Set Token-Binding HTTP header

net/http/http_network_transaction_ssl_unittest.cc

Index: net/http/http_network_transaction_ssl_unittest.cc
diff --git a/net/http/http_network_transaction_ssl_unittest.cc b/net/http/http_network_transaction_ssl_unittest.cc
index 4aa59a68f8e61eea70d601de5dd1ac6102722552..51f3406dcc2f32c801aaa6104edebcfa0622da04 100644
--- a/net/http/http_network_transaction_ssl_unittest.cc
+++ b/net/http/http_network_transaction_ssl_unittest.cc
@@ -18,6 +18,7 @@
 #include "net/http/transport_security_state.h"
 #include "net/proxy/proxy_service.h"
 #include "net/socket/socket_test_util.h"
+#include "net/ssl/default_channel_id_store.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
@@ -54,6 +55,20 @@ class TLS12SSLConfigService : public SSLConfigService {
   SSLConfig ssl_config_;
 };
 
+class TokenBindingSSLConfigService : public SSLConfigService {
+ public:
+  TokenBindingSSLConfigService() {
+    ssl_config_.token_binding_params.push_back(TB_PARAM_ECDSAP256);
+  }
+
+  void GetSSLConfig(SSLConfig* config) override { *config = ssl_config_; }
+
+ private:
+  ~TokenBindingSSLConfigService() override {}
+
+  SSLConfig ssl_config_;
+};
+
 }  // namespace
 
 class HttpNetworkTransactionSSLTest : public testing::Test {
@@ -148,5 +163,58 @@ TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) {
   EXPECT_TRUE(ssl_config.version_fallback);
 }
 
+#if !defined(OS_IOS)
+TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) {
+  ssl_config_service_ = new TokenBindingSSLConfigService;
+  session_params_.ssl_config_service = ssl_config_service_.get();
+  ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL),
+                                      base::ThreadTaskRunnerHandle::Get());
+  session_params_.channel_id_service = &channel_id_service;
+
+  SSLSocketDataProvider ssl_data(ASYNC, OK);
+  ssl_data.token_binding_negotiated = true;
+  ssl_data.token_binding_key_param = TB_PARAM_ECDSAP256;
+  mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data);
+  MockRead mock_reads[] = {MockRead("HTTP/1.1 200 OK\r\n\r\n"),
+                           MockRead(SYNCHRONOUS, OK)};
+  StaticSocketDataProvider data(mock_reads, arraysize(mock_reads), NULL, 0);
+  mock_socket_factory_.AddSocketDataProvider(&data);
+
+  HttpNetworkSession session(session_params_);
+  HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session);
+
+  TestCompletionCallback callback;
+  int rv =
+      callback.GetResult(trans.Start(GetRequestInfo("https://www.example.com/"),
+                                     callback.callback(), BoundNetLog()));
+  EXPECT_EQ(OK, rv);
+
+  HttpRequestHeaders headers1;
+  ASSERT_TRUE(trans.GetFullRequestHeaders(&headers1));
+  std::string token_binding_header1;
+  EXPECT_TRUE(headers1.GetHeader(HttpRequestHeaders::kTokenBinding,
+                                 &token_binding_header1));
+
+  // Send a second request and verify that the token binding header is the same
+  // as in the first request.
+  mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data);
+  StaticSocketDataProvider data2(mock_reads, arraysize(mock_reads), NULL, 0);
+  mock_socket_factory_.AddSocketDataProvider(&data2);
+
+  rv =
+      callback.GetResult(trans.Start(GetRequestInfo("https://www.example.com/"),
+                                     callback.callback(), BoundNetLog()));
+  EXPECT_EQ(OK, rv);
+
+  HttpRequestHeaders headers2;
+  ASSERT_TRUE(trans.GetFullRequestHeaders(&headers2));
+  std::string token_binding_header2;
+  EXPECT_TRUE(headers2.GetHeader(HttpRequestHeaders::kTokenBinding,
+                                 &token_binding_header2));
+
+  EXPECT_EQ(token_binding_header1, token_binding_header2);
+}
+#endif  // !defined(OS_IOS)
+
 }  // namespace net