Return false when trusted SPDY proxy advertises HTTPS URL

net/spdy/spdy_session_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/spdy/spdy_session.h"
 
 #include <utility>
 
 #include "base/base64.h"
 #include "base/bind.h"
@@ skipping 4824 matching lines @@
   EXPECT_EQ(0u, session_->num_created_streams());
   EXPECT_EQ(1u, session_->num_pushed_streams());
   EXPECT_EQ(1u, session_->num_active_pushed_streams());
 
   // Read EOF.
   data.Resume();
   base::RunLoop().RunUntilIdle();
   EXPECT_FALSE(session_);
 }
 
+// Tests that HTTP SPDY push streams that advertise a different origin than the

[bengr, 2016/01/05 21:01:37]

a different origin than -> an origin different from
trusted SPDY proxies -> a trusted SPDY proxy

[tbansal1, 2016/01/08 02:04:04]

Done.

+// associated stream are accepted from trusted SPDY proxies.
+TEST_P(SpdySessionTest, TrustedSpdyProxy) {
+  // kDefaultURL should not contain "example2.org".
+  ASSERT_TRUE(std::string(kDefaultURL).find("example2.org") ==
+              std::string::npos);
+  // push_a pushes resources for example2.org which is different from

[bengr, 2016/01/05 21:01:37]

I'd rename the variables cross_origin_push and cross_origin_https_push.

[tbansal1, 2016/01/08 02:04:03]

Done.

+  // kDefaultURL. push_a is HTTP, and should be accepted.
+  scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush(
+      nullptr, 0, 2, 1, "http://www.example2.org/a.dat"));

[bengr, 2016/01/05 21:01:37]

I'd create another constant called kAnotherURL.

[tbansal1, 2016/01/08 02:04:04]

Done.

+  // push_b is HTTPS, and should be refused.
+  scoped_ptr<SpdyFrame> push_b(spdy_util_.ConstructSpdyPush(
+      nullptr, 0, 4, 1, "https://www.example2.org/b.dat"));
+  MockRead reads[] = {
+      MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*push_a, 2),
+      MockRead(ASYNC, ERR_IO_PENDING, 3), CreateMockRead(*push_b, 4),
+      MockRead(ASYNC, ERR_IO_PENDING, 6), MockRead(ASYNC, 0, 7),
+  };
+
+  scoped_ptr<SpdyFrame> req(

[bengr, 2016/01/05 21:01:37]

Call this "request" and the latter one "reset"

[tbansal1, 2016/01/08 02:04:04]

Done.

+      spdy_util_.ConstructSpdyGet(nullptr, 0, false, 1, LOWEST, true));
+  scoped_ptr<SpdyFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_REFUSED_STREAM));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5),
+  };
+
+  SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+  session_deps_.trusted_spdy_proxy = "www.example.org:80";

[bengr, 2016/01/05 21:01:37]

Shouldn't this be HostPortPair::FromURL(GURL(kDefaultURL)).ToString()?

[tbansal1, 2016/01/08 02:04:04]

Done.

+
+  CreateNetworkSession();
+  CreateInsecureSpdySession();
+
+  base::WeakPtr<SpdyStream> spdy_stream1 = CreateStreamSynchronously(

[bengr, 2016/01/05 21:01:37]

Can you just call this spdy_stream?

[tbansal1, 2016/01/08 02:04:03]

Done.

+      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, LOWEST, BoundNetLog());
+  ASSERT_TRUE(spdy_stream1.get() != nullptr);
+  EXPECT_EQ(0u, spdy_stream1->stream_id());
+  test::StreamDelegateDoNothing delegate1(spdy_stream1);

[bengr, 2016/01/05 21:01:37]

delegate1 -> delegate

[tbansal1, 2016/01/08 02:04:03]

Done.

+  spdy_stream1->SetDelegate(&delegate1);
+
+  EXPECT_EQ(0u, session_->num_active_streams());
+  EXPECT_EQ(1u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  scoped_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
+  spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
+  EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
+
+  // Run until 1st stream is activated.
+  EXPECT_EQ(0u, delegate1.stream_id());
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(1u, delegate1.stream_id());
+  EXPECT_EQ(1u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  // Run until pushed stream is created.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(2u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(1u, session_->num_pushed_streams());
+  EXPECT_EQ(1u, session_->num_active_pushed_streams());
+
+  // Reset incoming pushed stream.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(2u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(1u, session_->num_pushed_streams());
+  EXPECT_EQ(1u, session_->num_active_pushed_streams());
+
+  // Read EOF.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_FALSE(session_);
+}
+
+// Tests that if the SPDY trusted proxy is not set, than push streams that

[bengr, 2016/01/05 21:01:37]

than -> then
a different origin than -> an origin different from

For the latter, fix everywhere.

[tbansal1, 2016/01/08 02:04:03]

Done.

+// advertise a different origin than the associated stream are refused.
+TEST_P(SpdySessionTest, TrustedSpdyProxyNotSet) {
+  // kDefaultURL should not contain "example2.org".
+  ASSERT_TRUE(std::string(kDefaultURL).find("example2.org") ==

[bengr, 2016/01/05 21:01:37]

Better to use GURL(kDefaultURL).GetOrigin().

[tbansal1, 2016/01/08 02:04:04]

Done.

+              std::string::npos);
+  // push_a contains resource for a origin different than kDefaultURL, and

[bengr, 2016/01/05 21:01:37]

Call push_a cross_origin_push.

[tbansal1, 2016/01/08 02:04:03]

Done.

+  // should be refused.
+  scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush(
+      nullptr, 0, 2, 1, "http://www.example2.org/a.dat"));
+  MockRead reads[] = {
+      MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*push_a, 2),
+      MockRead(ASYNC, 0, 4),
+  };
+
+  scoped_ptr<SpdyFrame> req(
+      spdy_util_.ConstructSpdyGet(nullptr, 0, false, 1, LOWEST, true));
+  scoped_ptr<SpdyFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*rst, 3),
+  };
+
+  SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+
+  CreateNetworkSession();
+  CreateInsecureSpdySession();
+
+  base::WeakPtr<SpdyStream> spdy_stream1 = CreateStreamSynchronously(

[bengr, 2016/01/05 21:01:37]

Rename as spdy_stream.

[tbansal1, 2016/01/08 02:04:04]

Done.

+      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, LOWEST, BoundNetLog());
+  ASSERT_TRUE(spdy_stream1.get() != nullptr);
+  EXPECT_EQ(0u, spdy_stream1->stream_id());
+  test::StreamDelegateDoNothing delegate1(spdy_stream1);
+  spdy_stream1->SetDelegate(&delegate1);

[bengr, 2016/01/05 21:01:37]

delegate1 -> delegate

[tbansal1, 2016/01/08 02:04:04]

Done.

+
+  EXPECT_EQ(0u, session_->num_active_streams());
+  EXPECT_EQ(1u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  scoped_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
+  spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
+  EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
+
+  // Run until 1st stream is activated.
+  EXPECT_EQ(0u, delegate1.stream_id());
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(1u, delegate1.stream_id());
+  EXPECT_EQ(1u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  // Read EOF.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_FALSE(session_);
+}
+
 TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) {
   // Streams in reserved remote state exist only in HTTP/2.
   if (spdy_util_.spdy_version() < HTTP2)
     return;
 
   scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush(
       nullptr, 0, 2, 1, "http://www.example.org/a.dat"));
   scoped_ptr<SpdyHeaderBlock> push_headers(new SpdyHeaderBlock);
   spdy_util_.AddUrlToHeaderBlock("http://www.example.org/b.dat",
                                  push_headers.get());
@@ skipping 354 matching lines @@
   ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
                                      "spdy_pooling.pem");
   ssl_info.is_issued_by_known_root = true;
   ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin));
 
   EXPECT_TRUE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.org"));
 }
 
 }  // namespace net