1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/websockets/websocket_basic_handshake_stream.h"
13 #include "base/base64.h"
14 #include "base/basictypes.h"
15 #include "base/bind.h"
16 #include "base/compiler_specific.h"
17 #include "base/containers/hash_tables.h"
18 #include "base/logging.h"
19 #include "base/metrics/histogram.h"
20 #include "base/metrics/sparse_histogram.h"
21 #include "base/stl_util.h"
22 #include "base/strings/string_number_conversions.h"
23 #include "base/strings/string_piece.h"
24 #include "base/strings/string_util.h"
25 #include "base/strings/stringprintf.h"
26 #include "base/time/time.h"
27 #include "crypto/random.h"
28 #include "net/http/http_request_headers.h"
29 #include "net/http/http_request_info.h"
30 #include "net/http/http_response_body_drainer.h"
31 #include "net/http/http_response_headers.h"
32 #include "net/http/http_status_code.h"
33 #include "net/http/http_stream_parser.h"
34 #include "net/socket/client_socket_handle.h"
35 #include "net/socket/websocket_transport_client_socket_pool.h"
36 #include "net/websockets/websocket_basic_stream.h"
37 #include "net/websockets/websocket_deflate_predictor.h"
38 #include "net/websockets/websocket_deflate_predictor_impl.h"
39 #include "net/websockets/websocket_deflate_stream.h"
40 #include "net/websockets/websocket_deflater.h"
41 #include "net/websockets/websocket_extension_parser.h"
42 #include "net/websockets/websocket_handshake_constants.h"
43 #include "net/websockets/websocket_handshake_handler.h"
44 #include "net/websockets/websocket_handshake_request_info.h"
45 #include "net/websockets/websocket_handshake_response_info.h"
46 #include "net/websockets/websocket_stream.h"
52 // TODO(yhirano): Remove these functions once http://crbug.com/399535 is fixed.
53 NOINLINE void RunCallbackWithOk(const CompletionCallback& callback,
55 DCHECK_EQ(result, OK);
59 NOINLINE void RunCallbackWithInvalidResponseCausedByRedirect(
60 const CompletionCallback& callback,
62 DCHECK_EQ(result, ERR_INVALID_RESPONSE);
63 callback.Run(ERR_INVALID_RESPONSE);
66 NOINLINE void RunCallbackWithInvalidResponse(
67 const CompletionCallback& callback,
69 DCHECK_EQ(result, ERR_INVALID_RESPONSE);
70 callback.Run(ERR_INVALID_RESPONSE);
73 NOINLINE void RunCallback(const CompletionCallback& callback, int result) {
79 // TODO(ricea): If more extensions are added, replace this with a more general
81 struct WebSocketExtensionParams {
82 WebSocketExtensionParams()
83 : deflate_enabled(false),
84 client_window_bits(15),
85 deflate_mode(WebSocketDeflater::TAKE_OVER_CONTEXT) {}
88 int client_window_bits;
89 WebSocketDeflater::ContextTakeOverMode deflate_mode;
94 enum GetHeaderResult {
100 std::string MissingHeaderMessage(const std::string& header_name) {
101 return std::string("'") + header_name + "' header is missing";
104 std::string MultipleHeaderValuesMessage(const std::string& header_name) {
108 "' header must not appear more than once in a response";
111 std::string GenerateHandshakeChallenge() {
112 std::string raw_challenge(websockets::kRawChallengeLength, '\0');
113 crypto::RandBytes(string_as_array(&raw_challenge), raw_challenge.length());
114 std::string encoded_challenge;
115 base::Base64Encode(raw_challenge, &encoded_challenge);
116 return encoded_challenge;
119 void AddVectorHeaderIfNonEmpty(const char* name,
120 const std::vector<std::string>& value,
121 HttpRequestHeaders* headers) {
124 headers->SetHeader(name, JoinString(value, ", "));
127 GetHeaderResult GetSingleHeaderValue(const HttpResponseHeaders* headers,
128 const base::StringPiece& name,
129 std::string* value) {
130 void* state = nullptr;
131 size_t num_values = 0;
132 std::string temp_value;
133 while (headers->EnumerateHeader(&state, name, &temp_value)) {
134 if (++num_values > 1)
135 return GET_HEADER_MULTIPLE;
138 return num_values > 0 ? GET_HEADER_OK : GET_HEADER_MISSING;
141 bool ValidateHeaderHasSingleValue(GetHeaderResult result,
142 const std::string& header_name,
143 std::string* failure_message) {
144 if (result == GET_HEADER_MISSING) {
145 *failure_message = MissingHeaderMessage(header_name);
148 if (result == GET_HEADER_MULTIPLE) {
149 *failure_message = MultipleHeaderValuesMessage(header_name);
152 DCHECK_EQ(result, GET_HEADER_OK);
156 bool ValidateUpgrade(const HttpResponseHeaders* headers,
157 std::string* failure_message) {
159 GetHeaderResult result =
160 GetSingleHeaderValue(headers, websockets::kUpgrade, &value);
161 if (!ValidateHeaderHasSingleValue(result,
162 websockets::kUpgrade,
167 if (!LowerCaseEqualsASCII(value, websockets::kWebSocketLowercase)) {
169 "'Upgrade' header value is not 'WebSocket': " + value;
175 bool ValidateSecWebSocketAccept(const HttpResponseHeaders* headers,
176 const std::string& expected,
177 std::string* failure_message) {
179 GetHeaderResult result =
180 GetSingleHeaderValue(headers, websockets::kSecWebSocketAccept, &actual);
181 if (!ValidateHeaderHasSingleValue(result,
182 websockets::kSecWebSocketAccept,
187 if (expected != actual) {
188 *failure_message = "Incorrect 'Sec-WebSocket-Accept' header value";
194 bool ValidateConnection(const HttpResponseHeaders* headers,
195 std::string* failure_message) {
196 // Connection header is permitted to contain other tokens.
197 if (!headers->HasHeader(HttpRequestHeaders::kConnection)) {
198 *failure_message = MissingHeaderMessage(HttpRequestHeaders::kConnection);
201 if (!headers->HasHeaderValue(HttpRequestHeaders::kConnection,
202 websockets::kUpgrade)) {
203 *failure_message = "'Connection' header value must contain 'Upgrade'";
209 bool ValidateSubProtocol(
210 const HttpResponseHeaders* headers,
211 const std::vector<std::string>& requested_sub_protocols,
212 std::string* sub_protocol,
213 std::string* failure_message) {
214 void* state = nullptr;
216 base::hash_set<std::string> requested_set(requested_sub_protocols.begin(),
217 requested_sub_protocols.end());
219 bool has_multiple_protocols = false;
220 bool has_invalid_protocol = false;
222 while (!has_invalid_protocol || !has_multiple_protocols) {
223 std::string temp_value;
224 if (!headers->EnumerateHeader(
225 &state, websockets::kSecWebSocketProtocol, &temp_value))
228 if (requested_set.count(value) == 0)
229 has_invalid_protocol = true;
231 has_multiple_protocols = true;
234 if (has_multiple_protocols) {
236 MultipleHeaderValuesMessage(websockets::kSecWebSocketProtocol);
238 } else if (count > 0 && requested_sub_protocols.size() == 0) {
240 std::string("Response must not include 'Sec-WebSocket-Protocol' "
241 "header if not present in request: ")
244 } else if (has_invalid_protocol) {
246 "'Sec-WebSocket-Protocol' header value '" +
248 "' in response does not match any of sent values";
250 } else if (requested_sub_protocols.size() > 0 && count == 0) {
252 "Sent non-empty 'Sec-WebSocket-Protocol' header "
253 "but no response was received";
256 *sub_protocol = value;
260 bool DeflateError(std::string* message, const base::StringPiece& piece) {
261 *message = "Error in permessage-deflate: ";
262 piece.AppendToString(message);
266 bool ValidatePerMessageDeflateExtension(const WebSocketExtension& extension,
267 std::string* failure_message,
268 WebSocketExtensionParams* params) {
269 static const char kClientPrefix[] = "client_";
270 static const char kServerPrefix[] = "server_";
271 static const char kNoContextTakeover[] = "no_context_takeover";
272 static const char kMaxWindowBits[] = "max_window_bits";
273 const size_t kPrefixLen = arraysize(kClientPrefix) - 1;
274 COMPILE_ASSERT(kPrefixLen == arraysize(kServerPrefix) - 1,
275 the_strings_server_and_client_must_be_the_same_length);
276 typedef std::vector<WebSocketExtension::Parameter> ParameterVector;
278 DCHECK_EQ("permessage-deflate", extension.name());
279 const ParameterVector& parameters = extension.parameters();
280 std::set<std::string> seen_names;
281 for (ParameterVector::const_iterator it = parameters.begin();
282 it != parameters.end(); ++it) {
283 const std::string& name = it->name();
284 if (seen_names.count(name) != 0) {
287 "Received duplicate permessage-deflate extension parameter " + name);
289 seen_names.insert(name);
290 const std::string client_or_server(name, 0, kPrefixLen);
291 const bool is_client = (client_or_server == kClientPrefix);
292 if (!is_client && client_or_server != kServerPrefix) {
295 "Received an unexpected permessage-deflate extension parameter");
297 const std::string rest(name, kPrefixLen);
298 if (rest == kNoContextTakeover) {
299 if (it->HasValue()) {
300 return DeflateError(failure_message,
301 "Received invalid " + name + " parameter");
304 params->deflate_mode = WebSocketDeflater::DO_NOT_TAKE_OVER_CONTEXT;
305 } else if (rest == kMaxWindowBits) {
307 return DeflateError(failure_message, name + " must have value");
309 if (!base::StringToInt(it->value(), &bits) || bits < 8 || bits > 15 ||
310 it->value()[0] == '0' ||
311 it->value().find_first_not_of("0123456789") != std::string::npos) {
312 return DeflateError(failure_message,
313 "Received invalid " + name + " parameter");
316 params->client_window_bits = bits;
320 "Received an unexpected permessage-deflate extension parameter");
323 params->deflate_enabled = true;
327 bool ValidateExtensions(const HttpResponseHeaders* headers,
328 const std::vector<std::string>& requested_extensions,
329 std::string* extensions,
330 std::string* failure_message,
331 WebSocketExtensionParams* params) {
332 void* state = nullptr;
334 std::vector<std::string> accepted_extensions;
335 // TODO(ricea): If adding support for additional extensions, generalise this
337 bool seen_permessage_deflate = false;
338 while (headers->EnumerateHeader(
339 &state, websockets::kSecWebSocketExtensions, &value)) {
340 WebSocketExtensionParser parser;
342 if (parser.has_error()) {
343 // TODO(yhirano) Set appropriate failure message.
345 "'Sec-WebSocket-Extensions' header value is "
346 "rejected by the parser: " +
350 if (parser.extension().name() == "permessage-deflate") {
351 if (seen_permessage_deflate) {
352 *failure_message = "Received duplicate permessage-deflate response";
355 seen_permessage_deflate = true;
356 if (!ValidatePerMessageDeflateExtension(
357 parser.extension(), failure_message, params))
361 "Found an unsupported extension '" +
362 parser.extension().name() +
363 "' in 'Sec-WebSocket-Extensions' header";
366 accepted_extensions.push_back(value);
368 *extensions = JoinString(accepted_extensions, ", ");
374 WebSocketBasicHandshakeStream::WebSocketBasicHandshakeStream(
375 scoped_ptr<ClientSocketHandle> connection,
376 WebSocketStream::ConnectDelegate* connect_delegate,
378 std::vector<std::string> requested_sub_protocols,
379 std::vector<std::string> requested_extensions,
380 std::string* failure_message)
381 : state_(connection.release(), using_proxy),
382 connect_delegate_(connect_delegate),
383 http_response_info_(nullptr),
384 requested_sub_protocols_(requested_sub_protocols),
385 requested_extensions_(requested_extensions),
386 failure_message_(failure_message) {
387 DCHECK(connect_delegate);
388 DCHECK(failure_message);
391 WebSocketBasicHandshakeStream::~WebSocketBasicHandshakeStream() {}
393 int WebSocketBasicHandshakeStream::InitializeStream(
394 const HttpRequestInfo* request_info,
395 RequestPriority priority,
396 const BoundNetLog& net_log,
397 const CompletionCallback& callback) {
398 url_ = request_info->url;
399 state_.Initialize(request_info, priority, net_log, callback);
403 int WebSocketBasicHandshakeStream::SendRequest(
404 const HttpRequestHeaders& headers,
405 HttpResponseInfo* response,
406 const CompletionCallback& callback) {
407 DCHECK(!headers.HasHeader(websockets::kSecWebSocketKey));
408 DCHECK(!headers.HasHeader(websockets::kSecWebSocketProtocol));
409 DCHECK(!headers.HasHeader(websockets::kSecWebSocketExtensions));
410 DCHECK(headers.HasHeader(HttpRequestHeaders::kOrigin));
411 DCHECK(headers.HasHeader(websockets::kUpgrade));
412 DCHECK(headers.HasHeader(HttpRequestHeaders::kConnection));
413 DCHECK(headers.HasHeader(websockets::kSecWebSocketVersion));
416 http_response_info_ = response;
418 // Create a copy of the headers object, so that we can add the
419 // Sec-WebSockey-Key header.
420 HttpRequestHeaders enriched_headers;
421 enriched_headers.CopyFrom(headers);
422 std::string handshake_challenge;
423 if (handshake_challenge_for_testing_) {
424 handshake_challenge = *handshake_challenge_for_testing_;
425 handshake_challenge_for_testing_.reset();
427 handshake_challenge = GenerateHandshakeChallenge();
429 enriched_headers.SetHeader(websockets::kSecWebSocketKey, handshake_challenge);
431 AddVectorHeaderIfNonEmpty(websockets::kSecWebSocketExtensions,
432 requested_extensions_,
434 AddVectorHeaderIfNonEmpty(websockets::kSecWebSocketProtocol,
435 requested_sub_protocols_,
438 ComputeSecWebSocketAccept(handshake_challenge,
439 &handshake_challenge_response_);
441 DCHECK(connect_delegate_);
442 scoped_ptr<WebSocketHandshakeRequestInfo> request(
443 new WebSocketHandshakeRequestInfo(url_, base::Time::Now()));
444 request->headers.CopyFrom(enriched_headers);
445 connect_delegate_->OnStartOpeningHandshake(request.Pass());
447 return parser()->SendRequest(
448 state_.GenerateRequestLine(), enriched_headers, response, callback);
451 int WebSocketBasicHandshakeStream::ReadResponseHeaders(
452 const CompletionCallback& callback) {
453 // HttpStreamParser uses a weak pointer when reading from the
454 // socket, so it won't be called back after being destroyed. The
455 // HttpStreamParser is owned by HttpBasicState which is owned by this object,
456 // so this use of base::Unretained() is safe.
457 int rv = parser()->ReadResponseHeaders(
458 base::Bind(&WebSocketBasicHandshakeStream::ReadResponseHeadersCallback,
459 base::Unretained(this),
461 if (rv == ERR_IO_PENDING)
463 bool is_redirect = false;
464 return ValidateResponse(rv, &is_redirect);
467 int WebSocketBasicHandshakeStream::ReadResponseBody(
470 const CompletionCallback& callback) {
471 return parser()->ReadResponseBody(buf, buf_len, callback);
474 void WebSocketBasicHandshakeStream::Close(bool not_reusable) {
475 // This class ignores the value of |not_reusable| and never lets the socket be
478 parser()->Close(true);
481 bool WebSocketBasicHandshakeStream::IsResponseBodyComplete() const {
482 return parser()->IsResponseBodyComplete();
485 bool WebSocketBasicHandshakeStream::CanFindEndOfResponse() const {
486 return parser() && parser()->CanFindEndOfResponse();
489 bool WebSocketBasicHandshakeStream::IsConnectionReused() const {
490 return parser()->IsConnectionReused();
493 void WebSocketBasicHandshakeStream::SetConnectionReused() {
494 parser()->SetConnectionReused();
497 bool WebSocketBasicHandshakeStream::IsConnectionReusable() const {
501 int64 WebSocketBasicHandshakeStream::GetTotalReceivedBytes() const {
505 bool WebSocketBasicHandshakeStream::GetLoadTimingInfo(
506 LoadTimingInfo* load_timing_info) const {
507 return state_.connection()->GetLoadTimingInfo(IsConnectionReused(),
511 void WebSocketBasicHandshakeStream::GetSSLInfo(SSLInfo* ssl_info) {
512 parser()->GetSSLInfo(ssl_info);
515 void WebSocketBasicHandshakeStream::GetSSLCertRequestInfo(
516 SSLCertRequestInfo* cert_request_info) {
517 parser()->GetSSLCertRequestInfo(cert_request_info);
520 bool WebSocketBasicHandshakeStream::IsSpdyHttpStream() const { return false; }
522 void WebSocketBasicHandshakeStream::Drain(HttpNetworkSession* session) {
523 HttpResponseBodyDrainer* drainer = new HttpResponseBodyDrainer(this);
524 drainer->Start(session);
525 // |drainer| will delete itself.
528 void WebSocketBasicHandshakeStream::SetPriority(RequestPriority priority) {
529 // TODO(ricea): See TODO comment in HttpBasicStream::SetPriority(). If it is
530 // gone, then copy whatever has happened there over here.
533 UploadProgress WebSocketBasicHandshakeStream::GetUploadProgress() const {
534 return UploadProgress();
537 HttpStream* WebSocketBasicHandshakeStream::RenewStreamForAuth() {
538 // Return null because we don't support renewing the stream.
542 scoped_ptr<WebSocketStream> WebSocketBasicHandshakeStream::Upgrade() {
543 // The HttpStreamParser object has a pointer to our ClientSocketHandle. Make
544 // sure it does not touch it again before it is destroyed.
545 state_.DeleteParser();
546 WebSocketTransportClientSocketPool::UnlockEndpoint(state_.connection());
547 scoped_ptr<WebSocketStream> basic_stream(
548 new WebSocketBasicStream(state_.ReleaseConnection(),
552 DCHECK(extension_params_.get());
553 if (extension_params_->deflate_enabled) {
554 UMA_HISTOGRAM_ENUMERATION(
555 "Net.WebSocket.DeflateMode",
556 extension_params_->deflate_mode,
557 WebSocketDeflater::NUM_CONTEXT_TAKEOVER_MODE_TYPES);
559 return scoped_ptr<WebSocketStream>(
560 new WebSocketDeflateStream(basic_stream.Pass(),
561 extension_params_->deflate_mode,
562 extension_params_->client_window_bits,
563 scoped_ptr<WebSocketDeflatePredictor>(
564 new WebSocketDeflatePredictorImpl)));
566 return basic_stream.Pass();
570 void WebSocketBasicHandshakeStream::SetWebSocketKeyForTesting(
571 const std::string& key) {
572 handshake_challenge_for_testing_.reset(new std::string(key));
575 void WebSocketBasicHandshakeStream::ReadResponseHeadersCallback(
576 const CompletionCallback& callback,
578 bool is_redirect = false;
579 int rv = ValidateResponse(result, &is_redirect);
581 // TODO(yhirano): Simplify this statement once http://crbug.com/399535 is
585 RunCallbackWithOk(callback, rv);
587 case ERR_INVALID_RESPONSE:
589 RunCallbackWithInvalidResponseCausedByRedirect(callback, rv);
591 RunCallbackWithInvalidResponse(callback, rv);
594 RunCallback(callback, rv);
599 void WebSocketBasicHandshakeStream::OnFinishOpeningHandshake() {
600 DCHECK(http_response_info_);
601 WebSocketDispatchOnFinishOpeningHandshake(connect_delegate_,
603 http_response_info_->headers,
604 http_response_info_->response_time);
607 int WebSocketBasicHandshakeStream::ValidateResponse(int rv,
609 DCHECK(http_response_info_);
610 *is_redirect = false;
611 // Most net errors happen during connection, so they are not seen by this
612 // method. The histogram for error codes is created in
613 // Delegate::OnResponseStarted in websocket_stream.cc instead.
615 const HttpResponseHeaders* headers = http_response_info_->headers.get();
616 const int response_code = headers->response_code();
617 *is_redirect = HttpResponseHeaders::IsRedirectResponseCode(response_code);
618 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.WebSocket.ResponseCode", response_code);
619 switch (response_code) {
620 case HTTP_SWITCHING_PROTOCOLS:
621 OnFinishOpeningHandshake();
622 return ValidateUpgradeResponse(headers);
624 // We need to pass these through for authentication to work.
625 case HTTP_UNAUTHORIZED:
626 case HTTP_PROXY_AUTHENTICATION_REQUIRED:
629 // Other status codes are potentially risky (see the warnings in the
630 // WHATWG WebSocket API spec) and so are dropped by default.
632 // A WebSocket server cannot be using HTTP/0.9, so if we see version
633 // 0.9, it means the response was garbage.
634 // Reporting "Unexpected response code: 200" in this case is not
635 // helpful, so use a different error message.
636 if (headers->GetHttpVersion() == HttpVersion(0, 9)) {
638 "Error during WebSocket handshake: Invalid status line");
640 set_failure_message(base::StringPrintf(
641 "Error during WebSocket handshake: Unexpected response code: %d",
642 headers->response_code()));
644 OnFinishOpeningHandshake();
645 return ERR_INVALID_RESPONSE;
648 if (rv == ERR_EMPTY_RESPONSE) {
650 "Connection closed before receiving a handshake response");
653 set_failure_message(std::string("Error during WebSocket handshake: ") +
655 OnFinishOpeningHandshake();
660 int WebSocketBasicHandshakeStream::ValidateUpgradeResponse(
661 const HttpResponseHeaders* headers) {
662 extension_params_.reset(new WebSocketExtensionParams);
663 std::string failure_message;
664 if (ValidateUpgrade(headers, &failure_message) &&
665 ValidateSecWebSocketAccept(
666 headers, handshake_challenge_response_, &failure_message) &&
667 ValidateConnection(headers, &failure_message) &&
668 ValidateSubProtocol(headers,
669 requested_sub_protocols_,
672 ValidateExtensions(headers,
673 requested_extensions_,
676 extension_params_.get())) {
679 set_failure_message("Error during WebSocket handshake: " + failure_message);
680 return ERR_INVALID_RESPONSE;
683 void WebSocketBasicHandshakeStream::set_failure_message(
684 const std::string& failure_message) {
685 *failure_message_ = failure_message;