[net/http auth] Make HttpAuthHandler challenge handling asynchronous.

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <set>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 691 matching lines @@
       case STATE_READ_HEADERS:
         DCHECK_EQ(OK, rv);
         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS);
         rv = DoReadHeaders();
         break;
       case STATE_READ_HEADERS_COMPLETE:
         rv = DoReadHeadersComplete(rv);
         net_log_.EndEventWithNetErrorCode(
             NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv);
         break;
+      case STATE_HANDLE_AUTH_CHALLENGE:
+        rv = DoHandleAuthChallenge();
+        break;
+      case STATE_HANDLE_AUTH_CHALLENGE_COMPLETE:
+        rv = DoHandleAuthChallengeComplete(rv);
+        break;
       case STATE_READ_BODY:
         DCHECK_EQ(OK, rv);
         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY);
         rv = DoReadBody();
         break;
       case STATE_READ_BODY_COMPLETE:
         rv = DoReadBodyComplete(rv);
         net_log_.EndEventWithNetErrorCode(
             NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv);
         break;
@@ skipping 373 matching lines @@
   if (response_.headers->response_code() / 100 == 1 &&
       !ForWebSocketHandshake()) {
     response_.headers = new HttpResponseHeaders(std::string());
     next_state_ = STATE_READ_HEADERS;
     return OK;
   }
 
   ProcessAlternativeServices(session_, *response_.headers.get(),
                              HostPortPair::FromURL(request_->url));
 
-  int rv = HandleAuthChallenge();
-  if (rv != OK)
-    return rv;
-
   if (IsSecureRequest())
     stream_->GetSSLInfo(&response_.ssl_info);
 
-  headers_valid_ = true;
+  next_state_ = STATE_HANDLE_AUTH_CHALLENGE;
   return OK;
 }
 
+int HttpNetworkTransaction::DoHandleAuthChallenge() {
+  const HttpResponseHeaders* headers = GetResponseHeaders();
+  DCHECK(headers);
+  // Note that the server or a proxy can send an authentication header with a
+  // response that doesn't have a 401 or 407 status code. This method is
+  // typically used to send the final authentication token for a multi-round
+  // authentication handshake where no further responses are necessary from the
+  // client.
+  // TODO(asanka): The logic below doesn't handle authentication headers if the
+  // status code isn't 401 or 407. Fix it.
+
+  int status = headers->response_code();
+  if (status != HTTP_UNAUTHORIZED &&
+      status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
+    return OK;
+  HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED
+                                ? HttpAuth::AUTH_PROXY
+                                : HttpAuth::AUTH_SERVER;
+  if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
+    return ERR_UNEXPECTED_PROXY_AUTH;
+
+  // This case can trigger when an HTTPS server responds with a "Proxy
+  // authentication required" status code through a non-authenticating
+  // proxy.
+  if (!auth_controllers_[target].get())
+    return ERR_UNEXPECTED_PROXY_AUTH;
+
+  if (target == HttpAuth::AUTH_SERVER && !ShouldApplyServerAuth())
+    return OK;
+
+  net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_HANDLE_AUTH_CHALLENGE);
+  pending_auth_target_ = target;
+  next_state_ = STATE_HANDLE_AUTH_CHALLENGE_COMPLETE;
+  return auth_controllers_[target]->HandleAuthChallenge(response_, io_callback_,
+                                                        net_log_);
+}
+
+int HttpNetworkTransaction::DoHandleAuthChallengeComplete(int result) {
+  DCHECK(pending_auth_target_ == HttpAuth::AUTH_PROXY ||
+         pending_auth_target_ == HttpAuth::AUTH_SERVER);
+  net_log_.EndEventWithNetErrorCode(
+      NetLog::TYPE_HTTP_TRANSACTION_HANDLE_AUTH_CHALLENGE, result);
+  if (result == OK)
+    headers_valid_ = true;
+  // If there's no AuthHandler, then we won't be able to generate an
+  // authentication token next time around regardless of whether the caller
+  // provides credentials via ResetAuth().
+  if (!auth_controllers_[pending_auth_target_]->HaveAuthHandler()) {
+    pending_auth_target_ = HttpAuth::AUTH_NONE;
+    return result;
+  }
+  scoped_refptr<AuthChallengeInfo> auth_info =
+      auth_controllers_[pending_auth_target_]->auth_info();
+  if (auth_info.get())
+    response_.auth_challenge = auth_info;
+
+  return result;
+}
+
 int HttpNetworkTransaction::DoReadBody() {
   DCHECK(read_buf_.get());
   DCHECK_GT(read_buf_len_, 0);
   DCHECK(stream_ != NULL);
 
   next_state_ = STATE_READ_BODY_COMPLETE;
   return stream_->ReadResponseBody(
       read_buf_.get(), read_buf_len_, io_callback_);
 }
 
@@ skipping 429 matching lines @@
 }
 
 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
   return UsingHttpProxyWithoutTunnel();
 }
 
 bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
   return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
 }
 
-int HttpNetworkTransaction::HandleAuthChallenge() {
-  scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
-  DCHECK(headers.get());
-
-  int status = headers->response_code();
-  if (status != HTTP_UNAUTHORIZED &&
-      status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
-    return OK;
-  HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ?
-                            HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
-  if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
-    return ERR_UNEXPECTED_PROXY_AUTH;
-
-  // This case can trigger when an HTTPS server responds with a "Proxy
-  // authentication required" status code through a non-authenticating
-  // proxy.
-  if (!auth_controllers_[target].get())
-    return ERR_UNEXPECTED_PROXY_AUTH;
-
-  int rv = auth_controllers_[target]->HandleAuthChallenge(
-      headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
-      net_log_);
-  if (auth_controllers_[target]->HaveAuthHandler())
-      pending_auth_target_ = target;
-
-  scoped_refptr<AuthChallengeInfo> auth_info =
-      auth_controllers_[target]->auth_info();
-  if (auth_info.get())
-      response_.auth_challenge = auth_info;
-
-  return rv;
-}
-
 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
   return auth_controllers_[target].get() &&
       auth_controllers_[target]->HaveAuth();
 }
 
 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
   switch (target) {
     case HttpAuth::AUTH_PROXY: {
       if (!proxy_info_.proxy_server().is_valid() ||
           proxy_info_.proxy_server().is_direct()) {
@@ skipping 64 matching lines @@
   DCHECK(stream_request_);
 
   // Since the transaction can restart with auth credentials, it may create a
   // stream more than once. Accumulate all of the connection attempts across
   // those streams by appending them to the vector:
   for (const auto& attempt : stream_request_->connection_attempts())
     connection_attempts_.push_back(attempt);
 }
 
 }  // namespace net