| Index: net/http/http_network_transaction_unittest.cc
|
| diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc
|
| index 658dc7d69ab38736232b242408daa663d62b5009..414300e5b451165882f30a0e1d949df48cf36a16 100644
|
| --- a/net/http/http_network_transaction_unittest.cc
|
| +++ b/net/http/http_network_transaction_unittest.cc
|
| @@ -13095,166 +13095,6 @@ TEST_P(HttpNetworkTransactionTest, DoNotUseSpdySessionForHttp) {
|
| EXPECT_FALSE(trans2.GetResponseInfo()->was_fetched_via_spdy);
|
| }
|
|
|
| -class AltSvcCertificateVerificationTest : public HttpNetworkTransactionTest {
|
| - public:
|
| - void Run(bool pooling, bool valid) {
|
| - url::SchemeHostPort server(GURL(valid ? "https://mail.example.org:443"
|
| - : "https://invalid.example.org:443"));
|
| - HostPortPair alternative("www.example.org", 443);
|
| -
|
| - base::FilePath certs_dir = GetTestCertsDirectory();
|
| - scoped_refptr<X509Certificate> cert(
|
| - ImportCertFromFile(certs_dir, "spdy_pooling.pem"));
|
| - ASSERT_TRUE(cert);
|
| - bool common_name_fallback_used;
|
| - EXPECT_EQ(valid,
|
| - cert->VerifyNameMatch(server.host(), &common_name_fallback_used));
|
| - EXPECT_TRUE(
|
| - cert->VerifyNameMatch(alternative.host(), &common_name_fallback_used));
|
| - SSLSocketDataProvider ssl(ASYNC, OK);
|
| - ssl.SetNextProto(kProtoHTTP2);
|
| - ssl.cert = cert;
|
| - session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl);
|
| -
|
| - // If pooling, then start a request to alternative first to create a
|
| - // SpdySession.
|
| - std::string url0 = "https://www.example.org:443";
|
| - // Second request to server, which has an alternative service, and could
|
| - // open a connection to the alternative host or pool to the existing one.
|
| - std::string url1("https://");
|
| - url1.append(server.host());
|
| - url1.append(":443");
|
| -
|
| - std::unique_ptr<SpdySerializedFrame> req0;
|
| - std::unique_ptr<SpdySerializedFrame> req1;
|
| - std::unique_ptr<SpdySerializedFrame> resp0;
|
| - std::unique_ptr<SpdySerializedFrame> body0;
|
| - std::unique_ptr<SpdySerializedFrame> resp1;
|
| - std::unique_ptr<SpdySerializedFrame> body1;
|
| - std::vector<MockWrite> writes;
|
| - std::vector<MockRead> reads;
|
| -
|
| - if (pooling) {
|
| - req0.reset(spdy_util_.ConstructSpdyGet(url0.c_str(), 1, LOWEST));
|
| - spdy_util_.UpdateWithStreamDestruction(1);
|
| - req1.reset(spdy_util_.ConstructSpdyGet(url1.c_str(), 3, LOWEST));
|
| -
|
| - writes.push_back(CreateMockWrite(*req0, 0));
|
| - writes.push_back(CreateMockWrite(*req1, 3));
|
| -
|
| - resp0.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
|
| - body0.reset(spdy_util_.ConstructSpdyBodyFrame(1, true));
|
| - resp1.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 3));
|
| - body1.reset(spdy_util_.ConstructSpdyBodyFrame(3, true));
|
| -
|
| - reads.push_back(CreateMockRead(*resp0, 1));
|
| - reads.push_back(CreateMockRead(*body0, 2));
|
| - reads.push_back(MockRead(ASYNC, ERR_IO_PENDING, 4));
|
| - reads.push_back(CreateMockRead(*resp1, 5));
|
| - reads.push_back(CreateMockRead(*body1, 6));
|
| - reads.push_back(MockRead(ASYNC, OK, 7));
|
| - } else {
|
| - req1.reset(spdy_util_.ConstructSpdyGet(url1.c_str(), 1, LOWEST));
|
| -
|
| - writes.push_back(CreateMockWrite(*req1, 0));
|
| -
|
| - resp1.reset(spdy_util_.ConstructSpdyGetSynReply(NULL, 0, 1));
|
| - body1.reset(spdy_util_.ConstructSpdyBodyFrame(1, true));
|
| -
|
| - reads.push_back(CreateMockRead(*resp1, 1));
|
| - reads.push_back(CreateMockRead(*body1, 2));
|
| - reads.push_back(MockRead(ASYNC, OK, 3));
|
| - }
|
| -
|
| - SequencedSocketData data(reads.data(), reads.size(), writes.data(),
|
| - writes.size());
|
| - session_deps_.socket_factory->AddSocketDataProvider(&data);
|
| -
|
| - // Connection to the server fails.
|
| - MockConnect mock_connect(ASYNC, ERR_CONNECTION_REFUSED);
|
| - StaticSocketDataProvider data_refused;
|
| - data_refused.set_connect_data(mock_connect);
|
| - session_deps_.socket_factory->AddSocketDataProvider(&data_refused);
|
| -
|
| - std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_));
|
| - HttpServerProperties* http_server_properties =
|
| - session->http_server_properties();
|
| - AlternativeService alternative_service(
|
| - AlternateProtocolFromNextProto(kProtoHTTP2), alternative);
|
| - base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
|
| - http_server_properties->SetAlternativeService(server, alternative_service,
|
| - expiration);
|
| -
|
| - // First request to alternative.
|
| - if (pooling) {
|
| - std::unique_ptr<HttpTransaction> trans0(
|
| - new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
|
| - HttpRequestInfo request0;
|
| - request0.method = "GET";
|
| - request0.url = GURL(url0);
|
| - request0.load_flags = 0;
|
| - TestCompletionCallback callback0;
|
| -
|
| - int rv = trans0->Start(&request0, callback0.callback(), BoundNetLog());
|
| - EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
|
| - rv = callback0.WaitForResult();
|
| - EXPECT_THAT(rv, IsOk());
|
| - }
|
| -
|
| - // Second request to origin.
|
| - std::unique_ptr<HttpTransaction> trans1(
|
| - new HttpNetworkTransaction(DEFAULT_PRIORITY, session.get()));
|
| - HttpRequestInfo request1;
|
| - request1.method = "GET";
|
| - request1.url = GURL(url1);
|
| - request1.load_flags = 0;
|
| - TestCompletionCallback callback1;
|
| -
|
| - int rv = trans1->Start(&request1, callback1.callback(), BoundNetLog());
|
| - EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
|
| - base::RunLoop().RunUntilIdle();
|
| - if (data.IsPaused())
|
| - data.Resume();
|
| - rv = callback1.WaitForResult();
|
| - if (valid) {
|
| - EXPECT_THAT(rv, IsOk());
|
| - } else {
|
| - if (pooling) {
|
| - EXPECT_THAT(rv, IsError(ERR_CONNECTION_REFUSED));
|
| - } else {
|
| - EXPECT_THAT(rv, IsError(ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN));
|
| - }
|
| - }
|
| - }
|
| -};
|
| -
|
| -INSTANTIATE_TEST_CASE_P(ProtoPlusDepend,
|
| - AltSvcCertificateVerificationTest,
|
| - testing::Values(kTestCaseNoPriorityDependencies,
|
| - kTestCasePriorityDependencies));
|
| -
|
| -// The alternative service host must exhibit a certificate that is valid for the
|
| -// origin host. Test that this is enforced when pooling to an existing
|
| -// connection.
|
| -TEST_P(AltSvcCertificateVerificationTest, PoolingValid) {
|
| - Run(true, true);
|
| -}
|
| -
|
| -TEST_P(AltSvcCertificateVerificationTest, PoolingInvalid) {
|
| - Run(true, false);
|
| -}
|
| -
|
| -// The alternative service host must exhibit a certificate that is valid for the
|
| -// origin host. Test that this is enforced when opening a new connection.
|
| -TEST_P(AltSvcCertificateVerificationTest, NewConnectionValid) {
|
| - Run(false, true);
|
| -}
|
| -
|
| -// TODO(bnc): Re-enable when https://crbug.com/615413 is fixed.
|
| -TEST_P(AltSvcCertificateVerificationTest, DISABLED_NewConnectionInvalid) {
|
| - Run(false, false);
|
| -}
|
| -
|
| // Alternative service requires HTTP/2 (or SPDY), but HTTP/1.1 is negotiated
|
| // with the alternative server. That connection should not be used.
|
| TEST_P(HttpNetworkTransactionTest, AlternativeServiceNotOnHttp11) {
|
|
|
Chromium Code Reviews
Issue 2152453002:
Remove ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN error code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master