Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1203)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 2109503009: Refactor net tests to use GMock matchers for checking net::Error results (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Revert changes to contents.txt files Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_pool_unittest.cc ('k') | net/socket/ssl_server_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <utility> 10 #include <utility>
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
47 #include "net/socket/socket_test_util.h" 47 #include "net/socket/socket_test_util.h"
48 #include "net/socket/tcp_client_socket.h" 48 #include "net/socket/tcp_client_socket.h"
49 #include "net/ssl/channel_id_service.h" 49 #include "net/ssl/channel_id_service.h"
50 #include "net/ssl/default_channel_id_store.h" 50 #include "net/ssl/default_channel_id_store.h"
51 #include "net/ssl/ssl_cert_request_info.h" 51 #include "net/ssl/ssl_cert_request_info.h"
52 #include "net/ssl/ssl_config_service.h" 52 #include "net/ssl/ssl_config_service.h"
53 #include "net/ssl/ssl_connection_status_flags.h" 53 #include "net/ssl/ssl_connection_status_flags.h"
54 #include "net/ssl/ssl_info.h" 54 #include "net/ssl/ssl_info.h"
55 #include "net/ssl/test_ssl_private_key.h" 55 #include "net/ssl/test_ssl_private_key.h"
56 #include "net/test/cert_test_util.h" 56 #include "net/test/cert_test_util.h"
57 #include "net/test/gtest_util.h"
57 #include "net/test/spawned_test_server/spawned_test_server.h" 58 #include "net/test/spawned_test_server/spawned_test_server.h"
58 #include "net/test/test_data_directory.h" 59 #include "net/test/test_data_directory.h"
59 #include "testing/gmock/include/gmock/gmock.h" 60 #include "testing/gmock/include/gmock/gmock.h"
60 #include "testing/gtest/include/gtest/gtest.h" 61 #include "testing/gtest/include/gtest/gtest.h"
61 #include "testing/platform_test.h" 62 #include "testing/platform_test.h"
62 63
64 using net::test::IsError;
65 using net::test::IsOk;
66
63 using testing::_; 67 using testing::_;
64 using testing::Return; 68 using testing::Return;
65 using testing::Truly; 69 using testing::Truly;
66 70
67 namespace net { 71 namespace net {
68 72
69 namespace { 73 namespace {
70 74
71 // WrappedStreamSocket is a base class that wraps an existing StreamSocket, 75 // WrappedStreamSocket is a base class that wraps an existing StreamSocket,
72 // forwarding the Socket and StreamSocket interfaces to the underlying 76 // forwarding the Socket and StreamSocket interfaces to the underlying
(...skipping 780 matching lines...) Expand 10 before | Expand all | Expand 10 after
853 857
854 AddressList addr; 858 AddressList addr;
855 if (!spawned_test_server.GetAddressList(&addr)) 859 if (!spawned_test_server.GetAddressList(&addr))
856 return NULL; 860 return NULL;
857 861
858 TestCompletionCallback callback; 862 TestCompletionCallback callback;
859 TestNetLog log; 863 TestNetLog log;
860 std::unique_ptr<StreamSocket> transport( 864 std::unique_ptr<StreamSocket> transport(
861 new TCPClientSocket(addr, NULL, &log, NetLog::Source())); 865 new TCPClientSocket(addr, NULL, &log, NetLog::Source()));
862 int rv = callback.GetResult(transport->Connect(callback.callback())); 866 int rv = callback.GetResult(transport->Connect(callback.callback()));
863 EXPECT_EQ(OK, rv); 867 EXPECT_THAT(rv, IsOk());
864 868
865 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 869 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
866 std::move(transport), spawned_test_server.host_port_pair(), 870 std::move(transport), spawned_test_server.host_port_pair(),
867 SSLConfig())); 871 SSLConfig()));
868 EXPECT_FALSE(sock->IsConnected()); 872 EXPECT_FALSE(sock->IsConnected());
869 873
870 rv = callback.GetResult(sock->Connect(callback.callback())); 874 rv = callback.GetResult(sock->Connect(callback.callback()));
871 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); 875 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
872 876
873 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo(); 877 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
874 sock->GetSSLCertRequestInfo(request_info.get()); 878 sock->GetSSLCertRequestInfo(request_info.get());
875 sock->Disconnect(); 879 sock->Disconnect();
876 EXPECT_FALSE(sock->IsConnected()); 880 EXPECT_FALSE(sock->IsConnected());
877 EXPECT_TRUE(spawned_test_server.host_port_pair().Equals( 881 EXPECT_TRUE(spawned_test_server.host_port_pair().Equals(
878 request_info->host_and_port)); 882 request_info->host_and_port));
879 883
880 return request_info; 884 return request_info;
881 } 885 }
(...skipping 19 matching lines...) Expand all
901 TestCompletionCallback* callback, 905 TestCompletionCallback* callback,
902 FakeBlockingStreamSocket** out_raw_transport, 906 FakeBlockingStreamSocket** out_raw_transport,
903 std::unique_ptr<SSLClientSocket>* out_sock) { 907 std::unique_ptr<SSLClientSocket>* out_sock) {
904 CHECK(spawned_test_server()); 908 CHECK(spawned_test_server());
905 909
906 std::unique_ptr<StreamSocket> real_transport( 910 std::unique_ptr<StreamSocket> real_transport(
907 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 911 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
908 std::unique_ptr<FakeBlockingStreamSocket> transport( 912 std::unique_ptr<FakeBlockingStreamSocket> transport(
909 new FakeBlockingStreamSocket(std::move(real_transport))); 913 new FakeBlockingStreamSocket(std::move(real_transport)));
910 int rv = callback->GetResult(transport->Connect(callback->callback())); 914 int rv = callback->GetResult(transport->Connect(callback->callback()));
911 EXPECT_EQ(OK, rv); 915 EXPECT_THAT(rv, IsOk());
912 916
913 FakeBlockingStreamSocket* raw_transport = transport.get(); 917 FakeBlockingStreamSocket* raw_transport = transport.get();
914 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket( 918 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
915 std::move(transport), spawned_test_server()->host_port_pair(), 919 std::move(transport), spawned_test_server()->host_port_pair(),
916 client_config); 920 client_config);
917 921
918 // Connect. Stop before the client processes the first server leg 922 // Connect. Stop before the client processes the first server leg
919 // (ServerHello, etc.) 923 // (ServerHello, etc.)
920 raw_transport->BlockReadResult(); 924 raw_transport->BlockReadResult();
921 rv = sock->Connect(callback->callback()); 925 rv = sock->Connect(callback->callback());
922 EXPECT_EQ(ERR_IO_PENDING, rv); 926 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
923 raw_transport->WaitForReadResult(); 927 raw_transport->WaitForReadResult();
924 928
925 // Release the ServerHello and wait for the client to write 929 // Release the ServerHello and wait for the client to write
926 // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the 930 // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the
927 // server's leg to complete, since it may span multiple reads.) 931 // server's leg to complete, since it may span multiple reads.)
928 EXPECT_FALSE(callback->have_result()); 932 EXPECT_FALSE(callback->have_result());
929 raw_transport->BlockWrite(); 933 raw_transport->BlockWrite();
930 raw_transport->UnblockReadResult(); 934 raw_transport->UnblockReadResult();
931 raw_transport->WaitForWrite(); 935 raw_transport->WaitForWrite();
932 936
(...skipping 18 matching lines...) Expand all
951 client_config, &callback, &raw_transport, &sock)); 955 client_config, &callback, &raw_transport, &sock));
952 956
953 if (expect_false_start) { 957 if (expect_false_start) {
954 // When False Starting, the handshake should complete before receiving the 958 // When False Starting, the handshake should complete before receiving the
955 // Change Cipher Spec and Finished messages. 959 // Change Cipher Spec and Finished messages.
956 // 960 //
957 // Note: callback.have_result() may not be true without waiting. The NSS 961 // Note: callback.have_result() may not be true without waiting. The NSS
958 // state machine sometimes lives on a separate thread, so this thread may 962 // state machine sometimes lives on a separate thread, so this thread may
959 // not yet have processed the signal that the handshake has completed. 963 // not yet have processed the signal that the handshake has completed.
960 int rv = callback.WaitForResult(); 964 int rv = callback.WaitForResult();
961 EXPECT_EQ(OK, rv); 965 EXPECT_THAT(rv, IsOk());
962 EXPECT_TRUE(sock->IsConnected()); 966 EXPECT_TRUE(sock->IsConnected());
963 967
964 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 968 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
965 static const int kRequestTextSize = 969 static const int kRequestTextSize =
966 static_cast<int>(arraysize(request_text) - 1); 970 static_cast<int>(arraysize(request_text) - 1);
967 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize)); 971 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize));
968 memcpy(request_buffer->data(), request_text, kRequestTextSize); 972 memcpy(request_buffer->data(), request_text, kRequestTextSize);
969 973
970 // Write the request. 974 // Write the request.
971 rv = callback.GetResult(sock->Write(request_buffer.get(), 975 rv = callback.GetResult(sock->Write(request_buffer.get(),
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
1018 } // namespace 1022 } // namespace
1019 1023
1020 TEST_F(SSLClientSocketTest, Connect) { 1024 TEST_F(SSLClientSocketTest, Connect) {
1021 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1025 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1022 1026
1023 TestCompletionCallback callback; 1027 TestCompletionCallback callback;
1024 TestNetLog log; 1028 TestNetLog log;
1025 std::unique_ptr<StreamSocket> transport( 1029 std::unique_ptr<StreamSocket> transport(
1026 new TCPClientSocket(addr(), NULL, &log, NetLog::Source())); 1030 new TCPClientSocket(addr(), NULL, &log, NetLog::Source()));
1027 int rv = callback.GetResult(transport->Connect(callback.callback())); 1031 int rv = callback.GetResult(transport->Connect(callback.callback()));
1028 EXPECT_EQ(OK, rv); 1032 EXPECT_THAT(rv, IsOk());
1029 1033
1030 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1034 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1031 std::move(transport), spawned_test_server()->host_port_pair(), 1035 std::move(transport), spawned_test_server()->host_port_pair(),
1032 SSLConfig())); 1036 SSLConfig()));
1033 1037
1034 EXPECT_FALSE(sock->IsConnected()); 1038 EXPECT_FALSE(sock->IsConnected());
1035 1039
1036 rv = sock->Connect(callback.callback()); 1040 rv = sock->Connect(callback.callback());
1037 1041
1038 TestNetLogEntry::List entries; 1042 TestNetLogEntry::List entries;
1039 log.GetEntries(&entries); 1043 log.GetEntries(&entries);
1040 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); 1044 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT));
1041 if (rv == ERR_IO_PENDING) 1045 if (rv == ERR_IO_PENDING)
1042 rv = callback.WaitForResult(); 1046 rv = callback.WaitForResult();
1043 EXPECT_EQ(OK, rv); 1047 EXPECT_THAT(rv, IsOk());
1044 EXPECT_TRUE(sock->IsConnected()); 1048 EXPECT_TRUE(sock->IsConnected());
1045 log.GetEntries(&entries); 1049 log.GetEntries(&entries);
1046 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); 1050 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
1047 1051
1048 sock->Disconnect(); 1052 sock->Disconnect();
1049 EXPECT_FALSE(sock->IsConnected()); 1053 EXPECT_FALSE(sock->IsConnected());
1050 } 1054 }
1051 1055
1052 TEST_F(SSLClientSocketTest, ConnectExpired) { 1056 TEST_F(SSLClientSocketTest, ConnectExpired) {
1053 SpawnedTestServer::SSLOptions ssl_options( 1057 SpawnedTestServer::SSLOptions ssl_options(
1054 SpawnedTestServer::SSLOptions::CERT_EXPIRED); 1058 SpawnedTestServer::SSLOptions::CERT_EXPIRED);
1055 ASSERT_TRUE(StartTestServer(ssl_options)); 1059 ASSERT_TRUE(StartTestServer(ssl_options));
1056 1060
1057 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID); 1061 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1058 1062
1059 int rv; 1063 int rv;
1060 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1064 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1061 EXPECT_EQ(ERR_CERT_DATE_INVALID, rv); 1065 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1062 1066
1063 // Rather than testing whether or not the underlying socket is connected, 1067 // Rather than testing whether or not the underlying socket is connected,
1064 // test that the handshake has finished. This is because it may be 1068 // test that the handshake has finished. This is because it may be
1065 // desirable to disconnect the socket before showing a user prompt, since 1069 // desirable to disconnect the socket before showing a user prompt, since
1066 // the user may take indefinitely long to respond. 1070 // the user may take indefinitely long to respond.
1067 TestNetLogEntry::List entries; 1071 TestNetLogEntry::List entries;
1068 log_.GetEntries(&entries); 1072 log_.GetEntries(&entries);
1069 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); 1073 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
1070 } 1074 }
1071 1075
1072 TEST_F(SSLClientSocketTest, ConnectMismatched) { 1076 TEST_F(SSLClientSocketTest, ConnectMismatched) {
1073 SpawnedTestServer::SSLOptions ssl_options( 1077 SpawnedTestServer::SSLOptions ssl_options(
1074 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); 1078 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME);
1075 ASSERT_TRUE(StartTestServer(ssl_options)); 1079 ASSERT_TRUE(StartTestServer(ssl_options));
1076 1080
1077 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); 1081 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
1078 1082
1079 int rv; 1083 int rv;
1080 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1084 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1081 EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, rv); 1085 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
1082 1086
1083 // Rather than testing whether or not the underlying socket is connected, 1087 // Rather than testing whether or not the underlying socket is connected,
1084 // test that the handshake has finished. This is because it may be 1088 // test that the handshake has finished. This is because it may be
1085 // desirable to disconnect the socket before showing a user prompt, since 1089 // desirable to disconnect the socket before showing a user prompt, since
1086 // the user may take indefinitely long to respond. 1090 // the user may take indefinitely long to respond.
1087 TestNetLogEntry::List entries; 1091 TestNetLogEntry::List entries;
1088 log_.GetEntries(&entries); 1092 log_.GetEntries(&entries);
1089 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); 1093 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
1090 } 1094 }
1091 1095
1092 #if defined(OS_WIN) 1096 #if defined(OS_WIN)
1093 // Tests that certificates parsable by SSLClientSocket's internal SSL 1097 // Tests that certificates parsable by SSLClientSocket's internal SSL
1094 // implementation, but not X509Certificate are treated as fatal non-certificate 1098 // implementation, but not X509Certificate are treated as fatal non-certificate
1095 // errors. This is regression test for https://crbug.com/91341. 1099 // errors. This is regression test for https://crbug.com/91341.
1096 TEST_F(SSLClientSocketTest, ConnectBadValidity) { 1100 TEST_F(SSLClientSocketTest, ConnectBadValidity) {
1097 SpawnedTestServer::SSLOptions ssl_options( 1101 SpawnedTestServer::SSLOptions ssl_options(
1098 SpawnedTestServer::SSLOptions::CERT_BAD_VALIDITY); 1102 SpawnedTestServer::SSLOptions::CERT_BAD_VALIDITY);
1099 ASSERT_TRUE(StartTestServer(ssl_options)); 1103 ASSERT_TRUE(StartTestServer(ssl_options));
1100 SSLConfig ssl_config; 1104 SSLConfig ssl_config;
1101 int rv; 1105 int rv;
1102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 1106 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
1103 1107
1104 EXPECT_EQ(ERR_SSL_SERVER_CERT_BAD_FORMAT, rv); 1108 EXPECT_THAT(rv, IsError(ERR_SSL_SERVER_CERT_BAD_FORMAT));
1105 EXPECT_FALSE(IsCertificateError(rv)); 1109 EXPECT_FALSE(IsCertificateError(rv));
1106 1110
1107 SSLInfo ssl_info; 1111 SSLInfo ssl_info;
1108 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 1112 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
1109 EXPECT_FALSE(ssl_info.cert); 1113 EXPECT_FALSE(ssl_info.cert);
1110 } 1114 }
1111 #endif // defined(OS_WIN) 1115 #endif // defined(OS_WIN)
1112 1116
1113 // Attempt to connect to a page which requests a client certificate. It should 1117 // Attempt to connect to a page which requests a client certificate. It should
1114 // return an error code on connect. 1118 // return an error code on connect.
1115 TEST_F(SSLClientSocketTest, ConnectClientAuthCertRequested) { 1119 TEST_F(SSLClientSocketTest, ConnectClientAuthCertRequested) {
1116 SpawnedTestServer::SSLOptions ssl_options; 1120 SpawnedTestServer::SSLOptions ssl_options;
1117 ssl_options.request_client_certificate = true; 1121 ssl_options.request_client_certificate = true;
1118 ASSERT_TRUE(StartTestServer(ssl_options)); 1122 ASSERT_TRUE(StartTestServer(ssl_options));
1119 1123
1120 int rv; 1124 int rv;
1121 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1125 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1122 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); 1126 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
1123 1127
1124 TestNetLogEntry::List entries; 1128 TestNetLogEntry::List entries;
1125 log_.GetEntries(&entries); 1129 log_.GetEntries(&entries);
1126 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); 1130 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
1127 EXPECT_FALSE(sock_->IsConnected()); 1131 EXPECT_FALSE(sock_->IsConnected());
1128 } 1132 }
1129 1133
1130 // Connect to a server requesting optional client authentication. Send it a 1134 // Connect to a server requesting optional client authentication. Send it a
1131 // null certificate. It should allow the connection. 1135 // null certificate. It should allow the connection.
1132 // 1136 //
1133 // TODO(davidben): Also test providing an actual certificate. 1137 // TODO(davidben): Also test providing an actual certificate.
1134 TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { 1138 TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) {
1135 SpawnedTestServer::SSLOptions ssl_options; 1139 SpawnedTestServer::SSLOptions ssl_options;
1136 ssl_options.request_client_certificate = true; 1140 ssl_options.request_client_certificate = true;
1137 ASSERT_TRUE(StartTestServer(ssl_options)); 1141 ASSERT_TRUE(StartTestServer(ssl_options));
1138 1142
1139 // Our test server accepts certificate-less connections. 1143 // Our test server accepts certificate-less connections.
1140 // TODO(davidben): Add a test which requires them and verify the error. 1144 // TODO(davidben): Add a test which requires them and verify the error.
1141 SSLConfig ssl_config; 1145 SSLConfig ssl_config;
1142 ssl_config.send_client_cert = true; 1146 ssl_config.send_client_cert = true;
1143 ssl_config.client_cert = NULL; 1147 ssl_config.client_cert = NULL;
1144 1148
1145 int rv; 1149 int rv;
1146 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 1150 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
1147 EXPECT_EQ(OK, rv); 1151 EXPECT_THAT(rv, IsOk());
1148 1152
1149 // We responded to the server's certificate request with a Certificate 1153 // We responded to the server's certificate request with a Certificate
1150 // message with no client certificate in it. ssl_info.client_cert_sent 1154 // message with no client certificate in it. ssl_info.client_cert_sent
1151 // should be false in this case. 1155 // should be false in this case.
1152 SSLInfo ssl_info; 1156 SSLInfo ssl_info;
1153 sock_->GetSSLInfo(&ssl_info); 1157 sock_->GetSSLInfo(&ssl_info);
1154 EXPECT_FALSE(ssl_info.client_cert_sent); 1158 EXPECT_FALSE(ssl_info.client_cert_sent);
1155 1159
1156 sock_->Disconnect(); 1160 sock_->Disconnect();
1157 EXPECT_FALSE(sock_->IsConnected()); 1161 EXPECT_FALSE(sock_->IsConnected());
1158 } 1162 }
1159 1163
1160 // TODO(wtc): Add unit tests for IsConnectedAndIdle: 1164 // TODO(wtc): Add unit tests for IsConnectedAndIdle:
1161 // - Server closes an SSL connection (with a close_notify alert message). 1165 // - Server closes an SSL connection (with a close_notify alert message).
1162 // - Server closes the underlying TCP connection directly. 1166 // - Server closes the underlying TCP connection directly.
1163 // - Server sends data unexpectedly. 1167 // - Server sends data unexpectedly.
1164 1168
1165 // Tests that the socket can be read from successfully. Also test that a peer's 1169 // Tests that the socket can be read from successfully. Also test that a peer's
1166 // close_notify alert is successfully processed without error. 1170 // close_notify alert is successfully processed without error.
1167 TEST_F(SSLClientSocketTest, Read) { 1171 TEST_F(SSLClientSocketTest, Read) {
1168 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1172 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1169 1173
1170 TestCompletionCallback callback; 1174 TestCompletionCallback callback;
1171 std::unique_ptr<StreamSocket> transport( 1175 std::unique_ptr<StreamSocket> transport(
1172 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1176 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1173 EXPECT_EQ(0, transport->GetTotalReceivedBytes()); 1177 EXPECT_EQ(0, transport->GetTotalReceivedBytes());
1174 1178
1175 int rv = callback.GetResult(transport->Connect(callback.callback())); 1179 int rv = callback.GetResult(transport->Connect(callback.callback()));
1176 EXPECT_EQ(OK, rv); 1180 EXPECT_THAT(rv, IsOk());
1177 1181
1178 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1182 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1179 std::move(transport), spawned_test_server()->host_port_pair(), 1183 std::move(transport), spawned_test_server()->host_port_pair(),
1180 SSLConfig())); 1184 SSLConfig()));
1181 EXPECT_EQ(0, sock->GetTotalReceivedBytes()); 1185 EXPECT_EQ(0, sock->GetTotalReceivedBytes());
1182 1186
1183 rv = callback.GetResult(sock->Connect(callback.callback())); 1187 rv = callback.GetResult(sock->Connect(callback.callback()));
1184 EXPECT_EQ(OK, rv); 1188 EXPECT_THAT(rv, IsOk());
1185 1189
1186 // Number of network bytes received should increase because of SSL socket 1190 // Number of network bytes received should increase because of SSL socket
1187 // establishment. 1191 // establishment.
1188 EXPECT_GT(sock->GetTotalReceivedBytes(), 0); 1192 EXPECT_GT(sock->GetTotalReceivedBytes(), 0);
1189 1193
1190 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1194 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1191 scoped_refptr<IOBuffer> request_buffer( 1195 scoped_refptr<IOBuffer> request_buffer(
1192 new IOBuffer(arraysize(request_text) - 1)); 1196 new IOBuffer(arraysize(request_text) - 1));
1193 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); 1197 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1);
1194 1198
(...skipping 28 matching lines...) Expand all
1223 // should be preserved so SSLv3 fallback logic can condition on it. 1227 // should be preserved so SSLv3 fallback logic can condition on it.
1224 TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) { 1228 TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
1225 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1229 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1226 1230
1227 TestCompletionCallback callback; 1231 TestCompletionCallback callback;
1228 std::unique_ptr<StreamSocket> real_transport( 1232 std::unique_ptr<StreamSocket> real_transport(
1229 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1233 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1230 std::unique_ptr<SynchronousErrorStreamSocket> transport( 1234 std::unique_ptr<SynchronousErrorStreamSocket> transport(
1231 new SynchronousErrorStreamSocket(std::move(real_transport))); 1235 new SynchronousErrorStreamSocket(std::move(real_transport)));
1232 int rv = callback.GetResult(transport->Connect(callback.callback())); 1236 int rv = callback.GetResult(transport->Connect(callback.callback()));
1233 EXPECT_EQ(OK, rv); 1237 EXPECT_THAT(rv, IsOk());
1234 1238
1235 // Disable TLS False Start to avoid handshake non-determinism. 1239 // Disable TLS False Start to avoid handshake non-determinism.
1236 SSLConfig ssl_config; 1240 SSLConfig ssl_config;
1237 ssl_config.false_start_enabled = false; 1241 ssl_config.false_start_enabled = false;
1238 1242
1239 SynchronousErrorStreamSocket* raw_transport = transport.get(); 1243 SynchronousErrorStreamSocket* raw_transport = transport.get();
1240 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1244 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1241 std::move(transport), spawned_test_server()->host_port_pair(), 1245 std::move(transport), spawned_test_server()->host_port_pair(),
1242 ssl_config)); 1246 ssl_config));
1243 1247
1244 raw_transport->SetNextWriteError(ERR_CONNECTION_RESET); 1248 raw_transport->SetNextWriteError(ERR_CONNECTION_RESET);
1245 1249
1246 rv = callback.GetResult(sock->Connect(callback.callback())); 1250 rv = callback.GetResult(sock->Connect(callback.callback()));
1247 EXPECT_EQ(ERR_CONNECTION_RESET, rv); 1251 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1248 EXPECT_FALSE(sock->IsConnected()); 1252 EXPECT_FALSE(sock->IsConnected());
1249 } 1253 }
1250 1254
1251 // Tests that the SSLClientSocket properly handles when the underlying transport 1255 // Tests that the SSLClientSocket properly handles when the underlying transport
1252 // synchronously returns an error code - such as if an intermediary terminates 1256 // synchronously returns an error code - such as if an intermediary terminates
1253 // the socket connection uncleanly. 1257 // the socket connection uncleanly.
1254 // This is a regression test for http://crbug.com/238536 1258 // This is a regression test for http://crbug.com/238536
1255 TEST_F(SSLClientSocketTest, Read_WithSynchronousError) { 1259 TEST_F(SSLClientSocketTest, Read_WithSynchronousError) {
1256 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1260 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1257 1261
1258 TestCompletionCallback callback; 1262 TestCompletionCallback callback;
1259 std::unique_ptr<StreamSocket> real_transport( 1263 std::unique_ptr<StreamSocket> real_transport(
1260 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1264 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1261 std::unique_ptr<SynchronousErrorStreamSocket> transport( 1265 std::unique_ptr<SynchronousErrorStreamSocket> transport(
1262 new SynchronousErrorStreamSocket(std::move(real_transport))); 1266 new SynchronousErrorStreamSocket(std::move(real_transport)));
1263 int rv = callback.GetResult(transport->Connect(callback.callback())); 1267 int rv = callback.GetResult(transport->Connect(callback.callback()));
1264 EXPECT_EQ(OK, rv); 1268 EXPECT_THAT(rv, IsOk());
1265 1269
1266 // Disable TLS False Start to avoid handshake non-determinism. 1270 // Disable TLS False Start to avoid handshake non-determinism.
1267 SSLConfig ssl_config; 1271 SSLConfig ssl_config;
1268 ssl_config.false_start_enabled = false; 1272 ssl_config.false_start_enabled = false;
1269 1273
1270 SynchronousErrorStreamSocket* raw_transport = transport.get(); 1274 SynchronousErrorStreamSocket* raw_transport = transport.get();
1271 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1275 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1272 std::move(transport), spawned_test_server()->host_port_pair(), 1276 std::move(transport), spawned_test_server()->host_port_pair(),
1273 ssl_config)); 1277 ssl_config));
1274 1278
1275 rv = callback.GetResult(sock->Connect(callback.callback())); 1279 rv = callback.GetResult(sock->Connect(callback.callback()));
1276 EXPECT_EQ(OK, rv); 1280 EXPECT_THAT(rv, IsOk());
1277 EXPECT_TRUE(sock->IsConnected()); 1281 EXPECT_TRUE(sock->IsConnected());
1278 1282
1279 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1283 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1280 static const int kRequestTextSize = 1284 static const int kRequestTextSize =
1281 static_cast<int>(arraysize(request_text) - 1); 1285 static_cast<int>(arraysize(request_text) - 1);
1282 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize)); 1286 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize));
1283 memcpy(request_buffer->data(), request_text, kRequestTextSize); 1287 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1284 1288
1285 rv = callback.GetResult( 1289 rv = callback.GetResult(
1286 sock->Write(request_buffer.get(), kRequestTextSize, callback.callback())); 1290 sock->Write(request_buffer.get(), kRequestTextSize, callback.callback()));
1287 EXPECT_EQ(kRequestTextSize, rv); 1291 EXPECT_EQ(kRequestTextSize, rv);
1288 1292
1289 // Simulate an unclean/forcible shutdown. 1293 // Simulate an unclean/forcible shutdown.
1290 raw_transport->SetNextReadError(ERR_CONNECTION_RESET); 1294 raw_transport->SetNextReadError(ERR_CONNECTION_RESET);
1291 1295
1292 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1296 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1293 1297
1294 // Note: This test will hang if this bug has regressed. Simply checking that 1298 // Note: This test will hang if this bug has regressed. Simply checking that
1295 // rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING is a legitimate 1299 // rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING is a legitimate
1296 // result when using a dedicated task runner for NSS. 1300 // result when using a dedicated task runner for NSS.
1297 rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); 1301 rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback()));
1298 EXPECT_EQ(ERR_CONNECTION_RESET, rv); 1302 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1299 } 1303 }
1300 1304
1301 // Tests that the SSLClientSocket properly handles when the underlying transport 1305 // Tests that the SSLClientSocket properly handles when the underlying transport
1302 // asynchronously returns an error code while writing data - such as if an 1306 // asynchronously returns an error code while writing data - such as if an
1303 // intermediary terminates the socket connection uncleanly. 1307 // intermediary terminates the socket connection uncleanly.
1304 // This is a regression test for http://crbug.com/249848 1308 // This is a regression test for http://crbug.com/249848
1305 TEST_F(SSLClientSocketTest, Write_WithSynchronousError) { 1309 TEST_F(SSLClientSocketTest, Write_WithSynchronousError) {
1306 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1310 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1307 1311
1308 TestCompletionCallback callback; 1312 TestCompletionCallback callback;
1309 std::unique_ptr<StreamSocket> real_transport( 1313 std::unique_ptr<StreamSocket> real_transport(
1310 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1314 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1311 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer 1315 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1312 // is retained in order to configure additional errors. 1316 // is retained in order to configure additional errors.
1313 std::unique_ptr<SynchronousErrorStreamSocket> error_socket( 1317 std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
1314 new SynchronousErrorStreamSocket(std::move(real_transport))); 1318 new SynchronousErrorStreamSocket(std::move(real_transport)));
1315 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get(); 1319 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1316 std::unique_ptr<FakeBlockingStreamSocket> transport( 1320 std::unique_ptr<FakeBlockingStreamSocket> transport(
1317 new FakeBlockingStreamSocket(std::move(error_socket))); 1321 new FakeBlockingStreamSocket(std::move(error_socket)));
1318 FakeBlockingStreamSocket* raw_transport = transport.get(); 1322 FakeBlockingStreamSocket* raw_transport = transport.get();
1319 int rv = callback.GetResult(transport->Connect(callback.callback())); 1323 int rv = callback.GetResult(transport->Connect(callback.callback()));
1320 EXPECT_EQ(OK, rv); 1324 EXPECT_THAT(rv, IsOk());
1321 1325
1322 // Disable TLS False Start to avoid handshake non-determinism. 1326 // Disable TLS False Start to avoid handshake non-determinism.
1323 SSLConfig ssl_config; 1327 SSLConfig ssl_config;
1324 ssl_config.false_start_enabled = false; 1328 ssl_config.false_start_enabled = false;
1325 1329
1326 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1330 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1327 std::move(transport), spawned_test_server()->host_port_pair(), 1331 std::move(transport), spawned_test_server()->host_port_pair(),
1328 ssl_config)); 1332 ssl_config));
1329 1333
1330 rv = callback.GetResult(sock->Connect(callback.callback())); 1334 rv = callback.GetResult(sock->Connect(callback.callback()));
1331 EXPECT_EQ(OK, rv); 1335 EXPECT_THAT(rv, IsOk());
1332 EXPECT_TRUE(sock->IsConnected()); 1336 EXPECT_TRUE(sock->IsConnected());
1333 1337
1334 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1338 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1335 static const int kRequestTextSize = 1339 static const int kRequestTextSize =
1336 static_cast<int>(arraysize(request_text) - 1); 1340 static_cast<int>(arraysize(request_text) - 1);
1337 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize)); 1341 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize));
1338 memcpy(request_buffer->data(), request_text, kRequestTextSize); 1342 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1339 1343
1340 // Simulate an unclean/forcible shutdown on the underlying socket. 1344 // Simulate an unclean/forcible shutdown on the underlying socket.
1341 // However, simulate this error asynchronously. 1345 // However, simulate this error asynchronously.
1342 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET); 1346 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1343 raw_transport->BlockWrite(); 1347 raw_transport->BlockWrite();
1344 1348
1345 // This write should complete synchronously, because the TLS ciphertext 1349 // This write should complete synchronously, because the TLS ciphertext
1346 // can be created and placed into the outgoing buffers independent of the 1350 // can be created and placed into the outgoing buffers independent of the
1347 // underlying transport. 1351 // underlying transport.
1348 rv = callback.GetResult( 1352 rv = callback.GetResult(
1349 sock->Write(request_buffer.get(), kRequestTextSize, callback.callback())); 1353 sock->Write(request_buffer.get(), kRequestTextSize, callback.callback()));
1350 EXPECT_EQ(kRequestTextSize, rv); 1354 EXPECT_EQ(kRequestTextSize, rv);
1351 1355
1352 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1356 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1353 1357
1354 rv = sock->Read(buf.get(), 4096, callback.callback()); 1358 rv = sock->Read(buf.get(), 4096, callback.callback());
1355 EXPECT_EQ(ERR_IO_PENDING, rv); 1359 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1356 1360
1357 // Now unblock the outgoing request, having it fail with the connection 1361 // Now unblock the outgoing request, having it fail with the connection
1358 // being reset. 1362 // being reset.
1359 raw_transport->UnblockWrite(); 1363 raw_transport->UnblockWrite();
1360 1364
1361 // Note: This will cause an inifite loop if this bug has regressed. Simply 1365 // Note: This will cause an inifite loop if this bug has regressed. Simply
1362 // checking that rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING 1366 // checking that rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING
1363 // is a legitimate result when using a dedicated task runner for NSS. 1367 // is a legitimate result when using a dedicated task runner for NSS.
1364 rv = callback.GetResult(rv); 1368 rv = callback.GetResult(rv);
1365 EXPECT_EQ(ERR_CONNECTION_RESET, rv); 1369 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1366 } 1370 }
1367 1371
1368 // If there is a Write failure at the transport with no follow-up Read, although 1372 // If there is a Write failure at the transport with no follow-up Read, although
1369 // the write error will not be returned to the client until a future Read or 1373 // the write error will not be returned to the client until a future Read or
1370 // Write operation, SSLClientSocket should not spin attempting to re-write on 1374 // Write operation, SSLClientSocket should not spin attempting to re-write on
1371 // the socket. This is a regression test for part of https://crbug.com/381160. 1375 // the socket. This is a regression test for part of https://crbug.com/381160.
1372 TEST_F(SSLClientSocketTest, Write_WithSynchronousErrorNoRead) { 1376 TEST_F(SSLClientSocketTest, Write_WithSynchronousErrorNoRead) {
1373 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1377 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1374 1378
1375 TestCompletionCallback callback; 1379 TestCompletionCallback callback;
1376 std::unique_ptr<StreamSocket> real_transport( 1380 std::unique_ptr<StreamSocket> real_transport(
1377 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1381 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1378 // Note: intermediate sockets' ownership are handed to |sock|, but a pointer 1382 // Note: intermediate sockets' ownership are handed to |sock|, but a pointer
1379 // is retained in order to query them. 1383 // is retained in order to query them.
1380 std::unique_ptr<SynchronousErrorStreamSocket> error_socket( 1384 std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
1381 new SynchronousErrorStreamSocket(std::move(real_transport))); 1385 new SynchronousErrorStreamSocket(std::move(real_transport)));
1382 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get(); 1386 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1383 std::unique_ptr<CountingStreamSocket> counting_socket( 1387 std::unique_ptr<CountingStreamSocket> counting_socket(
1384 new CountingStreamSocket(std::move(error_socket))); 1388 new CountingStreamSocket(std::move(error_socket)));
1385 CountingStreamSocket* raw_counting_socket = counting_socket.get(); 1389 CountingStreamSocket* raw_counting_socket = counting_socket.get();
1386 int rv = callback.GetResult(counting_socket->Connect(callback.callback())); 1390 int rv = callback.GetResult(counting_socket->Connect(callback.callback()));
1387 ASSERT_EQ(OK, rv); 1391 ASSERT_THAT(rv, IsOk());
1388 1392
1389 // Disable TLS False Start to avoid handshake non-determinism. 1393 // Disable TLS False Start to avoid handshake non-determinism.
1390 SSLConfig ssl_config; 1394 SSLConfig ssl_config;
1391 ssl_config.false_start_enabled = false; 1395 ssl_config.false_start_enabled = false;
1392 1396
1393 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1397 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1394 std::move(counting_socket), spawned_test_server()->host_port_pair(), 1398 std::move(counting_socket), spawned_test_server()->host_port_pair(),
1395 ssl_config)); 1399 ssl_config));
1396 1400
1397 rv = callback.GetResult(sock->Connect(callback.callback())); 1401 rv = callback.GetResult(sock->Connect(callback.callback()));
1398 ASSERT_EQ(OK, rv); 1402 ASSERT_THAT(rv, IsOk());
1399 ASSERT_TRUE(sock->IsConnected()); 1403 ASSERT_TRUE(sock->IsConnected());
1400 1404
1401 // Simulate an unclean/forcible shutdown on the underlying socket. 1405 // Simulate an unclean/forcible shutdown on the underlying socket.
1402 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET); 1406 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1403 1407
1404 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1408 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1405 static const int kRequestTextSize = 1409 static const int kRequestTextSize =
1406 static_cast<int>(arraysize(request_text) - 1); 1410 static_cast<int>(arraysize(request_text) - 1);
1407 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize)); 1411 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize));
1408 memcpy(request_buffer->data(), request_text, kRequestTextSize); 1412 memcpy(request_buffer->data(), request_text, kRequestTextSize);
(...skipping 18 matching lines...) Expand all
1427 EXPECT_EQ(old_write_count, raw_counting_socket->write_count()); 1431 EXPECT_EQ(old_write_count, raw_counting_socket->write_count());
1428 } 1432 }
1429 1433
1430 // Test the full duplex mode, with Read and Write pending at the same time. 1434 // Test the full duplex mode, with Read and Write pending at the same time.
1431 // This test also serves as a regression test for http://crbug.com/29815. 1435 // This test also serves as a regression test for http://crbug.com/29815.
1432 TEST_F(SSLClientSocketTest, Read_FullDuplex) { 1436 TEST_F(SSLClientSocketTest, Read_FullDuplex) {
1433 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1437 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1434 1438
1435 int rv; 1439 int rv;
1436 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1440 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1437 EXPECT_EQ(OK, rv); 1441 EXPECT_THAT(rv, IsOk());
1438 1442
1439 // Issue a "hanging" Read first. 1443 // Issue a "hanging" Read first.
1440 TestCompletionCallback callback; 1444 TestCompletionCallback callback;
1441 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1445 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1442 rv = sock_->Read(buf.get(), 4096, callback.callback()); 1446 rv = sock_->Read(buf.get(), 4096, callback.callback());
1443 // We haven't written the request, so there should be no response yet. 1447 // We haven't written the request, so there should be no response yet.
1444 ASSERT_EQ(ERR_IO_PENDING, rv); 1448 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1445 1449
1446 // Write the request. 1450 // Write the request.
1447 // The request is padded with a User-Agent header to a size that causes the 1451 // The request is padded with a User-Agent header to a size that causes the
1448 // memio circular buffer (4k bytes) in SSLClientSocketNSS to wrap around. 1452 // memio circular buffer (4k bytes) in SSLClientSocketNSS to wrap around.
1449 // This tests the fix for http://crbug.com/29815. 1453 // This tests the fix for http://crbug.com/29815.
1450 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name "; 1454 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1451 for (int i = 0; i < 3770; ++i) 1455 for (int i = 0; i < 3770; ++i)
1452 request_text.push_back('*'); 1456 request_text.push_back('*');
1453 request_text.append("\r\n\r\n"); 1457 request_text.append("\r\n\r\n");
1454 scoped_refptr<IOBuffer> request_buffer(new StringIOBuffer(request_text)); 1458 scoped_refptr<IOBuffer> request_buffer(new StringIOBuffer(request_text));
(...skipping 23 matching lines...) Expand all
1478 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer 1482 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1479 // is retained in order to configure additional errors. 1483 // is retained in order to configure additional errors.
1480 std::unique_ptr<SynchronousErrorStreamSocket> error_socket( 1484 std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
1481 new SynchronousErrorStreamSocket(std::move(real_transport))); 1485 new SynchronousErrorStreamSocket(std::move(real_transport)));
1482 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get(); 1486 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1483 std::unique_ptr<FakeBlockingStreamSocket> transport( 1487 std::unique_ptr<FakeBlockingStreamSocket> transport(
1484 new FakeBlockingStreamSocket(std::move(error_socket))); 1488 new FakeBlockingStreamSocket(std::move(error_socket)));
1485 FakeBlockingStreamSocket* raw_transport = transport.get(); 1489 FakeBlockingStreamSocket* raw_transport = transport.get();
1486 1490
1487 int rv = callback.GetResult(transport->Connect(callback.callback())); 1491 int rv = callback.GetResult(transport->Connect(callback.callback()));
1488 EXPECT_EQ(OK, rv); 1492 EXPECT_THAT(rv, IsOk());
1489 1493
1490 // Disable TLS False Start to avoid handshake non-determinism. 1494 // Disable TLS False Start to avoid handshake non-determinism.
1491 SSLConfig ssl_config; 1495 SSLConfig ssl_config;
1492 ssl_config.false_start_enabled = false; 1496 ssl_config.false_start_enabled = false;
1493 1497
1494 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket( 1498 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1495 std::move(transport), spawned_test_server()->host_port_pair(), 1499 std::move(transport), spawned_test_server()->host_port_pair(),
1496 ssl_config); 1500 ssl_config);
1497 1501
1498 rv = callback.GetResult(sock->Connect(callback.callback())); 1502 rv = callback.GetResult(sock->Connect(callback.callback()));
1499 EXPECT_EQ(OK, rv); 1503 EXPECT_THAT(rv, IsOk());
1500 EXPECT_TRUE(sock->IsConnected()); 1504 EXPECT_TRUE(sock->IsConnected());
1501 1505
1502 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name "; 1506 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1503 request_text.append(20 * 1024, '*'); 1507 request_text.append(20 * 1024, '*');
1504 request_text.append("\r\n\r\n"); 1508 request_text.append("\r\n\r\n");
1505 scoped_refptr<DrainableIOBuffer> request_buffer(new DrainableIOBuffer( 1509 scoped_refptr<DrainableIOBuffer> request_buffer(new DrainableIOBuffer(
1506 new StringIOBuffer(request_text), request_text.size())); 1510 new StringIOBuffer(request_text), request_text.size()));
1507 1511
1508 // Simulate errors being returned from the underlying Read() and Write() ... 1512 // Simulate errors being returned from the underlying Read() and Write() ...
1509 raw_error_socket->SetNextReadError(ERR_CONNECTION_RESET); 1513 raw_error_socket->SetNextReadError(ERR_CONNECTION_RESET);
1510 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET); 1514 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1511 // ... but have those errors returned asynchronously. Because the Write() will 1515 // ... but have those errors returned asynchronously. Because the Write() will
1512 // return first, this will trigger the error. 1516 // return first, this will trigger the error.
1513 raw_transport->BlockReadResult(); 1517 raw_transport->BlockReadResult();
1514 raw_transport->BlockWrite(); 1518 raw_transport->BlockWrite();
1515 1519
1516 // Enqueue a Read() before calling Write(), which should "hang" due to 1520 // Enqueue a Read() before calling Write(), which should "hang" due to
1517 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return. 1521 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return.
1518 SSLClientSocket* raw_sock = sock.get(); 1522 SSLClientSocket* raw_sock = sock.get();
1519 DeleteSocketCallback read_callback(sock.release()); 1523 DeleteSocketCallback read_callback(sock.release());
1520 scoped_refptr<IOBuffer> read_buf(new IOBuffer(4096)); 1524 scoped_refptr<IOBuffer> read_buf(new IOBuffer(4096));
1521 rv = raw_sock->Read(read_buf.get(), 4096, read_callback.callback()); 1525 rv = raw_sock->Read(read_buf.get(), 4096, read_callback.callback());
1522 1526
1523 // Ensure things didn't complete synchronously, otherwise |sock| is invalid. 1527 // Ensure things didn't complete synchronously, otherwise |sock| is invalid.
1524 ASSERT_EQ(ERR_IO_PENDING, rv); 1528 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1525 ASSERT_FALSE(read_callback.have_result()); 1529 ASSERT_FALSE(read_callback.have_result());
1526 1530
1527 // Attempt to write the remaining data. OpenSSL will return that its blocked 1531 // Attempt to write the remaining data. OpenSSL will return that its blocked
1528 // because the underlying transport is blocked. 1532 // because the underlying transport is blocked.
1529 rv = raw_sock->Write(request_buffer.get(), 1533 rv = raw_sock->Write(request_buffer.get(),
1530 request_buffer->BytesRemaining(), 1534 request_buffer->BytesRemaining(),
1531 callback.callback()); 1535 callback.callback());
1532 ASSERT_EQ(ERR_IO_PENDING, rv); 1536 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1533 ASSERT_FALSE(callback.have_result()); 1537 ASSERT_FALSE(callback.have_result());
1534 1538
1535 // Now unblock Write(), which will invoke OnSendComplete and (eventually) 1539 // Now unblock Write(), which will invoke OnSendComplete and (eventually)
1536 // call the Read() callback, deleting the socket and thus aborting calling 1540 // call the Read() callback, deleting the socket and thus aborting calling
1537 // the Write() callback. 1541 // the Write() callback.
1538 raw_transport->UnblockWrite(); 1542 raw_transport->UnblockWrite();
1539 1543
1540 rv = read_callback.WaitForResult(); 1544 rv = read_callback.WaitForResult();
1541 EXPECT_EQ(ERR_CONNECTION_RESET, rv); 1545 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1542 1546
1543 // The Write callback should not have been called. 1547 // The Write callback should not have been called.
1544 EXPECT_FALSE(callback.have_result()); 1548 EXPECT_FALSE(callback.have_result());
1545 } 1549 }
1546 1550
1547 // Tests that the SSLClientSocket does not crash if data is received on the 1551 // Tests that the SSLClientSocket does not crash if data is received on the
1548 // transport socket after a failing write. This can occur if we have a Write 1552 // transport socket after a failing write. This can occur if we have a Write
1549 // error in a SPDY socket. 1553 // error in a SPDY socket.
1550 // Regression test for http://crbug.com/335557 1554 // Regression test for http://crbug.com/335557
1551 TEST_F(SSLClientSocketTest, Read_WithWriteError) { 1555 TEST_F(SSLClientSocketTest, Read_WithWriteError) {
1552 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1556 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1553 1557
1554 TestCompletionCallback callback; 1558 TestCompletionCallback callback;
1555 std::unique_ptr<StreamSocket> real_transport( 1559 std::unique_ptr<StreamSocket> real_transport(
1556 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1560 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1557 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer 1561 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1558 // is retained in order to configure additional errors. 1562 // is retained in order to configure additional errors.
1559 std::unique_ptr<SynchronousErrorStreamSocket> error_socket( 1563 std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
1560 new SynchronousErrorStreamSocket(std::move(real_transport))); 1564 new SynchronousErrorStreamSocket(std::move(real_transport)));
1561 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get(); 1565 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1562 std::unique_ptr<FakeBlockingStreamSocket> transport( 1566 std::unique_ptr<FakeBlockingStreamSocket> transport(
1563 new FakeBlockingStreamSocket(std::move(error_socket))); 1567 new FakeBlockingStreamSocket(std::move(error_socket)));
1564 FakeBlockingStreamSocket* raw_transport = transport.get(); 1568 FakeBlockingStreamSocket* raw_transport = transport.get();
1565 1569
1566 int rv = callback.GetResult(transport->Connect(callback.callback())); 1570 int rv = callback.GetResult(transport->Connect(callback.callback()));
1567 EXPECT_EQ(OK, rv); 1571 EXPECT_THAT(rv, IsOk());
1568 1572
1569 // Disable TLS False Start to avoid handshake non-determinism. 1573 // Disable TLS False Start to avoid handshake non-determinism.
1570 SSLConfig ssl_config; 1574 SSLConfig ssl_config;
1571 ssl_config.false_start_enabled = false; 1575 ssl_config.false_start_enabled = false;
1572 1576
1573 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1577 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1574 std::move(transport), spawned_test_server()->host_port_pair(), 1578 std::move(transport), spawned_test_server()->host_port_pair(),
1575 ssl_config)); 1579 ssl_config));
1576 1580
1577 rv = callback.GetResult(sock->Connect(callback.callback())); 1581 rv = callback.GetResult(sock->Connect(callback.callback()));
1578 EXPECT_EQ(OK, rv); 1582 EXPECT_THAT(rv, IsOk());
1579 EXPECT_TRUE(sock->IsConnected()); 1583 EXPECT_TRUE(sock->IsConnected());
1580 1584
1581 // Send a request so there is something to read from the socket. 1585 // Send a request so there is something to read from the socket.
1582 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1586 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1583 static const int kRequestTextSize = 1587 static const int kRequestTextSize =
1584 static_cast<int>(arraysize(request_text) - 1); 1588 static_cast<int>(arraysize(request_text) - 1);
1585 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize)); 1589 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestTextSize));
1586 memcpy(request_buffer->data(), request_text, kRequestTextSize); 1590 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1587 1591
1588 rv = callback.GetResult( 1592 rv = callback.GetResult(
1589 sock->Write(request_buffer.get(), kRequestTextSize, callback.callback())); 1593 sock->Write(request_buffer.get(), kRequestTextSize, callback.callback()));
1590 EXPECT_EQ(kRequestTextSize, rv); 1594 EXPECT_EQ(kRequestTextSize, rv);
1591 1595
1592 // Start a hanging read. 1596 // Start a hanging read.
1593 TestCompletionCallback read_callback; 1597 TestCompletionCallback read_callback;
1594 raw_transport->BlockReadResult(); 1598 raw_transport->BlockReadResult();
1595 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1599 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1596 rv = sock->Read(buf.get(), 4096, read_callback.callback()); 1600 rv = sock->Read(buf.get(), 4096, read_callback.callback());
1597 EXPECT_EQ(ERR_IO_PENDING, rv); 1601 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1598 1602
1599 // Perform another write, but have it fail. Write a request larger than the 1603 // Perform another write, but have it fail. Write a request larger than the
1600 // internal socket buffers so that the request hits the underlying transport 1604 // internal socket buffers so that the request hits the underlying transport
1601 // socket and detects the error. 1605 // socket and detects the error.
1602 std::string long_request_text = 1606 std::string long_request_text =
1603 "GET / HTTP/1.1\r\nUser-Agent: long browser name "; 1607 "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1604 long_request_text.append(20 * 1024, '*'); 1608 long_request_text.append(20 * 1024, '*');
1605 long_request_text.append("\r\n\r\n"); 1609 long_request_text.append("\r\n\r\n");
1606 scoped_refptr<DrainableIOBuffer> long_request_buffer(new DrainableIOBuffer( 1610 scoped_refptr<DrainableIOBuffer> long_request_buffer(new DrainableIOBuffer(
1607 new StringIOBuffer(long_request_text), long_request_text.size())); 1611 new StringIOBuffer(long_request_text), long_request_text.size()));
(...skipping 11 matching lines...) Expand all
1619 rv = callback.GetResult(sock->Write(long_request_buffer.get(), 1623 rv = callback.GetResult(sock->Write(long_request_buffer.get(),
1620 long_request_buffer->BytesRemaining(), 1624 long_request_buffer->BytesRemaining(),
1621 callback.callback())); 1625 callback.callback()));
1622 if (rv > 0) { 1626 if (rv > 0) {
1623 long_request_buffer->DidConsume(rv); 1627 long_request_buffer->DidConsume(rv);
1624 // Abort if the entire buffer is ever consumed. 1628 // Abort if the entire buffer is ever consumed.
1625 ASSERT_LT(0, long_request_buffer->BytesRemaining()); 1629 ASSERT_LT(0, long_request_buffer->BytesRemaining());
1626 } 1630 }
1627 } while (rv > 0); 1631 } while (rv > 0);
1628 1632
1629 EXPECT_EQ(ERR_CONNECTION_RESET, rv); 1633 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1630 1634
1631 // Release the read. 1635 // Release the read.
1632 raw_transport->UnblockReadResult(); 1636 raw_transport->UnblockReadResult();
1633 rv = read_callback.WaitForResult(); 1637 rv = read_callback.WaitForResult();
1634 1638
1635 // Should still read bytes despite the write error. 1639 // Should still read bytes despite the write error.
1636 EXPECT_LT(0, rv); 1640 EXPECT_LT(0, rv);
1637 } 1641 }
1638 1642
1639 // Tests that SSLClientSocket fails the handshake if the underlying 1643 // Tests that SSLClientSocket fails the handshake if the underlying
1640 // transport is cleanly closed. 1644 // transport is cleanly closed.
1641 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) { 1645 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) {
1642 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1646 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1643 1647
1644 TestCompletionCallback callback; 1648 TestCompletionCallback callback;
1645 std::unique_ptr<StreamSocket> real_transport( 1649 std::unique_ptr<StreamSocket> real_transport(
1646 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1650 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1647 std::unique_ptr<SynchronousErrorStreamSocket> transport( 1651 std::unique_ptr<SynchronousErrorStreamSocket> transport(
1648 new SynchronousErrorStreamSocket(std::move(real_transport))); 1652 new SynchronousErrorStreamSocket(std::move(real_transport)));
1649 int rv = callback.GetResult(transport->Connect(callback.callback())); 1653 int rv = callback.GetResult(transport->Connect(callback.callback()));
1650 EXPECT_EQ(OK, rv); 1654 EXPECT_THAT(rv, IsOk());
1651 1655
1652 SynchronousErrorStreamSocket* raw_transport = transport.get(); 1656 SynchronousErrorStreamSocket* raw_transport = transport.get();
1653 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1657 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1654 std::move(transport), spawned_test_server()->host_port_pair(), 1658 std::move(transport), spawned_test_server()->host_port_pair(),
1655 SSLConfig())); 1659 SSLConfig()));
1656 1660
1657 raw_transport->SetNextReadError(0); 1661 raw_transport->SetNextReadError(0);
1658 1662
1659 rv = callback.GetResult(sock->Connect(callback.callback())); 1663 rv = callback.GetResult(sock->Connect(callback.callback()));
1660 EXPECT_EQ(ERR_CONNECTION_CLOSED, rv); 1664 EXPECT_THAT(rv, IsError(ERR_CONNECTION_CLOSED));
1661 EXPECT_FALSE(sock->IsConnected()); 1665 EXPECT_FALSE(sock->IsConnected());
1662 } 1666 }
1663 1667
1664 // Tests that SSLClientSocket returns a Read of size 0 if the underlying socket 1668 // Tests that SSLClientSocket returns a Read of size 0 if the underlying socket
1665 // is cleanly closed, but the peer does not send close_notify. 1669 // is cleanly closed, but the peer does not send close_notify.
1666 // This is a regression test for https://crbug.com/422246 1670 // This is a regression test for https://crbug.com/422246
1667 TEST_F(SSLClientSocketTest, Read_WithZeroReturn) { 1671 TEST_F(SSLClientSocketTest, Read_WithZeroReturn) {
1668 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1672 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1669 1673
1670 TestCompletionCallback callback; 1674 TestCompletionCallback callback;
1671 std::unique_ptr<StreamSocket> real_transport( 1675 std::unique_ptr<StreamSocket> real_transport(
1672 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1676 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1673 std::unique_ptr<SynchronousErrorStreamSocket> transport( 1677 std::unique_ptr<SynchronousErrorStreamSocket> transport(
1674 new SynchronousErrorStreamSocket(std::move(real_transport))); 1678 new SynchronousErrorStreamSocket(std::move(real_transport)));
1675 int rv = callback.GetResult(transport->Connect(callback.callback())); 1679 int rv = callback.GetResult(transport->Connect(callback.callback()));
1676 EXPECT_EQ(OK, rv); 1680 EXPECT_THAT(rv, IsOk());
1677 1681
1678 // Disable TLS False Start to ensure the handshake has completed. 1682 // Disable TLS False Start to ensure the handshake has completed.
1679 SSLConfig ssl_config; 1683 SSLConfig ssl_config;
1680 ssl_config.false_start_enabled = false; 1684 ssl_config.false_start_enabled = false;
1681 1685
1682 SynchronousErrorStreamSocket* raw_transport = transport.get(); 1686 SynchronousErrorStreamSocket* raw_transport = transport.get();
1683 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1687 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1684 std::move(transport), spawned_test_server()->host_port_pair(), 1688 std::move(transport), spawned_test_server()->host_port_pair(),
1685 ssl_config)); 1689 ssl_config));
1686 1690
1687 rv = callback.GetResult(sock->Connect(callback.callback())); 1691 rv = callback.GetResult(sock->Connect(callback.callback()));
1688 EXPECT_EQ(OK, rv); 1692 EXPECT_THAT(rv, IsOk());
1689 EXPECT_TRUE(sock->IsConnected()); 1693 EXPECT_TRUE(sock->IsConnected());
1690 1694
1691 raw_transport->SetNextReadError(0); 1695 raw_transport->SetNextReadError(0);
1692 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1696 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1693 rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); 1697 rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback()));
1694 EXPECT_EQ(0, rv); 1698 EXPECT_EQ(0, rv);
1695 } 1699 }
1696 1700
1697 // Tests that SSLClientSocket cleanly returns a Read of size 0 if the 1701 // Tests that SSLClientSocket cleanly returns a Read of size 0 if the
1698 // underlying socket is cleanly closed asynchronously. 1702 // underlying socket is cleanly closed asynchronously.
1699 // This is a regression test for https://crbug.com/422246 1703 // This is a regression test for https://crbug.com/422246
1700 TEST_F(SSLClientSocketTest, Read_WithAsyncZeroReturn) { 1704 TEST_F(SSLClientSocketTest, Read_WithAsyncZeroReturn) {
1701 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1705 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1702 1706
1703 TestCompletionCallback callback; 1707 TestCompletionCallback callback;
1704 std::unique_ptr<StreamSocket> real_transport( 1708 std::unique_ptr<StreamSocket> real_transport(
1705 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1709 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1706 std::unique_ptr<SynchronousErrorStreamSocket> error_socket( 1710 std::unique_ptr<SynchronousErrorStreamSocket> error_socket(
1707 new SynchronousErrorStreamSocket(std::move(real_transport))); 1711 new SynchronousErrorStreamSocket(std::move(real_transport)));
1708 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get(); 1712 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1709 std::unique_ptr<FakeBlockingStreamSocket> transport( 1713 std::unique_ptr<FakeBlockingStreamSocket> transport(
1710 new FakeBlockingStreamSocket(std::move(error_socket))); 1714 new FakeBlockingStreamSocket(std::move(error_socket)));
1711 FakeBlockingStreamSocket* raw_transport = transport.get(); 1715 FakeBlockingStreamSocket* raw_transport = transport.get();
1712 int rv = callback.GetResult(transport->Connect(callback.callback())); 1716 int rv = callback.GetResult(transport->Connect(callback.callback()));
1713 EXPECT_EQ(OK, rv); 1717 EXPECT_THAT(rv, IsOk());
1714 1718
1715 // Disable TLS False Start to ensure the handshake has completed. 1719 // Disable TLS False Start to ensure the handshake has completed.
1716 SSLConfig ssl_config; 1720 SSLConfig ssl_config;
1717 ssl_config.false_start_enabled = false; 1721 ssl_config.false_start_enabled = false;
1718 1722
1719 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1723 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1720 std::move(transport), spawned_test_server()->host_port_pair(), 1724 std::move(transport), spawned_test_server()->host_port_pair(),
1721 ssl_config)); 1725 ssl_config));
1722 1726
1723 rv = callback.GetResult(sock->Connect(callback.callback())); 1727 rv = callback.GetResult(sock->Connect(callback.callback()));
1724 EXPECT_EQ(OK, rv); 1728 EXPECT_THAT(rv, IsOk());
1725 EXPECT_TRUE(sock->IsConnected()); 1729 EXPECT_TRUE(sock->IsConnected());
1726 1730
1727 raw_error_socket->SetNextReadError(0); 1731 raw_error_socket->SetNextReadError(0);
1728 raw_transport->BlockReadResult(); 1732 raw_transport->BlockReadResult();
1729 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1733 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1730 rv = sock->Read(buf.get(), 4096, callback.callback()); 1734 rv = sock->Read(buf.get(), 4096, callback.callback());
1731 EXPECT_EQ(ERR_IO_PENDING, rv); 1735 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1732 1736
1733 raw_transport->UnblockReadResult(); 1737 raw_transport->UnblockReadResult();
1734 rv = callback.GetResult(rv); 1738 rv = callback.GetResult(rv);
1735 EXPECT_EQ(0, rv); 1739 EXPECT_EQ(0, rv);
1736 } 1740 }
1737 1741
1738 // Tests that fatal alerts from the peer are processed. This is a regression 1742 // Tests that fatal alerts from the peer are processed. This is a regression
1739 // test for https://crbug.com/466303. 1743 // test for https://crbug.com/466303.
1740 TEST_F(SSLClientSocketTest, Read_WithFatalAlert) { 1744 TEST_F(SSLClientSocketTest, Read_WithFatalAlert) {
1741 SpawnedTestServer::SSLOptions ssl_options; 1745 SpawnedTestServer::SSLOptions ssl_options;
1742 ssl_options.alert_after_handshake = true; 1746 ssl_options.alert_after_handshake = true;
1743 ASSERT_TRUE(StartTestServer(ssl_options)); 1747 ASSERT_TRUE(StartTestServer(ssl_options));
1744 1748
1745 int rv; 1749 int rv;
1746 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1750 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1747 EXPECT_EQ(OK, rv); 1751 EXPECT_THAT(rv, IsOk());
1748 1752
1749 // Receive the fatal alert. 1753 // Receive the fatal alert.
1750 TestCompletionCallback callback; 1754 TestCompletionCallback callback;
1751 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 1755 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
1752 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, callback.GetResult(sock_->Read( 1756 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, callback.GetResult(sock_->Read(
1753 buf.get(), 4096, callback.callback()))); 1757 buf.get(), 4096, callback.callback())));
1754 } 1758 }
1755 1759
1756 TEST_F(SSLClientSocketTest, Read_SmallChunks) { 1760 TEST_F(SSLClientSocketTest, Read_SmallChunks) {
1757 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1761 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1758 1762
1759 int rv; 1763 int rv;
1760 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1764 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1761 EXPECT_EQ(OK, rv); 1765 EXPECT_THAT(rv, IsOk());
1762 1766
1763 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1767 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1764 scoped_refptr<IOBuffer> request_buffer( 1768 scoped_refptr<IOBuffer> request_buffer(
1765 new IOBuffer(arraysize(request_text) - 1)); 1769 new IOBuffer(arraysize(request_text) - 1));
1766 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); 1770 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1);
1767 1771
1768 TestCompletionCallback callback; 1772 TestCompletionCallback callback;
1769 rv = callback.GetResult(sock_->Write( 1773 rv = callback.GetResult(sock_->Write(
1770 request_buffer.get(), arraysize(request_text) - 1, callback.callback())); 1774 request_buffer.get(), arraysize(request_text) - 1, callback.callback()));
1771 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv); 1775 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv);
1772 1776
1773 scoped_refptr<IOBuffer> buf(new IOBuffer(1)); 1777 scoped_refptr<IOBuffer> buf(new IOBuffer(1));
1774 do { 1778 do {
1775 rv = callback.GetResult(sock_->Read(buf.get(), 1, callback.callback())); 1779 rv = callback.GetResult(sock_->Read(buf.get(), 1, callback.callback()));
1776 EXPECT_GE(rv, 0); 1780 EXPECT_GE(rv, 0);
1777 } while (rv > 0); 1781 } while (rv > 0);
1778 } 1782 }
1779 1783
1780 TEST_F(SSLClientSocketTest, Read_ManySmallRecords) { 1784 TEST_F(SSLClientSocketTest, Read_ManySmallRecords) {
1781 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1785 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1782 1786
1783 TestCompletionCallback callback; 1787 TestCompletionCallback callback;
1784 1788
1785 std::unique_ptr<StreamSocket> real_transport( 1789 std::unique_ptr<StreamSocket> real_transport(
1786 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1790 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1787 std::unique_ptr<ReadBufferingStreamSocket> transport( 1791 std::unique_ptr<ReadBufferingStreamSocket> transport(
1788 new ReadBufferingStreamSocket(std::move(real_transport))); 1792 new ReadBufferingStreamSocket(std::move(real_transport)));
1789 ReadBufferingStreamSocket* raw_transport = transport.get(); 1793 ReadBufferingStreamSocket* raw_transport = transport.get();
1790 int rv = callback.GetResult(transport->Connect(callback.callback())); 1794 int rv = callback.GetResult(transport->Connect(callback.callback()));
1791 ASSERT_EQ(OK, rv); 1795 ASSERT_THAT(rv, IsOk());
1792 1796
1793 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1797 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1794 std::move(transport), spawned_test_server()->host_port_pair(), 1798 std::move(transport), spawned_test_server()->host_port_pair(),
1795 SSLConfig())); 1799 SSLConfig()));
1796 1800
1797 rv = callback.GetResult(sock->Connect(callback.callback())); 1801 rv = callback.GetResult(sock->Connect(callback.callback()));
1798 ASSERT_EQ(OK, rv); 1802 ASSERT_THAT(rv, IsOk());
1799 ASSERT_TRUE(sock->IsConnected()); 1803 ASSERT_TRUE(sock->IsConnected());
1800 1804
1801 const char request_text[] = "GET /ssl-many-small-records HTTP/1.0\r\n\r\n"; 1805 const char request_text[] = "GET /ssl-many-small-records HTTP/1.0\r\n\r\n";
1802 scoped_refptr<IOBuffer> request_buffer( 1806 scoped_refptr<IOBuffer> request_buffer(
1803 new IOBuffer(arraysize(request_text) - 1)); 1807 new IOBuffer(arraysize(request_text) - 1));
1804 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); 1808 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1);
1805 1809
1806 rv = callback.GetResult(sock->Write( 1810 rv = callback.GetResult(sock->Write(
1807 request_buffer.get(), arraysize(request_text) - 1, callback.callback())); 1811 request_buffer.get(), arraysize(request_text) - 1, callback.callback()));
1808 ASSERT_GT(rv, 0); 1812 ASSERT_GT(rv, 0);
(...skipping 13 matching lines...) Expand all
1822 scoped_refptr<IOBuffer> buffer(new IOBuffer(8192)); 1826 scoped_refptr<IOBuffer> buffer(new IOBuffer(8192));
1823 rv = callback.GetResult(sock->Read(buffer.get(), 8192, callback.callback())); 1827 rv = callback.GetResult(sock->Read(buffer.get(), 8192, callback.callback()));
1824 ASSERT_EQ(rv, 8192); 1828 ASSERT_EQ(rv, 8192);
1825 } 1829 }
1826 1830
1827 TEST_F(SSLClientSocketTest, Read_Interrupted) { 1831 TEST_F(SSLClientSocketTest, Read_Interrupted) {
1828 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1832 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1829 1833
1830 int rv; 1834 int rv;
1831 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1835 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1832 EXPECT_EQ(OK, rv); 1836 EXPECT_THAT(rv, IsOk());
1833 1837
1834 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1838 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1835 scoped_refptr<IOBuffer> request_buffer( 1839 scoped_refptr<IOBuffer> request_buffer(
1836 new IOBuffer(arraysize(request_text) - 1)); 1840 new IOBuffer(arraysize(request_text) - 1));
1837 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); 1841 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1);
1838 1842
1839 TestCompletionCallback callback; 1843 TestCompletionCallback callback;
1840 rv = callback.GetResult(sock_->Write( 1844 rv = callback.GetResult(sock_->Write(
1841 request_buffer.get(), arraysize(request_text) - 1, callback.callback())); 1845 request_buffer.get(), arraysize(request_text) - 1, callback.callback()));
1842 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv); 1846 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv);
1843 1847
1844 // Do a partial read and then exit. This test should not crash! 1848 // Do a partial read and then exit. This test should not crash!
1845 scoped_refptr<IOBuffer> buf(new IOBuffer(512)); 1849 scoped_refptr<IOBuffer> buf(new IOBuffer(512));
1846 rv = callback.GetResult(sock_->Read(buf.get(), 512, callback.callback())); 1850 rv = callback.GetResult(sock_->Read(buf.get(), 512, callback.callback()));
1847 EXPECT_GT(rv, 0); 1851 EXPECT_GT(rv, 0);
1848 } 1852 }
1849 1853
1850 TEST_F(SSLClientSocketTest, Read_FullLogging) { 1854 TEST_F(SSLClientSocketTest, Read_FullLogging) {
1851 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1855 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1852 1856
1853 TestCompletionCallback callback; 1857 TestCompletionCallback callback;
1854 TestNetLog log; 1858 TestNetLog log;
1855 log.SetCaptureMode(NetLogCaptureMode::IncludeSocketBytes()); 1859 log.SetCaptureMode(NetLogCaptureMode::IncludeSocketBytes());
1856 std::unique_ptr<StreamSocket> transport( 1860 std::unique_ptr<StreamSocket> transport(
1857 new TCPClientSocket(addr(), NULL, &log, NetLog::Source())); 1861 new TCPClientSocket(addr(), NULL, &log, NetLog::Source()));
1858 int rv = callback.GetResult(transport->Connect(callback.callback())); 1862 int rv = callback.GetResult(transport->Connect(callback.callback()));
1859 EXPECT_EQ(OK, rv); 1863 EXPECT_THAT(rv, IsOk());
1860 1864
1861 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1865 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1862 std::move(transport), spawned_test_server()->host_port_pair(), 1866 std::move(transport), spawned_test_server()->host_port_pair(),
1863 SSLConfig())); 1867 SSLConfig()));
1864 1868
1865 rv = callback.GetResult(sock->Connect(callback.callback())); 1869 rv = callback.GetResult(sock->Connect(callback.callback()));
1866 EXPECT_EQ(OK, rv); 1870 EXPECT_THAT(rv, IsOk());
1867 EXPECT_TRUE(sock->IsConnected()); 1871 EXPECT_TRUE(sock->IsConnected());
1868 1872
1869 const char request_text[] = "GET / HTTP/1.0\r\n\r\n"; 1873 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1870 scoped_refptr<IOBuffer> request_buffer( 1874 scoped_refptr<IOBuffer> request_buffer(
1871 new IOBuffer(arraysize(request_text) - 1)); 1875 new IOBuffer(arraysize(request_text) - 1));
1872 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); 1876 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1);
1873 1877
1874 rv = callback.GetResult(sock->Write( 1878 rv = callback.GetResult(sock->Write(
1875 request_buffer.get(), arraysize(request_text) - 1, callback.callback())); 1879 request_buffer.get(), arraysize(request_text) - 1, callback.callback()));
1876 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv); 1880 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv);
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
1918 reinterpret_cast<const char*>(application_data), 1922 reinterpret_cast<const char*>(application_data),
1919 arraysize(application_data)), 1923 arraysize(application_data)),
1920 MockRead(SYNCHRONOUS, OK), }; 1924 MockRead(SYNCHRONOUS, OK), };
1921 1925
1922 StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0); 1926 StaticSocketDataProvider data(data_reads, arraysize(data_reads), NULL, 0);
1923 1927
1924 TestCompletionCallback callback; 1928 TestCompletionCallback callback;
1925 std::unique_ptr<StreamSocket> transport( 1929 std::unique_ptr<StreamSocket> transport(
1926 new MockTCPClientSocket(addr(), NULL, &data)); 1930 new MockTCPClientSocket(addr(), NULL, &data));
1927 int rv = callback.GetResult(transport->Connect(callback.callback())); 1931 int rv = callback.GetResult(transport->Connect(callback.callback()));
1928 EXPECT_EQ(OK, rv); 1932 EXPECT_THAT(rv, IsOk());
1929 1933
1930 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 1934 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1931 std::move(transport), spawned_test_server()->host_port_pair(), 1935 std::move(transport), spawned_test_server()->host_port_pair(),
1932 SSLConfig())); 1936 SSLConfig()));
1933 1937
1934 rv = callback.GetResult(sock->Connect(callback.callback())); 1938 rv = callback.GetResult(sock->Connect(callback.callback()));
1935 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); 1939 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
1936 } 1940 }
1937 1941
1938 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { 1942 TEST_F(SSLClientSocketTest, CipherSuiteDisables) {
1939 // Rather than exhaustively disabling every AES_128_CBC ciphersuite defined at 1943 // Rather than exhaustively disabling every AES_128_CBC ciphersuite defined at
1940 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, only 1944 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, only
1941 // disabling those cipher suites that the test server actually implements. 1945 // disabling those cipher suites that the test server actually implements.
1942 const uint16_t kCiphersToDisable[] = { 1946 const uint16_t kCiphersToDisable[] = {
1943 0x002f, // TLS_RSA_WITH_AES_128_CBC_SHA 1947 0x002f, // TLS_RSA_WITH_AES_128_CBC_SHA
1944 0x0033, // TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1948 0x0033, // TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1945 0xc013, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 1949 0xc013, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1946 }; 1950 };
1947 1951
1948 SpawnedTestServer::SSLOptions ssl_options; 1952 SpawnedTestServer::SSLOptions ssl_options;
1949 // Enable only AES_128_CBC on the test server. 1953 // Enable only AES_128_CBC on the test server.
1950 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; 1954 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128;
1951 ASSERT_TRUE(StartTestServer(ssl_options)); 1955 ASSERT_TRUE(StartTestServer(ssl_options));
1952 1956
1953 SSLConfig ssl_config; 1957 SSLConfig ssl_config;
1954 for (size_t i = 0; i < arraysize(kCiphersToDisable); ++i) 1958 for (size_t i = 0; i < arraysize(kCiphersToDisable); ++i)
1955 ssl_config.disabled_cipher_suites.push_back(kCiphersToDisable[i]); 1959 ssl_config.disabled_cipher_suites.push_back(kCiphersToDisable[i]);
1956 1960
1957 int rv; 1961 int rv;
1958 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 1962 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
1959 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 1963 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1960 } 1964 }
1961 1965
1962 // When creating an SSLClientSocket, it is allowed to pass in a 1966 // When creating an SSLClientSocket, it is allowed to pass in a
1963 // ClientSocketHandle that is not obtained from a client socket pool. 1967 // ClientSocketHandle that is not obtained from a client socket pool.
1964 // Here we verify that such a simple ClientSocketHandle, not associated with any 1968 // Here we verify that such a simple ClientSocketHandle, not associated with any
1965 // client socket pool, can be destroyed safely. 1969 // client socket pool, can be destroyed safely.
1966 TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) { 1970 TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
1967 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1971 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1968 1972
1969 TestCompletionCallback callback; 1973 TestCompletionCallback callback;
1970 std::unique_ptr<StreamSocket> transport( 1974 std::unique_ptr<StreamSocket> transport(
1971 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 1975 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
1972 int rv = callback.GetResult(transport->Connect(callback.callback())); 1976 int rv = callback.GetResult(transport->Connect(callback.callback()));
1973 EXPECT_EQ(OK, rv); 1977 EXPECT_THAT(rv, IsOk());
1974 1978
1975 std::unique_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle()); 1979 std::unique_ptr<ClientSocketHandle> socket_handle(new ClientSocketHandle());
1976 socket_handle->SetSocket(std::move(transport)); 1980 socket_handle->SetSocket(std::move(transport));
1977 1981
1978 std::unique_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket( 1982 std::unique_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket(
1979 std::move(socket_handle), spawned_test_server()->host_port_pair(), 1983 std::move(socket_handle), spawned_test_server()->host_port_pair(),
1980 SSLConfig(), context_)); 1984 SSLConfig(), context_));
1981 1985
1982 EXPECT_FALSE(sock->IsConnected()); 1986 EXPECT_FALSE(sock->IsConnected());
1983 rv = callback.GetResult(sock->Connect(callback.callback())); 1987 rv = callback.GetResult(sock->Connect(callback.callback()));
1984 EXPECT_EQ(OK, rv); 1988 EXPECT_THAT(rv, IsOk());
1985 } 1989 }
1986 1990
1987 // Verifies that SSLClientSocket::ExportKeyingMaterial return a success 1991 // Verifies that SSLClientSocket::ExportKeyingMaterial return a success
1988 // code and different keying label results in different keying material. 1992 // code and different keying label results in different keying material.
1989 TEST_F(SSLClientSocketTest, ExportKeyingMaterial) { 1993 TEST_F(SSLClientSocketTest, ExportKeyingMaterial) {
1990 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 1994 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
1991 1995
1992 int rv; 1996 int rv;
1993 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 1997 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1994 EXPECT_EQ(OK, rv); 1998 EXPECT_THAT(rv, IsOk());
1995 EXPECT_TRUE(sock_->IsConnected()); 1999 EXPECT_TRUE(sock_->IsConnected());
1996 2000
1997 const int kKeyingMaterialSize = 32; 2001 const int kKeyingMaterialSize = 32;
1998 const char kKeyingLabel1[] = "client-socket-test-1"; 2002 const char kKeyingLabel1[] = "client-socket-test-1";
1999 const char kKeyingContext1[] = ""; 2003 const char kKeyingContext1[] = "";
2000 unsigned char client_out1[kKeyingMaterialSize]; 2004 unsigned char client_out1[kKeyingMaterialSize];
2001 memset(client_out1, 0, sizeof(client_out1)); 2005 memset(client_out1, 0, sizeof(client_out1));
2002 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, false, kKeyingContext1, 2006 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, false, kKeyingContext1,
2003 client_out1, sizeof(client_out1)); 2007 client_out1, sizeof(client_out1));
2004 EXPECT_EQ(rv, OK); 2008 EXPECT_EQ(rv, OK);
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
2067 2071
2068 // Set up a test server with CERT_CHAIN_WRONG_ROOT. 2072 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2069 // This makes the server present redundant-server-chain.pem, which contains 2073 // This makes the server present redundant-server-chain.pem, which contains
2070 // intermediate certificates. 2074 // intermediate certificates.
2071 SpawnedTestServer::SSLOptions ssl_options( 2075 SpawnedTestServer::SSLOptions ssl_options(
2072 SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT); 2076 SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT);
2073 ASSERT_TRUE(StartTestServer(ssl_options)); 2077 ASSERT_TRUE(StartTestServer(ssl_options));
2074 2078
2075 int rv; 2079 int rv;
2076 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 2080 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2077 EXPECT_EQ(ERR_CERT_INVALID, rv); 2081 EXPECT_THAT(rv, IsError(ERR_CERT_INVALID));
2078 EXPECT_TRUE(sock_->IsConnected()); 2082 EXPECT_TRUE(sock_->IsConnected());
2079 2083
2080 // When given option CERT_CHAIN_WRONG_ROOT, SpawnedTestServer will present 2084 // When given option CERT_CHAIN_WRONG_ROOT, SpawnedTestServer will present
2081 // certs from redundant-server-chain.pem. 2085 // certs from redundant-server-chain.pem.
2082 CertificateList server_certs = 2086 CertificateList server_certs =
2083 CreateCertificateListFromFile(GetTestCertsDirectory(), 2087 CreateCertificateListFromFile(GetTestCertsDirectory(),
2084 "redundant-server-chain.pem", 2088 "redundant-server-chain.pem",
2085 X509Certificate::FORMAT_AUTO); 2089 X509Certificate::FORMAT_AUTO);
2086 2090
2087 // Get the server certificate as received client side. 2091 // Get the server certificate as received client side.
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
2160 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); 2164 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
2161 ScopedTestRoot scoped_root(root_cert.get()); 2165 ScopedTestRoot scoped_root(root_cert.get());
2162 2166
2163 // Set up a test server with CERT_CHAIN_WRONG_ROOT. 2167 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2164 SpawnedTestServer::SSLOptions ssl_options( 2168 SpawnedTestServer::SSLOptions ssl_options(
2165 SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT); 2169 SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT);
2166 ASSERT_TRUE(StartTestServer(ssl_options)); 2170 ASSERT_TRUE(StartTestServer(ssl_options));
2167 2171
2168 int rv; 2172 int rv;
2169 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 2173 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2170 EXPECT_EQ(OK, rv); 2174 EXPECT_THAT(rv, IsOk());
2171 EXPECT_TRUE(sock_->IsConnected()); 2175 EXPECT_TRUE(sock_->IsConnected());
2172 2176
2173 TestNetLogEntry::List entries; 2177 TestNetLogEntry::List entries;
2174 log_.GetEntries(&entries); 2178 log_.GetEntries(&entries);
2175 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); 2179 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT));
2176 2180
2177 SSLInfo ssl_info; 2181 SSLInfo ssl_info;
2178 sock_->GetSSLInfo(&ssl_info); 2182 sock_->GetSSLInfo(&ssl_info);
2179 2183
2180 // Verify that SSLInfo contains the corrected re-constructed chain A -> B 2184 // Verify that SSLInfo contains the corrected re-constructed chain A -> B
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
2280 2284
2281 MockCTVerifier ct_verifier; 2285 MockCTVerifier ct_verifier;
2282 SetCTVerifier(&ct_verifier); 2286 SetCTVerifier(&ct_verifier);
2283 2287
2284 // Check that the SCT list is extracted as expected. 2288 // Check that the SCT list is extracted as expected.
2285 EXPECT_CALL(ct_verifier, Verify(_, "", "test", _, _)).WillRepeatedly( 2289 EXPECT_CALL(ct_verifier, Verify(_, "", "test", _, _)).WillRepeatedly(
2286 Return(ERR_CT_NO_SCTS_VERIFIED_OK)); 2290 Return(ERR_CT_NO_SCTS_VERIFIED_OK));
2287 2291
2288 int rv; 2292 int rv;
2289 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2293 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2290 EXPECT_EQ(OK, rv); 2294 EXPECT_THAT(rv, IsOk());
2291 2295
2292 EXPECT_TRUE(sock_->signed_cert_timestamps_received_); 2296 EXPECT_TRUE(sock_->signed_cert_timestamps_received_);
2293 } 2297 }
2294 2298
2295 // Test that when an EV certificate is received, but no CT verifier 2299 // Test that when an EV certificate is received, but no CT verifier
2296 // or certificate policy enforcer are defined, then the EV status 2300 // or certificate policy enforcer are defined, then the EV status
2297 // of the certificate is maintained. 2301 // of the certificate is maintained.
2298 TEST_F(SSLClientSocketTest, EVCertStatusMaintainedNoCTVerifier) { 2302 TEST_F(SSLClientSocketTest, EVCertStatusMaintainedNoCTVerifier) {
2299 SpawnedTestServer::SSLOptions ssl_options; 2303 SpawnedTestServer::SSLOptions ssl_options;
2300 ASSERT_TRUE(StartTestServer(ssl_options)); 2304 ASSERT_TRUE(StartTestServer(ssl_options));
2301 2305
2302 SSLConfig ssl_config; 2306 SSLConfig ssl_config;
2303 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); 2307 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config);
2304 2308
2305 // No verifier to skip CT and policy checks. 2309 // No verifier to skip CT and policy checks.
2306 int rv; 2310 int rv;
2307 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2311 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2308 EXPECT_EQ(OK, rv); 2312 EXPECT_THAT(rv, IsOk());
2309 2313
2310 SSLInfo result; 2314 SSLInfo result;
2311 ASSERT_TRUE(sock_->GetSSLInfo(&result)); 2315 ASSERT_TRUE(sock_->GetSSLInfo(&result));
2312 2316
2313 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); 2317 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV);
2314 } 2318 }
2315 2319
2316 // Test that when a CT verifier and a CTPolicyEnforcer are defined, and 2320 // Test that when a CT verifier and a CTPolicyEnforcer are defined, and
2317 // the EV certificate used conforms to the CT/EV policy, its EV status 2321 // the EV certificate used conforms to the CT/EV policy, its EV status
2318 // is maintained. 2322 // is maintained.
(...skipping 15 matching lines...) Expand all
2334 SetCTPolicyEnforcer(&policy_enforcer); 2338 SetCTPolicyEnforcer(&policy_enforcer);
2335 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) 2339 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _))
2336 .WillRepeatedly( 2340 .WillRepeatedly(
2337 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS)); 2341 Return(ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS));
2338 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) 2342 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _))
2339 .WillRepeatedly( 2343 .WillRepeatedly(
2340 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS)); 2344 Return(ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS));
2341 2345
2342 int rv; 2346 int rv;
2343 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2347 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2344 EXPECT_EQ(OK, rv); 2348 EXPECT_THAT(rv, IsOk());
2345 2349
2346 SSLInfo result; 2350 SSLInfo result;
2347 ASSERT_TRUE(sock_->GetSSLInfo(&result)); 2351 ASSERT_TRUE(sock_->GetSSLInfo(&result));
2348 2352
2349 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); 2353 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV);
2350 } 2354 }
2351 2355
2352 // Test that when a CT verifier and a CTPolicyEnforcer are defined, but 2356 // Test that when a CT verifier and a CTPolicyEnforcer are defined, but
2353 // the EV certificate used does not conform to the CT/EV policy, its EV status 2357 // the EV certificate used does not conform to the CT/EV policy, its EV status
2354 // is removed. 2358 // is removed.
(...skipping 15 matching lines...) Expand all
2370 SetCTPolicyEnforcer(&policy_enforcer); 2374 SetCTPolicyEnforcer(&policy_enforcer);
2371 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _)) 2375 EXPECT_CALL(policy_enforcer, DoesConformToCertPolicy(_, _, _))
2372 .WillRepeatedly( 2376 .WillRepeatedly(
2373 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); 2377 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS));
2374 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) 2378 EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _))
2375 .WillRepeatedly( 2379 .WillRepeatedly(
2376 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS)); 2380 Return(ct::EVPolicyCompliance::EV_POLICY_NOT_ENOUGH_SCTS));
2377 2381
2378 int rv; 2382 int rv;
2379 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2383 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2380 EXPECT_EQ(OK, rv); 2384 EXPECT_THAT(rv, IsOk());
2381 2385
2382 SSLInfo result; 2386 SSLInfo result;
2383 ASSERT_TRUE(sock_->GetSSLInfo(&result)); 2387 ASSERT_TRUE(sock_->GetSSLInfo(&result));
2384 2388
2385 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV); 2389 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV);
2386 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED); 2390 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED);
2387 } 2391 }
2388 2392
2389 namespace { 2393 namespace {
2390 2394
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
2423 // DER encoding of an OCSPResponse (RFC 2560), so check that it consists of a 2427 // DER encoding of an OCSPResponse (RFC 2560), so check that it consists of a
2424 // SEQUENCE of an ENUMERATED type and an element tagged with [0] EXPLICIT. In 2428 // SEQUENCE of an ENUMERATED type and an element tagged with [0] EXPLICIT. In
2425 // particular, it should not include the overall two-byte length prefix from 2429 // particular, it should not include the overall two-byte length prefix from
2426 // TLS. 2430 // TLS.
2427 EXPECT_CALL(ct_verifier, 2431 EXPECT_CALL(ct_verifier,
2428 Verify(_, Truly(IsValidOCSPResponse), "", _, _)).WillRepeatedly( 2432 Verify(_, Truly(IsValidOCSPResponse), "", _, _)).WillRepeatedly(
2429 Return(ERR_CT_NO_SCTS_VERIFIED_OK)); 2433 Return(ERR_CT_NO_SCTS_VERIFIED_OK));
2430 2434
2431 int rv; 2435 int rv;
2432 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2436 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2433 EXPECT_EQ(OK, rv); 2437 EXPECT_THAT(rv, IsOk());
2434 2438
2435 EXPECT_TRUE(sock_->stapled_ocsp_response_received_); 2439 EXPECT_TRUE(sock_->stapled_ocsp_response_received_);
2436 } 2440 }
2437 2441
2438 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) { 2442 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsDisabled) {
2439 SpawnedTestServer::SSLOptions ssl_options; 2443 SpawnedTestServer::SSLOptions ssl_options;
2440 ssl_options.signed_cert_timestamps_tls_ext = "test"; 2444 ssl_options.signed_cert_timestamps_tls_ext = "test";
2441 2445
2442 ASSERT_TRUE(StartTestServer(ssl_options)); 2446 ASSERT_TRUE(StartTestServer(ssl_options));
2443 2447
2444 SSLConfig ssl_config; 2448 SSLConfig ssl_config;
2445 ssl_config.signed_cert_timestamps_enabled = false; 2449 ssl_config.signed_cert_timestamps_enabled = false;
2446 2450
2447 int rv; 2451 int rv;
2448 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2452 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2449 EXPECT_EQ(OK, rv); 2453 EXPECT_THAT(rv, IsOk());
2450 2454
2451 EXPECT_FALSE(sock_->signed_cert_timestamps_received_); 2455 EXPECT_FALSE(sock_->signed_cert_timestamps_received_);
2452 } 2456 }
2453 2457
2454 // Tests that IsConnectedAndIdle and WasEverUsed behave as expected. 2458 // Tests that IsConnectedAndIdle and WasEverUsed behave as expected.
2455 TEST_F(SSLClientSocketTest, ReuseStates) { 2459 TEST_F(SSLClientSocketTest, ReuseStates) {
2456 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2460 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2457 2461
2458 int rv; 2462 int rv;
2459 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 2463 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
(...skipping 29 matching lines...) Expand all
2489 // regression test for https://crbug.com/466147. 2493 // regression test for https://crbug.com/466147.
2490 TEST_F(SSLClientSocketTest, ReusableAfterWrite) { 2494 TEST_F(SSLClientSocketTest, ReusableAfterWrite) {
2491 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2495 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2492 2496
2493 TestCompletionCallback callback; 2497 TestCompletionCallback callback;
2494 std::unique_ptr<StreamSocket> real_transport( 2498 std::unique_ptr<StreamSocket> real_transport(
2495 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source())); 2499 new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
2496 std::unique_ptr<FakeBlockingStreamSocket> transport( 2500 std::unique_ptr<FakeBlockingStreamSocket> transport(
2497 new FakeBlockingStreamSocket(std::move(real_transport))); 2501 new FakeBlockingStreamSocket(std::move(real_transport)));
2498 FakeBlockingStreamSocket* raw_transport = transport.get(); 2502 FakeBlockingStreamSocket* raw_transport = transport.get();
2499 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); 2503 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2504 IsOk());
2500 2505
2501 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( 2506 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2502 std::move(transport), spawned_test_server()->host_port_pair(), 2507 std::move(transport), spawned_test_server()->host_port_pair(),
2503 SSLConfig())); 2508 SSLConfig()));
2504 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); 2509 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2505 2510
2506 // Block any application data from reaching the network. 2511 // Block any application data from reaching the network.
2507 raw_transport->BlockWrite(); 2512 raw_transport->BlockWrite();
2508 2513
2509 // Write a partial HTTP request. 2514 // Write a partial HTTP request.
2510 const char kRequestText[] = "GET / HTTP/1.0"; 2515 const char kRequestText[] = "GET / HTTP/1.0";
2511 const size_t kRequestLen = arraysize(kRequestText) - 1; 2516 const size_t kRequestLen = arraysize(kRequestText) - 1;
2512 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestLen)); 2517 scoped_refptr<IOBuffer> request_buffer(new IOBuffer(kRequestLen));
2513 memcpy(request_buffer->data(), kRequestText, kRequestLen); 2518 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2514 2519
(...skipping 12 matching lines...) Expand all
2527 2532
2528 // Tests that basic session resumption works. 2533 // Tests that basic session resumption works.
2529 TEST_F(SSLClientSocketTest, SessionResumption) { 2534 TEST_F(SSLClientSocketTest, SessionResumption) {
2530 SpawnedTestServer::SSLOptions ssl_options; 2535 SpawnedTestServer::SSLOptions ssl_options;
2531 ASSERT_TRUE(StartTestServer(ssl_options)); 2536 ASSERT_TRUE(StartTestServer(ssl_options));
2532 2537
2533 // First, perform a full handshake. 2538 // First, perform a full handshake.
2534 SSLConfig ssl_config; 2539 SSLConfig ssl_config;
2535 int rv; 2540 int rv;
2536 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2541 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2537 ASSERT_EQ(OK, rv); 2542 ASSERT_THAT(rv, IsOk());
2538 SSLInfo ssl_info; 2543 SSLInfo ssl_info;
2539 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2544 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2540 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2545 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2541 2546
2542 // The next connection should resume. 2547 // The next connection should resume.
2543 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2548 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2544 ASSERT_EQ(OK, rv); 2549 ASSERT_THAT(rv, IsOk());
2545 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2550 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2546 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2551 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2547 sock_.reset(); 2552 sock_.reset();
2548 2553
2549 // Using a different HostPortPair uses a different session cache key. 2554 // Using a different HostPortPair uses a different session cache key.
2550 std::unique_ptr<StreamSocket> transport( 2555 std::unique_ptr<StreamSocket> transport(
2551 new TCPClientSocket(addr(), NULL, &log_, NetLog::Source())); 2556 new TCPClientSocket(addr(), NULL, &log_, NetLog::Source()));
2552 TestCompletionCallback callback; 2557 TestCompletionCallback callback;
2553 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); 2558 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2559 IsOk());
2554 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket( 2560 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
2555 std::move(transport), HostPortPair("example.com", 443), ssl_config); 2561 std::move(transport), HostPortPair("example.com", 443), ssl_config);
2556 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); 2562 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2557 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); 2563 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
2558 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2564 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2559 sock.reset(); 2565 sock.reset();
2560 2566
2561 SSLClientSocket::ClearSessionCache(); 2567 SSLClientSocket::ClearSessionCache();
2562 2568
2563 // After clearing the session cache, the next handshake doesn't resume. 2569 // After clearing the session cache, the next handshake doesn't resume.
2564 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2570 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2565 ASSERT_EQ(OK, rv); 2571 ASSERT_THAT(rv, IsOk());
2566 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2572 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2567 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2573 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2568 } 2574 }
2569 2575
2570 // Tests that connections with certificate errors do not add entries to the 2576 // Tests that connections with certificate errors do not add entries to the
2571 // session cache. 2577 // session cache.
2572 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { 2578 TEST_F(SSLClientSocketTest, CertificateErrorNoResume) {
2573 SpawnedTestServer::SSLOptions ssl_options; 2579 SpawnedTestServer::SSLOptions ssl_options;
2574 ASSERT_TRUE(StartTestServer(ssl_options)); 2580 ASSERT_TRUE(StartTestServer(ssl_options));
2575 2581
2576 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); 2582 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
2577 2583
2578 SSLConfig ssl_config; 2584 SSLConfig ssl_config;
2579 int rv; 2585 int rv;
2580 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2586 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2581 ASSERT_EQ(ERR_CERT_COMMON_NAME_INVALID, rv); 2587 ASSERT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
2582 2588
2583 cert_verifier_->set_default_result(OK); 2589 cert_verifier_->set_default_result(OK);
2584 2590
2585 // The next connection should perform a full handshake. 2591 // The next connection should perform a full handshake.
2586 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2592 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2587 ASSERT_EQ(OK, rv); 2593 ASSERT_THAT(rv, IsOk());
2588 SSLInfo ssl_info; 2594 SSLInfo ssl_info;
2589 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2595 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2590 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2596 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2591 } 2597 }
2592 2598
2593 // Tests that session caches are sharded by max_version. 2599 // Tests that session caches are sharded by max_version.
2594 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) { 2600 TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {
2595 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2601 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2596 2602
2597 // Prepare a normal and fallback SSL config. 2603 // Prepare a normal and fallback SSL config.
2598 SSLConfig ssl_config; 2604 SSLConfig ssl_config;
2599 SSLConfig fallback_ssl_config; 2605 SSLConfig fallback_ssl_config;
2600 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; 2606 fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1;
2601 fallback_ssl_config.version_fallback_min = SSL_PROTOCOL_VERSION_TLS1; 2607 fallback_ssl_config.version_fallback_min = SSL_PROTOCOL_VERSION_TLS1;
2602 fallback_ssl_config.version_fallback = true; 2608 fallback_ssl_config.version_fallback = true;
2603 2609
2604 // Connect with a fallback config from the test server to add an entry to the 2610 // Connect with a fallback config from the test server to add an entry to the
2605 // session cache. 2611 // session cache.
2606 int rv; 2612 int rv;
2607 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); 2613 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
2608 EXPECT_EQ(OK, rv); 2614 EXPECT_THAT(rv, IsOk());
2609 SSLInfo ssl_info; 2615 SSLInfo ssl_info;
2610 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2616 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2611 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2617 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2612 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, 2618 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
2613 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2619 SSLConnectionStatusToVersion(ssl_info.connection_status));
2614 2620
2615 // A non-fallback connection needs a full handshake. 2621 // A non-fallback connection needs a full handshake.
2616 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2622 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2617 EXPECT_EQ(OK, rv); 2623 EXPECT_THAT(rv, IsOk());
2618 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2624 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2619 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2625 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2620 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2, 2626 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
2621 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2627 SSLConnectionStatusToVersion(ssl_info.connection_status));
2622 2628
2623 // Note: if the server (correctly) declines to resume a TLS 1.0 session at TLS 2629 // Note: if the server (correctly) declines to resume a TLS 1.0 session at TLS
2624 // 1.2, the above test would not be sufficient to prove the session caches are 2630 // 1.2, the above test would not be sufficient to prove the session caches are
2625 // sharded. Implementations vary here, so, to avoid being sensitive to this, 2631 // sharded. Implementations vary here, so, to avoid being sensitive to this,
2626 // attempt to resume with two more connections. 2632 // attempt to resume with two more connections.
2627 2633
2628 // The non-fallback connection added a > TLS 1.0 entry to the session cache. 2634 // The non-fallback connection added a > TLS 1.0 entry to the session cache.
2629 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2635 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2630 EXPECT_EQ(OK, rv); 2636 EXPECT_THAT(rv, IsOk());
2631 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2637 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2632 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2638 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2633 // This does not check for equality because TLS 1.2 support is conditional on 2639 // This does not check for equality because TLS 1.2 support is conditional on
2634 // system NSS features. 2640 // system NSS features.
2635 EXPECT_LT(SSL_CONNECTION_VERSION_TLS1, 2641 EXPECT_LT(SSL_CONNECTION_VERSION_TLS1,
2636 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2642 SSLConnectionStatusToVersion(ssl_info.connection_status));
2637 2643
2638 // The fallback connection still resumes from its session cache. It cannot 2644 // The fallback connection still resumes from its session cache. It cannot
2639 // offer the > TLS 1.0 session, so this must have been the session from the 2645 // offer the > TLS 1.0 session, so this must have been the session from the
2640 // first fallback connection. 2646 // first fallback connection.
2641 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); 2647 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
2642 EXPECT_EQ(OK, rv); 2648 EXPECT_THAT(rv, IsOk());
2643 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2649 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2644 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2650 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2645 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, 2651 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
2646 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2652 SSLConnectionStatusToVersion(ssl_info.connection_status));
2647 } 2653 }
2648 2654
2649 // Test that DHE is removed but gives a dedicated error. Also test that the 2655 // Test that DHE is removed but gives a dedicated error. Also test that the
2650 // dhe_enabled option can restore it. 2656 // dhe_enabled option can restore it.
2651 TEST_F(SSLClientSocketTest, DHE) { 2657 TEST_F(SSLClientSocketTest, DHE) {
2652 SpawnedTestServer::SSLOptions ssl_options; 2658 SpawnedTestServer::SSLOptions ssl_options;
2653 ssl_options.key_exchanges = 2659 ssl_options.key_exchanges =
2654 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; 2660 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
2655 ASSERT_TRUE(StartTestServer(ssl_options)); 2661 ASSERT_TRUE(StartTestServer(ssl_options));
2656 2662
2657 // Normal handshakes with DHE do not work, with or without DHE enabled. 2663 // Normal handshakes with DHE do not work, with or without DHE enabled.
2658 SSLConfig ssl_config; 2664 SSLConfig ssl_config;
2659 int rv; 2665 int rv;
2660 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2666 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2661 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2667 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
2662 2668
2663 ssl_config.dhe_enabled = true; 2669 ssl_config.dhe_enabled = true;
2664 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2670 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2665 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2671 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
2666 2672
2667 // Enabling deprecated ciphers gives DHE a dedicated error code. 2673 // Enabling deprecated ciphers gives DHE a dedicated error code.
2668 ssl_config.dhe_enabled = false; 2674 ssl_config.dhe_enabled = false;
2669 ssl_config.deprecated_cipher_suites_enabled = true; 2675 ssl_config.deprecated_cipher_suites_enabled = true;
2670 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2676 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2671 EXPECT_EQ(ERR_SSL_OBSOLETE_CIPHER, rv); 2677 EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER));
2672 2678
2673 // Enabling both deprecated ciphers and DHE restores it. 2679 // Enabling both deprecated ciphers and DHE restores it.
2674 ssl_config.dhe_enabled = true; 2680 ssl_config.dhe_enabled = true;
2675 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2681 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2676 EXPECT_EQ(OK, rv); 2682 EXPECT_THAT(rv, IsOk());
2677 } 2683 }
2678 2684
2679 // Tests that enabling deprecated ciphers shards the session cache. 2685 // Tests that enabling deprecated ciphers shards the session cache.
2680 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { 2686 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
2681 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2687 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2682 2688
2683 // Prepare a normal and deprecated SSL config. 2689 // Prepare a normal and deprecated SSL config.
2684 SSLConfig ssl_config; 2690 SSLConfig ssl_config;
2685 SSLConfig deprecated_ssl_config; 2691 SSLConfig deprecated_ssl_config;
2686 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; 2692 deprecated_ssl_config.deprecated_cipher_suites_enabled = true;
2687 2693
2688 // Connect with deprecated ciphers enabled to warm the session cache cache. 2694 // Connect with deprecated ciphers enabled to warm the session cache cache.
2689 int rv; 2695 int rv;
2690 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); 2696 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
2691 EXPECT_EQ(OK, rv); 2697 EXPECT_THAT(rv, IsOk());
2692 SSLInfo ssl_info; 2698 SSLInfo ssl_info;
2693 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2699 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2694 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2700 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2695 2701
2696 // Test that re-connecting with deprecated ciphers enabled still resumes. 2702 // Test that re-connecting with deprecated ciphers enabled still resumes.
2697 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); 2703 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
2698 EXPECT_EQ(OK, rv); 2704 EXPECT_THAT(rv, IsOk());
2699 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2705 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2700 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2706 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2701 2707
2702 // However, a normal connection needs a full handshake. 2708 // However, a normal connection needs a full handshake.
2703 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2709 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2704 EXPECT_EQ(OK, rv); 2710 EXPECT_THAT(rv, IsOk());
2705 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2711 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2706 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2712 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2707 2713
2708 // Clear the session cache for the inverse test. 2714 // Clear the session cache for the inverse test.
2709 SSLClientSocket::ClearSessionCache(); 2715 SSLClientSocket::ClearSessionCache();
2710 2716
2711 // Now make a normal connection to prime the session cache. 2717 // Now make a normal connection to prime the session cache.
2712 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2718 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2713 EXPECT_EQ(OK, rv); 2719 EXPECT_THAT(rv, IsOk());
2714 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2720 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2715 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2721 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2716 2722
2717 // A normal connection should be able to resume. 2723 // A normal connection should be able to resume.
2718 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2724 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2719 EXPECT_EQ(OK, rv); 2725 EXPECT_THAT(rv, IsOk());
2720 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2726 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2721 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2727 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2722 2728
2723 // However, enabling deprecated ciphers connects fresh. 2729 // However, enabling deprecated ciphers connects fresh.
2724 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); 2730 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
2725 EXPECT_EQ(OK, rv); 2731 EXPECT_THAT(rv, IsOk());
2726 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2732 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2727 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2733 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2728 } 2734 }
2729 2735
2730 TEST_F(SSLClientSocketTest, RequireECDHE) { 2736 TEST_F(SSLClientSocketTest, RequireECDHE) {
2731 // Run test server without ECDHE. 2737 // Run test server without ECDHE.
2732 SpawnedTestServer::SSLOptions ssl_options; 2738 SpawnedTestServer::SSLOptions ssl_options;
2733 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; 2739 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA;
2734 ASSERT_TRUE(StartTestServer(ssl_options)); 2740 ASSERT_TRUE(StartTestServer(ssl_options));
2735 2741
2736 SSLConfig config; 2742 SSLConfig config;
2737 config.require_ecdhe = true; 2743 config.require_ecdhe = true;
2738 int rv; 2744 int rv;
2739 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); 2745 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2740 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2746 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
2741 } 2747 }
2742 2748
2743 TEST_F(SSLClientSocketTest, TokenBindingEnabled) { 2749 TEST_F(SSLClientSocketTest, TokenBindingEnabled) {
2744 SpawnedTestServer::SSLOptions ssl_options; 2750 SpawnedTestServer::SSLOptions ssl_options;
2745 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); 2751 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
2746 ASSERT_TRUE(StartTestServer(ssl_options)); 2752 ASSERT_TRUE(StartTestServer(ssl_options));
2747 2753
2748 SSLConfig ssl_config; 2754 SSLConfig ssl_config;
2749 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); 2755 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
2750 2756
2751 int rv; 2757 int rv;
2752 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2758 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2753 EXPECT_EQ(OK, rv); 2759 EXPECT_THAT(rv, IsOk());
2754 SSLInfo info; 2760 SSLInfo info;
2755 EXPECT_TRUE(sock_->GetSSLInfo(&info)); 2761 EXPECT_TRUE(sock_->GetSSLInfo(&info));
2756 EXPECT_TRUE(info.token_binding_negotiated); 2762 EXPECT_TRUE(info.token_binding_negotiated);
2757 EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param); 2763 EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param);
2758 } 2764 }
2759 2765
2760 TEST_F(SSLClientSocketTest, TokenBindingFailsWithEmsDisabled) { 2766 TEST_F(SSLClientSocketTest, TokenBindingFailsWithEmsDisabled) {
2761 SpawnedTestServer::SSLOptions ssl_options; 2767 SpawnedTestServer::SSLOptions ssl_options;
2762 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); 2768 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256);
2763 ssl_options.disable_extended_master_secret = true; 2769 ssl_options.disable_extended_master_secret = true;
2764 ASSERT_TRUE(StartTestServer(ssl_options)); 2770 ASSERT_TRUE(StartTestServer(ssl_options));
2765 2771
2766 SSLConfig ssl_config; 2772 SSLConfig ssl_config;
2767 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); 2773 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
2768 2774
2769 int rv; 2775 int rv;
2770 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2776 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2771 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); 2777 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
2772 } 2778 }
2773 2779
2774 TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) { 2780 TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) {
2775 SpawnedTestServer::SSLOptions ssl_options; 2781 SpawnedTestServer::SSLOptions ssl_options;
2776 ASSERT_TRUE(StartTestServer(ssl_options)); 2782 ASSERT_TRUE(StartTestServer(ssl_options));
2777 2783
2778 SSLConfig ssl_config; 2784 SSLConfig ssl_config;
2779 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); 2785 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256);
2780 2786
2781 int rv; 2787 int rv;
2782 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2788 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2783 EXPECT_EQ(OK, rv); 2789 EXPECT_THAT(rv, IsOk());
2784 SSLInfo info; 2790 SSLInfo info;
2785 EXPECT_TRUE(sock_->GetSSLInfo(&info)); 2791 EXPECT_TRUE(sock_->GetSSLInfo(&info));
2786 EXPECT_FALSE(info.token_binding_negotiated); 2792 EXPECT_FALSE(info.token_binding_negotiated);
2787 } 2793 }
2788 2794
2789 // In tests requiring NPN, client_config.alpn_protos and 2795 // In tests requiring NPN, client_config.alpn_protos and
2790 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is 2796 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is
2791 // disabled due to quirks of the implementation. 2797 // disabled due to quirks of the implementation.
2792 2798
2793 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { 2799 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
2872 SSLConfig client_config; 2878 SSLConfig client_config;
2873 client_config.npn_protos.push_back(kProtoHTTP11); 2879 client_config.npn_protos.push_back(kProtoHTTP11);
2874 2880
2875 // Let a full handshake complete with False Start. 2881 // Let a full handshake complete with False Start.
2876 ASSERT_NO_FATAL_FAILURE( 2882 ASSERT_NO_FATAL_FAILURE(
2877 TestFalseStart(server_options, client_config, true)); 2883 TestFalseStart(server_options, client_config, true));
2878 2884
2879 // Make a second connection. 2885 // Make a second connection.
2880 int rv; 2886 int rv;
2881 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 2887 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
2882 EXPECT_EQ(OK, rv); 2888 EXPECT_THAT(rv, IsOk());
2883 2889
2884 // It should resume the session. 2890 // It should resume the session.
2885 SSLInfo ssl_info; 2891 SSLInfo ssl_info;
2886 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2892 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2887 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2893 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2888 } 2894 }
2889 2895
2890 // Test that False Started sessions are not resumable before receiving the 2896 // Test that False Started sessions are not resumable before receiving the
2891 // server Finished message. 2897 // server Finished message.
2892 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) { 2898 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) {
(...skipping 10 matching lines...) Expand all
2903 client_config.npn_protos.push_back(kProtoHTTP11); 2909 client_config.npn_protos.push_back(kProtoHTTP11);
2904 2910
2905 // Start a handshake up to the server Finished message. 2911 // Start a handshake up to the server Finished message.
2906 TestCompletionCallback callback; 2912 TestCompletionCallback callback;
2907 FakeBlockingStreamSocket* raw_transport1 = NULL; 2913 FakeBlockingStreamSocket* raw_transport1 = NULL;
2908 std::unique_ptr<SSLClientSocket> sock1; 2914 std::unique_ptr<SSLClientSocket> sock1;
2909 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( 2915 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
2910 client_config, &callback, &raw_transport1, &sock1)); 2916 client_config, &callback, &raw_transport1, &sock1));
2911 // Although raw_transport1 has the server Finished blocked, the handshake 2917 // Although raw_transport1 has the server Finished blocked, the handshake
2912 // still completes. 2918 // still completes.
2913 EXPECT_EQ(OK, callback.WaitForResult()); 2919 EXPECT_THAT(callback.WaitForResult(), IsOk());
2914 2920
2915 // Continue to block the client (|sock1|) from processing the Finished 2921 // Continue to block the client (|sock1|) from processing the Finished
2916 // message, but allow it to arrive on the socket. This ensures that, from the 2922 // message, but allow it to arrive on the socket. This ensures that, from the
2917 // server's point of view, it has completed the handshake and added the 2923 // server's point of view, it has completed the handshake and added the
2918 // session to its session cache. 2924 // session to its session cache.
2919 // 2925 //
2920 // The actual read on |sock1| will not complete until the Finished message is 2926 // The actual read on |sock1| will not complete until the Finished message is
2921 // processed; however, pump the underlying transport so that it is read from 2927 // processed; however, pump the underlying transport so that it is read from
2922 // the socket. NOTE: This may flakily pass if the server's final flight 2928 // the socket. NOTE: This may flakily pass if the server's final flight
2923 // doesn't come in one Read. 2929 // doesn't come in one Read.
2924 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 2930 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
2925 int rv = sock1->Read(buf.get(), 4096, callback.callback()); 2931 int rv = sock1->Read(buf.get(), 4096, callback.callback());
2926 EXPECT_EQ(ERR_IO_PENDING, rv); 2932 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2927 raw_transport1->WaitForReadResult(); 2933 raw_transport1->WaitForReadResult();
2928 2934
2929 // Drop the old socket. This is needed because the Python test server can't 2935 // Drop the old socket. This is needed because the Python test server can't
2930 // service two sockets in parallel. 2936 // service two sockets in parallel.
2931 sock1.reset(); 2937 sock1.reset();
2932 2938
2933 // Start a second connection. 2939 // Start a second connection.
2934 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 2940 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
2935 EXPECT_EQ(OK, rv); 2941 EXPECT_THAT(rv, IsOk());
2936 2942
2937 // No session resumption because the first connection never received a server 2943 // No session resumption because the first connection never received a server
2938 // Finished message. 2944 // Finished message.
2939 SSLInfo ssl_info; 2945 SSLInfo ssl_info;
2940 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2946 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2941 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2947 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2942 } 2948 }
2943 2949
2944 // Test that False Started sessions are not resumable if the server Finished 2950 // Test that False Started sessions are not resumable if the server Finished
2945 // message was bad. 2951 // message was bad.
(...skipping 11 matching lines...) Expand all
2957 client_config.npn_protos.push_back(kProtoHTTP11); 2963 client_config.npn_protos.push_back(kProtoHTTP11);
2958 2964
2959 // Start a handshake up to the server Finished message. 2965 // Start a handshake up to the server Finished message.
2960 TestCompletionCallback callback; 2966 TestCompletionCallback callback;
2961 FakeBlockingStreamSocket* raw_transport1 = NULL; 2967 FakeBlockingStreamSocket* raw_transport1 = NULL;
2962 std::unique_ptr<SSLClientSocket> sock1; 2968 std::unique_ptr<SSLClientSocket> sock1;
2963 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived( 2969 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
2964 client_config, &callback, &raw_transport1, &sock1)); 2970 client_config, &callback, &raw_transport1, &sock1));
2965 // Although raw_transport1 has the server Finished blocked, the handshake 2971 // Although raw_transport1 has the server Finished blocked, the handshake
2966 // still completes. 2972 // still completes.
2967 EXPECT_EQ(OK, callback.WaitForResult()); 2973 EXPECT_THAT(callback.WaitForResult(), IsOk());
2968 2974
2969 // Continue to block the client (|sock1|) from processing the Finished 2975 // Continue to block the client (|sock1|) from processing the Finished
2970 // message, but allow it to arrive on the socket. This ensures that, from the 2976 // message, but allow it to arrive on the socket. This ensures that, from the
2971 // server's point of view, it has completed the handshake and added the 2977 // server's point of view, it has completed the handshake and added the
2972 // session to its session cache. 2978 // session to its session cache.
2973 // 2979 //
2974 // The actual read on |sock1| will not complete until the Finished message is 2980 // The actual read on |sock1| will not complete until the Finished message is
2975 // processed; however, pump the underlying transport so that it is read from 2981 // processed; however, pump the underlying transport so that it is read from
2976 // the socket. 2982 // the socket.
2977 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); 2983 scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
2978 int rv = sock1->Read(buf.get(), 4096, callback.callback()); 2984 int rv = sock1->Read(buf.get(), 4096, callback.callback());
2979 EXPECT_EQ(ERR_IO_PENDING, rv); 2985 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2980 raw_transport1->WaitForReadResult(); 2986 raw_transport1->WaitForReadResult();
2981 2987
2982 // The server's second leg, or part of it, is now received but not yet sent to 2988 // The server's second leg, or part of it, is now received but not yet sent to
2983 // |sock1|. Before doing so, break the server's second leg. 2989 // |sock1|. Before doing so, break the server's second leg.
2984 int bytes_read = raw_transport1->pending_read_result(); 2990 int bytes_read = raw_transport1->pending_read_result();
2985 ASSERT_LT(0, bytes_read); 2991 ASSERT_LT(0, bytes_read);
2986 raw_transport1->pending_read_buf()->data()[bytes_read - 1]++; 2992 raw_transport1->pending_read_buf()->data()[bytes_read - 1]++;
2987 2993
2988 // Unblock the Finished message. |sock1->Read| should now fail. 2994 // Unblock the Finished message. |sock1->Read| should now fail.
2989 raw_transport1->UnblockReadResult(); 2995 raw_transport1->UnblockReadResult();
2990 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, callback.GetResult(rv)); 2996 EXPECT_THAT(callback.GetResult(rv), IsError(ERR_SSL_PROTOCOL_ERROR));
2991 2997
2992 // Drop the old socket. This is needed because the Python test server can't 2998 // Drop the old socket. This is needed because the Python test server can't
2993 // service two sockets in parallel. 2999 // service two sockets in parallel.
2994 sock1.reset(); 3000 sock1.reset();
2995 3001
2996 // Start a second connection. 3002 // Start a second connection.
2997 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3003 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
2998 EXPECT_EQ(OK, rv); 3004 EXPECT_THAT(rv, IsOk());
2999 3005
3000 // No session resumption because the first connection never received a server 3006 // No session resumption because the first connection never received a server
3001 // Finished message. 3007 // Finished message.
3002 SSLInfo ssl_info; 3008 SSLInfo ssl_info;
3003 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3009 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3004 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 3010 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3005 } 3011 }
3006 3012
3007 // Connect to a server using channel id. It should allow the connection. 3013 // Connect to a server using channel id. It should allow the connection.
3008 TEST_F(SSLClientSocketChannelIDTest, SendChannelID) { 3014 TEST_F(SSLClientSocketChannelIDTest, SendChannelID) {
3009 SpawnedTestServer::SSLOptions ssl_options; 3015 SpawnedTestServer::SSLOptions ssl_options;
3010 3016
3011 ASSERT_TRUE(StartTestServer(ssl_options)); 3017 ASSERT_TRUE(StartTestServer(ssl_options));
3012 3018
3013 EnableChannelID(); 3019 EnableChannelID();
3014 SSLConfig ssl_config; 3020 SSLConfig ssl_config;
3015 ssl_config.channel_id_enabled = true; 3021 ssl_config.channel_id_enabled = true;
3016 3022
3017 int rv; 3023 int rv;
3018 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3024 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3019 3025
3020 EXPECT_EQ(OK, rv); 3026 EXPECT_THAT(rv, IsOk());
3021 EXPECT_TRUE(sock_->IsConnected()); 3027 EXPECT_TRUE(sock_->IsConnected());
3022 SSLInfo ssl_info; 3028 SSLInfo ssl_info;
3023 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3029 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3024 EXPECT_TRUE(ssl_info.channel_id_sent); 3030 EXPECT_TRUE(ssl_info.channel_id_sent);
3025 3031
3026 sock_->Disconnect(); 3032 sock_->Disconnect();
3027 EXPECT_FALSE(sock_->IsConnected()); 3033 EXPECT_FALSE(sock_->IsConnected());
3028 } 3034 }
3029 3035
3030 // Connect to a server using Channel ID but failing to look up the Channel 3036 // Connect to a server using Channel ID but failing to look up the Channel
(...skipping 25 matching lines...) Expand all
3056 3062
3057 ASSERT_TRUE(StartTestServer(ssl_options)); 3063 ASSERT_TRUE(StartTestServer(ssl_options));
3058 3064
3059 EnableAsyncFailingChannelID(); 3065 EnableAsyncFailingChannelID();
3060 SSLConfig ssl_config; 3066 SSLConfig ssl_config;
3061 ssl_config.channel_id_enabled = true; 3067 ssl_config.channel_id_enabled = true;
3062 3068
3063 int rv; 3069 int rv;
3064 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3070 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3065 3071
3066 EXPECT_EQ(ERR_UNEXPECTED, rv); 3072 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
3067 EXPECT_FALSE(sock_->IsConnected()); 3073 EXPECT_FALSE(sock_->IsConnected());
3068 } 3074 }
3069 3075
3070 // Tests that session caches are sharded by whether Channel ID is enabled. 3076 // Tests that session caches are sharded by whether Channel ID is enabled.
3071 TEST_F(SSLClientSocketChannelIDTest, ChannelIDShardSessionCache) { 3077 TEST_F(SSLClientSocketChannelIDTest, ChannelIDShardSessionCache) {
3072 SpawnedTestServer::SSLOptions ssl_options; 3078 SpawnedTestServer::SSLOptions ssl_options;
3073 ASSERT_TRUE(StartTestServer(ssl_options)); 3079 ASSERT_TRUE(StartTestServer(ssl_options));
3074 3080
3075 EnableChannelID(); 3081 EnableChannelID();
3076 3082
(...skipping 21 matching lines...) Expand all
3098 server_options.npn_protocols.push_back(std::string("spdy/3.1")); 3104 server_options.npn_protocols.push_back(std::string("spdy/3.1"));
3099 server_options.npn_protocols.push_back(std::string("h2")); 3105 server_options.npn_protocols.push_back(std::string("h2"));
3100 ASSERT_TRUE(StartTestServer(server_options)); 3106 ASSERT_TRUE(StartTestServer(server_options));
3101 3107
3102 SSLConfig client_config; 3108 SSLConfig client_config;
3103 client_config.npn_protos.push_back(kProtoHTTP2); 3109 client_config.npn_protos.push_back(kProtoHTTP2);
3104 client_config.npn_protos.push_back(kProtoHTTP11); 3110 client_config.npn_protos.push_back(kProtoHTTP11);
3105 3111
3106 int rv; 3112 int rv;
3107 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3113 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3108 EXPECT_EQ(OK, rv); 3114 EXPECT_THAT(rv, IsOk());
3109 3115
3110 std::string proto; 3116 std::string proto;
3111 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); 3117 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto));
3112 EXPECT_EQ("h2", proto); 3118 EXPECT_EQ("h2", proto);
3113 } 3119 }
3114 3120
3115 // In case of no overlap between client and server list, SSLClientSocket should 3121 // In case of no overlap between client and server list, SSLClientSocket should
3116 // fall back to last one on the client list. 3122 // fall back to last one on the client list.
3117 TEST_F(SSLClientSocketTest, NPNNoOverlap) { 3123 TEST_F(SSLClientSocketTest, NPNNoOverlap) {
3118 SpawnedTestServer::SSLOptions server_options; 3124 SpawnedTestServer::SSLOptions server_options;
3119 server_options.npn_protocols.push_back(std::string("http/1.1")); 3125 server_options.npn_protocols.push_back(std::string("http/1.1"));
3120 ASSERT_TRUE(StartTestServer(server_options)); 3126 ASSERT_TRUE(StartTestServer(server_options));
3121 3127
3122 SSLConfig client_config; 3128 SSLConfig client_config;
3123 client_config.npn_protos.push_back(kProtoSPDY31); 3129 client_config.npn_protos.push_back(kProtoSPDY31);
3124 client_config.npn_protos.push_back(kProtoHTTP2); 3130 client_config.npn_protos.push_back(kProtoHTTP2);
3125 3131
3126 int rv; 3132 int rv;
3127 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3133 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3128 EXPECT_EQ(OK, rv); 3134 EXPECT_THAT(rv, IsOk());
3129 3135
3130 std::string proto; 3136 std::string proto;
3131 EXPECT_EQ(SSLClientSocket::kNextProtoNoOverlap, sock_->GetNextProto(&proto)); 3137 EXPECT_EQ(SSLClientSocket::kNextProtoNoOverlap, sock_->GetNextProto(&proto));
3132 EXPECT_EQ("h2", proto); 3138 EXPECT_EQ("h2", proto);
3133 } 3139 }
3134 3140
3135 // Server preference should be respected. The list is in decreasing order of 3141 // Server preference should be respected. The list is in decreasing order of
3136 // preference. 3142 // preference.
3137 TEST_F(SSLClientSocketTest, NPNServerPreference) { 3143 TEST_F(SSLClientSocketTest, NPNServerPreference) {
3138 SpawnedTestServer::SSLOptions server_options; 3144 SpawnedTestServer::SSLOptions server_options;
3139 server_options.npn_protocols.push_back(std::string("spdy/3.1")); 3145 server_options.npn_protocols.push_back(std::string("spdy/3.1"));
3140 server_options.npn_protocols.push_back(std::string("h2")); 3146 server_options.npn_protocols.push_back(std::string("h2"));
3141 ASSERT_TRUE(StartTestServer(server_options)); 3147 ASSERT_TRUE(StartTestServer(server_options));
3142 3148
3143 SSLConfig client_config; 3149 SSLConfig client_config;
3144 client_config.npn_protos.push_back(kProtoHTTP2); 3150 client_config.npn_protos.push_back(kProtoHTTP2);
3145 client_config.npn_protos.push_back(kProtoSPDY31); 3151 client_config.npn_protos.push_back(kProtoSPDY31);
3146 3152
3147 int rv; 3153 int rv;
3148 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3154 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3149 EXPECT_EQ(OK, rv); 3155 EXPECT_THAT(rv, IsOk());
3150 3156
3151 std::string proto; 3157 std::string proto;
3152 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto)); 3158 EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto));
3153 EXPECT_EQ("spdy/3.1", proto); 3159 EXPECT_EQ("spdy/3.1", proto);
3154 } 3160 }
3155 3161
3156 // If npn_protos.empty(), then NPN should be disabled, even if 3162 // If npn_protos.empty(), then NPN should be disabled, even if
3157 // !alpn_protos.empty(). Tlslite does not support ALPN, therefore if NPN is 3163 // !alpn_protos.empty(). Tlslite does not support ALPN, therefore if NPN is
3158 // disabled in the client, no protocol should be negotiated. 3164 // disabled in the client, no protocol should be negotiated.
3159 TEST_F(SSLClientSocketTest, NPNClientDisabled) { 3165 TEST_F(SSLClientSocketTest, NPNClientDisabled) {
3160 SpawnedTestServer::SSLOptions server_options; 3166 SpawnedTestServer::SSLOptions server_options;
3161 server_options.npn_protocols.push_back(std::string("http/1.1")); 3167 server_options.npn_protocols.push_back(std::string("http/1.1"));
3162 ASSERT_TRUE(StartTestServer(server_options)); 3168 ASSERT_TRUE(StartTestServer(server_options));
3163 3169
3164 SSLConfig client_config; 3170 SSLConfig client_config;
3165 client_config.alpn_protos.push_back(kProtoHTTP11); 3171 client_config.alpn_protos.push_back(kProtoHTTP11);
3166 3172
3167 int rv; 3173 int rv;
3168 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3174 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3169 EXPECT_EQ(OK, rv); 3175 EXPECT_THAT(rv, IsOk());
3170 3176
3171 std::string proto; 3177 std::string proto;
3172 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, 3178 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported,
3173 sock_->GetNextProto(&proto)); 3179 sock_->GetNextProto(&proto));
3174 } 3180 }
3175 3181
3176 TEST_F(SSLClientSocketTest, NPNServerDisabled) { 3182 TEST_F(SSLClientSocketTest, NPNServerDisabled) {
3177 SpawnedTestServer::SSLOptions server_options; 3183 SpawnedTestServer::SSLOptions server_options;
3178 ASSERT_TRUE(StartTestServer(server_options)); 3184 ASSERT_TRUE(StartTestServer(server_options));
3179 3185
3180 SSLConfig client_config; 3186 SSLConfig client_config;
3181 client_config.npn_protos.push_back(kProtoHTTP11); 3187 client_config.npn_protos.push_back(kProtoHTTP11);
3182 3188
3183 int rv; 3189 int rv;
3184 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3190 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3185 EXPECT_EQ(OK, rv); 3191 EXPECT_THAT(rv, IsOk());
3186 3192
3187 std::string proto; 3193 std::string proto;
3188 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, 3194 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported,
3189 sock_->GetNextProto(&proto)); 3195 sock_->GetNextProto(&proto));
3190 } 3196 }
3191 3197
3192 namespace { 3198 namespace {
3193 3199
3194 // Loads a PEM-encoded private key file into a SSLPrivateKey object. 3200 // Loads a PEM-encoded private key file into a SSLPrivateKey object.
3195 // |filepath| is the private key file path. 3201 // |filepath| is the private key file path.
(...skipping 25 matching lines...) Expand all
3221 // Connect to a server requesting client authentication, do not send 3227 // Connect to a server requesting client authentication, do not send
3222 // any client certificates. It should refuse the connection. 3228 // any client certificates. It should refuse the connection.
3223 TEST_F(SSLClientSocketTest, NoCert) { 3229 TEST_F(SSLClientSocketTest, NoCert) {
3224 SpawnedTestServer::SSLOptions ssl_options; 3230 SpawnedTestServer::SSLOptions ssl_options;
3225 ssl_options.request_client_certificate = true; 3231 ssl_options.request_client_certificate = true;
3226 ASSERT_TRUE(StartTestServer(ssl_options)); 3232 ASSERT_TRUE(StartTestServer(ssl_options));
3227 3233
3228 int rv; 3234 int rv;
3229 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); 3235 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3230 3236
3231 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); 3237 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3232 EXPECT_FALSE(sock_->IsConnected()); 3238 EXPECT_FALSE(sock_->IsConnected());
3233 } 3239 }
3234 3240
3235 // Connect to a server requesting client authentication, and send it 3241 // Connect to a server requesting client authentication, and send it
3236 // an empty certificate. 3242 // an empty certificate.
3237 TEST_F(SSLClientSocketTest, SendEmptyCert) { 3243 TEST_F(SSLClientSocketTest, SendEmptyCert) {
3238 SpawnedTestServer::SSLOptions ssl_options; 3244 SpawnedTestServer::SSLOptions ssl_options;
3239 ssl_options.request_client_certificate = true; 3245 ssl_options.request_client_certificate = true;
3240 ssl_options.client_authorities.push_back( 3246 ssl_options.client_authorities.push_back(
3241 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); 3247 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem"));
3242 3248
3243 ASSERT_TRUE(StartTestServer(ssl_options)); 3249 ASSERT_TRUE(StartTestServer(ssl_options));
3244 3250
3245 SSLConfig ssl_config; 3251 SSLConfig ssl_config;
3246 ssl_config.send_client_cert = true; 3252 ssl_config.send_client_cert = true;
3247 ssl_config.client_cert = nullptr; 3253 ssl_config.client_cert = nullptr;
3248 ssl_config.client_private_key = nullptr; 3254 ssl_config.client_private_key = nullptr;
3249 3255
3250 int rv; 3256 int rv;
3251 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3257 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3252 3258
3253 EXPECT_EQ(OK, rv); 3259 EXPECT_THAT(rv, IsOk());
3254 EXPECT_TRUE(sock_->IsConnected()); 3260 EXPECT_TRUE(sock_->IsConnected());
3255 3261
3256 SSLInfo ssl_info; 3262 SSLInfo ssl_info;
3257 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3263 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3258 EXPECT_FALSE(ssl_info.client_cert_sent); 3264 EXPECT_FALSE(ssl_info.client_cert_sent);
3259 } 3265 }
3260 3266
3261 // Connect to a server requesting client authentication. Send it a 3267 // Connect to a server requesting client authentication. Send it a
3262 // matching certificate. It should allow the connection. 3268 // matching certificate. It should allow the connection.
3263 TEST_F(SSLClientSocketTest, SendGoodCert) { 3269 TEST_F(SSLClientSocketTest, SendGoodCert) {
(...skipping 10 matching lines...) Expand all
3274 ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem"); 3280 ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem");
3275 3281
3276 // This is required to ensure that signing works with the client 3282 // This is required to ensure that signing works with the client
3277 // certificate's private key. 3283 // certificate's private key.
3278 ssl_config.client_private_key = 3284 ssl_config.client_private_key =
3279 LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")); 3285 LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3280 3286
3281 int rv; 3287 int rv;
3282 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3288 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3283 3289
3284 EXPECT_EQ(OK, rv); 3290 EXPECT_THAT(rv, IsOk());
3285 EXPECT_TRUE(sock_->IsConnected()); 3291 EXPECT_TRUE(sock_->IsConnected());
3286 3292
3287 SSLInfo ssl_info; 3293 SSLInfo ssl_info;
3288 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3294 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3289 EXPECT_TRUE(ssl_info.client_cert_sent); 3295 EXPECT_TRUE(ssl_info.client_cert_sent);
3290 3296
3291 sock_->Disconnect(); 3297 sock_->Disconnect();
3292 EXPECT_FALSE(sock_->IsConnected()); 3298 EXPECT_FALSE(sock_->IsConnected());
3293 } 3299 }
3294 3300
(...skipping 27 matching lines...) Expand all
3322 spawned_test_server()->host_port_pair().host(), 3328 spawned_test_server()->host_port_pair().host(),
3323 base::Time::Now() + base::TimeDelta::FromSeconds(10000), true, 3329 base::Time::Now() + base::TimeDelta::FromSeconds(10000), true,
3324 expected_hashes, GURL()); 3330 expected_hashes, GURL());
3325 3331
3326 SSLConfig ssl_config; 3332 SSLConfig ssl_config;
3327 int rv; 3333 int rv;
3328 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3334 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3329 SSLInfo ssl_info; 3335 SSLInfo ssl_info;
3330 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3336 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3331 3337
3332 EXPECT_EQ(OK, rv); 3338 EXPECT_THAT(rv, IsOk());
3333 EXPECT_TRUE(sock_->IsConnected()); 3339 EXPECT_TRUE(sock_->IsConnected());
3334 3340
3335 EXPECT_TRUE(ssl_info.pkp_bypassed); 3341 EXPECT_TRUE(ssl_info.pkp_bypassed);
3336 EXPECT_FALSE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); 3342 EXPECT_FALSE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3337 } 3343 }
3338 3344
3339 TEST_F(SSLClientSocketTest, PKPEnforced) { 3345 TEST_F(SSLClientSocketTest, PKPEnforced) {
3340 SpawnedTestServer::SSLOptions ssl_options; 3346 SpawnedTestServer::SSLOptions ssl_options;
3341 ASSERT_TRUE(StartTestServer(ssl_options)); 3347 ASSERT_TRUE(StartTestServer(ssl_options));
3342 scoped_refptr<X509Certificate> server_cert = 3348 scoped_refptr<X509Certificate> server_cert =
(...skipping 13 matching lines...) Expand all
3356 spawned_test_server()->host_port_pair().host(), 3362 spawned_test_server()->host_port_pair().host(),
3357 base::Time::Now() + base::TimeDelta::FromSeconds(10000), true, 3363 base::Time::Now() + base::TimeDelta::FromSeconds(10000), true,
3358 expected_hashes, GURL()); 3364 expected_hashes, GURL());
3359 3365
3360 SSLConfig ssl_config; 3366 SSLConfig ssl_config;
3361 int rv; 3367 int rv;
3362 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3368 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3363 SSLInfo ssl_info; 3369 SSLInfo ssl_info;
3364 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3370 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3365 3371
3366 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv); 3372 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
3367 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); 3373 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3368 EXPECT_TRUE(sock_->IsConnected()); 3374 EXPECT_TRUE(sock_->IsConnected());
3369 3375
3370 EXPECT_FALSE(ssl_info.pkp_bypassed); 3376 EXPECT_FALSE(ssl_info.pkp_bypassed);
3371 } 3377 }
3372 3378
3373 // Test that when CT is required (in this case, by the delegate), the 3379 // Test that when CT is required (in this case, by the delegate), the
3374 // absence of CT information is a socket error. 3380 // absence of CT information is a socket error.
3375 TEST_F(SSLClientSocketTest, CTIsRequired) { 3381 TEST_F(SSLClientSocketTest, CTIsRequired) {
3376 SpawnedTestServer::SSLOptions ssl_options; 3382 SpawnedTestServer::SSLOptions ssl_options;
(...skipping 23 matching lines...) Expand all
3400 DoesConformToCertPolicy(server_cert.get(), _, _)) 3406 DoesConformToCertPolicy(server_cert.get(), _, _))
3401 .WillRepeatedly( 3407 .WillRepeatedly(
3402 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); 3408 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS));
3403 3409
3404 SSLConfig ssl_config; 3410 SSLConfig ssl_config;
3405 int rv; 3411 int rv;
3406 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3412 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3407 SSLInfo ssl_info; 3413 SSLInfo ssl_info;
3408 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3414 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3409 3415
3410 EXPECT_EQ(ERR_CERTIFICATE_TRANSPARENCY_REQUIRED, rv); 3416 EXPECT_THAT(rv, IsError(ERR_CERTIFICATE_TRANSPARENCY_REQUIRED));
3411 EXPECT_TRUE(ssl_info.cert_status & 3417 EXPECT_TRUE(ssl_info.cert_status &
3412 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); 3418 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
3413 EXPECT_TRUE(sock_->IsConnected()); 3419 EXPECT_TRUE(sock_->IsConnected());
3414 } 3420 }
3415 3421
3416 // When both HPKP and CT are required for a host, and both fail, the more 3422 // When both HPKP and CT are required for a host, and both fail, the more
3417 // serious error is that the HPKP pin validation failed. 3423 // serious error is that the HPKP pin validation failed.
3418 TEST_F(SSLClientSocketTest, PKPMoreImportantThanCT) { 3424 TEST_F(SSLClientSocketTest, PKPMoreImportantThanCT) {
3419 SpawnedTestServer::SSLOptions ssl_options; 3425 SpawnedTestServer::SSLOptions ssl_options;
3420 ASSERT_TRUE(StartTestServer(ssl_options)); 3426 ASSERT_TRUE(StartTestServer(ssl_options));
(...skipping 30 matching lines...) Expand all
3451 DoesConformToCertPolicy(server_cert.get(), _, _)) 3457 DoesConformToCertPolicy(server_cert.get(), _, _))
3452 .WillRepeatedly( 3458 .WillRepeatedly(
3453 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS)); 3459 Return(ct::CertPolicyCompliance::CERT_POLICY_NOT_ENOUGH_SCTS));
3454 3460
3455 SSLConfig ssl_config; 3461 SSLConfig ssl_config;
3456 int rv; 3462 int rv;
3457 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3463 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3458 SSLInfo ssl_info; 3464 SSLInfo ssl_info;
3459 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3465 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3460 3466
3461 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv); 3467 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
3462 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); 3468 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3463 EXPECT_TRUE(ssl_info.cert_status & 3469 EXPECT_TRUE(ssl_info.cert_status &
3464 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); 3470 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
3465 EXPECT_TRUE(sock_->IsConnected()); 3471 EXPECT_TRUE(sock_->IsConnected());
3466 } 3472 }
3467 3473
3468 } // namespace net 3474 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_pool_unittest.cc ('k') | net/socket/ssl_server_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698