| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 315 | 315 |
| 316 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); | 316 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); |
| 317 if (headers_valid_ && headers.get() && stream_request_.get()) { | 317 if (headers_valid_ && headers.get() && stream_request_.get()) { |
| 318 // We're trying to read the body of the response but we're still trying | 318 // We're trying to read the body of the response but we're still trying |
| 319 // to establish an SSL tunnel through the proxy. We can't read these | 319 // to establish an SSL tunnel through the proxy. We can't read these |
| 320 // bytes when establishing a tunnel because they might be controlled by | 320 // bytes when establishing a tunnel because they might be controlled by |
| 321 // an active network attacker. We don't worry about this for HTTP | 321 // an active network attacker. We don't worry about this for HTTP |
| 322 // because an active network attacker can already control HTTP sessions. | 322 // because an active network attacker can already control HTTP sessions. |
| 323 // We reach this case when the user cancels a 407 proxy auth prompt. | 323 // We reach this case when the user cancels a 407 proxy auth prompt. |
| 324 // See http://crbug.com/8473. | 324 // See http://crbug.com/8473. |
| 325 DCHECK(proxy_info_.is_http()); | 325 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); |
| 326 DCHECK_EQ(headers->response_code(), 407); | 326 DCHECK_EQ(headers->response_code(), 407); |
| 327 LOG(WARNING) << "Blocked proxy response with status " | 327 LOG(WARNING) << "Blocked proxy response with status " |
| 328 << headers->response_code() << " to CONNECT request for " | 328 << headers->response_code() << " to CONNECT request for " |
| 329 << GetHostAndPort(request_->url) << "."; | 329 << GetHostAndPort(request_->url) << "."; |
| 330 return ERR_TUNNEL_CONNECTION_FAILED; | 330 return ERR_TUNNEL_CONNECTION_FAILED; |
| 331 } | 331 } |
| 332 | 332 |
| 333 // Are we using SPDY or HTTP? | 333 // Are we using SPDY or HTTP? |
| 334 next_state = STATE_READ_BODY; | 334 next_state = STATE_READ_BODY; |
| 335 DCHECK(stream_->GetResponseInfo()->headers); | 335 DCHECK(stream_->GetResponseInfo()->headers); |
| (...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 651 if (have_proxy_auth) | 651 if (have_proxy_auth) |
| 652 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader( | 652 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader( |
| 653 &authorization_headers); | 653 &authorization_headers); |
| 654 if (have_server_auth) | 654 if (have_server_auth) |
| 655 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader( | 655 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader( |
| 656 &authorization_headers); | 656 &authorization_headers); |
| 657 std::string request_line; | 657 std::string request_line; |
| 658 HttpRequestHeaders request_headers; | 658 HttpRequestHeaders request_headers; |
| 659 | 659 |
| 660 BuildRequestHeaders(request_, authorization_headers, request_body, | 660 BuildRequestHeaders(request_, authorization_headers, request_body, |
| 661 !is_https_request() && proxy_info_.is_http(), | 661 !is_https_request() && (proxy_info_.is_http() || |
| 662 proxy_info_.is_https()), |
| 662 &request_line, &request_headers); | 663 &request_line, &request_headers); |
| 663 | 664 |
| 664 if (session_->network_delegate()) | 665 if (session_->network_delegate()) |
| 665 session_->network_delegate()->OnSendHttpRequest(&request_headers); | 666 session_->network_delegate()->OnSendHttpRequest(&request_headers); |
| 666 | 667 |
| 667 if (net_log_.HasListener()) { | 668 if (net_log_.HasListener()) { |
| 668 net_log_.AddEvent( | 669 net_log_.AddEvent( |
| 669 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS, | 670 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS, |
| 670 new NetLogHttpRequestParameter(request_line, request_headers)); | 671 new NetLogHttpRequestParameter(request_line, request_headers)); |
| 671 } | 672 } |
| (...skipping 414 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1086 } | 1087 } |
| 1087 | 1088 |
| 1088 // We need to clear request_headers_ because it contains the real request | 1089 // We need to clear request_headers_ because it contains the real request |
| 1089 // headers, but we may need to resend the CONNECT request first to recreate | 1090 // headers, but we may need to resend the CONNECT request first to recreate |
| 1090 // the SSL tunnel. | 1091 // the SSL tunnel. |
| 1091 request_headers_.clear(); | 1092 request_headers_.clear(); |
| 1092 next_state_ = STATE_INIT_STREAM; // Resend the request. | 1093 next_state_ = STATE_INIT_STREAM; // Resend the request. |
| 1093 } | 1094 } |
| 1094 | 1095 |
| 1095 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const { | 1096 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const { |
| 1096 return !is_https_request() && proxy_info_.is_http(); | 1097 return !is_https_request() && |
| 1098 (proxy_info_.is_https() || proxy_info_.is_http()); |
| 1097 } | 1099 } |
| 1098 | 1100 |
| 1099 bool HttpNetworkTransaction::ShouldApplyServerAuth() const { | 1101 bool HttpNetworkTransaction::ShouldApplyServerAuth() const { |
| 1100 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA); | 1102 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA); |
| 1101 } | 1103 } |
| 1102 | 1104 |
| 1103 int HttpNetworkTransaction::HandleAuthChallenge() { | 1105 int HttpNetworkTransaction::HandleAuthChallenge() { |
| 1104 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); | 1106 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); |
| 1105 DCHECK(headers); | 1107 DCHECK(headers); |
| 1106 | 1108 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1127 } | 1129 } |
| 1128 | 1130 |
| 1129 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const { | 1131 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const { |
| 1130 return auth_controllers_[target].get() && | 1132 return auth_controllers_[target].get() && |
| 1131 auth_controllers_[target]->HaveAuth(); | 1133 auth_controllers_[target]->HaveAuth(); |
| 1132 } | 1134 } |
| 1133 | 1135 |
| 1134 | 1136 |
| 1135 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const { | 1137 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const { |
| 1136 switch (target) { | 1138 switch (target) { |
| 1137 case HttpAuth::AUTH_PROXY: | 1139 case HttpAuth::AUTH_PROXY: { |
| 1138 if (!proxy_info_.proxy_server().is_valid() || | 1140 if (!proxy_info_.proxy_server().is_valid() || |
| 1139 proxy_info_.proxy_server().is_direct()) { | 1141 proxy_info_.proxy_server().is_direct()) { |
| 1140 return GURL(); // There is no proxy server. | 1142 return GURL(); // There is no proxy server. |
| 1141 } | 1143 } |
| 1142 return GURL("http://" + | 1144 const char* scheme = proxy_info_.is_https() ? "https://" : "http://"; |
| 1145 return GURL(scheme + |
| 1143 proxy_info_.proxy_server().host_port_pair().ToString()); | 1146 proxy_info_.proxy_server().host_port_pair().ToString()); |
| 1147 } |
| 1144 case HttpAuth::AUTH_SERVER: | 1148 case HttpAuth::AUTH_SERVER: |
| 1145 return request_->url; | 1149 return request_->url; |
| 1146 default: | 1150 default: |
| 1147 return GURL(); | 1151 return GURL(); |
| 1148 } | 1152 } |
| 1149 } | 1153 } |
| 1150 | 1154 |
| 1151 #define STATE_CASE(s) case s: \ | 1155 #define STATE_CASE(s) case s: \ |
| 1152 description = StringPrintf("%s (0x%08X)", #s, s); \ | 1156 description = StringPrintf("%s (0x%08X)", #s, s); \ |
| 1153 break | 1157 break |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1185 default: | 1189 default: |
| 1186 return priority; | 1190 return priority; |
| 1187 } | 1191 } |
| 1188 } | 1192 } |
| 1189 | 1193 |
| 1190 | 1194 |
| 1191 | 1195 |
| 1192 #undef STATE_CASE | 1196 #undef STATE_CASE |
| 1193 | 1197 |
| 1194 } // namespace net | 1198 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3110006:
Add support for speaking SSL to an HTTP Proxy, to HttpProxyClientSocketPool (and friends) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/