SPDY: augment Strict Transport Security with the beginnings of SPDY upgrade.

This adds an opportunistic flag to the information that we store in
the Strict Transport Security State. Given this, STSS might be
misnamed now, but renaming it in this patch would add huge amounts of
noise.

We process the 'X-Bodge-Transport-Security' header which has the same
format as the STS header. When we see this on an HTTP connection,
we'll probe for a clean HTTPS path to the host and then remember it.
This header should be considered mutually exclusive with STS, although
this isn't enforced in the code.

The remembered flag is currently ignored by the rest of the code. This
will be addressed in a future patch.

The header should be called 'Opportunistic-Transport-Security' in the
future, but we have some issues to work out before we take that name.

http://codereview.chromium.org/456011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34380 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 73 insertions, 0 deletions

diff --git a/net/base/https_prober.h b/net/base/https_prober.h
new file mode 100644
index 0000000..327fc16
--- /dev/null
+++ b/net/base/https_prober.h
@@ -0,0 +1,73 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_HTTPS_PROBER_H_
+#define NET_BASE_HTTPS_PROBER_H_
+
+#include <map>
+#include <set>
+#include <string>
+
+#include "base/singleton.h"
+#include "base/task.h"
+#include "net/url_request/url_request.h"
+
+class URLRequestContext;
+
+namespace net {
+
+// This should be scoped inside HTTPSProber, but VC cannot compile
+// HTTPProber::Delegate when HTTPSProber also inherits from
+// URLRequest::Delegate.
+class HTTPSProberDelegate {
+ public:
+  virtual void ProbeComplete(bool result) = 0;
+};
+
+// HTTPSProber is a singleton object that manages HTTPS probes. A HTTPS probe
+// determines if we can connect to a given host over HTTPS. It's used when
+// transparently upgrading from HTTP to HTTPS (for example, for SPDY).
+class HTTPSProber : public URLRequest::Delegate {
+ public:
+  HTTPSProber() { }
+
+  // HaveProbed returns true if the given host is known to have been probed
+  // since the browser was last started.
+  bool HaveProbed(const std::string& host) const;
+
+  // InFlight returns true iff a probe for the given host is currently active.
+  bool InFlight(const std::string& host) const;
+
+  // ProbeHost starts a new probe for the given host. If the host is known to
+  // have been probed since the browser was started, false is returned and no
+  // other action is taken. If a probe to the given host in currently inflight,
+  // false will be returned, and no other action is taken. Otherwise, a new
+  // probe is started, true is returned and the Delegate will be called with the
+  // results (true means a successful handshake).
+  bool ProbeHost(const std::string& host, URLRequestContext* ctx,
+                 HTTPSProberDelegate* delegate);
+
+  // Implementation of URLRequest::Delegate
+  void OnAuthRequired(URLRequest* request,
+                      net::AuthChallengeInfo* auth_info);
+  void OnSSLCertificateError(URLRequest* request,
+                             int cert_error,
+                             net::X509Certificate* cert);
+  void OnResponseStarted(URLRequest* request);
+  void OnReadCompleted(URLRequest* request, int bytes_read);
+
+ private:
+  void Success(URLRequest* request);
+  void Failure(URLRequest* request);
+  void DoCallback(URLRequest* request, bool result);
+
+  std::map<std::string, HTTPSProberDelegate*> inflight_probes_;
+  std::set<std::string> probed_;
+
+  friend struct DefaultSingletonTraits<HTTPSProber>;
+  DISALLOW_EVIL_CONSTRUCTORS(HTTPSProber);
+};
+
+}  // namespace net
+#endif