Process HTTP/2 ALTSVC frames.

net/spdy/spdy_session_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/spdy/spdy_session.h"
 
 #include <memory>
 #include <utility>
 
 #include "base/base64.h"
@@ skipping 2376 matching lines @@
 
 TEST_P(SpdySessionTest, VerifyDomainAuthentication) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
   SequencedSocketData data(nullptr, 0, nullptr, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
   // Load a cert that is valid for:
   //   www.example.org
   //   mail.example.org
-  //   www.example.com
+  //   mail.example.com
   base::FilePath certs_dir = GetTestCertsDirectory();
   scoped_refptr<X509Certificate> test_cert(
       ImportCertFromFile(certs_dir, "spdy_pooling.pem"));
   ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get());
 
   SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
   ssl.cert = test_cert;
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
   CreateNetworkSession();
 
   session_ = CreateSecureSpdySession(http_session_.get(), key_, BoundNetLog());
 
   EXPECT_TRUE(session_->VerifyDomainAuthentication("www.example.org"));
   EXPECT_TRUE(session_->VerifyDomainAuthentication("mail.example.org"));
   EXPECT_TRUE(session_->VerifyDomainAuthentication("mail.example.com"));
   EXPECT_FALSE(session_->VerifyDomainAuthentication("mail.google.com"));
 }
 
 TEST_P(SpdySessionTest, ConnectionPooledWithTlsChannelId) {
   session_deps_.host_resolver->set_synchronous_mode(true);
 
   SequencedSocketData data(nullptr, 0, nullptr, 0);
   session_deps_.socket_factory->AddSocketDataProvider(&data);
 
   // Load a cert that is valid for:
   //   www.example.org
   //   mail.example.org
-  //   www.example.com
+  //   mail.example.com
   base::FilePath certs_dir = GetTestCertsDirectory();
   scoped_refptr<X509Certificate> test_cert(
       ImportCertFromFile(certs_dir, "spdy_pooling.pem"));
   ASSERT_NE(static_cast<X509Certificate*>(nullptr), test_cert.get());
 
   SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
   ssl.channel_id_sent = true;
   ssl.cert = test_cert;
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
 
@@ skipping 2875 matching lines @@
   // Client id exceeding watermark.
   EXPECT_FALSE(session_->OnUnknownFrame(9, 0));
 
   session_->last_accepted_push_stream_id_ = 6;
   // Low server (even) ids are fine.
   EXPECT_TRUE(session_->OnUnknownFrame(2, 0));
   // Server id exceeding last accepted id.
   EXPECT_FALSE(session_->OnUnknownFrame(8, 0));
 }
 
+class AltSvcFrameTest : public SpdySessionTest {
+ public:
+  AltSvcFrameTest()
+      : alternative_service_("quic",
+                             "alternative.example.org",
+                             443,
+                             86400,
+                             SpdyAltSvcWireFormat::VersionVector()),
+        ssl_(SYNCHRONOUS, OK) {}
+
+  void AddSocketData(const SpdyAltSvcIR& altsvc_ir) {
+    altsvc_frame_ = spdy_util_.SerializeFrame(altsvc_ir);
+    reads_.push_back(CreateMockRead(altsvc_frame_, 0));
+    reads_.push_back(MockRead(ASYNC, 0, 1));
+
+    data_.reset(
+        new SequencedSocketData(reads_.data(), reads_.size(), nullptr, 0));
+    session_deps_.socket_factory->AddSocketDataProvider(data_.get());
+  }
+
+  void AddSSLSocketData() {
+    // Load a cert that is valid for
+    // www.example.org, mail.example.org, and mail.example.com.
+    cert_ = ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
+    ASSERT_TRUE(cert_);
+    ssl_.cert = cert_;
+    session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_);
+  }
+
+  void CreateSecureSpdySession() {
+    session_ = ::net::CreateSecureSpdySession(http_session_.get(), key_,
+                                              BoundNetLog());
+  }
+
+  SpdyAltSvcWireFormat::AlternativeService alternative_service_;
+
+ private:
+  SpdySerializedFrame altsvc_frame_;
+  std::vector<MockRead> reads_;
+  std::unique_ptr<SequencedSocketData> data_;
+  scoped_refptr<X509Certificate> cert_;
+  SSLSocketDataProvider ssl_;
+};
+
+INSTANTIATE_TEST_CASE_P(HTTP2,
+                        AltSvcFrameTest,
+                        testing::Values(kTestCaseHTTP2PriorityDependencies));
+
+TEST_P(AltSvcFrameTest, ProcessAltSvcFrame) {
+  const char origin[] = "https://mail.example.org";
+  SpdyAltSvcIR altsvc_ir(0);
+  altsvc_ir.add_altsvc(alternative_service_);
+  altsvc_ir.set_origin(origin);
+  AddSocketData(altsvc_ir);
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateSecureSpdySession();
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+
+  altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          url::SchemeHostPort(GURL(origin)));
+  ASSERT_EQ(1u, altsvc_vector.size());
+  EXPECT_EQ(QUIC, altsvc_vector[0].protocol);
+  EXPECT_EQ("alternative.example.org", altsvc_vector[0].host);
+  EXPECT_EQ(443u, altsvc_vector[0].port);
+}
+
+TEST_P(AltSvcFrameTest, DoNotProcessAltSvcFrameOnInsecureSession) {
+  const char origin[] = "https://mail.example.org";
+  SpdyAltSvcIR altsvc_ir(0);
+  altsvc_ir.add_altsvc(alternative_service_);
+  altsvc_ir.set_origin(origin);
+  AddSocketData(altsvc_ir);
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateInsecureSpdySession();
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+
+  altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          url::SchemeHostPort(GURL(origin)));
+  ASSERT_TRUE(altsvc_vector.empty());
+}
+
+TEST_P(AltSvcFrameTest, DoNotProcessAltSvcFrameForOriginNotCoveredByCert) {
+  const char origin[] = "https://invalid.example.org";
+  SpdyAltSvcIR altsvc_ir(0);
+  altsvc_ir.add_altsvc(alternative_service_);
+  altsvc_ir.set_origin(origin);
+  AddSocketData(altsvc_ir);
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateSecureSpdySession();
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+
+  altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          url::SchemeHostPort(GURL(origin)));
+  ASSERT_TRUE(altsvc_vector.empty());
+}
+
+TEST_P(AltSvcFrameTest, DoNotProcessAltSvcFrameWithEmptyOriginOnZeroStream) {
+  SpdyAltSvcIR altsvc_ir(0);
+  altsvc_ir.add_altsvc(alternative_service_);
+  AddSocketData(altsvc_ir);
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateSecureSpdySession();
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+}
+
+TEST_P(AltSvcFrameTest, ProcessAltSvcFrameOnActiveStream) {
+  SpdyAltSvcIR altsvc_ir(1);
+  altsvc_ir.add_altsvc(alternative_service_);
+
+  SpdySerializedFrame altsvc_frame(spdy_util_.SerializeFrame(altsvc_ir));
+  std::unique_ptr<SpdySerializedFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_REFUSED_STREAM));
+  MockRead reads[] = {
+      CreateMockRead(altsvc_frame, 1), CreateMockRead(*rst, 2),
+      MockRead(ASYNC, 0, 3)  // EOF
+  };
+
+  const char request_origin[] = "https://mail.example.org";
+  std::unique_ptr<SpdySerializedFrame> req(
+      spdy_util_.ConstructSpdyGet(request_origin, 1, MEDIUM));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0),
+  };
+  SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateSecureSpdySession();
+
+  base::WeakPtr<SpdyStream> spdy_stream1 =
+      CreateStreamSynchronously(SPDY_REQUEST_RESPONSE_STREAM, session_,
+                                GURL(request_origin), MEDIUM, BoundNetLog());
+  test::StreamDelegateDoNothing delegate1(spdy_stream1);
+  spdy_stream1->SetDelegate(&delegate1);
+
+  std::unique_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(request_origin));
+
+  spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
+  EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+
+  altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          url::SchemeHostPort(GURL(request_origin)));
+  ASSERT_EQ(1u, altsvc_vector.size());
+  EXPECT_EQ(QUIC, altsvc_vector[0].protocol);
+  EXPECT_EQ("alternative.example.org", altsvc_vector[0].host);
+  EXPECT_EQ(443u, altsvc_vector[0].port);
+}
+
+TEST_P(AltSvcFrameTest, DoNotProcessAltSvcFrameOnStreamWithInsecureOrigin) {
+  SpdyAltSvcIR altsvc_ir(1);
+  altsvc_ir.add_altsvc(alternative_service_);
+
+  SpdySerializedFrame altsvc_frame(spdy_util_.SerializeFrame(altsvc_ir));
+  std::unique_ptr<SpdySerializedFrame> rst(
+      spdy_util_.ConstructSpdyRstStream(1, RST_STREAM_REFUSED_STREAM));
+  MockRead reads[] = {
+      CreateMockRead(altsvc_frame, 1), CreateMockRead(*rst, 2),
+      MockRead(ASYNC, 0, 3)  // EOF
+  };
+
+  const char request_origin[] = "http://mail.example.org";
+  std::unique_ptr<SpdySerializedFrame> req(
+      spdy_util_.ConstructSpdyGet(request_origin, 1, MEDIUM));
+  MockWrite writes[] = {
+      CreateMockWrite(*req, 0),
+  };
+  SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes));
+  session_deps_.socket_factory->AddSocketDataProvider(&data);
+
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateSecureSpdySession();
+
+  base::WeakPtr<SpdyStream> spdy_stream1 =
+      CreateStreamSynchronously(SPDY_REQUEST_RESPONSE_STREAM, session_,
+                                GURL(request_origin), MEDIUM, BoundNetLog());
+  test::StreamDelegateDoNothing delegate1(spdy_stream1);
+  spdy_stream1->SetDelegate(&delegate1);
+
+  std::unique_ptr<SpdyHeaderBlock> headers(
+      spdy_util_.ConstructGetHeaderBlock(request_origin));
+
+  spdy_stream1->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND);
+  EXPECT_TRUE(spdy_stream1->HasUrlFromHeaders());
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+
+  altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          url::SchemeHostPort(GURL(request_origin)));
+  ASSERT_TRUE(altsvc_vector.empty());
+}
+
+TEST_P(AltSvcFrameTest, DoNotProcessAltSvcFrameOnNonExistentStream) {
+  SpdyAltSvcIR altsvc_ir(1);
+  altsvc_ir.add_altsvc(alternative_service_);
+  AddSocketData(altsvc_ir);
+  AddSSLSocketData();
+
+  CreateNetworkSession();
+  CreateSecureSpdySession();
+
+  base::RunLoop().RunUntilIdle();
+
+  const url::SchemeHostPort session_origin("https", test_url_.host(),
+                                           test_url_.EffectiveIntPort());
+  AlternativeServiceVector altsvc_vector =
+      spdy_session_pool_->http_server_properties()->GetAlternativeServices(
+          session_origin);
+  ASSERT_TRUE(altsvc_vector.empty());
+}
+
 TEST(MapFramerErrorToProtocolError, MapsValues) {
   CHECK_EQ(
       SPDY_ERROR_INVALID_CONTROL_FRAME,
       MapFramerErrorToProtocolError(SpdyFramer::SPDY_INVALID_CONTROL_FRAME));
   CHECK_EQ(
       SPDY_ERROR_INVALID_DATA_FRAME_FLAGS,
       MapFramerErrorToProtocolError(SpdyFramer::SPDY_INVALID_DATA_FRAME_FLAGS));
   CHECK_EQ(
       SPDY_ERROR_GOAWAY_FRAME_CORRUPT,
       MapFramerErrorToProtocolError(SpdyFramer::SPDY_GOAWAY_FRAME_CORRUPT));
@@ skipping 37 matching lines @@
            MapNetErrorToGoAwayStatus(ERR_SPDY_COMPRESSION_ERROR));
   CHECK_EQ(GOAWAY_FRAME_SIZE_ERROR,
            MapNetErrorToGoAwayStatus(ERR_SPDY_FRAME_SIZE_ERROR));
   CHECK_EQ(GOAWAY_PROTOCOL_ERROR, MapNetErrorToGoAwayStatus(ERR_UNEXPECTED));
 }
 
 TEST(CanPoolTest, CanPool) {
   // Load a cert that is valid for:
   //   www.example.org
   //   mail.example.org
-  //   www.example.com
+  //   mail.example.com
 
   TransportSecurityState tss;
   SSLInfo ssl_info;
   ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
                                      "spdy_pooling.pem");
 
   EXPECT_TRUE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "www.example.org"));
   EXPECT_TRUE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.org"));
   EXPECT_TRUE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.com"));
   EXPECT_FALSE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.google.com"));
 }
 
 TEST(CanPoolTest, CanNotPoolWithCertErrors) {
   // Load a cert that is valid for:
   //   www.example.org
   //   mail.example.org
-  //   www.example.com
+  //   mail.example.com
 
   TransportSecurityState tss;
   SSLInfo ssl_info;
   ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
                                      "spdy_pooling.pem");
   ssl_info.cert_status = CERT_STATUS_REVOKED;
 
   EXPECT_FALSE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.org"));
 }
 
 TEST(CanPoolTest, CanNotPoolWithClientCerts) {
   // Load a cert that is valid for:
   //   www.example.org
   //   mail.example.org
-  //   www.example.com
+  //   mail.example.com
 
   TransportSecurityState tss;
   SSLInfo ssl_info;
   ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
                                      "spdy_pooling.pem");
   ssl_info.client_cert_sent = true;
 
   EXPECT_FALSE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.org"));
 }
 
 TEST(CanPoolTest, CanNotPoolAcrossETLDsWithChannelID) {
   // Load a cert that is valid for:
   //   www.example.org
   //   mail.example.org
-  //   www.example.com
+  //   mail.example.com
 
   TransportSecurityState tss;
   SSLInfo ssl_info;
   ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
                                      "spdy_pooling.pem");
   ssl_info.channel_id_sent = true;
 
   EXPECT_TRUE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.org"));
   EXPECT_FALSE(SpdySession::CanPool(
@@ skipping 27 matching lines @@
   ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
                                      "spdy_pooling.pem");
   ssl_info.is_issued_by_known_root = true;
   ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin));
 
   EXPECT_TRUE(SpdySession::CanPool(
       &tss, ssl_info, "www.example.org", "mail.example.org"));
 }
 
 }  // namespace net