Implement 'preconnect-https' and 'preconnect-http' for H2

QNetworkAccessManager::connectToHostEncrypted()/connectToHost()
creates 'fake' requests with pseudo-schemes 'preconnect-https'/
'preconnect-http'. QHttp2ProtocolHandler should handle this
requests in a special way - reporting them immediately as
finished (so that QNAM emits finished as it does in case of
HTTP/1.1) and not trying to send anything.
We also have to properly cache the connection - 'https' or
'http' scheme is too generic - it allows (unfortunately)
mixing H2/HTTP/1.1 in a single connection in case an attribute
was missing on a request, which is wrong.
h2c is more complicated, since it needs a real request
to negotiate the protocol switch to H2, with the current
QNetworkHttpConnection(Channel)'s design it's not possible
without large changes (aka regressions and new bugs introduced).

Auto-test extended.

Fixes: QTBUG-77082
Change-Id: I03467673a620c89784c2d36521020dc9d08aced7
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

3 files changed, 52 insertions, 18 deletions

diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
index 87a70d8a55..5d7fc7506e 100644
--- a/src/network/access/qhttp2protocolhandler.cpp
+++ b/src/network/access/qhttp2protocolhandler.cpp
@@ -170,7 +170,6 @@ QHttp2ProtocolHandler::QHttp2ProtocolHandler(QHttpNetworkConnectionChannel *chan
       encoder(HPack::FieldLookupTable::DefaultSize, true)
 {
     Q_ASSERT(channel && m_connection);
-
     continuedFrames.reserve(20);
 
     const ProtocolParameters params(m_connection->http2Parameters());
@@ -322,10 +321,32 @@ bool QHttp2ProtocolHandler::sendRequest()
         return false;
     }
 
+    // Process 'fake' (created by QNetworkAccessManager::connectToHostEncrypted())
+    // requests first:
+    auto &requests = m_channel->spdyRequestsToSend;
+    for (auto it = requests.begin(), endIt = requests.end(); it != endIt;) {
+        const auto &pair = *it;
+        const QString scheme(pair.first.url().scheme());
+        if (scheme == QLatin1String("preconnect-http")
+            || scheme == QLatin1String("preconnect-https")) {
+            m_connection->preConnectFinished();
+            emit pair.second->finished();
+            it = requests.erase(it);
+            if (!requests.size()) {
+                // Normally, after a connection was established and H2
+                // was negotiated, we send a client preface. connectToHostEncrypted
+                // though is not meant to send any data, it's just a 'preconnect'.
+                // Thus we return early:
+                return true;
+            }
+        } else {
+            ++it;
+        }
+    }
+
     if (!prefaceSent && !sendClientPreface())
         return false;
 
-    auto &requests = m_channel->spdyRequestsToSend;
     if (!requests.size())
         return true;
 
diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp
index 0e97acdd9d..86ee6fd2eb 100644
--- a/src/network/access/qhttpthreaddelegate.cpp
+++ b/src/network/access/qhttpthreaddelegate.cpp
@@ -128,7 +128,8 @@ static QByteArray makeCacheKey(QUrl &url, QNetworkProxy *proxy)
     QString result;
     QUrl copy = url;
     QString scheme = copy.scheme();
-    bool isEncrypted = scheme == QLatin1String("https");
+    bool isEncrypted = scheme == QLatin1String("https")
+                       || scheme == QLatin1String("preconnect-https");
     copy.setPort(copy.port(isEncrypted ? 443 : 80));
     if (scheme == QLatin1String("preconnect-http")) {
         copy.setScheme(QLatin1String("http"));
@@ -295,17 +296,29 @@ void QHttpThreadDelegate::startRequest()
         connectionType = QHttpNetworkConnection::ConnectionTypeHTTP2Direct;
     }
 
+    const bool isH2 = httpRequest.isHTTP2Allowed() || httpRequest.isHTTP2Direct();
+    if (isH2) {
+#if QT_CONFIG(ssl)
+        if (ssl) {
+            if (!httpRequest.isHTTP2Direct()) {
+                QList<QByteArray> protocols;
+                protocols << QSslConfiguration::ALPNProtocolHTTP2
+                          << QSslConfiguration::NextProtocolHttp1_1;
+                incomingSslConfiguration->setAllowedNextProtocols(protocols);
+            }
+            urlCopy.setScheme(QStringLiteral("h2s"));
+        } else
+#endif // QT_CONFIG(ssl)
+        {
+            urlCopy.setScheme(QStringLiteral("h2"));
+        }
+    }
+
 #ifndef QT_NO_SSL
     if (ssl && !incomingSslConfiguration.data())
         incomingSslConfiguration.reset(new QSslConfiguration);
 
-    if (httpRequest.isHTTP2Allowed() && ssl) {
-        // With HTTP2Direct we do not try any protocol negotiation.
-        QList<QByteArray> protocols;
-        protocols << QSslConfiguration::ALPNProtocolHTTP2
-                  << QSslConfiguration::NextProtocolHttp1_1;
-        incomingSslConfiguration->setAllowedNextProtocols(protocols);
-    } else if (httpRequest.isSPDYAllowed() && ssl) {
+    if (!isH2 && httpRequest.isSPDYAllowed() && ssl) {
         connectionType = QHttpNetworkConnection::ConnectionTypeSPDY;
         urlCopy.setScheme(QStringLiteral("spdy")); // to differentiate SPDY requests from HTTPS requests
         QList<QByteArray> nextProtocols;
@@ -322,12 +335,11 @@ void QHttpThreadDelegate::startRequest()
         cacheKey = makeCacheKey(urlCopy, &cacheProxy);
     else
 #endif
-        cacheKey = makeCacheKey(urlCopy, 0);
-
+        cacheKey = makeCacheKey(urlCopy, nullptr);
 
     // the http object is actually a QHttpNetworkConnection
     httpConnection = static_cast<QNetworkAccessCachedHttpConnection *>(connections.localData()->requestEntryNow(cacheKey));
-    if (httpConnection == 0) {
+    if (!httpConnection) {
         // no entry in cache; create an object
         // the http object is actually a QHttpNetworkConnection
 #ifdef QT_NO_BEARERMANAGEMENT
@@ -357,7 +369,7 @@ void QHttpThreadDelegate::startRequest()
         connections.localData()->addEntry(cacheKey, httpConnection);
     } else {
         if (httpRequest.withCredentials()) {
-            QNetworkAuthenticationCredential credential = authenticationManager->fetchCachedCredentials(httpRequest.url(), 0);
+            QNetworkAuthenticationCredential credential = authenticationManager->fetchCachedCredentials(httpRequest.url(), nullptr);
             if (!credential.user.isEmpty() && !credential.password.isEmpty()) {
                 QAuthenticator auth;
                 auth.setUser(credential.user);
diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp
index 85e2c492e4..31b1dbf2a5 100644
--- a/src/network/access/qnetworkaccessmanager.cpp
+++ b/src/network/access/qnetworkaccessmanager.cpp
@@ -1192,10 +1192,11 @@ void QNetworkAccessManager::connectToHostEncrypted(const QString &hostName, quin
     if (sslConfiguration != QSslConfiguration::defaultConfiguration())
         request.setSslConfiguration(sslConfiguration);
 
-    // There is no way to enable SPDY via a request, so we need to check
-    // the ssl configuration whether SPDY is allowed here.
-    if (sslConfiguration.allowedNextProtocols().contains(
-                QSslConfiguration::NextProtocolSpdy3_0))
+    // There is no way to enable SPDY/HTTP2 via a request, so we need to check
+    // the ssl configuration whether SPDY/HTTP2 is allowed here.
+    if (sslConfiguration.allowedNextProtocols().contains(QSslConfiguration::ALPNProtocolHTTP2))
+        request.setAttribute(QNetworkRequest::HTTP2AllowedAttribute, true);
+    else if (sslConfiguration.allowedNextProtocols().contains(QSslConfiguration::NextProtocolSpdy3_0))
         request.setAttribute(QNetworkRequest::SpdyAllowedAttribute, true);
 
     get(request);