Add proxy basic auth support in net/socket_stream.

net/socket_stream/socket_stream.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // TODO(ukai): code is similar with http_network_transaction.cc.  We should
 //   think about ways to share code, if possible.
 
 #include "net/socket_stream/socket_stream.h"
 
 #include <string>
 
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/string_util.h"
+#include "net/base/auth.h"
 #include "net/base/host_resolver.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/socks5_client_socket.h"
 #include "net/socket/socks_client_socket.h"
@@ skipping 116 matching lines @@
     return;
   if (socket_->IsConnected())
     socket_->Disconnect();
   // Close asynchronously, so that delegate won't be called
   // back before returning Close().
   MessageLoop::current()->PostTask(
       FROM_HERE,
       NewRunnableMethod(this, &SocketStream::DoLoop, OK));
 }
 
+void SocketStream::RestartWithAuth(
+    const std::wstring& username, const std::wstring& password) {
+  DCHECK(MessageLoop::current()) <<
+      "The current MessageLoop must exist";
+  DCHECK_EQ(MessageLoop::TYPE_IO, MessageLoop::current()->type()) <<
+      "The current MessageLoop must be TYPE_IO";
+  DCHECK(auth_handler_);
+  if (!socket_.get()) {
+    LOG(ERROR) << "Socket is closed before restarting with auth.";
+    return;
+  }
+
+  if (auth_identity_.invalid) {
+    // Update the username/password.
+    auth_identity_.source = HttpAuth::IDENT_SRC_EXTERNAL;
+    auth_identity_.invalid = false;
+    auth_identity_.username = username;
+    auth_identity_.password = password;
+  }
+
+  MessageLoop::current()->PostTask(
+      FROM_HERE,
+      NewRunnableMethod(this, &SocketStream::DoRestartWithAuth));
+}
+
 void SocketStream::DetachDelegate() {
   if (!delegate_)
     return;
   delegate_ = NULL;
   Close();
 }
 
 void SocketStream::Finish() {
   DCHECK(MessageLoop::current()) <<
       "The current MessageLoop must exist";
   DCHECK_EQ(MessageLoop::TYPE_IO, MessageLoop::current()->type()) <<
       "The current MessageLoop must be TYPE_IO";
+  DLOG(INFO) << "Finish";
   Delegate* delegate = delegate_;
   delegate_ = NULL;
   if (delegate) {
     delegate->OnClose(this);
     Release();
   }
 }
 
 void SocketStream::SetHostResolver(HostResolver* host_resolver) {
   DCHECK(host_resolver);
@@ skipping 24 matching lines @@
   DCHECK_GT(result, 0);
   if (!delegate_)
     return;
   // Notify recevied data to delegate.
   delegate_->OnReceivedData(this, read_buf_->data(), result);
   read_buf_ = NULL;
 }
 
 void SocketStream::DidSendData(int result) {
   current_write_buf_ = NULL;
-  DCHECK(result > 0);
+  DCHECK_GT(result, 0);
   if (!delegate_)
     return;
 
   delegate_->OnSentData(this, result);
   int remaining_size = write_buf_size_ - write_buf_offset_ - result;
   if (remaining_size == 0) {
     if (!pending_write_bufs_.empty()) {
       write_buf_size_ = pending_write_bufs_.front()->size();
       write_buf_ = pending_write_bufs_.front();
       pending_write_bufs_.pop_front();
@@ skipping 152 matching lines @@
 
   HostResolver::RequestInfo resolve_info(host, port);
 
   resolver_.reset(new SingleRequestHostResolver(host_resolver_.get()));
   return resolver_->Resolve(resolve_info, &addresses_, &io_callback_, NULL);
 }
 
 int SocketStream::DoResolveHostComplete(int result) {
   if (result == OK)
     next_state_ = STATE_TCP_CONNECT;
+  // TODO(ukai): if error occured, reconsider proxy after error.
   return result;
 }
 
 int SocketStream::DoTcpConnect() {
   next_state_ = STATE_TCP_CONNECT_COMPLETE;
   DCHECK(factory_);
   socket_.reset(factory_->CreateTCPClientSocket(addresses_));
   return socket_->Connect(&io_callback_);
 }
 
 int SocketStream::DoTcpConnectComplete(int result) {
+  // TODO(ukai): if error occured, reconsider proxy after error.
   if (result != OK)
     return result;
 
   if (proxy_mode_ == kTunnelProxy)
     next_state_ = STATE_WRITE_TUNNEL_HEADERS;
   else if (proxy_mode_ == kSOCKSProxy)
     next_state_ = STATE_SOCKS_CONNECT;
   else if (is_secure()) {
     next_state_ = STATE_SSL_CONNECT;
   } else {
     DidEstablishConnection();
   }
   return OK;
 }
 
 int SocketStream::DoWriteTunnelHeaders() {
   DCHECK_EQ(kTunnelProxy, proxy_mode_);
 
   next_state_ = STATE_WRITE_TUNNEL_HEADERS_COMPLETE;
 
   if (!tunnel_request_headers_.get()) {
     tunnel_request_headers_ = new RequestHeaders();
     tunnel_request_headers_bytes_sent_ = 0;
   }
   if (tunnel_request_headers_->headers_.empty()) {
+    std::string authorization_headers;
+
+    if (!auth_handler_.get()) {
+      // First attempt.  Find auth from the proxy address.
+      HttpAuthCache::Entry* entry = auth_cache_.LookupByPath(
+          ProxyAuthOrigin(), std::string());
+      if (entry && !entry->handler()->is_connection_based()) {
+        auth_identity_.source = HttpAuth::IDENT_SRC_PATH_LOOKUP;
+        auth_identity_.invalid = false;
+        auth_identity_.username = entry->username();
+        auth_identity_.password = entry->password();
+        auth_handler_ = entry->handler();
+      }
+    }
+
+    // Support basic authentication scheme only, because we don't have
+    // HttpRequestInfo.
+    // TODO(ukai): Add support other authentication scheme.
+    if (auth_handler_.get() && auth_handler_->scheme() == "basic") {
+      std::string credentials = auth_handler_->GenerateCredentials(
+          auth_identity_.username,
+          auth_identity_.password,
+          NULL,
+          &proxy_info_);
+      authorization_headers.append(
+          HttpAuth::GetAuthorizationHeaderName(HttpAuth::AUTH_PROXY) +
+          ": " + credentials + "\r\n");
+    }
+
     tunnel_request_headers_->headers_ = StringPrintf(
         "CONNECT %s HTTP/1.1\r\n"
         "Host: %s\r\n"
         "Proxy-Connection: keep-alive\r\n",
         GetHostAndPort(url_).c_str(),
         GetHostAndOptionalPort(url_).c_str());
-    // TODO(ukai): set proxy auth if necessary.
+    if (!authorization_headers.empty())
+      tunnel_request_headers_->headers_ += authorization_headers;
     tunnel_request_headers_->headers_ += "\r\n";
   }
   tunnel_request_headers_->SetDataOffset(tunnel_request_headers_bytes_sent_);
   int buf_len = static_cast<int>(tunnel_request_headers_->headers_.size() -
                                  tunnel_request_headers_bytes_sent_);
   DCHECK_GT(buf_len, 0);
   return socket_->Write(tunnel_request_headers_, buf_len, &io_callback_);
 }
 
 int SocketStream::DoWriteTunnelHeadersComplete(int result) {
@@ skipping 70 matching lines @@
         next_state_ = STATE_SSL_CONNECT;
       } else {
         DidEstablishConnection();
         if ((eoh < tunnel_response_headers_len_) && delegate_)
           delegate_->OnReceivedData(
               this, tunnel_response_headers_->headers() + eoh,
               tunnel_response_headers_len_ - eoh);
       }
       return OK;
     case 407:  // Proxy Authentication Required.
-      // TODO(ukai): handle Proxy Authentication.
-      break;
+      result = HandleAuthChallenge(headers.get());
+      if (result == ERR_PROXY_AUTH_REQUESTED &&
+          auth_handler_.get() && delegate_) {
+        auth_info_ = new AuthChallengeInfo;
+        auth_info_->is_proxy = true;
+        auth_info_->host_and_port =
+            ASCIIToWide(proxy_info_.proxy_server().host_and_port());
+        auth_info_->scheme = ASCIIToWide(auth_handler_->scheme());
+        auth_info_->realm = ASCIIToWide(auth_handler_->realm());
+        // Wait until RestartWithAuth or Close is called.
+        MessageLoop::current()->PostTask(
+            FROM_HERE,
+            NewRunnableMethod(this, &SocketStream::DoAuthRequired));
+        return ERR_IO_PENDING;
+      }
     default:
       break;
   }
   return ERR_TUNNEL_CONNECTION_FAILED;
 }
 
 int SocketStream::DoSOCKSConnect() {
   DCHECK_EQ(kSOCKSProxy, proxy_mode_);
 
   next_state_ = STATE_SOCKS_CONNECT_COMPLETE;
@@ skipping 82 matching lines @@
       DidSendData(result);
       return OK;
     }
     return result;
   }
 
   // We arrived here when both operation is pending.
   return ERR_IO_PENDING;
 }
 
+GURL SocketStream::ProxyAuthOrigin() const {
+  return GURL("http://" + proxy_info_.proxy_server().host_and_port());
+}
+
+int SocketStream::HandleAuthChallenge(const HttpResponseHeaders* headers) {
+  GURL auth_origin(ProxyAuthOrigin());
+
+  LOG(INFO) << "The proxy " << auth_origin << " requested auth";
+
+  // The auth we tried just failed, hence it can't be valid.
+  // Remove it from the cache so it won't be used again.
+  if (auth_handler_.get() && !auth_identity_.invalid &&
+      auth_handler_->IsFinalRound()) {
+    if (auth_identity_.source != HttpAuth::IDENT_SRC_PATH_LOOKUP)
+      auth_cache_.Remove(auth_origin,
+                         auth_handler_->realm(),
+                         auth_identity_.username,
+                         auth_identity_.password);
+    auth_handler_ = NULL;
+    auth_identity_ = HttpAuth::Identity();
+  }
+
+  auth_identity_.invalid = true;
+  HttpAuth::ChooseBestChallenge(headers, HttpAuth::AUTH_PROXY, auth_origin,
+                                &auth_handler_);
+  if (!auth_handler_) {
+    LOG(ERROR) << "Can't perform auth to the proxy " << auth_origin;
+    return ERR_TUNNEL_CONNECTION_FAILED;
+  }
+  if (auth_handler_->NeedsIdentity()) {
+    HttpAuthCache::Entry* entry = auth_cache_.LookupByRealm(
+        auth_origin, auth_handler_->realm());
+    if (entry) {
+      if (entry->handler()->scheme() != "basic") {
+        // We only support basic authentication scheme now.
+        // TODO(ukai): Support other authentication scheme.
+        return ERR_TUNNEL_CONNECTION_FAILED;
+      }
+      auth_identity_.source = HttpAuth::IDENT_SRC_REALM_LOOKUP;
+      auth_identity_.invalid = false;
+      auth_identity_.username = entry->username();
+      auth_identity_.password = entry->password();
+      // Restart with auth info.
+    }
+    return ERR_PROXY_AUTH_REQUESTED;
+  } else {
+    auth_identity_.invalid = false;
+  }
+  return ERR_TUNNEL_CONNECTION_FAILED;
+}
+
+void SocketStream::DoAuthRequired() {
+  if (delegate_ && auth_info_.get())
+    delegate_->OnAuthRequired(this, auth_info_.get());
+  else
+    DoLoop(net::ERR_UNEXPECTED);
+}
+
+void SocketStream::DoRestartWithAuth() {
+  auth_cache_.Add(ProxyAuthOrigin(), auth_handler_,
+                  auth_identity_.username, auth_identity_.password,
+                  std::string());
+
+  tunnel_request_headers_ = NULL;
+  tunnel_request_headers_bytes_sent_ = 0;
+  tunnel_response_headers_ = NULL;
+  tunnel_response_headers_capacity_ = 0;
+  tunnel_response_headers_len_ = 0;
+
+  next_state_ = STATE_TCP_CONNECT;
+  DoLoop(OK);
+  return;

[tyoshino (SeeGerritForStatus), 2009/10/27 09:25:33]

remove

+}
+
 int SocketStream::HandleCertificateError(int result) {
   // TODO(ukai): handle cert error properly.
   switch (result) {
     case ERR_CERT_COMMON_NAME_INVALID:
     case ERR_CERT_DATE_INVALID:
     case ERR_CERT_AUTHORITY_INVALID:
       result = OK;
       break;
     default:
       break;
   }
   return result;
 }
 
 bool SocketStream::is_secure() const {
   return url_.SchemeIs("wss");
 }
 
 SSLConfigService* SocketStream::ssl_config_service() const {
   return context_->ssl_config_service();
 }
 
 ProxyService* SocketStream::proxy_service() const {
   return context_->proxy_service();
 }
 
 }  // namespace net