Revert 93860 - secure proxy support in websocket

BUG=83950
TEST=net_unittest --gtest_filter=SocketStreamTest.* pass

Review URL: http://codereview.chromium.org/7468025

TBR=ukai@chromium.org
Review URL: http://codereview.chromium.org/7489039

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93862 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 44 insertions, 201 deletions

diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc
index 57af475..74eabec 100644
--- a/net/socket_stream/socket_stream.cc
+++ b/net/socket_stream/socket_stream.cc
@@ -304,49 +304,6 @@ void SocketStream::Finish(int result) {
   Release();
 }
 
-int SocketStream::DidEstablishSSL(int result) {
-  if (IsCertificateError(result)) {
-    if (socket_->IsConnectedAndIdle()) {
-      result = HandleCertificateError(result);
-    } else {
-      // SSLClientSocket for Mac will report socket is not connected,
-      // if it returns cert verification error.  It didn't perform
-      // SSLHandshake yet.
-      // So, we should restart establishing connection with the
-      // certificate in allowed bad certificates in |ssl_config_|.
-      // See also net/http/http_network_transaction.cc
-      //  HandleCertificateError() and RestartIgnoringLastError().
-      SSLClientSocket* ssl_socket =
-        reinterpret_cast<SSLClientSocket*>(socket_.get());
-      SSLInfo ssl_info;
-      ssl_socket->GetSSLInfo(&ssl_info);
-      if (ssl_info.cert == NULL ||
-          ssl_config_.IsAllowedBadCert(ssl_info.cert, NULL)) {
-        // If we already have the certificate in the set of allowed bad
-        // certificates, we did try it and failed again, so we should not
-        // retry again: the connection should fail at last.
-        next_state_ = STATE_CLOSE;
-        return result;
-      }
-      // Add the bad certificate to the set of allowed certificates in the
-      // SSL config object.
-      SSLConfig::CertAndStatus bad_cert;
-      if (!ssl_info.cert->GetDEREncoded(&bad_cert.der_cert)) {
-        next_state_ = STATE_CLOSE;
-        return result;
-      }
-      bad_cert.cert_status = ssl_info.cert_status;
-      ssl_config_.allowed_bad_certs.push_back(bad_cert);
-      // Restart connection ignoring the bad certificate.
-      socket_->Disconnect();
-      socket_.reset();
-      next_state_ = STATE_TCP_CONNECT;
-      return OK;
-    }
-  }
-  return result;
-}
-
 int SocketStream::DidEstablishConnection() {
   if (!socket_.get() || !socket_->IsConnected()) {
     next_state_ = STATE_CLOSE;
@@ -483,13 +440,6 @@ void SocketStream::DoLoop(int result) {
       case STATE_SOCKS_CONNECT_COMPLETE:
         result = DoSOCKSConnectComplete(result);
         break;
-      case STATE_SECURE_PROXY_CONNECT:
-        DCHECK_EQ(OK, result);
-        result = DoSecureProxyConnect();
-        break;
-      case STATE_SECURE_PROXY_CONNECT_COMPLETE:
-        result = DoSecureProxyConnectComplete(result);
-        break;
       case STATE_SSL_CONNECT:
         DCHECK_EQ(OK, result);
         result = DoSSLConnect();
@@ -666,14 +616,11 @@ int SocketStream::DoTcpConnectComplete(int result) {
     return result;
   }
 
-  if (proxy_mode_ == kTunnelProxy) {
-    if (proxy_info_.is_https())
-      next_state_ = STATE_SECURE_PROXY_CONNECT;
-    else
-      next_state_ = STATE_WRITE_TUNNEL_HEADERS;
-  } else if (proxy_mode_ == kSOCKSProxy) {
+  if (proxy_mode_ == kTunnelProxy)
+    next_state_ = STATE_WRITE_TUNNEL_HEADERS;
+  else if (proxy_mode_ == kSOCKSProxy)
     next_state_ = STATE_SOCKS_CONNECT;
-  } else if (is_secure()) {
+  else if (is_secure()) {
     next_state_ = STATE_SSL_CONNECT;
   } else {
     result = DidEstablishConnection();
@@ -903,35 +850,6 @@ int SocketStream::DoSOCKSConnectComplete(int result) {
   return result;
 }
 
-int SocketStream::DoSecureProxyConnect() {
-  DCHECK(factory_);
-  SSLClientSocketContext ssl_context;
-  ssl_context.cert_verifier = cert_verifier_;
-  ssl_context.origin_bound_cert_service = origin_bound_cert_service_;
-  // TODO(agl): look into plumbing SSLHostInfo here.
-  socket_.reset(factory_->CreateSSLClientSocket(
-      socket_.release(),
-      proxy_info_.proxy_server().host_port_pair(),
-      ssl_config_,
-      NULL /* ssl_host_info */,
-      ssl_context));
-  next_state_ = STATE_SECURE_PROXY_CONNECT_COMPLETE;
-  metrics_->OnCountConnectionType(SocketStreamMetrics::SECURE_PROXY_CONNECTION);
-  return socket_->Connect(&io_callback_);
-}
-
-int SocketStream::DoSecureProxyConnectComplete(int result) {
-  DCHECK_EQ(STATE_NONE, next_state_);
-  result = DidEstablishSSL(result);
-  if (next_state_ != STATE_NONE)
-    return result;
-  if (result == OK)
-    next_state_ = STATE_WRITE_TUNNEL_HEADERS;
-  else
-    next_state_ = STATE_CLOSE;
-  return result;
-}
-
 int SocketStream::DoSSLConnect() {
   DCHECK(factory_);
   SSLClientSocketContext ssl_context;
@@ -949,10 +867,46 @@ int SocketStream::DoSSLConnect() {
 }
 
 int SocketStream::DoSSLConnectComplete(int result) {
-  DCHECK_EQ(STATE_NONE, next_state_);
-  result = DidEstablishSSL(result);
-  if (next_state_ != STATE_NONE)
-    return result;
+  if (IsCertificateError(result)) {
+    if (socket_->IsConnectedAndIdle()) {
+      result = HandleCertificateError(result);
+    } else {
+      // SSLClientSocket for Mac will report socket is not connected,
+      // if it returns cert verification error.  It didn't perform
+      // SSLHandshake yet.
+      // So, we should restart establishing connection with the
+      // certificate in allowed bad certificates in |ssl_config_|.
+      // See also net/http/http_network_transaction.cc
+      //  HandleCertificateError() and RestartIgnoringLastError().
+      SSLClientSocket* ssl_socket =
+        reinterpret_cast<SSLClientSocket*>(socket_.get());
+      SSLInfo ssl_info;
+      ssl_socket->GetSSLInfo(&ssl_info);
+      if (ssl_info.cert == NULL ||
+          ssl_config_.IsAllowedBadCert(ssl_info.cert, NULL)) {
+        // If we already have the certificate in the set of allowed bad
+        // certificates, we did try it and failed again, so we should not
+        // retry again: the connection should fail at last.
+        next_state_ = STATE_CLOSE;
+        return result;
+      }
+      // Add the bad certificate to the set of allowed certificates in the
+      // SSL config object.
+      SSLConfig::CertAndStatus bad_cert;
+      if (!ssl_info.cert->GetDEREncoded(&bad_cert.der_cert)) {
+        next_state_ = STATE_CLOSE;
+        return result;
+      }
+      bad_cert.cert_status = ssl_info.cert_status;
+      ssl_config_.allowed_bad_certs.push_back(bad_cert);
+      // Restart connection ignoring the bad certificate.
+      socket_->Disconnect();
+      socket_.reset();
+      next_state_ = STATE_TCP_CONNECT;
+      return OK;
+    }
+  }
+
   // TODO(toyoshim): Upgrade to SPDY through TLS NPN extension if possible.
   // If we use HTTPS and this is the first connection to the SPDY server,
   // we should take care of TLS NPN extension here.
diff --git a/net/socket_stream/socket_stream.h b/net/socket_stream/socket_stream.h
index 5e5b339..19331f4 100644
--- a/net/socket_stream/socket_stream.h
+++ b/net/socket_stream/socket_stream.h
@@ -228,8 +228,6 @@ class NET_API SocketStream : public base::RefCountedThreadSafe<SocketStream> {
     STATE_READ_TUNNEL_HEADERS_COMPLETE,
     STATE_SOCKS_CONNECT,
     STATE_SOCKS_CONNECT_COMPLETE,
-    STATE_SECURE_PROXY_CONNECT,
-    STATE_SECURE_PROXY_CONNECT_COMPLETE,
     STATE_SSL_CONNECT,
     STATE_SSL_CONNECT_COMPLETE,
     STATE_READ_WRITE,
@@ -257,7 +255,6 @@ class NET_API SocketStream : public base::RefCountedThreadSafe<SocketStream> {
   // notifications will be sent to delegate.
   void Finish(int result);
 
-  int DidEstablishSSL(int result);
   int DidEstablishConnection();
   int DidReceiveData(int result);
   int DidSendData(int result);
@@ -282,8 +279,6 @@ class NET_API SocketStream : public base::RefCountedThreadSafe<SocketStream> {
   int DoReadTunnelHeadersComplete(int result);
   int DoSOCKSConnect();
   int DoSOCKSConnectComplete(int result);
-  int DoSecureProxyConnect();
-  int DoSecureProxyConnectComplete(int result);
   int DoSSLConnect();
   int DoSSLConnectComplete(int result);
   int DoReadWrite(int result);
diff --git a/net/socket_stream/socket_stream_metrics.h b/net/socket_stream/socket_stream_metrics.h
index e69ba25..83666fe 100644
--- a/net/socket_stream/socket_stream_metrics.h
+++ b/net/socket_stream/socket_stream_metrics.h
@@ -32,7 +32,6 @@ class NET_TEST SocketStreamMetrics {
     TUNNEL_CONNECTION,
     SOCKS_CONNECTION,
     SSL_CONNECTION,
-    SECURE_PROXY_CONNECTION,
     NUM_CONNECTION_TYPES,
   };
 
diff --git a/net/socket_stream/socket_stream_unittest.cc b/net/socket_stream/socket_stream_unittest.cc
index 80bff3c..090ecff 100644
--- a/net/socket_stream/socket_stream_unittest.cc
+++ b/net/socket_stream/socket_stream_unittest.cc
@@ -535,109 +535,4 @@ TEST_F(SocketStreamTest, SwitchAfterPending) {
   EXPECT_EQ(net::ERR_PROTOCOL_SWITCHED, events[1].error_code);
 }
 
-// Test a connection though a secure proxy.
-TEST_F(SocketStreamTest, SecureProxyConnectError) {
-  MockClientSocketFactory mock_socket_factory;
-  MockWrite data_writes[] = {
-    MockWrite("CONNECT example.com:80 HTTP/1.1\r\n"
-              "Host: example.com\r\n"
-              "Proxy-Connection: keep-alive\r\n\r\n")
-  };
-  MockRead data_reads[] = {
-    MockRead("HTTP/1.1 200 Connection Established\r\n"),
-    MockRead("Proxy-agent: Apache/2.2.8\r\n"),
-    MockRead("\r\n"),
-    // SocketStream::DoClose is run asynchronously.  Socket can be read after
-    // "\r\n".  We have to give ERR_IO_PENDING to SocketStream then to indicate
-    // server doesn't close the connection.
-    MockRead(true, ERR_IO_PENDING)
-  };
-  StaticSocketDataProvider data(data_reads, arraysize(data_reads),
-                                data_writes, arraysize(data_writes));
-  mock_socket_factory.AddSocketDataProvider(&data);
-  SSLSocketDataProvider ssl(false, ERR_SSL_PROTOCOL_ERROR);
-  mock_socket_factory.AddSSLSocketDataProvider(&ssl);
-
-  TestCompletionCallback callback;
-
-  scoped_ptr<SocketStreamEventRecorder> delegate(
-      new SocketStreamEventRecorder(&callback));
-  delegate->SetOnConnected(base::Bind(&SocketStreamEventRecorder::DoClose,
-                                      base::Unretained(delegate.get())));
-
-  scoped_refptr<SocketStream> socket_stream(
-      new SocketStream(GURL("ws://example.com/demo"), delegate.get()));
-
-  socket_stream->set_context(new TestURLRequestContext("https://myproxy:70"));
-  MockHostResolver host_resolver;
-  socket_stream->SetHostResolver(&host_resolver);
-  socket_stream->SetClientSocketFactory(&mock_socket_factory);
-
-  socket_stream->Connect();
-
-  callback.WaitForResult();
-
-  const std::vector<SocketStreamEvent>& events = delegate->GetSeenEvents();
-  ASSERT_EQ(3U, events.size());
-
-  EXPECT_EQ(SocketStreamEvent::EVENT_START_OPEN_CONNECTION,
-            events[0].event_type);
-  EXPECT_EQ(SocketStreamEvent::EVENT_ERROR, events[1].event_type);
-  EXPECT_EQ(net::ERR_SSL_PROTOCOL_ERROR, events[1].error_code);
-  EXPECT_EQ(SocketStreamEvent::EVENT_CLOSE, events[2].event_type);
-}
-
-// Test a connection though a secure proxy.
-TEST_F(SocketStreamTest, SecureProxyConnect) {
-  MockClientSocketFactory mock_socket_factory;
-  MockWrite data_writes[] = {
-    MockWrite("CONNECT example.com:80 HTTP/1.1\r\n"
-              "Host: example.com\r\n"
-              "Proxy-Connection: keep-alive\r\n\r\n")
-  };
-  MockRead data_reads[] = {
-    MockRead("HTTP/1.1 200 Connection Established\r\n"),
-    MockRead("Proxy-agent: Apache/2.2.8\r\n"),
-    MockRead("\r\n"),
-    // SocketStream::DoClose is run asynchronously.  Socket can be read after
-    // "\r\n".  We have to give ERR_IO_PENDING to SocketStream then to indicate
-    // server doesn't close the connection.
-    MockRead(true, ERR_IO_PENDING)
-  };
-  StaticSocketDataProvider data(data_reads, arraysize(data_reads),
-                                data_writes, arraysize(data_writes));
-  mock_socket_factory.AddSocketDataProvider(&data);
-  SSLSocketDataProvider ssl(false, OK);
-  mock_socket_factory.AddSSLSocketDataProvider(&ssl);
-
-  TestCompletionCallback callback;
-
-  scoped_ptr<SocketStreamEventRecorder> delegate(
-      new SocketStreamEventRecorder(&callback));
-  delegate->SetOnConnected(base::Bind(&SocketStreamEventRecorder::DoClose,
-                                      base::Unretained(delegate.get())));
-
-  scoped_refptr<SocketStream> socket_stream(
-      new SocketStream(GURL("ws://example.com/demo"), delegate.get()));
-
-  socket_stream->set_context(new TestURLRequestContext("https://myproxy:70"));
-  MockHostResolver host_resolver;
-  socket_stream->SetHostResolver(&host_resolver);
-  socket_stream->SetClientSocketFactory(&mock_socket_factory);
-
-  socket_stream->Connect();
-
-  callback.WaitForResult();
-
-  const std::vector<SocketStreamEvent>& events = delegate->GetSeenEvents();
-  ASSERT_EQ(4U, events.size());
-
-  EXPECT_EQ(SocketStreamEvent::EVENT_START_OPEN_CONNECTION,
-            events[0].event_type);
-  EXPECT_EQ(SocketStreamEvent::EVENT_CONNECTED, events[1].event_type);
-  EXPECT_EQ(SocketStreamEvent::EVENT_ERROR, events[2].event_type);
-  EXPECT_EQ(net::ERR_ABORTED, events[2].error_code);
-  EXPECT_EQ(SocketStreamEvent::EVENT_CLOSE, events[3].event_type);
-}
-
 }  // namespace net