| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 424 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 435 pending_auth_target_ = HttpAuth::AUTH_PROXY; | 435 pending_auth_target_ = HttpAuth::AUTH_PROXY; |
| 436 | 436 |
| 437 DoCallback(OK); | 437 DoCallback(OK); |
| 438 } | 438 } |
| 439 | 439 |
| 440 void HttpNetworkTransaction::OnNeedsClientAuth( | 440 void HttpNetworkTransaction::OnNeedsClientAuth( |
| 441 const scoped_refptr<SSLCertRequestInfo>& cert_info) { | 441 const scoped_refptr<SSLCertRequestInfo>& cert_info) { |
| 442 DCHECK_EQ(STATE_INIT_STREAM_COMPLETE, next_state_); | 442 DCHECK_EQ(STATE_INIT_STREAM_COMPLETE, next_state_); |
| 443 | 443 |
| 444 response_.cert_request_info = cert_info; | 444 response_.cert_request_info = cert_info; |
| 445 int result = HandleCertificateRequest(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); | 445 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); |
| 446 DoCallback(result); | |
| 447 } | 446 } |
| 448 | 447 |
| 449 HttpNetworkTransaction::~HttpNetworkTransaction() { | 448 HttpNetworkTransaction::~HttpNetworkTransaction() { |
| 450 if (stream_.get()) { | 449 if (stream_.get()) { |
| 451 HttpResponseHeaders* headers = GetResponseHeaders(); | 450 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 452 // TODO(mbelshe): The stream_ should be able to compute whether or not the | 451 // TODO(mbelshe): The stream_ should be able to compute whether or not the |
| 453 // stream should be kept alive. No reason to compute here | 452 // stream should be kept alive. No reason to compute here |
| 454 // and pass it in. | 453 // and pass it in. |
| 455 bool keep_alive = next_state_ == STATE_NONE && | 454 bool keep_alive = next_state_ == STATE_NONE && |
| 456 stream_->IsResponseBodyComplete() && | 455 stream_->IsResponseBodyComplete() && |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 net_log_, | 571 net_log_, |
| 573 session_, | 572 session_, |
| 574 &stream_request_); | 573 &stream_request_); |
| 575 return ERR_IO_PENDING; | 574 return ERR_IO_PENDING; |
| 576 } | 575 } |
| 577 | 576 |
| 578 int HttpNetworkTransaction::DoInitStreamComplete(int result) { | 577 int HttpNetworkTransaction::DoInitStreamComplete(int result) { |
| 579 if (result == OK) { | 578 if (result == OK) { |
| 580 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; | 579 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; |
| 581 DCHECK(stream_.get()); | 580 DCHECK(stream_.get()); |
| 581 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 582 result = HandleCertificateRequest(result); |
| 582 } | 583 } |
| 583 | 584 |
| 584 // At this point we are done with the stream_request_. | 585 // At this point we are done with the stream_request_. |
| 585 stream_request_ = NULL; | 586 stream_request_ = NULL; |
| 586 return result; | 587 return result; |
| 587 } | 588 } |
| 588 | 589 |
| 589 int HttpNetworkTransaction::DoGenerateProxyAuthToken() { | 590 int HttpNetworkTransaction::DoGenerateProxyAuthToken() { |
| 590 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; | 591 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; |
| 591 if (!ShouldApplyProxyAuth()) | 592 if (!ShouldApplyProxyAuth()) |
| (...skipping 388 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 980 // There are two paths through which the server can request a certificate | 981 // There are two paths through which the server can request a certificate |
| 981 // from us. The first is during the initial handshake, the second is | 982 // from us. The first is during the initial handshake, the second is |
| 982 // during SSL renegotiation. | 983 // during SSL renegotiation. |
| 983 // | 984 // |
| 984 // In both cases, we want to close the connection before proceeding. | 985 // In both cases, we want to close the connection before proceeding. |
| 985 // We do this for two reasons: | 986 // We do this for two reasons: |
| 986 // First, we don't want to keep the connection to the server hung for a | 987 // First, we don't want to keep the connection to the server hung for a |
| 987 // long time while the user selects a certificate. | 988 // long time while the user selects a certificate. |
| 988 // Second, even if we did keep the connection open, NSS has a bug where | 989 // Second, even if we did keep the connection open, NSS has a bug where |
| 989 // restarting the handshake for ClientAuth is currently broken. | 990 // restarting the handshake for ClientAuth is currently broken. |
| 991 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED); |
| 990 | 992 |
| 991 if (stream_.get()) { | 993 if (stream_.get()) { |
| 992 // Since we already have a stream, we're being called as part of SSL | 994 // Since we already have a stream, we're being called as part of SSL |
| 993 // renegotiation. | 995 // renegotiation. |
| 994 DCHECK(!stream_request_.get()); | 996 DCHECK(!stream_request_.get()); |
| 995 stream_->Close(true); | 997 stream_->Close(true); |
| 996 stream_.reset(); | 998 stream_.reset(); |
| 997 } | 999 } |
| 998 | 1000 |
| 999 if (stream_request_.get()) { | 1001 if (stream_request_.get()) { |
| 1000 // The server is asking for a client certificate during the initial | 1002 // The server is asking for a client certificate during the initial |
| 1001 // handshake. | 1003 // handshake. |
| 1002 DCHECK_EQ(STATE_INIT_STREAM_COMPLETE, next_state_); | |
| 1003 stream_request_->Cancel(); | 1004 stream_request_->Cancel(); |
| 1004 stream_request_ = NULL; | 1005 stream_request_ = NULL; |
| 1005 next_state_ = STATE_INIT_STREAM; | |
| 1006 } | 1006 } |
| 1007 | 1007 |
| 1008 // If the user selected one of the certificate in client_certs for this | 1008 // If the user selected one of the certificate in client_certs for this |
| 1009 // server before, use it automatically. | 1009 // server before, use it automatically. |
| 1010 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> | 1010 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> |
| 1011 Lookup(GetHostAndPort(request_->url)); | 1011 Lookup(GetHostAndPort(request_->url)); |
| 1012 if (client_cert) { | 1012 if (client_cert) { |
| 1013 const std::vector<scoped_refptr<X509Certificate> >& client_certs = | 1013 const std::vector<scoped_refptr<X509Certificate> >& client_certs = |
| 1014 response_.cert_request_info->client_certs; | 1014 response_.cert_request_info->client_certs; |
| 1015 for (size_t i = 0; i < client_certs.size(); ++i) { | 1015 for (size_t i = 0; i < client_certs.size(); ++i) { |
| 1016 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { | 1016 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { |
| 1017 // TODO(davidben): Add a unit test which covers this path; we need to be |
| 1018 // able to send a legitimate certificate and also bypass/clear the |
| 1019 // SSL session cache. |
| 1017 ssl_config_.client_cert = client_cert; | 1020 ssl_config_.client_cert = client_cert; |
| 1018 ssl_config_.send_client_cert = true; | 1021 ssl_config_.send_client_cert = true; |
| 1019 next_state_ = STATE_INIT_STREAM; | 1022 next_state_ = STATE_INIT_STREAM; |
| 1020 // Reset the other member variables. | 1023 // Reset the other member variables. |
| 1021 // Note: this is necessary only with SSL renegotiation. | 1024 // Note: this is necessary only with SSL renegotiation. |
| 1022 ResetStateForRestart(); | 1025 ResetStateForRestart(); |
| 1023 return OK; | 1026 return OK; |
| 1024 } | 1027 } |
| 1025 } | 1028 } |
| 1026 } | 1029 } |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1182 default: | 1185 default: |
| 1183 return priority; | 1186 return priority; |
| 1184 } | 1187 } |
| 1185 } | 1188 } |
| 1186 | 1189 |
| 1187 | 1190 |
| 1188 | 1191 |
| 1189 #undef STATE_CASE | 1192 #undef STATE_CASE |
| 1190 | 1193 |
| 1191 } // namespace net | 1194 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3141026:
Reintegrate certificate selection in HttpNetworkTransaction DoLoop (Closed)
