Implement Token Binding negotiation TLS extension

net/socket/ssl_client_socket_unittest.cc

Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 77a0aab72aeb2fc5cb65696e72fbd5d7e3127e47..d5d91c6adb7502fff348e54b8e60b8a5747b88b2 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -3158,6 +3158,44 @@ TEST_F(SSLClientSocketTest, RequireECDHE) {
   EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
 }
 
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) {
+  SpawnedTestServer::SSLOptions ssl_options;
+  ssl_options.supported_token_binding_params.push_back(
+      TB_PARAM_ECDSAP256_SHA256);
+  ssl_options.disable_channel_id = true;
+  ASSERT_TRUE(ConnectToTestServer(ssl_options));
+
+  EnableChannelID();
+  SSLConfig ssl_config;
+  ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256);
+  ssl_config.channel_id_enabled = true;
+
+  int rv;
+  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+  EXPECT_EQ(OK, rv);
+  SSLInfo info;
+  EXPECT_TRUE(sock_->GetSSLInfo(&info));
+  EXPECT_TRUE(info.token_binding_negotiated);
+}
+
+TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) {
+  SpawnedTestServer::SSLOptions ssl_options;
+  ssl_options.supported_token_binding_params.push_back(
+      TB_PARAM_ECDSAP256_SHA256);
+  ssl_options.disable_extended_master_secret = true;
+  ssl_options.disable_channel_id = true;
+  ASSERT_TRUE(ConnectToTestServer(ssl_options));
+
+  EnableChannelID();
+  SSLConfig ssl_config;
+  ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256_SHA256);
+  ssl_config.channel_id_enabled = true;
+
+  int rv;
+  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+  EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv);
+}
+
 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
   if (!SupportsAESGCM()) {
     LOG(WARNING) << "Skipping test because AES-GCM is not supported.";