Require a CTVerifier and CTPolicyEnforcer for TLS/QUIC sockets

net/http/http_stream_factory_impl_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_stream_factory_impl.h"
 
 #include <stdint.h>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/run_loop.h"
 #include "net/base/port_util.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
+#include "net/cert/ct_policy_enforcer.h"
 #include "net/cert/mock_cert_verifier.h"
+#include "net/cert/multi_log_ct_verifier.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/http/bidirectional_stream_impl.h"
 #include "net/http/bidirectional_stream_request_info.h"
 #include "net/http/http_auth_handler_factory.h"
 #include "net/http/http_network_session.h"
 #include "net/http/http_network_session_peer.h"
 #include "net/http/http_network_transaction.h"
 #include "net/http/http_request_info.h"
 #include "net/http/http_server_properties.h"
 #include "net/http/http_server_properties_impl.h"
@@ skipping 326 matching lines @@
                       HttpNetworkSession* session) {
   GURL url = test.ssl ? GURL("https://www.google.com") :
       GURL("http://www.google.com");
   PreconnectHelperForURL(test.num_streams, url, session);
 }
 
 template<typename ParentPool>
 class CapturePreconnectsSocketPool : public ParentPool {
  public:
   CapturePreconnectsSocketPool(HostResolver* host_resolver,
-                               CertVerifier* cert_verifier);
+                               CertVerifier* cert_verifier,
+                               TransportSecurityState* transport_security_state,
+                               CTVerifier* cert_transparency_verifier,
+                               CTPolicyEnforcer* ct_policy_enforcer);
 
   int last_num_streams() const {
     return last_num_streams_;
   }
 
   int RequestSocket(const std::string& group_name,
                     const void* socket_params,
                     RequestPriority priority,
                     ClientSocketPool::RespectLimits respect_limits,
                     ClientSocketHandle* handle,
@@ skipping 46 matching lines @@
 typedef CapturePreconnectsSocketPool<HttpProxyClientSocketPool>
 CapturePreconnectsHttpProxySocketPool;
 typedef CapturePreconnectsSocketPool<SOCKSClientSocketPool>
 CapturePreconnectsSOCKSSocketPool;
 typedef CapturePreconnectsSocketPool<SSLClientSocketPool>
 CapturePreconnectsSSLSocketPool;
 
 template <typename ParentPool>
 CapturePreconnectsSocketPool<ParentPool>::CapturePreconnectsSocketPool(
     HostResolver* host_resolver,
-    CertVerifier* /* cert_verifier */)
+    CertVerifier*,
+    TransportSecurityState*,
+    CTVerifier*,
+    CTPolicyEnforcer*)
     : ParentPool(0, 0, host_resolver, nullptr, nullptr, nullptr),
       last_num_streams_(-1) {}
 
 template <>
 CapturePreconnectsHttpProxySocketPool::CapturePreconnectsSocketPool(
-    HostResolver* /* host_resolver */,
-    CertVerifier* /* cert_verifier */)
+    HostResolver*,
+    CertVerifier*,
+    TransportSecurityState*,
+    CTVerifier*,
+    CTPolicyEnforcer*)
     : HttpProxyClientSocketPool(0, 0, nullptr, nullptr, nullptr),
-      last_num_streams_(-1) {
-}
+      last_num_streams_(-1) {}
 
 template <>
 CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool(
     HostResolver* /* host_resolver */,
-    CertVerifier* cert_verifier)
+    CertVerifier* cert_verifier,
+    TransportSecurityState* transport_security_state,
+    CTVerifier* cert_transparency_verifier,
+    CTPolicyEnforcer* ct_policy_enforcer)
     : SSLClientSocketPool(0,
                           0,
                           cert_verifier,
-                          nullptr,        // channel_id_store
-                          nullptr,        // transport_security_state
-                          nullptr,        // cert_transparency_verifier
-                          nullptr,        // ct_policy_enforcer
+                          nullptr,  // channel_id_store
+                          transport_security_state,
+                          cert_transparency_verifier,
+                          ct_policy_enforcer,
                           std::string(),  // ssl_session_cache_shard
                           nullptr,        // deterministic_socket_factory
                           nullptr,        // transport_socket_pool
                           nullptr,
                           nullptr,
                           nullptr,   // ssl_config_service
                           nullptr),  // net_log
-      last_num_streams_(-1) {
-}
+      last_num_streams_(-1) {}
 
 class HttpStreamFactoryTest : public ::testing::Test,
                               public ::testing::WithParamInterface<NextProto> {
 };
 
 INSTANTIATE_TEST_CASE_P(NextProto,
                         HttpStreamFactoryTest,
                         testing::Values(kProtoSPDY31,
                                         kProtoHTTP2));
 
 TEST_P(HttpStreamFactoryTest, PreconnectDirect) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateDirect());
     std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
     CapturePreconnectsTransportSocketPool* transport_conn_pool =
         new CapturePreconnectsTransportSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     CapturePreconnectsSSLSocketPool* ssl_conn_pool =
         new CapturePreconnectsSSLSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     mock_pool_manager->SetSSLSocketPool(ssl_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
     PreconnectHelper(kTests[i], session.get());
     if (kTests[i].ssl)
       EXPECT_EQ(kTests[i].num_streams, ssl_conn_pool->last_num_streams());
     else
       EXPECT_EQ(kTests[i].num_streams, transport_conn_pool->last_num_streams());
   }
 }
 
 TEST_P(HttpStreamFactoryTest, PreconnectHttpProxy) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateFixed("http_proxy"));
     std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
     HostPortPair proxy_host("http_proxy", 80);
     CapturePreconnectsHttpProxySocketPool* http_proxy_pool =
         new CapturePreconnectsHttpProxySocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     CapturePreconnectsSSLSocketPool* ssl_conn_pool =
         new CapturePreconnectsSSLSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
     PreconnectHelper(kTests[i], session.get());
     if (kTests[i].ssl)
       EXPECT_EQ(kTests[i].num_streams, ssl_conn_pool->last_num_streams());
     else
       EXPECT_EQ(kTests[i].num_streams, http_proxy_pool->last_num_streams());
   }
 }
 
 TEST_P(HttpStreamFactoryTest, PreconnectSocksProxy) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateFixed("socks4://socks_proxy:1080"));
     std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
     HostPortPair proxy_host("socks_proxy", 1080);
     CapturePreconnectsSOCKSSocketPool* socks_proxy_pool =
         new CapturePreconnectsSOCKSSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     CapturePreconnectsSSLSocketPool* ssl_conn_pool =
         new CapturePreconnectsSSLSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForSOCKSProxy(proxy_host, socks_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
     PreconnectHelper(kTests[i], session.get());
     if (kTests[i].ssl)
       EXPECT_EQ(kTests[i].num_streams, ssl_conn_pool->last_num_streams());
     else
       EXPECT_EQ(kTests[i].num_streams, socks_proxy_pool->last_num_streams());
   }
 }
 
 TEST_P(HttpStreamFactoryTest, PreconnectDirectWithExistingSpdySession) {
   for (size_t i = 0; i < arraysize(kTests); ++i) {
     SpdySessionDependencies session_deps(
         GetParam(), ProxyService::CreateDirect());
     std::unique_ptr<HttpNetworkSession> session(
         SpdySessionDependencies::SpdyCreateSession(&session_deps));
     HttpNetworkSessionPeer peer(session.get());
 
     // Put a SpdySession in the pool.
     HostPortPair host_port_pair("www.google.com", 443);
     SpdySessionKey key(host_port_pair, ProxyServer::Direct(),
                        PRIVACY_MODE_DISABLED);
     ignore_result(CreateFakeSpdySession(session->spdy_session_pool(), key));
 
     CapturePreconnectsTransportSocketPool* transport_conn_pool =
         new CapturePreconnectsTransportSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     CapturePreconnectsSSLSocketPool* ssl_conn_pool =
         new CapturePreconnectsSSLSocketPool(
-            session_deps.host_resolver.get(),
-            session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     mock_pool_manager->SetSSLSocketPool(ssl_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
     PreconnectHelper(kTests[i], session.get());
     // We shouldn't be preconnecting if we have an existing session, which is
     // the case for https://www.google.com.
     if (kTests[i].ssl)
       EXPECT_EQ(-1, ssl_conn_pool->last_num_streams());
     else
       EXPECT_EQ(kTests[i].num_streams,
                 transport_conn_pool->last_num_streams());
   }
 }
 
 // Verify that preconnects to unsafe ports are cancelled before they reach
 // the SocketPool.
 TEST_P(HttpStreamFactoryTest, PreconnectUnsafePort) {
   ASSERT_FALSE(IsPortAllowedForScheme(7, "http"));
 
   SpdySessionDependencies session_deps(
       GetParam(), ProxyService::CreateDirect());
   std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
   HttpNetworkSessionPeer peer(session.get());
   CapturePreconnectsTransportSocketPool* transport_conn_pool =
       new CapturePreconnectsTransportSocketPool(
-          session_deps.host_resolver.get(),
-          session_deps.cert_verifier.get());
+          session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+          session_deps.transport_security_state.get(),
+          session_deps.cert_transparency_verifier.get(),
+          session_deps.ct_policy_enforcer.get());
   std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
       new MockClientSocketPoolManager);
   mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
   peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
 
   PreconnectHelperForURL(1, GURL("http://www.google.com:7"), session.get());
   EXPECT_EQ(-1, transport_conn_pool->last_num_streams());
 }
 
 TEST_P(HttpStreamFactoryTest, JobNotifiesProxy) {
@@ skipping 62 matching lines @@
     HttpNetworkSession::Params params;
     params.enable_quic = true;
     params.quic_disable_preconnect_if_0rtt = false;
     scoped_refptr<SSLConfigServiceDefaults> ssl_config_service(
         new SSLConfigServiceDefaults);
     HttpServerPropertiesImpl http_server_properties;
     MockClientSocketFactory socket_factory;
     params.client_socket_factory = &socket_factory;
     MockHostResolver host_resolver;
     params.host_resolver = &host_resolver;
+    MockCertVerifier cert_verifier;
+    params.cert_verifier = &cert_verifier;
     TransportSecurityState transport_security_state;
     params.transport_security_state = &transport_security_state;
+    MultiLogCTVerifier ct_verifier;
+    params.cert_transparency_verifier = &ct_verifier;
+    CTPolicyEnforcer ct_policy_enforcer;
+    params.ct_policy_enforcer = &ct_policy_enforcer;
     params.proxy_service = proxy_service.get();
     params.ssl_config_service = ssl_config_service.get();
     params.http_server_properties = &http_server_properties;
 
     std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
     session->quic_stream_factory()->set_require_confirmation(false);
 
     StaticSocketDataProvider socket_data1;
     socket_data1.set_connect_data(MockConnect(ASYNC, mock_error[i]));
     socket_factory.AddSocketDataProvider(&socket_data1);
@@ skipping 102 matching lines @@
   HttpNetworkSession::Params params;
   params.enable_quic = true;
   params.quic_disable_preconnect_if_0rtt = false;
   scoped_refptr<SSLConfigServiceDefaults> ssl_config_service(
       new SSLConfigServiceDefaults);
   HttpServerPropertiesImpl http_server_properties;
   MockClientSocketFactory socket_factory;
   params.client_socket_factory = &socket_factory;
   MockHostResolver host_resolver;
   params.host_resolver = &host_resolver;
+  MockCertVerifier cert_verifier;
+  params.cert_verifier = &cert_verifier;
   TransportSecurityState transport_security_state;
   params.transport_security_state = &transport_security_state;
+  MultiLogCTVerifier ct_verifier;
+  params.cert_transparency_verifier = &ct_verifier;
+  CTPolicyEnforcer ct_policy_enforcer;
+  params.ct_policy_enforcer = &ct_policy_enforcer;
   params.proxy_service = proxy_service.get();
   params.ssl_config_service = ssl_config_service.get();
   params.http_server_properties = &http_server_properties;
   params.quic_max_number_of_lossy_connections = 2;
 
   std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
   session->quic_stream_factory()->set_require_confirmation(false);
 
   session->quic_stream_factory()->number_of_lossy_connections_[99] =
       params.quic_max_number_of_lossy_connections;
@@ skipping 54 matching lines @@
         SpdySessionDependencies::CreateSessionParams(&session_deps);
     params.enable_quic = true;
     params.quic_disable_preconnect_if_0rtt = true;
     params.http_server_properties = &http_server_properties;
 
     std::unique_ptr<HttpNetworkSession> session(new HttpNetworkSession(params));
     HttpNetworkSessionPeer peer(session.get());
     HostPortPair proxy_host("http_proxy", 80);
     CapturePreconnectsHttpProxySocketPool* http_proxy_pool =
         new CapturePreconnectsHttpProxySocketPool(
-            session_deps.host_resolver.get(), session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     CapturePreconnectsSSLSocketPool* ssl_conn_pool =
-        new CapturePreconnectsSSLSocketPool(session_deps.host_resolver.get(),
-                                            session_deps.cert_verifier.get());
+        new CapturePreconnectsSSLSocketPool(
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
     mock_pool_manager->SetSocketPoolForSSLWithProxy(proxy_host, ssl_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
     PreconnectHelperForURL(num_streams, url, session.get());
     EXPECT_EQ(num_streams, ssl_conn_pool->last_num_streams());
   }
 }
 
@@ skipping 27 matching lines @@
 
     // Setup 0RTT for QUIC.
     QuicStreamFactory* factory = session->quic_stream_factory();
     factory->set_require_confirmation(false);
     test::QuicStreamFactoryPeer::CacheDummyServerConfig(
         factory, QuicServerId(host_port_pair, PRIVACY_MODE_DISABLED));
 
     HttpNetworkSessionPeer peer(session.get());
     CapturePreconnectsTransportSocketPool* transport_conn_pool =
         new CapturePreconnectsTransportSocketPool(
-            session_deps.host_resolver.get(), session_deps.cert_verifier.get());
+            session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
+            session_deps.transport_security_state.get(),
+            session_deps.cert_transparency_verifier.get(),
+            session_deps.ct_policy_enforcer.get());
     std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
         new MockClientSocketPoolManager);
     mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
     peer.SetClientSocketPoolManager(std::move(mock_pool_manager));
 
     HttpRequestInfo request;
     request.method = "GET";
     request.url = url;
     request.load_flags = 0;
 
@@ skipping 68 matching lines @@
     return -1;
   return session_list->GetSize();
 }
 
 }  // namespace
 
 TEST_P(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) {
   SpdySessionDependencies session_deps(
       GetParam(), ProxyService::CreateDirect());
 
-  StaticSocketDataProvider socket_data;
-  socket_data.set_connect_data(MockConnect(ASYNC, OK));
-  session_deps.socket_factory->AddSocketDataProvider(&socket_data);
+  StaticSocketDataProvider socket_data_1;
+  socket_data_1.set_connect_data(MockConnect(ASYNC, OK));
+  session_deps.socket_factory->AddSocketDataProvider(&socket_data_1);
+  StaticSocketDataProvider socket_data_2;
+  socket_data_2.set_connect_data(MockConnect(ASYNC, OK));
+  session_deps.socket_factory->AddSocketDataProvider(&socket_data_2);
+  StaticSocketDataProvider socket_data_3;
+  socket_data_3.set_connect_data(MockConnect(ASYNC, OK));
+  session_deps.socket_factory->AddSocketDataProvider(&socket_data_3);
 
-  SSLSocketDataProvider ssl(ASYNC, OK);
-  session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
+  SSLSocketDataProvider ssl_1(ASYNC, OK);
+  session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_1);
+  SSLSocketDataProvider ssl_2(ASYNC, OK);
+  session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_2);
+  SSLSocketDataProvider ssl_3(ASYNC, OK);
+  session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_3);
 
   std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
   SSLClientSocketPool* ssl_pool = session->GetSSLSocketPool(
       HttpNetworkSession::NORMAL_SOCKET_POOL);
 
   EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 0);
 
   HttpRequestInfo request_info;
   request_info.method = "GET";
@@ skipping 27 matching lines @@
           BoundNetLog()));
   waiter.WaitForStream();
 
   EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 2);
 }
 
 TEST_P(HttpStreamFactoryTest, GetLoadState) {
   SpdySessionDependencies session_deps(
       GetParam(), ProxyService::CreateDirect());
 
+  // Force asynchronous host resolutions, so that the LoadState will be
+  // resolving the host.
+  session_deps.host_resolver->set_synchronous_mode(false);
+
   StaticSocketDataProvider socket_data;
   socket_data.set_connect_data(MockConnect(ASYNC, OK));
   session_deps.socket_factory->AddSocketDataProvider(&socket_data);
 
   std::unique_ptr<HttpNetworkSession> session(
       SpdySessionDependencies::SpdyCreateSession(&session_deps));
 
   HttpRequestInfo request_info;
   request_info.method = "GET";
   request_info.url = GURL("http://www.google.com");
@@ skipping 413 matching lines @@
 
     // Load a certificate that is valid for *.example.org
     scoped_refptr<X509Certificate> test_cert(
         ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
     EXPECT_TRUE(test_cert.get());
     verify_details_.cert_verify_result.verified_cert = test_cert;
     verify_details_.cert_verify_result.is_issued_by_known_root = true;
     crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_);
     crypto_client_stream_factory_.set_handshake_mode(
         MockCryptoClientStream::CONFIRM_HANDSHAKE);
+    params_.cert_verifier = &cert_verifier_;
     params_.quic_crypto_client_stream_factory = &crypto_client_stream_factory_;
     params_.quic_supported_versions = test::SupportedVersions(GetParam());
     params_.transport_security_state = &transport_security_state_;
+    params_.cert_transparency_verifier = &ct_verifier_;
+    params_.ct_policy_enforcer = &ct_policy_enforcer_;
     params_.host_resolver = &host_resolver_;
     params_.proxy_service = proxy_service_.get();
     params_.ssl_config_service = ssl_config_service_.get();
     params_.client_socket_factory = &socket_factory_;
     session_.reset(new HttpNetworkSession(params_));
     session_->quic_stream_factory()->set_require_confirmation(false);
   }
 
   void AddQuicAlternativeService() {
     const AlternativeService alternative_service(QUIC, "www.example.org", 443);
@@ skipping 17 matching lines @@
 
   HttpNetworkSession* session() { return session_.get(); }
 
  private:
   MockClock* clock_;  // Owned by QuicStreamFactory
   test::QuicTestPacketMaker client_packet_maker_;
   test::QuicTestPacketMaker server_packet_maker_;
   MockClientSocketFactory socket_factory_;
   std::unique_ptr<HttpNetworkSession> session_;
   test::MockRandom random_generator_;
+  MockCertVerifier cert_verifier_;
   ProofVerifyDetailsChromium verify_details_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
   HttpServerPropertiesImpl http_server_properties_;
   TransportSecurityState transport_security_state_;
+  MultiLogCTVerifier ct_verifier_;
+  CTPolicyEnforcer ct_policy_enforcer_;
   MockHostResolver host_resolver_;
   std::unique_ptr<ProxyService> proxy_service_;
   scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
   HttpNetworkSession::Params params_;
 };
 
 INSTANTIATE_TEST_CASE_P(Version,
                         HttpStreamFactoryBidirectionalQuicTest,
                         ::testing::ValuesIn(QuicSupportedVersions()));
 
@@ skipping 434 matching lines @@
       session->GetTransportSocketPool(
           HttpNetworkSession::WEBSOCKET_SOCKET_POOL)));
   EXPECT_EQ(1, GetSocketPoolGroupCount(
       session->GetSSLSocketPool(HttpNetworkSession::WEBSOCKET_SOCKET_POOL)));
   EXPECT_TRUE(waiter.used_proxy_info().is_direct());
 }
 
 }  // namespace
 
 }  // namespace net