http-2 0.11.0 → 1.0.0

data/lib/http/2/connection.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HTTP2
   # Default connection and stream flow control window (64KB).
   DEFAULT_FLOW_WINDOW = 65_535
@@ -10,31 +12,33 @@ module HTTP2
 
   # Default values for SETTINGS frame, as defined by the spec.
   SPEC_DEFAULT_CONNECTION_SETTINGS = {
-    settings_header_table_size:       4096,
-    settings_enable_push:             1,                     # enabled for servers
-    settings_max_concurrent_streams:  Framer::MAX_STREAM_ID, # unlimited
-    settings_initial_window_size:     65_535,
-    settings_max_frame_size:          16_384,
-    settings_max_header_list_size:    2**31 - 1,             # unlimited
+    settings_header_table_size: 4096,
+    settings_enable_push: 1, # enabled for servers
+    settings_max_concurrent_streams: Framer::MAX_STREAM_ID, # unlimited
+    settings_initial_window_size: 65_535,
+    settings_max_frame_size: 16_384,
+    settings_max_header_list_size: (2 << 30) - 1 # unlimited
   }.freeze
 
   DEFAULT_CONNECTION_SETTINGS = {
-    settings_header_table_size:       4096,
-    settings_enable_push:             1,                     # enabled for servers
-    settings_max_concurrent_streams:  100,
-    settings_initial_window_size:     65_535,
-    settings_max_frame_size:          16_384,
-    settings_max_header_list_size:    2**31 - 1,             # unlimited
+    settings_header_table_size: 4096,
+    settings_enable_push: 1, # enabled for servers
+    settings_max_concurrent_streams: 100,
+    settings_initial_window_size: 65_535,
+    settings_max_frame_size: 16_384,
+    settings_max_header_list_size: (2 << 30) - 1 # unlimited
   }.freeze
 
   # Default stream priority (lower values are higher priority).
-  DEFAULT_WEIGHT    = 16
+  DEFAULT_WEIGHT = 16
 
   # Default connection "fast-fail" preamble string as defined by the spec.
-  CONNECTION_PREFACE_MAGIC = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n".freeze
+  CONNECTION_PREFACE_MAGIC = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
+
+  REQUEST_MANDATORY_HEADERS = %w[:scheme :method :authority :path].freeze
+  RESPONSE_MANDATORY_HEADERS = %w[:status].freeze
 
-  # Time to hold recently closed streams until purge (seconds)
-  RECENTLY_CLOSED_STREAMS_TTL = 15
+  EMPTY = [].freeze
 
   # Connection encapsulates all of the connection, stream, flow-control,
   # error management, and other processing logic required for a well-behaved
@@ -43,24 +47,25 @@ module HTTP2
   # Note that this class should not be used directly. Instead, you want to
   # use either Client or Server class to drive the HTTP 2.0 exchange.
   #
-  # rubocop:disable ClassLength
+  # rubocop:disable Metrics/ClassLength
   class Connection
     include FlowBuffer
     include Emitter
     include Error
 
+    using StringExtensions
+
     # Connection state (:new, :closed).
     attr_reader :state
 
     # Size of current connection flow control window (by default, set to
     # infinity, but is automatically updated on receipt of peer settings).
     attr_reader :local_window
-    attr_reader :remote_window
+    attr_reader :remote_window, :remote_settings
     alias window local_window
 
     # Current settings value for local and peer
     attr_reader :local_settings
-    attr_reader :remote_settings
 
     # Pending settings value
     #  Sent but not ack'ed settings
@@ -68,36 +73,38 @@ module HTTP2
 
     # Number of active streams between client and server (reserved streams
     # are not counted towards the stream limit).
-    attr_reader :active_stream_count
+    attr_accessor :active_stream_count
 
     # Initializes new connection object.
     #
-    def initialize(**settings)
+    def initialize(settings = {})
       @local_settings  = DEFAULT_CONNECTION_SETTINGS.merge(settings)
       @remote_settings = SPEC_DEFAULT_CONNECTION_SETTINGS.dup
 
-      @compressor   = Header::Compressor.new(**settings)
-      @decompressor = Header::Decompressor.new(**settings)
+      @compressor   = Header::Compressor.new(settings)
+      @decompressor = Header::Decompressor.new(settings)
 
       @active_stream_count = 0
+      @last_activated_stream = 0
+      @last_stream_id = 0
       @streams = {}
       @streams_recently_closed = {}
       @pending_settings = []
 
-      @framer = Framer.new
+      @framer = Framer.new(@local_settings[:settings_max_frame_size])
 
       @local_window_limit = @local_settings[:settings_initial_window_size]
       @local_window = @local_window_limit
       @remote_window_limit = @remote_settings[:settings_initial_window_size]
       @remote_window = @remote_window_limit
 
-      @recv_buffer = Buffer.new
-      @send_buffer = []
+      @recv_buffer = "".b
       @continuation = []
       @error = nil
 
       @h2c_upgrade = nil
       @closed_since = nil
+      @received_frame = false
     end
 
     def closed?
@@ -110,10 +117,14 @@ module HTTP2
     # @param window [Integer]
     # @param parent [Stream]
     def new_stream(**args)
-      fail ConnectionClosed if @state == :closed
-      fail StreamLimitExceeded if @active_stream_count >= @remote_settings[:settings_max_concurrent_streams]
+      raise ConnectionClosed if @state == :closed
+      raise StreamLimitExceeded if @active_stream_count >= @remote_settings[:settings_max_concurrent_streams]
+
+      connection_error(:protocol_error, msg: "id is smaller than previous") if @stream_id < @last_activated_stream
 
       stream = activate_stream(id: @stream_id, **args)
+      @last_activated_stream = stream.id
+
       @stream_id += 2
 
       stream
@@ -140,15 +151,15 @@ module HTTP2
     # @param payload [String]
     def goaway(error = :no_error, payload = nil)
       last_stream = if (max = @streams.max)
-        max.first
-      else
-        0
-      end
+                      max.first
+                    else
+                      0
+                    end
 
       send(type: :goaway, last_stream: last_stream,
            error: error, payload: payload)
       @state = :closed
-      @closed_since = Time.now
+      @closed_since = Process.clock_gettime(Process::CLOCK_MONOTONIC)
     end
 
     # Sends a WINDOW_UPDATE frame to the peer.
@@ -165,7 +176,7 @@ module HTTP2
     # @param settings [Array or Hash]
     def settings(payload)
       payload = payload.to_a
-      connection_error if validate_settings(@local_role, payload)
+      validate_settings(@local_role, payload)
       @pending_settings << payload
       send(type: :settings, stream: 0, payload: payload)
       @pending_settings << payload
@@ -188,33 +199,56 @@ module HTTP2
       # SETTINGS frame. Server connection header is SETTINGS frame only.
       if @state == :waiting_magic
         if @recv_buffer.size < 24
-          if !CONNECTION_PREFACE_MAGIC.start_with? @recv_buffer
-            fail HandshakeError
-          else
-            return # maybe next time
-          end
+          raise HandshakeError unless CONNECTION_PREFACE_MAGIC.start_with? @recv_buffer
+
+          return # maybe next time
         elsif @recv_buffer.read(24) == CONNECTION_PREFACE_MAGIC
           # MAGIC is OK.  Send our settings
           @state = :waiting_connection_preface
           payload = @local_settings.reject { |k, v| v == SPEC_DEFAULT_CONNECTION_SETTINGS[k] }
           settings(payload)
         else
-          fail HandshakeError
+          raise HandshakeError
         end
       end
 
       while (frame = @framer.parse(@recv_buffer))
+        if is_a?(Client) && !@received_frame
+          connection_error(:protocol_error, msg: "didn't receive settings") if frame[:type] != :settings
+          @received_frame = true
+        end
+
+        # Implementations MUST discard frames
+        # that have unknown or unsupported types.
+        if frame[:type].nil?
+          # However, extension frames that appear in
+          # the middle of a header block (Section 4.3) are not permitted; these
+          # MUST be treated as a connection error (Section 5.4.1) of type
+          # PROTOCOL_ERROR.
+          connection_error(:protocol_error) unless @continuation.empty?
+          next
+        end
+
         emit(:frame_received, frame)
 
         # Header blocks MUST be transmitted as a contiguous sequence of frames
         # with no interleaved frames of any other type, or from any other stream.
         unless @continuation.empty?
-          unless frame[:type] == :continuation && frame[:stream] == @continuation.first[:stream]
-            connection_error
-          end
+          connection_error unless frame[:type] == :continuation && frame[:stream] == @continuation.first[:stream]
 
           @continuation << frame
-          return unless frame[:flags].include? :end_headers
+          unless frame[:flags].include? :end_headers
+            buffered_payload = @continuation.sum { |f| f[:payload].bytesize }
+            # prevent HTTP/2 CONTINUATION FLOOD
+            # same heuristic as the one from HAProxy: https://www.haproxy.com/blog/haproxy-is-resilient-to-the-http-2-continuation-flood
+            # different mitigation (connection closed, instead of 400 response)
+            unless buffered_payload < @local_settings[:settings_max_frame_size]
+              connection_error(:protocol_error,
+                               msg: "too many continuations received")
+            end
+
+            next
+          end
 
           payload = @continuation.map { |f| f[:payload] }.join
 
@@ -222,7 +256,7 @@ module HTTP2
           @continuation.clear
 
           frame.delete(:length)
-          frame[:payload] = Buffer.new(payload)
+          frame[:payload] = payload
           frame[:flags] << :end_headers
         end
 
@@ -232,19 +266,20 @@ module HTTP2
         # anything other than 0x0, the endpoint MUST respond with a connection
         # error (Section 5.4.1) of type PROTOCOL_ERROR.
         if connection_frame?(frame)
+          connection_error(:protocol_error) unless frame[:stream].zero?
           connection_management(frame)
         else
           case frame[:type]
           when :headers
             # When server receives even-numbered stream identifier,
             # the endpoint MUST respond with a connection error of type PROTOCOL_ERROR.
-            connection_error if frame[:stream].even? && self.is_a?(Server)
+            connection_error if frame[:stream].even? && is_a?(Server)
 
             # The last frame in a sequence of HEADERS/CONTINUATION
             # frames MUST have the END_HEADERS flag set.
             unless frame[:flags].include? :end_headers
               @continuation << frame
-              return
+              next
             end
 
             # After sending a GOAWAY frame, the sender can discard frames
@@ -257,12 +292,15 @@ module HTTP2
 
             stream = @streams[frame[:stream]]
             if stream.nil?
+              verify_pseudo_headers(frame)
+
               stream = activate_stream(
-                id:         frame[:stream],
-                weight:     frame[:weight] || DEFAULT_WEIGHT,
+                id: frame[:stream],
+                weight: frame[:weight] || DEFAULT_WEIGHT,
                 dependency: frame[:dependency] || 0,
-                exclusive:  frame[:exclusive] || false,
+                exclusive: frame[:exclusive] || false
               )
+              verify_stream_order(stream.id)
               emit(:stream, stream)
             end
 
@@ -298,7 +336,7 @@ module HTTP2
               return
             end
 
-            connection_error(msg: 'missing parent ID') if parent.nil?
+            connection_error(msg: "missing parent ID") if parent.nil?
 
             unless parent.state == :open || parent.state == :half_closed_local
               # An endpoint might receive a PUSH_PROMISE frame after it sends
@@ -315,7 +353,9 @@ module HTTP2
               end
             end
 
+            _verify_pseudo_headers(frame, REQUEST_MANDATORY_HEADERS)
             stream = activate_stream(id: pid, parent: parent)
+            verify_stream_order(stream.id)
             emit(:promise, stream)
             stream << frame
           else
@@ -333,10 +373,10 @@ module HTTP2
               # unused or closed parent stream.
               when :priority
                 stream = activate_stream(
-                  id:         frame[:stream],
-                  weight:     frame[:weight] || DEFAULT_WEIGHT,
+                  id: frame[:stream],
+                  weight: frame[:weight] || DEFAULT_WEIGHT,
                   dependency: frame[:dependency] || 0,
-                  exclusive:  frame[:exclusive] || false,
+                  exclusive: frame[:exclusive] || false
                 )
 
                 emit(:stream, stream)
@@ -348,24 +388,26 @@ module HTTP2
               # "closed" stream. A receiver MUST NOT treat this as an error
               # (see Section 5.1).
               when :window_update
-                process_window_update(frame)
+                stream = @streams_recently_closed[frame[:stream]]
+                connection_error(:protocol_error, msg: "sent window update on idle stream") unless stream
+                process_window_update(frame: frame, encode: true)
               else
                 # An endpoint that receives an unexpected stream identifier
                 # MUST respond with a connection error of type PROTOCOL_ERROR.
-                connection_error
+                connection_error(msg: "stream does not exist")
               end
             end
           end
         end
       end
-
     rescue StandardError => e
       raise if e.is_a?(Error::Error)
+
       connection_error(e: e)
     end
 
-    def <<(*args)
-      receive(*args)
+    def <<(data)
+      receive(data)
     end
 
     private
@@ -381,17 +423,16 @@ module HTTP2
       if frame[:type] == :data
         send_data(frame, true)
 
-      else
+      elsif frame[:type] == :rst_stream && frame[:error] == :protocol_error
         # An endpoint can end a connection at any time. In particular, an
         # endpoint MAY choose to treat a stream error as a connection error.
-        if frame[:type] == :rst_stream && frame[:error] == :protocol_error
-          goaway(frame[:error])
-        else
-          # HEADERS and PUSH_PROMISE may generate CONTINUATION. Also send
-          # RST_STREAM that are not protocol errors
-          frames = encode(frame)
-          frames.each { |f| emit(:frame, f) }
-        end
+
+        goaway(frame[:error])
+      else
+        # HEADERS and PUSH_PROMISE may generate CONTINUATION. Also send
+        # RST_STREAM that are not protocol errors
+        frames = encode(frame)
+        frames.each { |f| emit(:frame, f) }
       end
     end
 
@@ -401,10 +442,10 @@ module HTTP2
     # @return [Array of Buffer] encoded frame
     def encode(frame)
       frames = if frame[:type] == :headers || frame[:type] == :push_promise
-        encode_headers(frame) # HEADERS and PUSH_PROMISE may create more than one frame
-      else
-        [frame]               # otherwise one frame
-      end
+                 encode_headers(frame) # HEADERS and PUSH_PROMISE may create more than one frame
+               else
+                 [frame] # otherwise one frame
+               end
 
       frames.map { |f| @framer.generate(f) }
     end
@@ -440,28 +481,26 @@ module HTTP2
         when :settings
           connection_settings(frame)
         when :window_update
-          @remote_window += frame[:increment]
-          send_data(nil, true)
+          process_window_update(frame: frame, encode: true)
         when :ping
-          if frame[:flags].include? :ack
-            emit(:ack, frame[:payload])
-          else
-            send(type: :ping, stream: 0,
-                 flags: [:ack], payload: frame[:payload])
-          end
+          ping_management(frame)
         when :goaway
           # Receivers of a GOAWAY frame MUST NOT open additional streams on
           # the connection, although a new connection can be established
           # for new streams.
           @state = :closed
-          @closed_since = Time.now
+          @closed_since = Process.clock_gettime(Process::CLOCK_MONOTONIC)
           emit(:goaway, frame[:last_stream], frame[:error], frame[:payload])
         when :altsvc
           # 4.  The ALTSVC HTTP/2 Frame
           # An ALTSVC frame on stream 0 with empty (length 0) "Origin"
           # information is invalid and MUST be ignored.
-          if frame[:origin] && !frame[:origin].empty?
-            emit(frame[:type], frame)
+          emit(frame[:type], frame) if frame[:origin] && !frame[:origin].empty?
+        when :origin
+          return if @h2c_upgrade || !frame[:flags].empty?
+
+          frame[:payload].each do |origin|
+            emit(frame[:type], origin)
           end
         when :blocked
           emit(frame[:type], frame)
@@ -469,12 +508,28 @@ module HTTP2
           connection_error
         end
       when :closed
-        connection_error if (Time.now - @closed_since) > 15
+        case frame[:type]
+        when :goaway
+          connection_error
+        when :ping
+          ping_management(frame)
+        else
+          connection_error if (Process.clock_gettime(Process::CLOCK_MONOTONIC) - @closed_since) > 15
+        end
       else
         connection_error
       end
     end
 
+    def ping_management(frame)
+      if frame[:flags].include? :ack
+        emit(:ack, frame[:payload])
+      else
+        send(type: :ping, stream: 0,
+             flags: [:ack], payload: frame[:payload])
+      end
+    end
+
     # Validate settings parameters.  See sepc Section 6.5.2.
     #
     # @param role [Symbol] The sender's role: :client or :server
@@ -482,8 +537,6 @@ module HTTP2
     def validate_settings(role, settings)
       settings.each do |key, v|
         case key
-        when :settings_header_table_size
-          # Any value is valid
         when :settings_enable_push
           case role
           when :server
@@ -491,38 +544,41 @@ module HTTP2
             # Clients MUST reject any attempt to change the
             # SETTINGS_ENABLE_PUSH setting to a value other than 0 by treating the
             # message as a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
-            return ProtocolError.new("invalid #{key} value") unless v.zero?
+            next if v.zero?
+
+            connection_error(:protocol_error, msg: "invalid #{key} value")
           when :client
             # Any value other than 0 or 1 MUST be treated as a
             # connection error (Section 5.4.1) of type PROTOCOL_ERROR.
-            unless v.zero? || v == 1
-              return ProtocolError.new("invalid #{key} value")
-            end
+            next if v.zero? || v == 1
+
+            connection_error(:protocol_error, msg: "invalid #{key} value")
           end
-        when :settings_max_concurrent_streams
-          # Any value is valid
         when :settings_initial_window_size
           # Values above the maximum flow control window size of 2^31-1 MUST
           # be treated as a connection error (Section 5.4.1) of type
           # FLOW_CONTROL_ERROR.
-          unless v <= 0x7fffffff
-            return FlowControlError.new("invalid #{key} value")
-          end
+          next if v <= 0x7fffffff
+
+          connection_error(:flow_control_error, msg: "invalid #{key} value")
         when :settings_max_frame_size
           # The initial value is 2^14 (16,384) octets.  The value advertised
           # by an endpoint MUST be between this initial value and the maximum
           # allowed frame size (2^24-1 or 16,777,215 octets), inclusive.
           # Values outside this range MUST be treated as a connection error
           # (Section 5.4.1) of type PROTOCOL_ERROR.
-          unless v >= 16_384 && v <= 16_777_215
-            return ProtocolError.new("invalid #{key} value")
-          end
-        when :settings_max_header_list_size
+          next if v >= 16_384 && v <= 16_777_215
+
+          connection_error(:protocol_error, msg: "invalid #{key} value")
+          # when :settings_max_concurrent_streams
+          # Any value is valid
+          # when :settings_header_table_size
+          # Any value is valid
+          # when :settings_max_header_list_size
           # Any value is valid
           # else # ignore unknown settings
         end
       end
-      nil
     end
 
     # Update connection settings based on parameters set by the peer.
@@ -536,12 +592,12 @@ module HTTP2
       #   local: previously sent and pended our settings should be effective
       #   remote: just received peer settings should immediately be effective
       settings, side = if frame[:flags].include?(:ack)
-        # Process pending settings we have sent.
-        [@pending_settings.shift, :local]
-      else
-        connection_error if validate_settings(@remote_role, frame[:payload])
-        [frame[:payload], :remote]
-      end
+                         # Process pending settings we have sent.
+                         [@pending_settings.shift, :local]
+                       else
+                         validate_settings(@remote_role, frame[:payload])
+                         [frame[:payload], :remote]
+                       end
 
       settings.each do |key, v|
         case side
@@ -565,14 +621,17 @@ module HTTP2
           case side
           when :local
             @local_window = @local_window - @local_window_limit + v
-            @streams.each do |_id, stream|
+            @streams.each_value do |stream|
               stream.emit(:local_window, stream.local_window - @local_window_limit + v)
             end
 
             @local_window_limit = v
           when :remote
-            @remote_window = @remote_window - @remote_window_limit + v
-            @streams.each do |_id, stream|
+            # can adjust the initial window size for new streams by including a
+            # value for SETTINGS_INITIAL_WINDOW_SIZE in the SETTINGS frame.
+            # The connection flow-control window can only be changed using
+            # WINDOW_UPDATE frames.
+            @streams.each_value do |stream|
               # Event name is :window, not :remote_window
               stream.emit(:window, stream.remote_window - @remote_window_limit + v)
             end
@@ -593,8 +652,7 @@ module HTTP2
           # nothing to do
 
         when :settings_max_frame_size
-          # update framer max_frame_size
-          @framer.max_frame_size = v
+          @framer.remote_max_frame_size = v
 
           # else # ignore unknown settings
         end
@@ -608,6 +666,9 @@ module HTTP2
         unless @state == :closed || @h2c_upgrade == :start
           # Send ack to peer
           send(type: :settings, stream: 0, payload: [], flags: [:ack])
+          # when initial window size changes, we try to flush any buffered
+          # data.
+          @streams.each_value(&:flush)
         end
       end
     end
@@ -621,10 +682,7 @@ module HTTP2
     #
     # @param frame [Hash]
     def decode_headers(frame)
-      if frame[:payload].is_a? Buffer
-        frame[:payload] = @decompressor.decode(frame[:payload])
-      end
-
+      frame[:payload] = @decompressor.decode(frame[:payload], frame) if frame[:payload].is_a?(String)
     rescue CompressionError => e
       connection_error(:compression_error, e: e)
     rescue ProtocolError => e
@@ -639,30 +697,36 @@ module HTTP2
     # @return [Array of Frame]
     def encode_headers(frame)
       payload = frame[:payload]
-      payload = @compressor.encode(payload) unless payload.is_a? Buffer
+      begin
+        payload = frame[:payload] = @compressor.encode(payload) unless payload.is_a?(String)
+      rescue StandardError => e
+        connection_error(:compression_error, e: e)
+      end
+
+      # if single frame, return immediately
+      return [frame] if payload.bytesize <= @remote_settings[:settings_max_frame_size]
 
       frames = []
 
-      while payload.bytesize > 0
+      until payload.nil? || payload.empty?
         cont = frame.dup
-        cont[:type] = :continuation
-        cont[:flags] = []
-        cont[:payload] = payload.slice!(0, @remote_settings[:settings_max_frame_size])
+
+        # first frame remains HEADERS
+        unless frames.empty?
+          cont[:type] = :continuation
+          cont[:flags] = EMPTY
+        end
+
+        cont[:payload] = payload.byteslice(0, @remote_settings[:settings_max_frame_size])
+        payload = payload.byteslice(@remote_settings[:settings_max_frame_size]..-1)
+
         frames << cont
       end
-      if frames.empty?
-        frames = [frame]
-      else
-        frames.first[:type]  = frame[:type]
-        frames.first[:flags] = frame[:flags] - [:end_headers]
-        frames.last[:flags] << :end_headers
-      end
 
-      frames
+      frames.first[:flags].delete(:end_headers)
+      frames.last[:flags] = [:end_headers]
 
-    rescue StandardError => e
-      connection_error(:compression_error, e: e)
-      nil
+      frames
     end
 
     # Activates new incoming or outgoing stream and registers appropriate
@@ -672,46 +736,54 @@ module HTTP2
     # @param priority [Integer]
     # @param window [Integer]
     # @param parent [Stream]
-    def activate_stream(id: nil, **args)
-      connection_error(msg: 'Stream ID already exists') if @streams.key?(id)
+    def activate_stream(id:, **args)
+      connection_error(msg: "Stream ID already exists") if @streams.key?(id)
 
-      stream = Stream.new(**{ connection: self, id: id }.merge(args))
+      raise StreamLimitExceeded if @active_stream_count >= @local_settings[:settings_max_concurrent_streams]
 
-      # Streams that are in the "open" state, or either of the "half closed"
-      # states count toward the maximum number of streams that an endpoint is
-      # permitted to open.
-      stream.once(:active) { @active_stream_count += 1 }
-      stream.once(:close) do
-        @active_stream_count -= 1
+      stream = Stream.new(connection: self, id: id, **args)
 
+      stream.once(:close) do
         # Store a reference to the closed stream, such that we can respond
         # to any in-flight frames while close is registered on both sides.
         # References to such streams will be purged whenever another stream
-        # is closed, with a defined RTT time window.
-        @streams_recently_closed[id] = Time.now.to_i
-        cleanup_recently_closed
+        # is closed, with a minimum of 15s RTT time window.
+        now = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+
+        # TODO: use a drop_while! variant whenever there is one.
+        @streams_recently_closed = @streams_recently_closed.drop_while do |_, v|
+          (now - v) > 15
+        end.to_h
+
+        @streams_recently_closed[id] = Process.clock_gettime(Process::CLOCK_MONOTONIC)
       end
 
-      stream.on(:promise, &method(:promise)) if self.is_a? Server
+      stream.on(:promise, &method(:promise)) if is_a? Server
       stream.on(:frame,   &method(:send))
 
       @streams[id] = stream
     end
 
-    # Purge recently streams closed within defined RTT time window.
-    def cleanup_recently_closed
-      now_ts = Time.now.to_i
-      to_delete = []
-      @streams_recently_closed.each do |stream_id, ts|
-        # Ruby Hash enumeration is ordered, so once fresh stream is met we can stop searching.
-        break if now_ts - ts < RECENTLY_CLOSED_STREAMS_TTL
-        to_delete << stream_id
-      end
+    def verify_stream_order(id)
+      return unless id.odd?
 
-      to_delete.each do |stream_id|
-        @streams.delete stream_id
-        @streams_recently_closed.delete stream_id
-      end
+      connection_error(msg: "Stream ID smaller than previous") if @last_stream_id > id
+      @last_stream_id = id
+    end
+
+    def _verify_pseudo_headers(frame, mandatory_headers)
+      headers = frame[:payload]
+      return if headers.is_a?(String)
+
+      pseudo_headers = headers.take_while do |field, value|
+        # use this loop to validate pseudo-headers
+        connection_error(:protocol_error, msg: "path is empty") if field == ":path" && value.empty?
+        field.start_with?(":")
+      end.map(&:first)
+      return if mandatory_headers.size == pseudo_headers.size &&
+                (mandatory_headers - pseudo_headers).empty?
+
+      connection_error(:protocol_error, msg: "invalid pseudo-headers")
     end
 
     # Emit GOAWAY error indicating to peer that the connection is being
@@ -728,11 +800,11 @@ module HTTP2
     def connection_error(error = :protocol_error, msg: nil, e: nil)
       goaway(error) unless @state == :closed || @state == :new
 
-      @state, @error = :closed, error
-      klass = error.to_s.split('_').map(&:capitalize).join
-      msg ||= e && e.message
-      backtrace = (e && e.backtrace) || []
-      fail Error.const_get(klass), msg, backtrace
+      @state = :closed
+      @error = error
+      msg ||= e ? e.message : "protocol error"
+      backtrace = e ? e.backtrace : nil
+      raise Error.types[error], msg, backtrace
     end
     alias error connection_error
 
@@ -740,5 +812,5 @@ module HTTP2
       yield
     end
   end
-  # rubocop:enable ClassLength
+  # rubocop:enable Metrics/ClassLength
 end