diff options
| author | dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-25 16:29:08 +0000 |
|---|---|---|
| committer | dhollowa@chromium.org <dhollowa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-25 16:29:08 +0000 |
| commit | 9b40b28c0598ca9fa968e69b5da4be8c2d16f115 (patch) | |
| tree | a61576c20105b80a40976ba4563d266b4eef7de7 /net | |
| parent | c0b656408d922a6a4a795e8912342f3ead0465ae (diff) | |
| download | chromium_src-9b40b28c0598ca9fa968e69b5da4be8c2d16f115.zip chromium_src-9b40b28c0598ca9fa968e69b5da4be8c2d16f115.tar.gz chromium_src-9b40b28c0598ca9fa968e69b5da4be8c2d16f115.tar.bz2 | |
Revert 57333 - Add support for speaking SSL to an HTTP Proxy, to
HttpProxyClientSocketPool (and friends)
Reverting due to heapcheck issues:
http://build.chromium.org/buildbot/memory/builders/Linux%20Heapcheck/builds/7039/steps/heapcheck%20test:%20net/logs/stdio
Suppression:
{
<insert_a_suppression_name_here>
Heapcheck:Leak
fun:RefCountedBase
fun:RefCounted
fun:TCPSocketParams
fun:net::HttpStreamRequest::DoInitConnection
fun:net::HttpStreamRequest::DoLoop
fun:net::HttpStreamRequest::RunLoop
fun:net::HttpStreamRequest::Start
fun:net::HttpStreamFactory::RequestStream
fun:net::HttpNetworkTransaction::DoInitStream
fun:net::HttpNetworkTransaction::DoLoop
fun:net::HttpNetworkTransaction::RestartIgnoringLastError
fun:net::HttpNetworkTransactionTest_HTTPSBadCertificateViaHttpsProxy_Test::TestBody
fun:testing::Test::Run
fun:testing::internal::TestInfoImpl::Run
fun:testing::TestCase::Run
fun:testing::internal::UnitTestImpl::RunAllTests
fun:testing::UnitTest::Run
fun:base::TestSuite::Run
fun:main
fun:__libc_start_main
}
More information about an HTTPS Proxy can be found here:
http://dev.chromium.org/spdy/spdy-proxy
This implementation supports both http:// and https:// requests,
as well as support for both Proxy and Server auth.
BUG=29625
TEST=none
Review URL: http://codereview.chromium.org/3110006
TBR=rch@chromium.org
Review URL: http://codereview.chromium.org/3134034
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57335 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/http/http_network_session.cc | 14 | ||||
| -rw-r--r-- | net/http/http_network_session.h | 4 | ||||
| -rw-r--r-- | net/http/http_network_transaction.cc | 14 | ||||
| -rw-r--r-- | net/http/http_network_transaction_unittest.cc | 290 | ||||
| -rw-r--r-- | net/http/http_proxy_client_socket_pool.cc | 121 | ||||
| -rw-r--r-- | net/http/http_proxy_client_socket_pool.h | 40 | ||||
| -rw-r--r-- | net/http/http_proxy_client_socket_pool_unittest.cc | 96 | ||||
| -rw-r--r-- | net/http/http_stream_request.cc | 88 | ||||
| -rw-r--r-- | net/http/http_stream_request.h | 13 | ||||
| -rw-r--r-- | net/socket/socket_test_util.cc | 98 | ||||
| -rw-r--r-- | net/socket/socket_test_util.h | 57 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_pool.cc | 4 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_pool_unittest.cc | 3 |
13 files changed, 104 insertions, 738 deletions
diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index 93340ef..d85a4ef 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -46,10 +46,6 @@ HttpNetworkSession::HttpNetworkSession( tcp_for_http_proxy_pool_histograms_( new ClientSocketPoolHistograms("TCPforHTTPProxy")), http_proxy_pool_histograms_(new ClientSocketPoolHistograms("HTTPProxy")), - tcp_for_https_proxy_pool_histograms_( - new ClientSocketPoolHistograms("TCPforHTTPSProxy")), - ssl_for_https_proxy_pool_histograms_( - new ClientSocketPoolHistograms("SSLforHTTPSProxy")), tcp_for_socks_pool_histograms_( new ClientSocketPoolHistograms("TCPforSOCKS")), socks_pool_histograms_(new ClientSocketPoolHistograms("SOCK")), @@ -95,16 +91,6 @@ HttpNetworkSession::GetSocketPoolForHTTPProxy(const HostPortPair& http_proxy) { g_max_sockets_per_proxy_server, g_max_sockets_per_group, tcp_for_http_proxy_pool_histograms_, host_resolver_, socket_factory_, net_log_), - new SSLClientSocketPool( - g_max_sockets_per_proxy_server, g_max_sockets_per_group, - ssl_for_https_proxy_pool_histograms_, host_resolver_, - socket_factory_, - new TCPClientSocketPool( - g_max_sockets_per_proxy_server, - g_max_sockets_per_group, - tcp_for_https_proxy_pool_histograms_, host_resolver_, - socket_factory_, net_log_), - NULL, NULL, net_log_), net_log_))); return ret.first->second; diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index 9efcb9f..ae1738e 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -156,10 +156,6 @@ class HttpNetworkSession : public base::RefCounted<HttpNetworkSession>, scoped_refptr<ClientSocketPoolHistograms> tcp_pool_histograms_; scoped_refptr<ClientSocketPoolHistograms> tcp_for_http_proxy_pool_histograms_; scoped_refptr<ClientSocketPoolHistograms> http_proxy_pool_histograms_; - scoped_refptr<ClientSocketPoolHistograms> - tcp_for_https_proxy_pool_histograms_; - scoped_refptr<ClientSocketPoolHistograms> - ssl_for_https_proxy_pool_histograms_; scoped_refptr<ClientSocketPoolHistograms> tcp_for_socks_pool_histograms_; scoped_refptr<ClientSocketPoolHistograms> socks_pool_histograms_; scoped_refptr<ClientSocketPoolHistograms> ssl_pool_histograms_; diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index bf3c4b9..1ff166c 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -322,7 +322,7 @@ int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, // because an active network attacker can already control HTTP sessions. // We reach this case when the user cancels a 407 proxy auth prompt. // See http://crbug.com/8473. - DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); + DCHECK(proxy_info_.is_http()); DCHECK_EQ(headers->response_code(), 407); LOG(WARNING) << "Blocked proxy response with status " << headers->response_code() << " to CONNECT request for " @@ -658,8 +658,7 @@ int HttpNetworkTransaction::DoSendRequest() { HttpRequestHeaders request_headers; BuildRequestHeaders(request_, authorization_headers, request_body, - !is_https_request() && (proxy_info_.is_http() || - proxy_info_.is_https()), + !is_https_request() && proxy_info_.is_http(), &request_line, &request_headers); if (session_->network_delegate()) @@ -1094,8 +1093,7 @@ void HttpNetworkTransaction::ResetConnectionAndRequestForResend() { } bool HttpNetworkTransaction::ShouldApplyProxyAuth() const { - return !is_https_request() && - (proxy_info_.is_https() || proxy_info_.is_http()); + return !is_https_request() && proxy_info_.is_http(); } bool HttpNetworkTransaction::ShouldApplyServerAuth() const { @@ -1136,15 +1134,13 @@ bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const { GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const { switch (target) { - case HttpAuth::AUTH_PROXY: { + case HttpAuth::AUTH_PROXY: if (!proxy_info_.proxy_server().is_valid() || proxy_info_.proxy_server().is_direct()) { return GURL(); // There is no proxy server. } - const char* scheme = proxy_info_.is_https() ? "https://" : "http://"; - return GURL(scheme + + return GURL("http://" + proxy_info_.proxy_server().host_port_pair().ToString()); - } case HttpAuth::AUTH_SERVER: return request_->url; default: diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc index 81c26fa..5e07b88 100644 --- a/net/http/http_network_transaction_unittest.cc +++ b/net/http/http_network_transaction_unittest.cc @@ -327,12 +327,6 @@ CaptureGroupNameSocketPool<ParentPool>::CaptureGroupNameSocketPool( : ParentPool(0, 0, NULL, session->host_resolver(), NULL, NULL) {} template<> -CaptureGroupNameHttpProxySocketPool::CaptureGroupNameSocketPool( - HttpNetworkSession* session) - : HttpProxyClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, - NULL, NULL) {} - -template<> CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool( HttpNetworkSession* session) : SSLClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, NULL, @@ -1667,153 +1661,6 @@ TEST_F(HttpNetworkTransactionTest, UnexpectedProxyAuth) { EXPECT_EQ(ERR_UNEXPECTED_PROXY_AUTH, rv); } - -// Test a simple get through an HTTPS Proxy. -TEST_F(HttpNetworkTransactionTest, HttpsProxyGet) { - // Configure against https proxy server "proxy:70". - SessionDependencies session_deps(CreateFixedProxyService("https://proxy:70")); - CapturingBoundNetLog log(CapturingNetLog::kUnbounded); - session_deps.net_log = log.bound().net_log(); - scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps)); - - scoped_ptr<HttpTransaction> trans(new HttpNetworkTransaction(session)); - - HttpRequestInfo request; - request.method = "GET"; - request.url = GURL("http://www.google.com/"); - - // Since we have proxy, should use full url - MockWrite data_writes1[] = { - MockWrite("GET http://www.google.com/ HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Proxy-Connection: keep-alive\r\n\r\n"), - }; - - MockRead data_reads1[] = { - MockRead("HTTP/1.1 200 OK\r\n"), - MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"), - MockRead("Content-Length: 100\r\n\r\n"), - MockRead(false, OK), - }; - - StaticSocketDataProvider data1(data_reads1, arraysize(data_reads1), - data_writes1, arraysize(data_writes1)); - session_deps.socket_factory.AddSocketDataProvider(&data1); - SSLSocketDataProvider ssl(true, OK); - session_deps.socket_factory.AddSSLSocketDataProvider(&ssl); - - TestCompletionCallback callback1; - - int rv = trans->Start(&request, &callback1, log.bound()); - EXPECT_EQ(ERR_IO_PENDING, rv); - - rv = callback1.WaitForResult(); - EXPECT_EQ(OK, rv); - - const HttpResponseInfo* response = trans->GetResponseInfo(); - ASSERT_FALSE(response == NULL); - - EXPECT_TRUE(response->headers->IsKeepAlive()); - EXPECT_EQ(200, response->headers->response_code()); - EXPECT_EQ(100, response->headers->GetContentLength()); - EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion()); - - // The password prompt info should not be set. - EXPECT_TRUE(response->auth_challenge.get() == NULL); -} - -// Test the challenge-response-retry sequence through an HTTPS Proxy -TEST_F(HttpNetworkTransactionTest, HttpsProxyAuthRetry) { - // Configure against https proxy server "proxy:70". - SessionDependencies session_deps(CreateFixedProxyService("https://proxy:70")); - CapturingBoundNetLog log(CapturingNetLog::kUnbounded); - session_deps.net_log = log.bound().net_log(); - scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps)); - - scoped_ptr<HttpTransaction> trans(new HttpNetworkTransaction(session)); - - HttpRequestInfo request; - request.method = "GET"; - request.url = GURL("http://www.google.com/"); - // when the no authentication data flag is set. - request.load_flags = net::LOAD_DO_NOT_SEND_AUTH_DATA; - - // Since we have proxy, should use full url - MockWrite data_writes1[] = { - MockWrite("GET http://www.google.com/ HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Proxy-Connection: keep-alive\r\n\r\n"), - - // After calling trans->RestartWithAuth(), this is the request we should - // be issuing -- the final header line contains the credentials. - MockWrite("GET http://www.google.com/ HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Proxy-Connection: keep-alive\r\n" - "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"), - }; - - // The proxy responds to the GET with a 407, using a persistent - // connection. - MockRead data_reads1[] = { - // No credentials. - MockRead("HTTP/1.1 407 Proxy Authentication Required\r\n"), - MockRead("Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"), - MockRead("Proxy-Connection: keep-alive\r\n"), - MockRead("Content-Length: 0\r\n\r\n"), - - MockRead("HTTP/1.1 200 OK\r\n"), - MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"), - MockRead("Content-Length: 100\r\n\r\n"), - MockRead(false, OK), - }; - - StaticSocketDataProvider data1(data_reads1, arraysize(data_reads1), - data_writes1, arraysize(data_writes1)); - session_deps.socket_factory.AddSocketDataProvider(&data1); - SSLSocketDataProvider ssl(true, OK); - session_deps.socket_factory.AddSSLSocketDataProvider(&ssl); - - TestCompletionCallback callback1; - - int rv = trans->Start(&request, &callback1, log.bound()); - EXPECT_EQ(ERR_IO_PENDING, rv); - - rv = callback1.WaitForResult(); - EXPECT_EQ(OK, rv); - - const HttpResponseInfo* response = trans->GetResponseInfo(); - ASSERT_FALSE(response == NULL); - - EXPECT_EQ(407, response->headers->response_code()); - EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion()); - - // The password prompt info should have been set in response->auth_challenge. - ASSERT_FALSE(response->auth_challenge.get() == NULL); - - EXPECT_EQ(L"proxy:70", response->auth_challenge->host_and_port); - EXPECT_EQ(L"MyRealm1", response->auth_challenge->realm); - EXPECT_EQ(L"basic", response->auth_challenge->scheme); - - TestCompletionCallback callback2; - - rv = trans->RestartWithAuth(kFoo, kBar, &callback2); - EXPECT_EQ(ERR_IO_PENDING, rv); - - rv = callback2.WaitForResult(); - EXPECT_EQ(OK, rv); - - response = trans->GetResponseInfo(); - ASSERT_FALSE(response == NULL); - - EXPECT_TRUE(response->headers->IsKeepAlive()); - EXPECT_EQ(200, response->headers->response_code()); - EXPECT_EQ(100, response->headers->GetContentLength()); - EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion()); - - // The password prompt info should not be set. - EXPECT_TRUE(response->auth_challenge.get() == NULL); -} - void HttpNetworkTransactionTest::ConnectStatusHelperWithExpectedStatus( const MockRead& status, int expected_status) { // Configure against proxy server "myproxy:70". @@ -3844,143 +3691,6 @@ TEST_F(HttpNetworkTransactionTest, HTTPSBadCertificateViaProxy) { } } - -// Test HTTPS connections to a site, going through an HTTPS proxy -TEST_F(HttpNetworkTransactionTest, HTTPSViaHttpsProxy) { - SessionDependencies session_deps(CreateFixedProxyService("https://proxy:70")); - - HttpRequestInfo request; - request.method = "GET"; - request.url = GURL("https://www.google.com/"); - request.load_flags = 0; - - MockWrite data_writes[] = { - MockWrite("CONNECT www.google.com:443 HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Proxy-Connection: keep-alive\r\n\r\n"), - MockWrite("GET / HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Connection: keep-alive\r\n\r\n"), - }; - - MockRead data_reads[] = { - MockRead("HTTP/1.0 200 Connected\r\n\r\n"), - MockRead("HTTP/1.1 200 OK\r\n"), - MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"), - MockRead("Content-Length: 100\r\n\r\n"), - MockRead(false, OK), - }; - - StaticSocketDataProvider data(data_reads, arraysize(data_reads), - data_writes, arraysize(data_writes)); - SSLSocketDataProvider proxy_ssl(true, OK); // SSL to the proxy - SSLSocketDataProvider tunnel_ssl(true, OK); // SSL through the tunnel - - session_deps.socket_factory.AddSocketDataProvider(&data); - session_deps.socket_factory.AddSSLSocketDataProvider(&proxy_ssl); - session_deps.socket_factory.AddSSLSocketDataProvider(&tunnel_ssl); - - TestCompletionCallback callback; - - scoped_ptr<HttpTransaction> trans( - new HttpNetworkTransaction(CreateSession(&session_deps))); - - int rv = trans->Start(&request, &callback, BoundNetLog()); - EXPECT_EQ(ERR_IO_PENDING, rv); - - rv = callback.WaitForResult(); - EXPECT_EQ(OK, rv); - const HttpResponseInfo* response = trans->GetResponseInfo(); - - ASSERT_FALSE(response == NULL); - - EXPECT_TRUE(response->headers->IsKeepAlive()); - EXPECT_EQ(200, response->headers->response_code()); - EXPECT_EQ(100, response->headers->GetContentLength()); - EXPECT_TRUE(HttpVersion(1, 1) == response->headers->GetHttpVersion()); -} - -// Test HTTPS connections to a site with a bad certificate, going through an -// HTTPS proxy -TEST_F(HttpNetworkTransactionTest, HTTPSBadCertificateViaHttpsProxy) { - SessionDependencies session_deps(CreateFixedProxyService("https://proxy:70")); - - HttpRequestInfo request; - request.method = "GET"; - request.url = GURL("https://www.google.com/"); - request.load_flags = 0; - - // Attempt to fetch the URL from a server with a bad cert - MockWrite bad_cert_writes[] = { - MockWrite("CONNECT www.google.com:443 HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Proxy-Connection: keep-alive\r\n\r\n"), - }; - - MockRead bad_cert_reads[] = { - MockRead("HTTP/1.0 200 Connected\r\n\r\n"), - MockRead(false, OK) - }; - - // Attempt to fetch the URL with a good cert - MockWrite good_data_writes[] = { - MockWrite("CONNECT www.google.com:443 HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Proxy-Connection: keep-alive\r\n\r\n"), - MockWrite("GET / HTTP/1.1\r\n" - "Host: www.google.com\r\n" - "Connection: keep-alive\r\n\r\n"), - }; - - MockRead good_cert_reads[] = { - MockRead("HTTP/1.0 200 Connected\r\n\r\n"), - MockRead("HTTP/1.0 200 OK\r\n"), - MockRead("Content-Type: text/html; charset=iso-8859-1\r\n"), - MockRead("Content-Length: 100\r\n\r\n"), - MockRead(false, OK), - }; - - StaticSocketDataProvider ssl_bad_certificate( - bad_cert_reads, arraysize(bad_cert_reads), - bad_cert_writes, arraysize(bad_cert_writes)); - StaticSocketDataProvider data(good_cert_reads, arraysize(good_cert_reads), - good_data_writes, arraysize(good_data_writes)); - SSLSocketDataProvider ssl_bad(true, ERR_CERT_AUTHORITY_INVALID); - SSLSocketDataProvider ssl(true, OK); - - // SSL to the proxy, then CONNECT request, then SSL with bad certificate - session_deps.socket_factory.AddSSLSocketDataProvider(&ssl); - session_deps.socket_factory.AddSocketDataProvider(&ssl_bad_certificate); - session_deps.socket_factory.AddSSLSocketDataProvider(&ssl_bad); - - // SSL to the proxy, then CONNECT request, then valid SSL certificate - session_deps.socket_factory.AddSSLSocketDataProvider(&ssl); - session_deps.socket_factory.AddSocketDataProvider(&data); - session_deps.socket_factory.AddSSLSocketDataProvider(&ssl); - - TestCompletionCallback callback; - - scoped_ptr<HttpTransaction> trans( - new HttpNetworkTransaction(CreateSession(&session_deps))); - - int rv = trans->Start(&request, &callback, BoundNetLog()); - EXPECT_EQ(ERR_IO_PENDING, rv); - - rv = callback.WaitForResult(); - EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, rv); - - rv = trans->RestartIgnoringLastError(&callback); - EXPECT_EQ(ERR_IO_PENDING, rv); - - rv = callback.WaitForResult(); - EXPECT_EQ(OK, rv); - - const HttpResponseInfo* response = trans->GetResponseInfo(); - - EXPECT_FALSE(response == NULL); - EXPECT_EQ(100, response->headers->GetContentLength()); -} - TEST_F(HttpNetworkTransactionTest, BuildRequest_UserAgent) { SessionDependencies session_deps; scoped_ptr<HttpTransaction> trans( diff --git a/net/http/http_proxy_client_socket_pool.cc b/net/http/http_proxy_client_socket_pool.cc index 23654d3..ef2a640 100644 --- a/net/http/http_proxy_client_socket_pool.cc +++ b/net/http/http_proxy_client_socket_pool.cc @@ -4,8 +4,6 @@ #include "net/http/http_proxy_client_socket_pool.h" -#include <algorithm> - #include "base/time.h" #include "googleurl/src/gurl.h" #include "net/base/net_errors.h" @@ -19,29 +17,18 @@ namespace net { HttpProxySocketParams::HttpProxySocketParams( - const scoped_refptr<TCPSocketParams>& tcp_params, - const scoped_refptr<SSLSocketParams>& ssl_params, + const scoped_refptr<TCPSocketParams>& proxy_server, const GURL& request_url, const std::string& user_agent, HostPortPair endpoint, scoped_refptr<HttpNetworkSession> session, bool tunnel) - : tcp_params_(tcp_params), - ssl_params_(ssl_params), + : tcp_params_(proxy_server), request_url_(request_url), user_agent_(user_agent), endpoint_(endpoint), session_(tunnel ? session : NULL), tunnel_(tunnel) { - DCHECK((tcp_params == NULL && ssl_params != NULL) || - (tcp_params != NULL && ssl_params == NULL)); -} - -const HostResolver::RequestInfo& HttpProxySocketParams::destination() const { - if (tcp_params_ == NULL) - return ssl_params_->tcp_params()->destination(); - else - return tcp_params_->destination(); } HttpProxySocketParams::~HttpProxySocketParams() {} @@ -55,7 +42,6 @@ HttpProxyConnectJob::HttpProxyConnectJob( const scoped_refptr<HttpProxySocketParams>& params, const base::TimeDelta& timeout_duration, const scoped_refptr<TCPClientSocketPool>& tcp_pool, - const scoped_refptr<SSLClientSocketPool>& ssl_pool, const scoped_refptr<HostResolver>& host_resolver, Delegate* delegate, NetLog* net_log) @@ -63,7 +49,6 @@ HttpProxyConnectJob::HttpProxyConnectJob( BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)), params_(params), tcp_pool_(tcp_pool), - ssl_pool_(ssl_pool), resolver_(host_resolver), ALLOW_THIS_IN_INITIALIZER_LIST( callback_(this, &HttpProxyConnectJob::OnIOComplete)) { @@ -75,9 +60,7 @@ LoadState HttpProxyConnectJob::GetLoadState() const { switch (next_state_) { case kStateTCPConnect: case kStateTCPConnectComplete: - case kStateSSLConnect: - case kStateSSLConnectComplete: - return transport_socket_handle_->GetLoadState(); + return tcp_socket_handle_->GetLoadState(); case kStateHttpProxyConnect: case kStateHttpProxyConnectComplete: return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL; @@ -88,10 +71,7 @@ LoadState HttpProxyConnectJob::GetLoadState() const { } int HttpProxyConnectJob::ConnectInternal() { - if (params_->tcp_params()) - next_state_ = kStateTCPConnect; - else - next_state_ = kStateSSLConnect; + next_state_ = kStateTCPConnect; return DoLoop(OK); } @@ -116,13 +96,6 @@ int HttpProxyConnectJob::DoLoop(int result) { case kStateTCPConnectComplete: rv = DoTCPConnectComplete(rv); break; - case kStateSSLConnect: - DCHECK_EQ(OK, rv); - rv = DoSSLConnect(); - break; - case kStateSSLConnectComplete: - rv = DoSSLConnectComplete(rv); - break; case kStateHttpProxyConnect: DCHECK_EQ(OK, rv); rv = DoHttpProxyConnect(); @@ -142,8 +115,8 @@ int HttpProxyConnectJob::DoLoop(int result) { int HttpProxyConnectJob::DoTCPConnect() { next_state_ = kStateTCPConnectComplete; - transport_socket_handle_.reset(new ClientSocketHandle()); - return transport_socket_handle_->Init( + tcp_socket_handle_.reset(new ClientSocketHandle()); + return tcp_socket_handle_->Init( group_name(), params_->tcp_params(), params_->tcp_params()->destination().priority(), &callback_, tcp_pool_, net_log()); @@ -162,46 +135,22 @@ int HttpProxyConnectJob::DoTCPConnectComplete(int result) { return result; } -int HttpProxyConnectJob::DoSSLConnect() { - next_state_ = kStateSSLConnectComplete; - transport_socket_handle_.reset(new ClientSocketHandle()); - return transport_socket_handle_->Init( - group_name(), params_->ssl_params(), - params_->ssl_params()->tcp_params()->destination().priority(), - &callback_, ssl_pool_, net_log()); -} - -int HttpProxyConnectJob::DoSSLConnectComplete(int result) { - if (result < 0) { - if (transport_socket_handle_->socket()) - transport_socket_handle_->socket()->Disconnect(); - return result; - } - - // Reset the timer to just the length of time allowed for HttpProxy handshake - // so that a fast SSL connection plus a slow HttpProxy failure doesn't take - // longer to timeout than it should. - ResetTimer(base::TimeDelta::FromSeconds( - kHttpProxyConnectJobTimeoutInSeconds)); - next_state_ = kStateHttpProxyConnect; - return result; -} - int HttpProxyConnectJob::DoHttpProxyConnect() { next_state_ = kStateHttpProxyConnectComplete; - const HostResolver::RequestInfo& tcp_destination = params_->destination(); + const HostResolver::RequestInfo& tcp_destination = + params_->tcp_params()->destination(); HostPortPair proxy_server(tcp_destination.hostname(), tcp_destination.port()); // Add a HttpProxy connection on top of the tcp socket. - transport_socket_.reset( - new HttpProxyClientSocket(transport_socket_handle_.release(), - params_->request_url(), - params_->user_agent(), - params_->endpoint(), - proxy_server, params_->session(), - params_->tunnel())); - int result = transport_socket_->Connect(&callback_); + socket_.reset(new HttpProxyClientSocket(tcp_socket_handle_.release(), + params_->request_url(), + params_->user_agent(), + params_->endpoint(), + proxy_server, + params_->session(), + params_->tunnel())); + int result = socket_->Connect(&callback_); // Clear the circular reference to HttpNetworkSession (|params_| reference // HttpNetworkSession, which reference HttpProxyClientSocketPool, which @@ -213,40 +162,26 @@ int HttpProxyConnectJob::DoHttpProxyConnect() { int HttpProxyConnectJob::DoHttpProxyConnectComplete(int result) { if (result == OK || result == ERR_PROXY_AUTH_REQUESTED) - set_socket(transport_socket_.release()); + set_socket(socket_.release()); return result; } -HttpProxyClientSocketPool:: -HttpProxyConnectJobFactory::HttpProxyConnectJobFactory( - const scoped_refptr<TCPClientSocketPool>& tcp_pool, - const scoped_refptr<SSLClientSocketPool>& ssl_pool, - HostResolver* host_resolver, - NetLog* net_log) - : tcp_pool_(tcp_pool), - ssl_pool_(ssl_pool), - host_resolver_(host_resolver), - net_log_(net_log) { - base::TimeDelta max_pool_timeout = base::TimeDelta(); - if (tcp_pool_) - max_pool_timeout = tcp_pool_->ConnectionTimeout(); - if (ssl_pool_) - max_pool_timeout = std::max(max_pool_timeout, - ssl_pool_->ConnectionTimeout()); - timeout_ = max_pool_timeout + - base::TimeDelta::FromSeconds(kHttpProxyConnectJobTimeoutInSeconds); -} - - ConnectJob* HttpProxyClientSocketPool::HttpProxyConnectJobFactory::NewConnectJob( const std::string& group_name, const PoolBase::Request& request, ConnectJob::Delegate* delegate) const { return new HttpProxyConnectJob(group_name, request.params(), - ConnectionTimeout(), tcp_pool_, ssl_pool_, - host_resolver_, delegate, net_log_); + ConnectionTimeout(), tcp_pool_, host_resolver_, + delegate, net_log_); +} + +base::TimeDelta +HttpProxyClientSocketPool::HttpProxyConnectJobFactory::ConnectionTimeout() +const { + return tcp_pool_->ConnectionTimeout() + + base::TimeDelta::FromSeconds(kHttpProxyConnectJobTimeoutInSeconds); } HttpProxyClientSocketPool::HttpProxyClientSocketPool( @@ -255,14 +190,12 @@ HttpProxyClientSocketPool::HttpProxyClientSocketPool( const scoped_refptr<ClientSocketPoolHistograms>& histograms, const scoped_refptr<HostResolver>& host_resolver, const scoped_refptr<TCPClientSocketPool>& tcp_pool, - const scoped_refptr<SSLClientSocketPool>& ssl_pool, NetLog* net_log) : base_(max_sockets, max_sockets_per_group, histograms, base::TimeDelta::FromSeconds( ClientSocketPool::unused_idle_socket_timeout()), base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout), - new HttpProxyConnectJobFactory(tcp_pool, ssl_pool, host_resolver, - net_log)) {} + new HttpProxyConnectJobFactory(tcp_pool, host_resolver, net_log)) {} HttpProxyClientSocketPool::~HttpProxyClientSocketPool() {} diff --git a/net/http/http_proxy_client_socket_pool.h b/net/http/http_proxy_client_socket_pool.h index c992cf0..3e3df7c 100644 --- a/net/http/http_proxy_client_socket_pool.h +++ b/net/http/http_proxy_client_socket_pool.h @@ -22,19 +22,12 @@ namespace net { class HostResolver; class HttpNetworkSession; -class SSLClientSocketPool; -class SSLSocketParams; class TCPClientSocketPool; class TCPSocketParams; -// HttpProxySocketParams only needs the socket params for one of the proxy -// types. The other param must be NULL. When using an HTTP Proxy, -// |tcp_params| must be set. When using an HTTPS Proxy, |ssl_params| -// must be set. class HttpProxySocketParams : public base::RefCounted<HttpProxySocketParams> { public: - HttpProxySocketParams(const scoped_refptr<TCPSocketParams>& tcp_params, - const scoped_refptr<SSLSocketParams>& ssl_params, + HttpProxySocketParams(const scoped_refptr<TCPSocketParams>& proxy_server, const GURL& request_url, const std::string& user_agent, HostPortPair endpoint, @@ -44,16 +37,12 @@ class HttpProxySocketParams : public base::RefCounted<HttpProxySocketParams> { const scoped_refptr<TCPSocketParams>& tcp_params() const { return tcp_params_; } - const scoped_refptr<SSLSocketParams>& ssl_params() const { - return ssl_params_; - } const GURL& request_url() const { return request_url_; } const std::string& user_agent() const { return user_agent_; } const HostPortPair& endpoint() const { return endpoint_; } const scoped_refptr<HttpNetworkSession>& session() { return session_; } - const HostResolver::RequestInfo& destination() const; bool tunnel() const { return tunnel_; } private: @@ -61,7 +50,6 @@ class HttpProxySocketParams : public base::RefCounted<HttpProxySocketParams> { ~HttpProxySocketParams(); const scoped_refptr<TCPSocketParams> tcp_params_; - const scoped_refptr<SSLSocketParams> ssl_params_; const GURL request_url_; const std::string user_agent_; const HostPortPair endpoint_; @@ -79,7 +67,6 @@ class HttpProxyConnectJob : public ConnectJob { const scoped_refptr<HttpProxySocketParams>& params, const base::TimeDelta& timeout_duration, const scoped_refptr<TCPClientSocketPool>& tcp_pool, - const scoped_refptr<SSLClientSocketPool>& ssl_pool, const scoped_refptr<HostResolver> &host_resolver, Delegate* delegate, NetLog* net_log); @@ -92,8 +79,6 @@ class HttpProxyConnectJob : public ConnectJob { enum State { kStateTCPConnect, kStateTCPConnectComplete, - kStateSSLConnect, - kStateSSLConnectComplete, kStateHttpProxyConnect, kStateHttpProxyConnectComplete, kStateNone, @@ -113,25 +98,19 @@ class HttpProxyConnectJob : public ConnectJob { // Runs the state transition loop. int DoLoop(int result); - // Connecting to HTTP Proxy int DoTCPConnect(); int DoTCPConnectComplete(int result); - // Connecting to HTTPS Proxy - int DoSSLConnect(); - int DoSSLConnectComplete(int result); - int DoHttpProxyConnect(); int DoHttpProxyConnectComplete(int result); scoped_refptr<HttpProxySocketParams> params_; const scoped_refptr<TCPClientSocketPool> tcp_pool_; - const scoped_refptr<SSLClientSocketPool> ssl_pool_; const scoped_refptr<HostResolver> resolver_; State next_state_; CompletionCallbackImpl<HttpProxyConnectJob> callback_; - scoped_ptr<ClientSocketHandle> transport_socket_handle_; - scoped_ptr<ClientSocket> transport_socket_; + scoped_ptr<ClientSocketHandle> tcp_socket_handle_; + scoped_ptr<ClientSocket> socket_; DISALLOW_COPY_AND_ASSIGN(HttpProxyConnectJob); }; @@ -144,7 +123,6 @@ class HttpProxyClientSocketPool : public ClientSocketPool { const scoped_refptr<ClientSocketPoolHistograms>& histograms, const scoped_refptr<HostResolver>& host_resolver, const scoped_refptr<TCPClientSocketPool>& tcp_pool, - const scoped_refptr<SSLClientSocketPool>& ssl_pool, NetLog* net_log); // ClientSocketPool methods: @@ -193,23 +171,25 @@ class HttpProxyClientSocketPool : public ClientSocketPool { public: HttpProxyConnectJobFactory( const scoped_refptr<TCPClientSocketPool>& tcp_pool, - const scoped_refptr<SSLClientSocketPool>& ssl_pool, HostResolver* host_resolver, - NetLog* net_log); + NetLog* net_log) + : tcp_pool_(tcp_pool), + host_resolver_(host_resolver), + net_log_(net_log) {} + + virtual ~HttpProxyConnectJobFactory() {} // ClientSocketPoolBase::ConnectJobFactory methods. virtual ConnectJob* NewConnectJob(const std::string& group_name, const PoolBase::Request& request, ConnectJob::Delegate* delegate) const; - virtual base::TimeDelta ConnectionTimeout() const { return timeout_; } + virtual base::TimeDelta ConnectionTimeout() const; private: const scoped_refptr<TCPClientSocketPool> tcp_pool_; - const scoped_refptr<SSLClientSocketPool> ssl_pool_; const scoped_refptr<HostResolver> host_resolver_; NetLog* net_log_; - base::TimeDelta timeout_; DISALLOW_COPY_AND_ASSIGN(HttpProxyConnectJobFactory); }; diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc index 761360b..2324b0d 100644 --- a/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_unittest.cc @@ -29,27 +29,14 @@ namespace { const int kMaxSockets = 32; const int kMaxSocketsPerGroup = 6; -enum HttpProxyType { - HTTP, - HTTPS -}; - -typedef ::testing::TestWithParam<HttpProxyType> TestWithHttpParam; - -class HttpProxyClientSocketPoolTest : public TestWithHttpParam { +class HttpProxyClientSocketPoolTest : public ClientSocketPoolTest { protected: HttpProxyClientSocketPoolTest() - : ssl_config_(), - ignored_tcp_socket_params_(new TCPSocketParams( + : ignored_tcp_socket_params_(new TCPSocketParams( HostPortPair("proxy", 80), MEDIUM, GURL(), false)), - ignored_ssl_socket_params_(new SSLSocketParams( - ignored_tcp_socket_params_, NULL, NULL, ProxyServer::SCHEME_DIRECT, - "host", ssl_config_, 0, false, false)), tcp_histograms_(new ClientSocketPoolHistograms("MockTCP")), tcp_socket_pool_(new MockTCPClientSocketPool(kMaxSockets, kMaxSocketsPerGroup, tcp_histograms_, &tcp_client_socket_factory_)), - ssl_socket_pool_(new MockSSLClientSocketPool(kMaxSockets, - kMaxSocketsPerGroup, tcp_histograms_, &tcp_client_socket_factory_)), http_auth_handler_factory_(HttpAuthHandlerFactory::CreateDefault()), session_(new HttpNetworkSession(new MockHostResolver, ProxyService::CreateNull(), @@ -59,11 +46,16 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { http_auth_handler_factory_.get(), NULL, NULL)), + notunnel_socket_params_(new HttpProxySocketParams( + ignored_tcp_socket_params_, GURL("http://host"), "", + HostPortPair("host", 80), NULL, false)), + tunnel_socket_params_(new HttpProxySocketParams( + ignored_tcp_socket_params_, GURL("http://host"), "", + HostPortPair("host", 80), session_, true)), http_proxy_histograms_( new ClientSocketPoolHistograms("HttpProxyUnitTest")), pool_(new HttpProxyClientSocketPool(kMaxSockets, kMaxSocketsPerGroup, - http_proxy_histograms_, NULL, tcp_socket_pool_, ssl_socket_pool_, - NULL)) { + http_proxy_histograms_, NULL, tcp_socket_pool_, NULL)) { } void AddAuthToCache() { @@ -73,64 +65,32 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { "Basic realm=MyRealm1", kFoo, kBar, "/"); } - scoped_refptr<TCPSocketParams> GetTcpParams() { - if (GetParam() == HTTPS) - return scoped_refptr<TCPSocketParams>(); - return ignored_tcp_socket_params_; - } - - scoped_refptr<SSLSocketParams> GetSslParams() { - if (GetParam() == HTTP) - return scoped_refptr<SSLSocketParams>(); - return ignored_ssl_socket_params_; - } - - // Returns the a correctly constructed HttpProxyParms - // for the HTTP or HTTPS proxy. - scoped_refptr<HttpProxySocketParams> GetParams(bool tunnel) { - return scoped_refptr<HttpProxySocketParams>(new HttpProxySocketParams( - GetTcpParams(), GetSslParams(), GURL("http://host/"), "", - HostPortPair("host", 80), session_, tunnel)); - } - - scoped_refptr<HttpProxySocketParams> GetTunnelParams() { - return GetParams(true); + int StartRequest(const std::string& group_name, RequestPriority priority) { + return StartRequestUsingPool( + pool_, group_name, priority, tunnel_socket_params_); } - scoped_refptr<HttpProxySocketParams> GetNoTunnelParams() { - return GetParams(false); - } - - SSLConfig ssl_config_; - scoped_refptr<TCPSocketParams> ignored_tcp_socket_params_; - scoped_refptr<SSLSocketParams> ignored_ssl_socket_params_; scoped_refptr<ClientSocketPoolHistograms> tcp_histograms_; MockClientSocketFactory tcp_client_socket_factory_; scoped_refptr<MockTCPClientSocketPool> tcp_socket_pool_; - scoped_refptr<MockSSLClientSocketPool> ssl_socket_pool_; MockClientSocketFactory socket_factory_; scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_; scoped_refptr<HttpNetworkSession> session_; + scoped_refptr<HttpProxySocketParams> notunnel_socket_params_; + scoped_refptr<HttpProxySocketParams> tunnel_socket_params_; scoped_refptr<ClientSocketPoolHistograms> http_proxy_histograms_; scoped_refptr<HttpProxyClientSocketPool> pool_; }; -//----------------------------------------------------------------------------- -// All tests are run with three different connection types: SPDY after NPN -// negotiation, SPDY without SSL, and SPDY with SSL. -INSTANTIATE_TEST_CASE_P(HttpProxyClientSocketPoolTests, - HttpProxyClientSocketPoolTest, - ::testing::Values(HTTP, HTTPS)); - -TEST_P(HttpProxyClientSocketPoolTest, NoTunnel) { +TEST_F(HttpProxyClientSocketPoolTest, NoTunnel) { StaticSocketDataProvider data; data.set_connect_data(MockConnect(false, 0)); tcp_client_socket_factory_.AddSocketDataProvider(&data); ClientSocketHandle handle; - int rv = handle.Init("a", GetNoTunnelParams(), LOW, NULL, pool_, + int rv = handle.Init("a", notunnel_socket_params_, LOW, NULL, pool_, BoundNetLog()); EXPECT_EQ(OK, rv); EXPECT_TRUE(handle.is_initialized()); @@ -140,7 +100,7 @@ TEST_P(HttpProxyClientSocketPoolTest, NoTunnel) { EXPECT_TRUE(tunnel_socket->IsConnected()); } -TEST_P(HttpProxyClientSocketPoolTest, NeedAuth) { +TEST_F(HttpProxyClientSocketPoolTest, NeedAuth) { MockWrite writes[] = { MockWrite("CONNECT host:80 HTTP/1.1\r\n" "Host: host\r\n" @@ -160,7 +120,7 @@ TEST_P(HttpProxyClientSocketPoolTest, NeedAuth) { ClientSocketHandle handle; TestCompletionCallback callback; - int rv = handle.Init("a", GetTunnelParams(), LOW, &callback, pool_, + int rv = handle.Init("a", tunnel_socket_params_, LOW, &callback, pool_, BoundNetLog()); EXPECT_EQ(ERR_IO_PENDING, rv); EXPECT_FALSE(handle.is_initialized()); @@ -174,7 +134,7 @@ TEST_P(HttpProxyClientSocketPoolTest, NeedAuth) { EXPECT_FALSE(tunnel_socket->IsConnected()); } -TEST_P(HttpProxyClientSocketPoolTest, HaveAuth) { +TEST_F(HttpProxyClientSocketPoolTest, HaveAuth) { MockWrite writes[] = { MockWrite(false, "CONNECT host:80 HTTP/1.1\r\n" @@ -194,7 +154,7 @@ TEST_P(HttpProxyClientSocketPoolTest, HaveAuth) { ClientSocketHandle handle; TestCompletionCallback callback; - int rv = handle.Init("a", GetTunnelParams(), LOW, &callback, pool_, + int rv = handle.Init("a", tunnel_socket_params_, LOW, &callback, pool_, BoundNetLog()); EXPECT_EQ(OK, rv); EXPECT_TRUE(handle.is_initialized()); @@ -204,7 +164,7 @@ TEST_P(HttpProxyClientSocketPoolTest, HaveAuth) { EXPECT_TRUE(tunnel_socket->IsConnected()); } -TEST_P(HttpProxyClientSocketPoolTest, AsyncHaveAuth) { +TEST_F(HttpProxyClientSocketPoolTest, AsyncHaveAuth) { MockWrite writes[] = { MockWrite("CONNECT host:80 HTTP/1.1\r\n" "Host: host\r\n" @@ -222,7 +182,7 @@ TEST_P(HttpProxyClientSocketPoolTest, AsyncHaveAuth) { ClientSocketHandle handle; TestCompletionCallback callback; - int rv = handle.Init("a", GetTunnelParams(), LOW, &callback, pool_, + int rv = handle.Init("a", tunnel_socket_params_, LOW, &callback, pool_, BoundNetLog()); EXPECT_EQ(ERR_IO_PENDING, rv); EXPECT_FALSE(handle.is_initialized()); @@ -236,7 +196,7 @@ TEST_P(HttpProxyClientSocketPoolTest, AsyncHaveAuth) { EXPECT_TRUE(tunnel_socket->IsConnected()); } -TEST_P(HttpProxyClientSocketPoolTest, TCPError) { +TEST_F(HttpProxyClientSocketPoolTest, TCPError) { StaticSocketDataProvider data; data.set_connect_data(MockConnect(true, ERR_CONNECTION_CLOSED)); @@ -244,7 +204,7 @@ TEST_P(HttpProxyClientSocketPoolTest, TCPError) { ClientSocketHandle handle; TestCompletionCallback callback; - int rv = handle.Init("a", GetTunnelParams(), LOW, &callback, pool_, + int rv = handle.Init("a", tunnel_socket_params_, LOW, &callback, pool_, BoundNetLog()); EXPECT_EQ(ERR_IO_PENDING, rv); EXPECT_FALSE(handle.is_initialized()); @@ -255,7 +215,7 @@ TEST_P(HttpProxyClientSocketPoolTest, TCPError) { EXPECT_FALSE(handle.socket()); } -TEST_P(HttpProxyClientSocketPoolTest, TunnelUnexpectedClose) { +TEST_F(HttpProxyClientSocketPoolTest, TunnelUnexpectedClose) { MockWrite writes[] = { MockWrite("CONNECT host:80 HTTP/1.1\r\n" "Host: host\r\n" @@ -274,7 +234,7 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelUnexpectedClose) { ClientSocketHandle handle; TestCompletionCallback callback; - int rv = handle.Init("a", GetTunnelParams(), LOW, &callback, pool_, + int rv = handle.Init("a", tunnel_socket_params_, LOW, &callback, pool_, BoundNetLog()); EXPECT_EQ(ERR_IO_PENDING, rv); EXPECT_FALSE(handle.is_initialized()); @@ -285,7 +245,7 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelUnexpectedClose) { EXPECT_FALSE(handle.socket()); } -TEST_P(HttpProxyClientSocketPoolTest, TunnelSetupError) { +TEST_F(HttpProxyClientSocketPoolTest, TunnelSetupError) { MockWrite writes[] = { MockWrite("CONNECT host:80 HTTP/1.1\r\n" "Host: host\r\n" @@ -303,7 +263,7 @@ TEST_P(HttpProxyClientSocketPoolTest, TunnelSetupError) { ClientSocketHandle handle; TestCompletionCallback callback; - int rv = handle.Init("a", GetTunnelParams(), LOW, &callback, pool_, + int rv = handle.Init("a", tunnel_socket_params_, LOW, &callback, pool_, BoundNetLog()); EXPECT_EQ(ERR_IO_PENDING, rv); EXPECT_FALSE(handle.is_initialized()); diff --git a/net/http/http_stream_request.cc b/net/http/http_stream_request.cc index 567e353..8ca375b 100644 --- a/net/http/http_stream_request.cc +++ b/net/http/http_stream_request.cc @@ -395,8 +395,7 @@ int HttpStreamRequest::DoResolveProxyComplete(int result) { // Remove unsupported proxies from the list. proxy_info()->RemoveProxiesWithoutScheme( - ProxyServer::SCHEME_DIRECT | - ProxyServer::SCHEME_HTTP | ProxyServer::SCHEME_HTTPS | + ProxyServer::SCHEME_DIRECT | ProxyServer::SCHEME_HTTP | ProxyServer::SCHEME_SOCKS4 | ProxyServer::SCHEME_SOCKS5); if (proxy_info()->is_empty()) { @@ -462,7 +461,7 @@ int HttpStreamRequest::DoInitConnection() { new TCPSocketParams(*proxy_host_port, request_info().priority, request_info().referrer, disable_resolver_cache); - if (proxy_info()->is_http() || proxy_info()->is_https()) { + if (proxy_info()->is_http()) { GURL authentication_url = request_info().url; if (using_ssl_ && !authentication_url.SchemeIs("https")) { // If a proxy tunnel connection needs to be established due to @@ -480,15 +479,7 @@ int HttpStreamRequest::DoInitConnection() { std::string user_agent; request_info().extra_headers.GetHeader(HttpRequestHeaders::kUserAgent, &user_agent); - scoped_refptr<SSLSocketParams> ssl_params; - if (proxy_info()->is_https()) - // Set ssl_params, and unset proxy_tcp_params - ssl_params = GenerateSslParams(proxy_tcp_params.release(), NULL, NULL, - ProxyServer::SCHEME_DIRECT, - want_spdy_over_npn); - http_proxy_params = new HttpProxySocketParams(proxy_tcp_params, - ssl_params, authentication_url, user_agent, endpoint_, @@ -513,10 +504,35 @@ int HttpStreamRequest::DoInitConnection() { // Deal with SSL - which layers on top of any given proxy. if (using_ssl_) { + if (factory_->IsTLSIntolerantServer(request_info().url)) { + LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " + << GetHostAndPort(request_info().url); + ssl_config()->ssl3_fallback = true; + ssl_config()->tls1_enabled = false; + } + + UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", + static_cast<int>(ssl_config()->ssl3_fallback), 2); + + int load_flags = request_info().load_flags; + if (factory_->ignore_certificate_errors()) + load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; + if (request_info().load_flags & LOAD_VERIFY_EV_CERT) + ssl_config()->verify_ev_cert = true; + + if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || + proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) { + ssl_config()->mitm_proxies_allowed = true; + } + scoped_refptr<SSLSocketParams> ssl_params = - GenerateSslParams(tcp_params, http_proxy_params, socks_params, - proxy_info()->proxy_server().scheme(), - want_spdy_over_npn); + new SSLSocketParams(tcp_params, http_proxy_params, socks_params, + proxy_info()->proxy_server().scheme(), + request_info().url.HostNoBrackets(), *ssl_config(), + load_flags, + force_spdy_always_ && force_spdy_over_ssl_, + want_spdy_over_npn); + scoped_refptr<SSLClientSocketPool> ssl_pool; if (proxy_info()->is_direct()) ssl_pool = session_->ssl_socket_pool(); @@ -529,7 +545,7 @@ int HttpStreamRequest::DoInitConnection() { } // Finally, get the connection started. - if (proxy_info()->is_http() || proxy_info()->is_https()) { + if (proxy_info()->is_http()) { return connection_->Init( connection_group, http_proxy_params, request_info().priority, &io_callback_, session_->GetSocketPoolForHTTPProxy(*proxy_host_port), @@ -727,47 +743,6 @@ int HttpStreamRequest::DoRestartTunnelAuthComplete(int result) { return ReconsiderProxyAfterError(result); } -// Returns a newly create SSLSocketParams, and sets several -// fields of ssl_config_. -scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSslParams( - scoped_refptr<TCPSocketParams> tcp_params, - scoped_refptr<HttpProxySocketParams> http_proxy_params, - scoped_refptr<SOCKSSocketParams> socks_params, - ProxyServer::Scheme proxy_scheme, - bool want_spdy_over_npn) { - - if (factory_->IsTLSIntolerantServer(request_info().url)) { - LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " - << GetHostAndPort(request_info().url); - ssl_config()->ssl3_fallback = true; - ssl_config()->tls1_enabled = false; - } - - UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", - static_cast<int>(ssl_config()->ssl3_fallback), 2); - - int load_flags = request_info().load_flags; - if (factory_->ignore_certificate_errors()) - load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; - if (request_info().load_flags & LOAD_VERIFY_EV_CERT) - ssl_config()->verify_ev_cert = true; - - if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || - proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) { - ssl_config()->mitm_proxies_allowed = true; - } - - scoped_refptr<SSLSocketParams> ssl_params = - new SSLSocketParams(tcp_params, http_proxy_params, socks_params, - proxy_scheme, request_info().url.HostNoBrackets(), - *ssl_config(), load_flags, - force_spdy_always_ && force_spdy_over_ssl_, - want_spdy_over_npn); - - return ssl_params; -} - - void HttpStreamRequest::MarkBrokenAlternateProtocolAndFallback() { // We have to: // * Reset the endpoint to be the unmodified URL specified destination. @@ -940,3 +915,4 @@ void HttpStreamRequest::LogHttpConnectedMetrics( } } // namespace net + diff --git a/net/http/http_stream_request.h b/net/http/http_stream_request.h index cd1551e..3039839 100644 --- a/net/http/http_stream_request.h +++ b/net/http/http_stream_request.h @@ -22,12 +22,8 @@ namespace net { class ClientSocketHandle; class HttpAuthController; class HttpNetworkSession; -class HttpProxySocketParams; class HttpStreamFactory; -class SOCKSSocketParams; -class SSLSocketParams; class StreamRequestDelegate; -class TCPSocketParams; // An HttpStreamRequest exists for each stream which is in progress of being // created for the StreamFactory. @@ -110,15 +106,6 @@ class HttpStreamRequest : public StreamFactory::StreamRequestJob { int DoRestartTunnelAuth(); int DoRestartTunnelAuthComplete(int result); - // Returns a newly create SSLSocketParams, and sets several - // fields of ssl_config_. - scoped_refptr<SSLSocketParams> GenerateSslParams( - scoped_refptr<TCPSocketParams> tcp_params, - scoped_refptr<HttpProxySocketParams> http_proxy_params, - scoped_refptr<SOCKSSocketParams> socks_params, - ProxyServer::Scheme proxy_scheme, - bool want_spdy_over_npn); - // AlternateProtocol API void MarkBrokenAlternateProtocolAndFallback(); diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc index 8d09a6d..5ffd1d4 100644 --- a/net/socket/socket_test_util.cc +++ b/net/socket/socket_test_util.cc @@ -1174,102 +1174,4 @@ const char kSOCKS5OkResponse[] = { 0x05, 0x00, 0x00, 0x01, 127, 0, 0, 1, 0x00, 0x50 }; const int kSOCKS5OkResponseLength = arraysize(kSOCKS5OkResponse); -MockSSLClientSocketPool::MockSSLClientSocketPool( - int max_sockets, - int max_sockets_per_group, - const scoped_refptr<ClientSocketPoolHistograms>& histograms, - ClientSocketFactory* socket_factory) - : SSLClientSocketPool(max_sockets, max_sockets_per_group, histograms, - NULL, socket_factory, - new MockTCPClientSocketPool(max_sockets, - max_sockets_per_group, - histograms, - socket_factory), - NULL, NULL, NULL), - client_socket_factory_(socket_factory), - release_count_(0), - cancel_count_(0) { -} - -int MockSSLClientSocketPool::RequestSocket(const std::string& group_name, - const void* socket_params, - RequestPriority priority, - ClientSocketHandle* handle, - CompletionCallback* callback, - const BoundNetLog& net_log) { - ClientSocket* socket = client_socket_factory_->CreateTCPClientSocket( - AddressList(), net_log.net_log()); - MockConnectJob* job = new MockConnectJob(socket, handle, callback); - job_list_.push_back(job); - handle->set_pool_id(1); - return job->Connect(); -} - -void MockSSLClientSocketPool::CancelRequest(const std::string& group_name, - ClientSocketHandle* handle) { - std::vector<MockConnectJob*>::iterator i; - for (i = job_list_.begin(); i != job_list_.end(); ++i) { - if ((*i)->CancelHandle(handle)) { - cancel_count_++; - break; - } - } -} - -void MockSSLClientSocketPool::ReleaseSocket(const std::string& group_name, - ClientSocket* socket, int id) { - EXPECT_EQ(1, id); - release_count_++; - delete socket; -} - -MockSSLClientSocketPool::~MockSSLClientSocketPool() {} - -MockSSLClientSocketPool::MockConnectJob::MockConnectJob( - ClientSocket* socket, - ClientSocketHandle* handle, - CompletionCallback* callback) - : socket_(socket), - handle_(handle), - user_callback_(callback), - ALLOW_THIS_IN_INITIALIZER_LIST( - connect_callback_(this, &MockConnectJob::OnConnect)) { -} - -int MockSSLClientSocketPool::MockConnectJob::Connect() { - int rv = socket_->Connect(&connect_callback_); - if (rv == OK) { - user_callback_ = NULL; - OnConnect(OK); - } - return rv; -} - -bool MockSSLClientSocketPool::MockConnectJob::CancelHandle( - const ClientSocketHandle* handle) { - if (handle != handle_) - return false; - socket_.reset(); - handle_ = NULL; - user_callback_ = NULL; - return true; -} - -void MockSSLClientSocketPool::MockConnectJob::OnConnect(int rv) { - if (!socket_.get()) - return; - if (rv == OK) { - handle_->set_socket(socket_.release()); - } else { - socket_.reset(); - } - - handle_ = NULL; - - if (user_callback_) { - CompletionCallback* callback = user_callback_; - user_callback_ = NULL; - callback->Run(rv); - } -} } // namespace net diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h index e62e12b..533a18d 100644 --- a/net/socket/socket_test_util.h +++ b/net/socket/socket_test_util.h @@ -30,7 +30,6 @@ #include "net/socket/client_socket_handle.h" #include "net/socket/socks_client_socket_pool.h" #include "net/socket/ssl_client_socket.h" -#include "net/socket/ssl_client_socket_pool.h" #include "net/socket/tcp_client_socket_pool.h" #include "testing/gtest/include/gtest/gtest.h" @@ -868,62 +867,6 @@ extern const int kSOCKS5OkRequestLength; extern const char kSOCKS5OkResponse[]; extern const int kSOCKS5OkResponseLength; -class MockSSLClientSocketPool : public SSLClientSocketPool { - public: - class MockConnectJob { - public: - MockConnectJob(ClientSocket* socket, ClientSocketHandle* handle, - CompletionCallback* callback); - - int Connect(); - bool CancelHandle(const ClientSocketHandle* handle); - - private: - void OnConnect(int rv); - - scoped_ptr<ClientSocket> socket_; - ClientSocketHandle* handle_; - CompletionCallback* user_callback_; - CompletionCallbackImpl<MockConnectJob> connect_callback_; - - DISALLOW_COPY_AND_ASSIGN(MockConnectJob); - }; - - MockSSLClientSocketPool( - int max_sockets, - int max_sockets_per_group, - const scoped_refptr<ClientSocketPoolHistograms>& histograms, - ClientSocketFactory* socket_factory); - - int release_count() const { return release_count_; } - int cancel_count() const { return cancel_count_; } - - // SSLClientSocketPool methods. - virtual int RequestSocket(const std::string& group_name, - const void* socket_params, - RequestPriority priority, - ClientSocketHandle* handle, - CompletionCallback* callback, - const BoundNetLog& net_log); - - virtual void CancelRequest(const std::string& group_name, - ClientSocketHandle* handle); - virtual void ReleaseSocket(const std::string& group_name, - ClientSocket* socket, int id); - - protected: - virtual ~MockSSLClientSocketPool(); - - private: - ClientSocketFactory* client_socket_factory_; - int release_count_; - int cancel_count_; - ScopedVector<MockConnectJob> job_list_; - - DISALLOW_COPY_AND_ASSIGN(MockSSLClientSocketPool); -}; - - } // namespace net #endif // NET_SOCKET_SOCKET_TEST_UTIL_H_ diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc index 90da3de..541792f 100644 --- a/net/socket/ssl_client_socket_pool.cc +++ b/net/socket/ssl_client_socket_pool.cc @@ -42,7 +42,6 @@ SSLSocketParams::SSLSocketParams( DCHECK(socks_params_.get() == NULL); break; case ProxyServer::SCHEME_HTTP: - case ProxyServer::SCHEME_HTTPS: DCHECK(tcp_params_.get() == NULL); DCHECK(http_proxy_params_.get() != NULL); DCHECK(socks_params_.get() == NULL); @@ -115,7 +114,6 @@ int SSLConnectJob::ConnectInternal() { next_state_ = STATE_TCP_CONNECT; break; case ProxyServer::SCHEME_HTTP: - case ProxyServer::SCHEME_HTTPS: next_state_ = STATE_TUNNEL_CONNECT; break; case ProxyServer::SCHEME_SOCKS4: @@ -224,7 +222,7 @@ int SSLConnectJob::DoTunnelConnect() { params_->http_proxy_params(); return transport_socket_handle_->Init( group_name(), http_proxy_params, - http_proxy_params->destination().priority(), &callback_, + http_proxy_params->tcp_params()->destination().priority(), &callback_, http_proxy_pool_, net_log()); } diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc index 93ea2de..72c46df 100644 --- a/net/socket/ssl_client_socket_pool_unittest.cc +++ b/net/socket/ssl_client_socket_pool_unittest.cc @@ -54,7 +54,7 @@ class SSLClientSocketPoolTest : public ClientSocketPoolTest { proxy_tcp_socket_params_(new TCPSocketParams( HostPortPair("proxy", 443), MEDIUM, GURL(), false)), http_proxy_socket_params_(new HttpProxySocketParams( - proxy_tcp_socket_params_, NULL, GURL("http://host"), "", + proxy_tcp_socket_params_, GURL("http://host"), "", HostPortPair("host", 80), session_, true)), http_proxy_socket_pool_(new HttpProxyClientSocketPool( kMaxSockets, @@ -62,7 +62,6 @@ class SSLClientSocketPoolTest : public ClientSocketPoolTest { make_scoped_refptr(new ClientSocketPoolHistograms("MockHttpProxy")), new MockHostResolver, tcp_socket_pool_, - NULL, NULL)), socks_socket_params_(new SOCKSSocketParams( proxy_tcp_socket_params_, true, HostPortPair("sockshost", 443), |