Support for server session cache.

net/socket/ssl_server_socket_unittest.cc

Index: net/socket/ssl_server_socket_unittest.cc
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index 9a2dd9cadd6ee38e6b529d970874643ce4f6a824..bbb54baa65d01669c39fb74486364625f5c75d75 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -204,9 +204,7 @@ class FakeSocket : public StreamSocket {
  public:
   FakeSocket(FakeDataChannel* incoming_channel,
              FakeDataChannel* outgoing_channel)
-      : incoming_(incoming_channel),
-        outgoing_(outgoing_channel) {
-  }
+      : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
 
   ~FakeSocket() override {}
 
@@ -337,47 +335,66 @@ class SSLServerSocketTest : public PlatformTest {
       : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
         cert_verifier_(new MockCertVerifier()),
         client_cert_verifier_(new MockClientCertVerifier()),
-        transport_security_state_(new TransportSecurityState) {
+        transport_security_state_(new TransportSecurityState),
+        initialized_(false) {
     cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
     client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
   }
 
  protected:
-  void Initialize() {
-    scoped_ptr<ClientSocketHandle> client_connection(new ClientSocketHandle);
-    client_connection->SetSocket(
-        scoped_ptr<StreamSocket>(new FakeSocket(&channel_1_, &channel_2_)));
-    scoped_ptr<StreamSocket> server_socket(
-        new FakeSocket(&channel_2_, &channel_1_));
-
+  void InitializeContext() {
+    std::string server_cert_der;
     scoped_refptr<X509Certificate> server_cert(
         ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der"));
     scoped_ptr<crypto::RSAPrivateKey> server_private_key(
         ReadTestKey("unittest.key.bin"));
+    server_context_ = CreateSSLServerContext(
+        server_cert.get(), *server_private_key, server_ssl_config_);
+
+    if (!initialized_) {
+      initialized_ = true;

[davidben, 2016/02/24 21:01:26]

Ugh, globals. :-( Having you rewrite every test would be silly, but perhaps this
kind of a split would be tidier. What do you think?

1. Move lines 347-350 into the constructor. Save server_cert_ and
server_private_key_ since unlike everything else, those are actually logically
constants.

2. Move this block of code into the constructor.

3. Make channel_1_ and channel_2_ be scoped_ptr so you can drop them and create
new ones.

4. InitializeContext will:
   a) Reset sockets and channels because you're about to destroy the old server
context.
   b) Reset server_contet_

5. InitializeSockets will:
   a) Reset any existing sockets and channels.
   b) Create new FakeDataChannel objects and new sockets.

6. Optional: Maybe Initialize -> Create since you call it multiple times? Dunno.

Basically this is to merge InitialCacheSockets into InitializeSockets and get
rid of this awkward thing where InitializeContext is even more stateful than
before.

[ryanchung, 2016/02/25 00:46:39]

Done. Yes, this will make it a lot cleaner! Thanks.

+      client_ssl_config_.false_start_enabled = false;
+      client_ssl_config_.channel_id_enabled = false;
+
+      // Certificate provided by the host doesn't need authority.
+      SSLConfig::CertAndStatus cert_and_status;
+      cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID;
+      std::string server_cert_der;
+      CHECK(X509Certificate::GetDEREncoded(server_cert->os_cert_handle(),
+                                           &server_cert_der));
+      cert_and_status.der_cert = server_cert_der;
+      client_ssl_config_.allowed_bad_certs.push_back(cert_and_status);
+
+      socket_factory_->ClearSSLSessionCache();

[davidben, 2016/02/24 21:01:26]

[Chatted out-of-band, but I think we can remove this line.]

[ryanchung, 2016/02/25 00:46:39]

Done.

+    }
+  }
 
-    client_ssl_config_.false_start_enabled = false;
-    client_ssl_config_.channel_id_enabled = false;
-
-    // Certificate provided by the host doesn't need authority.
-    SSLConfig::CertAndStatus cert_and_status;
-    cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID;
-    std::string server_cert_der;
-    CHECK(X509Certificate::GetDEREncoded(server_cert->os_cert_handle(),
-                                         &server_cert_der));
-    cert_and_status.der_cert = server_cert_der;
-    client_ssl_config_.allowed_bad_certs.push_back(cert_and_status);
+  void InitializeClientServerSocket(FakeDataChannel* channel_1,
+                                    FakeDataChannel* channel_2) {
+    scoped_ptr<ClientSocketHandle> client_connection(new ClientSocketHandle);
+    client_connection->SetSocket(
+        scoped_ptr<StreamSocket>(new FakeSocket(channel_1, channel_2)));
+    scoped_ptr<StreamSocket> server_socket(
+        new FakeSocket(channel_2, channel_1));
 
     HostPortPair host_and_pair("unittest", 0);
     SSLClientSocketContext context;
     context.cert_verifier = cert_verifier_.get();
     context.transport_security_state = transport_security_state_.get();
-    socket_factory_->ClearSSLSessionCache();
     client_socket_ = socket_factory_->CreateSSLClientSocket(
         std::move(client_connection), host_and_pair, client_ssl_config_,
         context);
+
     server_socket_ =
-        CreateSSLServerSocket(std::move(server_socket), server_cert.get(),
-                              *server_private_key, server_ssl_config_);
+        server_context_->CreateSSLServerSocket(std::move(server_socket));
+  }
+
+  void InitializeSockets() {
+    InitializeClientServerSocket(&channel_1a, &channel_1b);
+  }
+
+  void InitializeCacheSockets() {
+    InitializeClientServerSocket(&channel_2a, &channel_2b);
   }
 
 #if defined(USE_OPENSSL)
@@ -434,8 +451,10 @@ class SSLServerSocketTest : public PlatformTest {
   }
 #endif
 
-  FakeDataChannel channel_1_;
-  FakeDataChannel channel_2_;
+  FakeDataChannel channel_1a;
+  FakeDataChannel channel_1b;
+  FakeDataChannel channel_2a;
+  FakeDataChannel channel_2b;

[davidben, 2016/02/24 21:01:26]

Style: Should end with underscores.

[ryanchung, 2016/02/25 00:46:39]

Done.

   SSLConfig client_ssl_config_;
   SSLServerConfig server_ssl_config_;
   scoped_ptr<SSLClientSocket> client_socket_;
@@ -444,20 +463,24 @@ class SSLServerSocketTest : public PlatformTest {
   scoped_ptr<MockCertVerifier> cert_verifier_;
   scoped_ptr<MockClientCertVerifier> client_cert_verifier_;
   scoped_ptr<TransportSecurityState> transport_security_state_;
+  scoped_ptr<SSLServerContext> server_context_;
+  bool initialized_;
 };
 
 // This test only executes creation of client and server sockets. This is to
 // test that creation of sockets doesn't crash and have minimal code to run
 // under valgrind in order to help debugging memory problems.
 TEST_F(SSLServerSocketTest, Initialize) {
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
 }
 
 // This test executes Connect() on SSLClientSocket and Handshake() on
 // SSLServerSocket to make sure handshaking between the two sockets is
 // completed successfully.
 TEST_F(SSLServerSocketTest, Handshake) {
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
 
   TestCompletionCallback handshake_callback;
   int server_ret = server_socket_->Handshake(handshake_callback.callback());
@@ -489,7 +512,97 @@ TEST_F(SSLServerSocketTest, Handshake) {
   EXPECT_TRUE(is_aead);
 }
 
-// NSS ports don't support client certificates.
+// This tests makes sure the session cache is working

[davidben, 2016/02/24 21:01:26]

(I suspect this test or the following one will blow up on NSS. You'll probably
need to move them under the #ifdef.)

[ryanchung, 2016/02/25 00:46:39]

Done.

+TEST_F(SSLServerSocketTest, HandshakeCached) {
+  InitializeContext();
+  InitializeSockets();
+
+  TestCompletionCallback handshake_callback;
+  int server_ret = server_socket_->Handshake(handshake_callback.callback());
+
+  TestCompletionCallback connect_callback;
+  int client_ret = client_socket_->Connect(connect_callback.callback());
+
+  client_ret = connect_callback.GetResult(client_ret);
+  server_ret = handshake_callback.GetResult(server_ret);
+
+  ASSERT_EQ(OK, client_ret);
+  ASSERT_EQ(OK, server_ret);
+
+  // Make sure the cert status is expected.
+  SSLInfo ssl_info;
+  ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
+  EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);

[davidben, 2016/02/24 21:01:26]

(You probably don't need to bother with checking the cert status. Ditto below)

[ryanchung, 2016/02/25 00:46:39]

Done.

+  EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);

[davidben, 2016/02/24 21:01:26]

Maybe check both the client and server SSLInfo? Ditto below.

[ryanchung, 2016/02/25 00:46:39]

Done.

+
+  // Make sure the second connection is cached

[davidben, 2016/02/24 21:01:26]

Nit: period at end

[ryanchung, 2016/02/25 00:46:39]

Done.

+  InitializeCacheSockets();
+  TestCompletionCallback handshake_callback2;
+  int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
+
+  TestCompletionCallback connect_callback2;
+  int client_ret2 = client_socket_->Connect(connect_callback2.callback());
+
+  client_ret2 = connect_callback2.GetResult(client_ret2);
+  server_ret2 = handshake_callback2.GetResult(server_ret2);
+
+  ASSERT_EQ(OK, client_ret2);
+  ASSERT_EQ(OK, server_ret2);
+
+  // Make sure the cert status is expected.
+  SSLInfo ssl_info2;
+  ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
+  EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info2.cert_status);
+  EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
+}
+
+// This tests makes sure the session cache separates out by server context
+TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
+  InitializeContext();
+  InitializeSockets();
+
+  TestCompletionCallback handshake_callback;
+  int server_ret = server_socket_->Handshake(handshake_callback.callback());
+
+  TestCompletionCallback connect_callback;
+  int client_ret = client_socket_->Connect(connect_callback.callback());
+
+  client_ret = connect_callback.GetResult(client_ret);
+  server_ret = handshake_callback.GetResult(server_ret);
+
+  ASSERT_EQ(OK, client_ret);
+  ASSERT_EQ(OK, server_ret);
+
+  // Make sure the cert status is expected.
+  SSLInfo ssl_info;
+  ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
+  EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
+  EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
+
+  // Make sure the second connection is NOT cached when using a new context.
+  InitializeContext();
+  InitializeCacheSockets();
+
+  TestCompletionCallback handshake_callback2;
+  int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
+
+  TestCompletionCallback connect_callback2;
+  int client_ret2 = client_socket_->Connect(connect_callback2.callback());
+
+  client_ret2 = connect_callback2.GetResult(client_ret2);
+  server_ret2 = handshake_callback2.GetResult(server_ret2);
+
+  ASSERT_EQ(OK, client_ret2);
+  ASSERT_EQ(OK, server_ret2);
+
+  // Make sure the cert status is expected.
+  SSLInfo ssl_info2;
+  ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
+  EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info2.cert_status);
+  EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
+}
+
+// NSS ports don't support client certificates
 #if defined(USE_OPENSSL)
 
 // This test executes Connect() on SSLClientSocket and Handshake() on
@@ -500,7 +613,8 @@ TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
       ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
   ConfigureClientCertsForClient(kClientCertFileName, kClientPrivateKeyFileName);
   ConfigureClientCertsForServer();
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
 
   TestCompletionCallback handshake_callback;
   int server_ret = server_socket_->Handshake(handshake_callback.callback());
@@ -523,9 +637,69 @@ TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
   EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
 }
 
+// This test executes Connect() on SSLClientSocket and Handshake() twice on
+// SSLServerSocket to make sure handshaking between the two sockets is
+// completed successfully, using client certificate. The second connection is
+// expected to succeed through the session cache.
+TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
+  scoped_refptr<X509Certificate> client_cert =
+      ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
+  ConfigureClientCertsForClient(kClientCertFileName, kClientPrivateKeyFileName);
+  ConfigureClientCertsForServer();
+  InitializeContext();
+  InitializeSockets();
+
+  TestCompletionCallback handshake_callback;
+  int server_ret = server_socket_->Handshake(handshake_callback.callback());
+
+  TestCompletionCallback connect_callback;
+  int client_ret = client_socket_->Connect(connect_callback.callback());
+
+  client_ret = connect_callback.GetResult(client_ret);
+  server_ret = handshake_callback.GetResult(server_ret);
+
+  ASSERT_EQ(OK, client_ret);
+  ASSERT_EQ(OK, server_ret);
+
+  // Make sure the cert status is expected.
+  SSLInfo ssl_info;
+  client_socket_->GetSSLInfo(&ssl_info);
+  EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
+  server_socket_->GetSSLInfo(&ssl_info);
+  EXPECT_TRUE(ssl_info.cert.get());
+  EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
+  EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
+  server_socket_->Disconnect();
+  client_socket_->Disconnect();
+
+  // Create the connection again

[davidben, 2016/02/24 21:01:26]

Nit: period at end

[ryanchung, 2016/02/25 00:46:39]

Done.

+  InitializeCacheSockets();
+  TestCompletionCallback handshake_callback2;
+  int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
+
+  TestCompletionCallback connect_callback2;
+  int client_ret2 = client_socket_->Connect(connect_callback2.callback());
+
+  client_ret2 = connect_callback2.GetResult(client_ret2);
+  server_ret2 = handshake_callback2.GetResult(server_ret2);
+
+  ASSERT_EQ(OK, client_ret2);
+  ASSERT_EQ(OK, server_ret2);
+
+  // Make sure the cert status is expected.
+  SSLInfo ssl_info2;
+  client_socket_->GetSSLInfo(&ssl_info2);
+  EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info2.cert_status);
+  server_socket_->GetSSLInfo(&ssl_info2);
+  EXPECT_TRUE(ssl_info2.cert.get());
+  EXPECT_TRUE(client_cert->Equals(ssl_info2.cert.get()));
+  EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
+}
+
 TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
   ConfigureClientCertsForServer();
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
   // Use the default setting for the client socket, which is to not send
   // a client certificate. This will cause the client to receive an
   // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
@@ -554,13 +728,89 @@ TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
   EXPECT_EQ(ERR_FAILED, handshake_callback.GetResult(server_ret));
 }
 
+TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
+  ConfigureClientCertsForServer();
+  InitializeContext();
+  InitializeSockets();
+  // Use the default setting for the client socket, which is to not send
+  // a client certificate. This will cause the client to receive an
+  // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
+  // requested cert_authorities from the CertificateRequest sent by the
+  // server.
+
+  TestCompletionCallback handshake_callback;
+  int server_ret = server_socket_->Handshake(handshake_callback.callback());
+
+  TestCompletionCallback connect_callback;
+  EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
+            connect_callback.GetResult(
+                client_socket_->Connect(connect_callback.callback())));
+
+  scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
+  client_socket_->GetSSLCertRequestInfo(request_info.get());
+
+  // Check that the authority name that arrived in the CertificateRequest
+  // handshake message is as expected.
+  scoped_refptr<X509Certificate> client_cert =
+      ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
+  EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
+
+  client_socket_->Disconnect();
+
+  EXPECT_EQ(ERR_FAILED, handshake_callback.GetResult(server_ret));
+  server_socket_->Disconnect();
+
+  // Below, check that the cache didn't store the result of a failed handshake

[davidben, 2016/02/24 21:01:26]

Nit: period at end.

[ryanchung, 2016/02/25 00:46:39]

Done.

+  InitializeCacheSockets();
+  TestCompletionCallback handshake_callback2;
+  int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
+
+  TestCompletionCallback connect_callback2;
+  EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
+            connect_callback2.GetResult(
+                client_socket_->Connect(connect_callback2.callback())));
+
+  scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
+  client_socket_->GetSSLCertRequestInfo(request_info2.get());
+
+  // Check that the authority name that arrived in the CertificateRequest
+  // handshake message is as expected.
+  EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
+
+  client_socket_->Disconnect();
+
+  EXPECT_EQ(ERR_FAILED, handshake_callback2.GetResult(server_ret2));
+}
+
 TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
   scoped_refptr<X509Certificate> client_cert =
       ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
   ConfigureClientCertsForClient(kWrongClientCertFileName,
                                 kWrongClientPrivateKeyFileName);
   ConfigureClientCertsForServer();
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
+
+  TestCompletionCallback handshake_callback;
+  int server_ret = server_socket_->Handshake(handshake_callback.callback());
+
+  TestCompletionCallback connect_callback;
+  int client_ret = client_socket_->Connect(connect_callback.callback());
+
+  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
+            connect_callback.GetResult(client_ret));
+  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
+            handshake_callback.GetResult(server_ret));
+}
+
+TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
+  scoped_refptr<X509Certificate> client_cert =
+      ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
+  ConfigureClientCertsForClient(kWrongClientCertFileName,
+                                kWrongClientPrivateKeyFileName);
+  ConfigureClientCertsForServer();
+  InitializeContext();
+  InitializeSockets();
 
   TestCompletionCallback handshake_callback;
   int server_ret = server_socket_->Handshake(handshake_callback.callback());
@@ -572,11 +822,28 @@ TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
             connect_callback.GetResult(client_ret));
   EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
             handshake_callback.GetResult(server_ret));
+
+  client_socket_->Disconnect();
+  server_socket_->Disconnect();
+
+  // Below, check that the cache didn't store the result of a failed handshake

[davidben, 2016/02/24 21:01:26]

Nit: period at end.

[ryanchung, 2016/02/25 00:46:39]

Done.

+  InitializeCacheSockets();
+  TestCompletionCallback handshake_callback2;
+  int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
+
+  TestCompletionCallback connect_callback2;
+  int client_ret2 = client_socket_->Connect(connect_callback2.callback());
+
+  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
+            connect_callback2.GetResult(client_ret2));
+  EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
+            handshake_callback2.GetResult(server_ret2));
 }
 #endif  // defined(USE_OPENSSL)
 
 TEST_F(SSLServerSocketTest, DataTransfer) {
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
 
   // Establish connection.
   TestCompletionCallback connect_callback;
@@ -601,8 +868,8 @@ TEST_F(SSLServerSocketTest, DataTransfer) {
   // Write then read.
   TestCompletionCallback write_callback;
   TestCompletionCallback read_callback;
-  server_ret = server_socket_->Write(
-      write_buf.get(), write_buf->size(), write_callback.callback());
+  server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
+                                     write_callback.callback());
   EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
   client_ret = client_socket_->Read(
       read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
@@ -631,8 +898,8 @@ TEST_F(SSLServerSocketTest, DataTransfer) {
   server_ret = server_socket_->Read(
       read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
   EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
-  client_ret = client_socket_->Write(
-      write_buf.get(), write_buf->size(), write_callback.callback());
+  client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
+                                     write_callback.callback());
   EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
 
   server_ret = read_callback.GetResult(server_ret);
@@ -659,8 +926,8 @@ TEST_F(SSLServerSocketTest, DataTransfer) {
 // the client's Write() call should not cause an infinite loop.
 // NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
 TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
-  Initialize();
-
+  InitializeContext();
+  InitializeSockets();
 
   // Establish connection.
   TestCompletionCallback connect_callback;
@@ -683,8 +950,8 @@ TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
   // socket won't return ERR_IO_PENDING.  This ensures that the client
   // will call Read() on the transport socket again.
   TestCompletionCallback write_callback;
-  server_ret = server_socket_->Write(
-      write_buf.get(), write_buf->size(), write_callback.callback());
+  server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
+                                     write_callback.callback());
   EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
 
   server_ret = write_callback.GetResult(server_ret);
@@ -693,8 +960,8 @@ TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
   server_socket_->Disconnect();
 
   // The client writes some data. This should not cause an infinite loop.
-  client_ret = client_socket_->Write(
-      write_buf.get(), write_buf->size(), write_callback.callback());
+  client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
+                                     write_callback.callback());
   EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
 
   client_ret = write_callback.GetResult(client_ret);
@@ -710,7 +977,8 @@ TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
 // after connecting them, and verifies that the results match.
 // This test will fail if False Start is enabled (see crbug.com/90208).
 TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
 
   TestCompletionCallback connect_callback;
   int client_ret = client_socket_->Connect(connect_callback.callback());
@@ -731,23 +999,20 @@ TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
   const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
   const char kKeyingContext[] = "";
   unsigned char server_out[kKeyingMaterialSize];
-  int rv = server_socket_->ExportKeyingMaterial(kKeyingLabel,
-                                                false, kKeyingContext,
-                                                server_out, sizeof(server_out));
+  int rv = server_socket_->ExportKeyingMaterial(
+      kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
   ASSERT_EQ(OK, rv);
 
   unsigned char client_out[kKeyingMaterialSize];
-  rv = client_socket_->ExportKeyingMaterial(kKeyingLabel,
-                                            false, kKeyingContext,
+  rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
                                             client_out, sizeof(client_out));
   ASSERT_EQ(OK, rv);
   EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
 
   const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
   unsigned char client_bad[kKeyingMaterialSize];
-  rv = client_socket_->ExportKeyingMaterial(kKeyingLabelBad,
-                                            false, kKeyingContext,
-                                            client_bad, sizeof(client_bad));
+  rv = client_socket_->ExportKeyingMaterial(
+      kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
   ASSERT_EQ(rv, OK);
   EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
 }
@@ -773,7 +1038,8 @@ TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
   // Require ECDHE on the server.
   server_ssl_config_.require_ecdhe = true;
 
-  Initialize();
+  InitializeContext();
+  InitializeSockets();
 
   TestCompletionCallback connect_callback;
   int client_ret = client_socket_->Connect(connect_callback.callback());