| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include "base/scoped_ptr.h" | 7 #include "base/scoped_ptr.h" |
| 8 #include "base/compiler_specific.h" | 8 #include "base/compiler_specific.h" |
| 9 #include "base/field_trial.h" | 9 #include "base/field_trial.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| 11 #include "base/trace_event.h" | 11 #include "base/trace_event.h" |
| 12 #include "build/build_config.h" | 12 #include "build/build_config.h" |
| 13 #include "net/base/client_socket_factory.h" | 13 #include "net/base/client_socket_factory.h" |
| 14 #include "net/base/connection_type_histograms.h" | 14 #include "net/base/connection_type_histograms.h" |
| 15 #include "net/base/dns_resolution_observer.h" | 15 #include "net/base/dns_resolution_observer.h" |
| 16 #include "net/base/io_buffer.h" | 16 #include "net/base/io_buffer.h" |
| 17 #include "net/base/load_flags.h" | 17 #include "net/base/load_flags.h" |
| 18 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 19 #include "net/base/net_util.h" | 19 #include "net/base/net_util.h" |
| 20 #include "net/base/ssl_cert_request_info.h" |
| 20 #include "net/base/ssl_client_socket.h" | 21 #include "net/base/ssl_client_socket.h" |
| 21 #include "net/base/upload_data_stream.h" | 22 #include "net/base/upload_data_stream.h" |
| 22 #include "net/http/http_auth.h" | 23 #include "net/http/http_auth.h" |
| 23 #include "net/http/http_auth_handler.h" | 24 #include "net/http/http_auth_handler.h" |
| 24 #include "net/http/http_basic_stream.h" | 25 #include "net/http/http_basic_stream.h" |
| 25 #include "net/http/http_chunked_decoder.h" | 26 #include "net/http/http_chunked_decoder.h" |
| 26 #include "net/http/http_network_session.h" | 27 #include "net/http/http_network_session.h" |
| 27 #include "net/http/http_request_info.h" | 28 #include "net/http/http_request_info.h" |
| 28 #include "net/http/http_response_headers.h" | 29 #include "net/http/http_response_headers.h" |
| 29 #include "net/http/http_util.h" | 30 #include "net/http/http_util.h" |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 182 connection_.socket()->Disconnect(); | 183 connection_.socket()->Disconnect(); |
| 183 connection_.Reset(); | 184 connection_.Reset(); |
| 184 next_state_ = STATE_INIT_CONNECTION; | 185 next_state_ = STATE_INIT_CONNECTION; |
| 185 } | 186 } |
| 186 int rv = DoLoop(OK); | 187 int rv = DoLoop(OK); |
| 187 if (rv == ERR_IO_PENDING) | 188 if (rv == ERR_IO_PENDING) |
| 188 user_callback_ = callback; | 189 user_callback_ = callback; |
| 189 return rv; | 190 return rv; |
| 190 } | 191 } |
| 191 | 192 |
| 193 int HttpNetworkTransaction::RestartWithCertificate( |
| 194 X509Certificate* client_cert, |
| 195 CompletionCallback* callback) { |
| 196 ssl_config_.client_cert = client_cert; |
| 197 ssl_config_.send_client_cert = true; |
| 198 next_state_ = STATE_INIT_CONNECTION; |
| 199 // Reset the other member variables. |
| 200 // Note: this is necessary only with SSL renegotiation. |
| 201 ResetStateForRestart(); |
| 202 int rv = DoLoop(OK); |
| 203 if (rv == ERR_IO_PENDING) |
| 204 user_callback_ = callback; |
| 205 return rv; |
| 206 } |
| 207 |
| 192 int HttpNetworkTransaction::RestartWithAuth( | 208 int HttpNetworkTransaction::RestartWithAuth( |
| 193 const std::wstring& username, | 209 const std::wstring& username, |
| 194 const std::wstring& password, | 210 const std::wstring& password, |
| 195 CompletionCallback* callback) { | 211 CompletionCallback* callback) { |
| 196 HttpAuth::Target target = pending_auth_target_; | 212 HttpAuth::Target target = pending_auth_target_; |
| 197 if (target == HttpAuth::AUTH_NONE) { | 213 if (target == HttpAuth::AUTH_NONE) { |
| 198 NOTREACHED(); | 214 NOTREACHED(); |
| 199 return ERR_UNEXPECTED; | 215 return ERR_UNEXPECTED; |
| 200 } | 216 } |
| 201 | 217 |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 read_buf_len_ = buf_len; | 355 read_buf_len_ = buf_len; |
| 340 | 356 |
| 341 next_state_ = STATE_READ_BODY; | 357 next_state_ = STATE_READ_BODY; |
| 342 int rv = DoLoop(OK); | 358 int rv = DoLoop(OK); |
| 343 if (rv == ERR_IO_PENDING) | 359 if (rv == ERR_IO_PENDING) |
| 344 user_callback_ = callback; | 360 user_callback_ = callback; |
| 345 return rv; | 361 return rv; |
| 346 } | 362 } |
| 347 | 363 |
| 348 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const { | 364 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const { |
| 349 return (response_.headers || response_.ssl_info.cert) ? &response_ : NULL; | 365 return (response_.headers || response_.ssl_info.cert || |
| 366 response_.cert_request_info) ? &response_ : NULL; |
| 350 } | 367 } |
| 351 | 368 |
| 352 LoadState HttpNetworkTransaction::GetLoadState() const { | 369 LoadState HttpNetworkTransaction::GetLoadState() const { |
| 353 // TODO(wtc): Define a new LoadState value for the | 370 // TODO(wtc): Define a new LoadState value for the |
| 354 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request. | 371 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request. |
| 355 switch (next_state_) { | 372 switch (next_state_) { |
| 356 case STATE_RESOLVE_PROXY_COMPLETE: | 373 case STATE_RESOLVE_PROXY_COMPLETE: |
| 357 return LOAD_STATE_RESOLVING_PROXY_FOR_URL; | 374 return LOAD_STATE_RESOLVING_PROXY_FOR_URL; |
| 358 case STATE_INIT_CONNECTION_COMPLETE: | 375 case STATE_INIT_CONNECTION_COMPLETE: |
| 359 return connection_.GetLoadState(); | 376 return connection_.GetLoadState(); |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 596 connection_.set_socket(s); | 613 connection_.set_socket(s); |
| 597 return connection_.socket()->Connect(&io_callback_); | 614 return connection_.socket()->Connect(&io_callback_); |
| 598 } | 615 } |
| 599 | 616 |
| 600 int HttpNetworkTransaction::DoSSLConnectComplete(int result) { | 617 int HttpNetworkTransaction::DoSSLConnectComplete(int result) { |
| 601 if (IsCertificateError(result)) | 618 if (IsCertificateError(result)) |
| 602 result = HandleCertificateError(result); | 619 result = HandleCertificateError(result); |
| 603 | 620 |
| 604 if (result == OK) { | 621 if (result == OK) { |
| 605 next_state_ = STATE_WRITE_HEADERS; | 622 next_state_ = STATE_WRITE_HEADERS; |
| 623 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 624 HandleCertificateRequest(); |
| 606 } else { | 625 } else { |
| 607 result = HandleSSLHandshakeError(result); | 626 result = HandleSSLHandshakeError(result); |
| 608 } | 627 } |
| 609 return result; | 628 return result; |
| 610 } | 629 } |
| 611 | 630 |
| 612 int HttpNetworkTransaction::DoWriteHeaders() { | 631 int HttpNetworkTransaction::DoWriteHeaders() { |
| 613 next_state_ = STATE_WRITE_HEADERS_COMPLETE; | 632 next_state_ = STATE_WRITE_HEADERS_COMPLETE; |
| 614 | 633 |
| 615 // This is constructed lazily (instead of within our Start method), so that | 634 // This is constructed lazily (instead of within our Start method), so that |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 739 return ERR_EMPTY_RESPONSE; | 758 return ERR_EMPTY_RESPONSE; |
| 740 } | 759 } |
| 741 | 760 |
| 742 // Assume everything else is a HTTP/0.9 response (including responses | 761 // Assume everything else is a HTTP/0.9 response (including responses |
| 743 // of 'h', 'ht', 'htt'). | 762 // of 'h', 'ht', 'htt'). |
| 744 header_buf_body_offset_ = 0; | 763 header_buf_body_offset_ = 0; |
| 745 return OK; | 764 return OK; |
| 746 } | 765 } |
| 747 | 766 |
| 748 int HttpNetworkTransaction::DoReadHeadersComplete(int result) { | 767 int HttpNetworkTransaction::DoReadHeadersComplete(int result) { |
| 749 if (using_ssl_ && IsCertificateError(result)) { | 768 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here |
| 750 // We don't handle a certificate error during SSL renegotiation, so we | 769 // due to SSL renegotiation. |
| 751 // have to return an error that's not in the certificate error range | 770 if (using_ssl_) { |
| 752 // (-2xx). | 771 if (IsCertificateError(result)) { |
| 753 LOG(ERROR) << "Got a server certificate with error " << result | 772 // We don't handle a certificate error during SSL renegotiation, so we |
| 754 << " during SSL renegotiation"; | 773 // have to return an error that's not in the certificate error range |
| 755 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION; | 774 // (-2xx). |
| 775 LOG(ERROR) << "Got a server certificate with error " << result |
| 776 << " during SSL renegotiation"; |
| 777 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION; |
| 778 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 779 HandleCertificateRequest(); |
| 780 } |
| 756 } | 781 } |
| 757 | 782 |
| 758 if (result < 0) | 783 if (result < 0) |
| 759 return HandleIOError(result); | 784 return HandleIOError(result); |
| 760 | 785 |
| 761 if (result == 0 && ShouldResendRequest()) { | 786 if (result == 0 && ShouldResendRequest()) { |
| 762 ResetConnectionAndRequestForResend(); | 787 ResetConnectionAndRequestForResend(); |
| 763 return result; | 788 return result; |
| 764 } | 789 } |
| 765 | 790 |
| (...skipping 444 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1210 | 1235 |
| 1211 // Add the bad certificate to the set of allowed certificates in the | 1236 // Add the bad certificate to the set of allowed certificates in the |
| 1212 // SSL info object. This data structure will be consulted after calling | 1237 // SSL info object. This data structure will be consulted after calling |
| 1213 // RestartIgnoringLastError(). And the user will be asked interactively | 1238 // RestartIgnoringLastError(). And the user will be asked interactively |
| 1214 // before RestartIgnoringLastError() is ever called. | 1239 // before RestartIgnoringLastError() is ever called. |
| 1215 ssl_config_.allowed_bad_certs_.insert(response_.ssl_info.cert); | 1240 ssl_config_.allowed_bad_certs_.insert(response_.ssl_info.cert); |
| 1216 } | 1241 } |
| 1217 return error; | 1242 return error; |
| 1218 } | 1243 } |
| 1219 | 1244 |
| 1245 void HttpNetworkTransaction::HandleCertificateRequest() { |
| 1246 response_.cert_request_info = new SSLCertRequestInfo; |
| 1247 SSLClientSocket* ssl_socket = |
| 1248 reinterpret_cast<SSLClientSocket*>(connection_.socket()); |
| 1249 ssl_socket->GetSSLCertRequestInfo(response_.cert_request_info); |
| 1250 |
| 1251 // Close the connection while the user is selecting a certificate to send |
| 1252 // to the server. |
| 1253 connection_.socket()->Disconnect(); |
| 1254 connection_.Reset(); |
| 1255 } |
| 1256 |
| 1220 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { | 1257 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { |
| 1221 switch (error) { | 1258 switch (error) { |
| 1222 case ERR_SSL_PROTOCOL_ERROR: | 1259 case ERR_SSL_PROTOCOL_ERROR: |
| 1223 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: | 1260 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: |
| 1224 if (ssl_config_.tls1_enabled) { | 1261 if (ssl_config_.tls1_enabled) { |
| 1225 // This could be a TLS-intolerant server or an SSL 3.0 server that | 1262 // This could be a TLS-intolerant server or an SSL 3.0 server that |
| 1226 // chose a TLS-only cipher suite. Turn off TLS 1.0 and retry. | 1263 // chose a TLS-only cipher suite. Turn off TLS 1.0 and retry. |
| 1227 ssl_config_.tls1_enabled = false; | 1264 ssl_config_.tls1_enabled = false; |
| 1228 connection_.socket()->Disconnect(); | 1265 connection_.socket()->Disconnect(); |
| 1229 connection_.Reset(); | 1266 connection_.Reset(); |
| (...skipping 382 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1612 host_and_port = proxy_info_.proxy_server().host_and_port(); | 1649 host_and_port = proxy_info_.proxy_server().host_and_port(); |
| 1613 } else { | 1650 } else { |
| 1614 DCHECK(target == HttpAuth::AUTH_SERVER); | 1651 DCHECK(target == HttpAuth::AUTH_SERVER); |
| 1615 host_and_port = GetHostAndPort(request_->url); | 1652 host_and_port = GetHostAndPort(request_->url); |
| 1616 } | 1653 } |
| 1617 auth_info->host_and_port = ASCIIToWide(host_and_port); | 1654 auth_info->host_and_port = ASCIIToWide(host_and_port); |
| 1618 response_.auth_challenge = auth_info; | 1655 response_.auth_challenge = auth_info; |
| 1619 } | 1656 } |
| 1620 | 1657 |
| 1621 } // namespace net | 1658 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 118039:
Implement SSL client authentication for Windows.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/