Allow chrome to handle 407 auth challenges to CONNECT requests

through HTTPS Proxies. This also changes the mechanism used to restart HttpProxyClientSocket requests with auth. Previously the transport socket would be Disconnected, and then re-Connected (which was not implemented for SSLClientSockets). However, the approach was problematic in the face of, for example, ipv6. The new approach is to close the HttpProxyClientSocket, and request a new socket from the pool. Initially was http://codereview.chromium.org/8502024 which turned out to have problems with NTLM auth. Review URL: http://codereview.chromium.org/9148011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@118950 0039d316-1c4b-4281-b951-d872f2087c98
author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-01-25 00:11:23 +0000
committer: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-01-25 00:11:23 +0000
commit: 848080bffa1d80a18b9e0c11698e2e087a4ac32d (patch)
tree: 7a19e52578bfe8f815b1dd21a2950c66e5deccbd /net/http/http_proxy_client_socket_pool.h
parent: c1add6e37884157dc76375962f0f17d2e8916898 (diff)
download: chromium_src-848080bffa1d80a18b9e0c11698e2e087a4ac32d.zip
chromium_src-848080bffa1d80a18b9e0c11698e2e087a4ac32d.tar.gz
chromium_src-848080bffa1d80a18b9e0c11698e2e087a4ac32d.tar.bz2
1 files changed, 28 insertions, 1 deletions
diff --git a/net/http/http_proxy_client_socket_pool.h b/net/http/http_proxy_client_socket_pool.h
index 8991224..9e90187 100644
--- a/net/http/http_proxy_client_socket_pool.h
+++ b/net/http/http_proxy_client_socket_pool.h
@@ -26,6 +26,7 @@ namespace net {
 
 class HostResolver;
 class HttpAuthCache;
+class HttpAuthController;
 class HttpAuthHandlerFactory;
 class SSLClientSocketPool;
 class SSLSocketParams;
@@ -34,6 +35,17 @@ class SpdyStream;
 class TransportClientSocketPool;
 class TransportSocketParams;
 
+// Called when a 407 Proxy Authentication Required response is received
+// from an HTTP or HTTPS proxy when attempting to establish a CONNECT tunnel
+// to an HTTPS server.  Information about the challenge can be found in
+// the HttpResponse info.  Credentials should be added to the
+// HttpAuthController, and the CompletionCallback should be invoked
+// with the status.
+typedef base::Callback<void (const HttpResponseInfo&,
+                             HttpAuthController*,
+                             CompletionCallback)>
+    TunnelAuthCallback;
+
 // HttpProxySocketParams only needs the socket params for one of the proxy
 // types.  The other param must be NULL.  When using an HTTP Proxy,
 // |transport_params| must be set.  When using an HTTPS Proxy, |ssl_params|
@@ -50,7 +62,8 @@ class NET_EXPORT_PRIVATE HttpProxySocketParams
       HttpAuthCache* http_auth_cache,
       HttpAuthHandlerFactory* http_auth_handler_factory,
       SpdySessionPool* spdy_session_pool,
-      bool tunnel);
+      bool tunnel,
+      TunnelAuthCallback auth_needed_callback);
 
   const scoped_refptr<TransportSocketParams>& transport_params() const {
     return transport_params_;
@@ -71,6 +84,7 @@ class NET_EXPORT_PRIVATE HttpProxySocketParams
   const HostResolver::RequestInfo& destination() const;
   bool tunnel() const { return tunnel_; }
   bool ignore_limits() const { return ignore_limits_; }
+  TunnelAuthCallback auth_needed_callback() { return auth_needed_callback_; }
 
  private:
   friend class base::RefCounted<HttpProxySocketParams>;
@@ -86,6 +100,7 @@ class NET_EXPORT_PRIVATE HttpProxySocketParams
   HttpAuthHandlerFactory* const http_auth_handler_factory_;
   const bool tunnel_;
   bool ignore_limits_;
+  TunnelAuthCallback auth_needed_callback_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpProxySocketParams);
 };
@@ -120,6 +135,8 @@ class HttpProxyConnectJob : public ConnectJob {
     STATE_SPDY_PROXY_CREATE_STREAM,
     STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE,
     STATE_SPDY_PROXY_CONNECT_COMPLETE,
+    STATE_RESTART_WITH_AUTH,
+    STATE_RESTART_WITH_AUTH_COMPLETE,
     STATE_NONE,
   };
 
@@ -141,6 +158,11 @@ class HttpProxyConnectJob : public ConnectJob {
   int DoSpdyProxyCreateStream();
   int DoSpdyProxyCreateStreamComplete(int result);
 
+  int DoRestartWithAuth();
+  int DoRestartWithAuthComplete(int result);
+
+  void HandleProxyAuthChallenge();
+
   // Begins the tcp connection and the optional Http proxy tunnel.  If the
   // request is not immediately servicable (likely), the request will return
   // ERR_IO_PENDING. An OK return from this function or the callback means
@@ -167,6 +189,11 @@ class HttpProxyConnectJob : public ConnectJob {
 
   scoped_refptr<SpdyStream> spdy_stream_;
 
+  // AuthController to be used for *all* requests when setting up this tunnel.
+  scoped_refptr<HttpAuthController> auth_;
+
+  base::WeakPtrFactory<HttpProxyConnectJob> ptr_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(HttpProxyConnectJob);
 };
author	rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-01-25 00:11:23 +0000
committer	rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-01-25 00:11:23 +0000
commit	848080bffa1d80a18b9e0c11698e2e087a4ac32d (patch)
tree	7a19e52578bfe8f815b1dd21a2950c66e5deccbd /net/http/http_proxy_client_socket_pool.h
parent	c1add6e37884157dc76375962f0f17d2e8916898 (diff)
download	chromium_src-848080bffa1d80a18b9e0c11698e2e087a4ac32d.zip chromium_src-848080bffa1d80a18b9e0c11698e2e087a4ac32d.tar.gz chromium_src-848080bffa1d80a18b9e0c11698e2e087a4ac32d.tar.bz2