Simple fallback implementation.

chrome/browser/net/spdyproxy/data_reduction_proxy_settings.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/prefs/pref_member.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/prefs/proxy_prefs.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
+#include "crypto/random.h"
+#include "net/base/auth.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
+#include "net/http/http_auth.h"
+#include "net/http/http_auth_cache.h"
+#include "net/http/http_network_session.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_fetcher_delegate.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 using base::FieldTrialList;
 using base::StringPrintf;
 
 namespace {
 
 // Key of the UMA DataReductionProxy.StartupState histogram.
 const char kUMAProxyStartupStateHistogram[] =
     "DataReductionProxy.StartupState";
 // Values of the UMA DataReductionProxy.StartupState histogram.
 enum ProxyStartupState {
   PROXY_NOT_AVAILABLE = 0,
   PROXY_DISABLED,
   PROXY_ENABLED,
   PROXY_STARTUP_STATE_COUNT,
 };
 
 const char kEnabled[] = "Enabled";
 
+// TODO(marq): Factor this string out into a constant here and in
+//             http_auth_handler_spdyproxy.
+const char kAuthenticationRealmName[] = "SpdyProxy";
+
 int64 GetInt64PrefValue(const ListValue& list_value, size_t index) {
   int64 val = 0;
   std::string pref_value;
   bool rv = list_value.GetString(index, &pref_value);
   DCHECK(rv);
   if (rv) {
     rv = base::StringToInt64(pref_value, &val);
     DCHECK(rv);
   }
   return val;
@@ skipping 40 matching lines @@
   RecordDataReductionInit();
   if (spdy_proxy_auth_enabled_.GetValue() ||
       command_line.HasSwitch(switches::kEnableSpdyProxyAuth)) {
     MaybeActivateDataReductionProxy(true);
   } else {
     // This is logged so we can use this information in user feedback.
     LogProxyState(false /* enabled */, true /* at startup */);
   }
 }
 
+void DataReductionProxySettings::InitDataReductionProxySession(
+    net::HttpNetworkSession* session) {
+// This is a no-op unless the authentication parameters are compiled in.
+// (even though values for them may be specified on the command line).
+// Authentication will still work if the command line parameters are used,
+// however there will be a round-trip overhead for each challenge/response
+// (typically once per session).
+#if defined(SPDY_PROXY_AUTH_ORIGIN) && defined(SPDY_PROXY_AUTH_VALUE)
+  DCHECK(session);
+  net::HttpAuthCache* auth_cache = session->http_auth_cache();
+  DCHECK(auth_cache);
+  InitDataReductionAuthentication(auth_cache);
+#endif  // defined(SPDY_PROXY_AUTH_ORIGIN) && defined(SPDY_PROXY_AUTH_VALUE)
+}
+
+void DataReductionProxySettings::InitDataReductionAuthentication(
+    net::HttpAuthCache* auth_cache) {
+  DCHECK(auth_cache);
+  int64 timestamp =
+      (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds() / 1000;
+
+  DataReductionProxyList proxies = GetDataReductionProxies();
+  for (DataReductionProxyList::iterator it = proxies.begin();
+      it != proxies.end(); ++it) {
+    GURL auth_origin = (*it).GetOrigin();
+    int32 rand1, rand2, rand3;
+    crypto::RandBytes(&rand1, sizeof(rand1));
+    crypto::RandBytes(&rand2, sizeof(rand2));
+    crypto::RandBytes(&rand3, sizeof(rand3));
+
+    std::string realm =
+        base::StringPrintf("%s%lld", kAuthenticationRealmName, timestamp);
+    std::string challenge = base::StringPrintf(
+        "%s realm=\"%s\", ps=\"%lld-%u-%u-%u\"",
+        kAuthenticationRealmName, realm.data(), timestamp, rand1, rand2, rand3);
+    base::string16 password = AuthHashForSalt(timestamp);
+
+    DVLOG(1) << "origin: [" << auth_origin << "] realm: [" << realm
+        << "] challenge: [" << challenge << "] password: [" << password << "]";
+
+    net::AuthCredentials credentials(base::string16(), password);
+    auth_cache->Add(auth_origin,
+                    realm,
+                    net::HttpAuth::AUTH_SCHEME_SPDYPROXY,
+                    challenge,
+                    credentials,
+                    std::string()); // Proxy auth uses an empty path for lookup.
+  }
+}
+
 void DataReductionProxySettings::AddHostPatternToBypass(
     const std::string& pattern) {
   bypass_rules_.push_back(pattern);
 }
 
 void DataReductionProxySettings::AddURLPatternToBypass(
     const std::string& pattern) {
   size_t pos = pattern.find("/");
   if (pattern.find("/", pos + 1) == pos + 1)
     pos = pattern.find("/", pos + 2);
@@ skipping 16 matching lines @@
   return IsProxyOriginSetOnCommandLine() ||
       (IsDataReductionProxyAllowed() &&
         FieldTrialList::FindFullName("DataCompressionProxyPromoVisibility") ==
             kEnabled);
 }
 
 std::string DataReductionProxySettings::GetDataReductionProxyOrigin() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kSpdyProxyAuthOrigin))
     return command_line.GetSwitchValueASCII(switches::kSpdyProxyAuthOrigin);
-#if defined(SPDY_PROXY_AUTH_ORIGIN)
-  return SPDY_PROXY_AUTH_ORIGIN;
-#else
-  return std::string();
-#endif
+  return GetDefaultProxyHost();
 }
 
-std::string DataReductionProxySettings::GetDataReductionProxyAuth() {
-  if (!IsDataReductionProxyAllowed())
+std::string DataReductionProxySettings::GetDataReductionProxyFallback() {
+  // Regardless of what else is defined, only return a value if the main proxy
+  // origin is defined.
+  if (GetDataReductionProxyOrigin().empty())
     return std::string();
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
-  if (command_line.HasSwitch(switches::kSpdyProxyAuthOrigin)) {
-    // If an origin is provided via a switch, then only consider the value
-    // that is provided by a switch. Do not use the preprocessor constant.
-    // Don't expose SPDY_PROXY_AUTH_VALUE to a proxy passed in via the command
-    // line.
-    if (command_line.HasSwitch(switches::kSpdyProxyAuthValue))
-      return command_line.GetSwitchValueASCII(switches::kSpdyProxyAuthValue);
-    return std::string();
+  if (command_line.HasSwitch(switches::kSpdyProxyAuthFallback))
+    return command_line.GetSwitchValueASCII(switches::kSpdyProxyAuthFallback);
+  return GetDefaultFallbackProxyHost();
+}
+
+bool DataReductionProxySettings::IsAcceptableAuthChallenge(
+    net::AuthChallengeInfo* auth_info) {
+  // Challenge realm must start with the authentication realm name.
+  std::string realm_prefix =
+      auth_info->realm.substr(0, strlen(kAuthenticationRealmName));
+  if (realm_prefix != kAuthenticationRealmName)
+    return false;
+
+  // The challenger must be one of the configured proxies.
+  DataReductionProxyList proxies = GetDataReductionProxies();
+  for (DataReductionProxyList::iterator it = proxies.begin();
+       it != proxies.end(); ++it) {
+    net::HostPortPair origin_host = net::HostPortPair::FromURL(*it);
+    if (origin_host.Equals(auth_info->challenger))
+      return true;
   }
-#if defined(SPDY_PROXY_AUTH_VALUE)
-  return SPDY_PROXY_AUTH_VALUE;
-#else
-  return std::string();
-#endif
+  return false;
+}
+
+base::string16 DataReductionProxySettings::GetTokenForAuthChallenge(
+    net::AuthChallengeInfo* auth_info) {
+  if (auth_info->realm.length() > strlen(kAuthenticationRealmName)) {
+    int64 salt;
+    std::string realm_suffix =
+        auth_info->realm.substr(strlen(kAuthenticationRealmName));
+    if (base::StringToInt64(realm_suffix, &salt)) {
+      return AuthHashForSalt(salt);
+    } else {
+      DVLOG(1) << "Unable to parse realm name " << auth_info->realm
+               << "into an int for salting.";
+      return base::string16();
+    }
+  } else {
+    return base::string16();
+  }
 }
 
 bool DataReductionProxySettings::IsDataReductionProxyEnabled() {
   return spdy_proxy_auth_enabled_.GetValue();
 }
 
 bool DataReductionProxySettings::IsDataReductionProxyManaged() {
   return spdy_proxy_auth_enabled_.IsManaged();
 }
 
+DataReductionProxySettings::DataReductionProxyList
+DataReductionProxySettings::GetDataReductionProxies() {
+  DataReductionProxyList proxies;
+  std::string proxy = GetDataReductionProxyOrigin();
+  std::string fallback = GetDataReductionProxyFallback();
+
+  if (!proxy.empty())
+    proxies.push_back(GURL(proxy));
+
+  if (!fallback.empty()) {
+    // Sanity check: fallback isn't the only proxy.
+    DCHECK(!proxies.empty());
+    proxies.push_back(GURL(fallback));
+  }
+
+  return proxies;
+}
+
 void DataReductionProxySettings::SetDataReductionProxyEnabled(bool enabled) {
   // Prevent configuring the proxy when it is not allowed to be used.
   if (!IsDataReductionProxyAllowed())
     return;
 
   spdy_proxy_auth_enabled_.SetValue(enabled);
   OnProxyEnabledPrefChange();
 }
 
 int64 DataReductionProxySettings::GetDataReductionLastUpdateTime() {
   PrefService* local_state = GetLocalStatePrefs();
   int64 last_update_internal =
       local_state->GetInt64(prefs::kDailyHttpContentLengthLastUpdateDate);
   base::Time last_update = base::Time::FromInternalValue(last_update_internal);
   return static_cast<int64>(last_update.ToJsTime());
 }
 
-std::vector<long long>
+DataReductionProxySettings::ContentLengthList
 DataReductionProxySettings::GetDailyOriginalContentLengths() {
   return GetDailyContentLengths(prefs::kDailyHttpOriginalContentLength);
 }
 
-std::vector<long long>
+DataReductionProxySettings::ContentLengthList
 DataReductionProxySettings::GetDailyReceivedContentLengths() {
   return GetDailyContentLengths(prefs::kDailyHttpReceivedContentLength);
 }
 
 void DataReductionProxySettings::OnURLFetchComplete(
     const net::URLFetcher* source) {
   net::URLRequestStatus status = source->GetStatus();
   if (status.status() == net::URLRequestStatus::FAILED &&
       status.error() == net::ERR_INTERNET_DISCONNECTED) {
     return;
@@ skipping 16 matching lines @@
   }
   DVLOG(1) << "The data reduction proxy is blocked.";
 
   if (enabled_by_user_ && !disabled_by_carrier_) {
     // Disable the proxy.
     SetProxyConfigs(false, false);
   }
   disabled_by_carrier_ = true;
 }
 
-std::string DataReductionProxySettings::GetDataReductionProxyOriginHostPort() {
-  std::string spdy_proxy = GetDataReductionProxyOrigin();
-  if (spdy_proxy.empty()) {
-    DLOG(ERROR) << "A SPDY proxy has not been set.";
-    return spdy_proxy;
-  }
-  // Remove a trailing slash from the proxy string if one exists as well as
-  // leading HTTPS scheme.
-  return net::HostPortPair::FromURL(GURL(spdy_proxy)).ToString();
-}
-
 void DataReductionProxySettings::OnIPAddressChanged() {
   if (enabled_by_user_) {
     DCHECK(IsDataReductionProxyAllowed());
     ProbeWhetherDataReductionProxyIsAvailable();
   }
 }
 
 void DataReductionProxySettings::OnProxyEnabledPrefChange() {
   if (!IsDataReductionProxyAllowed())
     return;
@@ skipping 16 matching lines @@
   // feedback.
   const char kAtStartup[] = "at startup";
   const char kByUser[] = "by user action";
   const char kOn[] = "ON";
   const char kOff[] = "OFF";
 
   LOG(WARNING) << "SPDY proxy " << (enabled ? kOn : kOff)
                << " " << (at_startup ? kAtStartup : kByUser);
 }
 
+std::string DataReductionProxySettings::GetDefaultProxyHost() {
+#if defined(SPDY_PROXY_AUTH_ORIGIN)
+  return SPDY_PROXY_AUTH_ORIGIN;
+#else
+  return std::string();
+#endif
+}
+
+std::string DataReductionProxySettings::GetDefaultFallbackProxyHost() {
+#if defined(DATA_REDUCTION_FALLBACK_HOST)
+  return DATA_REDUCTION_FALLBACK_HOST;
+#else
+  return std::string();
+#endif
+}
+
 PrefService* DataReductionProxySettings::GetOriginalProfilePrefs() {
   return g_browser_process->profile_manager()->GetLastUsedProfile()->
       GetOriginalProfile()->GetPrefs();
 }
 
 PrefService* DataReductionProxySettings::GetLocalStatePrefs() {
   return g_browser_process->local_state();
 }
 
 bool DataReductionProxySettings::IsProxyOriginSetOnCommandLine() {
@@ skipping 20 matching lines @@
   PrefService* prefs = GetOriginalProfilePrefs();
 
   // TODO(marq): Consider moving this so stats are wiped the first time the
   // proxy settings are actually (not maybe) turned on.
   if (spdy_proxy_auth_enabled_.GetValue() &&
       !prefs->GetBoolean(prefs::kSpdyProxyAuthWasEnabledBefore)) {
     prefs->SetBoolean(prefs::kSpdyProxyAuthWasEnabledBefore, true);
     ResetDataReductionStatistics();
   }
 
-  std::string spdy_proxy_origin = GetDataReductionProxyOriginHostPort();
-
+  std::string proxy = GetDataReductionProxyOrigin();
   // Configure use of the data reduction proxy if it is enabled and the proxy
   // origin is non-empty.
-  enabled_by_user_=
-      spdy_proxy_auth_enabled_.GetValue() && !spdy_proxy_origin.empty();
+  enabled_by_user_= spdy_proxy_auth_enabled_.GetValue() && !proxy.empty();
   SetProxyConfigs(enabled_by_user_ && !disabled_by_carrier_, at_startup);
 
   // Check if the proxy has been disabled explicitly by the carrier.
   if (enabled_by_user_)
     ProbeWhetherDataReductionProxyIsAvailable();
 }
 
 void DataReductionProxySettings::SetProxyConfigs(bool enabled,
                                                  bool at_startup) {
   LogProxyState(enabled, at_startup);
   PrefService* prefs = GetOriginalProfilePrefs();
   DCHECK(prefs);
   DictionaryPrefUpdate update(prefs, prefs::kProxy);
   base::DictionaryValue* dict = update.Get();
   if (enabled) {
+    std::string fallback = GetDataReductionProxyFallback();
     std::string proxy_server_config =
-        "http=" + GetDataReductionProxyOrigin() + ",direct://;";
+        "http=" + GetDataReductionProxyOrigin() +
+        (fallback.empty() ? "" : "," + fallback) +
+        ",direct://;";
     dict->SetString("server", proxy_server_config);
     dict->SetString("mode",
                     ProxyModeToString(ProxyPrefs::MODE_FIXED_SERVERS));
     dict->SetString("bypass_list", JoinString(bypass_rules_, ", "));
   } else {
     dict->SetString("mode", ProxyModeToString(ProxyPrefs::MODE_SYSTEM));
     dict->SetString("server", "");
     dict->SetString("bypass_list", "");
   }
 }
@@ skipping 69 matching lines @@
     return command_line.GetSwitchValueASCII(
         switches::kDataReductionProxyProbeURL);
   }
 #if defined(DATA_REDUCTION_PROXY_PROBE_URL)
   return DATA_REDUCTION_PROXY_PROBE_URL;
 #else
   return std::string();
 #endif
 }
 
+base::string16 DataReductionProxySettings::AuthHashForSalt(int64 salt) {
+  if (!IsDataReductionProxyAllowed())
+    return base::string16();
+
+  std::string key;
+
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  if (command_line.HasSwitch(switches::kSpdyProxyAuthOrigin)) {
+    // If an origin is provided via a switch, then only consider the value
+    // that is provided by a switch. Do not use the preprocessor constant.
+    // Don't expose SPDY_PROXY_AUTH_VALUE to a proxy passed in via the command
+    // line.
+    if (!command_line.HasSwitch(switches::kSpdyProxyAuthValue))
+      return base::string16();
+    key = command_line.GetSwitchValueASCII(switches::kSpdyProxyAuthValue);
+  } else {
+#if defined(SPDY_PROXY_AUTH_VALUE)
+    key = SPDY_PROXY_AUTH_VALUE;
+#else
+    return base::string16();
+#endif
+  }
+
+  DCHECK(!key.empty());
+
+  std::string salted_key =
+      base::StringPrintf("%lld%s%lld", salt, key.c_str(), salt);
+  return UTF8ToUTF16(base::MD5String(salted_key));
+}
+
 net::URLFetcher* DataReductionProxySettings::GetURLFetcher() {
   std::string url = GetProxyCheckURL();
   if (url.empty())
     return NULL;
   net::URLFetcher* fetcher = net::URLFetcher::Create(GURL(url),
                                                      net::URLFetcher::GET,
                                                      this);
   fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE);
   fetcher->SetLoadFlags(net::LOAD_BYPASS_PROXY);
   Profile* profile = g_browser_process->profile_manager()->
       GetDefaultProfile();
   fetcher->SetRequestContext(profile->GetRequestContext());
   // Configure max retries to be at most kMaxRetries times for 5xx errors.
   static const int kMaxRetries = 5;
   fetcher->SetMaxRetriesOn5xx(kMaxRetries);
   return fetcher;
 }
 
 void
 DataReductionProxySettings::ProbeWhetherDataReductionProxyIsAvailable() {
   net::URLFetcher* fetcher = GetURLFetcher();
   if (!fetcher)
     return;
   fetcher_.reset(fetcher);
   fetcher_->Start();
 }