Google Git
Sign in
chromium / chromium / src / ae2cbb8c8e36ae7f899b115516787ebe96b823d9
commitae2cbb8c8e36ae7f899b115516787ebe96b823d9[log] [tgz]
authorMatt Menke <mmenke@chromium.org>Thu Feb 21 20:20:13 2019
committerCommit Bot <commit-bot@chromium.org>Thu Feb 21 20:20:13 2019
treee09204ca72428943fd9f1abc362ba879eb096b67
parent5a5345343496264bd5d1faf6cc4422dcb56f7643 [diff]
Socket Pools Refactor 26: Rework QUIC and HTTP2 proxy auth.

The way HTTP proxy auth works with tunnels is that we see an auth
challenge, we return the proxy socket to the consumer (bypassing the
SSL layer that would be layered on top of it), telling it of the auth
challenge.  It then provides credentials and calls restart with auth,
while holding onto the socket. We then drain the response body of the
original auth challenge, and if we can reuse the socket, we send the
request again, with the new credentials. If we see another auth
challege, we call back into the consumer (Which still owns the
ProxyClientSocketWrapper), and it can provide more credentials. We
repeat this until the user decides to proceed with no crentials, the
server accepts the credentials, or there's a network error. If
the server accepted the credentials, we have a useable socket, which
we then toss back into the HTTP proxy socket pool, and then we
request an SSL socket from the pool above that, so it can create an
SSL socket layered on top of the proxy socket we just made.

The way QUIC and HTTP2 cases work is different. As above, we pass
the ProxyClientSocketWrapper up to the consumer, which provides
credentials. However, when it tells the wrapper to restart with auth,
the ProxyClientSocket closes the socket, and then claims auth succeeded.
At that point, we return the socket to HTTP proxy socket pool, which
notices the socket was closed, and destroys it. This effectively closes
the stream layered on top of the H2/QUIC session, though the session
itself remains in the session pool. Then the consumer, unaware of these
shenanigans, requests a new SSL socket, which then results in requesting
a new ProxyClientSocketWrapper (Since the old one was destroyed). When
connecting, it will create a new stream on the same session as before
(taken from the session pool), and preemptively sends the auth
credentials provided earlier using a new stream. If another auth
challenge is seen, this process repeats, again creating a new
ProxyClientSocketWrapper.

As part of flattening the socket pools, we'll always end up reusing a
ProxyClientSocketWrapper for challenges. This CL modifies the QUIC and
HTTP2 paths to more closely match the HTTP path. They will still make
new streams for each new set of auth credentials, but all auth attempts
will use the same ProxyClientSocketWrapper.

Bug: 472729
Change-Id: I96791754480456908dda4595f9dc201fdbc41f13
Reviewed-on: https://chromium-review.googlesource.com/c/1481060
Commit-Queue: Matt Menke <mmenke@chromium.org>
Reviewed-by: Asanka Herath <asanka@chromium.org>
Reviewed-by: Ryan Hamilton <rch@chromium.org>
Cr-Commit-Position: refs/heads/master@{#634322}
3 files changed
tree: e09204ca72428943fd9f1abc362ba879eb096b67
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. .clang-format
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .vpython
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. ENG_REVIEW_OWNERS
  65. LICENSE
  66. LICENSE.chromium_os
  67. OWNERS
  68. PRESUBMIT.py
  69. PRESUBMIT_test.py
  70. PRESUBMIT_test_mocks.py
  71. README.md
  72. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .