Add TLS-SRP (RFC 5054) support

net/url_request/url_request_http_job.cc

Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index de512842922084166db4d8186b0b609d04eadd84..2c43591ebe35c910bf1380f52b053b4a92a37557 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -12,6 +12,7 @@
 #include "base/message_loop.h"
 #include "base/rand_util.h"
 #include "base/string_util.h"
+#include "base/utf_string_conversions.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cookie_policy.h"
 #include "net/base/cookie_store.h"
@@ -82,7 +83,7 @@ class HTTPSProberDelegateImpl : public HTTPSProberDelegate {
 // static
 URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
                                           const std::string& scheme) {
-  DCHECK(scheme == "http" || scheme == "https");
+  DCHECK(scheme == "http" || scheme == "https" || scheme == "httpsv");
 
   int port = request->url().IntPort();
   if (!IsPortAllowedByDefault(port) && !IsPortAllowedByOverride(port))
@@ -124,6 +125,7 @@ URLRequestHttpJob::URLRequestHttpJob(URLRequest* request)
       response_cookies_save_index_(0),
       proxy_auth_state_(AUTH_STATE_DONT_NEED_AUTH),
       server_auth_state_(AUTH_STATE_DONT_NEED_AUTH),
+      tls_login_auth_data_(request->GetTLSLoginAuthData()),
       ALLOW_THIS_IN_INITIALIZER_LIST(can_get_cookies_callback_(
           this, &URLRequestHttpJob::OnCanGetCookiesCompleted)),
       ALLOW_THIS_IN_INITIALIZER_LIST(can_set_cookie_callback_(
@@ -219,6 +221,10 @@ void URLRequestHttpJob::StartTransaction() {
     rv = request_->context()->http_transaction_factory()->CreateTransaction(
         &transaction_);
     if (rv == OK) {
+      if (tls_login_auth_data_->state == AUTH_STATE_HAVE_AUTH) {
+        transaction_->SetTLSLoginAuthData(tls_login_auth_data_);
+      }
+
       rv = transaction_->Start(
           &request_info_, &start_callback_, request_->net_log());
       // Make sure the context is alive for the duration of the
@@ -567,6 +573,12 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
     request_->delegate()->OnCertificateRequested(
         request_, transaction_->GetResponseInfo()->cert_request_info);
+  } else if (result == ERR_TLS_CLIENT_LOGIN_NEEDED ||
+             result == ERR_TLS_CLIENT_LOGIN_FAILED) {
+    DCHECK(transaction_->GetResponseInfo());
+    DCHECK(transaction_->GetResponseInfo()->login_request_info.get());
+    request_->delegate()->OnTLSLoginRequired(
+        request_, transaction_->GetResponseInfo()->login_request_info);
   } else {
     NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result));
   }
@@ -765,6 +777,7 @@ bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) {
   static const char* kSafeSchemes[] = {
     "http",
     "https",
+    "httpsv",
     "ftp"
   };
 
@@ -854,6 +867,17 @@ void URLRequestHttpJob::CancelAuth() {
           &URLRequestHttpJob::OnStartCompleted, OK));
 }
 
+void URLRequestHttpJob::CancelTLSLogin() {
+  // These will be reset in OnStartCompleted.
+  response_info_ = NULL;
+
+  MessageLoop::current()->PostTask(
+      FROM_HERE,
+      method_factory_.NewRunnableMethod(
+          &URLRequestHttpJob::OnStartCompleted,
+          ERR_ABORTED));
+}
+
 void URLRequestHttpJob::ContinueWithCertificate(
     X509Certificate* client_cert) {
   DCHECK(transaction_.get());
@@ -876,6 +900,31 @@ void URLRequestHttpJob::ContinueWithCertificate(
           &URLRequestHttpJob::OnStartCompleted, rv));
 }
 
+void URLRequestHttpJob::ContinueWithTLSLogin() {
+  DCHECK(tls_login_auth_data_->state == AUTH_STATE_HAVE_AUTH);
+
+  transaction_->SetTLSLoginAuthData(tls_login_auth_data_);
+
+  DCHECK(transaction_.get());
+
+  DCHECK(!response_info_) << "should not have a response yet";
+
+  // No matter what, we want to report our status as IO pending since we will
+  // be notifying our consumer asynchronously via OnStartCompleted.
+  SetStatus(URLRequestStatus(URLRequestStatus::IO_PENDING, 0));
+
+  int rv = transaction_->RestartWithTLSLogin(&start_callback_);
+  if (rv == ERR_IO_PENDING)
+    return;
+
+  // The transaction started synchronously, but we need to notify the
+  // URLRequest delegate via the message loop.
+  MessageLoop::current()->PostTask(
+      FROM_HERE,
+      method_factory_.NewRunnableMethod(
+          &URLRequestHttpJob::OnStartCompleted, rv));
+}
+
 void URLRequestHttpJob::ContinueDespiteLastError() {
   // If the transaction was destroyed, then the job was cancelled.
   if (!transaction_.get())