Disable HTTP/2 Alternative Service for different host.

net/http/http_network_transaction_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <math.h>  // ceil
 #include <stdarg.h>
 #include <stdint.h>
 
@@ skipping 309 matching lines @@
     return GetParam() == kTestCaseHTTP2PriorityDependencies;
   }
 
   const char* GetAlternateProtocolFromParam() {
     return AlternateProtocolToString(
         AlternateProtocolFromNextProto(GetProtocol()));
   }
 
   std::string GetAlternativeServiceHttpHeader() {
     return std::string("Alt-Svc: ") + GetAlternateProtocolFromParam() +
-           "=\"www.example.com:443\"\r\n";
+           "=\"www.example.org:443\"\r\n";
   }
 
   std::string GetAlternateProtocolHttpHeader() {
     return std::string("Alternate-Protocol: 443:") +
            GetAlternateProtocolFromParam() + "\r\n";
   }
 
   // Either |write_failure| specifies a write failure or |read_failure|
   // specifies a read failure when using a reused socket.  In either case, the
   // failure should cause the network transaction to resend the request, and the
@@ skipping 9365 matching lines @@
 
   std::string response_data;
   ASSERT_EQ(OK, ReadTransaction(trans.get(), &response_data));
   EXPECT_EQ("hello world", response_data);
 
   alternative_service_vector =
       http_server_properties.GetAlternativeServices(test_server);
   ASSERT_EQ(1u, alternative_service_vector.size());
   EXPECT_EQ(AlternateProtocolFromNextProto(GetProtocol()),
             alternative_service_vector[0].protocol);
-  EXPECT_EQ("www.example.com", alternative_service_vector[0].host);
+  EXPECT_EQ("www.example.org", alternative_service_vector[0].host);
   EXPECT_EQ(443, alternative_service_vector[0].port);
 }
 
+// HTTP/2 Alternative Services should be disabled if alternative service
+// hostname is different from that of origin.
+// TODO(bnc): Remove when https://crbug.com/615413 is fixed.
+TEST_P(HttpNetworkTransactionTest,
+       DisableHTTP2AlternativeServicesWithDifferentHost) {
+  session_deps_.enable_alternative_service_with_different_host = true;
+
+  HttpRequestInfo request;
+  request.method = "GET";
+  request.url = GURL("http://www.example.org/");
+  request.load_flags = 0;
+
+  MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED);
+  StaticSocketDataProvider first_data;
+  first_data.set_connect_data(mock_connect);
+  session_deps_.socket_factory->AddSocketDataProvider(&first_data);
+
+  MockRead data_reads[] = {
+      MockRead("HTTP/1.1 200 OK\r\n\r\n"), MockRead("hello world"),
+      MockRead(ASYNC, OK),
+  };
+  StaticSocketDataProvider second_data(data_reads, arraysize(data_reads), NULL,
+                                       0);
+  session_deps_.socket_factory->AddSocketDataProvider(&second_data);
+
+  std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
+
+  base::WeakPtr<HttpServerProperties> http_server_properties =
+      session->http_server_properties();
+  AlternativeService alternative_service(
+      AlternateProtocolFromNextProto(GetProtocol()), "different.example.org",
+      444);
+  base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
+  http_server_properties->SetAlternativeService(
+      url::SchemeHostPort(request.url), alternative_service, expiration);
+
+  std::unique_ptr<HttpTransaction> trans(
+      new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
+  TestCompletionCallback callback;
+
+  int rv = trans->Start(&request, callback.callback(), BoundNetLog());
+  // Alternative service is not used, request fails.
+  EXPECT_EQ(ERR_CONNECTION_REFUSED, callback.GetResult(rv));
+}
+
 TEST_P(HttpNetworkTransactionTest, ClearAlternativeServices) {
   session_deps_.parse_alternative_services = true;
   session_deps_.enable_alternative_service_with_different_host = false;
 
   // Set an alternative service for origin.
   std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
   HttpServerProperties& http_server_properties =
       *session->http_server_properties();
   url::SchemeHostPort test_server("http", "www.example.org", 80);
   AlternativeService alternative_service(QUIC, "", 80);
@@ skipping 3703 matching lines @@
 TEST_P(AltSvcCertificateVerificationTest, PoolingInvalid) {
   Run(true, false);
 }
 
 // The alternative service host must exhibit a certificate that is valid for the
 // origin host.  Test that this is enforced when opening a new connection.
 TEST_P(AltSvcCertificateVerificationTest, NewConnectionValid) {
   Run(false, true);
 }
 
-TEST_P(AltSvcCertificateVerificationTest, NewConnectionInvalid) {
+// TODO(bnc): Re-enable when https://crbug.com/615413 is fixed.
+TEST_P(AltSvcCertificateVerificationTest, DISABLED_NewConnectionInvalid) {
   Run(false, false);
 }
 
 // Alternative service requires HTTP/2 (or SPDY), but HTTP/1.1 is negotiated
 // with the alternative server.  That connection should not be used.
 TEST_P(HttpNetworkTransactionTest, AlternativeServiceNotOnHttp11) {
-  url::SchemeHostPort server("https", "origin.example.org", 443);
-  HostPortPair alternative("alternative.example.org", 443);
+  url::SchemeHostPort server("https", "www.example.org", 443);
+  HostPortPair alternative("www.example.org", 444);
 
-  // Negotiate HTTP/1.1 with alternative.example.org.
+  // Negotiate HTTP/1.1 with alternative.
   SSLSocketDataProvider ssl(ASYNC, OK);
   ssl.SetNextProto(kProtoHTTP11);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
   // No data should be read from the alternative, because HTTP/1.1 is
   // negotiated.
   StaticSocketDataProvider data;
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
   // This test documents that an alternate Job should not be used if HTTP/1.1 is
@@ skipping 12 matching lines @@
   AlternativeService alternative_service(
       AlternateProtocolFromNextProto(GetProtocol()), alternative);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(server, alternative_service,
                                                 expiration);
 
   std::unique_ptr<HttpTransaction> trans(
       new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
   HttpRequestInfo request;
   request.method = "GET";
-  request.url = GURL("https://origin.example.org:443");
+  request.url = GURL("https://www.example.org:443");
   request.load_flags = 0;
   TestCompletionCallback callback;
 
   // HTTP/2 (or SPDY) is required for alternative service, if HTTP/1.1 is
   // negotiated, the alternate Job should fail with ERR_NPN_NEGOTIATION_FAILED.
   int rv = trans->Start(&request, callback.callback(), BoundNetLog());
   EXPECT_EQ(ERR_NPN_NEGOTIATION_FAILED, callback.GetResult(rv));
 }
 
 // A request to a server with an alternative service fires two Jobs: one to the
 // server, and an alternate one to the alternative server.  If the former
 // succeeds, the request should succeed,  even if the latter fails because
 // HTTP/1.1 is negotiated which is insufficient for alternative service.
 TEST_P(HttpNetworkTransactionTest, FailedAlternativeServiceIsNotUserVisible) {
-  url::SchemeHostPort server("https", "origin.example.org", 443);
-  HostPortPair alternative("alternative.example.org", 443);
+  url::SchemeHostPort server("https", "www.example.org", 443);
+  HostPortPair alternative("www.example.org", 444);
 
   // Negotiate HTTP/1.1 with alternative.
   SSLSocketDataProvider alternative_ssl(ASYNC, OK);
   alternative_ssl.SetNextProto(kProtoHTTP11);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&alternative_ssl);
 
   // No data should be read from the alternative, because HTTP/1.1 is
   // negotiated.
   StaticSocketDataProvider data;
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
   // Negotiate HTTP/1.1 with server.
   SSLSocketDataProvider origin_ssl(ASYNC, OK);
   origin_ssl.SetNextProto(kProtoHTTP11);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&origin_ssl);
 
   MockWrite http_writes[] = {
-      MockWrite(
-          "GET / HTTP/1.1\r\n"
-          "Host: origin.example.org\r\n"
-          "Connection: keep-alive\r\n\r\n"),
-      MockWrite(
-          "GET /second HTTP/1.1\r\n"
-          "Host: origin.example.org\r\n"
-          "Connection: keep-alive\r\n\r\n"),
+      MockWrite("GET / HTTP/1.1\r\n"
+                "Host: www.example.org\r\n"
+                "Connection: keep-alive\r\n\r\n"),
+      MockWrite("GET /second HTTP/1.1\r\n"
+                "Host: www.example.org\r\n"
+                "Connection: keep-alive\r\n\r\n"),
   };
 
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
       MockRead("Content-Type: text/html\r\n"),
       MockRead("Content-Length: 6\r\n\r\n"),
       MockRead("foobar"),
       MockRead("HTTP/1.1 200 OK\r\n"),
       MockRead("Content-Type: text/html\r\n"),
       MockRead("Content-Length: 7\r\n\r\n"),
@@ skipping 11 matching lines @@
       session->http_server_properties();
   AlternativeService alternative_service(
       AlternateProtocolFromNextProto(GetProtocol()), alternative);
   base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
   http_server_properties->SetAlternativeService(server, alternative_service,
                                                 expiration);
 
   HttpNetworkTransaction trans1(DEFAULT_PRIORITY, session.get());
   HttpRequestInfo request1;
   request1.method = "GET";
-  request1.url = GURL("https://origin.example.org:443");
+  request1.url = GURL("https://www.example.org:443");
   request1.load_flags = 0;
   TestCompletionCallback callback1;
 
   int rv = trans1.Start(&request1, callback1.callback(), BoundNetLog());
   rv = callback1.GetResult(rv);
   EXPECT_EQ(OK, rv);
 
   const HttpResponseInfo* response1 = trans1.GetResponseInfo();
   ASSERT_TRUE(response1 != nullptr);
   ASSERT_TRUE(response1->headers.get() != nullptr);
   EXPECT_EQ("HTTP/1.1 200 OK", response1->headers->GetStatusLine());
 
   std::string response_data1;
   ASSERT_EQ(OK, ReadTransaction(&trans1, &response_data1));
   EXPECT_EQ("foobar", response_data1);
 
   // Alternative should be marked as broken, because HTTP/1.1 is not sufficient
   // for alternative service.
   EXPECT_TRUE(
       http_server_properties->IsAlternativeServiceBroken(alternative_service));
 
   // Since |alternative_service| is broken, a second transaction to server
   // should not start an alternate Job.  It should pool to existing connection
   // to server.
   HttpNetworkTransaction trans2(DEFAULT_PRIORITY, session.get());
   HttpRequestInfo request2;
   request2.method = "GET";
-  request2.url = GURL("https://origin.example.org:443/second");
+  request2.url = GURL("https://www.example.org:443/second");
   request2.load_flags = 0;
   TestCompletionCallback callback2;
 
   rv = trans2.Start(&request2, callback2.callback(), BoundNetLog());
   rv = callback2.GetResult(rv);
   EXPECT_EQ(OK, rv);
 
   const HttpResponseInfo* response2 = trans2.GetResponseInfo();
   ASSERT_TRUE(response2 != nullptr);
   ASSERT_TRUE(response2->headers.get() != nullptr);
@@ skipping 2375 matching lines @@
   base::MessageLoop::current()->RunUntilIdle();
 
   EXPECT_TRUE(trans.GetResponseInfo()->was_fetched_via_spdy);
   HttpRequestHeaders headers;
   ASSERT_TRUE(trans.GetFullRequestHeaders(&headers));
   EXPECT_TRUE(headers.HasHeader(HttpRequestHeaders::kTokenBinding));
 }
 #endif  // !defined(OS_IOS)
 
 }  // namespace net