From 57cb8724500e883bce61d1fe9abbef3b423c9af7 Mon Sep 17 00:00:00 2001
From: "rch@chromium.org"
<rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 17 Nov 2011 20:46:46 +0000
Subject: Revert 110529 - Allow chrome to handle 407 auth challenges to CONNECT
requests through HTTPS Proxies. This also changes the mechanism used to
restart HttpProxyClientSocket requests with auth. Previously the transport
socket would be Disconnected, and then re-Connected (which was not
implemented for SSLClientSockets). However, the approach was problematic in
the face of, for example, ipv6. The new approach is to close the
HttpProxyClientSocket, and request a new socket from the pool.
Review URL: http://codereview.chromium.org/8502024
TBR=rch@chromium.org
Review URL: http://codereview.chromium.org/8587045
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110550 0039d316-1c4b-4281-b951-d872f2087c98
---
net/spdy/spdy_proxy_client_socket.cc | 23 ---------
net/spdy/spdy_proxy_client_socket.h | 10 +++-
net/spdy/spdy_proxy_client_socket_unittest.cc | 74 +--------------------------
3 files changed, 10 insertions(+), 97 deletions(-)
(limited to 'net/spdy')
diff --git a/net/spdy/spdy_proxy_client_socket.cc b/net/spdy/spdy_proxy_client_socket.cc
index 6ef88e7..1b2674d 100644
--- a/net/spdy/spdy_proxy_client_socket.cc
+++ b/net/spdy/spdy_proxy_client_socket.cc
@@ -63,19 +63,6 @@ const HttpResponseInfo* SpdyProxyClientSocket::GetConnectResponseInfo() const {
return response_.headers ? &response_ : NULL;
}
-int SpdyProxyClientSocket::RestartWithAuth(OldCompletionCallback* callback) {
- // A SPDY Stream can only handle a single request, so the underlying
- // stream may not be reused and a new SpdyProxyClientSocket must be
- // created (possibly on top of the same SPDY Session).
- next_state_ = STATE_DISCONNECTED;
- return OK;
-}
-
-const
-scoped_refptr<HttpAuthController>& SpdyProxyClientSocket::auth_controller() {
- return auth_;
-}
-
HttpStream* SpdyProxyClientSocket::CreateConnectResponseStream() {
DCHECK(response_stream_.get());
return response_stream_.release();
@@ -397,16 +384,6 @@ int SpdyProxyClientSocket::DoReadReplyComplete(int result) {
if (response_.headers->response_code() == 200) {
return OK;
} else if (response_.headers->response_code() == 407) {
- int rv = HandleAuthChallenge(auth_, &response_, net_log_);
- if (rv != ERR_PROXY_AUTH_REQUESTED) {
- return rv;
- }
- // SPDY only supports basic and digest auth
- if (auth_->auth_info() &&
- (auth_->auth_info()->scheme == "basic" ||
- auth_->auth_info()->scheme == "digest")) {
- return ERR_PROXY_AUTH_REQUESTED;
- }
return ERR_TUNNEL_CONNECTION_FAILED;
} else {
// Immediately hand off our SpdyStream to a newly created SpdyHttpStream
diff --git a/net/spdy/spdy_proxy_client_socket.h b/net/spdy/spdy_proxy_client_socket.h
index 9875a05..8a9237b 100644
--- a/net/spdy/spdy_proxy_client_socket.h
+++ b/net/spdy/spdy_proxy_client_socket.h
@@ -53,11 +53,17 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket,
// On destruction Disconnect() is called.
virtual ~SpdyProxyClientSocket();
+ const scoped_refptr<HttpAuthController>& auth_controller() {
+ return auth_;
+ }
+
// ProxyClientSocket methods:
virtual const HttpResponseInfo* GetConnectResponseInfo() const OVERRIDE;
+
+ // In the event of a non-200 response to the CONNECT request, this
+ // method may be called to return an HttpStream in order to read
+ // the response body.
virtual HttpStream* CreateConnectResponseStream() OVERRIDE;
- virtual int RestartWithAuth(OldCompletionCallback* callback) OVERRIDE;
- virtual const scoped_refptr<HttpAuthController>& auth_controller() OVERRIDE;
// StreamSocket methods:
virtual int Connect(OldCompletionCallback* callback) OVERRIDE;
diff --git a/net/spdy/spdy_proxy_client_socket_unittest.cc b/net/spdy/spdy_proxy_client_socket_unittest.cc
index 89aba7e..323b6db 100644
--- a/net/spdy/spdy_proxy_client_socket_unittest.cc
+++ b/net/spdy/spdy_proxy_client_socket_unittest.cc
@@ -66,7 +66,6 @@ class SpdyProxyClientSocketTest : public PlatformTest {
spdy::SpdyFrame* ConstructConnectAuthRequestFrame();
spdy::SpdyFrame* ConstructConnectReplyFrame();
spdy::SpdyFrame* ConstructConnectAuthReplyFrame();
- spdy::SpdyFrame* ConstructNtlmAuthReplyFrame();
spdy::SpdyFrame* ConstructConnectErrorReplyFrame();
spdy::SpdyFrame* ConstructBodyFrame(const char* data, int length);
scoped_refptr<IOBufferWithSize> CreateBuffer(const char* data, int size);
@@ -388,26 +387,6 @@ spdy::SpdyFrame* SpdyProxyClientSocketTest::ConstructConnectAuthReplyFrame() {
arraysize(kStandardReplyHeaders));
}
-// Constructs a SPDY SYN_REPLY frame to match the SPDY CONNECT which
-// requires Proxy Authentication using NTLM.
-spdy::SpdyFrame* SpdyProxyClientSocketTest::ConstructNtlmAuthReplyFrame() {
- const char* const kStandardReplyHeaders[] = {
- "status", "407 Proxy Authentication Required",
- "version", "HTTP/1.1",
- "proxy-authenticate", "NTLM",
- };
-
- return ConstructSpdyControlFrame(NULL,
- 0,
- false,
- kStreamId,
- LOWEST,
- spdy::SYN_REPLY,
- spdy::CONTROL_FLAG_NONE,
- kStandardReplyHeaders,
- arraysize(kStandardReplyHeaders));
-}
-
// Constructs a SPDY SYN_REPLY frame with an HTTP 500 error.
spdy::SpdyFrame* SpdyProxyClientSocketTest::ConstructConnectErrorReplyFrame() {
const char* const kStandardReplyHeaders[] = {
@@ -454,23 +433,6 @@ TEST_F(SpdyProxyClientSocketTest, ConnectSendsCorrectRequest) {
AssertConnectionEstablished();
}
-TEST_F(SpdyProxyClientSocketTest, ConnectWithUnsupportedAuth) {
- scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
- MockWrite writes[] = {
- CreateMockWrite(*conn, 0, false),
- };
-
- scoped_ptr<spdy::SpdyFrame> resp(ConstructNtlmAuthReplyFrame());
- MockRead reads[] = {
- CreateMockRead(*resp, 1, true),
- MockRead(true, 0, 3), // EOF
- };
-
- Initialize(reads, arraysize(reads), writes, arraysize(writes));
-
- AssertConnectFails(ERR_TUNNEL_CONNECTION_FAILED);
-}
-
TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthRequested) {
scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
MockWrite writes[] = {
@@ -485,7 +447,7 @@ TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthRequested) {
Initialize(reads, arraysize(reads), writes, arraysize(writes));
- AssertConnectFails(ERR_PROXY_AUTH_REQUESTED);
+ AssertConnectFails(ERR_TUNNEL_CONNECTION_FAILED);
const HttpResponseInfo* response = sock_->GetConnectResponseInfo();
ASSERT_TRUE(response != NULL);
@@ -514,38 +476,6 @@ TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthCredentials) {
AssertConnectionEstablished();
}
-TEST_F(SpdyProxyClientSocketTest, ConnectWithAuthRestart) {
- scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
- scoped_ptr<spdy::SpdyFrame> auth(ConstructConnectAuthRequestFrame());
- MockWrite writes[] = {
- CreateMockWrite(*conn, 0, false),
- };
-
- scoped_ptr<spdy::SpdyFrame> resp(ConstructConnectAuthReplyFrame());
- scoped_ptr<spdy::SpdyFrame> auth_resp(ConstructConnectReplyFrame());
- MockRead reads[] = {
- CreateMockRead(*resp, 1, true),
- MockRead(true, 0, 3), // EOF
- };
-
- Initialize(reads, arraysize(reads), writes, arraysize(writes));
-
- AssertConnectFails(ERR_PROXY_AUTH_REQUESTED);
-
- const HttpResponseInfo* response = sock_->GetConnectResponseInfo();
- ASSERT_TRUE(response != NULL);
- ASSERT_EQ(407, response->headers->response_code());
- ASSERT_EQ("Proxy Authentication Required",
- response->headers->GetStatusText());
-
- AddAuthToCache();
-
- ASSERT_EQ(OK, sock_->RestartWithAuth(&read_callback_));
- // A SpdyProxyClientSocket sits on a single SPDY stream which can
- // only be used for a single request/response.
- ASSERT_FALSE(sock_->IsConnectedAndIdle());
-}
-
TEST_F(SpdyProxyClientSocketTest, ConnectFails) {
scoped_ptr<spdy::SpdyFrame> conn(ConstructConnectRequestFrame());
MockWrite writes[] = {
@@ -891,7 +821,7 @@ TEST_F(SpdyProxyClientSocketTest, ReadAuthResponseBody) {
Initialize(reads, arraysize(reads), writes, arraysize(writes));
- AssertConnectFails(ERR_PROXY_AUTH_REQUESTED);
+ AssertConnectFails(ERR_TUNNEL_CONNECTION_FAILED);
Run(2); // SpdySession consumes the next two reads and sends then to
// sock_ to be buffered.
--
cgit v1.1