Handles proxy authentication request in ProxyResolvingClientSocket

jingle/glue/proxy_resolving_client_socket.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "jingle/glue/proxy_resolving_client_socket.h"
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "net/base/io_buffer.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_network_session.h"
+#include "net/http/http_transaction_factory.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/client_socket_pool_manager.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace jingle_glue {
 
 ProxyResolvingClientSocket::ProxyResolvingClientSocket(
     net::ClientSocketFactory* socket_factory,
     const scoped_refptr<net::URLRequestContextGetter>& request_context_getter,
@@ skipping 26 matching lines @@
   DCHECK(proxy_url_.is_valid());
 
   net::HttpNetworkSession::Params session_params;
   session_params.client_socket_factory = socket_factory;
   session_params.host_resolver = request_context->host_resolver();
   session_params.cert_verifier = request_context->cert_verifier();
   session_params.transport_security_state =
       request_context->transport_security_state();
   // TODO(rkn): This is NULL because ServerBoundCertService is not thread safe.
   session_params.server_bound_cert_service = NULL;
   session_params.proxy_service = request_context->proxy_service();

[Ryan Sleevi, 2014/08/23 02:47:12]

If you're using the main URLRequestContext, by duplicating the proxy service,
you're potentially polluting the main context.

That is, if a proxy fails for WebRTC, but would work if done in a main page load
(e.g. if it required prompting), you've now forced it to be marked bad for the
user.

This is probably a BUG.

   session_params.ssl_config_service = request_context->ssl_config_service();
   session_params.http_auth_handler_factory =
       request_context->http_auth_handler_factory();
   session_params.network_delegate = request_context->network_delegate();

[Ryan Sleevi, 2014/08/23 02:47:12]

Just to confirm: This means that extensions can and will be able to interfere
with WebRTC requests.

I think this is a right answer, I just want to make sure you're aware of it.

   session_params.http_server_properties =
       request_context->http_server_properties();
   session_params.net_log = request_context->net_log();
 
   const net::HttpNetworkSession::Params* reference_params =
       request_context->GetNetworkSessionParams();
   if (reference_params) {
     // TODO(mmenke):  Just copying specific parameters seems highly regression
     // prone.  Should have a better way to do this.
     session_params.host_mapping_rules = reference_params->host_mapping_rules;
     session_params.ignore_certificate_errors =
         reference_params->ignore_certificate_errors;
     session_params.testing_fixed_http_port =
         reference_params->testing_fixed_http_port;
     session_params.testing_fixed_https_port =
         reference_params->testing_fixed_https_port;
     session_params.next_protos = reference_params->next_protos;
     session_params.trusted_spdy_proxy = reference_params->trusted_spdy_proxy;
     session_params.force_spdy_over_ssl = reference_params->force_spdy_over_ssl;
     session_params.force_spdy_always = reference_params->force_spdy_always;
     session_params.forced_spdy_exclusions =
         reference_params->forced_spdy_exclusions;
     session_params.use_alternate_protocols =
         reference_params->use_alternate_protocols;
   }
 
   network_session_ = new net::HttpNetworkSession(session_params);
+
+  net::HttpAuthCache* existing_cache =
+      request_context->http_transaction_factory()
+          ->GetSession()->http_auth_cache();
+  network_session_->http_auth_cache()->UpdateAllFrom(*existing_cache);

[Ryan Sleevi, 2014/08/23 02:47:12]

Create your own HttpAuthCache.

Confirm that you reach this code path:
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/http_auth...

You should reach it from 
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/http_auth...

which you should reach from
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/proxy_cli...

which you should reach from
https://code.google.com/p/chromium/codesearch#chromium/src/net/http/http_prox...

which you should reach from
https://code.google.com/p/chromium/codesearch#chromium/src/net/socket/client_...
(asynchronously)

 }
 
 ProxyResolvingClientSocket::~ProxyResolvingClientSocket() {
   Disconnect();
 }
 
 int ProxyResolvingClientSocket::Read(net::IOBuffer* buf, int buf_len,
                                      const net::CompletionCallback& callback) {
   if (transport_.get() && transport_->socket())
     return transport_->socket()->Read(buf, buf_len, callback);
@@ skipping 36 matching lines @@
       proxy_url_,
       net::LOAD_NORMAL,
       &proxy_info_,
       proxy_resolve_callback_,
       &pac_request_,
       NULL,
       bound_net_log_);
   if (status != net::ERR_IO_PENDING) {
     // We defer execution of ProcessProxyResolveDone instead of calling it
     // directly here for simplicity. From the caller's point of view,
     // the connect always happens asynchronously.

[Ryan Sleevi, 2014/08/23 02:47:12]

We should fix this at some point.

This is seen as an anti-pattern for Chrome networking.

     base::MessageLoop* message_loop = base::MessageLoop::current();
     CHECK(message_loop);
     message_loop->PostTask(
         FROM_HERE,
         base::Bind(&ProxyResolvingClientSocket::ProcessProxyResolveDone,
                    weak_factory_.GetWeakPtr(), status));
   }
   user_connect_callback_ = callback;
   return net::ERR_IO_PENDING;
 }
@@ skipping 132 matching lines @@
 
   // We either have new proxy info or there was an error in falling back.
   // In both cases we want to post ProcessProxyResolveDone (in the error case
   // we might still want to fall back a direct connection).
   if (rv != net::ERR_IO_PENDING) {
     base::MessageLoop* message_loop = base::MessageLoop::current();
     CHECK(message_loop);
     message_loop->PostTask(
         FROM_HERE,
         base::Bind(&ProxyResolvingClientSocket::ProcessProxyResolveDone,
                    weak_factory_.GetWeakPtr(), rv));

[Ryan Sleevi, 2014/08/23 02:47:12]

Ditto that this is a bit of an anti-pattern.

     // Since we potentially have another try to go (trying the direct connect)
     // set the return code code to ERR_IO_PENDING.
     rv = net::ERR_IO_PENDING;
   }
   return rv;
 }
 
 void ProxyResolvingClientSocket::ReportSuccessfulProxyConnection() {
   network_session_->proxy_service()->ReportSuccess(proxy_info_);
 }
@@ skipping 85 matching lines @@
   return false;
 }
 
 void ProxyResolvingClientSocket::CloseTransportSocket() {
   if (transport_.get() && transport_->socket())
     transport_->socket()->Disconnect();
   transport_.reset();
 }
 
 }  // namespace jingle_glue