Revert 110529 - Allow chrome to handle 407 auth challenges to CONNECT requests

through HTTPS Proxies. This also changes the mechanism used to restart HttpProxyClientSocket requests with auth. Previously the transport socket would be Disconnected, and then re-Connected (which was not implemented for SSLClientSockets). However, the approach was problematic in the face of, for example, ipv6. The new approach is to close the HttpProxyClientSocket, and request a new socket from the pool. Review URL: http://codereview.chromium.org/8502024 TBR=rch@chromium.org Review URL: http://codereview.chromium.org/8587045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110550 0039d316-1c4b-4281-b951-d872f2087c98
author: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-17 20:46:46 +0000
committer: rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-17 20:46:46 +0000
commit: 57cb8724500e883bce61d1fe9abbef3b423c9af7 (patch)
tree: 74ced0a43d3a2c0968f59bf8a62d32345bc141e0 /net/spdy
parent: 37515431b2ca45a642f3229430828ebec1a5f301 (diff)
download: chromium_src-57cb8724500e883bce61d1fe9abbef3b423c9af7.zip
chromium_src-57cb8724500e883bce61d1fe9abbef3b423c9af7.tar.gz
chromium_src-57cb8724500e883bce61d1fe9abbef3b423c9af7.tar.bz2
3 files changed, 10 insertions, 97 deletions
diff --git a/net/spdy/spdy_proxy_client_socket.cc b/net/spdy/spdy_proxy_client_socket.cc
index 6ef88e7..1b2674d 100644
--- a/net/spdy/spdy_proxy_client_socket.cc
+++ b/net/spdy/spdy_proxy_client_socket.cc
@@ -63,19 +63,6 @@ const HttpResponseInfo* SpdyProxyClientSocket::GetConnectResponseInfo() const {
   return response_.headers ? &response_ : NULL;
 }
 
-int SpdyProxyClientSocket::RestartWithAuth(OldCompletionCallback* callback) {
-  // A SPDY Stream can only handle a single request, so the underlying
-  // stream may not be reused and a new SpdyProxyClientSocket must be
-  // created (possibly on top of the same SPDY Session).
-  next_state_ = STATE_DISCONNECTED;
-  return OK;
-}
-
-const
-scoped_refptr<HttpAuthController>& SpdyProxyClientSocket::auth_controller() {
-  return auth_;
-}
-
 HttpStream* SpdyProxyClientSocket::CreateConnectResponseStream() {
   DCHECK(response_stream_.get());
   return response_stream_.release();
@@ -397,16 +384,6 @@ int SpdyProxyClientSocket::DoReadReplyComplete(int result) {
   if (response_.headers->response_code() == 200) {
     return OK;
   } else if (response_.headers->response_code() == 407) {
-    int rv = HandleAuthChallenge(auth_, &response_, net_log_);
-    if (rv != ERR_PROXY_AUTH_REQUESTED) {
-      return rv;
-    }
-    // SPDY only supports basic and digest auth
-    if (auth_->auth_info() &&
-        (auth_->auth_info()->scheme == "basic" ||
-         auth_->auth_info()->scheme == "digest")) {
-      return ERR_PROXY_AUTH_REQUESTED;
-    }
     return ERR_TUNNEL_CONNECTION_FAILED;
   } else {
     // Immediately hand off our SpdyStream to a newly created SpdyHttpStream
diff --git a/net/spdy/spdy_proxy_client_socket.h b/net/spdy/spdy_proxy_client_socket.h
index 9875a05..8a9237b 100644
--- a/net/spdy/spdy_proxy_client_socket.h
+++ b/net/spdy/spdy_proxy_client_socket.h
@@ -53,11 +53,17 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket,
   // On destruction Disconnect() is called.
   virtual ~SpdyProxyClientSocket();
 
+  const scoped_refptr<HttpAuthController>& auth_controller() {
+    return auth_;
+  }
+
   // ProxyClientSocket methods:
   virtual const HttpResponseInfo* GetConnectResponseInfo() const OVERRIDE;
+
+  // In the event of a non-200 response to the CONNECT request, this
+  // method may be called to return an HttpStream in order to read
+  // the response body.
   virtual HttpStream* CreateConnectResponseStream() OVERRIDE;
-  virtual int RestartWithAuth(OldCompletionCallback* callback) OVERRIDE;
-  virtual const scoped_refptr<HttpAuthController>& auth_controller() OVERRIDE;
 
   // StreamSocket methods:
   virtual int Connect(OldCompletionCallback* callback) OVERRIDE;
diff --git a/net/spdy/spdy_proxy_client_socket_unittest.cc b/net/spdy/spdy_proxy_client_socket_unittest.cc
index 89aba7e..323b6db 100644
--- a/net/spdy/spdy_proxy_client_socket_unittest.cc
+++ b/net/spdy/spdy_proxy_client_socket_unittest.cc
@@ -66,7 +66,6 @@ class SpdyProxyClientSocketTest : public PlatformTest {
   spdy::SpdyFrame* ConstructConnectAuthRequestFrame();
   spdy::SpdyFrame* ConstructConnectReplyFrame();
   spdy::SpdyFrame* ConstructConnectAuthReplyFrame();
-  spdy::SpdyFrame* ConstructNtlmAuthReplyFrame();
   spdy::SpdyFrame* ConstructConnectErrorReplyFrame();
   spdy::SpdyFrame* ConstructBodyFrame(const char* data, int length);
   scoped_refptr<IOBufferWithSize> CreateBuffer(const char* data, int size);
@@ -388,26 +387,6 @@ spdy::SpdyFrame* SpdyProxyClientSocketTest::ConstructConnectAuthReplyFrame() {
                                    arraysize(kStandardReplyHeaders));
 }
 
-// Constructs a SPDY SYN_REPLY frame to match the SPDY CONNECT which
-// requires Proxy Authentication using NTLM.
-spdy::SpdyFrame* SpdyProxyClientSocketTest::ConstructNtlmAuthReplyFrame() {
-  const char* const kStandardReplyHeaders[] = {
-      "status", "407 Proxy Authentication Required",
-      "version", "HTTP/1.1",
-      "proxy-authenticate", "NTLM",
-  };
-
-  return ConstructSpdyControlFrame(NULL,
-                                   0,
-                                   false,
-                                   kStreamId,
-                                   LOWEST,
-                                   spdy::SYN_REPLY,
-                                   spdy::CONTROL_FLAG_NONE,
-                                   kStandardReplyHeaders,
-                                   arraysize(kStandardReplyHeaders));
-}
-
 // Constructs a SPDY SYN_REPLY frame with an HTTP 500 error.
 spdy::SpdyFrame* SpdyProxyClientSocketTest::ConstructConnectErrorReplyFrame() {
   const char* const kStandardReplyHeaders[] = {
@@ -454,23 +433,6 @@ TEST_F(SpdyProxyClientSocketTest, ConnectSendsCorrectRequest) {
   AssertConnectionEstablished();
 }
 
-TEST_F(SpdyProxyClientSocketTest, ConnectWithUnsupportedAuth) {
-  scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
-  MockWrite writes[] = {
-    CreateMockWrite(*conn, 0, false),
-  };
-
-  scoped_ptr<spdy::SpdyFrame> resp(ConstructNtlmAuthReplyFrame());
-  MockRead reads[] = {
-    CreateMockRead(*resp, 1, true),
-    MockRead(true, 0, 3),  // EOF
-  };
-
-  Initialize(reads, arraysize(reads), writes, arraysize(writes));
-
-  AssertConnectFails(ERR_TUNNEL_CONNECTION_FAILED);
-}
-
 TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthRequested) {
   scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
@@ -485,7 +447,7 @@ TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthRequested) {
 
   Initialize(reads, arraysize(reads), writes, arraysize(writes));
 
-  AssertConnectFails(ERR_PROXY_AUTH_REQUESTED);
+  AssertConnectFails(ERR_TUNNEL_CONNECTION_FAILED);
 
   const HttpResponseInfo* response = sock_->GetConnectResponseInfo();
   ASSERT_TRUE(response != NULL);
@@ -514,38 +476,6 @@ TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthCredentials) {
   AssertConnectionEstablished();
 }
 
-TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthRestart) {
-  scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
-  scoped_ptr<spdy::SpdyFrame> auth(ConstructConnectAuthRequestFrame());
-  MockWrite writes[] = {
-    CreateMockWrite(*conn, 0, false),
-  };
-
-  scoped_ptr<spdy::SpdyFrame> resp(ConstructConnectAuthReplyFrame());
-  scoped_ptr<spdy::SpdyFrame> auth_resp(ConstructConnectReplyFrame());
-  MockRead reads[] = {
-    CreateMockRead(*resp, 1, true),
-    MockRead(true, 0, 3),  // EOF
-  };
-
-  Initialize(reads, arraysize(reads), writes, arraysize(writes));
-
-  AssertConnectFails(ERR_PROXY_AUTH_REQUESTED);
-
-  const HttpResponseInfo* response = sock_->GetConnectResponseInfo();
-  ASSERT_TRUE(response != NULL);
-  ASSERT_EQ(407, response->headers->response_code());
-  ASSERT_EQ("Proxy Authentication Required",
-            response->headers->GetStatusText());
-
-  AddAuthToCache();
-
-  ASSERT_EQ(OK, sock_->RestartWithAuth(&read_callback_));
-  // A SpdyProxyClientSocket sits on a single SPDY stream which can
-  // only be used for a single request/response.
-  ASSERT_FALSE(sock_->IsConnectedAndIdle());
-}
-
 TEST_F(SpdyProxyClientSocketTest, ConnectFails) {
   scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
   MockWrite writes[] = {
@@ -891,7 +821,7 @@ TEST_F(SpdyProxyClientSocketTest, ReadAuthResponseBody) {
 
   Initialize(reads, arraysize(reads), writes, arraysize(writes));
 
-  AssertConnectFails(ERR_PROXY_AUTH_REQUESTED);
+  AssertConnectFails(ERR_TUNNEL_CONNECTION_FAILED);
 
   Run(2);  // SpdySession consumes the next two reads and sends then to
            // sock_ to be buffered.
author	rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-17 20:46:46 +0000
committer	rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-17 20:46:46 +0000
commit	57cb8724500e883bce61d1fe9abbef3b423c9af7 (patch)
tree	74ced0a43d3a2c0968f59bf8a62d32345bc141e0 /net/spdy
parent	37515431b2ca45a642f3229430828ebec1a5f301 (diff)
download	chromium_src-57cb8724500e883bce61d1fe9abbef3b423c9af7.zip chromium_src-57cb8724500e883bce61d1fe9abbef3b423c9af7.tar.gz chromium_src-57cb8724500e883bce61d1fe9abbef3b423c9af7.tar.bz2