(false),
112       server_closed_(false),
113       metrics_(new SocketStreamMetrics(url)),
114       cookie_store_(cookie_store) {
115   DCHECK(base::MessageLoop::current())
116       << "The current base::MessageLoop must exist";
117   DCHECK(base::MessageLoopForIO::IsCurrent())
118       << "The current base::MessageLoop must be TYPE_IO";
119   DCHECK(delegate_);
120
121   if (context_) {
122     if (!cookie_store_)
123       cookie_store_ = context_->cookie_store();
124
125     net_log_ = BoundNetLog::Make(
126         context->net_log(),
127         NetLog::SOURCE_SOCKET_STREAM);
128
129     net_log_.BeginEvent(NetLog::TYPE_REQUEST_ALIVE);
130   }
131 }
132
133 SocketStream::UserData* SocketStream::GetUserData(
134     const void* key) const {
135   UserDataMap::const_iterator found = user_data_.find(key);
136   if (found != user_data_.end())
137     return found->second.get();
138   return NULL;
139 }
140
141 void SocketStream::SetUserData(const void* key, UserData* data) {
142   user_data_[key] = linked_ptr<UserData>(data);
143 }
144
145 bool SocketStream::is_secure() const {
146   return url_.SchemeIs("wss");
147 }
148
149 void SocketStream::DetachContext() {
150   if (!context_)
151     return;
152
153   if (pac_request_) {
154     context_->proxy_service()->CancelPacRequest(pac_request_);
155     pac_request_ = NULL;
156   }
157
158   net_log_.EndEvent(NetLog::TYPE_REQUEST_ALIVE);
159   net_log_ = BoundNetLog();
160
161   context_ = NULL;
162   cookie_store_ = NULL;
163 }
164
165 void SocketStream::CheckPrivacyMode() {
166   if (context_ && context_->network_delegate()) {
167     bool enable = context_->network_delegate()->CanEnablePrivacyMode(url_,
168                                                                      url_);
169     privacy_mode_ = enable ? PRIVACY_MODE_ENABLED : PRIVACY_MODE_DISABLED;
170     // Disable Channel ID if privacy mode is enabled.
171     if (enable)
172       server_ssl_config_.channel_id_enabled = false;
173   }
174 }
175
176 void SocketStream::Connect() {
177   DCHECK(base::MessageLoop::current())
178       << "The current base::MessageLoop must exist";
179   DCHECK(base::MessageLoopForIO::IsCurrent())
180       << "The current base::MessageLoop must be TYPE_IO";
181   if (context_) {
182     context_->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
183     proxy_ssl_config_ = server_ssl_config_;
184   }
185   CheckPrivacyMode();
186
187   DCHECK_EQ(next_state_, STATE_NONE);
188
189   AddRef();  // Released in Finish()
190   // Open a connection asynchronously, so that delegate won't be called
191   // back before returning Connect().
192   next_state_ = STATE_BEFORE_CONNECT;
193   net_log_.BeginEvent(
194       NetLog::TYPE_SOCKET_STREAM_CONNECT,
195       NetLog::StringCallback("url", &url_.possibly_invalid_spec()));
196   base::MessageLoop::current()->PostTask(
197       FROM_HERE, base::Bind(&SocketStream::DoLoop, this, OK));
198 }
199
200 size_t SocketStream::GetTotalSizeOfPendingWriteBufs() const {
201   size_t total_size = 0;
202   for (PendingDataQueue::const_iterator iter = pending_write_bufs_.begin();
203        iter != pending_write_bufs_.end();
204        ++iter)
205     total_size += (*iter)->size();
206   return total_size;
207 }
208
209 bool SocketStream::SendData(const char* data, int len) {
210   DCHECK(base::MessageLoop::current())
211       << "The current base::MessageLoop must exist";
212   DCHECK(base::MessageLoopForIO::IsCurrent())
213       << "The current base::MessageLoop must be TYPE_IO";
214   DCHECK_GT(len, 0);
215
216   if (!connection_->socket() ||
217       !connection_->socket()->IsConnected() || next_state_ == STATE_NONE) {
218     return false;
219   }
220
221   int total_buffered_bytes = len;
222   if (current_write_buf_.get()) {
223     // Since
224     // - the purpose of this check is to limit the amount of buffer used by
225     //   this instance.
226     // - the DrainableIOBuffer doesn't release consumed memory.
227     // we need to use not BytesRemaining() but size() here.
228     total_buffered_bytes += current_write_buf_->size();
229   }
230   total_buffered_bytes += GetTotalSizeOfPendingWriteBufs();
231   if (total_buffered_bytes > max_pending_send_allowed_)
232     return false;
233
234   // TODO(tyoshino): Split data into smaller chunks e.g. 8KiB to free consumed
235   // buffer progressively
236   pending_write_bufs_.push_back(make_scoped_refptr(
237       new IOBufferWithSize(len)));
238   memcpy(pending_write_bufs_.back()->data(), data, len);
239
240   // If current_write_buf_ is not NULL, it means that a) there's ongoing write
241   // operation or b) the connection is being closed. If a), the buffer we just
242   // pushed will be automatically handled when the completion callback runs
243   // the loop, and therefore we don't need to enqueue DoLoop(). If b), it's ok
244   // to do nothing. If current_write_buf_ is NULL, to make sure DoLoop() is
245   // ran soon, enequeue it.
246   if (!current_write_buf_.get()) {
247     // Send pending data asynchronously, so that delegate won't be called
248     // back before returning from SendData().
249     base::MessageLoop::current()->PostTask(
250         FROM_HERE, base::Bind(&SocketStream::DoLoop, this, OK));
251   }
252
253   return true;
254 }
255
256 void SocketStream::Close() {
257   DCHECK(base::MessageLoop::current())
258       << "The current base::MessageLoop must exist";
259   DCHECK(base::MessageLoopForIO::IsCurrent())
260       << "The current base::MessageLoop must be TYPE_IO";
261   // If next_state_ is STATE_NONE, the socket was not opened, or already
262   // closed.  So, return immediately.
263   // Otherwise, it might call Finish() more than once, so breaks balance
264   // of AddRef() and Release() in Connect() and Finish(), respectively.
265   if (next_state_ == STATE_NONE)
266     return;
267   base::MessageLoop::current()->PostTask(
268       FROM_HERE, base::Bind(&SocketStream::DoClose, this));
269 }
270
271 void SocketStream::RestartWithAuth(const AuthCredentials& credentials) {
272   DCHECK(base::MessageLoop::current())
273       << "The current base::MessageLoop must exist";
274   DCHECK(base::MessageLoopForIO::IsCurrent())
275       << "The current base::MessageLoop must be TYPE_IO";
276   DCHECK(proxy_auth_controller_.get());
277   if (!connection_->socket()) {
278     DVLOG(1) << "Socket is closed before restarting with auth.";
279     return;
280   }
281
282   proxy_auth_controller_->ResetAuth(credentials);
283
284   base::MessageLoop::current()->PostTask(
285       FROM_HERE, base::Bind(&SocketStream::DoRestartWithAuth, this));
286 }
287
288 void SocketStream::DetachDelegate() {
289   if (!delegate_)
290     return;
291   delegate_ = NULL;
292   // Prevent the rest of the function from executing if we are being called from
293   // within Finish().
294   if (next_state_ == STATE_NONE)
295     return;
296   net_log_.AddEvent(NetLog::TYPE_CANCELLED);
297   // We don't need to send pending data when client detach the delegate.
298   pending_write_bufs_.clear();
299   Close();
300 }
301
302 const ProxyServer& SocketStream::proxy_server() const {
303   return proxy_info_.proxy_server();
304 }
305
306 void SocketStream::SetClientSocketFactory(
307     ClientSocketFactory* factory) {
308   DCHECK(factory);
309   factory_ = factory;
310 }
311
312 void SocketStream::CancelWithError(int error) {
313   base::MessageLoop::current()->PostTask(
314       FROM_HERE, base::Bind(&SocketStream::DoLoop, this, error));
315 }
316
317 void SocketStream::CancelWithSSLError(const SSLInfo& ssl_info) {
318   CancelWithError(MapCertStatusToNetError(ssl_info.cert_status));
319 }
320
321 void SocketStream::ContinueDespiteError() {
322   base::MessageLoop::current()->PostTask(
323       FROM_HERE, base::Bind(&SocketStream::DoLoop, this, OK));
324 }
325
326 SocketStream::~SocketStream() {
327   DetachContext();
328   DCHECK(!delegate_);
329   DCHECK(!pac_request_);
330 }
331
332 SocketStream::RequestHeaders::~RequestHeaders() { data_ = NULL; }
333
334 void SocketStream::set_addresses(const AddressList& addresses) {
335   addresses_ = addresses;
336 }
337
338 void SocketStream::DoClose() {
339   closing_ = true;
340   // If next_state_ is:
341   // - STATE_TCP_CONNECT_COMPLETE, it's waiting other socket establishing
342   //   connection.
343   // - STATE_AUTH_REQUIRED, it's waiting for restarting.
344   // - STATE_RESOLVE_PROTOCOL_COMPLETE, it's waiting for delegate_ to finish
345   //   OnStartOpenConnection method call
346   // In these states, we'll close the SocketStream now.
347   if (next_state_ == STATE_TCP_CONNECT_COMPLETE ||
348       next_state_ == STATE_AUTH_REQUIRED ||
349       next_state_ == STATE_RESOLVE_PROTOCOL_COMPLETE) {
350     DoLoop(ERR_ABORTED);
351     return;
352   }
353   // If next_state_ is STATE_READ_WRITE, we'll run DoLoop and close
354   // the SocketStream.
355   // If it's writing now, we should defer the closing after the current
356   // writing is completed.
357   if (next_state_ == STATE_READ_WRITE && !current_write_buf_.get())
358     DoLoop(ERR_ABORTED);
359
360   // In other next_state_, we'll wait for callback of other APIs, such as
361   // ResolveProxy().
362 }
363
364 void SocketStream::Finish(int result) {
365   DCHECK(base::MessageLoop::current())
366       << "The current base::MessageLoop must exist";
367   DCHECK(base::MessageLoopForIO::IsCurrent())
368       << "The current base::MessageLoop must be TYPE_IO";
369   DCHECK_LE(result, OK);
370   if (result == OK)
371     result = ERR_CONNECTION_CLOSED;
372   DCHECK_EQ(next_state_, STATE_NONE);
373   DVLOG(1) << "Finish result=" << ErrorToString(result);
374
375   metrics_->OnClose();
376
377   if (result != ERR_CONNECTION_CLOSED && delegate_)
378     delegate_->OnError(this, result);
379   if (result != ERR_PROTOCOL_SWITCHED && delegate_)
380     delegate_->OnClose(this);
381   delegate_ = NULL;
382
383   Release();
384 }
385
386 int SocketStream::DidEstablishConnection() {
387   if (!connection_->socket() || !connection_->socket()->IsConnected()) {
388     next_state_ = STATE_CLOSE;
389     return ERR_CONNECTION_FAILED;
390   }
391   next_state_ = STATE_READ_WRITE;
392   metrics_->OnConnected();
393
394   net_log_.EndEvent(NetLog::TYPE_SOCKET_STREAM_CONNECT);
395   if (delegate_)
396     delegate_->OnConnected(this, max_pending_send_allowed_);
397
398   return OK;
399 }
400
401 int SocketStream::DidReceiveData(int result) {
402   DCHECK(read_buf_.get());
403   DCHECK_GT(result, 0);
404   net_log_.AddEvent(NetLog::TYPE_SOCKET_STREAM_RECEIVED);
405   int len = result;
406   metrics_->OnRead(len);
407   if (delegate_) {
408     // Notify recevied data to delegate.
409     delegate_->OnReceivedData(this, read_buf_->data(), len);
410   }
411   read_buf_ = NULL;
412   return OK;
413 }
414
415 void SocketStream::DidSendData(int result) {
416   DCHECK_GT(result, 0);
417   DCHECK(current_write_buf_.get());
418   net_log_.AddEvent(NetLog::TYPE_SOCKET_STREAM_SENT);
419
420   int bytes_sent = result;
421
422   metrics_->OnWrite(bytes_sent);
423
424   current_write_buf_->DidConsume(result);
425
426   if (current_write_buf_->BytesRemaining())
427     return;
428
429   size_t bytes_freed = current_write_buf_->size();
430
431   current_write_buf_ = NULL;
432
433   // We freed current_write_buf_ and this instance is now able to accept more
434   // data via SendData() (note that DidConsume() doesn't free consumed memory).
435   // We can tell that to delegate_ by calling OnSentData().
436   if (delegate_)
437     delegate_->OnSentData(this, bytes_freed);
438 }
439
440 void SocketStream::OnIOCompleted(int result) {
441   DoLoop(result);
442 }
443
444 void SocketStream::OnReadCompleted(int result) {
445   if (result == 0) {
446     // 0 indicates end-of-file, so socket was closed.
447     // Don't close the socket if it's still writing.
448     server_closed_ = true;
449   } else if (result > 0 && read_buf_.get()) {
450     result = DidReceiveData(result);
451   }
452   DoLoop(result);
453 }
454
455 void SocketStream::OnWriteCompleted(int result) {
456   waiting_for_write_completion_ = false;
457   if (result > 0) {
458     DidSendData(result);
459     result = OK;
460   }
461   DoLoop(result);
462 }
463
464 void SocketStream::DoLoop(int result) {
465   if (next_state_ == STATE_NONE)
466     return;
467
468   // If context was not set, close immediately.
469   if (!context_)
470     next_state_ = STATE_CLOSE;
471
472   do {
473     State state = next_state_;
474     next_state_ = STATE_NONE;
475     switch (state) {
476       case STATE_BEFORE_CONNECT:
477         DCHECK_EQ(OK, result);
478         result = DoBeforeConnect();
479         break;
480       case STATE_BEFORE_CONNECT_COMPLETE:
481         result = DoBeforeConnectComplete(result);
482         break;
483       case STATE_RESOLVE_PROXY:
484         DCHECK_EQ(OK, result);
485         result = DoResolveProxy();
486         break;
487       case STATE_RESOLVE_PROXY_COMPLETE:
488         result = DoResolveProxyComplete(result);
489         break;
490       case STATE_RESOLVE_HOST:
491         DCHECK_EQ(OK, result);
492         result = DoResolveHost();
493         break;
494       case STATE_RESOLVE_HOST_COMPLETE:
495         result = DoResolveHostComplete(result);
496         break;
497       case STATE_RESOLVE_PROTOCOL:
498         result = DoResolveProtocol(result);
499         break;
500       case STATE_RESOLVE_PROTOCOL_COMPLETE:
501         result = DoResolveProtocolComplete(result);
502         break;
503       case STATE_TCP_CONNECT:
504         result = DoTcpConnect(result);
505         break;
506       case STATE_TCP_CONNECT_COMPLETE:
507         result = DoTcpConnectComplete(result);
508         break;
509       case STATE_GENERATE_PROXY_AUTH_TOKEN:
510         result = DoGenerateProxyAuthToken();
511         break;
512       case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
513         result = DoGenerateProxyAuthTokenComplete(result);
514         break;
515       case STATE_WRITE_TUNNEL_HEADERS:
516         DCHECK_EQ(OK, result);
517         result = DoWriteTunnelHeaders();
518         break;
519       case STATE_WRITE_TUNNEL_HEADERS_COMPLETE:
520         result = DoWriteTunnelHeadersComplete(result);
521         break;
522       case STATE_READ_TUNNEL_HEADERS:
523         DCHECK_EQ(OK, result);
524         result = DoReadTunnelHeaders();
525         break;
526       case STATE_READ_TUNNEL_HEADERS_COMPLETE:
527         result = DoReadTunnelHeadersComplete(result);
528         break;
529       case STATE_SOCKS_CONNECT:
530         DCHECK_EQ(OK, result);
531         result = DoSOCKSConnect();
532         break;
533       case STATE_SOCKS_CONNECT_COMPLETE:
534         result = DoSOCKSConnectComplete(result);
535         break;
536       case STATE_SECURE_PROXY_CONNECT:
537         DCHECK_EQ(OK, result);
538         result = DoSecureProxyConnect();
539         break;
540       case STATE_SECURE_PROXY_CONNECT_COMPLETE:
541         result = DoSecureProxyConnectComplete(result);
542         break;
543       case STATE_SECURE_PROXY_HANDLE_CERT_ERROR:
544         result = DoSecureProxyHandleCertError(result);
545         break;
546       case STATE_SECURE_PROXY_HANDLE_CERT_ERROR_COMPLETE:
547         result = DoSecureProxyHandleCertErrorComplete(result);
548         break;
549       case STATE_SSL_CONNECT:
550         DCHECK_EQ(OK, result);
551         result = DoSSLConnect();
552         break;
553       case STATE_SSL_CONNECT_COMPLETE:
554         result = DoSSLConnectComplete(result);
555         break;
556       case STATE_SSL_HANDLE_CERT_ERROR:
557         result = DoSSLHandleCertError(result);
558         break;
559       case STATE_SSL_HANDLE_CERT_ERROR_COMPLETE:
560         result = DoSSLHandleCertErrorComplete(result);
561         break;
562       case STATE_READ_WRITE:
563         result = DoReadWrite(result);
564         break;
565       case STATE_AUTH_REQUIRED:
566         // It might be called when DoClose is called while waiting in
567         // STATE_AUTH_REQUIRED.
568         Finish(result);
569         return;
570       case STATE_CLOSE:
571         DCHECK_LE(result, OK);
572         Finish(result);
573         return;
574       default:
575         NOTREACHED() << "bad state " << state;
576         Finish(result);
577         return;
578     }
579     if (state == STATE_RESOLVE_PROTOCOL && result == ERR_PROTOCOL_SWITCHED)
580       continue;
581     // If the connection is not established yet and had actual errors,
582     // record the error.  In next iteration, it will close the connection.
583     if (state != STATE_READ_WRITE && result < ERR_IO_PENDING) {
584       net_log_.EndEventWithNetErrorCode(
585           NetLog::TYPE_SOCKET_STREAM_CONNECT, result);
586     }
587   } while (result != ERR_IO_PENDING);
588 }
589
590 int SocketStream::DoBeforeConnect() {
591   next_state_ = STATE_BEFORE_CONNECT_COMPLETE;
592   if (!context_ || !context_->network_delegate())
593     return OK;
594
595   int result = context_->network_delegate()->NotifyBeforeSocketStreamConnect(
596       this, io_callback_);
597   if (result != OK && result != ERR_IO_PENDING)
598     next_state_ = STATE_CLOSE;
599
600   return result;
601 }
602
603 int SocketStream::DoBeforeConnectComplete(int result) {
604   DCHECK_NE(ERR_IO_PENDING, result);
605
606   if (result == OK)
607     next_state_ = STATE_RESOLVE_PROXY;
608   else
609     next_state_ = STATE_CLOSE;
610
611   return result;
612 }
613
614 int SocketStream::DoResolveProxy() {
615   DCHECK(context_);
616   DCHECK(!pac_request_);
617   next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
618
619   if (!proxy_url_.is_valid()) {
620     next_state_ = STATE_CLOSE;
621     return ERR_INVALID_ARGUMENT;
622   }
623
624   // TODO(toyoshim): Check server advertisement of SPDY through the HTTP
625   // Alternate-Protocol header, then switch to SPDY if SPDY is available.
626   // Usually we already have a session to the SPDY server because JavaScript
627   // running WebSocket itself would be served by SPDY. But, in some situation
628   // (E.g. Used by Chrome Extensions or used for cross origin connection), this
629   // connection might be the first one. At that time, we should check
630   // Alternate-Protocol header here for ws:// or TLS NPN extension for wss:// .
631
632   return context_->proxy_service()->ResolveProxy(
633       proxy_url_, &proxy_info_, io_callback_, &pac_request_, net_log_);
634 }
635
636 int SocketStream::DoResolveProxyComplete(int result) {
637   pac_request_ = NULL;
638   if (result != OK) {
639     DVLOG(1) << "Failed to resolve proxy: " << result;
640     if (delegate_)
641       delegate_->OnError(this, result);
642     proxy_info_.UseDirect();
643   }
644   if (proxy_info_.is_direct()) {
645     // If proxy was not found for original URL (i.e. websocket URL),
646     // try again with https URL, like Safari implementation.
647     // Note that we don't want to use http proxy, because we'll use tunnel
648     // proxy using CONNECT method, which is used by https proxy.
649     if (!proxy_url_.SchemeIs("https")) {
650       const std::string scheme = "https";
651       GURL::Replacements repl;
652       repl.SetSchemeStr(scheme);
653       proxy_url_ = url_.ReplaceComponents(repl);
654       DVLOG(1) << "Try https proxy: " << proxy_url_;
655       next_state_ = STATE_RESOLVE_PROXY;
656       return OK;
657     }
658   }
659
660   if (proxy_info_.is_empty()) {
661     // No proxies/direct to choose from. This happens when we don't support any
662     // of the proxies in the returned list.
663     return ERR_NO_SUPPORTED_PROXIES;
664   }
665
666   next_state_ = STATE_RESOLVE_HOST;
667   return OK;
668 }
669
670 int SocketStream::DoResolveHost() {
671   next_state_ = STATE_RESOLVE_HOST_COMPLETE;
672
673   DCHECK(!proxy_info_.is_empty());
674   if (proxy_info_.is_direct())
675     proxy_mode_ = kDirectConnection;
676   else if (proxy_info_.proxy_server().is_socks())
677     proxy_mode_ = kSOCKSProxy;
678   else
679     proxy_mode_ = kTunnelProxy;
680
681   // Determine the host and port to connect to.
682   HostPortPair host_port_pair;
683   if (proxy_mode_ != kDirectConnection) {
684     host_port_pair = proxy_info_.proxy_server().host_port_pair();
685   } else {
686     host_port_pair = HostPortPair::FromURL(url_);
687   }
688
689   HostResolver::RequestInfo resolve_info(host_port_pair);
690
691   DCHECK(context_->host_resolver());
692   resolver_.reset(new SingleRequestHostResolver(context_->host_resolver()));
693   return resolver_->Resolve(resolve_info,
694                             DEFAULT_PRIORITY,
695                             &addresses_,
696                             base::Bind(&SocketStream::OnIOCompleted, this),
697                             net_log_);
698 }
699
700 int SocketStream::DoResolveHostComplete(int result) {
701   if (result == OK)
702     next_state_ = STATE_RESOLVE_PROTOCOL;
703   else
704     next_state_ = STATE_CLOSE;
705   // TODO(ukai): if error occured, reconsider proxy after error.
706   return result;
707 }
708
709 int SocketStream::DoResolveProtocol(int result) {
710   DCHECK_EQ(OK, result);
711
712   if (!delegate_) {
713     next_state_ = STATE_CLOSE;
714     return result;
715   }
716
717   next_state_ = STATE_RESOLVE_PROTOCOL_COMPLETE;
718   result = delegate_->OnStartOpenConnection(this, io_callback_);
719   if (result == ERR_IO_PENDING)
720     metrics_->OnWaitConnection();
721   else if (result != OK && result != ERR_PROTOCOL_SWITCHED)
722     next_state_ = STATE_CLOSE;
723   return result;
724 }
725
726 int SocketStream::DoResolveProtocolComplete(int result) {
727   DCHECK_NE(ERR_IO_PENDING, result);
728
729   if (result == ERR_PROTOCOL_SWITCHED) {
730     next_state_ = STATE_CLOSE;
731     metrics_->OnCountWireProtocolType(
732         SocketStreamMetrics::WIRE_PROTOCOL_SPDY);
733   } else if (result == OK) {
734     next_state_ = STATE_TCP_CONNECT;
735     metrics_->OnCountWireProtocolType(
736         SocketStreamMetrics::WIRE_PROTOCOL_WEBSOCKET);
737   } else {
738     next_state_ = STATE_CLOSE;
739   }
740   return result;
741 }
742
743 int SocketStream::DoTcpConnect(int result) {
744   if (result != OK) {
745     next_state_ = STATE_CLOSE;
746     return result;
747   }
748   next_state_ = STATE_TCP_CONNECT_COMPLETE;
749   DCHECK(factory_);
750   connection_->SetSocket(
751       factory_->CreateTransportClientSocket(addresses_,
752                                             net_log_.net_log(),
753                                             net_log_.source()));
754   metrics_->OnStartConnection();
755   return connection_->socket()->Connect(io_callback_);
756 }
757
758 int SocketStream::DoTcpConnectComplete(int result) {
759   // TODO(ukai): if error occured, reconsider proxy after error.
760   if (result != OK) {
761     next_state_ = STATE_CLOSE;
762     return result;
763   }
764
765   if (proxy_mode_ == kTunnelProxy) {
766     if (proxy_info_.is_https())
767       next_state_ = STATE_SECURE_PROXY_CONNECT;
768     else
769       next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
770   } else if (proxy_mode_ == kSOCKSProxy) {
771     next_state_ = STATE_SOCKS_CONNECT;
772   } else if (is_secure()) {
773     next_state_ = STATE_SSL_CONNECT;
774   } else {
775     result = DidEstablishConnection();
776   }
777   return result;
778 }
779
780 int SocketStream::DoGenerateProxyAuthToken() {
781   next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
782   if (!proxy_auth_controller_.get()) {
783     DCHECK(context_);
784     DCHECK(context_->http_transaction_factory());
785     DCHECK(context_->http_transaction_factory()->GetSession());
786     HttpNetworkSession* session =
787         context_->http_transaction_factory()->GetSession();
788     const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
789     GURL auth_url(scheme +
790                   proxy_info_.proxy_server().host_port_pair().ToString());
791     proxy_auth_controller_ =
792         new HttpAuthController(HttpAuth::AUTH_PROXY,
793                                auth_url,
794                                session->http_auth_cache(),
795                                session->http_auth_handler_factory());
796   }
797   HttpRequestInfo request_info;
798   request_info.url = url_;
799   request_info.method = "CONNECT";
800   return proxy_auth_controller_->MaybeGenerateAuthToken(
801       &request_info, io_callback_, net_log_);
802 }
803
804 int SocketStream::DoGenerateProxyAuthTokenComplete(int result) {
805   if (result != OK) {
806     next_state_ = STATE_CLOSE;
807     return result;
808   }
809
810   next_state_ = STATE_WRITE_TUNNEL_HEADERS;
811   return result;
812 }
813
814 int SocketStream::DoWriteTunnelHeaders() {
815   DCHECK_EQ(kTunnelProxy, proxy_mode_);
816
817   next_state_ = STATE_WRITE_TUNNEL_HEADERS_COMPLETE;
818
819   if (!tunnel_request_headers_.get()) {
820     metrics_->OnCountConnectionType(SocketStreamMetrics::TUNNEL_CONNECTION);
821     tunnel_request_headers_ = new RequestHeaders();
822     tunnel_request_headers_bytes_sent_ = 0;
823   }
824   if (tunnel_request_headers_->headers_.empty()) {
825     HttpRequestHeaders request_headers;
826     request_headers.SetHeader("Host", GetHostAndOptionalPort(url_));
827     request_headers.SetHeader("Proxy-Connection", "keep-alive");
828     if (proxy_auth_controller_.get() && proxy_auth_controller_->HaveAuth())
829       proxy_auth_controller_->AddAuthorizationHeader(&request_headers);
830     tunnel_request_headers_->headers_ = base::StringPrintf(
831         "CONNECT %s HTTP/1.1\r\n"
832         "%s",
833         GetHostAndPort(url_).c_str(),
834         request_headers.ToString().c_str());
835   }
836   tunnel_request_headers_->SetDataOffset(tunnel_request_headers_bytes_sent_);
837   int buf_len = static_cast<int>(tunnel_request_headers_->headers_.size() -
838                                  tunnel_request_headers_bytes_sent_);
839   DCHECK_GT(buf_len, 0);
840   return connection_->socket()->Write(
841       tunnel_request_headers_.get(), buf_len, io_callback_);
842 }
843
844 int SocketStream::DoWriteTunnelHeadersComplete(int result) {
845   DCHECK_EQ(kTunnelProxy, proxy_mode_);
846
847   if (result < 0) {
848     next_state_ = STATE_CLOSE;
849     return result;
850   }
851
852   tunnel_request_headers_bytes_sent_ += result;
853   if (tunnel_request_headers_bytes_sent_ <
854       tunnel_request_headers_->headers_.size()) {
855     next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
856   } else {
857     // Handling a cert error or a client cert request requires reconnection.
858     // DoWriteTunnelHeaders() will be called again.
859     // Thus |tunnel_request_headers_bytes_sent_| should be reset to 0 for
860     // sending |tunnel_request_headers_| correctly.
861     tunnel_request_headers_bytes_sent_ = 0;
862     next_state_ = STATE_READ_TUNNEL_HEADERS;
863   }
864   return OK;
865 }
866
867 int SocketStream::DoReadTunnelHeaders() {
868   DCHECK_EQ(kTunnelProxy, proxy_mode_);
869
870   next_state_ = STATE_READ_TUNNEL_HEADERS_COMPLETE;
871
872   if (!tunnel_response_headers_.get()) {
873     tunnel_response_headers_ = new ResponseHeaders();
874     tunnel_response_headers_capacity_ = kMaxTunnelResponseHeadersSize;
875     tunnel_response_headers_->Realloc(tunnel_response_headers_capacity_);
876     tunnel_response_headers_len_ = 0;
877   }
878
879   int buf_len = tunnel_response_headers_capacity_ -
880       tunnel_response_headers_len_;
881   tunnel_response_headers_->SetDataOffset(tunnel_response_headers_len_);
882   CHECK(tunnel_response_headers_->data());
883
884   return connection_->socket()->Read(
885       tunnel_response_headers_.get(), buf_len, io_callback_);
886 }
887
888 int SocketStream::DoReadTunnelHeadersComplete(int result) {
889   DCHECK_EQ(kTunnelProxy, proxy_mode_);
890
891   if (result < 0) {
892     next_state_ = STATE_CLOSE;
893     return result;
894   }
895
896   if (result == 0) {
897     // 0 indicates end-of-file, so socket was closed.
898     next_state_ = STATE_CLOSE;
899     return ERR_CONNECTION_CLOSED;
900   }
901
902   tunnel_response_headers_len_ += result;
903   DCHECK(tunnel_response_headers_len_ <= tunnel_response_headers_capacity_);
904
905   int eoh = HttpUtil::LocateEndOfHeaders(
906       tunnel_response_headers_->headers(), tunnel_response_headers_len_, 0);
907   if (eoh == -1) {
908     if (tunnel_response_headers_len_ >= kMaxTunnelResponseHeadersSize) {
909       next_state_ = STATE_CLOSE;
910       return ERR_RESPONSE_HEADERS_TOO_BIG;
911     }
912
913     next_state_ = STATE_READ_TUNNEL_HEADERS;
914     return OK;
915   }
916   // DidReadResponseHeaders
917   scoped_refptr<HttpResponseHeaders> headers;
918   headers = new HttpResponseHeaders(
919       HttpUtil::AssembleRawHeaders(tunnel_response_headers_->headers(), eoh));
920   if (headers->GetParsedHttpVersion() < HttpVersion(1, 0)) {
921     // Require the "HTTP/1.x" status line.
922     next_state_ = STATE_CLOSE;
923     return ERR_TUNNEL_CONNECTION_FAILED;
924   }
925   switch (headers->response_code()) {
926     case 200:  // OK
927       if (is_secure()) {
928         DCHECK_EQ(eoh, tunnel_response_headers_len_);
929         next_state_ = STATE_SSL_CONNECT;
930       } else {
931         result = DidEstablishConnection();
932         if (result < 0) {
933           next_state_ = STATE_CLOSE;
934           return result;
935         }
936         if ((eoh < tunnel_response_headers_len_) && delegate_)
937           delegate_->OnReceivedData(
938               this, tunnel_response_headers_->headers() + eoh,
939               tunnel_response_headers_len_ - eoh);
940       }
941       return OK;
942     case 407:  // Proxy Authentication Required.
943       if (proxy_mode_ != kTunnelProxy)
944         return ERR_UNEXPECTED_PROXY_AUTH;
945
946       result = proxy_auth_controller_->HandleAuthChallenge(
947           headers, false, true, net_log_);
948       if (result != OK)
949         return result;
950       DCHECK(!proxy_info_.is_empty());
951       next_state_ = STATE_AUTH_REQUIRED;
952       if (proxy_auth_controller_->HaveAuth()) {
953         base::MessageLoop::current()->PostTask(
954             FROM_HERE, base::Bind(&SocketStream::DoRestartWithAuth, this));
955         return ERR_IO_PENDING;
956       }
957       if (delegate_) {
958         // Wait until RestartWithAuth or Close is called.
959         base::MessageLoop::current()->PostTask(
960             FROM_HERE, base::Bind(&SocketStream::DoAuthRequired, this));
961         return ERR_IO_PENDING;
962       }
963       break;
964     default:
965       break;
966   }
967   next_state_ = STATE_CLOSE;
968   return ERR_TUNNEL_CONNECTION_FAILED;
969 }
970
971 int SocketStream::DoSOCKSConnect() {
972   DCHECK_EQ(kSOCKSProxy, proxy_mode_);
973
974   next_state_ = STATE_SOCKS_CONNECT_COMPLETE;
975
976   HostResolver::RequestInfo req_info(HostPortPair::FromURL(url_));
977
978   DCHECK(!proxy_info_.is_empty());
979   scoped_ptr<StreamSocket> s;
980   if (proxy_info_.proxy_server().scheme() == ProxyServer::SCHEME_SOCKS5) {
981     s.reset(new SOCKS5ClientSocket(connection_.Pass(), req_info));
982   } else {
983     s.reset(new SOCKSClientSocket(connection_.Pass(),
984                                   req_info,
985                                   DEFAULT_PRIORITY,
986                                   context_->host_resolver()));
987   }
988   connection_.reset(new ClientSocketHandle);
989   connection_->SetSocket(s.Pass());
990   metrics_->OnCountConnectionType(SocketStreamMetrics::SOCKS_CONNECTION);
991   return connection_->socket()->Connect(io_callback_);
992 }
993
994 int SocketStream::DoSOCKSConnectComplete(int result) {
995   DCHECK_EQ(kSOCKSProxy, proxy_mode_);
996
997   if (result == OK) {
998     if (is_secure())
999       next_state_ = STATE_SSL_CONNECT;
1000     else
1001       result = DidEstablishConnection();
1002   } else {
1003     next_state_ = STATE_CLOSE;
1004   }
1005   return result;
1006 }
1007
1008 int SocketStream::DoSecureProxyConnect() {
1009   DCHECK(factory_);
1010   SSLClientSocketContext ssl_context;
1011   ssl_context.cert_verifier = context_->cert_verifier();
1012   ssl_context.transport_security_state = context_->transport_security_state();
1013   ssl_context.server_bound_cert_service = context_->server_bound_cert_service();
1014   scoped_ptr<StreamSocket> socket(factory_->CreateSSLClientSocket(
1015       connection_.Pass(),
1016       proxy_info_.proxy_server().host_port_pair(),
1017       proxy_ssl_config_,
1018       ssl_context));
1019   connection_.reset(new ClientSocketHandle);
1020   connection_->SetSocket(socket.Pass());
1021   next_state_ = STATE_SECURE_PROXY_CONNECT_COMPLETE;
1022   metrics_->OnCountConnectionType(SocketStreamMetrics::SECURE_PROXY_CONNECTION);
1023   return connection_->socket()->Connect(io_callback_);
1024 }
1025
1026 int SocketStream::DoSecureProxyConnectComplete(int result) {
1027   DCHECK_EQ(STATE_NONE, next_state_);
1028   // Reconnect with client authentication.
1029   if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED)
1030     return HandleCertificateRequest(result, &proxy_ssl_config_);
1031
1032   if (IsCertificateError(result))
1033     next_state_ = STATE_SECURE_PROXY_HANDLE_CERT_ERROR;
1034   else if (result == OK)
1035     next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
1036   else
1037     next_state_ = STATE_CLOSE;
1038   return result;
1039 }
1040
1041 int SocketStream::DoSecureProxyHandleCertError(int result) {
1042   DCHECK_EQ(STATE_NONE, next_state_);
1043   DCHECK(IsCertificateError(result));
1044   result = HandleCertificateError(result);
1045   if (result == ERR_IO_PENDING)
1046     next_state_ = STATE_SECURE_PROXY_HANDLE_CERT_ERROR_COMPLETE;
1047   else
1048     next_state_ = STATE_CLOSE;
1049   return result;
1050 }
1051
1052 int SocketStream::DoSecureProxyHandleCertErrorComplete(int result) {
1053   DCHECK_EQ(STATE_NONE, next_state_);
1054   if (result == OK) {
1055     if (!connection_->socket()->IsConnectedAndIdle())
1056       return AllowCertErrorForReconnection(&proxy_ssl_config_);
1057     next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
1058   } else {
1059     next_state_ = STATE_CLOSE;
1060   }
1061   return result;
1062 }
1063
1064 int SocketStream::DoSSLConnect() {
1065   DCHECK(factory_);
1066   SSLClientSocketContext ssl_context;
1067   ssl_context.cert_verifier = context_->cert_verifier();
1068   ssl_context.transport_security_state = context_->transport_security_state();
1069   ssl_context.server_bound_cert_service = context_->server_bound_cert_service();
1070   scoped_ptr<StreamSocket> socket(
1071       factory_->CreateSSLClientSocket(connection_.Pass(),
1072                                       HostPortPair::FromURL(url_),
1073                                       server_ssl_config_,
1074                                       ssl_context));
1075   connection_.reset(new ClientSocketHandle);
1076   connection_->SetSocket(socket.Pass());
1077   next_state_ = STATE_SSL_CONNECT_COMPLETE;
1078   metrics_->OnCountConnectionType(SocketStreamMetrics::SSL_CONNECTION);
1079   return connection_->socket()->Connect(io_callback_);
1080 }
1081
1082 int SocketStream::DoSSLConnectComplete(int result) {
1083   DCHECK_EQ(STATE_NONE, next_state_);
1084   // Reconnect with client authentication.
1085   if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED)
1086     return HandleCertificateRequest(result, &server_ssl_config_);
1087
1088   if (IsCertificateError(result))
1089     next_state_ = STATE_SSL_HANDLE_CERT_ERROR;
1090   else if (result == OK)
1091     result = DidEstablishConnection();
1092   else
1093     next_state_ = STATE_CLOSE;
1094   return result;
1095 }
1096
1097 int SocketStream::DoSSLHandleCertError(int result) {
1098   DCHECK_EQ(STATE_NONE, next_state_);
1099   DCHECK(IsCertificateError(result));
1100   result = HandleCertificateError(result);
1101   if (result == OK || result == ERR_IO_PENDING)
1102     next_state_ = STATE_SSL_HANDLE_CERT_ERROR_COMPLETE;
1103   else
1104     next_state_ = STATE_CLOSE;
1105   return result;
1106 }
1107
1108 int SocketStream::DoSSLHandleCertErrorComplete(int result) {
1109   DCHECK_EQ(STATE_NONE, next_state_);
1110   // TODO(toyoshim): Upgrade to SPDY through TLS NPN extension if possible.
1111   // If we use HTTPS and this is the first connection to the SPDY server,
1112   // we should take care of TLS NPN extension here.
1113
1114   if (result == OK) {
1115     if (!connection_->socket()->IsConnectedAndIdle())
1116       return AllowCertErrorForReconnection(&server_ssl_config_);
1117     result = DidEstablishConnection();
1118   } else {
1119     next_state_ = STATE_CLOSE;
1120   }
1121   return result;
1122 }
1123
1124 int SocketStream::DoReadWrite(int result) {
1125   if (result < OK) {
1126     next_state_ = STATE_CLOSE;
1127     return result;
1128   }
1129   if (!connection_->socket() || !connection_->socket()->IsConnected()) {
1130     next_state_ = STATE_CLOSE;
1131     return ERR_CONNECTION_CLOSED;
1132   }
1133
1134   // If client has requested close(), and there's nothing to write, then
1135   // let's close the socket.
1136   // We don't care about receiving data after the socket is closed.
1137   if (closing_ && !current_write_buf_.get() && pending_write_bufs_.empty()) {
1138     connection_->socket()->Disconnect();
1139     next_state_ = STATE_CLOSE;
1140     return OK;
1141   }
1142
1143   next_state_ = STATE_READ_WRITE;
1144
1145   // If server already closed the socket, we don't try to read.
1146   if (!server_closed_) {
1147     if (!read_buf_.get()) {
1148       // No read pending and server didn't close the socket.
1149       read_buf_ = new IOBuffer(kReadBufferSize);
1150       result = connection_->socket()->Read(
1151           read_buf_.get(),
1152           kReadBufferSize,
1153           base::Bind(&SocketStream::OnReadCompleted, base::Unretained(this)));
1154       if (result > 0) {
1155         return DidReceiveData(result);
1156       } else if (result == 0) {
1157         // 0 indicates end-of-file, so socket was closed.
1158         next_state_ = STATE_CLOSE;
1159         server_closed_ = true;
1160         return ERR_CONNECTION_CLOSED;
1161       }
1162       // If read is pending, try write as well.
1163       // Otherwise, return the result and do next loop (to close the
1164       // connection).
1165       if (result != ERR_IO_PENDING) {
1166         next_state_ = STATE_CLOSE;
1167         server_closed_ = true;
1168         return result;
1169       }
1170     }
1171     // Read is pending.
1172     DCHECK(read_buf_.get());
1173   }
1174
1175   if (waiting_for_write_completion_)
1176     return ERR_IO_PENDING;
1177
1178   if (!current_write_buf_.get()) {
1179     if (pending_write_bufs_.empty()) {
1180       // Nothing buffered for send.
1181       return ERR_IO_PENDING;
1182     }
1183
1184     current_write_buf_ = new DrainableIOBuffer(
1185         pending_write_bufs_.front().get(), pending_write_bufs_.front()->size());
1186     pending_write_bufs_.pop_front();
1187   }
1188
1189   result = connection_->socket()->Write(
1190       current_write_buf_.get(),
1191       current_write_buf_->BytesRemaining(),
1192       base::Bind(&SocketStream::OnWriteCompleted, base::Unretained(this)));
1193
1194   if (result == ERR_IO_PENDING) {
1195     waiting_for_write_completion_ = true;
1196   } else if (result < 0) {
1197     // Shortcut. Enter STATE_CLOSE now by changing next_state_ here than by
1198     // calling DoReadWrite() again with the error code.
1199     next_state_ = STATE_CLOSE;
1200   } else if (result > 0) {
1201     // Write is not pending. Return OK and do next loop.
1202     DidSendData(result);
1203     result = OK;
1204   }
1205
1206   return result;
1207 }
1208
1209 GURL SocketStream::ProxyAuthOrigin() const {
1210   DCHECK(!proxy_info_.is_empty());
1211   return GURL("http://" +
1212               proxy_info_.proxy_server().host_port_pair().ToString());
1213 }
1214
1215 int SocketStream::HandleCertificateRequest(int result, SSLConfig* ssl_config) {
1216   if (ssl_config->send_client_cert) {
1217     // We already have performed SSL client authentication once and failed.
1218     return result;
1219   }
1220
1221   DCHECK(connection_->socket());
1222   scoped_refptr<SSLCertRequestInfo> cert_request_info = new SSLCertRequestInfo;
1223   SSLClientSocket* ssl_socket =
1224       static_cast<SSLClientSocket*>(connection_->socket());
1225   ssl_socket->GetSSLCertRequestInfo(cert_request_info.get());
1226
1227   HttpTransactionFactory* factory = context_->http_transaction_factory();
1228   if (!factory)
1229     return result;
1230   scoped_refptr<HttpNetworkSession> session = factory->GetSession();
1231   if (!session.get())
1232     return result;
1233
1234   // If the user selected one of the certificates in client_certs or declined
1235   // to provide one for this server before, use the past decision
1236   // automatically.
1237   scoped_refptr<X509Certificate> client_cert;
1238   if (!session->ssl_client_auth_cache()->Lookup(
1239           cert_request_info->host_and_port, &client_cert)) {
1240     return result;
1241   }
1242
1243   // Note: |client_cert| may be NULL, indicating that the caller
1244   // wishes to proceed anonymously (eg: continue the handshake
1245   // without sending a client cert)
1246   //
1247   // Check that the certificate selected is still a certificate the server
1248   // is likely to accept, based on the criteria supplied in the
1249   // CertificateRequest message.
1250   const std::vector<std::string>& cert_authorities =
1251       cert_request_info->cert_authorities;
1252   if (client_cert.get() && !cert_authorities.empty() &&
1253       !client_cert->IsIssuedByEncoded(cert_authorities)) {
1254     return result;
1255   }
1256
1257   ssl_config->send_client_cert = true;
1258   ssl_config->client_cert = client_cert;
1259   next_state_ = STATE_TCP_CONNECT;
1260   return OK;
1261 }
1262
1263 int SocketStream::AllowCertErrorForReconnection(SSLConfig* ssl_config) {
1264   DCHECK(ssl_config);
1265   // The SSL handshake didn't finish, or the server closed the SSL connection.
1266   // So, we should restart establishing connection with the certificate in
1267   // allowed bad certificates in |ssl_config|.
1268   // See also net/http/http_network_transaction.cc HandleCertificateError() and
1269   // RestartIgnoringLastError().
1270   SSLClientSocket* ssl_socket =
1271       static_cast<SSLClientSocket*>(connection_->socket());
1272   SSLInfo ssl_info;
1273   ssl_socket->GetSSLInfo(&ssl_info);
1274   if (ssl_info.cert.get() == NULL ||
1275       ssl_config->IsAllowedBadCert(ssl_info.cert.get(), NULL)) {
1276     // If we already have the certificate in the set of allowed bad
1277     // certificates, we did try it and failed again, so we should not
1278     // retry again: the connection should fail at last.
1279     next_state_ = STATE_CLOSE;
1280     return ERR_UNEXPECTED;
1281   }
1282   // Add the bad certificate to the set of allowed certificates in the
1283   // SSL config object.
1284   SSLConfig::CertAndStatus bad_cert;
1285   if (!X509Certificate::GetDEREncoded(ssl_info.cert->os_cert_handle(),
1286                                       &bad_cert.der_cert)) {
1287     next_state_ = STATE_CLOSE;
1288     return ERR_UNEXPECTED;
1289   }
1290   bad_cert.cert_status = ssl_info.cert_status;
1291   ssl_config->allowed_bad_certs.push_back(bad_cert);
1292   // Restart connection ignoring the bad certificate.
1293   connection_->socket()->Disconnect();
1294   connection_->SetSocket(scoped_ptr<StreamSocket>());
1295   next_state_ = STATE_TCP_CONNECT;
1296   return OK;
1297 }
1298
1299 void SocketStream::DoAuthRequired() {
1300   if (delegate_ && proxy_auth_controller_.get())
1301     delegate_->OnAuthRequired(this, proxy_auth_controller_->auth_info().get());
1302   else
1303     DoLoop(ERR_UNEXPECTED);
1304 }
1305
1306 void SocketStream::DoRestartWithAuth() {
1307   DCHECK_EQ(next_state_, STATE_AUTH_REQUIRED);
1308   tunnel_request_headers_ = NULL;
1309   tunnel_request_headers_bytes_sent_ = 0;
1310   tunnel_response_headers_ = NULL;
1311   tunnel_response_headers_capacity_ = 0;
1312   tunnel_response_headers_len_ = 0;
1313
1314   next_state_ = STATE_TCP_CONNECT;
1315   DoLoop(OK);
1316 }
1317
1318 int SocketStream::HandleCertificateError(int result) {
1319   DCHECK(IsCertificateError(result));
1320   SSLClientSocket* ssl_socket =
1321       static_cast<SSLClientSocket*>(connection_->socket());
1322   DCHECK(ssl_socket);
1323
1324   if (!context_)
1325     return result;
1326
1327   if (SSLClientSocket::IgnoreCertError(result, LOAD_IGNORE_ALL_CERT_ERRORS)) {
1328     const HttpNetworkSession::Params* session_params =
1329         context_->GetNetworkSessionParams();
1330     if (session_params && session_params->ignore_certificate_errors)
1331       return OK;
1332   }
1333
1334   if (!delegate_)
1335     return result;
1336
1337   SSLInfo ssl_info;
1338   ssl_socket->GetSSLInfo(&ssl_info);
1339
1340   TransportSecurityState* state = context_->transport_security_state();
1341   const bool fatal =
1342       state &&
1343       state->ShouldSSLErrorsBeFatal(
1344           url_.host(),
1345           SSLConfigService::IsSNIAvailable(context_->ssl_config_service()));
1346
1347   delegate_->OnSSLCertificateError(this, ssl_info, fatal);
1348   return ERR_IO_PENDING;
1349 }
1350
1351 CookieStore* SocketStream::cookie_store() const {
1352   return cookie_store_;
1353 }
1354
1355 }  // namespace net
Domain: Web Framework / Uncategorized;