1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_network_transaction.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/compiler_specific.h"
13 #include "base/format_macros.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/metrics/field_trial.h"
16 #include "base/metrics/histogram.h"
17 #include "base/metrics/stats_counters.h"
18 #include "base/stl_util.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/string_util.h"
21 #include "base/strings/stringprintf.h"
22 #include "base/time/time.h"
23 #include "base/values.h"
24 #include "build/build_config.h"
25 #include "net/base/auth.h"
26 #include "net/base/host_port_pair.h"
27 #include "net/base/io_buffer.h"
28 #include "net/base/load_flags.h"
29 #include "net/base/load_timing_info.h"
30 #include "net/base/net_errors.h"
31 #include "net/base/net_util.h"
32 #include "net/base/upload_data_stream.h"
33 #include "net/http/http_auth.h"
34 #include "net/http/http_auth_handler.h"
35 #include "net/http/http_auth_handler_factory.h"
36 #include "net/http/http_basic_stream.h"
37 #include "net/http/http_chunked_decoder.h"
38 #include "net/http/http_network_session.h"
39 #include "net/http/http_proxy_client_socket.h"
40 #include "net/http/http_proxy_client_socket_pool.h"
41 #include "net/http/http_request_headers.h"
42 #include "net/http/http_request_info.h"
43 #include "net/http/http_response_headers.h"
44 #include "net/http/http_response_info.h"
45 #include "net/http/http_server_properties.h"
46 #include "net/http/http_status_code.h"
47 #include "net/http/http_stream_base.h"
48 #include "net/http/http_stream_factory.h"
49 #include "net/http/http_util.h"
50 #include "net/http/transport_security_state.h"
51 #include "net/http/url_security_manager.h"
52 #include "net/socket/client_socket_factory.h"
53 #include "net/socket/socks_client_socket_pool.h"
54 #include "net/socket/ssl_client_socket.h"
55 #include "net/socket/ssl_client_socket_pool.h"
56 #include "net/socket/transport_client_socket_pool.h"
57 #include "net/spdy/spdy_http_stream.h"
58 #include "net/spdy/spdy_session.h"
59 #include "net/spdy/spdy_session_pool.h"
60 #include "net/ssl/ssl_cert_request_info.h"
61 #include "net/ssl/ssl_connection_status_flags.h"
70 void ProcessAlternateProtocol(
71 HttpStreamFactory* factory,
72 const base::WeakPtr<HttpServerProperties>& http_server_properties,
73 const HttpResponseHeaders& headers,
74 const HostPortPair& http_host_port_pair) {
75 std::string alternate_protocol_str;
77 if (!headers.EnumerateHeader(NULL, kAlternateProtocolHeader,
78 &alternate_protocol_str)) {
79 // Header is not present.
83 factory->ProcessAlternateProtocol(http_server_properties,
84 alternate_protocol_str,
88 // Returns true if |error| is a client certificate authentication error.
89 bool IsClientCertificateError(int error) {
91 case ERR_BAD_SSL_CLIENT_AUTH_CERT:
92 case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED:
93 case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY:
94 case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED:
101 base::Value* NetLogSSLVersionFallbackCallback(
104 uint16 version_before,
105 uint16 version_after,
106 NetLog::LogLevel /* log_level */) {
107 base::DictionaryValue* dict = new base::DictionaryValue();
108 dict->SetString("host_and_port", GetHostAndPort(*url));
109 dict->SetInteger("net_error", net_error);
110 dict->SetInteger("version_before", version_before);
111 dict->SetInteger("version_after", version_after);
117 //-----------------------------------------------------------------------------
119 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
120 HttpNetworkSession* session)
121 : pending_auth_target_(HttpAuth::AUTH_NONE),
122 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete,
123 base::Unretained(this))),
127 headers_valid_(false),
128 logged_response_time_(false),
131 next_state_(STATE_NONE),
132 establishing_tunnel_(false) {
133 session->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
134 if (session->http_stream_factory()->has_next_protos()) {
135 server_ssl_config_.next_protos =
136 session->http_stream_factory()->next_protos();
138 proxy_ssl_config_ = server_ssl_config_;
141 HttpNetworkTransaction::~HttpNetworkTransaction() {
143 HttpResponseHeaders* headers = GetResponseHeaders();
144 // TODO(mbelshe): The stream_ should be able to compute whether or not the
145 // stream should be kept alive. No reason to compute here
147 bool try_to_keep_alive =
148 next_state_ == STATE_NONE &&
149 stream_->CanFindEndOfResponse() &&
150 (!headers || headers->IsKeepAlive());
151 if (!try_to_keep_alive) {
152 stream_->Close(true /* not reusable */);
154 if (stream_->IsResponseBodyComplete()) {
155 // If the response body is complete, we can just reuse the socket.
156 stream_->Close(false /* reusable */);
157 } else if (stream_->IsSpdyHttpStream()) {
158 // Doesn't really matter for SpdyHttpStream. Just close it.
159 stream_->Close(true /* not reusable */);
161 // Otherwise, we try to drain the response body.
162 HttpStreamBase* stream = stream_.release();
163 stream->Drain(session_);
168 if (request_ && request_->upload_data_stream)
169 request_->upload_data_stream->Reset(); // Invalidate pending callbacks.
172 int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
173 const CompletionCallback& callback,
174 const BoundNetLog& net_log) {
175 SIMPLE_STATS_COUNTER("HttpNetworkTransaction.Count");
178 request_ = request_info;
179 start_time_ = base::Time::Now();
181 if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) {
182 server_ssl_config_.rev_checking_enabled = false;
183 proxy_ssl_config_.rev_checking_enabled = false;
186 // Channel ID is enabled unless --disable-tls-channel-id flag is set,
187 // or if privacy mode is enabled.
188 bool channel_id_enabled = server_ssl_config_.channel_id_enabled &&
189 (request_->privacy_mode == kPrivacyModeDisabled);
190 server_ssl_config_.channel_id_enabled = channel_id_enabled;
192 next_state_ = STATE_CREATE_STREAM;
194 if (rv == ERR_IO_PENDING)
195 callback_ = callback;
199 int HttpNetworkTransaction::RestartIgnoringLastError(
200 const CompletionCallback& callback) {
201 DCHECK(!stream_.get());
202 DCHECK(!stream_request_.get());
203 DCHECK_EQ(STATE_NONE, next_state_);
205 next_state_ = STATE_CREATE_STREAM;
208 if (rv == ERR_IO_PENDING)
209 callback_ = callback;
213 int HttpNetworkTransaction::RestartWithCertificate(
214 X509Certificate* client_cert, const CompletionCallback& callback) {
215 // In HandleCertificateRequest(), we always tear down existing stream
216 // requests to force a new connection. So we shouldn't have one here.
217 DCHECK(!stream_request_.get());
218 DCHECK(!stream_.get());
219 DCHECK_EQ(STATE_NONE, next_state_);
221 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
222 &proxy_ssl_config_ : &server_ssl_config_;
223 ssl_config->send_client_cert = true;
224 ssl_config->client_cert = client_cert;
225 session_->ssl_client_auth_cache()->Add(
226 response_.cert_request_info->host_and_port, client_cert);
227 // Reset the other member variables.
228 // Note: this is necessary only with SSL renegotiation.
229 ResetStateForRestart();
230 next_state_ = STATE_CREATE_STREAM;
232 if (rv == ERR_IO_PENDING)
233 callback_ = callback;
237 int HttpNetworkTransaction::RestartWithAuth(
238 const AuthCredentials& credentials, const CompletionCallback& callback) {
239 HttpAuth::Target target = pending_auth_target_;
240 if (target == HttpAuth::AUTH_NONE) {
242 return ERR_UNEXPECTED;
244 pending_auth_target_ = HttpAuth::AUTH_NONE;
246 auth_controllers_[target]->ResetAuth(credentials);
248 DCHECK(callback_.is_null());
251 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) {
252 // In this case, we've gathered credentials for use with proxy
253 // authentication of a tunnel.
254 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
255 DCHECK(stream_request_ != NULL);
256 auth_controllers_[target] = NULL;
257 ResetStateForRestart();
258 rv = stream_request_->RestartTunnelWithProxyAuth(credentials);
260 // In this case, we've gathered credentials for the server or the proxy
261 // but it is not during the tunneling phase.
262 DCHECK(stream_request_ == NULL);
263 PrepareForAuthRestart(target);
267 if (rv == ERR_IO_PENDING)
268 callback_ = callback;
272 void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) {
273 DCHECK(HaveAuth(target));
274 DCHECK(!stream_request_.get());
276 bool keep_alive = false;
277 // Even if the server says the connection is keep-alive, we have to be
278 // able to find the end of each response in order to reuse the connection.
279 if (GetResponseHeaders()->IsKeepAlive() &&
280 stream_->CanFindEndOfResponse()) {
281 // If the response body hasn't been completely read, we need to drain
283 if (!stream_->IsResponseBodyComplete()) {
284 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
285 read_buf_ = new IOBuffer(kDrainBodyBufferSize); // A bit bucket.
286 read_buf_len_ = kDrainBodyBufferSize;
292 // We don't need to drain the response body, so we act as if we had drained
293 // the response body.
294 DidDrainBodyForAuthRestart(keep_alive);
297 void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) {
298 DCHECK(!stream_request_.get());
301 HttpStream* new_stream = NULL;
302 if (keep_alive && stream_->IsConnectionReusable()) {
303 // We should call connection_->set_idle_time(), but this doesn't occur
304 // often enough to be worth the trouble.
305 stream_->SetConnectionReused();
307 static_cast<HttpStream*>(stream_.get())->RenewStreamForAuth();
311 // Close the stream and mark it as not_reusable. Even in the
312 // keep_alive case, we've determined that the stream_ is not
313 // reusable if new_stream is NULL.
314 stream_->Close(true);
315 next_state_ = STATE_CREATE_STREAM;
317 next_state_ = STATE_INIT_STREAM;
319 stream_.reset(new_stream);
322 // Reset the other member variables.
323 ResetStateForAuthRestart();
326 bool HttpNetworkTransaction::IsReadyToRestartForAuth() {
327 return pending_auth_target_ != HttpAuth::AUTH_NONE &&
328 HaveAuth(pending_auth_target_);
331 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len,
332 const CompletionCallback& callback) {
334 DCHECK_LT(0, buf_len);
336 State next_state = STATE_NONE;
338 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
339 if (headers_valid_ && headers.get() && stream_request_.get()) {
340 // We're trying to read the body of the response but we're still trying
341 // to establish an SSL tunnel through an HTTP proxy. We can't read these
342 // bytes when establishing a tunnel because they might be controlled by
343 // an active network attacker. We don't worry about this for HTTP
344 // because an active network attacker can already control HTTP sessions.
345 // We reach this case when the user cancels a 407 proxy auth prompt. We
346 // also don't worry about this for an HTTPS Proxy, because the
347 // communication with the proxy is secure.
348 // See http://crbug.com/8473.
349 DCHECK(proxy_info_.is_http() || proxy_info_.is_https());
350 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED);
351 LOG(WARNING) << "Blocked proxy response with status "
352 << headers->response_code() << " to CONNECT request for "
353 << GetHostAndPort(request_->url) << ".";
354 return ERR_TUNNEL_CONNECTION_FAILED;
357 // Are we using SPDY or HTTP?
358 next_state = STATE_READ_BODY;
361 read_buf_len_ = buf_len;
363 next_state_ = next_state;
365 if (rv == ERR_IO_PENDING)
366 callback_ = callback;
370 bool HttpNetworkTransaction::GetFullRequestHeaders(
371 HttpRequestHeaders* headers) const {
372 // TODO(ttuttle): Make sure we've populated request_headers_.
373 *headers = request_headers_;
377 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const {
378 return ((headers_valid_ && response_.headers.get()) ||
379 response_.ssl_info.cert.get() || response_.cert_request_info.get())
384 LoadState HttpNetworkTransaction::GetLoadState() const {
385 // TODO(wtc): Define a new LoadState value for the
386 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request.
387 switch (next_state_) {
388 case STATE_CREATE_STREAM_COMPLETE:
389 return stream_request_->GetLoadState();
390 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
391 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
392 case STATE_SEND_REQUEST_COMPLETE:
393 return LOAD_STATE_SENDING_REQUEST;
394 case STATE_READ_HEADERS_COMPLETE:
395 return LOAD_STATE_WAITING_FOR_RESPONSE;
396 case STATE_READ_BODY_COMPLETE:
397 return LOAD_STATE_READING_RESPONSE;
399 return LOAD_STATE_IDLE;
403 UploadProgress HttpNetworkTransaction::GetUploadProgress() const {
405 return UploadProgress();
407 // TODO(bashi): This cast is temporary. Remove later.
408 return static_cast<HttpStream*>(stream_.get())->GetUploadProgress();
411 bool HttpNetworkTransaction::GetLoadTimingInfo(
412 LoadTimingInfo* load_timing_info) const {
413 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info))
416 load_timing_info->proxy_resolve_start =
417 proxy_info_.proxy_resolve_start_time();
418 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time();
419 load_timing_info->send_start = send_start_time_;
420 load_timing_info->send_end = send_end_time_;
424 void HttpNetworkTransaction::SetPriority(RequestPriority priority) {
425 priority_ = priority;
427 stream_request_->SetPriority(priority);
429 stream_->SetPriority(priority);
432 void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
433 const ProxyInfo& used_proxy_info,
434 HttpStreamBase* stream) {
435 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
436 DCHECK(stream_request_.get());
438 stream_.reset(stream);
439 server_ssl_config_ = used_ssl_config;
440 proxy_info_ = used_proxy_info;
441 response_.was_npn_negotiated = stream_request_->was_npn_negotiated();
442 response_.npn_negotiated_protocol = SSLClientSocket::NextProtoToString(
443 stream_request_->protocol_negotiated());
444 response_.was_fetched_via_spdy = stream_request_->using_spdy();
445 response_.was_fetched_via_proxy = !proxy_info_.is_direct();
450 void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady(
451 const SSLConfig& used_ssl_config,
452 const ProxyInfo& used_proxy_info,
453 WebSocketHandshakeStreamBase* stream) {
454 NOTREACHED() << "This function should never be called.";
457 void HttpNetworkTransaction::OnStreamFailed(int result,
458 const SSLConfig& used_ssl_config) {
459 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
460 DCHECK_NE(OK, result);
461 DCHECK(stream_request_.get());
462 DCHECK(!stream_.get());
463 server_ssl_config_ = used_ssl_config;
465 OnIOComplete(result);
468 void HttpNetworkTransaction::OnCertificateError(
470 const SSLConfig& used_ssl_config,
471 const SSLInfo& ssl_info) {
472 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
473 DCHECK_NE(OK, result);
474 DCHECK(stream_request_.get());
475 DCHECK(!stream_.get());
477 response_.ssl_info = ssl_info;
478 server_ssl_config_ = used_ssl_config;
480 // TODO(mbelshe): For now, we're going to pass the error through, and that
481 // will close the stream_request in all cases. This means that we're always
482 // going to restart an entire STATE_CREATE_STREAM, even if the connection is
483 // good and the user chooses to ignore the error. This is not ideal, but not
484 // the end of the world either.
486 OnIOComplete(result);
489 void HttpNetworkTransaction::OnNeedsProxyAuth(
490 const HttpResponseInfo& proxy_response,
491 const SSLConfig& used_ssl_config,
492 const ProxyInfo& used_proxy_info,
493 HttpAuthController* auth_controller) {
494 DCHECK(stream_request_.get());
495 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
497 establishing_tunnel_ = true;
498 response_.headers = proxy_response.headers;
499 response_.auth_challenge = proxy_response.auth_challenge;
500 headers_valid_ = true;
501 server_ssl_config_ = used_ssl_config;
502 proxy_info_ = used_proxy_info;
504 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
505 pending_auth_target_ = HttpAuth::AUTH_PROXY;
510 void HttpNetworkTransaction::OnNeedsClientAuth(
511 const SSLConfig& used_ssl_config,
512 SSLCertRequestInfo* cert_info) {
513 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
515 server_ssl_config_ = used_ssl_config;
516 response_.cert_request_info = cert_info;
517 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
520 void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
521 const HttpResponseInfo& response_info,
522 const SSLConfig& used_ssl_config,
523 const ProxyInfo& used_proxy_info,
524 HttpStreamBase* stream) {
525 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
527 headers_valid_ = true;
528 response_ = response_info;
529 server_ssl_config_ = used_ssl_config;
530 proxy_info_ = used_proxy_info;
531 stream_.reset(stream);
532 stream_request_.reset(); // we're done with the stream request
533 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
536 bool HttpNetworkTransaction::is_https_request() const {
537 return request_->url.SchemeIs("https");
540 void HttpNetworkTransaction::DoCallback(int rv) {
541 DCHECK_NE(rv, ERR_IO_PENDING);
542 DCHECK(!callback_.is_null());
544 // Since Run may result in Read being called, clear user_callback_ up front.
545 CompletionCallback c = callback_;
550 void HttpNetworkTransaction::OnIOComplete(int result) {
551 int rv = DoLoop(result);
552 if (rv != ERR_IO_PENDING)
556 int HttpNetworkTransaction::DoLoop(int result) {
557 DCHECK(next_state_ != STATE_NONE);
561 State state = next_state_;
562 next_state_ = STATE_NONE;
564 case STATE_CREATE_STREAM:
566 rv = DoCreateStream();
568 case STATE_CREATE_STREAM_COMPLETE:
569 rv = DoCreateStreamComplete(rv);
571 case STATE_INIT_STREAM:
575 case STATE_INIT_STREAM_COMPLETE:
576 rv = DoInitStreamComplete(rv);
578 case STATE_GENERATE_PROXY_AUTH_TOKEN:
580 rv = DoGenerateProxyAuthToken();
582 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
583 rv = DoGenerateProxyAuthTokenComplete(rv);
585 case STATE_GENERATE_SERVER_AUTH_TOKEN:
587 rv = DoGenerateServerAuthToken();
589 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
590 rv = DoGenerateServerAuthTokenComplete(rv);
592 case STATE_INIT_REQUEST_BODY:
594 rv = DoInitRequestBody();
596 case STATE_INIT_REQUEST_BODY_COMPLETE:
597 rv = DoInitRequestBodyComplete(rv);
599 case STATE_BUILD_REQUEST:
601 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST);
602 rv = DoBuildRequest();
604 case STATE_BUILD_REQUEST_COMPLETE:
605 rv = DoBuildRequestComplete(rv);
607 case STATE_SEND_REQUEST:
609 rv = DoSendRequest();
611 case STATE_SEND_REQUEST_COMPLETE:
612 rv = DoSendRequestComplete(rv);
613 net_log_.EndEventWithNetErrorCode(
614 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv);
616 case STATE_READ_HEADERS:
618 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS);
619 rv = DoReadHeaders();
621 case STATE_READ_HEADERS_COMPLETE:
622 rv = DoReadHeadersComplete(rv);
623 net_log_.EndEventWithNetErrorCode(
624 NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv);
626 case STATE_READ_BODY:
628 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY);
631 case STATE_READ_BODY_COMPLETE:
632 rv = DoReadBodyComplete(rv);
633 net_log_.EndEventWithNetErrorCode(
634 NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv);
636 case STATE_DRAIN_BODY_FOR_AUTH_RESTART:
639 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART);
640 rv = DoDrainBodyForAuthRestart();
642 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE:
643 rv = DoDrainBodyForAuthRestartComplete(rv);
644 net_log_.EndEventWithNetErrorCode(
645 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv);
648 NOTREACHED() << "bad state";
652 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
657 int HttpNetworkTransaction::DoCreateStream() {
658 next_state_ = STATE_CREATE_STREAM_COMPLETE;
660 stream_request_.reset(
661 session_->http_stream_factory()->RequestStream(
668 DCHECK(stream_request_.get());
669 return ERR_IO_PENDING;
672 int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
674 next_state_ = STATE_INIT_STREAM;
675 DCHECK(stream_.get());
676 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
677 result = HandleCertificateRequest(result);
678 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
679 // Return OK and let the caller read the proxy's error page
680 next_state_ = STATE_NONE;
684 // Handle possible handshake errors that may have occurred if the stream
685 // used SSL for one or more of the layers.
686 result = HandleSSLHandshakeError(result);
688 // At this point we are done with the stream_request_.
689 stream_request_.reset();
693 int HttpNetworkTransaction::DoInitStream() {
694 DCHECK(stream_.get());
695 next_state_ = STATE_INIT_STREAM_COMPLETE;
696 return stream_->InitializeStream(request_, priority_, net_log_, io_callback_);
699 int HttpNetworkTransaction::DoInitStreamComplete(int result) {
701 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
704 result = HandleIOError(result);
706 // The stream initialization failed, so this stream will never be useful.
713 int HttpNetworkTransaction::DoGenerateProxyAuthToken() {
714 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
715 if (!ShouldApplyProxyAuth())
717 HttpAuth::Target target = HttpAuth::AUTH_PROXY;
718 if (!auth_controllers_[target].get())
719 auth_controllers_[target] =
720 new HttpAuthController(target,
722 session_->http_auth_cache(),
723 session_->http_auth_handler_factory());
724 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
729 int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) {
730 DCHECK_NE(ERR_IO_PENDING, rv);
732 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN;
736 int HttpNetworkTransaction::DoGenerateServerAuthToken() {
737 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE;
738 HttpAuth::Target target = HttpAuth::AUTH_SERVER;
739 if (!auth_controllers_[target].get()) {
740 auth_controllers_[target] =
741 new HttpAuthController(target,
743 session_->http_auth_cache(),
744 session_->http_auth_handler_factory());
745 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY)
746 auth_controllers_[target]->DisableEmbeddedIdentity();
748 if (!ShouldApplyServerAuth())
750 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
755 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
756 DCHECK_NE(ERR_IO_PENDING, rv);
758 next_state_ = STATE_INIT_REQUEST_BODY;
762 void HttpNetworkTransaction::BuildRequestHeaders(bool using_proxy) {
763 request_headers_.SetHeader(HttpRequestHeaders::kHost,
764 GetHostAndOptionalPort(request_->url));
766 // For compat with HTTP/1.0 servers and proxies:
768 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
771 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
774 // Add a content length header?
775 if (request_->upload_data_stream) {
776 if (request_->upload_data_stream->is_chunked()) {
777 request_headers_.SetHeader(
778 HttpRequestHeaders::kTransferEncoding, "chunked");
780 request_headers_.SetHeader(
781 HttpRequestHeaders::kContentLength,
782 base::Uint64ToString(request_->upload_data_stream->size()));
784 } else if (request_->method == "POST" || request_->method == "PUT" ||
785 request_->method == "HEAD") {
786 // An empty POST/PUT request still needs a content length. As for HEAD,
787 // IE and Safari also add a content length header. Presumably it is to
788 // support sending a HEAD request to an URL that only expects to be sent a
789 // POST or some other method that normally would have a message body.
790 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
793 // Honor load flags that impact proxy caches.
794 if (request_->load_flags & LOAD_BYPASS_CACHE) {
795 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
796 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
797 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
798 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
801 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
802 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
804 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
805 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
808 request_headers_.MergeFrom(request_->extra_headers);
809 response_.did_use_http_auth =
810 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
811 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
814 int HttpNetworkTransaction::DoInitRequestBody() {
815 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
817 if (request_->upload_data_stream)
818 rv = request_->upload_data_stream->Init(io_callback_);
822 int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
824 next_state_ = STATE_BUILD_REQUEST;
828 int HttpNetworkTransaction::DoBuildRequest() {
829 next_state_ = STATE_BUILD_REQUEST_COMPLETE;
830 headers_valid_ = false;
832 // This is constructed lazily (instead of within our Start method), so that
833 // we have proxy info available.
834 if (request_headers_.IsEmpty()) {
835 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
837 BuildRequestHeaders(using_proxy);
843 int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
845 next_state_ = STATE_SEND_REQUEST;
849 int HttpNetworkTransaction::DoSendRequest() {
850 send_start_time_ = base::TimeTicks::Now();
851 next_state_ = STATE_SEND_REQUEST_COMPLETE;
853 return stream_->SendRequest(request_headers_, &response_, io_callback_);
856 int HttpNetworkTransaction::DoSendRequestComplete(int result) {
857 send_end_time_ = base::TimeTicks::Now();
859 return HandleIOError(result);
860 response_.network_accessed = true;
861 next_state_ = STATE_READ_HEADERS;
865 int HttpNetworkTransaction::DoReadHeaders() {
866 next_state_ = STATE_READ_HEADERS_COMPLETE;
867 return stream_->ReadResponseHeaders(io_callback_);
870 int HttpNetworkTransaction::HandleConnectionClosedBeforeEndOfHeaders() {
871 if (!response_.headers.get() && !stream_->IsConnectionReused()) {
872 // The connection was closed before any data was sent. Likely an error
873 // rather than empty HTTP/0.9 response.
874 return ERR_EMPTY_RESPONSE;
880 int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
881 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here
882 // due to SSL renegotiation.
883 if (IsCertificateError(result)) {
884 // We don't handle a certificate error during SSL renegotiation, so we
885 // have to return an error that's not in the certificate error range
887 LOG(ERROR) << "Got a server certificate with error " << result
888 << " during SSL renegotiation";
889 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
890 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
891 // TODO(wtc): Need a test case for this code path!
892 DCHECK(stream_.get());
893 DCHECK(is_https_request());
894 response_.cert_request_info = new SSLCertRequestInfo;
895 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get());
896 result = HandleCertificateRequest(result);
901 if (result == ERR_QUIC_HANDSHAKE_FAILED) {
902 ResetConnectionAndRequestForResend();
906 if (result < 0 && result != ERR_CONNECTION_CLOSED)
907 return HandleIOError(result);
909 if (result == ERR_CONNECTION_CLOSED && ShouldResendRequest(result)) {
910 ResetConnectionAndRequestForResend();
914 // After we call RestartWithAuth a new response_time will be recorded, and
915 // we need to be cautious about incorrectly logging the duration across the
916 // authentication activity.
918 LogTransactionConnectedMetrics();
920 if (result == ERR_CONNECTION_CLOSED) {
921 // For now, if we get at least some data, we do the best we can to make
922 // sense of it and send it back up the stack.
923 int rv = HandleConnectionClosedBeforeEndOfHeaders();
927 DCHECK(response_.headers.get());
929 #if defined(SPDY_PROXY_AUTH_ORIGIN)
930 // Server-induced fallback; see: http://crbug.com/143712
931 if (response_.was_fetched_via_proxy && response_.headers.get() != NULL) {
932 ProxyService::DataReductionProxyBypassEventType proxy_bypass_event =
933 ProxyService::BYPASS_EVENT_TYPE_MAX;
934 base::TimeDelta bypass_duration;
935 bool chrome_proxy_used =
936 proxy_info_.proxy_server().isDataReductionProxy();
937 bool chrome_fallback_proxy_used = false;
938 #if defined(DATA_REDUCTION_FALLBACK_HOST)
939 if (!chrome_proxy_used) {
940 chrome_fallback_proxy_used =
941 proxy_info_.proxy_server().isDataReductionProxyFallback();
945 if (chrome_proxy_used || chrome_fallback_proxy_used) {
946 if (response_.headers->GetChromeProxyInfo(&bypass_duration)) {
948 (bypass_duration < base::TimeDelta::FromMinutes(30) ?
949 ProxyService::SHORT_BYPASS :
950 ProxyService::LONG_BYPASS);
952 // Additionally, fallback if a 500 is returned via the data reduction
953 // proxy. This is conservative, as the 500 might have been generated by
954 // the origin, and not the proxy.
955 if (response_.headers->response_code() == HTTP_INTERNAL_SERVER_ERROR)
956 proxy_bypass_event = ProxyService::INTERNAL_SERVER_ERROR_BYPASS;
959 if (proxy_bypass_event < ProxyService::BYPASS_EVENT_TYPE_MAX) {
960 ProxyService* proxy_service = session_->proxy_service();
962 proxy_service->RecordDataReductionProxyBypassInfo(
963 chrome_proxy_used, proxy_info_.proxy_server(), proxy_bypass_event);
965 if (proxy_service->MarkProxyAsBad(proxy_info_, bypass_duration,
967 // Only retry in the case of GETs. We don't want to resubmit a POST
968 // if the proxy took some action.
969 if (request_->method == "GET") {
970 ResetConnectionAndRequestForResend();
979 // Like Net.HttpResponseCode, but only for MAIN_FRAME loads.
980 if (request_->load_flags & LOAD_MAIN_FRAME) {
981 const int response_code = response_.headers->response_code();
982 UMA_HISTOGRAM_ENUMERATION(
983 "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10);
987 NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS,
988 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers));
990 if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0)) {
991 // HTTP/0.9 doesn't support the PUT method, so lack of response headers
992 // indicates a buggy server. See:
993 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921
994 if (request_->method == "PUT")
995 return ERR_METHOD_NOT_SUPPORTED;
998 // Check for an intermediate 100 Continue response. An origin server is
999 // allowed to send this response even if we didn't ask for it, so we just
1000 // need to skip over it.
1001 // We treat any other 1xx in this same way (although in practice getting
1002 // a 1xx that isn't a 100 is rare).
1003 if (response_.headers->response_code() / 100 == 1) {
1004 response_.headers = new HttpResponseHeaders(std::string());
1005 next_state_ = STATE_READ_HEADERS;
1009 HostPortPair endpoint = HostPortPair(request_->url.HostNoBrackets(),
1010 request_->url.EffectiveIntPort());
1011 ProcessAlternateProtocol(session_->http_stream_factory(),
1012 session_->http_server_properties(),
1013 *response_.headers.get(),
1016 int rv = HandleAuthChallenge();
1020 if (is_https_request())
1021 stream_->GetSSLInfo(&response_.ssl_info);
1023 headers_valid_ = true;
1027 int HttpNetworkTransaction::DoReadBody() {
1028 DCHECK(read_buf_.get());
1029 DCHECK_GT(read_buf_len_, 0);
1030 DCHECK(stream_ != NULL);
1032 next_state_ = STATE_READ_BODY_COMPLETE;
1033 return stream_->ReadResponseBody(
1034 read_buf_.get(), read_buf_len_, io_callback_);
1037 int HttpNetworkTransaction::DoReadBodyComplete(int result) {
1038 // We are done with the Read call.
1041 DCHECK_NE(ERR_IO_PENDING, result);
1045 bool keep_alive = false;
1046 if (stream_->IsResponseBodyComplete()) {
1047 // Note: Just because IsResponseBodyComplete is true, we're not
1048 // necessarily "done". We're only "done" when it is the last
1049 // read on this HttpNetworkTransaction, which will be signified
1050 // by a zero-length read.
1051 // TODO(mbelshe): The keepalive property is really a property of
1052 // the stream. No need to compute it here just to pass back
1053 // to the stream's Close function.
1054 // TODO(rtenneti): CanFindEndOfResponse should return false if there are no
1056 if (stream_->CanFindEndOfResponse()) {
1057 HttpResponseHeaders* headers = GetResponseHeaders();
1059 keep_alive = headers->IsKeepAlive();
1063 // Clean up connection if we are done.
1065 LogTransactionMetrics();
1066 stream_->Close(!keep_alive);
1067 // Note: we don't reset the stream here. We've closed it, but we still
1068 // need it around so that callers can call methods such as
1069 // GetUploadProgress() and have them be meaningful.
1070 // TODO(mbelshe): This means we closed the stream here, and we close it
1071 // again in ~HttpNetworkTransaction. Clean that up.
1073 // The next Read call will return 0 (EOF).
1076 // Clear these to avoid leaving around old state.
1083 int HttpNetworkTransaction::DoDrainBodyForAuthRestart() {
1084 // This method differs from DoReadBody only in the next_state_. So we just
1085 // call DoReadBody and override the next_state_. Perhaps there is a more
1086 // elegant way for these two methods to share code.
1087 int rv = DoReadBody();
1088 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE);
1089 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE;
1093 // TODO(wtc): This method and the DoReadBodyComplete method are almost
1094 // the same. Figure out a good way for these two methods to share code.
1095 int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) {
1096 // keep_alive defaults to true because the very reason we're draining the
1097 // response body is to reuse the connection for auth restart.
1098 bool done = false, keep_alive = true;
1100 // Error or closed connection while reading the socket.
1103 } else if (stream_->IsResponseBodyComplete()) {
1108 DidDrainBodyForAuthRestart(keep_alive);
1111 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
1117 void HttpNetworkTransaction::LogTransactionConnectedMetrics() {
1118 if (logged_response_time_)
1121 logged_response_time_ = true;
1123 base::TimeDelta total_duration = response_.response_time - start_time_;
1125 UMA_HISTOGRAM_CUSTOM_TIMES(
1126 "Net.Transaction_Connected",
1128 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1131 bool reused_socket = stream_->IsConnectionReused();
1132 if (!reused_socket) {
1133 UMA_HISTOGRAM_CUSTOM_TIMES(
1134 "Net.Transaction_Connected_New_b",
1136 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1140 // Currently, non-HIGHEST priority requests are frame or sub-frame resource
1141 // types. This will change when we also prioritize certain subresources like
1143 if (priority_ != HIGHEST) {
1144 UMA_HISTOGRAM_CUSTOM_TIMES(
1145 "Net.Priority_High_Latency_b",
1147 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1150 UMA_HISTOGRAM_CUSTOM_TIMES(
1151 "Net.Priority_Low_Latency_b",
1153 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1158 void HttpNetworkTransaction::LogTransactionMetrics() const {
1159 base::TimeDelta duration = base::Time::Now() -
1160 response_.request_time;
1161 if (60 < duration.InMinutes())
1164 base::TimeDelta total_duration = base::Time::Now() - start_time_;
1166 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_b", duration,
1167 base::TimeDelta::FromMilliseconds(1),
1168 base::TimeDelta::FromMinutes(10),
1170 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_Total",
1172 base::TimeDelta::FromMilliseconds(1),
1173 base::TimeDelta::FromMinutes(10), 100);
1175 if (!stream_->IsConnectionReused()) {
1176 UMA_HISTOGRAM_CUSTOM_TIMES(
1177 "Net.Transaction_Latency_Total_New_Connection",
1178 total_duration, base::TimeDelta::FromMilliseconds(1),
1179 base::TimeDelta::FromMinutes(10), 100);
1183 int HttpNetworkTransaction::HandleCertificateRequest(int error) {
1184 // There are two paths through which the server can request a certificate
1185 // from us. The first is during the initial handshake, the second is
1186 // during SSL renegotiation.
1188 // In both cases, we want to close the connection before proceeding.
1189 // We do this for two reasons:
1190 // First, we don't want to keep the connection to the server hung for a
1191 // long time while the user selects a certificate.
1192 // Second, even if we did keep the connection open, NSS has a bug where
1193 // restarting the handshake for ClientAuth is currently broken.
1194 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
1196 if (stream_.get()) {
1197 // Since we already have a stream, we're being called as part of SSL
1199 DCHECK(!stream_request_.get());
1200 stream_->Close(true);
1204 // The server is asking for a client certificate during the initial
1206 stream_request_.reset();
1208 // If the user selected one of the certificates in client_certs or declined
1209 // to provide one for this server before, use the past decision
1211 scoped_refptr<X509Certificate> client_cert;
1212 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup(
1213 response_.cert_request_info->host_and_port, &client_cert);
1214 if (!found_cached_cert)
1217 // Check that the certificate selected is still a certificate the server
1218 // is likely to accept, based on the criteria supplied in the
1219 // CertificateRequest message.
1220 if (client_cert.get()) {
1221 const std::vector<std::string>& cert_authorities =
1222 response_.cert_request_info->cert_authorities;
1224 bool cert_still_valid = cert_authorities.empty() ||
1225 client_cert->IsIssuedByEncoded(cert_authorities);
1226 if (!cert_still_valid)
1230 // TODO(davidben): Add a unit test which covers this path; we need to be
1231 // able to send a legitimate certificate and also bypass/clear the
1232 // SSL session cache.
1233 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
1234 &proxy_ssl_config_ : &server_ssl_config_;
1235 ssl_config->send_client_cert = true;
1236 ssl_config->client_cert = client_cert;
1237 next_state_ = STATE_CREATE_STREAM;
1238 // Reset the other member variables.
1239 // Note: this is necessary only with SSL renegotiation.
1240 ResetStateForRestart();
1244 // TODO(rch): This does not correctly handle errors when an SSL proxy is
1245 // being used, as all of the errors are handled as if they were generated
1246 // by the endpoint host, request_->url, rather than considering if they were
1247 // generated by the SSL proxy. http://crbug.com/69329
1248 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
1250 if (server_ssl_config_.send_client_cert &&
1251 (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
1252 session_->ssl_client_auth_cache()->Remove(
1253 GetHostAndPort(request_->url));
1256 bool should_fallback = false;
1257 uint16 version_max = server_ssl_config_.version_max;
1260 case ERR_SSL_PROTOCOL_ERROR:
1261 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1262 if (version_max >= SSL_PROTOCOL_VERSION_TLS1 &&
1263 version_max > server_ssl_config_.version_min) {
1264 // This could be a TLS-intolerant server or a server that chose a
1265 // cipher suite defined only for higher protocol versions (such as
1266 // an SSL 3.0 server that chose a TLS-only cipher suite). Fall
1267 // back to the next lower version and retry.
1268 // NOTE: if the SSLClientSocket class doesn't support TLS 1.1,
1269 // specifying TLS 1.1 in version_max will result in a TLS 1.0
1270 // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply
1271 // repeat the TLS 1.0 handshake. To avoid this problem, the default
1272 // version_max should match the maximum protocol version supported
1273 // by the SSLClientSocket class.
1275 should_fallback = true;
1278 case ERR_SSL_BAD_RECORD_MAC_ALERT:
1279 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
1280 version_max > server_ssl_config_.version_min) {
1281 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or
1282 // 1.2 ClientHello, but then return a bad_record_mac alert. See
1283 // crbug.com/260358. In order to make the fallback as minimal as
1284 // possible, this fallback is only triggered for >= TLS 1.1.
1286 should_fallback = true;
1291 // While fallback should be eliminated because of security reasons,
1292 // there is a high risk of breaking the servers if this is done in
1295 // For now fallback is disabled for Google servers first, and will be
1296 // expanded to other servers after enough experiences have been gained
1297 // showing that this experiment works well with today's Internet.
1299 // The --enable-unrestricted-ssl3-fallback command-line flag exists to allow
1300 // fallback to any version, all the way down to SSLv3.
1301 if (!server_ssl_config_.unrestricted_ssl3_fallback_enabled &&
1302 TransportSecurityState::IsGooglePinnedProperty(request_->url.host(),
1303 true /* include SNI */)) {
1304 should_fallback = false;
1307 if (should_fallback) {
1309 NetLog::TYPE_SSL_VERSION_FALLBACK,
1310 base::Bind(&NetLogSSLVersionFallbackCallback,
1311 &request_->url, error, server_ssl_config_.version_max,
1313 server_ssl_config_.version_max = version_max;
1314 server_ssl_config_.version_fallback = true;
1315 ResetConnectionAndRequestForResend();
1322 // This method determines whether it is safe to resend the request after an
1323 // IO error. It can only be called in response to request header or body
1324 // write errors or response header read errors. It should not be used in
1325 // other cases, such as a Connect error.
1326 int HttpNetworkTransaction::HandleIOError(int error) {
1327 // SSL errors may happen at any time during the stream and indicate issues
1328 // with the underlying connection. Because the peer may request
1329 // renegotiation at any time, check and handle any possible SSL handshake
1330 // related errors. In addition to renegotiation, TLS False Start may cause
1331 // SSL handshake errors (specifically servers with buggy DEFLATE support)
1332 // to be delayed until the first Read on the underlying connection.
1333 error = HandleSSLHandshakeError(error);
1336 // If we try to reuse a connection that the server is in the process of
1337 // closing, we may end up successfully writing out our request (or a
1338 // portion of our request) only to find a connection error when we try to
1339 // read from (or finish writing to) the socket.
1340 case ERR_CONNECTION_RESET:
1341 case ERR_CONNECTION_CLOSED:
1342 case ERR_CONNECTION_ABORTED:
1343 // There can be a race between the socket pool checking checking whether a
1344 // socket is still connected, receiving the FIN, and sending/reading data
1345 // on a reused socket. If we receive the FIN between the connectedness
1346 // check and writing/reading from the socket, we may first learn the socket
1347 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most
1348 // likely happen when trying to retrieve its IP address.
1349 // See http://crbug.com/105824 for more details.
1350 case ERR_SOCKET_NOT_CONNECTED:
1351 if (ShouldResendRequest(error)) {
1352 net_log_.AddEventWithNetErrorCode(
1353 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1354 ResetConnectionAndRequestForResend();
1358 case ERR_PIPELINE_EVICTION:
1359 if (!session_->force_http_pipelining()) {
1360 net_log_.AddEventWithNetErrorCode(
1361 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1362 ResetConnectionAndRequestForResend();
1366 case ERR_SPDY_PING_FAILED:
1367 case ERR_SPDY_SERVER_REFUSED_STREAM:
1368 case ERR_QUIC_HANDSHAKE_FAILED:
1369 net_log_.AddEventWithNetErrorCode(
1370 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1371 ResetConnectionAndRequestForResend();
1378 void HttpNetworkTransaction::ResetStateForRestart() {
1379 ResetStateForAuthRestart();
1383 void HttpNetworkTransaction::ResetStateForAuthRestart() {
1384 send_start_time_ = base::TimeTicks();
1385 send_end_time_ = base::TimeTicks();
1387 pending_auth_target_ = HttpAuth::AUTH_NONE;
1390 headers_valid_ = false;
1391 request_headers_.Clear();
1392 response_ = HttpResponseInfo();
1393 establishing_tunnel_ = false;
1396 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
1397 return response_.headers.get();
1400 bool HttpNetworkTransaction::ShouldResendRequest(int error) const {
1401 bool connection_is_proven = stream_->IsConnectionReused();
1402 bool has_received_headers = GetResponseHeaders() != NULL;
1404 // NOTE: we resend a request only if we reused a keep-alive connection.
1405 // This automatically prevents an infinite resend loop because we'll run
1406 // out of the cached keep-alive connections eventually.
1407 if (connection_is_proven && !has_received_headers)
1412 void HttpNetworkTransaction::ResetConnectionAndRequestForResend() {
1413 if (stream_.get()) {
1414 stream_->Close(true);
1418 // We need to clear request_headers_ because it contains the real request
1419 // headers, but we may need to resend the CONNECT request first to recreate
1421 request_headers_.Clear();
1422 next_state_ = STATE_CREATE_STREAM; // Resend the request.
1425 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
1426 return !is_https_request() &&
1427 (proxy_info_.is_https() || proxy_info_.is_http());
1430 bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
1431 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
1434 int HttpNetworkTransaction::HandleAuthChallenge() {
1435 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
1436 DCHECK(headers.get());
1438 int status = headers->response_code();
1439 if (status != HTTP_UNAUTHORIZED &&
1440 status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
1442 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ?
1443 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
1444 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
1445 return ERR_UNEXPECTED_PROXY_AUTH;
1447 // This case can trigger when an HTTPS server responds with a "Proxy
1448 // authentication required" status code through a non-authenticating
1450 if (!auth_controllers_[target].get())
1451 return ERR_UNEXPECTED_PROXY_AUTH;
1453 int rv = auth_controllers_[target]->HandleAuthChallenge(
1454 headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
1456 if (auth_controllers_[target]->HaveAuthHandler())
1457 pending_auth_target_ = target;
1459 scoped_refptr<AuthChallengeInfo> auth_info =
1460 auth_controllers_[target]->auth_info();
1461 if (auth_info.get())
1462 response_.auth_challenge = auth_info;
1467 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
1468 return auth_controllers_[target].get() &&
1469 auth_controllers_[target]->HaveAuth();
1472 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
1474 case HttpAuth::AUTH_PROXY: {
1475 if (!proxy_info_.proxy_server().is_valid() ||
1476 proxy_info_.proxy_server().is_direct()) {
1477 return GURL(); // There is no proxy server.
1479 const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
1480 return GURL(scheme +
1481 proxy_info_.proxy_server().host_port_pair().ToString());
1483 case HttpAuth::AUTH_SERVER:
1484 return request_->url;
1490 #define STATE_CASE(s) \
1492 description = base::StringPrintf("%s (0x%08X)", #s, s); \
1495 std::string HttpNetworkTransaction::DescribeState(State state) {
1496 std::string description;
1498 STATE_CASE(STATE_CREATE_STREAM);
1499 STATE_CASE(STATE_CREATE_STREAM_COMPLETE);
1500 STATE_CASE(STATE_INIT_REQUEST_BODY);
1501 STATE_CASE(STATE_INIT_REQUEST_BODY_COMPLETE);
1502 STATE_CASE(STATE_BUILD_REQUEST);
1503 STATE_CASE(STATE_BUILD_REQUEST_COMPLETE);
1504 STATE_CASE(STATE_SEND_REQUEST);
1505 STATE_CASE(STATE_SEND_REQUEST_COMPLETE);
1506 STATE_CASE(STATE_READ_HEADERS);
1507 STATE_CASE(STATE_READ_HEADERS_COMPLETE);
1508 STATE_CASE(STATE_READ_BODY);
1509 STATE_CASE(STATE_READ_BODY_COMPLETE);
1510 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART);
1511 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE);
1512 STATE_CASE(STATE_NONE);
1514 description = base::StringPrintf("Unknown state 0x%08X (%u)", state,