Allow chrome to handle 407 auth challenges to CONNECT requests

net/http/http_proxy_client_socket_pool.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_PROXY_CLIENT_SOCKET_POOL_H_
 #define NET_HTTP_HTTP_PROXY_CLIENT_SOCKET_POOL_H_
 #pragma once
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/time.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_export.h"
 #include "net/http/http_auth.h"
 #include "net/http/http_response_info.h"
 #include "net/http/proxy_client_socket.h"
 #include "net/socket/client_socket_pool_base.h"
 #include "net/socket/client_socket_pool_histograms.h"
 #include "net/socket/client_socket_pool.h"
 #include "net/socket/ssl_client_socket.h"
 
 namespace net {
 
 class HostResolver;
 class HttpAuthCache;
+class HttpAuthController;
 class HttpAuthHandlerFactory;
 class SSLClientSocketPool;
 class SSLSocketParams;
 class SpdySessionPool;
 class SpdyStream;
 class TransportClientSocketPool;
 class TransportSocketParams;
 
+// Called when a 407 Proxy Authentication Required response is received
+// from an HTTP or HTTPS proxy when attempting to establish a CONNECT tunnel
+// to an HTTPS server.  Information about the challenge can be found in
+// the HttpResponse info.  Credentials should be added to the
+// HttpAuthController, and the CompletionCallback should be invoked
+// with the status.
+typedef base::Callback<void (const HttpResponseInfo&,
+                             HttpAuthController*,
+                             CompletionCallback)>
+    TunnelAuthCallback;
+
 // HttpProxySocketParams only needs the socket params for one of the proxy
 // types.  The other param must be NULL.  When using an HTTP Proxy,
 // |transport_params| must be set.  When using an HTTPS Proxy, |ssl_params|
 // must be set.
 class NET_EXPORT_PRIVATE HttpProxySocketParams
     : public base::RefCounted<HttpProxySocketParams> {
  public:
   HttpProxySocketParams(
       const scoped_refptr<TransportSocketParams>& transport_params,
       const scoped_refptr<SSLSocketParams>& ssl_params,
       const GURL& request_url,
       const std::string& user_agent,
       HostPortPair endpoint,
       HttpAuthCache* http_auth_cache,
       HttpAuthHandlerFactory* http_auth_handler_factory,
       SpdySessionPool* spdy_session_pool,
-      bool tunnel);
+      bool tunnel,
+      TunnelAuthCallback auth_needed_callback);
 
   const scoped_refptr<TransportSocketParams>& transport_params() const {
     return transport_params_;
   }
   const scoped_refptr<SSLSocketParams>& ssl_params() const {
     return ssl_params_;
   }
   const GURL& request_url() const { return request_url_; }
   const std::string& user_agent() const { return user_agent_; }
   const HostPortPair& endpoint() const { return endpoint_; }
   HttpAuthCache* http_auth_cache() const { return http_auth_cache_; }
   HttpAuthHandlerFactory* http_auth_handler_factory() const {
     return http_auth_handler_factory_;
   }
   SpdySessionPool* spdy_session_pool() {
     return spdy_session_pool_;
   }
   const HostResolver::RequestInfo& destination() const;
   bool tunnel() const { return tunnel_; }
   bool ignore_limits() const { return ignore_limits_; }
+  TunnelAuthCallback auth_needed_callback() { return auth_needed_callback_; }
 
  private:
   friend class base::RefCounted<HttpProxySocketParams>;
   ~HttpProxySocketParams();
 
   const scoped_refptr<TransportSocketParams> transport_params_;
   const scoped_refptr<SSLSocketParams> ssl_params_;
   SpdySessionPool* spdy_session_pool_;
   const GURL request_url_;
   const std::string user_agent_;
   const HostPortPair endpoint_;
   HttpAuthCache* const http_auth_cache_;
   HttpAuthHandlerFactory* const http_auth_handler_factory_;
   const bool tunnel_;
   bool ignore_limits_;
+  TunnelAuthCallback auth_needed_callback_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpProxySocketParams);
 };
 
 // HttpProxyConnectJob optionally establishes a tunnel through the proxy
 // server after connecting the underlying transport socket.
 class HttpProxyConnectJob : public ConnectJob {
  public:
   HttpProxyConnectJob(const std::string& group_name,
                       const scoped_refptr<HttpProxySocketParams>& params,
@@ skipping 14 matching lines @@
   enum State {
     STATE_TCP_CONNECT,
     STATE_TCP_CONNECT_COMPLETE,
     STATE_SSL_CONNECT,
     STATE_SSL_CONNECT_COMPLETE,
     STATE_HTTP_PROXY_CONNECT,
     STATE_HTTP_PROXY_CONNECT_COMPLETE,
     STATE_SPDY_PROXY_CREATE_STREAM,
     STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE,
     STATE_SPDY_PROXY_CONNECT_COMPLETE,
+    STATE_RESTART_WITH_AUTH,
+    STATE_RESTART_WITH_AUTH_COMPLETE,
     STATE_NONE,
   };
 
   void OnIOComplete(int result);
 
   // Runs the state transition loop.
   int DoLoop(int result);
 
   // Connecting to HTTP Proxy
   int DoTransportConnect();
   int DoTransportConnectComplete(int result);
   // Connecting to HTTPS Proxy
   int DoSSLConnect();
   int DoSSLConnectComplete(int result);
 
   int DoHttpProxyConnect();
   int DoHttpProxyConnectComplete(int result);
 
   int DoSpdyProxyCreateStream();
   int DoSpdyProxyCreateStreamComplete(int result);
 
+  int DoRestartWithAuth();
+  int DoRestartWithAuthComplete(int result);
+
+  void HandleProxyAuthChallenge();
+
   // Begins the tcp connection and the optional Http proxy tunnel.  If the
   // request is not immediately servicable (likely), the request will return
   // ERR_IO_PENDING. An OK return from this function or the callback means
   // that the connection is established; ERR_PROXY_AUTH_REQUESTED means
   // that the tunnel needs authentication credentials, the socket will be
   // returned in this case, and must be release back to the pool; or
   // a standard net error code will be returned.
   virtual int ConnectInternal() OVERRIDE;
 
   scoped_refptr<HttpProxySocketParams> params_;
   TransportClientSocketPool* const transport_pool_;
   SSLClientSocketPool* const ssl_pool_;
   HostResolver* const resolver_;
 
   State next_state_;
   CompletionCallback callback_;
   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
   scoped_ptr<ProxyClientSocket> transport_socket_;
   bool using_spdy_;
   // Protocol negotiated with the server.
   SSLClientSocket::NextProto protocol_negotiated_;
 
   HttpResponseInfo error_response_info_;
 
   scoped_refptr<SpdyStream> spdy_stream_;
 
+  // AuthController to be used for *all* requests when setting up this tunnel.
+  scoped_refptr<HttpAuthController> auth_;
+
+  base::WeakPtrFactory<HttpProxyConnectJob> ptr_factory_;
+
   DISALLOW_COPY_AND_ASSIGN(HttpProxyConnectJob);
 };
 
 class NET_EXPORT_PRIVATE HttpProxyClientSocketPool : public ClientSocketPool {
  public:
   HttpProxyClientSocketPool(
       int max_sockets,
       int max_sockets_per_group,
       ClientSocketPoolHistograms* histograms,
       HostResolver* host_resolver,
@@ skipping 82 matching lines @@
 
   DISALLOW_COPY_AND_ASSIGN(HttpProxyClientSocketPool);
 };
 
 REGISTER_SOCKET_PARAMS_FOR_POOL(HttpProxyClientSocketPool,
                                 HttpProxySocketParams);
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_PROXY_CLIENT_SOCKET_POOL_H_