Return false when trusted SPDY proxy advertises HTTPS URL

net/spdy/spdy_session_unittest.cc

Index: net/spdy/spdy_session_unittest.cc
diff --git a/net/spdy/spdy_session_unittest.cc b/net/spdy/spdy_session_unittest.cc
index ea8ae113a0cb735a561a57041c5a8ac44d5b8825..fe2a00942cc62f1c4143b9e93bbbd13183812da0 100644
--- a/net/spdy/spdy_session_unittest.cc
+++ b/net/spdy/spdy_session_unittest.cc
@@ -4842,6 +4842,149 @@ TEST_P(SpdySessionTest, RejectPushedStreamExceedingConcurrencyLimit) {
   EXPECT_FALSE(session_);
 }
 
+// Tests that HTTP SPDY push streams that advertise a different origin than the

[bengr, 2016/01/05 21:01:37]

a different origin than -> an origin different from
trusted SPDY proxies -> a trusted SPDY proxy

[tbansal1, 2016/01/08 02:04:04]

Done.

+// associated stream are accepted from trusted SPDY proxies.
+TEST_P(SpdySessionTest, TrustedSpdyProxy) {
+  // kDefaultURL should not contain "example2.org".
+  ASSERT_TRUE(std::string(kDefaultURL).find("example2.org") ==
+              std::string::npos);
+  // push_a pushes resources for example2.org which is different from

[bengr, 2016/01/05 21:01:37]

I'd rename the variables cross_origin_push and cross_origin_https_push.

[tbansal1, 2016/01/08 02:04:03]

Done.

+  // kDefaultURL. push_a is HTTP, and should be accepted.
+  scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush(
+      nullptr, 0, 2, 1, "http://www.example2.org/a.dat"));

[bengr, 2016/01/05 21:01:37]

I'd create another constant called kAnotherURL.

[tbansal1, 2016/01/08 02:04:04]

Done.

+  // push_b is HTTPS, and should be refused.
+  scoped_ptr<SpdyFrame> push_b(spdy_util_.ConstructSpdyPush(
+      nullptr, 0, 4, 1, "https://www.example2.org/b.dat"));
+  MockRead reads[] = {
+      MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*push_a, 2),
+      MockRead(ASYNC, ERR_IO_PENDING, 3), CreateMockRead(*push_b, 4),
+      MockRead(ASYNC, ERR_IO_PENDING, 6), MockRead(ASYNC, 0, 7),
+  };
+
+  scoped_ptr<SpdyFrame> req(

[bengr, 2016/01/05 21:01:37]

Call this "request" and the latter one "reset"

[tbansal1, 2016/01/08 02:04:04]

Done.

+      spdy_util_.ConstructSpdyGet(nullptr, 0, false, 1, LOWEST, true));
+  scoped_ptr<SpdyFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(4, RST_STREAM_REFUSED_STREAM));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*rst, 5),
+  };
+
+  SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+  session_deps_.trusted_spdy_proxy = "www.example.org:80";

[bengr, 2016/01/05 21:01:37]

Shouldn't this be HostPortPair::FromURL(GURL(kDefaultURL)).ToString()?

[tbansal1, 2016/01/08 02:04:04]

Done.

+
+  CreateNetworkSession();
+  CreateInsecureSpdySession();
+
+  base::WeakPtr<SpdyStream> spdy_stream1 = CreateStreamSynchronously(

[bengr, 2016/01/05 21:01:37]

Can you just call this spdy_stream?

[tbansal1, 2016/01/08 02:04:03]

Done.

+      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, LOWEST, BoundNetLog());
+  ASSERT_TRUE(spdy_stream1.get() != nullptr);
+  EXPECT_EQ(0u, spdy_stream1->stream_id());
+  test::StreamDelegateDoNothing delegate1(spdy_stream1);

[bengr, 2016/01/05 21:01:37]

delegate1 -> delegate

[tbansal1, 2016/01/08 02:04:03]

Done.

+  spdy_stream1->SetDelegate(&delegate1);
+
+  EXPECT_EQ(0u, session_->num_active_streams());
+  EXPECT_EQ(1u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  scoped_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
+  spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
+  EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
+
+  // Run until 1st stream is activated.
+  EXPECT_EQ(0u, delegate1.stream_id());
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(1u, delegate1.stream_id());
+  EXPECT_EQ(1u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  // Run until pushed stream is created.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(2u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(1u, session_->num_pushed_streams());
+  EXPECT_EQ(1u, session_->num_active_pushed_streams());
+
+  // Reset incoming pushed stream.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(2u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(1u, session_->num_pushed_streams());
+  EXPECT_EQ(1u, session_->num_active_pushed_streams());
+
+  // Read EOF.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_FALSE(session_);
+}
+
+// Tests that if the SPDY trusted proxy is not set, than push streams that

[bengr, 2016/01/05 21:01:37]

than -> then
a different origin than -> an origin different from

For the latter, fix everywhere.

[tbansal1, 2016/01/08 02:04:03]

Done.

+// advertise a different origin than the associated stream are refused.
+TEST_P(SpdySessionTest, TrustedSpdyProxyNotSet) {
+  // kDefaultURL should not contain "example2.org".
+  ASSERT_TRUE(std::string(kDefaultURL).find("example2.org") ==

[bengr, 2016/01/05 21:01:37]

Better to use GURL(kDefaultURL).GetOrigin().

[tbansal1, 2016/01/08 02:04:04]

Done.

+              std::string::npos);
+  // push_a contains resource for a origin different than kDefaultURL, and

[bengr, 2016/01/05 21:01:37]

Call push_a cross_origin_push.

[tbansal1, 2016/01/08 02:04:03]

Done.

+  // should be refused.
+  scoped_ptr<SpdyFrame> push_a(spdy_util_.ConstructSpdyPush(
+      nullptr, 0, 2, 1, "http://www.example2.org/a.dat"));
+  MockRead reads[] = {
+      MockRead(ASYNC, ERR_IO_PENDING, 1), CreateMockRead(*push_a, 2),
+      MockRead(ASYNC, 0, 4),
+  };
+
+  scoped_ptr<SpdyFrame> req(
+      spdy_util_.ConstructSpdyGet(nullptr, 0, false, 1, LOWEST, true));
+  scoped_ptr<SpdyFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(2, RST_STREAM_REFUSED_STREAM));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0), CreateMockWrite(*rst, 3),
+  };
+
+  SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+
+  CreateNetworkSession();
+  CreateInsecureSpdySession();
+
+  base::WeakPtr<SpdyStream> spdy_stream1 = CreateStreamSynchronously(

[bengr, 2016/01/05 21:01:37]

Rename as spdy_stream.

[tbansal1, 2016/01/08 02:04:04]

Done.

+      SPDY_REQUEST_RESPONSE_STREAM, session_, test_url_, LOWEST, BoundNetLog());
+  ASSERT_TRUE(spdy_stream1.get() != nullptr);
+  EXPECT_EQ(0u, spdy_stream1->stream_id());
+  test::StreamDelegateDoNothing delegate1(spdy_stream1);
+  spdy_stream1->SetDelegate(&delegate1);

[bengr, 2016/01/05 21:01:37]

delegate1 -> delegate

[tbansal1, 2016/01/08 02:04:04]

Done.

+
+  EXPECT_EQ(0u, session_->num_active_streams());
+  EXPECT_EQ(1u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  scoped_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(kDefaultURL));
+  spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
+  EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
+
+  // Run until 1st stream is activated.
+  EXPECT_EQ(0u, delegate1.stream_id());
+  base::RunLoop().RunUntilIdle();
+  EXPECT_EQ(1u, delegate1.stream_id());
+  EXPECT_EQ(1u, session_->num_active_streams());
+  EXPECT_EQ(0u, session_->num_created_streams());
+  EXPECT_EQ(0u, session_->num_pushed_streams());
+  EXPECT_EQ(0u, session_->num_active_pushed_streams());
+
+  // Read EOF.
+  data.Resume();
+  base::RunLoop().RunUntilIdle();
+  EXPECT_FALSE(session_);
+}
+
 TEST_P(SpdySessionTest, IgnoreReservedRemoteStreamsCount) {
   // Streams in reserved remote state exist only in HTTP/2.
   if (spdy_util_.spdy_version() < HTTP2)