OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <string> | 5 #include <string> |
6 #include <vector> | 6 #include <vector> |
7 | 7 |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "net/base/net_util.h" | 10 #include "net/base/net_util.h" |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 | 108 |
109 MockClientSocketFactory mock_socket_factory_; | 109 MockClientSocketFactory mock_socket_factory_; |
110 MockHostResolver mock_resolver_; | 110 MockHostResolver mock_resolver_; |
111 HttpServerPropertiesImpl http_server_properties_; | 111 HttpServerPropertiesImpl http_server_properties_; |
112 TransportSecurityState transport_security_state_; | 112 TransportSecurityState transport_security_state_; |
113 HttpNetworkSession::Params session_params_; | 113 HttpNetworkSession::Params session_params_; |
114 std::vector<scoped_ptr<HttpRequestInfo>> request_info_vector_; | 114 std::vector<scoped_ptr<HttpRequestInfo>> request_info_vector_; |
115 }; | 115 }; |
116 | 116 |
117 // Tests that HttpNetworkTransaction attempts to fallback from | 117 // Tests that HttpNetworkTransaction attempts to fallback from |
118 // TLS 1.2 to TLS 1.1, then from TLS 1.1 to TLS 1.0. | 118 // TLS 1.2 to TLS 1.1. |
119 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { | 119 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { |
120 ssl_config_service_ = new TLS12SSLConfigService; | 120 ssl_config_service_ = new TLS12SSLConfigService; |
121 session_params_.ssl_config_service = ssl_config_service_.get(); | 121 session_params_.ssl_config_service = ssl_config_service_.get(); |
122 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail | 122 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail |
123 // for protocol reasons (e.g., simulating a version rollback attack). | 123 // for protocol reasons (e.g., simulating a version rollback attack). |
124 SSLSocketDataProvider ssl_data1(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 124 SSLSocketDataProvider ssl_data1(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
125 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data1); | 125 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data1); |
126 StaticSocketDataProvider data1(NULL, 0, NULL, 0); | 126 StaticSocketDataProvider data1(NULL, 0, NULL, 0); |
127 mock_socket_factory_.AddSocketDataProvider(&data1); | 127 mock_socket_factory_.AddSocketDataProvider(&data1); |
128 | 128 |
129 // |ssl_data2| contains the handshake result for a TLS 1.1 | 129 // |ssl_data2| contains the handshake result for a TLS 1.1 |
130 // handshake which will be attempted after the TLS 1.2 | 130 // handshake which will be attempted after the TLS 1.2 |
131 // handshake fails. | 131 // handshake fails. |
132 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); | 132 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); |
133 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); | 133 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); |
134 StaticSocketDataProvider data2(NULL, 0, NULL, 0); | 134 StaticSocketDataProvider data2(NULL, 0, NULL, 0); |
135 mock_socket_factory_.AddSocketDataProvider(&data2); | 135 mock_socket_factory_.AddSocketDataProvider(&data2); |
136 | 136 |
137 // |ssl_data3| contains the handshake result for a TLS 1.0 | |
138 // handshake which will be attempted after the TLS 1.1 | |
139 // handshake fails. | |
140 SSLSocketDataProvider ssl_data3(ASYNC, ERR_SSL_PROTOCOL_ERROR); | |
141 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data3); | |
142 StaticSocketDataProvider data3(NULL, 0, NULL, 0); | |
143 mock_socket_factory_.AddSocketDataProvider(&data3); | |
144 | |
145 HttpNetworkSession session(session_params_); | 137 HttpNetworkSession session(session_params_); |
146 HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session); | 138 HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session); |
147 | 139 |
148 TestCompletionCallback callback; | 140 TestCompletionCallback callback; |
149 // This will consume |ssl_data1|, |ssl_data2| and |ssl_data3|. | 141 // This will consume |ssl_data1| and |ssl_data2|. |
150 int rv = | 142 int rv = |
151 callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"), | 143 callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"), |
152 callback.callback(), BoundNetLog())); | 144 callback.callback(), BoundNetLog())); |
153 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 145 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
154 | 146 |
155 SocketDataProviderArray<SocketDataProvider>& mock_data = | 147 SocketDataProviderArray<SocketDataProvider>& mock_data = |
156 mock_socket_factory_.mock_data(); | 148 mock_socket_factory_.mock_data(); |
157 // Confirms that |ssl_data1|, |ssl_data2| and |ssl_data3| are consumed. | 149 // Confirms that |ssl_data1| and |ssl_data2| are consumed. |
158 EXPECT_EQ(3u, mock_data.next_index()); | 150 EXPECT_EQ(2u, mock_data.next_index()); |
159 | 151 |
160 SSLConfig& ssl_config = GetServerSSLConfig(&trans); | 152 SSLConfig& ssl_config = GetServerSSLConfig(&trans); |
161 // |version_max| fallbacks to TLS 1.0. | 153 // |version_max| falls back to TLS 1.1. |
162 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max); | 154 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_max); |
163 EXPECT_TRUE(ssl_config.version_fallback); | 155 EXPECT_TRUE(ssl_config.version_fallback); |
164 } | 156 } |
165 | 157 |
166 #if !defined(OS_IOS) | 158 #if !defined(OS_IOS) |
167 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { | 159 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { |
168 ssl_config_service_ = new TokenBindingSSLConfigService; | 160 ssl_config_service_ = new TokenBindingSSLConfigService; |
169 session_params_.ssl_config_service = ssl_config_service_.get(); | 161 session_params_.ssl_config_service = ssl_config_service_.get(); |
170 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), | 162 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), |
171 base::ThreadTaskRunnerHandle::Get()); | 163 base::ThreadTaskRunnerHandle::Get()); |
172 session_params_.channel_id_service = &channel_id_service; | 164 session_params_.channel_id_service = &channel_id_service; |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
210 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers2)); | 202 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers2)); |
211 std::string token_binding_header2; | 203 std::string token_binding_header2; |
212 EXPECT_TRUE(headers2.GetHeader(HttpRequestHeaders::kTokenBinding, | 204 EXPECT_TRUE(headers2.GetHeader(HttpRequestHeaders::kTokenBinding, |
213 &token_binding_header2)); | 205 &token_binding_header2)); |
214 | 206 |
215 EXPECT_EQ(token_binding_header1, token_binding_header2); | 207 EXPECT_EQ(token_binding_header1, token_binding_header2); |
216 } | 208 } |
217 #endif // !defined(OS_IOS) | 209 #endif // !defined(OS_IOS) |
218 | 210 |
219 } // namespace net | 211 } // namespace net |
220 | |
OLD | NEW |