WIP: URLRequest-based UIR implementation.

net/url_request/url_request_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
 #include <utility>
 
 #include "base/memory/ptr_util.h"
 #include "build/build_config.h"
 
@@ skipping 1109 matching lines @@
   req->Start();
   base::RunLoop().Run();
 
   ASSERT_EQ(1, d.received_redirect_count());
   ASSERT_FALSE(req->status().is_success());
 }
 #endif  // defined(OS_WIN)
 
 #endif  // !defined(DISABLE_FILE_SUPPORT)
 
+TEST_F(URLRequestTest, InsecureRequestPolicyTest) {
+  TestDelegate d;
+  GURL original_url("http://example.com/path/to/file");
+  GURL upgraded_url("https://example.com/path/to/file");
+  url::Origin matched_host(original_url);
+  url::Origin mismatched_host(GURL("http://not.example.com/"));
+  std::string upgrade_type = "Upgrade";
+
+  std::unique_ptr<URLRequest> r(default_context_.CreateRequest(original_url, DEFAULT_PRIORITY, &d));
+
+  // No upgrade:
+  {
+    r->set_insecure_request_policy(URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS);
+    
+    GURL redirect;
+    std::string type;
+    EXPECT_FALSE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_TRUE(redirect.is_empty());
+    EXPECT_TRUE(type.empty());
+  }
+
+  // Upgrade all, matching host:
+  {
+    r->set_insecure_request_policy(URLRequest::UPGRADE_ALL_INSECURE_REQUESTS);
+    r->set_initiator(matched_host);
+    
+    GURL redirect;
+    std::string type;
+    EXPECT_TRUE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_EQ(upgraded_url, redirect);
+    EXPECT_EQ(upgrade_type, type);
+  }
+
+  // Upgrade all, mismatched host:
+  {
+    r->set_insecure_request_policy(URLRequest::UPGRADE_ALL_INSECURE_REQUESTS);
+    r->set_initiator(mismatched_host);
+    
+    GURL redirect;
+    std::string type;
+    EXPECT_TRUE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_EQ(upgraded_url, redirect);
+    EXPECT_EQ(upgrade_type, type);
+  }
+
+  // Upgrade same host, matching host:
+  {
+    r->set_insecure_request_policy(URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS);
+    r->set_initiator(matched_host);
+    
+    GURL redirect;
+    std::string type;
+    EXPECT_TRUE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_EQ(upgraded_url, redirect);
+    EXPECT_EQ(upgrade_type, type);
+  }
+
+  // Upgrade same host, mismatched host:
+  {
+    r->set_insecure_request_policy(URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS);
+    r->set_initiator(mismatched_host);
+    
+    GURL redirect;
+    std::string type;
+    EXPECT_FALSE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_TRUE(redirect.is_empty());
+    EXPECT_TRUE(type.empty());
+  }
+}
+
+TEST_F(URLRequestTest, HSTSUpgradeTest) {
+  TestURLRequestContext context(true);
+  TestNetworkDelegate network_delegate;
+  TestDelegate delegate;
+
+  TransportSecurityState transport_security_state;
+
+  context.set_transport_security_state(&transport_security_state);
+  context.set_network_delegate(&network_delegate);
+  context.Init();
+
+  GURL original_url("http://example.com/path/to/file");
+  GURL upgraded_url("https://example.com/path/to/file");
+  std::string hsts_type = "HSTS";
+  std::string upgrade_type = "Upgrade";
+
+  std::unique_ptr<URLRequest> r(context.CreateRequest(original_url, DEFAULT_PRIORITY, &delegate));
+
+  // No upgrade by default:
+  {
+    GURL redirect;
+    std::string type;
+    EXPECT_FALSE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_TRUE(redirect.is_empty());
+    EXPECT_TRUE(type.empty());
+  }
+
+  // Upgrade if host is in the HSTS list:
+  {
+    transport_security_state.AddHSTS("example.com", base::Time::Now() + base::TimeDelta::FromDays(1), false);
+
+    GURL redirect;
+    std::string type;
+    EXPECT_TRUE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_EQ(upgraded_url, redirect);
+    EXPECT_EQ(hsts_type, type);
+  }
+
+  // If host is in the HSTS list, and would be upgraded by insecure request
+  // policy, the latter is reported as the upgrade type:
+  {
+    transport_security_state.AddHSTS("example.com", base::Time::Now() + base::TimeDelta::FromDays(1), false);
+    r->set_insecure_request_policy(URLRequest::UPGRADE_ALL_INSECURE_REQUESTS);
+
+    GURL redirect;
+    std::string type;
+    EXPECT_TRUE(r->GetSecureRedirect(&redirect, &type));
+    EXPECT_EQ(upgraded_url, redirect);
+    EXPECT_EQ(upgrade_type, type);
+  }
+}
+
 TEST_F(URLRequestTest, InvalidUrlTest) {
   TestDelegate d;
   {
     std::unique_ptr<URLRequest> r(default_context_.CreateRequest(
         GURL("invalid url"), DEFAULT_PRIORITY, &d));
 
     r->Start();
     EXPECT_TRUE(r->is_pending());
 
     base::RunLoop().Run();
@@ skipping 7419 matching lines @@
   std::string redirect_location;
   EXPECT_TRUE(headers->EnumerateHeader(NULL, "Location", &redirect_location));
   EXPECT_EQ(hsts_https_url.spec(), redirect_location);
 
   std::string received_cors_header;
   EXPECT_TRUE(headers->EnumerateHeader(NULL, "Access-Control-Allow-Origin",
                                        &received_cors_header));
   EXPECT_EQ(kOriginHeaderValue, received_cors_header);
 }
 
-// This just tests the behaviour of GetHSTSRedirect(). End-to-end tests of HSTS
+// This just tests the behaviour of GetSecureRedirect(). End-to-end tests of HSTS
 // are performed in net/websockets/websocket_end_to_end_test.cc.
 TEST(WebSocketURLRequestTest, HSTSApplied) {
   TestNetworkDelegate network_delegate;
   TransportSecurityState transport_security_state;
   base::Time expiry = base::Time::Now() + base::TimeDelta::FromDays(1);
   bool include_subdomains = false;
   transport_security_state.AddHSTS("example.net", expiry, include_subdomains);
   TestURLRequestContext context(true);
   context.set_transport_security_state(&transport_security_state);
   context.set_network_delegate(&network_delegate);
   context.Init();
   GURL ws_url("ws://example.net/echo");
   TestDelegate delegate;
   std::unique_ptr<URLRequest> request(
       context.CreateRequest(ws_url, DEFAULT_PRIORITY, &delegate));
-  EXPECT_TRUE(request->GetHSTSRedirect(&ws_url));
+  std::string redirect_type;
+  EXPECT_TRUE(request->GetSecureRedirect(&ws_url, &redirect_type));
   EXPECT_TRUE(ws_url.SchemeIs("wss"));
+  EXPECT_EQ("HSTS", redirect_type);
 }
 
 namespace {
 
 class SSLClientAuthTestDelegate : public TestDelegate {
  public:
   SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) {
   }
   void OnCertificateRequested(URLRequest* request,
                               SSLCertRequestInfo* cert_request_info) override {
@@ skipping 1444 matching lines @@
   AddTestInterceptor()->set_main_intercept_job(std::move(job));
 
   req->Start();
   req->Cancel();
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status());
   EXPECT_EQ(0, d.received_redirect_count());
 }
 
 }  // namespace net