OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <memory> | 5 #include <memory> |
6 #include <string> | 6 #include <string> |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
115 MockHostResolver mock_resolver_; | 115 MockHostResolver mock_resolver_; |
116 HttpServerPropertiesImpl http_server_properties_; | 116 HttpServerPropertiesImpl http_server_properties_; |
117 MockCertVerifier cert_verifier_; | 117 MockCertVerifier cert_verifier_; |
118 TransportSecurityState transport_security_state_; | 118 TransportSecurityState transport_security_state_; |
119 MultiLogCTVerifier ct_verifier_; | 119 MultiLogCTVerifier ct_verifier_; |
120 CTPolicyEnforcer ct_policy_enforcer_; | 120 CTPolicyEnforcer ct_policy_enforcer_; |
121 HttpNetworkSession::Params session_params_; | 121 HttpNetworkSession::Params session_params_; |
122 std::vector<std::unique_ptr<HttpRequestInfo>> request_info_vector_; | 122 std::vector<std::unique_ptr<HttpRequestInfo>> request_info_vector_; |
123 }; | 123 }; |
124 | 124 |
125 // Tests that HttpNetworkTransaction attempts to fallback from | |
126 // TLS 1.2 to TLS 1.1. | |
127 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) { | |
128 ssl_config_service_ = new TLS12SSLConfigService; | |
129 session_params_.ssl_config_service = ssl_config_service_.get(); | |
130 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail | |
131 // for protocol reasons (e.g., simulating a version rollback attack). | |
132 SSLSocketDataProvider ssl_data1(ASYNC, ERR_SSL_PROTOCOL_ERROR); | |
133 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data1); | |
134 StaticSocketDataProvider data1(NULL, 0, NULL, 0); | |
135 mock_socket_factory_.AddSocketDataProvider(&data1); | |
136 | |
137 // |ssl_data2| contains the handshake result for a TLS 1.1 | |
138 // handshake which will be attempted after the TLS 1.2 | |
139 // handshake fails. | |
140 SSLSocketDataProvider ssl_data2(ASYNC, ERR_SSL_PROTOCOL_ERROR); | |
141 mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data2); | |
142 StaticSocketDataProvider data2(NULL, 0, NULL, 0); | |
143 mock_socket_factory_.AddSocketDataProvider(&data2); | |
144 | |
145 HttpNetworkSession session(session_params_); | |
146 HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session); | |
147 | |
148 TestCompletionCallback callback; | |
149 // This will consume |ssl_data1| and |ssl_data2|. | |
150 int rv = | |
151 callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"), | |
152 callback.callback(), BoundNetLog())); | |
153 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | |
154 | |
155 SocketDataProviderArray<SocketDataProvider>& mock_data = | |
156 mock_socket_factory_.mock_data(); | |
157 // Confirms that |ssl_data1| and |ssl_data2| are consumed. | |
158 EXPECT_EQ(2u, mock_data.next_index()); | |
159 | |
160 SSLConfig& ssl_config = GetServerSSLConfig(&trans); | |
161 // |version_max| falls back to TLS 1.1. | |
162 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_max); | |
163 EXPECT_TRUE(ssl_config.version_fallback); | |
164 } | |
165 | |
166 #if !defined(OS_IOS) | 125 #if !defined(OS_IOS) |
167 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { | 126 TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) { |
168 ssl_config_service_ = new TokenBindingSSLConfigService; | 127 ssl_config_service_ = new TokenBindingSSLConfigService; |
169 session_params_.ssl_config_service = ssl_config_service_.get(); | 128 session_params_.ssl_config_service = ssl_config_service_.get(); |
170 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), | 129 ChannelIDService channel_id_service(new DefaultChannelIDStore(NULL), |
171 base::ThreadTaskRunnerHandle::Get()); | 130 base::ThreadTaskRunnerHandle::Get()); |
172 session_params_.channel_id_service = &channel_id_service; | 131 session_params_.channel_id_service = &channel_id_service; |
173 | 132 |
174 SSLSocketDataProvider ssl_data(ASYNC, OK); | 133 SSLSocketDataProvider ssl_data(ASYNC, OK); |
175 ssl_data.token_binding_negotiated = true; | 134 ssl_data.token_binding_negotiated = true; |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
243 | 202 |
244 HttpRequestHeaders headers; | 203 HttpRequestHeaders headers; |
245 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers)); | 204 ASSERT_TRUE(trans.GetFullRequestHeaders(&headers)); |
246 std::string token_binding_header; | 205 std::string token_binding_header; |
247 EXPECT_FALSE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, | 206 EXPECT_FALSE(headers.GetHeader(HttpRequestHeaders::kTokenBinding, |
248 &token_binding_header)); | 207 &token_binding_header)); |
249 } | 208 } |
250 #endif // !defined(OS_IOS) | 209 #endif // !defined(OS_IOS) |
251 | 210 |
252 } // namespace net | 211 } // namespace net |
OLD | NEW |