| Index: net/http/http_stream_factory_impl_unittest.cc
|
| diff --git a/net/http/http_stream_factory_impl_unittest.cc b/net/http/http_stream_factory_impl_unittest.cc
|
| index 943528a698fbdd11339a243d5105a17db44ad2e5..13d01151b00f50a98a7a89518109aba402f7f1fe 100644
|
| --- a/net/http/http_stream_factory_impl_unittest.cc
|
| +++ b/net/http/http_stream_factory_impl_unittest.cc
|
| @@ -15,7 +15,9 @@
|
| #include "net/base/port_util.h"
|
| #include "net/base/test_completion_callback.h"
|
| #include "net/base/test_data_directory.h"
|
| +#include "net/cert/ct_policy_enforcer.h"
|
| #include "net/cert/mock_cert_verifier.h"
|
| +#include "net/cert/multi_log_ct_verifier.h"
|
| #include "net/dns/mock_host_resolver.h"
|
| #include "net/http/bidirectional_stream_impl.h"
|
| #include "net/http/bidirectional_stream_request_info.h"
|
| @@ -362,7 +364,10 @@ template<typename ParentPool>
|
| class CapturePreconnectsSocketPool : public ParentPool {
|
| public:
|
| CapturePreconnectsSocketPool(HostResolver* host_resolver,
|
| - CertVerifier* cert_verifier);
|
| + CertVerifier* cert_verifier,
|
| + TransportSecurityState* transport_security_state,
|
| + CTVerifier* cert_transparency_verifier,
|
| + CTPolicyEnforcer* ct_policy_enforcer);
|
|
|
| int last_num_streams() const {
|
| return last_num_streams_;
|
| @@ -429,29 +434,37 @@ CapturePreconnectsSSLSocketPool;
|
| template <typename ParentPool>
|
| CapturePreconnectsSocketPool<ParentPool>::CapturePreconnectsSocketPool(
|
| HostResolver* host_resolver,
|
| - CertVerifier* /* cert_verifier */)
|
| + CertVerifier*,
|
| + TransportSecurityState*,
|
| + CTVerifier*,
|
| + CTPolicyEnforcer*)
|
| : ParentPool(0, 0, host_resolver, nullptr, nullptr, nullptr),
|
| last_num_streams_(-1) {}
|
|
|
| template <>
|
| CapturePreconnectsHttpProxySocketPool::CapturePreconnectsSocketPool(
|
| - HostResolver* /* host_resolver */,
|
| - CertVerifier* /* cert_verifier */)
|
| + HostResolver*,
|
| + CertVerifier*,
|
| + TransportSecurityState*,
|
| + CTVerifier*,
|
| + CTPolicyEnforcer*)
|
| : HttpProxyClientSocketPool(0, 0, nullptr, nullptr, nullptr),
|
| - last_num_streams_(-1) {
|
| -}
|
| + last_num_streams_(-1) {}
|
|
|
| template <>
|
| CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool(
|
| HostResolver* /* host_resolver */,
|
| - CertVerifier* cert_verifier)
|
| + CertVerifier* cert_verifier,
|
| + TransportSecurityState* transport_security_state,
|
| + CTVerifier* cert_transparency_verifier,
|
| + CTPolicyEnforcer* ct_policy_enforcer)
|
| : SSLClientSocketPool(0,
|
| 0,
|
| cert_verifier,
|
| - nullptr, // channel_id_store
|
| - nullptr, // transport_security_state
|
| - nullptr, // cert_transparency_verifier
|
| - nullptr, // ct_policy_enforcer
|
| + nullptr, // channel_id_store
|
| + transport_security_state,
|
| + cert_transparency_verifier,
|
| + ct_policy_enforcer,
|
| std::string(), // ssl_session_cache_shard
|
| nullptr, // deterministic_socket_factory
|
| nullptr, // transport_socket_pool
|
| @@ -459,8 +472,7 @@ CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool(
|
| nullptr,
|
| nullptr, // ssl_config_service
|
| nullptr), // net_log
|
| - last_num_streams_(-1) {
|
| -}
|
| + last_num_streams_(-1) {}
|
|
|
| class HttpStreamFactoryTest : public ::testing::Test,
|
| public ::testing::WithParamInterface<NextProto> {
|
| @@ -480,12 +492,16 @@ TEST_P(HttpStreamFactoryTest, PreconnectDirect) {
|
| HttpNetworkSessionPeer peer(session.get());
|
| CapturePreconnectsTransportSocketPool* transport_conn_pool =
|
| new CapturePreconnectsTransportSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| CapturePreconnectsSSLSocketPool* ssl_conn_pool =
|
| new CapturePreconnectsSSLSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
|
| @@ -509,12 +525,16 @@ TEST_P(HttpStreamFactoryTest, PreconnectHttpProxy) {
|
| HostPortPair proxy_host("http_proxy", 80);
|
| CapturePreconnectsHttpProxySocketPool* http_proxy_pool =
|
| new CapturePreconnectsHttpProxySocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| CapturePreconnectsSSLSocketPool* ssl_conn_pool =
|
| new CapturePreconnectsSSLSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
|
| @@ -538,12 +558,16 @@ TEST_P(HttpStreamFactoryTest, PreconnectSocksProxy) {
|
| HostPortPair proxy_host("socks_proxy", 1080);
|
| CapturePreconnectsSOCKSSocketPool* socks_proxy_pool =
|
| new CapturePreconnectsSOCKSSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| CapturePreconnectsSSLSocketPool* ssl_conn_pool =
|
| new CapturePreconnectsSSLSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetSocketPoolForSOCKSProxy(proxy_host, socks_proxy_pool);
|
| @@ -573,12 +597,16 @@ TEST_P(HttpStreamFactoryTest, PreconnectDirectWithExistingSpdySession) {
|
|
|
| CapturePreconnectsTransportSocketPool* transport_conn_pool =
|
| new CapturePreconnectsTransportSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| CapturePreconnectsSSLSocketPool* ssl_conn_pool =
|
| new CapturePreconnectsSSLSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
|
| @@ -607,8 +635,10 @@ TEST_P(HttpStreamFactoryTest, PreconnectUnsafePort) {
|
| HttpNetworkSessionPeer peer(session.get());
|
| CapturePreconnectsTransportSocketPool* transport_conn_pool =
|
| new CapturePreconnectsTransportSocketPool(
|
| - session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
|
| @@ -691,8 +721,14 @@ TEST_P(HttpStreamFactoryTest, UnreachableQuicProxyMarkedAsBad) {
|
| params.client_socket_factory = &socket_factory;
|
| MockHostResolver host_resolver;
|
| params.host_resolver = &host_resolver;
|
| + MockCertVerifier cert_verifier;
|
| + params.cert_verifier = &cert_verifier;
|
| TransportSecurityState transport_security_state;
|
| params.transport_security_state = &transport_security_state;
|
| + MultiLogCTVerifier ct_verifier;
|
| + params.cert_transparency_verifier = &ct_verifier;
|
| + CTPolicyEnforcer ct_policy_enforcer;
|
| + params.ct_policy_enforcer = &ct_policy_enforcer;
|
| params.proxy_service = proxy_service.get();
|
| params.ssl_config_service = ssl_config_service.get();
|
| params.http_server_properties = &http_server_properties;
|
| @@ -815,8 +851,14 @@ TEST_P(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad) {
|
| params.client_socket_factory = &socket_factory;
|
| MockHostResolver host_resolver;
|
| params.host_resolver = &host_resolver;
|
| + MockCertVerifier cert_verifier;
|
| + params.cert_verifier = &cert_verifier;
|
| TransportSecurityState transport_security_state;
|
| params.transport_security_state = &transport_security_state;
|
| + MultiLogCTVerifier ct_verifier;
|
| + params.cert_transparency_verifier = &ct_verifier;
|
| + CTPolicyEnforcer ct_policy_enforcer;
|
| + params.ct_policy_enforcer = &ct_policy_enforcer;
|
| params.proxy_service = proxy_service.get();
|
| params.ssl_config_service = ssl_config_service.get();
|
| params.http_server_properties = &http_server_properties;
|
| @@ -891,10 +933,16 @@ TEST_P(HttpStreamFactoryTest, UsePreConnectIfNoZeroRTT) {
|
| HostPortPair proxy_host("http_proxy", 80);
|
| CapturePreconnectsHttpProxySocketPool* http_proxy_pool =
|
| new CapturePreconnectsHttpProxySocketPool(
|
| - session_deps.host_resolver.get(), session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| CapturePreconnectsSSLSocketPool* ssl_conn_pool =
|
| - new CapturePreconnectsSSLSocketPool(session_deps.host_resolver.get(),
|
| - session_deps.cert_verifier.get());
|
| + new CapturePreconnectsSSLSocketPool(
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetSocketPoolForHTTPProxy(proxy_host, http_proxy_pool);
|
| @@ -942,7 +990,10 @@ TEST_P(HttpStreamFactoryTest, QuicDisablePreConnectIfZeroRtt) {
|
| HttpNetworkSessionPeer peer(session.get());
|
| CapturePreconnectsTransportSocketPool* transport_conn_pool =
|
| new CapturePreconnectsTransportSocketPool(
|
| - session_deps.host_resolver.get(), session_deps.cert_verifier.get());
|
| + session_deps.host_resolver.get(), session_deps.cert_verifier.get(),
|
| + session_deps.transport_security_state.get(),
|
| + session_deps.cert_transparency_verifier.get(),
|
| + session_deps.ct_policy_enforcer.get());
|
| std::unique_ptr<MockClientSocketPoolManager> mock_pool_manager(
|
| new MockClientSocketPoolManager);
|
| mock_pool_manager->SetTransportSocketPool(transport_conn_pool);
|
| @@ -1031,12 +1082,22 @@ TEST_P(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) {
|
| SpdySessionDependencies session_deps(
|
| GetParam(), ProxyService::CreateDirect());
|
|
|
| - StaticSocketDataProvider socket_data;
|
| - socket_data.set_connect_data(MockConnect(ASYNC, OK));
|
| - session_deps.socket_factory->AddSocketDataProvider(&socket_data);
|
| -
|
| - SSLSocketDataProvider ssl(ASYNC, OK);
|
| - session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
|
| + StaticSocketDataProvider socket_data_1;
|
| + socket_data_1.set_connect_data(MockConnect(ASYNC, OK));
|
| + session_deps.socket_factory->AddSocketDataProvider(&socket_data_1);
|
| + StaticSocketDataProvider socket_data_2;
|
| + socket_data_2.set_connect_data(MockConnect(ASYNC, OK));
|
| + session_deps.socket_factory->AddSocketDataProvider(&socket_data_2);
|
| + StaticSocketDataProvider socket_data_3;
|
| + socket_data_3.set_connect_data(MockConnect(ASYNC, OK));
|
| + session_deps.socket_factory->AddSocketDataProvider(&socket_data_3);
|
| +
|
| + SSLSocketDataProvider ssl_1(ASYNC, OK);
|
| + session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_1);
|
| + SSLSocketDataProvider ssl_2(ASYNC, OK);
|
| + session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_2);
|
| + SSLSocketDataProvider ssl_3(ASYNC, OK);
|
| + session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_3);
|
|
|
| std::unique_ptr<HttpNetworkSession> session(
|
| SpdySessionDependencies::SpdyCreateSession(&session_deps));
|
| @@ -1084,6 +1145,10 @@ TEST_P(HttpStreamFactoryTest, GetLoadState) {
|
| SpdySessionDependencies session_deps(
|
| GetParam(), ProxyService::CreateDirect());
|
|
|
| + // Force asynchronous host resolutions, so that the LoadState will be
|
| + // resolving the host.
|
| + session_deps.host_resolver->set_synchronous_mode(false);
|
| +
|
| StaticSocketDataProvider socket_data;
|
| socket_data.set_connect_data(MockConnect(ASYNC, OK));
|
| session_deps.socket_factory->AddSocketDataProvider(&socket_data);
|
| @@ -1517,9 +1582,12 @@ class HttpStreamFactoryBidirectionalQuicTest
|
| crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_);
|
| crypto_client_stream_factory_.set_handshake_mode(
|
| MockCryptoClientStream::CONFIRM_HANDSHAKE);
|
| + params_.cert_verifier = &cert_verifier_;
|
| params_.quic_crypto_client_stream_factory = &crypto_client_stream_factory_;
|
| params_.quic_supported_versions = test::SupportedVersions(GetParam());
|
| params_.transport_security_state = &transport_security_state_;
|
| + params_.cert_transparency_verifier = &ct_verifier_;
|
| + params_.ct_policy_enforcer = &ct_policy_enforcer_;
|
| params_.host_resolver = &host_resolver_;
|
| params_.proxy_service = proxy_service_.get();
|
| params_.ssl_config_service = ssl_config_service_.get();
|
| @@ -1557,10 +1625,13 @@ class HttpStreamFactoryBidirectionalQuicTest
|
| MockClientSocketFactory socket_factory_;
|
| std::unique_ptr<HttpNetworkSession> session_;
|
| test::MockRandom random_generator_;
|
| + MockCertVerifier cert_verifier_;
|
| ProofVerifyDetailsChromium verify_details_;
|
| MockCryptoClientStreamFactory crypto_client_stream_factory_;
|
| HttpServerPropertiesImpl http_server_properties_;
|
| TransportSecurityState transport_security_state_;
|
| + MultiLogCTVerifier ct_verifier_;
|
| + CTPolicyEnforcer ct_policy_enforcer_;
|
| MockHostResolver host_resolver_;
|
| std::unique_ptr<ProxyService> proxy_service_;
|
| scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
|
|
|
Chromium Code Reviews
Issue 2067843003:
Require a CTVerifier and CTPolicyEnforcer for TLS/QUIC sockets (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master