Remove ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN error code.

net/http/http_network_transaction_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <math.h>  // ceil
 #include <stdarg.h>
 #include <stdint.h>
 
@@ skipping 13077 matching lines @@
   HttpNetworkTransaction trans2(MEDIUM, session.get());
   TestCompletionCallback callback2;
   EXPECT_EQ(ERR_IO_PENDING,
             trans2.Start(&request2, callback2.callback(), BoundNetLog()));
   base::RunLoop().RunUntilIdle();
 
   EXPECT_THAT(callback2.WaitForResult(), IsOk());
   EXPECT_FALSE(trans2.GetResponseInfo()->was_fetched_via_spdy);
 }
 
-class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
- public:
-  void Run(bool pooling, bool valid) {
-    url::SchemeHostPort server(GURL(valid ? "https://mail.example.org:443"
-                                          : "https://invalid.example.org:443"));
-    HostPortPair alternative("www.example.org", 443);
-
-    base::FilePath certs_dir = GetTestCertsDirectory();
-    scoped_refptr<X509Certificate> cert(
-        ImportCertFromFile(certs_dir, "spdy_pooling.pem"));
-    ASSERT_TRUE(cert);
-    bool common_name_fallback_used;
-    EXPECT_EQ(valid,
-              cert->VerifyNameMatch(server.host(), &common_name_fallback_used));
-    EXPECT_TRUE(
-        cert->VerifyNameMatch(alternative.host(), &common_name_fallback_used));
-    SSLSocketDataProvider ssl(ASYNC, OK);
-    ssl.SetNextProto(kProtoHTTP2);
-    ssl.cert = cert;
-    session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
-
-    // If pooling, then start a request to alternative first to create a
-    // SpdySession.
-    std::string url0 = "https://www.example.org:443";
-    // Second request to server, which has an alternative service, and could
-    // open a connection to the alternative host or pool to the existing one.
-    std::string url1("https://");
-    url1.append(server.host());
-    url1.append(":443");
-
-    std::unique_ptr<SpdySerializedFrame> req0;
-    std::unique_ptr<SpdySerializedFrame> req1;
-    std::unique_ptr<SpdySerializedFrame> resp0;
-    std::unique_ptr<SpdySerializedFrame> body0;
-    std::unique_ptr<SpdySerializedFrame> resp1;
-    std::unique_ptr<SpdySerializedFrame> body1;
-    std::vector<MockWrite> writes;
-    std::vector<MockRead> reads;
-
-    if (pooling) {
-      req0.reset(spdy_util_.ConstructSpdyGet(url0.c_str(), 1, LOWEST));
-      spdy_util_.UpdateWithStreamDestruction(1);
-      req1.reset(spdy_util_.ConstructSpdyGet(url1.c_str(), 3, LOWEST));
-
-      writes.push_back(CreateMockWrite(*req0, 0));
-      writes.push_back(CreateMockWrite(*req1, 3));
-
-      resp0.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-      body0.reset(spdy_util_.ConstructSpdyBodyFrame(1, true));
-      resp1.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
-      body1.reset(spdy_util_.ConstructSpdyBodyFrame(3, true));
-
-      reads.push_back(CreateMockRead(*resp0, 1));
-      reads.push_back(CreateMockRead(*body0, 2));
-      reads.push_back(MockRead(ASYNC, ERR_IO_PENDING, 4));
-      reads.push_back(CreateMockRead(*resp1, 5));
-      reads.push_back(CreateMockRead(*body1, 6));
-      reads.push_back(MockRead(ASYNC, OK, 7));
-    } else {
-      req1.reset(spdy_util_.ConstructSpdyGet(url1.c_str(), 1, LOWEST));
-
-      writes.push_back(CreateMockWrite(*req1, 0));
-
-      resp1.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
-      body1.reset(spdy_util_.ConstructSpdyBodyFrame(1, true));
-
-      reads.push_back(CreateMockRead(*resp1, 1));
-      reads.push_back(CreateMockRead(*body1, 2));
-      reads.push_back(MockRead(ASYNC, OK, 3));
-    }
-
-    SequencedSocketData data(reads.data(), reads.size(), writes.data(),
-                             writes.size());
-    session_deps_.socket_factory->AddSocketDataProvider(&data);
-
-    // Connection to the server fails.
-    MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED);
-    StaticSocketDataProvider data_refused;
-    data_refused.set_connect_data(mock_connect);
-    session_deps_.socket_factory->AddSocketDataProvider(&data_refused);
-
-    std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
-    HttpServerProperties* http_server_properties =
-        session->http_server_properties();
-    AlternativeService alternative_service(
-        AlternateProtocolFromNextProto(kProtoHTTP2), alternative);
-    base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
-    http_server_properties->SetAlternativeService(server, alternative_service,
-                                                  expiration);
-
-    // First request to alternative.
-    if (pooling) {
-      std::unique_ptr<HttpTransaction> trans0(
-          new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
-      HttpRequestInfo request0;
-      request0.method = "GET";
-      request0.url = GURL(url0);
-      request0.load_flags = 0;
-      TestCompletionCallback callback0;
-
-      int rv = trans0->Start(&request0, callback0.callback(), BoundNetLog());
-      EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
-      rv = callback0.WaitForResult();
-      EXPECT_THAT(rv, IsOk());
-    }
-
-    // Second request to origin.
-    std::unique_ptr<HttpTransaction> trans1(
-        new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
-    HttpRequestInfo request1;
-    request1.method = "GET";
-    request1.url = GURL(url1);
-    request1.load_flags = 0;
-    TestCompletionCallback callback1;
-
-    int rv = trans1->Start(&request1, callback1.callback(), BoundNetLog());
-    EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
-    base::RunLoop().RunUntilIdle();
-    if (data.IsPaused())
-      data.Resume();
-    rv = callback1.WaitForResult();
-    if (valid) {
-      EXPECT_THAT(rv, IsOk());
-    } else {
-      if (pooling) {
-        EXPECT_THAT(rv, IsError(ERR_CONNECTION_REFUSED));
-      } else {
-        EXPECT_THAT(rv, IsError(ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN));
-      }
-    }
-  }
-};
-
-INSTANTIATE_TEST_CASE_P(ProtoPlusDepend,
-                        AltSvcCertificateVerificationTest,
-                        testing::Values(kTestCaseNoPriorityDependencies,
-                                        kTestCasePriorityDependencies));
-
-// The alternative service host must exhibit a certificate that is valid for the
-// origin host.  Test that this is enforced when pooling to an existing
-// connection.
-TEST_P(AltSvcCertificateVerificationTest, PoolingValid) {
-  Run(true, true);
-}
-
-TEST_P(AltSvcCertificateVerificationTest, PoolingInvalid) {
-  Run(true, false);
-}
-
-// The alternative service host must exhibit a certificate that is valid for the
-// origin host.  Test that this is enforced when opening a new connection.
-TEST_P(AltSvcCertificateVerificationTest, NewConnectionValid) {
-  Run(false, true);
-}
-
-// TODO(bnc): Re-enable when https://crbug.com/615413 is fixed.
-TEST_P(AltSvcCertificateVerificationTest, DISABLED_NewConnectionInvalid) {
-  Run(false, false);
-}
-
 // Alternative service requires HTTP/2 (or SPDY), but HTTP/1.1 is negotiated
 // with the alternative server.  That connection should not be used.
 TEST_P(HttpNetworkTransactionTest, AlternativeServiceNotOnHttp11) {
   url::SchemeHostPort server("https", "www.example.org", 443);
   HostPortPair alternative("www.example.org", 444);
 
   // Negotiate HTTP/1.1 with alternative.
   SSLSocketDataProvider ssl(ASYNC, OK);
   ssl.SetNextProto(kProtoHTTP11);
   session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
@@ skipping 2476 matching lines @@
   base::RunLoop().RunUntilIdle();
 
   EXPECT_TRUE(trans.GetResponseInfo()->was_fetched_via_spdy);
   HttpRequestHeaders headers;
   ASSERT_TRUE(trans.GetFullRequestHeaders(&headers));
   EXPECT_TRUE(headers.HasHeader(HttpRequestHeaders::kTokenBinding));
 }
 #endif  // !defined(OS_IOS)
 
 }  // namespace net