Allow chrome to handle 407 auth challenges to CONNECT requests

net/http/http_proxy_client_socket.cc

Index: net/http/http_proxy_client_socket.cc
===================================================================
--- net/http/http_proxy_client_socket.cc	(revision 117986)
+++ net/http/http_proxy_client_socket.cc	(working copy)
@@ -31,8 +31,7 @@
     const std::string& user_agent,
     const HostPortPair& endpoint,
     const HostPortPair& proxy_server,
-    HttpAuthCache* http_auth_cache,
-    HttpAuthHandlerFactory* http_auth_handler_factory,
+    HttpAuthController* http_auth_controller,
     bool tunnel,
     bool using_spdy,
     SSLClientSocket::NextProto protocol_negotiated,
@@ -43,13 +42,7 @@
       next_state_(STATE_NONE),
       transport_(transport_socket),
       endpoint_(endpoint),
-      auth_(tunnel ?
-          new HttpAuthController(HttpAuth::AUTH_PROXY,
-                                 GURL((is_https_proxy ? "https://" : "http://")
-                                      + proxy_server.ToString()),
-                                 http_auth_cache,
-                                 http_auth_handler_factory)
-          : NULL),
+      auth_(http_auth_controller),
       tunnel_(tunnel),
       using_spdy_(using_spdy),
       protocol_negotiated_(protocol_negotiated),
@@ -67,12 +60,17 @@
   Disconnect();
 }
 
+const
+scoped_refptr<HttpAuthController>& HttpProxyClientSocket::auth_controller() {
+  return auth_;
+}
+
 int HttpProxyClientSocket::RestartWithAuth(const CompletionCallback& callback) {
   DCHECK_EQ(STATE_NONE, next_state_);
   DCHECK(user_callback_.is_null());
 
   int rv = PrepareForAuthRestart();
-  if (rv != OK)
+  if (rv != OK || next_state_ == STATE_NONE)
     return rv;
 
   rv = DoLoop(OK);
@@ -258,10 +256,7 @@
     next_state_ = STATE_GENERATE_AUTH_TOKEN;
     transport_->set_is_reused(true);
   } else {
-    // This assumes that the underlying transport socket is a TCP socket,
-    // since only TCP sockets are restartable.
-    next_state_ = STATE_TCP_RESTART;

[vandebo (ex-Chrome), 2012/01/19 20:12:49]

You should also tear out the TCP_RESTART states.

[Ryan Hamilton, 2012/01/19 23:11:19]

Done.

-    transport_->socket()->Disconnect();
+    next_state_ = STATE_NONE;

[vandebo (ex-Chrome), 2012/01/19 20:12:49]

Seems like in this case we want to make the function return
ERR_CONNECTION_CLOSED or a new error like ERR_NO_KEEP_ALIVE_ON_AUTH_RESTART.  At
this point the connection isn't ready to go and the caller should be directly
informed of that.

[Ryan Hamilton, 2012/01/19 23:11:19]

Done.

   }
 
   // Reset the other member variables.
@@ -274,17 +269,6 @@
   return OK;
 }
 
-int HttpProxyClientSocket::HandleAuthChallenge() {
-  DCHECK(response_.headers);
-
-  int rv = auth_->HandleAuthChallenge(response_.headers, false, true, net_log_);
-  response_.auth_challenge = auth_->auth_info();
-  if (rv == OK)
-    return ERR_PROXY_AUTH_REQUESTED;
-
-  return rv;
-}
-
 void HttpProxyClientSocket::LogBlockedTunnelResponse(int response_code) const {
   LOG(WARNING) << "Blocked proxy response with status " << response_code
                << " to CONNECT request for "
@@ -459,7 +443,7 @@
       // authentication code is smart enough to avoid being tricked by an
       // active network attacker.
       // The next state is intentionally not set as it should be STATE_NONE;
-      return HandleAuthChallenge();
+      return HandleAuthChallenge(auth_, &response_, net_log_);
 
     default:
       if (is_https_proxy_)