| Index: net/http/http_response_info_unittest.cc
|
| diff --git a/net/http/http_response_info_unittest.cc b/net/http/http_response_info_unittest.cc
|
| index c1f28f7cabe25797ec7832b2697ff962fe82aee3..3490834ccc7b692c3ad432697aa349fac4b2a44e 100644
|
| --- a/net/http/http_response_info_unittest.cc
|
| +++ b/net/http/http_response_info_unittest.cc
|
| @@ -8,7 +8,10 @@
|
| #include "net/cert/signed_certificate_timestamp.h"
|
| #include "net/cert/signed_certificate_timestamp_and_status.h"
|
| #include "net/http/http_response_headers.h"
|
| +#include "net/ssl/ssl_connection_status_flags.h"
|
| +#include "net/test/cert_test_util.h"
|
| #include "net/test/ct_test_util.h"
|
| +#include "net/test/test_data_directory.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
|
|
| namespace net {
|
| @@ -26,7 +29,7 @@ class HttpResponseInfoTest : public testing::Test {
|
| base::Pickle pickle;
|
| response_info.Persist(&pickle, false, false);
|
| bool truncated = false;
|
| - restored_response_info->InitFromPickle(pickle, &truncated);
|
| + EXPECT_TRUE(restored_response_info->InitFromPickle(pickle, &truncated));
|
| }
|
|
|
| HttpResponseInfo response_info_;
|
| @@ -96,9 +99,8 @@ TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredNotPersisted) {
|
| TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithInvalidSCTStatus) {
|
| // A valid certificate is needed for ssl_info.is_valid() to be true
|
| // so that the SCTs would be serialized.
|
| - const std::string der_test_cert(net::ct::GetDerEncodedX509Cert());
|
| - response_info_.ssl_info.cert = net::X509Certificate::CreateFromBytes(
|
| - der_test_cert.data(), der_test_cert.length());
|
| + response_info_.ssl_info.cert =
|
| + ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
|
|
|
| scoped_refptr<ct::SignedCertificateTimestamp> sct;
|
| ct::GetX509CertSCT(&sct);
|
| @@ -123,6 +125,68 @@ TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithInvalidSCTStatus) {
|
| restored_invalid_response.InitFromPickle(pickle_invalid, &truncated));
|
| }
|
|
|
| +// Test that key_exchange_group is preserved for ECDHE ciphers.
|
| +TEST_F(HttpResponseInfoTest, KeyExchangeGroupECDHE) {
|
| + response_info_.ssl_info.cert =
|
| + ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
|
| + SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
|
| + &response_info_.ssl_info.connection_status);
|
| + SSLConnectionStatusSetCipherSuite(
|
| + 0xcca8 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */,
|
| + &response_info_.ssl_info.connection_status);
|
| + response_info_.ssl_info.key_exchange_group = 23; // X25519
|
| + net::HttpResponseInfo restored_response_info;
|
| + PickleAndRestore(response_info_, &restored_response_info);
|
| + EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group);
|
| +}
|
| +
|
| +// Test that key_exchange_group is preserved for TLS 1.3.
|
| +TEST_F(HttpResponseInfoTest, KeyExchangeGroupTLS13) {
|
| + response_info_.ssl_info.cert =
|
| + ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
|
| + SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_3,
|
| + &response_info_.ssl_info.connection_status);
|
| + SSLConnectionStatusSetCipherSuite(0x1303 /* TLS_CHACHA20_POLY1305_SHA256 */,
|
| + &response_info_.ssl_info.connection_status);
|
| + response_info_.ssl_info.key_exchange_group = 23; // X25519
|
| + net::HttpResponseInfo restored_response_info;
|
| + PickleAndRestore(response_info_, &restored_response_info);
|
| + EXPECT_EQ(23, restored_response_info.ssl_info.key_exchange_group);
|
| +}
|
| +
|
| +// Test that key_exchange_group is discarded for non-ECDHE ciphers prior to TLS
|
| +// 1.3, to account for the historical key_exchange_info field. See
|
| +// https://crbug.com/639421.
|
| +TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoDHE) {
|
| + response_info_.ssl_info.cert =
|
| + ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
|
| + SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
|
| + &response_info_.ssl_info.connection_status);
|
| + SSLConnectionStatusSetCipherSuite(
|
| + 0x0093 /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */,
|
| + &response_info_.ssl_info.connection_status);
|
| + response_info_.ssl_info.key_exchange_group = 1024;
|
| + net::HttpResponseInfo restored_response_info;
|
| + PickleAndRestore(response_info_, &restored_response_info);
|
| + EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group);
|
| +}
|
| +
|
| +// Test that key_exchange_group is discarded for unknown ciphers prior to TLS
|
| +// 1.3, to account for the historical key_exchange_info field. See
|
| +// https://crbug.com/639421.
|
| +TEST_F(HttpResponseInfoTest, LegacyKeyExchangeInfoUnknown) {
|
| + response_info_.ssl_info.cert =
|
| + ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem");
|
| + SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
|
| + &response_info_.ssl_info.connection_status);
|
| + SSLConnectionStatusSetCipherSuite(0xffff,
|
| + &response_info_.ssl_info.connection_status);
|
| + response_info_.ssl_info.key_exchange_group = 1024;
|
| + net::HttpResponseInfo restored_response_info;
|
| + PickleAndRestore(response_info_, &restored_response_info);
|
| + EXPECT_EQ(0, restored_response_info.ssl_info.key_exchange_group);
|
| +}
|
| +
|
| } // namespace
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 2349713004:
Replace key_exchange_info with key_exchange_group. (Closed)
