OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/socket/client_socket_pool_manager_impl.h" | |
6 | |
7 #include "base/logging.h" | |
8 #include "base/values.h" | |
9 #include "net/http/http_network_session.h" | |
10 #include "net/http/http_proxy_client_socket_pool.h" | |
11 #include "net/socket/socks_client_socket_pool.h" | |
12 #include "net/socket/ssl_client_socket_pool.h" | |
13 #include "net/socket/transport_client_socket_pool.h" | |
14 #include "net/socket/websocket_transport_client_socket_pool.h" | |
15 #include "net/ssl/ssl_config_service.h" | |
16 | |
17 namespace net { | |
18 | |
19 namespace { | |
20 | |
21 // Appends information about all |socket_pools| to the end of |list|. | |
22 template <class MapType> | |
23 void AddSocketPoolsToList(base::ListValue* list, | |
24 const MapType& socket_pools, | |
25 const std::string& type, | |
26 bool include_nested_pools) { | |
27 for (typename MapType::const_iterator it = socket_pools.begin(); | |
28 it != socket_pools.end(); it++) { | |
29 list->Append(it->second->GetInfoAsValue(it->first.ToString(), | |
30 type, | |
31 include_nested_pools)); | |
32 } | |
33 } | |
34 | |
35 } // namespace | |
36 | |
37 ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( | |
38 NetLog* net_log, | |
39 ClientSocketFactory* socket_factory, | |
40 HostResolver* host_resolver, | |
41 CertVerifier* cert_verifier, | |
42 ChannelIDService* channel_id_service, | |
43 TransportSecurityState* transport_security_state, | |
44 CTVerifier* cert_transparency_verifier, | |
45 CertPolicyEnforcer* cert_policy_enforcer, | |
46 const std::string& ssl_session_cache_shard, | |
47 SSLConfigService* ssl_config_service, | |
48 bool enable_ssl_connect_job_waiting, | |
49 HttpNetworkSession::SocketPoolType pool_type) | |
50 : net_log_(net_log), | |
51 socket_factory_(socket_factory), | |
52 host_resolver_(host_resolver), | |
53 cert_verifier_(cert_verifier), | |
54 channel_id_service_(channel_id_service), | |
55 transport_security_state_(transport_security_state), | |
56 cert_transparency_verifier_(cert_transparency_verifier), | |
57 cert_policy_enforcer_(cert_policy_enforcer), | |
58 ssl_session_cache_shard_(ssl_session_cache_shard), | |
59 ssl_config_service_(ssl_config_service), | |
60 enable_ssl_connect_job_waiting_(enable_ssl_connect_job_waiting), | |
61 pool_type_(pool_type), | |
62 transport_pool_histograms_("TCP"), | |
63 transport_socket_pool_( | |
64 pool_type == HttpNetworkSession::WEBSOCKET_SOCKET_POOL | |
65 ? new WebSocketTransportClientSocketPool( | |
66 max_sockets_per_pool(pool_type), | |
67 max_sockets_per_group(pool_type), | |
68 &transport_pool_histograms_, | |
69 host_resolver, | |
70 socket_factory_, | |
71 net_log) | |
72 : new TransportClientSocketPool(max_sockets_per_pool(pool_type), | |
73 max_sockets_per_group(pool_type), | |
74 &transport_pool_histograms_, | |
75 host_resolver, | |
76 socket_factory_, | |
77 net_log)), | |
78 ssl_pool_histograms_("SSL2"), | |
79 ssl_socket_pool_(new SSLClientSocketPool(max_sockets_per_pool(pool_type), | |
80 max_sockets_per_group(pool_type), | |
81 &ssl_pool_histograms_, | |
82 cert_verifier, | |
83 channel_id_service, | |
84 transport_security_state, | |
85 cert_transparency_verifier, | |
86 cert_policy_enforcer, | |
87 ssl_session_cache_shard, | |
88 socket_factory, | |
89 transport_socket_pool_.get(), | |
90 NULL /* no socks proxy */, | |
91 NULL /* no http proxy */, | |
92 ssl_config_service, | |
93 enable_ssl_connect_job_waiting, | |
94 net_log)), | |
95 transport_for_socks_pool_histograms_("TCPforSOCKS"), | |
96 socks_pool_histograms_("SOCK"), | |
97 transport_for_http_proxy_pool_histograms_("TCPforHTTPProxy"), | |
98 transport_for_https_proxy_pool_histograms_("TCPforHTTPSProxy"), | |
99 ssl_for_https_proxy_pool_histograms_("SSLforHTTPSProxy"), | |
100 http_proxy_pool_histograms_("HTTPProxy"), | |
101 ssl_socket_pool_for_proxies_histograms_("SSLForProxies") { | |
102 CertDatabase::GetInstance()->AddObserver(this); | |
103 } | |
104 | |
105 ClientSocketPoolManagerImpl::~ClientSocketPoolManagerImpl() { | |
106 CertDatabase::GetInstance()->RemoveObserver(this); | |
107 } | |
108 | |
109 void ClientSocketPoolManagerImpl::FlushSocketPoolsWithError(int error) { | |
110 // Flush the highest level pools first, since higher level pools may release | |
111 // stuff to the lower level pools. | |
112 | |
113 for (SSLSocketPoolMap::const_iterator it = | |
114 ssl_socket_pools_for_proxies_.begin(); | |
115 it != ssl_socket_pools_for_proxies_.end(); | |
116 ++it) | |
117 it->second->FlushWithError(error); | |
118 | |
119 for (HTTPProxySocketPoolMap::const_iterator it = | |
120 http_proxy_socket_pools_.begin(); | |
121 it != http_proxy_socket_pools_.end(); | |
122 ++it) | |
123 it->second->FlushWithError(error); | |
124 | |
125 for (SSLSocketPoolMap::const_iterator it = | |
126 ssl_socket_pools_for_https_proxies_.begin(); | |
127 it != ssl_socket_pools_for_https_proxies_.end(); | |
128 ++it) | |
129 it->second->FlushWithError(error); | |
130 | |
131 for (TransportSocketPoolMap::const_iterator it = | |
132 transport_socket_pools_for_https_proxies_.begin(); | |
133 it != transport_socket_pools_for_https_proxies_.end(); | |
134 ++it) | |
135 it->second->FlushWithError(error); | |
136 | |
137 for (TransportSocketPoolMap::const_iterator it = | |
138 transport_socket_pools_for_http_proxies_.begin(); | |
139 it != transport_socket_pools_for_http_proxies_.end(); | |
140 ++it) | |
141 it->second->FlushWithError(error); | |
142 | |
143 for (SOCKSSocketPoolMap::const_iterator it = | |
144 socks_socket_pools_.begin(); | |
145 it != socks_socket_pools_.end(); | |
146 ++it) | |
147 it->second->FlushWithError(error); | |
148 | |
149 for (TransportSocketPoolMap::const_iterator it = | |
150 transport_socket_pools_for_socks_proxies_.begin(); | |
151 it != transport_socket_pools_for_socks_proxies_.end(); | |
152 ++it) | |
153 it->second->FlushWithError(error); | |
154 | |
155 ssl_socket_pool_->FlushWithError(error); | |
156 transport_socket_pool_->FlushWithError(error); | |
157 } | |
158 | |
159 void ClientSocketPoolManagerImpl::CloseIdleSockets() { | |
160 // Close sockets in the highest level pools first, since higher level pools' | |
161 // sockets may release stuff to the lower level pools. | |
162 for (SSLSocketPoolMap::const_iterator it = | |
163 ssl_socket_pools_for_proxies_.begin(); | |
164 it != ssl_socket_pools_for_proxies_.end(); | |
165 ++it) | |
166 it->second->CloseIdleSockets(); | |
167 | |
168 for (HTTPProxySocketPoolMap::const_iterator it = | |
169 http_proxy_socket_pools_.begin(); | |
170 it != http_proxy_socket_pools_.end(); | |
171 ++it) | |
172 it->second->CloseIdleSockets(); | |
173 | |
174 for (SSLSocketPoolMap::const_iterator it = | |
175 ssl_socket_pools_for_https_proxies_.begin(); | |
176 it != ssl_socket_pools_for_https_proxies_.end(); | |
177 ++it) | |
178 it->second->CloseIdleSockets(); | |
179 | |
180 for (TransportSocketPoolMap::const_iterator it = | |
181 transport_socket_pools_for_https_proxies_.begin(); | |
182 it != transport_socket_pools_for_https_proxies_.end(); | |
183 ++it) | |
184 it->second->CloseIdleSockets(); | |
185 | |
186 for (TransportSocketPoolMap::const_iterator it = | |
187 transport_socket_pools_for_http_proxies_.begin(); | |
188 it != transport_socket_pools_for_http_proxies_.end(); | |
189 ++it) | |
190 it->second->CloseIdleSockets(); | |
191 | |
192 for (SOCKSSocketPoolMap::const_iterator it = | |
193 socks_socket_pools_.begin(); | |
194 it != socks_socket_pools_.end(); | |
195 ++it) | |
196 it->second->CloseIdleSockets(); | |
197 | |
198 for (TransportSocketPoolMap::const_iterator it = | |
199 transport_socket_pools_for_socks_proxies_.begin(); | |
200 it != transport_socket_pools_for_socks_proxies_.end(); | |
201 ++it) | |
202 it->second->CloseIdleSockets(); | |
203 | |
204 ssl_socket_pool_->CloseIdleSockets(); | |
205 transport_socket_pool_->CloseIdleSockets(); | |
206 } | |
207 | |
208 TransportClientSocketPool* | |
209 ClientSocketPoolManagerImpl::GetTransportSocketPool() { | |
210 return transport_socket_pool_.get(); | |
211 } | |
212 | |
213 SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSSLSocketPool() { | |
214 return ssl_socket_pool_.get(); | |
215 } | |
216 | |
217 SOCKSClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSOCKSProxy( | |
218 const HostPortPair& socks_proxy) { | |
219 SOCKSSocketPoolMap::const_iterator it = socks_socket_pools_.find(socks_proxy); | |
220 if (it != socks_socket_pools_.end()) { | |
221 DCHECK(ContainsKey(transport_socket_pools_for_socks_proxies_, socks_proxy)); | |
222 return it->second; | |
223 } | |
224 | |
225 DCHECK(!ContainsKey(transport_socket_pools_for_socks_proxies_, socks_proxy)); | |
226 | |
227 std::pair<TransportSocketPoolMap::iterator, bool> tcp_ret = | |
228 transport_socket_pools_for_socks_proxies_.insert( | |
229 std::make_pair( | |
230 socks_proxy, | |
231 new TransportClientSocketPool( | |
232 max_sockets_per_proxy_server(pool_type_), | |
233 max_sockets_per_group(pool_type_), | |
234 &transport_for_socks_pool_histograms_, | |
235 host_resolver_, | |
236 socket_factory_, | |
237 net_log_))); | |
238 DCHECK(tcp_ret.second); | |
239 | |
240 std::pair<SOCKSSocketPoolMap::iterator, bool> ret = | |
241 socks_socket_pools_.insert( | |
242 std::make_pair(socks_proxy, new SOCKSClientSocketPool( | |
243 max_sockets_per_proxy_server(pool_type_), | |
244 max_sockets_per_group(pool_type_), | |
245 &socks_pool_histograms_, | |
246 host_resolver_, | |
247 tcp_ret.first->second, | |
248 net_log_))); | |
249 | |
250 return ret.first->second; | |
251 } | |
252 | |
253 HttpProxyClientSocketPool* | |
254 ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy( | |
255 const HostPortPair& http_proxy) { | |
256 HTTPProxySocketPoolMap::const_iterator it = | |
257 http_proxy_socket_pools_.find(http_proxy); | |
258 if (it != http_proxy_socket_pools_.end()) { | |
259 DCHECK(ContainsKey(transport_socket_pools_for_http_proxies_, http_proxy)); | |
260 DCHECK(ContainsKey(transport_socket_pools_for_https_proxies_, http_proxy)); | |
261 DCHECK(ContainsKey(ssl_socket_pools_for_https_proxies_, http_proxy)); | |
262 return it->second; | |
263 } | |
264 | |
265 DCHECK(!ContainsKey(transport_socket_pools_for_http_proxies_, http_proxy)); | |
266 DCHECK(!ContainsKey(transport_socket_pools_for_https_proxies_, http_proxy)); | |
267 DCHECK(!ContainsKey(ssl_socket_pools_for_https_proxies_, http_proxy)); | |
268 | |
269 std::pair<TransportSocketPoolMap::iterator, bool> tcp_http_ret = | |
270 transport_socket_pools_for_http_proxies_.insert( | |
271 std::make_pair( | |
272 http_proxy, | |
273 new TransportClientSocketPool( | |
274 max_sockets_per_proxy_server(pool_type_), | |
275 max_sockets_per_group(pool_type_), | |
276 &transport_for_http_proxy_pool_histograms_, | |
277 host_resolver_, | |
278 socket_factory_, | |
279 net_log_))); | |
280 DCHECK(tcp_http_ret.second); | |
281 | |
282 std::pair<TransportSocketPoolMap::iterator, bool> tcp_https_ret = | |
283 transport_socket_pools_for_https_proxies_.insert( | |
284 std::make_pair( | |
285 http_proxy, | |
286 new TransportClientSocketPool( | |
287 max_sockets_per_proxy_server(pool_type_), | |
288 max_sockets_per_group(pool_type_), | |
289 &transport_for_https_proxy_pool_histograms_, | |
290 host_resolver_, | |
291 socket_factory_, | |
292 net_log_))); | |
293 DCHECK(tcp_https_ret.second); | |
294 | |
295 std::pair<SSLSocketPoolMap::iterator, bool> ssl_https_ret = | |
296 ssl_socket_pools_for_https_proxies_.insert(std::make_pair( | |
297 http_proxy, new SSLClientSocketPool( | |
298 max_sockets_per_proxy_server(pool_type_), | |
299 max_sockets_per_group(pool_type_), | |
300 &ssl_for_https_proxy_pool_histograms_, cert_verifier_, | |
301 channel_id_service_, transport_security_state_, | |
302 cert_transparency_verifier_, cert_policy_enforcer_, | |
303 ssl_session_cache_shard_, socket_factory_, | |
304 tcp_https_ret.first->second /* https proxy */, | |
305 NULL /* no socks proxy */, NULL /* no http proxy */, | |
306 ssl_config_service_.get(), | |
307 enable_ssl_connect_job_waiting_, net_log_))); | |
308 DCHECK(tcp_https_ret.second); | |
309 | |
310 std::pair<HTTPProxySocketPoolMap::iterator, bool> ret = | |
311 http_proxy_socket_pools_.insert( | |
312 std::make_pair( | |
313 http_proxy, | |
314 new HttpProxyClientSocketPool( | |
315 max_sockets_per_proxy_server(pool_type_), | |
316 max_sockets_per_group(pool_type_), | |
317 &http_proxy_pool_histograms_, | |
318 tcp_http_ret.first->second, | |
319 ssl_https_ret.first->second, | |
320 net_log_))); | |
321 | |
322 return ret.first->second; | |
323 } | |
324 | |
325 SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy( | |
326 const HostPortPair& proxy_server) { | |
327 SSLSocketPoolMap::const_iterator it = | |
328 ssl_socket_pools_for_proxies_.find(proxy_server); | |
329 if (it != ssl_socket_pools_for_proxies_.end()) | |
330 return it->second; | |
331 | |
332 SSLClientSocketPool* new_pool = new SSLClientSocketPool( | |
333 max_sockets_per_proxy_server(pool_type_), | |
334 max_sockets_per_group(pool_type_), &ssl_pool_histograms_, cert_verifier_, | |
335 channel_id_service_, transport_security_state_, | |
336 cert_transparency_verifier_, cert_policy_enforcer_, | |
337 ssl_session_cache_shard_, socket_factory_, | |
338 NULL, /* no tcp pool, we always go through a proxy */ | |
339 GetSocketPoolForSOCKSProxy(proxy_server), | |
340 GetSocketPoolForHTTPProxy(proxy_server), ssl_config_service_.get(), | |
341 enable_ssl_connect_job_waiting_, net_log_); | |
342 | |
343 std::pair<SSLSocketPoolMap::iterator, bool> ret = | |
344 ssl_socket_pools_for_proxies_.insert(std::make_pair(proxy_server, | |
345 new_pool)); | |
346 | |
347 return ret.first->second; | |
348 } | |
349 | |
350 base::Value* ClientSocketPoolManagerImpl::SocketPoolInfoToValue() const { | |
351 base::ListValue* list = new base::ListValue(); | |
352 list->Append(transport_socket_pool_->GetInfoAsValue("transport_socket_pool", | |
353 "transport_socket_pool", | |
354 false)); | |
355 // Third parameter is false because |ssl_socket_pool_| uses | |
356 // |transport_socket_pool_| internally, and do not want to add it a second | |
357 // time. | |
358 list->Append(ssl_socket_pool_->GetInfoAsValue("ssl_socket_pool", | |
359 "ssl_socket_pool", | |
360 false)); | |
361 AddSocketPoolsToList(list, | |
362 http_proxy_socket_pools_, | |
363 "http_proxy_socket_pool", | |
364 true); | |
365 AddSocketPoolsToList(list, | |
366 socks_socket_pools_, | |
367 "socks_socket_pool", | |
368 true); | |
369 | |
370 // Third parameter is false because |ssl_socket_pools_for_proxies_| use | |
371 // socket pools in |http_proxy_socket_pools_| and |socks_socket_pools_|. | |
372 AddSocketPoolsToList(list, | |
373 ssl_socket_pools_for_proxies_, | |
374 "ssl_socket_pool_for_proxies", | |
375 false); | |
376 return list; | |
377 } | |
378 | |
379 void ClientSocketPoolManagerImpl::OnCertAdded(const X509Certificate* cert) { | |
380 FlushSocketPoolsWithError(ERR_NETWORK_CHANGED); | |
381 } | |
382 | |
383 void ClientSocketPoolManagerImpl::OnCACertChanged( | |
384 const X509Certificate* cert) { | |
385 // We should flush the socket pools if we removed trust from a | |
386 // cert, because a previously trusted server may have become | |
387 // untrusted. | |
388 // | |
389 // We should not flush the socket pools if we added trust to a | |
390 // cert. | |
391 // | |
392 // Since the OnCACertChanged method doesn't tell us what | |
393 // kind of change it is, we have to flush the socket | |
394 // pools to be safe. | |
395 FlushSocketPoolsWithError(ERR_NETWORK_CHANGED); | |
396 } | |
397 | |
398 } // namespace net | |
OLD | NEW |