1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_network_transaction.h"
6
7 #include <set>
8 #include <utility>
9 #include <vector>
10
11 #include "base/base64url.h"
12 #include "base/bind.h"
13 #include "base/bind_helpers.h"
14 #include "base/compiler_specific.h"
15 #include "base/format_macros.h"
16 #include "base/metrics/field_trial.h"
17 #include "base/metrics/histogram_functions.h"
18 #include "base/metrics/histogram_macros.h"
19 #include "base/metrics/sparse_histogram.h"
20 #include "base/stl_util.h"
21 #include "base/strings/string_number_conversions.h"
22 #include "base/strings/string_util.h"
23 #include "base/time/time.h"
24 #include "base/values.h"
25 #include "build/build_config.h"
26 #include "net/base/auth.h"
27 #include "net/base/host_port_pair.h"
28 #include "net/base/io_buffer.h"
29 #include "net/base/load_flags.h"
30 #include "net/base/load_timing_info.h"
31 #include "net/base/net_errors.h"
32 #include "net/base/proxy_server.h"
33 #include "net/base/upload_data_stream.h"
34 #include "net/base/url_util.h"
35 #include "net/cert/cert_status_flags.h"
36 #include "net/filter/filter_source_stream.h"
37 #include "net/http/bidirectional_stream_impl.h"
38 #include "net/http/http_auth.h"
39 #include "net/http/http_auth_handler.h"
40 #include "net/http/http_auth_handler_factory.h"
41 #include "net/http/http_basic_stream.h"
42 #include "net/http/http_chunked_decoder.h"
43 #include "net/http/http_log_util.h"
44 #include "net/http/http_network_session.h"
45 #include "net/http/http_proxy_client_socket.h"
46 #include "net/http/http_request_headers.h"
47 #include "net/http/http_request_info.h"
48 #include "net/http/http_response_headers.h"
49 #include "net/http/http_response_info.h"
50 #include "net/http/http_server_properties.h"
51 #include "net/http/http_status_code.h"
52 #include "net/http/http_stream.h"
53 #include "net/http/http_stream_factory.h"
54 #include "net/http/http_util.h"
55 #include "net/http/transport_security_state.h"
56 #include "net/http/url_security_manager.h"
57 #include "net/log/net_log_event_type.h"
58 #include "net/socket/client_socket_factory.h"
59 #include "net/socket/next_proto.h"
60 #include "net/socket/transport_client_socket_pool.h"
61 #include "net/spdy/spdy_http_stream.h"
62 #include "net/spdy/spdy_session.h"
63 #include "net/spdy/spdy_session_pool.h"
64 #include "net/ssl/ssl_cert_request_info.h"
65 #include "net/ssl/ssl_connection_status_flags.h"
66 #include "net/ssl/ssl_info.h"
67 #include "net/ssl/ssl_private_key.h"
68 #include "url/gurl.h"
69 #include "url/scheme_host_port.h"
70 #include "url/url_canon.h"
71
72 #if BUILDFLAG(ENABLE_REPORTING)
73 #include "net/network_error_logging/network_error_logging_service.h"
74 #include "net/reporting/reporting_header_parser.h"
75 #include "net/reporting/reporting_service.h"
76 #endif // BUILDFLAG(ENABLE_REPORTING)
77
78 namespace net {
79
80 namespace {
81
82 // Max number of |retry_attempts| (excluding the initial request) after which
83 // we give up and show an error page.
84 const size_t kMaxRetryAttempts = 2;
85
86 // Max number of calls to RestartWith* allowed for a single connection. A single
87 // HttpNetworkTransaction should not signal very many restartable errors, but it
88 // may occur due to a bug (e.g. https://crbug.com/823387 or
89 // https://crbug.com/488043) or simply if the server or proxy requests
90 // authentication repeatedly. Although these calls are often associated with a
91 // user prompt, in other scenarios (remembered preferences, extensions,
92 // multi-leg authentication), they may be triggered automatically. To avoid
93 // looping forever, bound the number of restarts.
94 const size_t kMaxRestarts = 32;
95
SetProxyInfoInReponse(const ProxyInfo & proxy_info,HttpResponseInfo * response_info)96 void SetProxyInfoInReponse(const ProxyInfo& proxy_info,
97 HttpResponseInfo* response_info) {
98 response_info->was_fetched_via_proxy = !proxy_info.is_direct();
99 if (response_info->was_fetched_via_proxy && !proxy_info.is_empty())
100 response_info->proxy_server = proxy_info.proxy_server();
101 else if (!response_info->was_fetched_via_proxy && proxy_info.is_direct())
102 response_info->proxy_server = ProxyServer::Direct();
103 else
104 response_info->proxy_server = ProxyServer();
105 }
106
107 } // namespace
108
109 const int HttpNetworkTransaction::kDrainBodyBufferSize;
110
HttpNetworkTransaction(RequestPriority priority,HttpNetworkSession * session)111 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
112 HttpNetworkSession* session)
113 : pending_auth_target_(HttpAuth::AUTH_NONE),
114 io_callback_(base::BindRepeating(&HttpNetworkTransaction::OnIOComplete,
115 base::Unretained(this))),
116 session_(session),
117 request_(nullptr),
118 priority_(priority),
119 headers_valid_(false),
120 can_send_early_data_(false),
121 configured_client_cert_for_server_(false),
122 request_headers_(),
123 #if BUILDFLAG(ENABLE_REPORTING)
124 network_error_logging_report_generated_(false),
125 request_reporting_upload_depth_(0),
126 #endif // BUILDFLAG(ENABLE_REPORTING)
127 read_buf_len_(0),
128 total_received_bytes_(0),
129 total_sent_bytes_(0),
130 next_state_(STATE_NONE),
131 establishing_tunnel_(false),
132 enable_ip_based_pooling_(true),
133 enable_alternative_services_(true),
134 websocket_handshake_stream_base_create_helper_(nullptr),
135 net_error_details_(),
136 retry_attempts_(0),
137 num_restarts_(0) {
138 }
139
~HttpNetworkTransaction()140 HttpNetworkTransaction::~HttpNetworkTransaction() {
141 #if BUILDFLAG(ENABLE_REPORTING)
142 // If no error or success report has been generated yet at this point, then
143 // this network transaction was prematurely cancelled.
144 GenerateNetworkErrorLoggingReport(ERR_ABORTED);
145 #endif // BUILDFLAG(ENABLE_REPORTING)
146 if (stream_.get()) {
147 // TODO(mbelshe): The stream_ should be able to compute whether or not the
148 // stream should be kept alive. No reason to compute here
149 // and pass it in.
150 if (!stream_->CanReuseConnection() || next_state_ != STATE_NONE) {
151 stream_->Close(true /* not reusable */);
152 } else if (stream_->IsResponseBodyComplete()) {
153 // If the response body is complete, we can just reuse the socket.
154 stream_->Close(false /* reusable */);
155 } else {
156 // Otherwise, we try to drain the response body.
157 HttpStream* stream = stream_.release();
158 stream->Drain(session_);
159 }
160 }
161 if (request_ && request_->upload_data_stream)
162 request_->upload_data_stream->Reset(); // Invalidate pending callbacks.
163 }
164
Start(const HttpRequestInfo * request_info,CompletionOnceCallback callback,const NetLogWithSource & net_log)165 int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
166 CompletionOnceCallback callback,
167 const NetLogWithSource& net_log) {
168 if (request_info->load_flags & LOAD_ONLY_FROM_CACHE)
169 return ERR_CACHE_MISS;
170
171 DCHECK(request_info->traffic_annotation.is_valid());
172 net_log_ = net_log;
173 request_ = request_info;
174 url_ = request_->url;
175 network_isolation_key_ = request_->network_isolation_key;
176 #if BUILDFLAG(ENABLE_REPORTING)
177 // Store values for later use in NEL report generation.
178 request_method_ = request_->method;
179 request_->extra_headers.GetHeader(HttpRequestHeaders::kReferer,
180 &request_referrer_);
181 request_->extra_headers.GetHeader(HttpRequestHeaders::kUserAgent,
182 &request_user_agent_);
183 request_reporting_upload_depth_ = request_->reporting_upload_depth;
184 start_timeticks_ = base::TimeTicks::Now();
185 #endif // BUILDFLAG(ENABLE_REPORTING)
186
187 session_->GetSSLConfig(&server_ssl_config_, &proxy_ssl_config_);
188
189 if (request_->load_flags & LOAD_DISABLE_CERT_NETWORK_FETCHES) {
190 server_ssl_config_.disable_cert_verification_network_fetches = true;
191 proxy_ssl_config_.disable_cert_verification_network_fetches = true;
192 }
193
194 if (HttpUtil::IsMethodSafe(request_info->method)) {
195 can_send_early_data_ = true;
196 }
197
198 if (request_->load_flags & LOAD_PREFETCH) {
199 response_.unused_since_prefetch = true;
200 }
201
202 if (request_->load_flags & LOAD_RESTRICTED_PREFETCH) {
203 DCHECK(response_.unused_since_prefetch);
204 response_.restricted_prefetch = true;
205 }
206
207 next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
208 int rv = DoLoop(OK);
209 if (rv == ERR_IO_PENDING)
210 callback_ = std::move(callback);
211
212 // This always returns ERR_IO_PENDING because DoCreateStream() does, but
213 // GenerateNetworkErrorLoggingReportIfError() should be called here if any
214 // other net::Error can be returned.
215 DCHECK_EQ(rv, ERR_IO_PENDING);
216 return rv;
217 }
218
RestartIgnoringLastError(CompletionOnceCallback callback)219 int HttpNetworkTransaction::RestartIgnoringLastError(
220 CompletionOnceCallback callback) {
221 DCHECK(!stream_.get());
222 DCHECK(!stream_request_.get());
223 DCHECK_EQ(STATE_NONE, next_state_);
224
225 if (!CheckMaxRestarts())
226 return ERR_TOO_MANY_RETRIES;
227
228 next_state_ = STATE_CREATE_STREAM;
229
230 int rv = DoLoop(OK);
231 if (rv == ERR_IO_PENDING)
232 callback_ = std::move(callback);
233
234 // This always returns ERR_IO_PENDING because DoCreateStream() does, but
235 // GenerateNetworkErrorLoggingReportIfError() should be called here if any
236 // other net::Error can be returned.
237 DCHECK_EQ(rv, ERR_IO_PENDING);
238 return rv;
239 }
240
RestartWithCertificate(scoped_refptr<X509Certificate> client_cert,scoped_refptr<SSLPrivateKey> client_private_key,CompletionOnceCallback callback)241 int HttpNetworkTransaction::RestartWithCertificate(
242 scoped_refptr<X509Certificate> client_cert,
243 scoped_refptr<SSLPrivateKey> client_private_key,
244 CompletionOnceCallback callback) {
245 // When we receive ERR_SSL_CLIENT_AUTH_CERT_NEEDED, we always tear down
246 // existing streams and stream requests to force a new connection.
247 DCHECK(!stream_request_.get());
248 DCHECK(!stream_.get());
249 DCHECK_EQ(STATE_NONE, next_state_);
250
251 if (!CheckMaxRestarts())
252 return ERR_TOO_MANY_RETRIES;
253
254 // Add the credentials to the client auth cache. The next stream request will
255 // then pick them up.
256 session_->ssl_client_context()->SetClientCertificate(
257 response_.cert_request_info->host_and_port, std::move(client_cert),
258 std::move(client_private_key));
259
260 if (!response_.cert_request_info->is_proxy)
261 configured_client_cert_for_server_ = true;
262
263 // Reset the other member variables.
264 // Note: this is necessary only with SSL renegotiation.
265 ResetStateForRestart();
266 next_state_ = STATE_CREATE_STREAM;
267 int rv = DoLoop(OK);
268 if (rv == ERR_IO_PENDING)
269 callback_ = std::move(callback);
270
271 // This always returns ERR_IO_PENDING because DoCreateStream() does, but
272 // GenerateNetworkErrorLoggingReportIfError() should be called here if any
273 // other net::Error can be returned.
274 DCHECK_EQ(rv, ERR_IO_PENDING);
275 return rv;
276 }
277
RestartWithAuth(const AuthCredentials & credentials,CompletionOnceCallback callback)278 int HttpNetworkTransaction::RestartWithAuth(const AuthCredentials& credentials,
279 CompletionOnceCallback callback) {
280 if (!CheckMaxRestarts())
281 return ERR_TOO_MANY_RETRIES;
282
283 HttpAuth::Target target = pending_auth_target_;
284 if (target == HttpAuth::AUTH_NONE) {
285 NOTREACHED();
286 return ERR_UNEXPECTED;
287 }
288 pending_auth_target_ = HttpAuth::AUTH_NONE;
289
290 auth_controllers_[target]->ResetAuth(credentials);
291
292 DCHECK(callback_.is_null());
293
294 int rv = OK;
295 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) {
296 // In this case, we've gathered credentials for use with proxy
297 // authentication of a tunnel.
298 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
299 DCHECK(stream_request_ != nullptr);
300 auth_controllers_[target] = nullptr;
301 ResetStateForRestart();
302 rv = stream_request_->RestartTunnelWithProxyAuth();
303 } else {
304 // In this case, we've gathered credentials for the server or the proxy
305 // but it is not during the tunneling phase.
306 DCHECK(stream_request_ == nullptr);
307 PrepareForAuthRestart(target);
308 rv = DoLoop(OK);
309 // Note: If an error is encountered while draining the old response body, no
310 // Network Error Logging report will be generated, because the error was
311 // with the old request, which will already have had a NEL report generated
312 // for it due to the auth challenge (so we don't report a second error for
313 // that request).
314 }
315
316 if (rv == ERR_IO_PENDING)
317 callback_ = std::move(callback);
318 return rv;
319 }
320
PrepareForAuthRestart(HttpAuth::Target target)321 void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) {
322 DCHECK(HaveAuth(target));
323 DCHECK(!stream_request_.get());
324
325 // Authorization schemes incompatible with HTTP/2 are unsupported for proxies.
326 if (target == HttpAuth::AUTH_SERVER &&
327 auth_controllers_[target]->NeedsHTTP11()) {
328 session_->http_server_properties()->SetHTTP11Required(
329 url::SchemeHostPort(request_->url), network_isolation_key_);
330 }
331
332 bool keep_alive = false;
333 // Even if the server says the connection is keep-alive, we have to be
334 // able to find the end of each response in order to reuse the connection.
335 if (stream_->CanReuseConnection()) {
336 // If the response body hasn't been completely read, we need to drain
337 // it first.
338 if (!stream_->IsResponseBodyComplete()) {
339 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
340 read_buf_ = base::MakeRefCounted<IOBuffer>(
341 kDrainBodyBufferSize); // A bit bucket.
342 read_buf_len_ = kDrainBodyBufferSize;
343 return;
344 }
345 keep_alive = true;
346 }
347
348 // We don't need to drain the response body, so we act as if we had drained
349 // the response body.
350 DidDrainBodyForAuthRestart(keep_alive);
351 }
352
DidDrainBodyForAuthRestart(bool keep_alive)353 void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) {
354 DCHECK(!stream_request_.get());
355
356 if (stream_.get()) {
357 total_received_bytes_ += stream_->GetTotalReceivedBytes();
358 total_sent_bytes_ += stream_->GetTotalSentBytes();
359 HttpStream* new_stream = nullptr;
360 if (keep_alive && stream_->CanReuseConnection()) {
361 // We should call connection_->set_idle_time(), but this doesn't occur
362 // often enough to be worth the trouble.
363 stream_->SetConnectionReused();
364 new_stream = stream_->RenewStreamForAuth();
365 }
366
367 if (!new_stream) {
368 // Close the stream and mark it as not_reusable. Even in the
369 // keep_alive case, we've determined that the stream_ is not
370 // reusable if new_stream is NULL.
371 stream_->Close(true);
372 next_state_ = STATE_CREATE_STREAM;
373 } else {
374 // Renewed streams shouldn't carry over sent or received bytes.
375 DCHECK_EQ(0, new_stream->GetTotalReceivedBytes());
376 DCHECK_EQ(0, new_stream->GetTotalSentBytes());
377 next_state_ = STATE_INIT_STREAM;
378 }
379 stream_.reset(new_stream);
380 }
381
382 // Reset the other member variables.
383 ResetStateForAuthRestart();
384 }
385
IsReadyToRestartForAuth()386 bool HttpNetworkTransaction::IsReadyToRestartForAuth() {
387 return pending_auth_target_ != HttpAuth::AUTH_NONE &&
388 HaveAuth(pending_auth_target_);
389 }
390
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)391 int HttpNetworkTransaction::Read(IOBuffer* buf,
392 int buf_len,
393 CompletionOnceCallback callback) {
394 DCHECK(buf);
395 DCHECK_LT(0, buf_len);
396
397 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
398 if (headers_valid_ && headers.get() && stream_request_.get()) {
399 // We're trying to read the body of the response but we're still trying
400 // to establish an SSL tunnel through an HTTP proxy. We can't read these
401 // bytes when establishing a tunnel because they might be controlled by
402 // an active network attacker. We don't worry about this for HTTP
403 // because an active network attacker can already control HTTP sessions.
404 // We reach this case when the user cancels a 407 proxy auth prompt. We
405 // also don't worry about this for an HTTPS Proxy, because the
406 // communication with the proxy is secure.
407 // See http://crbug.com/8473.
408 DCHECK(proxy_info_.is_http() || proxy_info_.is_https() ||
409 proxy_info_.is_quic());
410 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED);
411 return ERR_TUNNEL_CONNECTION_FAILED;
412 }
413
414 // Are we using SPDY or HTTP?
415 next_state_ = STATE_READ_BODY;
416
417 read_buf_ = buf;
418 read_buf_len_ = buf_len;
419
420 int rv = DoLoop(OK);
421 if (rv == ERR_IO_PENDING)
422 callback_ = std::move(callback);
423 return rv;
424 }
425
StopCaching()426 void HttpNetworkTransaction::StopCaching() {}
427
GetTotalReceivedBytes() const428 int64_t HttpNetworkTransaction::GetTotalReceivedBytes() const {
429 int64_t total_received_bytes = total_received_bytes_;
430 if (stream_)
431 total_received_bytes += stream_->GetTotalReceivedBytes();
432 return total_received_bytes;
433 }
434
GetTotalSentBytes() const435 int64_t HttpNetworkTransaction::GetTotalSentBytes() const {
436 int64_t total_sent_bytes = total_sent_bytes_;
437 if (stream_)
438 total_sent_bytes += stream_->GetTotalSentBytes();
439 return total_sent_bytes;
440 }
441
DoneReading()442 void HttpNetworkTransaction::DoneReading() {}
443
GetResponseInfo() const444 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const {
445 return &response_;
446 }
447
GetLoadState() const448 LoadState HttpNetworkTransaction::GetLoadState() const {
449 // TODO(wtc): Define a new LoadState value for the
450 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request.
451 switch (next_state_) {
452 case STATE_CREATE_STREAM:
453 return LOAD_STATE_WAITING_FOR_DELEGATE;
454 case STATE_CREATE_STREAM_COMPLETE:
455 return stream_request_->GetLoadState();
456 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
457 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
458 case STATE_SEND_REQUEST_COMPLETE:
459 return LOAD_STATE_SENDING_REQUEST;
460 case STATE_READ_HEADERS_COMPLETE:
461 return LOAD_STATE_WAITING_FOR_RESPONSE;
462 case STATE_READ_BODY_COMPLETE:
463 return LOAD_STATE_READING_RESPONSE;
464 default:
465 return LOAD_STATE_IDLE;
466 }
467 }
468
SetQuicServerInfo(QuicServerInfo * quic_server_info)469 void HttpNetworkTransaction::SetQuicServerInfo(
470 QuicServerInfo* quic_server_info) {}
471
GetLoadTimingInfo(LoadTimingInfo * load_timing_info) const472 bool HttpNetworkTransaction::GetLoadTimingInfo(
473 LoadTimingInfo* load_timing_info) const {
474 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info))
475 return false;
476
477 load_timing_info->proxy_resolve_start =
478 proxy_info_.proxy_resolve_start_time();
479 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time();
480 load_timing_info->send_start = send_start_time_;
481 load_timing_info->send_end = send_end_time_;
482 return true;
483 }
484
GetRemoteEndpoint(IPEndPoint * endpoint) const485 bool HttpNetworkTransaction::GetRemoteEndpoint(IPEndPoint* endpoint) const {
486 if (remote_endpoint_.address().empty())
487 return false;
488
489 *endpoint = remote_endpoint_;
490 return true;
491 }
492
PopulateNetErrorDetails(NetErrorDetails * details) const493 void HttpNetworkTransaction::PopulateNetErrorDetails(
494 NetErrorDetails* details) const {
495 *details = net_error_details_;
496 if (stream_)
497 stream_->PopulateNetErrorDetails(details);
498 }
499
SetPriority(RequestPriority priority)500 void HttpNetworkTransaction::SetPriority(RequestPriority priority) {
501 priority_ = priority;
502
503 if (stream_request_)
504 stream_request_->SetPriority(priority);
505 if (stream_)
506 stream_->SetPriority(priority);
507
508 // The above call may have resulted in deleting |*this|.
509 }
510
SetWebSocketHandshakeStreamCreateHelper(WebSocketHandshakeStreamBase::CreateHelper * create_helper)511 void HttpNetworkTransaction::SetWebSocketHandshakeStreamCreateHelper(
512 WebSocketHandshakeStreamBase::CreateHelper* create_helper) {
513 websocket_handshake_stream_base_create_helper_ = create_helper;
514 }
515
SetBeforeNetworkStartCallback(const BeforeNetworkStartCallback & callback)516 void HttpNetworkTransaction::SetBeforeNetworkStartCallback(
517 const BeforeNetworkStartCallback& callback) {
518 before_network_start_callback_ = callback;
519 }
520
SetRequestHeadersCallback(RequestHeadersCallback callback)521 void HttpNetworkTransaction::SetRequestHeadersCallback(
522 RequestHeadersCallback callback) {
523 DCHECK(!stream_);
524 request_headers_callback_ = std::move(callback);
525 }
526
SetResponseHeadersCallback(ResponseHeadersCallback callback)527 void HttpNetworkTransaction::SetResponseHeadersCallback(
528 ResponseHeadersCallback callback) {
529 DCHECK(!stream_);
530 response_headers_callback_ = std::move(callback);
531 }
532
ResumeNetworkStart()533 int HttpNetworkTransaction::ResumeNetworkStart() {
534 DCHECK_EQ(next_state_, STATE_CREATE_STREAM);
535 return DoLoop(OK);
536 }
537
OnStreamReady(const SSLConfig & used_ssl_config,const ProxyInfo & used_proxy_info,std::unique_ptr<HttpStream> stream)538 void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
539 const ProxyInfo& used_proxy_info,
540 std::unique_ptr<HttpStream> stream) {
541 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
542 DCHECK(stream_request_.get());
543
544 if (stream_) {
545 total_received_bytes_ += stream_->GetTotalReceivedBytes();
546 total_sent_bytes_ += stream_->GetTotalSentBytes();
547 }
548 stream_ = std::move(stream);
549 stream_->SetRequestHeadersCallback(request_headers_callback_);
550 server_ssl_config_ = used_ssl_config;
551 proxy_info_ = used_proxy_info;
552 response_.was_alpn_negotiated = stream_request_->was_alpn_negotiated();
553 response_.alpn_negotiated_protocol =
554 NextProtoToString(stream_request_->negotiated_protocol());
555 response_.was_fetched_via_spdy = stream_request_->using_spdy();
556 SetProxyInfoInReponse(used_proxy_info, &response_);
557 OnIOComplete(OK);
558 }
559
OnBidirectionalStreamImplReady(const SSLConfig & used_ssl_config,const ProxyInfo & used_proxy_info,std::unique_ptr<BidirectionalStreamImpl> stream)560 void HttpNetworkTransaction::OnBidirectionalStreamImplReady(
561 const SSLConfig& used_ssl_config,
562 const ProxyInfo& used_proxy_info,
563 std::unique_ptr<BidirectionalStreamImpl> stream) {
564 NOTREACHED();
565 }
566
OnWebSocketHandshakeStreamReady(const SSLConfig & used_ssl_config,const ProxyInfo & used_proxy_info,std::unique_ptr<WebSocketHandshakeStreamBase> stream)567 void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady(
568 const SSLConfig& used_ssl_config,
569 const ProxyInfo& used_proxy_info,
570 std::unique_ptr<WebSocketHandshakeStreamBase> stream) {
571 OnStreamReady(used_ssl_config, used_proxy_info, std::move(stream));
572 }
573
OnStreamFailed(int result,const NetErrorDetails & net_error_details,const SSLConfig & used_ssl_config,const ProxyInfo & used_proxy_info,ResolveErrorInfo resolve_error_info)574 void HttpNetworkTransaction::OnStreamFailed(
575 int result,
576 const NetErrorDetails& net_error_details,
577 const SSLConfig& used_ssl_config,
578 const ProxyInfo& used_proxy_info,
579 ResolveErrorInfo resolve_error_info) {
580 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
581 DCHECK_NE(OK, result);
582 DCHECK(stream_request_.get());
583 DCHECK(!stream_.get());
584 server_ssl_config_ = used_ssl_config;
585 net_error_details_ = net_error_details;
586 proxy_info_ = used_proxy_info;
587 SetProxyInfoInReponse(used_proxy_info, &response_);
588 response_.resolve_error_info = resolve_error_info;
589
590 OnIOComplete(result);
591 }
592
OnCertificateError(int result,const SSLConfig & used_ssl_config,const SSLInfo & ssl_info)593 void HttpNetworkTransaction::OnCertificateError(
594 int result,
595 const SSLConfig& used_ssl_config,
596 const SSLInfo& ssl_info) {
597 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
598 DCHECK_NE(OK, result);
599 DCHECK(stream_request_.get());
600 DCHECK(!stream_.get());
601
602 response_.ssl_info = ssl_info;
603 server_ssl_config_ = used_ssl_config;
604
605 // TODO(mbelshe): For now, we're going to pass the error through, and that
606 // will close the stream_request in all cases. This means that we're always
607 // going to restart an entire STATE_CREATE_STREAM, even if the connection is
608 // good and the user chooses to ignore the error. This is not ideal, but not
609 // the end of the world either.
610
611 OnIOComplete(result);
612 }
613
OnNeedsProxyAuth(const HttpResponseInfo & proxy_response,const SSLConfig & used_ssl_config,const ProxyInfo & used_proxy_info,HttpAuthController * auth_controller)614 void HttpNetworkTransaction::OnNeedsProxyAuth(
615 const HttpResponseInfo& proxy_response,
616 const SSLConfig& used_ssl_config,
617 const ProxyInfo& used_proxy_info,
618 HttpAuthController* auth_controller) {
619 DCHECK(stream_request_.get());
620 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
621
622 establishing_tunnel_ = true;
623 response_.headers = proxy_response.headers;
624 response_.auth_challenge = proxy_response.auth_challenge;
625 response_.did_use_http_auth = proxy_response.did_use_http_auth;
626
627 if (response_.headers.get() && !ContentEncodingsValid()) {
628 DoCallback(ERR_CONTENT_DECODING_FAILED);
629 return;
630 }
631
632 headers_valid_ = true;
633 server_ssl_config_ = used_ssl_config;
634 proxy_info_ = used_proxy_info;
635
636 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
637 pending_auth_target_ = HttpAuth::AUTH_PROXY;
638
639 DoCallback(OK);
640 }
641
OnNeedsClientAuth(const SSLConfig & used_ssl_config,SSLCertRequestInfo * cert_info)642 void HttpNetworkTransaction::OnNeedsClientAuth(
643 const SSLConfig& used_ssl_config,
644 SSLCertRequestInfo* cert_info) {
645 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
646
647 server_ssl_config_ = used_ssl_config;
648 response_.cert_request_info = cert_info;
649 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
650 }
651
OnQuicBroken()652 void HttpNetworkTransaction::OnQuicBroken() {
653 net_error_details_.quic_broken = true;
654 }
655
GetConnectionAttempts(ConnectionAttempts * out) const656 void HttpNetworkTransaction::GetConnectionAttempts(
657 ConnectionAttempts* out) const {
658 *out = connection_attempts_;
659 }
660
IsSecureRequest() const661 bool HttpNetworkTransaction::IsSecureRequest() const {
662 return request_->url.SchemeIsCryptographic();
663 }
664
UsingHttpProxyWithoutTunnel() const665 bool HttpNetworkTransaction::UsingHttpProxyWithoutTunnel() const {
666 return (proxy_info_.is_http() || proxy_info_.is_https() ||
667 proxy_info_.is_quic()) &&
668 !(request_->url.SchemeIs("https") || request_->url.SchemeIsWSOrWSS());
669 }
670
DoCallback(int rv)671 void HttpNetworkTransaction::DoCallback(int rv) {
672 DCHECK_NE(rv, ERR_IO_PENDING);
673 DCHECK(!callback_.is_null());
674
675 #if BUILDFLAG(ENABLE_REPORTING)
676 // Just before invoking the caller's completion callback, generate a NEL
677 // report about this network request if the result was an error.
678 GenerateNetworkErrorLoggingReportIfError(rv);
679 #endif // BUILDFLAG(ENABLE_REPORTING)
680
681 // Since Run may result in Read being called, clear user_callback_ up front.
682 std::move(callback_).Run(rv);
683 }
684
OnIOComplete(int result)685 void HttpNetworkTransaction::OnIOComplete(int result) {
686 int rv = DoLoop(result);
687 if (rv != ERR_IO_PENDING)
688 DoCallback(rv);
689 }
690
DoLoop(int result)691 int HttpNetworkTransaction::DoLoop(int result) {
692 DCHECK(next_state_ != STATE_NONE);
693
694 int rv = result;
695 do {
696 State state = next_state_;
697 next_state_ = STATE_NONE;
698 switch (state) {
699 case STATE_NOTIFY_BEFORE_CREATE_STREAM:
700 DCHECK_EQ(OK, rv);
701 rv = DoNotifyBeforeCreateStream();
702 break;
703 case STATE_CREATE_STREAM:
704 DCHECK_EQ(OK, rv);
705 rv = DoCreateStream();
706 break;
707 case STATE_CREATE_STREAM_COMPLETE:
708 rv = DoCreateStreamComplete(rv);
709 break;
710 case STATE_INIT_STREAM:
711 DCHECK_EQ(OK, rv);
712 rv = DoInitStream();
713 break;
714 case STATE_INIT_STREAM_COMPLETE:
715 rv = DoInitStreamComplete(rv);
716 break;
717 case STATE_GENERATE_PROXY_AUTH_TOKEN:
718 DCHECK_EQ(OK, rv);
719 rv = DoGenerateProxyAuthToken();
720 break;
721 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
722 rv = DoGenerateProxyAuthTokenComplete(rv);
723 break;
724 case STATE_GENERATE_SERVER_AUTH_TOKEN:
725 DCHECK_EQ(OK, rv);
726 rv = DoGenerateServerAuthToken();
727 break;
728 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
729 rv = DoGenerateServerAuthTokenComplete(rv);
730 break;
731 case STATE_INIT_REQUEST_BODY:
732 DCHECK_EQ(OK, rv);
733 rv = DoInitRequestBody();
734 break;
735 case STATE_INIT_REQUEST_BODY_COMPLETE:
736 rv = DoInitRequestBodyComplete(rv);
737 break;
738 case STATE_BUILD_REQUEST:
739 DCHECK_EQ(OK, rv);
740 net_log_.BeginEvent(NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST);
741 rv = DoBuildRequest();
742 break;
743 case STATE_BUILD_REQUEST_COMPLETE:
744 rv = DoBuildRequestComplete(rv);
745 break;
746 case STATE_SEND_REQUEST:
747 DCHECK_EQ(OK, rv);
748 rv = DoSendRequest();
749 break;
750 case STATE_SEND_REQUEST_COMPLETE:
751 rv = DoSendRequestComplete(rv);
752 net_log_.EndEventWithNetErrorCode(
753 NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST, rv);
754 break;
755 case STATE_READ_HEADERS:
756 DCHECK_EQ(OK, rv);
757 net_log_.BeginEvent(NetLogEventType::HTTP_TRANSACTION_READ_HEADERS);
758 rv = DoReadHeaders();
759 break;
760 case STATE_READ_HEADERS_COMPLETE:
761 rv = DoReadHeadersComplete(rv);
762 net_log_.EndEventWithNetErrorCode(
763 NetLogEventType::HTTP_TRANSACTION_READ_HEADERS, rv);
764 break;
765 case STATE_READ_BODY:
766 DCHECK_EQ(OK, rv);
767 net_log_.BeginEvent(NetLogEventType::HTTP_TRANSACTION_READ_BODY);
768 rv = DoReadBody();
769 break;
770 case STATE_READ_BODY_COMPLETE:
771 rv = DoReadBodyComplete(rv);
772 net_log_.EndEventWithNetErrorCode(
773 NetLogEventType::HTTP_TRANSACTION_READ_BODY, rv);
774 break;
775 case STATE_DRAIN_BODY_FOR_AUTH_RESTART:
776 DCHECK_EQ(OK, rv);
777 net_log_.BeginEvent(
778 NetLogEventType::HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART);
779 rv = DoDrainBodyForAuthRestart();
780 break;
781 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE:
782 rv = DoDrainBodyForAuthRestartComplete(rv);
783 net_log_.EndEventWithNetErrorCode(
784 NetLogEventType::HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv);
785 break;
786 default:
787 NOTREACHED() << "bad state";
788 rv = ERR_FAILED;
789 break;
790 }
791 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
792
793 return rv;
794 }
795
DoNotifyBeforeCreateStream()796 int HttpNetworkTransaction::DoNotifyBeforeCreateStream() {
797 next_state_ = STATE_CREATE_STREAM;
798 bool defer = false;
799 if (!before_network_start_callback_.is_null())
800 before_network_start_callback_.Run(&defer);
801 if (!defer)
802 return OK;
803 return ERR_IO_PENDING;
804 }
805
DoCreateStream()806 int HttpNetworkTransaction::DoCreateStream() {
807 response_.network_accessed = true;
808
809 next_state_ = STATE_CREATE_STREAM_COMPLETE;
810 // IP based pooling is only enabled on a retry after 421 Misdirected Request
811 // is received. Alternative Services are also disabled in this case (though
812 // they can also be disabled when retrying after a QUIC error).
813 if (!enable_ip_based_pooling_)
814 DCHECK(!enable_alternative_services_);
815 if (ForWebSocketHandshake()) {
816 stream_request_ =
817 session_->http_stream_factory()->RequestWebSocketHandshakeStream(
818 *request_, priority_, server_ssl_config_, proxy_ssl_config_, this,
819 websocket_handshake_stream_base_create_helper_,
820 enable_ip_based_pooling_, enable_alternative_services_, net_log_);
821 } else {
822 stream_request_ = session_->http_stream_factory()->RequestStream(
823 *request_, priority_, server_ssl_config_, proxy_ssl_config_, this,
824 enable_ip_based_pooling_, enable_alternative_services_, net_log_);
825 }
826 DCHECK(stream_request_.get());
827 return ERR_IO_PENDING;
828 }
829
DoCreateStreamComplete(int result)830 int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
831 CopyConnectionAttemptsFromStreamRequest();
832 if (result == OK) {
833 next_state_ = STATE_INIT_STREAM;
834 DCHECK(stream_.get());
835 } else if (result == ERR_HTTP_1_1_REQUIRED ||
836 result == ERR_PROXY_HTTP_1_1_REQUIRED) {
837 return HandleHttp11Required(result);
838 }
839
840 // Handle possible client certificate errors that may have occurred if the
841 // stream used SSL for one or more of the layers.
842 result = HandleSSLClientAuthError(result);
843
844 // At this point we are done with the stream_request_.
845 stream_request_.reset();
846 return result;
847 }
848
DoInitStream()849 int HttpNetworkTransaction::DoInitStream() {
850 DCHECK(stream_.get());
851 next_state_ = STATE_INIT_STREAM_COMPLETE;
852
853 stream_->GetRemoteEndpoint(&remote_endpoint_);
854
855 return stream_->InitializeStream(request_, can_send_early_data_, priority_,
856 net_log_, io_callback_);
857 }
858
DoInitStreamComplete(int result)859 int HttpNetworkTransaction::DoInitStreamComplete(int result) {
860 if (result == OK) {
861 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
862 } else {
863 if (result < 0)
864 result = HandleIOError(result);
865
866 // The stream initialization failed, so this stream will never be useful.
867 if (stream_) {
868 total_received_bytes_ += stream_->GetTotalReceivedBytes();
869 total_sent_bytes_ += stream_->GetTotalSentBytes();
870 }
871 CacheNetErrorDetailsAndResetStream();
872 }
873
874 return result;
875 }
876
DoGenerateProxyAuthToken()877 int HttpNetworkTransaction::DoGenerateProxyAuthToken() {
878 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
879 if (!ShouldApplyProxyAuth())
880 return OK;
881 HttpAuth::Target target = HttpAuth::AUTH_PROXY;
882 if (!auth_controllers_[target].get())
883 auth_controllers_[target] = base::MakeRefCounted<HttpAuthController>(
884 target, AuthURL(target), request_->network_isolation_key,
885 session_->http_auth_cache(), session_->http_auth_handler_factory(),
886 session_->host_resolver());
887 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
888 io_callback_,
889 net_log_);
890 }
891
DoGenerateProxyAuthTokenComplete(int rv)892 int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) {
893 DCHECK_NE(ERR_IO_PENDING, rv);
894 if (rv == OK)
895 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN;
896 return rv;
897 }
898
DoGenerateServerAuthToken()899 int HttpNetworkTransaction::DoGenerateServerAuthToken() {
900 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE;
901 HttpAuth::Target target = HttpAuth::AUTH_SERVER;
902 if (!auth_controllers_[target].get()) {
903 auth_controllers_[target] = base::MakeRefCounted<HttpAuthController>(
904 target, AuthURL(target), request_->network_isolation_key,
905 session_->http_auth_cache(), session_->http_auth_handler_factory(),
906 session_->host_resolver());
907 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY)
908 auth_controllers_[target]->DisableEmbeddedIdentity();
909 }
910 if (!ShouldApplyServerAuth())
911 return OK;
912 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
913 io_callback_,
914 net_log_);
915 }
916
DoGenerateServerAuthTokenComplete(int rv)917 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
918 DCHECK_NE(ERR_IO_PENDING, rv);
919 if (rv == OK)
920 next_state_ = STATE_INIT_REQUEST_BODY;
921 return rv;
922 }
923
BuildRequestHeaders(bool using_http_proxy_without_tunnel)924 int HttpNetworkTransaction::BuildRequestHeaders(
925 bool using_http_proxy_without_tunnel) {
926 request_headers_.SetHeader(HttpRequestHeaders::kHost,
927 GetHostAndOptionalPort(request_->url));
928
929 // For compat with HTTP/1.0 servers and proxies:
930 if (using_http_proxy_without_tunnel) {
931 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
932 "keep-alive");
933 } else {
934 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
935 }
936
937 // Add a content length header?
938 if (request_->upload_data_stream) {
939 if (request_->upload_data_stream->is_chunked()) {
940 request_headers_.SetHeader(
941 HttpRequestHeaders::kTransferEncoding, "chunked");
942 } else {
943 request_headers_.SetHeader(
944 HttpRequestHeaders::kContentLength,
945 base::NumberToString(request_->upload_data_stream->size()));
946 }
947 } else if (request_->method == "POST" || request_->method == "PUT") {
948 // An empty POST/PUT request still needs a content length. As for HEAD,
949 // IE and Safari also add a content length header. Presumably it is to
950 // support sending a HEAD request to an URL that only expects to be sent a
951 // POST or some other method that normally would have a message body.
952 // Firefox (40.0) does not send the header, and RFC 7230 & 7231
953 // specify that it should not be sent due to undefined behavior.
954 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
955 }
956
957 // Honor load flags that impact proxy caches.
958 if (request_->load_flags & LOAD_BYPASS_CACHE) {
959 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
960 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
961 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
962 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
963 }
964
965 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
966 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
967 &request_headers_);
968 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
969 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
970 &request_headers_);
971
972 request_headers_.MergeFrom(request_->extra_headers);
973
974 response_.did_use_http_auth =
975 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
976 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
977 return OK;
978 }
979
DoInitRequestBody()980 int HttpNetworkTransaction::DoInitRequestBody() {
981 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
982 int rv = OK;
983 if (request_->upload_data_stream)
984 rv = request_->upload_data_stream->Init(
985 base::BindOnce(&HttpNetworkTransaction::OnIOComplete,
986 base::Unretained(this)),
987 net_log_);
988 return rv;
989 }
990
DoInitRequestBodyComplete(int result)991 int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
992 if (result == OK)
993 next_state_ = STATE_BUILD_REQUEST;
994 return result;
995 }
996
DoBuildRequest()997 int HttpNetworkTransaction::DoBuildRequest() {
998 next_state_ = STATE_BUILD_REQUEST_COMPLETE;
999 headers_valid_ = false;
1000
1001 // This is constructed lazily (instead of within our Start method), so that
1002 // we have proxy info available.
1003 if (request_headers_.IsEmpty()) {
1004 bool using_http_proxy_without_tunnel = UsingHttpProxyWithoutTunnel();
1005 return BuildRequestHeaders(using_http_proxy_without_tunnel);
1006 }
1007
1008 return OK;
1009 }
1010
DoBuildRequestComplete(int result)1011 int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
1012 if (result == OK)
1013 next_state_ = STATE_SEND_REQUEST;
1014 return result;
1015 }
1016
DoSendRequest()1017 int HttpNetworkTransaction::DoSendRequest() {
1018 send_start_time_ = base::TimeTicks::Now();
1019 next_state_ = STATE_SEND_REQUEST_COMPLETE;
1020
1021 return stream_->SendRequest(request_headers_, &response_, io_callback_);
1022 }
1023
DoSendRequestComplete(int result)1024 int HttpNetworkTransaction::DoSendRequestComplete(int result) {
1025 send_end_time_ = base::TimeTicks::Now();
1026
1027 if (result == ERR_HTTP_1_1_REQUIRED ||
1028 result == ERR_PROXY_HTTP_1_1_REQUIRED) {
1029 return HandleHttp11Required(result);
1030 }
1031
1032 if (result < 0)
1033 return HandleIOError(result);
1034 next_state_ = STATE_READ_HEADERS;
1035 return OK;
1036 }
1037
DoReadHeaders()1038 int HttpNetworkTransaction::DoReadHeaders() {
1039 next_state_ = STATE_READ_HEADERS_COMPLETE;
1040 return stream_->ReadResponseHeaders(io_callback_);
1041 }
1042
DoReadHeadersComplete(int result)1043 int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
1044 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here
1045 // due to SSL renegotiation.
1046 if (IsCertificateError(result)) {
1047 // We don't handle a certificate error during SSL renegotiation, so we
1048 // have to return an error that's not in the certificate error range
1049 // (-2xx).
1050 //
1051 // TODO(davidben): Remove this error. This is impossible now that server
1052 // certificates are forbidden from changing in renegotiation.
1053 LOG(ERROR) << "Got a server certificate with error " << result
1054 << " during SSL renegotiation";
1055 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
1056 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
1057 DCHECK(stream_.get());
1058 DCHECK(IsSecureRequest());
1059 response_.cert_request_info = base::MakeRefCounted<SSLCertRequestInfo>();
1060 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get());
1061 total_received_bytes_ += stream_->GetTotalReceivedBytes();
1062 total_sent_bytes_ += stream_->GetTotalSentBytes();
1063 stream_->Close(true);
1064 CacheNetErrorDetailsAndResetStream();
1065 }
1066
1067 if (result == ERR_HTTP_1_1_REQUIRED ||
1068 result == ERR_PROXY_HTTP_1_1_REQUIRED) {
1069 return HandleHttp11Required(result);
1070 }
1071
1072 // ERR_CONNECTION_CLOSED is treated differently at this point; if partial
1073 // response headers were received, we do the best we can to make sense of it
1074 // and send it back up the stack.
1075 //
1076 // TODO(davidben): Consider moving this to HttpBasicStream, It's a little
1077 // bizarre for SPDY. Assuming this logic is useful at all.
1078 // TODO(davidben): Bubble the error code up so we do not cache?
1079 if (result == ERR_CONNECTION_CLOSED && response_.headers.get())
1080 result = OK;
1081
1082 if (result < 0)
1083 return HandleIOError(result);
1084
1085 DCHECK(response_.headers.get());
1086
1087 if (response_.headers.get() && !ContentEncodingsValid())
1088 return ERR_CONTENT_DECODING_FAILED;
1089
1090 // On a 408 response from the server ("Request Timeout") on a stale socket,
1091 // retry the request for HTTP/1.1 but not HTTP/2 or QUIC because those
1092 // multiplex requests and have no need for 408.
1093 // Headers can be NULL because of http://crbug.com/384554.
1094 if (response_.headers.get() &&
1095 response_.headers->response_code() == HTTP_REQUEST_TIMEOUT &&
1096 HttpResponseInfo::ConnectionInfoToCoarse(response_.connection_info) ==
1097 HttpResponseInfo::CONNECTION_INFO_COARSE_HTTP1 &&
1098 stream_->IsConnectionReused()) {
1099 #if BUILDFLAG(ENABLE_REPORTING)
1100 GenerateNetworkErrorLoggingReport(OK);
1101 #endif // BUILDFLAG(ENABLE_REPORTING)
1102 net_log_.AddEventWithNetErrorCode(
1103 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR,
1104 response_.headers->response_code());
1105 // This will close the socket - it would be weird to try and reuse it, even
1106 // if the server doesn't actually close it.
1107 ResetConnectionAndRequestForResend();
1108 return OK;
1109 }
1110
1111 NetLogResponseHeaders(net_log_,
1112 NetLogEventType::HTTP_TRANSACTION_READ_RESPONSE_HEADERS,
1113 response_.headers.get());
1114 if (response_headers_callback_)
1115 response_headers_callback_.Run(response_.headers);
1116
1117 if (response_.headers->GetHttpVersion() < HttpVersion(1, 0)) {
1118 // HTTP/0.9 doesn't support the PUT method, so lack of response headers
1119 // indicates a buggy server. See:
1120 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921
1121 if (request_->method == "PUT")
1122 return ERR_METHOD_NOT_SUPPORTED;
1123 }
1124
1125 if (can_send_early_data_ && response_.headers.get() &&
1126 response_.headers->response_code() == HTTP_TOO_EARLY) {
1127 return HandleIOError(ERR_EARLY_DATA_REJECTED);
1128 }
1129
1130 // Check for an intermediate 100 Continue response. An origin server is
1131 // allowed to send this response even if we didn't ask for it, so we just
1132 // need to skip over it.
1133 // We treat any other 1xx in this same way (although in practice getting
1134 // a 1xx that isn't a 100 is rare).
1135 // Unless this is a WebSocket request, in which case we pass it on up.
1136 if (response_.headers->response_code() / 100 == 1 &&
1137 !ForWebSocketHandshake()) {
1138 response_.headers = new HttpResponseHeaders(std::string());
1139 next_state_ = STATE_READ_HEADERS;
1140 return OK;
1141 }
1142
1143 if (response_.headers->response_code() == 421 &&
1144 (enable_ip_based_pooling_ || enable_alternative_services_)) {
1145 #if BUILDFLAG(ENABLE_REPORTING)
1146 GenerateNetworkErrorLoggingReport(OK);
1147 #endif // BUILDFLAG(ENABLE_REPORTING)
1148 // Retry the request with both IP based pooling and Alternative Services
1149 // disabled.
1150 enable_ip_based_pooling_ = false;
1151 enable_alternative_services_ = false;
1152 net_log_.AddEvent(
1153 NetLogEventType::HTTP_TRANSACTION_RESTART_MISDIRECTED_REQUEST);
1154 ResetConnectionAndRequestForResend();
1155 return OK;
1156 }
1157
1158 if (IsSecureRequest()) {
1159 stream_->GetSSLInfo(&response_.ssl_info);
1160 if (response_.ssl_info.is_valid() &&
1161 !IsCertStatusError(response_.ssl_info.cert_status)) {
1162 session_->http_stream_factory()->ProcessAlternativeServices(
1163 session_, network_isolation_key_, response_.headers.get(),
1164 url::SchemeHostPort(request_->url));
1165 }
1166 }
1167
1168 int rv = HandleAuthChallenge();
1169 if (rv != OK)
1170 return rv;
1171
1172 #if BUILDFLAG(ENABLE_REPORTING)
1173 // Note: Unless there is a pre-existing NEL policy for this origin, any NEL
1174 // reports generated before the NEL header is processed here will just be
1175 // dropped by the NetworkErrorLoggingService.
1176 ProcessReportToHeader();
1177 ProcessNetworkErrorLoggingHeader();
1178
1179 // Generate NEL report here if we have to report an HTTP error (4xx or 5xx
1180 // code), or if the response body will not be read, or on a redirect.
1181 // Note: This will report a success for a redirect even if an error is
1182 // encountered later while draining the body.
1183 int response_code = response_.headers->response_code();
1184 if ((response_code >= 400 && response_code < 600) ||
1185 response_code == HTTP_NO_CONTENT || response_code == HTTP_RESET_CONTENT ||
1186 response_code == HTTP_NOT_MODIFIED || request_->method == "HEAD" ||
1187 response_.headers->GetContentLength() == 0 ||
1188 response_.headers->IsRedirect(nullptr /* location */)) {
1189 GenerateNetworkErrorLoggingReport(OK);
1190 }
1191 #endif // BUILDFLAG(ENABLE_REPORTING)
1192
1193 headers_valid_ = true;
1194
1195 // We have reached the end of Start state machine, set the RequestInfo to
1196 // null.
1197 // RequestInfo is a member of the HttpTransaction's consumer and is useful
1198 // only until the final response headers are received. Clearing it will ensure
1199 // that HttpRequestInfo is only used up until final response headers are
1200 // received. Clearing is allowed so that the transaction can be disassociated
1201 // from its creating consumer in cases where it is shared for writing to the
1202 // cache. It is also safe to set it to null at this point since
1203 // upload_data_stream is also not used in the Read state machine.
1204 if (pending_auth_target_ == HttpAuth::AUTH_NONE)
1205 request_ = nullptr;
1206
1207 return OK;
1208 }
1209
DoReadBody()1210 int HttpNetworkTransaction::DoReadBody() {
1211 DCHECK(read_buf_.get());
1212 DCHECK_GT(read_buf_len_, 0);
1213 DCHECK(stream_ != nullptr);
1214
1215 next_state_ = STATE_READ_BODY_COMPLETE;
1216 return stream_->ReadResponseBody(
1217 read_buf_.get(), read_buf_len_, io_callback_);
1218 }
1219
DoReadBodyComplete(int result)1220 int HttpNetworkTransaction::DoReadBodyComplete(int result) {
1221 // We are done with the Read call.
1222 bool done = false;
1223 if (result <= 0) {
1224 DCHECK_NE(ERR_IO_PENDING, result);
1225 done = true;
1226 }
1227
1228 // Clean up connection if we are done.
1229 if (done) {
1230 // Note: Just because IsResponseBodyComplete is true, we're not
1231 // necessarily "done". We're only "done" when it is the last
1232 // read on this HttpNetworkTransaction, which will be signified
1233 // by a zero-length read.
1234 // TODO(mbelshe): The keep-alive property is really a property of
1235 // the stream. No need to compute it here just to pass back
1236 // to the stream's Close function.
1237 bool keep_alive =
1238 stream_->IsResponseBodyComplete() && stream_->CanReuseConnection();
1239
1240 stream_->Close(!keep_alive);
1241 // Note: we don't reset the stream here. We've closed it, but we still
1242 // need it around so that callers can call methods such as
1243 // GetUploadProgress() and have them be meaningful.
1244 // TODO(mbelshe): This means we closed the stream here, and we close it
1245 // again in ~HttpNetworkTransaction. Clean that up.
1246
1247 // The next Read call will return 0 (EOF).
1248
1249 // This transaction was successful. If it had been retried because of an
1250 // error with an alternative service, mark that alternative service broken.
1251 if (!enable_alternative_services_ &&
1252 retried_alternative_service_.protocol != kProtoUnknown) {
1253 HistogramBrokenAlternateProtocolLocation(
1254 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_NETWORK_TRANSACTION);
1255 session_->http_server_properties()->MarkAlternativeServiceBroken(
1256 retried_alternative_service_, network_isolation_key_);
1257 }
1258
1259 #if BUILDFLAG(ENABLE_REPORTING)
1260 GenerateNetworkErrorLoggingReport(result);
1261 #endif // BUILDFLAG(ENABLE_REPORTING)
1262 }
1263
1264 // Clear these to avoid leaving around old state.
1265 read_buf_ = nullptr;
1266 read_buf_len_ = 0;
1267
1268 return result;
1269 }
1270
DoDrainBodyForAuthRestart()1271 int HttpNetworkTransaction::DoDrainBodyForAuthRestart() {
1272 // This method differs from DoReadBody only in the next_state_. So we just
1273 // call DoReadBody and override the next_state_. Perhaps there is a more
1274 // elegant way for these two methods to share code.
1275 int rv = DoReadBody();
1276 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE);
1277 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE;
1278 return rv;
1279 }
1280
1281 // TODO(wtc): This method and the DoReadBodyComplete method are almost
1282 // the same. Figure out a good way for these two methods to share code.
DoDrainBodyForAuthRestartComplete(int result)1283 int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) {
1284 // keep_alive defaults to true because the very reason we're draining the
1285 // response body is to reuse the connection for auth restart.
1286 bool done = false, keep_alive = true;
1287 if (result < 0) {
1288 // Error or closed connection while reading the socket.
1289 // Note: No Network Error Logging report is generated here because a report
1290 // will have already been generated for the original request due to the auth
1291 // challenge, so a second report is not generated for the same request here.
1292 done = true;
1293 keep_alive = false;
1294 } else if (stream_->IsResponseBodyComplete()) {
1295 done = true;
1296 }
1297
1298 if (done) {
1299 DidDrainBodyForAuthRestart(keep_alive);
1300 } else {
1301 // Keep draining.
1302 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
1303 }
1304
1305 return OK;
1306 }
1307
1308 #if BUILDFLAG(ENABLE_REPORTING)
ProcessReportToHeader()1309 void HttpNetworkTransaction::ProcessReportToHeader() {
1310 std::string value;
1311 if (!response_.headers->GetNormalizedHeader("Report-To", &value))
1312 return;
1313
1314 ReportingService* service = session_->reporting_service();
1315 if (!service) {
1316 ReportingHeaderParser::RecordHeaderDiscardedForNoReportingService();
1317 return;
1318 }
1319
1320 // Only accept Report-To headers on HTTPS connections that have no
1321 // certificate errors.
1322 if (!response_.ssl_info.is_valid()) {
1323 ReportingHeaderParser::RecordHeaderDiscardedForInvalidSSLInfo();
1324 return;
1325 }
1326 if (IsCertStatusError(response_.ssl_info.cert_status)) {
1327 ReportingHeaderParser::RecordHeaderDiscardedForCertStatusError();
1328 return;
1329 }
1330
1331 service->ProcessHeader(url_.GetOrigin(), value);
1332 }
1333
ProcessNetworkErrorLoggingHeader()1334 void HttpNetworkTransaction::ProcessNetworkErrorLoggingHeader() {
1335 std::string value;
1336 if (!response_.headers->GetNormalizedHeader(
1337 NetworkErrorLoggingService::kHeaderName, &value)) {
1338 return;
1339 }
1340
1341 NetworkErrorLoggingService* service =
1342 session_->network_error_logging_service();
1343 if (!service) {
1344 NetworkErrorLoggingService::
1345 RecordHeaderDiscardedForNoNetworkErrorLoggingService();
1346 return;
1347 }
1348
1349 // Don't accept NEL headers received via a proxy, because the IP address of
1350 // the destination server is not known.
1351 if (response_.was_fetched_via_proxy)
1352 return;
1353
1354 // Only accept NEL headers on HTTPS connections that have no certificate
1355 // errors.
1356 if (!response_.ssl_info.is_valid()) {
1357 NetworkErrorLoggingService::RecordHeaderDiscardedForInvalidSSLInfo();
1358 return;
1359 }
1360 if (IsCertStatusError(response_.ssl_info.cert_status)) {
1361 NetworkErrorLoggingService::RecordHeaderDiscardedForCertStatusError();
1362 return;
1363 }
1364
1365 if (remote_endpoint_.address().empty()) {
1366 NetworkErrorLoggingService::RecordHeaderDiscardedForMissingRemoteEndpoint();
1367 return;
1368 }
1369
1370 service->OnHeader(url::Origin::Create(url_), remote_endpoint_.address(),
1371 value);
1372 }
1373
GenerateNetworkErrorLoggingReportIfError(int rv)1374 void HttpNetworkTransaction::GenerateNetworkErrorLoggingReportIfError(int rv) {
1375 if (rv < 0 && rv != ERR_IO_PENDING)
1376 GenerateNetworkErrorLoggingReport(rv);
1377 }
1378
GenerateNetworkErrorLoggingReport(int rv)1379 void HttpNetworkTransaction::GenerateNetworkErrorLoggingReport(int rv) {
1380 // |rv| should be a valid net::Error
1381 DCHECK_NE(rv, ERR_IO_PENDING);
1382 DCHECK_LE(rv, 0);
1383
1384 if (network_error_logging_report_generated_)
1385 return;
1386 network_error_logging_report_generated_ = true;
1387
1388 NetworkErrorLoggingService* service =
1389 session_->network_error_logging_service();
1390 if (!service)
1391 return;
1392
1393 // Don't report on proxy auth challenges.
1394 if (response_.headers && response_.headers->response_code() ==
1395 HTTP_PROXY_AUTHENTICATION_REQUIRED) {
1396 return;
1397 }
1398
1399 // Don't generate NEL reports if we are behind a proxy, to avoid leaking
1400 // internal network details.
1401 if (response_.was_fetched_via_proxy)
1402 return;
1403
1404 // Ignore errors from non-HTTPS origins.
1405 if (!url_.SchemeIsCryptographic())
1406 return;
1407
1408 NetworkErrorLoggingService::RequestDetails details;
1409
1410 details.uri = url_;
1411 if (!request_referrer_.empty())
1412 details.referrer = GURL(request_referrer_);
1413 details.user_agent = request_user_agent_;
1414 if (!remote_endpoint_.address().empty()) {
1415 details.server_ip = remote_endpoint_.address();
1416 } else {
1417 details.server_ip = IPAddress();
1418 }
1419 // HttpResponseHeaders::response_code() returns 0 if response code couldn't
1420 // be parsed, which is also how NEL represents the same.
1421 if (response_.headers) {
1422 details.status_code = response_.headers->response_code();
1423 } else {
1424 details.status_code = 0;
1425 }
1426 // If we got response headers, assume that the connection used HTTP/1.1
1427 // unless ALPN negotiation tells us otherwise (handled below).
1428 if (response_.was_alpn_negotiated) {
1429 details.protocol = response_.alpn_negotiated_protocol;
1430 } else {
1431 details.protocol = "http/1.1";
1432 }
1433 details.method = request_method_;
1434 details.elapsed_time = base::TimeTicks::Now() - start_timeticks_;
1435 details.type = static_cast<Error>(rv);
1436 details.reporting_upload_depth = request_reporting_upload_depth_;
1437
1438 service->OnRequest(std::move(details));
1439 }
1440 #endif // BUILDFLAG(ENABLE_REPORTING)
1441
HandleHttp11Required(int error)1442 int HttpNetworkTransaction::HandleHttp11Required(int error) {
1443 DCHECK(error == ERR_HTTP_1_1_REQUIRED ||
1444 error == ERR_PROXY_HTTP_1_1_REQUIRED);
1445
1446 // HttpServerProperties should have been updated, so when the request is sent
1447 // again, it will automatically use HTTP/1.1.
1448 ResetConnectionAndRequestForResend();
1449 return OK;
1450 }
1451
HandleSSLClientAuthError(int error)1452 int HttpNetworkTransaction::HandleSSLClientAuthError(int error) {
1453 // Client certificate errors may come from either the origin server or the
1454 // proxy.
1455 //
1456 // Origin errors are handled here, while most proxy errors are handled in the
1457 // HttpStreamFactory and below. However, if the request is not tunneled (i.e.
1458 // the origin is HTTP, so there is no HTTPS connection) and the proxy does not
1459 // report a bad client certificate until after the TLS handshake completes.
1460 // The latter occurs in TLS 1.3 or TLS 1.2 with False Start (disabled for
1461 // proxies). The error will then surface out of Read() rather than Connect()
1462 // and ultimately surfaced out of DoReadHeadersComplete().
1463 //
1464 // See https://crbug.com/828965.
1465 bool is_server = !UsingHttpProxyWithoutTunnel();
1466 HostPortPair host_port_pair =
1467 is_server ? HostPortPair::FromURL(request_->url)
1468 : proxy_info_.proxy_server().host_port_pair();
1469
1470 if (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error)) {
1471 DCHECK((is_server && IsSecureRequest()) || proxy_info_.is_https());
1472 if (session_->ssl_client_context()->ClearClientCertificate(
1473 host_port_pair)) {
1474 // The private key handle may have gone stale due to, e.g., the user
1475 // unplugging their smartcard. Operating systems do not provide reliable
1476 // notifications for this, so if the signature failed and the user was
1477 // not already prompted for certificate on this request, retry to ask
1478 // the user for a new one.
1479 //
1480 // TODO(davidben): There is no corresponding feature for proxy client
1481 // certificates. Ideally this would live at a lower level, common to both,
1482 // but |configured_client_cert_for_server_| is not accessible below the
1483 // socket pools.
1484 if (is_server && error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED &&
1485 !configured_client_cert_for_server_ && !HasExceededMaxRetries()) {
1486 retry_attempts_++;
1487 net_log_.AddEventWithNetErrorCode(
1488 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1489 ResetConnectionAndRequestForResend();
1490 return OK;
1491 }
1492 }
1493 }
1494 return error;
1495 }
1496
1497 // This method determines whether it is safe to resend the request after an
1498 // IO error. It can only be called in response to request header or body
1499 // write errors or response header read errors. It should not be used in
1500 // other cases, such as a Connect error.
HandleIOError(int error)1501 int HttpNetworkTransaction::HandleIOError(int error) {
1502 // Because the peer may request renegotiation with client authentication at
1503 // any time, check and handle client authentication errors.
1504 error = HandleSSLClientAuthError(error);
1505
1506 #if BUILDFLAG(ENABLE_REPORTING)
1507 GenerateNetworkErrorLoggingReportIfError(error);
1508 #endif // BUILDFLAG(ENABLE_REPORTING)
1509
1510 switch (error) {
1511 // If we try to reuse a connection that the server is in the process of
1512 // closing, we may end up successfully writing out our request (or a
1513 // portion of our request) only to find a connection error when we try to
1514 // read from (or finish writing to) the socket.
1515 case ERR_CONNECTION_RESET:
1516 case ERR_CONNECTION_CLOSED:
1517 case ERR_CONNECTION_ABORTED:
1518 // There can be a race between the socket pool checking checking whether a
1519 // socket is still connected, receiving the FIN, and sending/reading data
1520 // on a reused socket. If we receive the FIN between the connectedness
1521 // check and writing/reading from the socket, we may first learn the socket
1522 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most
1523 // likely happen when trying to retrieve its IP address.
1524 // See http://crbug.com/105824 for more details.
1525 case ERR_SOCKET_NOT_CONNECTED:
1526 // If a socket is closed on its initial request, HttpStreamParser returns
1527 // ERR_EMPTY_RESPONSE. This may still be close/reuse race if the socket was
1528 // preconnected but failed to be used before the server timed it out.
1529 case ERR_EMPTY_RESPONSE:
1530 if (ShouldResendRequest()) {
1531 net_log_.AddEventWithNetErrorCode(
1532 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1533 ResetConnectionAndRequestForResend();
1534 error = OK;
1535 }
1536 break;
1537 case ERR_EARLY_DATA_REJECTED:
1538 case ERR_WRONG_VERSION_ON_EARLY_DATA:
1539 net_log_.AddEventWithNetErrorCode(
1540 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1541 // Disable early data on the SSLConfig on a reset.
1542 can_send_early_data_ = false;
1543 ResetConnectionAndRequestForResend();
1544 error = OK;
1545 break;
1546 case ERR_HTTP2_PING_FAILED:
1547 case ERR_HTTP2_SERVER_REFUSED_STREAM:
1548 case ERR_HTTP2_PUSHED_STREAM_NOT_AVAILABLE:
1549 case ERR_HTTP2_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER:
1550 case ERR_HTTP2_PUSHED_RESPONSE_DOES_NOT_MATCH:
1551 case ERR_QUIC_HANDSHAKE_FAILED:
1552 if (HasExceededMaxRetries())
1553 break;
1554 net_log_.AddEventWithNetErrorCode(
1555 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1556 retry_attempts_++;
1557 ResetConnectionAndRequestForResend();
1558 error = OK;
1559 break;
1560 case ERR_QUIC_PROTOCOL_ERROR:
1561 if (GetResponseHeaders() != nullptr ||
1562 !stream_->GetAlternativeService(&retried_alternative_service_)) {
1563 // If the response headers have already been recieved and passed up
1564 // then the request can not be retried. Also, if there was no
1565 // alternative service used for this request, then there is no
1566 // alternative service to be disabled.
1567 break;
1568 }
1569 if (HasExceededMaxRetries())
1570 break;
1571 if (session_->http_server_properties()->IsAlternativeServiceBroken(
1572 retried_alternative_service_, network_isolation_key_)) {
1573 // If the alternative service was marked as broken while the request
1574 // was in flight, retry the request which will not use the broken
1575 // alternative service.
1576 net_log_.AddEventWithNetErrorCode(
1577 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1578 retry_attempts_++;
1579 ResetConnectionAndRequestForResend();
1580 error = OK;
1581 } else if (session_->context()
1582 .quic_context->params()
1583 ->retry_without_alt_svc_on_quic_errors) {
1584 // Disable alternative services for this request and retry it. If the
1585 // retry succeeds, then the alternative service will be marked as
1586 // broken then.
1587 enable_alternative_services_ = false;
1588 net_log_.AddEventWithNetErrorCode(
1589 NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1590 retry_attempts_++;
1591 ResetConnectionAndRequestForResend();
1592 error = OK;
1593 }
1594 break;
1595 }
1596 return error;
1597 }
1598
ResetStateForRestart()1599 void HttpNetworkTransaction::ResetStateForRestart() {
1600 ResetStateForAuthRestart();
1601 if (stream_) {
1602 total_received_bytes_ += stream_->GetTotalReceivedBytes();
1603 total_sent_bytes_ += stream_->GetTotalSentBytes();
1604 }
1605 CacheNetErrorDetailsAndResetStream();
1606 }
1607
ResetStateForAuthRestart()1608 void HttpNetworkTransaction::ResetStateForAuthRestart() {
1609 send_start_time_ = base::TimeTicks();
1610 send_end_time_ = base::TimeTicks();
1611
1612 pending_auth_target_ = HttpAuth::AUTH_NONE;
1613 read_buf_ = nullptr;
1614 read_buf_len_ = 0;
1615 headers_valid_ = false;
1616 request_headers_.Clear();
1617 response_ = HttpResponseInfo();
1618 establishing_tunnel_ = false;
1619 remote_endpoint_ = IPEndPoint();
1620 net_error_details_.quic_broken = false;
1621 net_error_details_.quic_connection_error = quic::QUIC_NO_ERROR;
1622 #if BUILDFLAG(ENABLE_REPORTING)
1623 network_error_logging_report_generated_ = false;
1624 start_timeticks_ = base::TimeTicks::Now();
1625 #endif // BUILDFLAG(ENABLE_REPORTING)
1626 }
1627
CacheNetErrorDetailsAndResetStream()1628 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() {
1629 if (stream_)
1630 stream_->PopulateNetErrorDetails(&net_error_details_);
1631 stream_.reset();
1632 }
1633
GetResponseHeaders() const1634 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
1635 return response_.headers.get();
1636 }
1637
ShouldResendRequest() const1638 bool HttpNetworkTransaction::ShouldResendRequest() const {
1639 bool connection_is_proven = stream_->IsConnectionReused();
1640 bool has_received_headers = GetResponseHeaders() != nullptr;
1641
1642 // NOTE: we resend a request only if we reused a keep-alive connection.
1643 // This automatically prevents an infinite resend loop because we'll run
1644 // out of the cached keep-alive connections eventually.
1645 if (connection_is_proven && !has_received_headers)
1646 return true;
1647 return false;
1648 }
1649
HasExceededMaxRetries() const1650 bool HttpNetworkTransaction::HasExceededMaxRetries() const {
1651 return (retry_attempts_ >= kMaxRetryAttempts);
1652 }
1653
CheckMaxRestarts()1654 bool HttpNetworkTransaction::CheckMaxRestarts() {
1655 num_restarts_++;
1656 return num_restarts_ < kMaxRestarts;
1657 }
1658
ResetConnectionAndRequestForResend()1659 void HttpNetworkTransaction::ResetConnectionAndRequestForResend() {
1660 if (stream_.get()) {
1661 stream_->Close(true);
1662 CacheNetErrorDetailsAndResetStream();
1663 }
1664
1665 // We need to clear request_headers_ because it contains the real request
1666 // headers, but we may need to resend the CONNECT request first to recreate
1667 // the SSL tunnel.
1668 request_headers_.Clear();
1669 next_state_ = STATE_CREATE_STREAM; // Resend the request.
1670
1671 #if BUILDFLAG(ENABLE_REPORTING)
1672 // Reset for new request.
1673 network_error_logging_report_generated_ = false;
1674 start_timeticks_ = base::TimeTicks::Now();
1675 #endif // BUILDFLAG(ENABLE_REPORTING)
1676
1677 ResetStateForRestart();
1678 }
1679
ShouldApplyProxyAuth() const1680 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
1681 return UsingHttpProxyWithoutTunnel();
1682 }
1683
ShouldApplyServerAuth() const1684 bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
1685 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
1686 }
1687
HandleAuthChallenge()1688 int HttpNetworkTransaction::HandleAuthChallenge() {
1689 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
1690 DCHECK(headers.get());
1691
1692 int status = headers->response_code();
1693 if (status != HTTP_UNAUTHORIZED &&
1694 status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
1695 return OK;
1696 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ?
1697 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
1698 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
1699 return ERR_UNEXPECTED_PROXY_AUTH;
1700
1701 // This case can trigger when an HTTPS server responds with a "Proxy
1702 // authentication required" status code through a non-authenticating
1703 // proxy.
1704 if (!auth_controllers_[target].get())
1705 return ERR_UNEXPECTED_PROXY_AUTH;
1706
1707 int rv = auth_controllers_[target]->HandleAuthChallenge(
1708 headers, response_.ssl_info,
1709 (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
1710 net_log_);
1711 if (auth_controllers_[target]->HaveAuthHandler())
1712 pending_auth_target_ = target;
1713
1714 auth_controllers_[target]->TakeAuthInfo(&response_.auth_challenge);
1715
1716 return rv;
1717 }
1718
HaveAuth(HttpAuth::Target target) const1719 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
1720 return auth_controllers_[target].get() &&
1721 auth_controllers_[target]->HaveAuth();
1722 }
1723
AuthURL(HttpAuth::Target target) const1724 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
1725 switch (target) {
1726 case HttpAuth::AUTH_PROXY: {
1727 if (!proxy_info_.proxy_server().is_valid() ||
1728 proxy_info_.proxy_server().is_direct()) {
1729 return GURL(); // There is no proxy server.
1730 }
1731 const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
1732 return GURL(scheme +
1733 proxy_info_.proxy_server().host_port_pair().ToString());
1734 }
1735 case HttpAuth::AUTH_SERVER:
1736 if (ForWebSocketHandshake()) {
1737 return net::ChangeWebSocketSchemeToHttpScheme(request_->url);
1738 }
1739 return request_->url;
1740 default:
1741 return GURL();
1742 }
1743 }
1744
ForWebSocketHandshake() const1745 bool HttpNetworkTransaction::ForWebSocketHandshake() const {
1746 return websocket_handshake_stream_base_create_helper_ &&
1747 request_->url.SchemeIsWSOrWSS();
1748 }
1749
CopyConnectionAttemptsFromStreamRequest()1750 void HttpNetworkTransaction::CopyConnectionAttemptsFromStreamRequest() {
1751 DCHECK(stream_request_);
1752
1753 // Since the transaction can restart with auth credentials, it may create a
1754 // stream more than once. Accumulate all of the connection attempts across
1755 // those streams by appending them to the vector:
1756 for (const auto& attempt : stream_request_->connection_attempts())
1757 connection_attempts_.push_back(attempt);
1758 }
1759
ContentEncodingsValid() const1760 bool HttpNetworkTransaction::ContentEncodingsValid() const {
1761 HttpResponseHeaders* headers = GetResponseHeaders();
1762 DCHECK(headers);
1763
1764 std::string accept_encoding;
1765 request_headers_.GetHeader(HttpRequestHeaders::kAcceptEncoding,
1766 &accept_encoding);
1767 std::set<std::string> allowed_encodings;
1768 if (!HttpUtil::ParseAcceptEncoding(accept_encoding, &allowed_encodings))
1769 return false;
1770
1771 std::string content_encoding;
1772 headers->GetNormalizedHeader("Content-Encoding", &content_encoding);
1773 std::set<std::string> used_encodings;
1774 if (!HttpUtil::ParseContentEncoding(content_encoding, &used_encodings))
1775 return false;
1776
1777 // When "Accept-Encoding" is not specified, it is parsed as "*".
1778 // If "*" encoding is advertised, then any encoding should be "accepted".
1779 // This does not mean, that it will be successfully decoded.
1780 if (allowed_encodings.find("*") != allowed_encodings.end())
1781 return true;
1782
1783 bool result = true;
1784 for (auto const& encoding : used_encodings) {
1785 SourceStream::SourceType source_type =
1786 FilterSourceStream::ParseEncodingType(encoding);
1787 // We don't reject encodings we are not aware. They just will not decode.
1788 if (source_type == SourceStream::TYPE_UNKNOWN)
1789 continue;
1790 if (allowed_encodings.find(encoding) == allowed_encodings.end()) {
1791 result = false;
1792 break;
1793 }
1794 }
1795
1796 // Temporary workaround for http://crbug.com/714514
1797 if (headers->IsRedirect(nullptr)) {
1798 UMA_HISTOGRAM_BOOLEAN("Net.RedirectWithUnadvertisedContentEncoding",
1799 !result);
1800 return true;
1801 }
1802
1803 return result;
1804 }
1805
1806 } // namespace net
1807