Chromium Code Reviews Chromium Code Reviews
Issue 1074193003:
Verify alternative server certificate validity for origin. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <math.h> // ceil | 7 #include <math.h> // ceil |
| 8 #include <stdarg.h> | 8 #include <stdarg.h> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
| 13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
| 14 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
| 15 #include "base/files/file_util.h" | 15 #include "base/files/file_util.h" |
| 16 #include "base/json/json_writer.h" | 16 #include "base/json/json_writer.h" |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "base/memory/scoped_ptr.h" | 18 #include "base/memory/scoped_ptr.h" |
| 19 #include "base/memory/weak_ptr.h" | 19 #include "base/memory/weak_ptr.h" |
| 20 #include "base/run_loop.h" | 20 #include "base/run_loop.h" |
| 21 #include "base/stl_util.h" | |
| 21 #include "base/strings/string_util.h" | 22 #include "base/strings/string_util.h" |
| 22 #include "base/strings/utf_string_conversions.h" | 23 #include "base/strings/utf_string_conversions.h" |
| 23 #include "base/test/test_file_util.h" | 24 #include "base/test/test_file_util.h" |
| 24 #include "net/base/auth.h" | 25 #include "net/base/auth.h" |
| 25 #include "net/base/chunked_upload_data_stream.h" | 26 #include "net/base/chunked_upload_data_stream.h" |
| 26 #include "net/base/completion_callback.h" | 27 #include "net/base/completion_callback.h" |
| 27 #include "net/base/elements_upload_data_stream.h" | 28 #include "net/base/elements_upload_data_stream.h" |
| 28 #include "net/base/load_timing_info.h" | 29 #include "net/base/load_timing_info.h" |
| 29 #include "net/base/load_timing_info_test_util.h" | 30 #include "net/base/load_timing_info_test_util.h" |
| 30 #include "net/base/net_errors.h" | 31 #include "net/base/net_errors.h" |
| 31 #include "net/base/request_priority.h" | 32 #include "net/base/request_priority.h" |
| 32 #include "net/base/test_completion_callback.h" | 33 #include "net/base/test_completion_callback.h" |
| 33 #include "net/base/test_data_directory.h" | |
| 34 #include "net/base/upload_bytes_element_reader.h" | 34 #include "net/base/upload_bytes_element_reader.h" |
| 35 #include "net/base/upload_file_element_reader.h" | 35 #include "net/base/upload_file_element_reader.h" |
| 36 #include "net/cert/mock_cert_verifier.h" | 36 #include "net/cert/mock_cert_verifier.h" |
| 37 #include "net/dns/host_cache.h" | 37 #include "net/dns/host_cache.h" |
| 38 #include "net/dns/mock_host_resolver.h" | 38 #include "net/dns/mock_host_resolver.h" |
| 39 #include "net/http/http_auth_challenge_tokenizer.h" | 39 #include "net/http/http_auth_challenge_tokenizer.h" |
| 40 #include "net/http/http_auth_handler_digest.h" | 40 #include "net/http/http_auth_handler_digest.h" |
| 41 #include "net/http/http_auth_handler_mock.h" | 41 #include "net/http/http_auth_handler_mock.h" |
| 42 #include "net/http/http_auth_handler_ntlm.h" | 42 #include "net/http/http_auth_handler_ntlm.h" |
| 43 #include "net/http/http_basic_state.h" | 43 #include "net/http/http_basic_state.h" |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 65 #include "net/socket/socket_test_util.h" | 65 #include "net/socket/socket_test_util.h" |
| 66 #include "net/socket/ssl_client_socket.h" | 66 #include "net/socket/ssl_client_socket.h" |
| 67 #include "net/spdy/spdy_framer.h" | 67 #include "net/spdy/spdy_framer.h" |
| 68 #include "net/spdy/spdy_session.h" | 68 #include "net/spdy/spdy_session.h" |
| 69 #include "net/spdy/spdy_session_pool.h" | 69 #include "net/spdy/spdy_session_pool.h" |
| 70 #include "net/spdy/spdy_test_util_common.h" | 70 #include "net/spdy/spdy_test_util_common.h" |
| 71 #include "net/ssl/ssl_cert_request_info.h" | 71 #include "net/ssl/ssl_cert_request_info.h" |
| 72 #include "net/ssl/ssl_config_service.h" | 72 #include "net/ssl/ssl_config_service.h" |
| 73 #include "net/ssl/ssl_config_service_defaults.h" | 73 #include "net/ssl/ssl_config_service_defaults.h" |
| 74 #include "net/ssl/ssl_info.h" | 74 #include "net/ssl/ssl_info.h" |
| 75 #include "net/test/cert_test_util.h" | |
| 76 #include "net/websockets/websocket_handshake_stream_base.h" | 75 #include "net/websockets/websocket_handshake_stream_base.h" |
| 77 #include "testing/gtest/include/gtest/gtest.h" | 76 #include "testing/gtest/include/gtest/gtest.h" |
| 78 #include "testing/platform_test.h" | 77 #include "testing/platform_test.h" |
| 79 #include "url/gurl.h" | 78 #include "url/gurl.h" |
| 80 | 79 |
| 81 using base::ASCIIToUTF16; | 80 using base::ASCIIToUTF16; |
| 82 | 81 |
| 83 //----------------------------------------------------------------------------- | 82 //----------------------------------------------------------------------------- |
| 84 | 83 |
| 85 namespace { | 84 namespace { |
| (...skipping 9121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 9207 MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ), | 9206 MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ), |
| 9208 MockRead(ASYNC, OK) | 9207 MockRead(ASYNC, OK) |
| 9209 }; | 9208 }; |
| 9210 | 9209 |
| 9211 StaticSocketDataProvider first_transaction( | 9210 StaticSocketDataProvider first_transaction( |
| 9212 data_reads, arraysize(data_reads), NULL, 0); | 9211 data_reads, arraysize(data_reads), NULL, 0); |
| 9213 session_deps_.socket_factory->AddSocketDataProvider(&first_transaction); | 9212 session_deps_.socket_factory->AddSocketDataProvider(&first_transaction); |
| 9214 | 9213 |
| 9215 SSLSocketDataProvider ssl(ASYNC, OK); | 9214 SSLSocketDataProvider ssl(ASYNC, OK); |
| 9216 ssl.SetNextProto(GetParam()); | 9215 ssl.SetNextProto(GetParam()); |
| 9216 ssl.SetCertFromFile("spdy.pem"); | |
|
Ryan Hamilton
2015/04/15 21:24:34
Clever!
Bence
2015/04/23 17:17:07
Thanks. Too bad that it was vetoed in https://crr
| |
| 9217 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); | 9217 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); |
| 9218 | 9218 |
| 9219 scoped_ptr<SpdyFrame> req( | 9219 scoped_ptr<SpdyFrame> req( |
| 9220 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); | 9220 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); |
| 9221 MockWrite spdy_writes[] = { CreateMockWrite(*req) }; | 9221 MockWrite spdy_writes[] = { CreateMockWrite(*req) }; |
| 9222 | 9222 |
| 9223 scoped_ptr<SpdyFrame> resp(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1)); | 9223 scoped_ptr<SpdyFrame> resp(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1)); |
| 9224 scoped_ptr<SpdyFrame> data(spdy_util_.ConstructSpdyBodyFrame(1, true)); | 9224 scoped_ptr<SpdyFrame> data(spdy_util_.ConstructSpdyBodyFrame(1, true)); |
| 9225 MockRead spdy_reads[] = { | 9225 MockRead spdy_reads[] = { |
| 9226 CreateMockRead(*resp), | 9226 CreateMockRead(*resp), |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 9307 StaticSocketDataProvider hanging_socket( | 9307 StaticSocketDataProvider hanging_socket( |
| 9308 NULL, 0, NULL, 0); | 9308 NULL, 0, NULL, 0); |
| 9309 hanging_socket.set_connect_data(never_finishing_connect); | 9309 hanging_socket.set_connect_data(never_finishing_connect); |
| 9310 // Socket 2 and 3 are the hanging Alternate-Protocol and | 9310 // Socket 2 and 3 are the hanging Alternate-Protocol and |
| 9311 // non-Alternate-Protocol jobs from the 2nd transaction. | 9311 // non-Alternate-Protocol jobs from the 2nd transaction. |
| 9312 session_deps_.socket_factory->AddSocketDataProvider(&hanging_socket); | 9312 session_deps_.socket_factory->AddSocketDataProvider(&hanging_socket); |
| 9313 session_deps_.socket_factory->AddSocketDataProvider(&hanging_socket); | 9313 session_deps_.socket_factory->AddSocketDataProvider(&hanging_socket); |
| 9314 | 9314 |
| 9315 SSLSocketDataProvider ssl(ASYNC, OK); | 9315 SSLSocketDataProvider ssl(ASYNC, OK); |
| 9316 ssl.SetNextProto(GetParam()); | 9316 ssl.SetNextProto(GetParam()); |
| 9317 ssl.SetCertFromFile("spdy.pem"); | |
| 9317 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); | 9318 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); |
| 9318 | 9319 |
| 9319 scoped_ptr<SpdyFrame> req1( | 9320 scoped_ptr<SpdyFrame> req1( |
| 9320 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); | 9321 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); |
| 9321 scoped_ptr<SpdyFrame> req2( | 9322 scoped_ptr<SpdyFrame> req2( |
| 9322 spdy_util_.ConstructSpdyGet(NULL, 0, false, 3, LOWEST, true)); | 9323 spdy_util_.ConstructSpdyGet(NULL, 0, false, 3, LOWEST, true)); |
| 9323 MockWrite spdy_writes[] = { | 9324 MockWrite spdy_writes[] = { |
| 9324 CreateMockWrite(*req1), | 9325 CreateMockWrite(*req1), |
| 9325 CreateMockWrite(*req2), | 9326 CreateMockWrite(*req2), |
| 9326 }; | 9327 }; |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 9542 MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ), | 9543 MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ), |
| 9543 MockRead(ASYNC, OK), | 9544 MockRead(ASYNC, OK), |
| 9544 }; | 9545 }; |
| 9545 | 9546 |
| 9546 StaticSocketDataProvider first_transaction( | 9547 StaticSocketDataProvider first_transaction( |
| 9547 data_reads, arraysize(data_reads), NULL, 0); | 9548 data_reads, arraysize(data_reads), NULL, 0); |
| 9548 session_deps_.socket_factory->AddSocketDataProvider(&first_transaction); | 9549 session_deps_.socket_factory->AddSocketDataProvider(&first_transaction); |
| 9549 | 9550 |
| 9550 SSLSocketDataProvider ssl(ASYNC, OK); | 9551 SSLSocketDataProvider ssl(ASYNC, OK); |
| 9551 ssl.SetNextProto(GetParam()); | 9552 ssl.SetNextProto(GetParam()); |
| 9553 ssl.SetCertFromFile("spdy.pem"); | |
| 9552 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); | 9554 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); |
| 9553 | 9555 |
| 9554 scoped_ptr<SpdyFrame> req( | 9556 scoped_ptr<SpdyFrame> req( |
| 9555 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); | 9557 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); |
| 9556 MockWrite spdy_writes[] = { | 9558 MockWrite spdy_writes[] = { |
| 9557 MockWrite("CONNECT www.google.com:443 HTTP/1.1\r\n" | 9559 MockWrite("CONNECT www.google.com:443 HTTP/1.1\r\n" |
| 9558 "Host: www.google.com\r\n" | 9560 "Host: www.google.com\r\n" |
| 9559 "Proxy-Connection: keep-alive\r\n\r\n"), // 0 | 9561 "Proxy-Connection: keep-alive\r\n\r\n"), // 0 |
| 9560 CreateMockWrite(*req), // 3 | 9562 CreateMockWrite(*req), // 3 |
| 9561 }; | 9563 }; |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 9651 MockRead("hello world"), | 9653 MockRead("hello world"), |
| 9652 MockRead(ASYNC, OK), | 9654 MockRead(ASYNC, OK), |
| 9653 }; | 9655 }; |
| 9654 | 9656 |
| 9655 StaticSocketDataProvider first_transaction( | 9657 StaticSocketDataProvider first_transaction( |
| 9656 data_reads, arraysize(data_reads), NULL, 0); | 9658 data_reads, arraysize(data_reads), NULL, 0); |
| 9657 session_deps_.socket_factory->AddSocketDataProvider(&first_transaction); | 9659 session_deps_.socket_factory->AddSocketDataProvider(&first_transaction); |
| 9658 | 9660 |
| 9659 SSLSocketDataProvider ssl(ASYNC, OK); | 9661 SSLSocketDataProvider ssl(ASYNC, OK); |
| 9660 ssl.SetNextProto(GetParam()); | 9662 ssl.SetNextProto(GetParam()); |
| 9663 ssl.SetCertFromFile("spdy.pem"); | |
| 9661 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); | 9664 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); |
| 9662 | 9665 |
| 9663 scoped_ptr<SpdyFrame> req( | 9666 scoped_ptr<SpdyFrame> req( |
| 9664 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); | 9667 spdy_util_.ConstructSpdyGet(NULL, 0, false, 1, LOWEST, true)); |
| 9665 MockWrite spdy_writes[] = { CreateMockWrite(*req) }; | 9668 MockWrite spdy_writes[] = { CreateMockWrite(*req) }; |
| 9666 | 9669 |
| 9667 scoped_ptr<SpdyFrame> resp(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1)); | 9670 scoped_ptr<SpdyFrame> resp(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1)); |
| 9668 scoped_ptr<SpdyFrame> data(spdy_util_.ConstructSpdyBodyFrame(1, true)); | 9671 scoped_ptr<SpdyFrame> data(spdy_util_.ConstructSpdyBodyFrame(1, true)); |
| 9669 MockRead spdy_reads[] = { | 9672 MockRead spdy_reads[] = { |
| 9670 CreateMockRead(*resp), | 9673 CreateMockRead(*resp), |
| (...skipping 879 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 10550 CreateMockRead(*resp.get(), 6), | 10553 CreateMockRead(*resp.get(), 6), |
| 10551 CreateMockRead(*data.get(), 6), | 10554 CreateMockRead(*data.get(), 6), |
| 10552 MockRead(ASYNC, 0, 0, 6), | 10555 MockRead(ASYNC, 0, 0, 6), |
| 10553 }; | 10556 }; |
| 10554 OrderedSocketData data_2( | 10557 OrderedSocketData data_2( |
| 10555 data_reads_2, arraysize(data_reads_2), | 10558 data_reads_2, arraysize(data_reads_2), |
| 10556 data_writes_2, arraysize(data_writes_2)); | 10559 data_writes_2, arraysize(data_writes_2)); |
| 10557 | 10560 |
| 10558 SSLSocketDataProvider ssl(ASYNC, OK); | 10561 SSLSocketDataProvider ssl(ASYNC, OK); |
| 10559 ssl.SetNextProto(GetParam()); | 10562 ssl.SetNextProto(GetParam()); |
| 10563 ssl.SetCertFromFile("spdy.pem"); | |
| 10560 | 10564 |
| 10561 MockConnect never_finishing_connect(SYNCHRONOUS, ERR_IO_PENDING); | 10565 MockConnect never_finishing_connect(SYNCHRONOUS, ERR_IO_PENDING); |
| 10562 StaticSocketDataProvider hanging_non_alternate_protocol_socket( | 10566 StaticSocketDataProvider hanging_non_alternate_protocol_socket( |
| 10563 NULL, 0, NULL, 0); | 10567 NULL, 0, NULL, 0); |
| 10564 hanging_non_alternate_protocol_socket.set_connect_data( | 10568 hanging_non_alternate_protocol_socket.set_connect_data( |
| 10565 never_finishing_connect); | 10569 never_finishing_connect); |
| 10566 | 10570 |
| 10567 session_deps_.socket_factory->AddSocketDataProvider(&data_1); | 10571 session_deps_.socket_factory->AddSocketDataProvider(&data_1); |
| 10568 session_deps_.socket_factory->AddSocketDataProvider(&data_2); | 10572 session_deps_.socket_factory->AddSocketDataProvider(&data_2); |
| 10569 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); | 10573 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); |
| (...skipping 1187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 11757 HttpNetworkTransaction trans2(MEDIUM, session.get()); | 11761 HttpNetworkTransaction trans2(MEDIUM, session.get()); |
| 11758 TestCompletionCallback callback2; | 11762 TestCompletionCallback callback2; |
| 11759 EXPECT_EQ(ERR_IO_PENDING, | 11763 EXPECT_EQ(ERR_IO_PENDING, |
| 11760 trans2.Start(&request2, callback2.callback(), BoundNetLog())); | 11764 trans2.Start(&request2, callback2.callback(), BoundNetLog())); |
| 11761 base::MessageLoop::current()->RunUntilIdle(); | 11765 base::MessageLoop::current()->RunUntilIdle(); |
| 11762 | 11766 |
| 11763 EXPECT_EQ(OK, callback2.WaitForResult()); | 11767 EXPECT_EQ(OK, callback2.WaitForResult()); |
| 11764 EXPECT_FALSE(trans2.GetResponseInfo()->was_fetched_via_spdy); | 11768 EXPECT_FALSE(trans2.GetResponseInfo()->was_fetched_via_spdy); |
| 11765 } | 11769 } |
| 11766 | 11770 |
| 11771 class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest { | |
| 11772 public: | |
| 11773 void Run(bool pooling, bool valid) { | |
| 11774 HostPortPair origin(valid ? "mail.example.org" : "invalid.example.org", | |
| 11775 443); | |
| 11776 HostPortPair alternative("www.example.org", 443); | |
| 11777 | |
| 11778 SSLSocketDataProvider ssl(ASYNC, OK); | |
| 11779 ssl.SetNextProto(GetParam()); | |
| 11780 ssl.SetCertFromFile("spdy_pooling.pem"); | |
| 11781 bool common_name_fallback_used; | |
| 11782 EXPECT_EQ(valid, ssl.cert->VerifyNameMatch(origin.host(), | |
| 11783 &common_name_fallback_used)); | |
| 11784 EXPECT_TRUE(ssl.cert->VerifyNameMatch(alternative.host(), | |
| 11785 &common_name_fallback_used)); | |
| 11786 session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl); | |
| 11787 | |
| 11788 // If pooling, then start a request to alternative first to create a | |
| 11789 // SpdySession. | |
| 11790 std::string url0 = "https://www.example.org:443"; | |
| 11791 // Second request to origin, which has an alternative service, and could | |
| 11792 // open a connection to the alternative host or pool to the existing one. | |
| 11793 std::string url1("https://"); | |
| 11794 url1.append(origin.host()); | |
| 11795 url1.append(":443"); | |
| 11796 | |
| 11797 scoped_ptr<SpdyFrame> req0; | |
| 11798 scoped_ptr<SpdyFrame> req1; | |
| 11799 scoped_ptr<SpdyFrame> resp0; | |
| 11800 scoped_ptr<SpdyFrame> body0; | |
| 11801 scoped_ptr<SpdyFrame> resp1; | |
| 11802 scoped_ptr<SpdyFrame> body1; | |
| 11803 std::vector<MockWrite> writes; | |
| 11804 std::vector<MockRead> reads; | |
| 11805 | |
| 11806 if (pooling) { | |
| 11807 req0.reset(spdy_util_.ConstructSpdyGet(url0.c_str(), false, 1, LOWEST)); | |
| 11808 req1.reset(spdy_util_.ConstructSpdyGet(url1.c_str(), false, 3, LOWEST)); | |
| 11809 | |
| 11810 writes.push_back(CreateMockWrite(*req0, 0)); | |
| 11811 writes.push_back(CreateMockWrite(*req1, 3)); | |
| 11812 | |
| 11813 resp0.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1)); | |
| 11814 body0.reset(spdy_util_.ConstructSpdyBodyFrame(1, true)); | |
| 11815 resp1.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3)); | |
| 11816 body1.reset(spdy_util_.ConstructSpdyBodyFrame(3, true)); | |
| 11817 | |
| 11818 reads.push_back(CreateMockRead(*resp0, 1)); | |
| 11819 reads.push_back(CreateMockRead(*body0, 2)); | |
| 11820 reads.push_back(MockRead(ASYNC, ERR_IO_PENDING, 4)); | |
| 11821 reads.push_back(CreateMockRead(*resp1, 5)); | |
| 11822 reads.push_back(CreateMockRead(*body1, 6)); | |
| 11823 reads.push_back(MockRead(ASYNC, OK, 7)); | |
| 11824 } else { | |
| 11825 req1.reset(spdy_util_.ConstructSpdyGet(url1.c_str(), false, 1, LOWEST)); | |
| 11826 | |
| 11827 writes.push_back(CreateMockWrite(*req1, 0)); | |
| 11828 | |
| 11829 resp1.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1)); | |
| 11830 body1.reset(spdy_util_.ConstructSpdyBodyFrame(1, true)); | |
| 11831 | |
| 11832 reads.push_back(CreateMockRead(*resp1, 1)); | |
| 11833 reads.push_back(CreateMockRead(*body1, 2)); | |
| 11834 reads.push_back(MockRead(ASYNC, OK, 3)); | |
| 11835 } | |
| 11836 | |
| 11837 OrderedSocketData data(vector_as_array(&reads), reads.size(), | |
| 11838 vector_as_array(&writes), writes.size()); | |
| 11839 session_deps_.socket_factory->AddSocketDataProvider(&data); | |
| 11840 | |
| 11841 // Connection to the origin fails. | |
| 11842 MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED); | |
| 11843 StaticSocketDataProvider data_refused; | |
| 11844 data_refused.set_connect_data(mock_connect); | |
| 11845 session_deps_.socket_factory->AddSocketDataProvider(&data_refused); | |
| 11846 | |
| 11847 session_deps_.use_alternate_protocols = true; | |
| 11848 scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_)); | |
| 11849 base::WeakPtr<HttpServerProperties> http_server_properties = | |
| 11850 session->http_server_properties(); | |
| 11851 AlternativeService alternative_service( | |
| 11852 AlternateProtocolFromNextProto(GetParam()), alternative); | |
| 11853 http_server_properties->SetAlternativeService(origin, alternative_service, | |
| 11854 1.0); | |
| 11855 | |
| 11856 // First request to alternative. | |
| 11857 if (pooling) { | |
| 11858 scoped_ptr<HttpTransaction> trans0( | |
| 11859 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); | |
| 11860 HttpRequestInfo request0; | |
| 11861 request0.method = "GET"; | |
| 11862 request0.url = GURL(url0); | |
| 11863 request0.load_flags = 0; | |
| 11864 TestCompletionCallback callback0; | |
| 11865 | |
| 11866 int rv = trans0->Start(&request0, callback0.callback(), BoundNetLog()); | |
| 11867 EXPECT_EQ(ERR_IO_PENDING, rv); | |
| 11868 rv = callback0.WaitForResult(); | |
| 11869 EXPECT_EQ(OK, rv); | |
| 11870 } | |
| 11871 | |
| 11872 // Second request to origin. | |
| 11873 scoped_ptr<HttpTransaction> trans1( | |
| 11874 new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get())); | |
| 11875 HttpRequestInfo request1; | |
| 11876 request1.method = "GET"; | |
| 11877 request1.url = GURL(url1); | |
| 11878 request1.load_flags = 0; | |
| 11879 TestCompletionCallback callback1; | |
| 11880 | |
| 11881 int rv = trans1->Start(&request1, callback1.callback(), BoundNetLog()); | |
| 11882 EXPECT_EQ(ERR_IO_PENDING, rv); | |
| 11883 rv = callback1.WaitForResult(); | |
| 11884 if (valid) { | |
| 11885 EXPECT_EQ(OK, rv); | |
| 11886 } else { | |
| 11887 if (pooling) { | |
| 11888 EXPECT_EQ(ERR_CONNECTION_REFUSED, rv); | |
| 11889 } else { | |
| 11890 EXPECT_EQ(ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN, rv); | |
| 11891 } | |
| 11892 } | |
| 11893 } | |
| 11894 }; | |
| 11895 | |
| 11896 INSTANTIATE_TEST_CASE_P(NextProto, | |
| 11897 AltSvcCertificateVerificationTest, | |
| 11898 testing::Values(kProtoSPDY31, | |
| 11899 kProtoSPDY4_14, | |
| 11900 kProtoSPDY4)); | |
| 11901 | |
| 11902 // The alternative service host must exhibit a certificate that is valid for the | |
| 11903 // origin host. Test that this is enforced when pooling to an existing | |
| 11904 // connection. | |
| 11905 TEST_P(AltSvcCertificateVerificationTest, PoolingValid) { | |
| 11906 Run(true, true); | |
| 11907 } | |
| 11908 | |
| 11909 TEST_P(AltSvcCertificateVerificationTest, PoolingInvalid) { | |
| 11910 Run(true, false); | |
| 11911 } | |
| 11912 | |
| 11913 // The alternative service host must exhibit a certificate that is valid for the | |
| 11914 // origin host. Test that this is enforced when opening a new connection. | |
| 11915 TEST_P(AltSvcCertificateVerificationTest, NewConnectionValid) { | |
| 11916 Run(false, true); | |
| 11917 } | |
| 11918 | |
| 11919 TEST_P(AltSvcCertificateVerificationTest, NewConnectionInvalid) { | |
| 11920 Run(false, false); | |
| 11921 } | |
| 11922 | |
| 11767 TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) { | 11923 TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttpOverTunnel) { |
| 11768 const std::string https_url = "https://www.google.com:8080/"; | 11924 const std::string https_url = "https://www.google.com:8080/"; |
| 11769 const std::string http_url = "http://www.google.com:8080/"; | 11925 const std::string http_url = "http://www.google.com:8080/"; |
| 11770 | 11926 |
| 11771 // SPDY GET for HTTPS URL (through CONNECT tunnel) | 11927 // SPDY GET for HTTPS URL (through CONNECT tunnel) |
| 11772 const HostPortPair host_port_pair("www.google.com", 8080); | 11928 const HostPortPair host_port_pair("www.google.com", 8080); |
| 11773 scoped_ptr<SpdyFrame> connect( | 11929 scoped_ptr<SpdyFrame> connect( |
| 11774 spdy_util_.ConstructSpdyConnect(NULL, 0, 1, LOWEST, host_port_pair)); | 11930 spdy_util_.ConstructSpdyConnect(NULL, 0, 1, LOWEST, host_port_pair)); |
| 11775 scoped_ptr<SpdyFrame> req1( | 11931 scoped_ptr<SpdyFrame> req1( |
| 11776 spdy_util_.ConstructSpdyGet(https_url.c_str(), false, 1, LOWEST)); | 11932 spdy_util_.ConstructSpdyGet(https_url.c_str(), false, 1, LOWEST)); |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 11934 MockConnect connect_data2(ASYNC, OK); | 12090 MockConnect connect_data2(ASYNC, OK); |
| 11935 data2->set_connect_data(connect_data2); | 12091 data2->set_connect_data(connect_data2); |
| 11936 | 12092 |
| 11937 // Set up a proxy config that sends HTTP requests to a proxy, and | 12093 // Set up a proxy config that sends HTTP requests to a proxy, and |
| 11938 // all others direct. | 12094 // all others direct. |
| 11939 ProxyConfig proxy_config; | 12095 ProxyConfig proxy_config; |
| 11940 proxy_config.proxy_rules().ParseFromString("http=https://proxy:443"); | 12096 proxy_config.proxy_rules().ParseFromString("http=https://proxy:443"); |
| 11941 session_deps_.proxy_service.reset(new ProxyService( | 12097 session_deps_.proxy_service.reset(new ProxyService( |
| 11942 new ProxyConfigServiceFixed(proxy_config), nullptr, NULL)); | 12098 new ProxyConfigServiceFixed(proxy_config), nullptr, NULL)); |
| 11943 | 12099 |
| 12100 SSLSocketDataProvider ssl1(ASYNC, OK); // to the proxy | |
| 12101 ssl1.SetNextProto(GetParam()); | |
| 11944 // Load a valid cert. Note, that this does not need to | 12102 // Load a valid cert. Note, that this does not need to |
| 11945 // be valid for proxy because the MockSSLClientSocket does | 12103 // be valid for proxy because the MockSSLClientSocket does |
| 11946 // not actually verify it. But SpdySession will use this | 12104 // not actually verify it. But SpdySession will use this |
| 11947 // to see if it is valid for the new origin | 12105 // to see if it is valid for the new origin |
| 11948 base::FilePath certs_dir = GetTestCertsDirectory(); | 12106 ssl1.SetCertFromFile("ok_cert.pem"); |
| 11949 scoped_refptr<X509Certificate> server_cert( | |
| 11950 ImportCertFromFile(certs_dir, "ok_cert.pem")); | |
| 11951 ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert.get()); | |
| 11952 | |
| 11953 SSLSocketDataProvider ssl1(ASYNC, OK); // to the proxy | |
| 11954 ssl1.SetNextProto(GetParam()); | |
| 11955 ssl1.cert = server_cert; | |
| 11956 session_deps_.deterministic_socket_factory->AddSSLSocketDataProvider(&ssl1); | 12107 session_deps_.deterministic_socket_factory->AddSSLSocketDataProvider(&ssl1); |
| 11957 session_deps_.deterministic_socket_factory->AddSocketDataProvider( | 12108 session_deps_.deterministic_socket_factory->AddSocketDataProvider( |
| 11958 data1.get()); | 12109 data1.get()); |
| 11959 | 12110 |
| 11960 SSLSocketDataProvider ssl2(ASYNC, OK); // to the server | 12111 SSLSocketDataProvider ssl2(ASYNC, OK); // to the server |
| 11961 ssl2.SetNextProto(GetParam()); | 12112 ssl2.SetNextProto(GetParam()); |
| 11962 session_deps_.deterministic_socket_factory->AddSSLSocketDataProvider(&ssl2); | 12113 session_deps_.deterministic_socket_factory->AddSSLSocketDataProvider(&ssl2); |
| 11963 session_deps_.deterministic_socket_factory->AddSocketDataProvider( | 12114 session_deps_.deterministic_socket_factory->AddSocketDataProvider( |
| 11964 data2.get()); | 12115 data2.get()); |
| 11965 | 12116 |
| (...skipping 1817 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 13783 ASSERT_TRUE(response); | 13934 ASSERT_TRUE(response); |
| 13784 ASSERT_TRUE(response->headers.get()); | 13935 ASSERT_TRUE(response->headers.get()); |
| 13785 | 13936 |
| 13786 EXPECT_EQ(101, response->headers->response_code()); | 13937 EXPECT_EQ(101, response->headers->response_code()); |
| 13787 | 13938 |
| 13788 trans.reset(); | 13939 trans.reset(); |
| 13789 session->CloseAllConnections(); | 13940 session->CloseAllConnections(); |
| 13790 } | 13941 } |
| 13791 | 13942 |
| 13792 } // namespace net | 13943 } // namespace net |
| OLD | NEW |
