Chromium Code Reviews Chromium Code Reviews
Issue 1545403002:
Return false when trusted SPDY proxy advertises HTTPS URL (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/spdy/spdy_session.h" | 5 #include "net/spdy/spdy_session.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 4824 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4835 EXPECT_EQ(0u, session_->num_created_streams()); | 4835 EXPECT_EQ(0u, session_->num_created_streams()); |
| 4836 EXPECT_EQ(1u, session_->num_pushed_streams()); | 4836 EXPECT_EQ(1u, session_->num_pushed_streams()); |
| 4837 EXPECT_EQ(1u, session_->num_active_pushed_streams()); | 4837 EXPECT_EQ(1u, session_->num_active_pushed_streams()); |
| 4838 | 4838 |
| 4839 // Read EOF. | 4839 // Read EOF. |
| 4840 data.Resume(); | 4840 data.Resume(); |
| 4841 base::RunLoop().RunUntilIdle(); | 4841 base::RunLoop().RunUntilIdle(); |
| 4842 EXPECT_FALSE(session_); | 4842 EXPECT_FALSE(session_); |
| 4843 } | 4843 } |
| 4844 | 4844 |
| 4845 // Tests that HTTP SPDY push streams that advertise an origin different from the | |
| 4846 // associated stream are accepted from a trusted SPDY proxy. | |
| 4847 TEST_P(SpdySessionTest, TrustedSpdyProxy) { | |
| 4848 const std::string kAnotherURL = "example2.org"; | |
| 4849 // kDefaultURL should not contain kAnotherURL. | |
| 4850 ASSERT_TRUE(GURL(kDefaultURL).host().find(kAnotherURL) == std::string::npos); | |
| 4851 | |
| 4852 // Push resources for kAnotherURL which is different from kDefaultURL. | |
|
bengr
2016/01/08 18:57:27
This doesn't make sense. Maybe call kAnotherURL kA
tbansal1
2016/01/08 22:41:34
Done.
| |
| 4853 // cross_origin_push is HTTP, and should be accepted. cross_origin_https_push | |
| 4854 // is HTTPS, and should not be accepted. | |
| 4855 scoped_ptr<SpdyFrame> cross_origin_push(spdy_util_.ConstructSpdyPush( | |
| 4856 nullptr, 0, 2, 1, ("http://www." + kAnotherURL + "/a.dat").c_str())); | |
|
bengr
2016/01/08 18:57:27
My earlier comment was mainly about the example1 U
bengr
2016/01/08 19:06:35
Actually, if kDefaultURL is required by the test h
tbansal1
2016/01/08 22:41:34
Done.
| |
| 4857 // cross_origin_https_push is HTTPS, and should be refused. | |
| 4858 scoped_ptr<SpdyFrame> cross_origin_https_push(spdy_util_.ConstructSpdyPush( | |
| 4859 nullptr, 0, 4, 1, ("https://www." + kAnotherURL + "/b.dat").c_str())); | |
| 4860 MockRead reads[] = { | |
| 4861 MockRead(ASYNC, ERR_IO_PENDING, 1), | |
| 4862 CreateMockRead(*cross_origin_push, 2), | |
| 4863 MockRead(ASYNC, ERR_IO_PENDING, 3), | |
| 4864 CreateMockRead(*cross_origin_https_push, 4), | |
| 4865 MockRead(ASYNC, ERR_IO_PENDING, 6), | |
| 4866 MockRead(ASYNC, 0, 7), | |
| 4867 }; | |
| 4868 | |
| 4869 scoped_ptr<SpdyFrame> request( | |
| 4870 spdy_util_.ConstructSpdyGet(nullptr, 0, false, 1, LOWEST, true)); | |
| 4871 scoped_ptr<SpdyFrame> reset( | |
| 4872 spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_REFUSED_STREAM)); | |
| 4873 MockWrite writes[] = { | |
| 4874 CreateMockWrite(*request, 0), CreateMockWrite(*reset, 5), | |
| 4875 }; | |
| 4876 | |
| 4877 SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); | |
| 4878 session_deps_.socket_factory->AddSocketDataProvider(&data); | |
| 4879 session_deps_.trusted_spdy_proxy = | |
| 4880 HostPortPair::FromURL(GURL(kDefaultURL)).ToString(); | |
| 4881 | |
| 4882 CreateNetworkSession(); | |
| 4883 CreateInsecureSpdySession(); | |
| 4884 | |
| 4885 base::WeakPtr<SpdyStream> spdy_stream = CreateStreamSynchronously( | |
| 4886 SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, LOWEST, BoundNetLog()); | |
| 4887 ASSERT_TRUE(spdy_stream.get() != nullptr); | |
| 4888 EXPECT_EQ(0u, spdy_stream->stream_id()); | |
| 4889 test::StreamDelegateDoNothing delegate(spdy_stream); | |
| 4890 spdy_stream->SetDelegate(&delegate); | |
| 4891 | |
| 4892 EXPECT_EQ(0u, session_->num_active_streams()); | |
| 4893 EXPECT_EQ(1u, session_->num_created_streams()); | |
| 4894 EXPECT_EQ(0u, session_->num_pushed_streams()); | |
| 4895 EXPECT_EQ(0u, session_->num_active_pushed_streams()); | |
| 4896 | |
| 4897 scoped_ptr<SpdyHeaderBlock> headers( | |
| 4898 spdy_util_.ConstructGetHeaderBlock(kDefaultURL)); | |
| 4899 spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND); | |
| 4900 EXPECT_TRUE(spdy_stream->HasUrlFromHeaders()); | |
| 4901 | |
| 4902 // Run until 1st stream is activated. | |
| 4903 EXPECT_EQ(0u, delegate.stream_id()); | |
| 4904 base::RunLoop().RunUntilIdle(); | |
| 4905 EXPECT_EQ(1u, delegate.stream_id()); | |
| 4906 EXPECT_EQ(1u, session_->num_active_streams()); | |
| 4907 EXPECT_EQ(0u, session_->num_created_streams()); | |
| 4908 EXPECT_EQ(0u, session_->num_pushed_streams()); | |
| 4909 EXPECT_EQ(0u, session_->num_active_pushed_streams()); | |
| 4910 | |
| 4911 // Run until pushed stream is created. | |
| 4912 data.Resume(); | |
| 4913 base::RunLoop().RunUntilIdle(); | |
| 4914 EXPECT_EQ(2u, session_->num_active_streams()); | |
| 4915 EXPECT_EQ(0u, session_->num_created_streams()); | |
| 4916 EXPECT_EQ(1u, session_->num_pushed_streams()); | |
| 4917 EXPECT_EQ(1u, session_->num_active_pushed_streams()); | |
| 4918 | |
| 4919 // Reset incoming pushed stream. | |
| 4920 data.Resume(); | |
| 4921 base::RunLoop().RunUntilIdle(); | |
| 4922 EXPECT_EQ(2u, session_->num_active_streams()); | |
| 4923 EXPECT_EQ(0u, session_->num_created_streams()); | |
| 4924 EXPECT_EQ(1u, session_->num_pushed_streams()); | |
| 4925 EXPECT_EQ(1u, session_->num_active_pushed_streams()); | |
| 4926 | |
| 4927 // Read EOF. | |
| 4928 data.Resume(); | |
| 4929 base::RunLoop().RunUntilIdle(); | |
| 4930 EXPECT_FALSE(session_); | |
| 4931 } | |
| 4932 | |
| 4933 // Tests that if the SPDY trusted proxy is not set, then push streams that | |
| 4934 // advertise an origin different from the associated stream are refused. | |
| 4935 TEST_P(SpdySessionTest, TrustedSpdyProxyNotSet) { | |
| 4936 const std::string kAnotherURL = "example2.org"; | |
| 4937 // kDefaultURL should not contain kAnotherURL. | |
| 4938 ASSERT_TRUE(GURL(kDefaultURL).host().find(kAnotherURL) == std::string::npos); | |
| 4939 | |
| 4940 // cross_origin_push contains resource for an origin different from | |
| 4941 // kDefaultURL, and should be refused. | |
| 4942 scoped_ptr<SpdyFrame> cross_origin_push(spdy_util_.ConstructSpdyPush( | |
| 4943 nullptr, 0, 2, 1, ("http://www." + kAnotherURL + "/a.dat").c_str())); | |
| 4944 MockRead reads[] = { | |
| 4945 MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*cross_origin_push, 2), | |
| 4946 MockRead(ASYNC, 0, 4), | |
| 4947 }; | |
| 4948 | |
| 4949 scoped_ptr<SpdyFrame> req( | |
| 4950 spdy_util_.ConstructSpdyGet(nullptr, 0, false, 1, LOWEST, true)); | |
| 4951 scoped_ptr<SpdyFrame> rst( | |
| 4952 spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM)); | |
| 4953 MockWrite writes[] = { | |
| 4954 CreateMockWrite(*req, 0), CreateMockWrite(*rst, 3), | |
| 4955 }; | |
| 4956 | |
| 4957 SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); | |
| 4958 session_deps_.socket_factory->AddSocketDataProvider(&data); | |
| 4959 | |
| 4960 CreateNetworkSession(); | |
| 4961 CreateInsecureSpdySession(); | |
| 4962 | |
| 4963 base::WeakPtr<SpdyStream> spdy_stream = CreateStreamSynchronously( | |
| 4964 SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, LOWEST, BoundNetLog()); | |
| 4965 ASSERT_TRUE(spdy_stream.get() != nullptr); | |
| 4966 EXPECT_EQ(0u, spdy_stream->stream_id()); | |
| 4967 test::StreamDelegateDoNothing delegate(spdy_stream); | |
| 4968 spdy_stream->SetDelegate(&delegate); | |
| 4969 | |
| 4970 EXPECT_EQ(0u, session_->num_active_streams()); | |
| 4971 EXPECT_EQ(1u, session_->num_created_streams()); | |
| 4972 EXPECT_EQ(0u, session_->num_pushed_streams()); | |
| 4973 EXPECT_EQ(0u, session_->num_active_pushed_streams()); | |
| 4974 | |
| 4975 scoped_ptr<SpdyHeaderBlock> headers( | |
| 4976 spdy_util_.ConstructGetHeaderBlock(kDefaultURL)); | |
| 4977 spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND); | |
| 4978 EXPECT_TRUE(spdy_stream->HasUrlFromHeaders()); | |
| 4979 | |
| 4980 // Run until 1st stream is activated. | |
| 4981 EXPECT_EQ(0u, delegate.stream_id()); | |
| 4982 base::RunLoop().RunUntilIdle(); | |
| 4983 EXPECT_EQ(1u, delegate.stream_id()); | |
| 4984 EXPECT_EQ(1u, session_->num_active_streams()); | |
| 4985 EXPECT_EQ(0u, session_->num_created_streams()); | |
| 4986 EXPECT_EQ(0u, session_->num_pushed_streams()); | |
| 4987 EXPECT_EQ(0u, session_->num_active_pushed_streams()); | |
| 4988 | |
| 4989 // Read EOF. | |
| 4990 data.Resume(); | |
| 4991 base::RunLoop().RunUntilIdle(); | |
| 4992 EXPECT_FALSE(session_); | |
| 4993 } | |
| 4994 | |
| 4845 TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) { | 4995 TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) { |
| 4846 // Streams in reserved remote state exist only in HTTP/2. | 4996 // Streams in reserved remote state exist only in HTTP/2. |
| 4847 if (spdy_util_.spdy_version() < HTTP2) | 4997 if (spdy_util_.spdy_version() < HTTP2) |
| 4848 return; | 4998 return; |
| 4849 | 4999 |
| 4850 scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush( | 5000 scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush( |
| 4851 nullptr, 0, 2, 1, "http://www.example.org/a.dat")); | 5001 nullptr, 0, 2, 1, "http://www.example.org/a.dat")); |
| 4852 scoped_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock); | 5002 scoped_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock); |
| 4853 spdy_util_.AddUrlToHeaderBlock("http://www.example.org/b.dat", | 5003 spdy_util_.AddUrlToHeaderBlock("http://www.example.org/b.dat", |
| 4854 push_headers.get()); | 5004 push_headers.get()); |
| (...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5209 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), | 5359 ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), |
| 5210 "spdy_pooling.pem"); | 5360 "spdy_pooling.pem"); |
| 5211 ssl_info.is_issued_by_known_root = true; | 5361 ssl_info.is_issued_by_known_root = true; |
| 5212 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); | 5362 ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin)); |
| 5213 | 5363 |
| 5214 EXPECT_TRUE(SpdySession::CanPool( | 5364 EXPECT_TRUE(SpdySession::CanPool( |
| 5215 &tss, ssl_info, "www.example.org", "mail.example.org")); | 5365 &tss, ssl_info, "www.example.org", "mail.example.org")); |
| 5216 } | 5366 } |
| 5217 | 5367 |
| 5218 } // namespace net | 5368 } // namespace net |
| OLD | NEW |
