OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 424 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
435 pending_auth_target_ = HttpAuth::AUTH_PROXY; | 435 pending_auth_target_ = HttpAuth::AUTH_PROXY; |
436 | 436 |
437 DoCallback(OK); | 437 DoCallback(OK); |
438 } | 438 } |
439 | 439 |
440 void HttpNetworkTransaction::OnNeedsClientAuth( | 440 void HttpNetworkTransaction::OnNeedsClientAuth( |
441 const scoped_refptr<SSLCertRequestInfo>& cert_info) { | 441 const scoped_refptr<SSLCertRequestInfo>& cert_info) { |
442 DCHECK_EQ(STATE_INIT_STREAM_COMPLETE, next_state_); | 442 DCHECK_EQ(STATE_INIT_STREAM_COMPLETE, next_state_); |
443 | 443 |
444 response_.cert_request_info = cert_info; | 444 response_.cert_request_info = cert_info; |
445 int result = HandleCertificateRequest(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); | 445 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); |
446 DoCallback(result); | |
447 } | 446 } |
448 | 447 |
449 HttpNetworkTransaction::~HttpNetworkTransaction() { | 448 HttpNetworkTransaction::~HttpNetworkTransaction() { |
450 if (stream_.get()) { | 449 if (stream_.get()) { |
451 HttpResponseHeaders* headers = GetResponseHeaders(); | 450 HttpResponseHeaders* headers = GetResponseHeaders(); |
452 // TODO(mbelshe): The stream_ should be able to compute whether or not the | 451 // TODO(mbelshe): The stream_ should be able to compute whether or not the |
453 // stream should be kept alive. No reason to compute here | 452 // stream should be kept alive. No reason to compute here |
454 // and pass it in. | 453 // and pass it in. |
455 bool keep_alive = next_state_ == STATE_NONE && | 454 bool keep_alive = next_state_ == STATE_NONE && |
456 stream_->IsResponseBodyComplete() && | 455 stream_->IsResponseBodyComplete() && |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
572 net_log_, | 571 net_log_, |
573 session_, | 572 session_, |
574 &stream_request_); | 573 &stream_request_); |
575 return ERR_IO_PENDING; | 574 return ERR_IO_PENDING; |
576 } | 575 } |
577 | 576 |
578 int HttpNetworkTransaction::DoInitStreamComplete(int result) { | 577 int HttpNetworkTransaction::DoInitStreamComplete(int result) { |
579 if (result == OK) { | 578 if (result == OK) { |
580 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; | 579 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; |
581 DCHECK(stream_.get()); | 580 DCHECK(stream_.get()); |
| 581 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 582 result = HandleCertificateRequest(result); |
582 } | 583 } |
583 | 584 |
584 // At this point we are done with the stream_request_. | 585 // At this point we are done with the stream_request_. |
585 stream_request_ = NULL; | 586 stream_request_ = NULL; |
586 return result; | 587 return result; |
587 } | 588 } |
588 | 589 |
589 int HttpNetworkTransaction::DoGenerateProxyAuthToken() { | 590 int HttpNetworkTransaction::DoGenerateProxyAuthToken() { |
590 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; | 591 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; |
591 if (!ShouldApplyProxyAuth()) | 592 if (!ShouldApplyProxyAuth()) |
(...skipping 388 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
980 // There are two paths through which the server can request a certificate | 981 // There are two paths through which the server can request a certificate |
981 // from us. The first is during the initial handshake, the second is | 982 // from us. The first is during the initial handshake, the second is |
982 // during SSL renegotiation. | 983 // during SSL renegotiation. |
983 // | 984 // |
984 // In both cases, we want to close the connection before proceeding. | 985 // In both cases, we want to close the connection before proceeding. |
985 // We do this for two reasons: | 986 // We do this for two reasons: |
986 // First, we don't want to keep the connection to the server hung for a | 987 // First, we don't want to keep the connection to the server hung for a |
987 // long time while the user selects a certificate. | 988 // long time while the user selects a certificate. |
988 // Second, even if we did keep the connection open, NSS has a bug where | 989 // Second, even if we did keep the connection open, NSS has a bug where |
989 // restarting the handshake for ClientAuth is currently broken. | 990 // restarting the handshake for ClientAuth is currently broken. |
| 991 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED); |
990 | 992 |
991 if (stream_.get()) { | 993 if (stream_.get()) { |
992 // Since we already have a stream, we're being called as part of SSL | 994 // Since we already have a stream, we're being called as part of SSL |
993 // renegotiation. | 995 // renegotiation. |
994 DCHECK(!stream_request_.get()); | 996 DCHECK(!stream_request_.get()); |
995 stream_->Close(true); | 997 stream_->Close(true); |
996 stream_.reset(); | 998 stream_.reset(); |
997 } | 999 } |
998 | 1000 |
999 if (stream_request_.get()) { | 1001 if (stream_request_.get()) { |
1000 // The server is asking for a client certificate during the initial | 1002 // The server is asking for a client certificate during the initial |
1001 // handshake. | 1003 // handshake. |
1002 DCHECK_EQ(STATE_INIT_STREAM_COMPLETE, next_state_); | |
1003 stream_request_->Cancel(); | 1004 stream_request_->Cancel(); |
1004 stream_request_ = NULL; | 1005 stream_request_ = NULL; |
1005 next_state_ = STATE_INIT_STREAM; | |
1006 } | 1006 } |
1007 | 1007 |
1008 // If the user selected one of the certificate in client_certs for this | 1008 // If the user selected one of the certificate in client_certs for this |
1009 // server before, use it automatically. | 1009 // server before, use it automatically. |
1010 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> | 1010 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> |
1011 Lookup(GetHostAndPort(request_->url)); | 1011 Lookup(GetHostAndPort(request_->url)); |
1012 if (client_cert) { | 1012 if (client_cert) { |
1013 const std::vector<scoped_refptr<X509Certificate> >& client_certs = | 1013 const std::vector<scoped_refptr<X509Certificate> >& client_certs = |
1014 response_.cert_request_info->client_certs; | 1014 response_.cert_request_info->client_certs; |
1015 for (size_t i = 0; i < client_certs.size(); ++i) { | 1015 for (size_t i = 0; i < client_certs.size(); ++i) { |
1016 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { | 1016 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { |
| 1017 // TODO(davidben): Add a unit test which covers this path; we need to be |
| 1018 // able to send a legitimate certificate and also bypass/clear the |
| 1019 // SSL session cache. |
1017 ssl_config_.client_cert = client_cert; | 1020 ssl_config_.client_cert = client_cert; |
1018 ssl_config_.send_client_cert = true; | 1021 ssl_config_.send_client_cert = true; |
1019 next_state_ = STATE_INIT_STREAM; | 1022 next_state_ = STATE_INIT_STREAM; |
1020 // Reset the other member variables. | 1023 // Reset the other member variables. |
1021 // Note: this is necessary only with SSL renegotiation. | 1024 // Note: this is necessary only with SSL renegotiation. |
1022 ResetStateForRestart(); | 1025 ResetStateForRestart(); |
1023 return OK; | 1026 return OK; |
1024 } | 1027 } |
1025 } | 1028 } |
1026 } | 1029 } |
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1182 default: | 1185 default: |
1183 return priority; | 1186 return priority; |
1184 } | 1187 } |
1185 } | 1188 } |
1186 | 1189 |
1187 | 1190 |
1188 | 1191 |
1189 #undef STATE_CASE | 1192 #undef STATE_CASE |
1190 | 1193 |
1191 } // namespace net | 1194 } // namespace net |
OLD | NEW |