Fix SSLClientSocketOpenSSL error-handling for Channel ID.

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include "base/callback_helpers.h"
 #include "base/memory/ref_counted.h"
 #include "base/run_loop.h"
 #include "base/time/time.h"
@@ skipping 602 matching lines @@
                                        base::Time delete_end,
                                        const base::Closure& completion_callback)
       OVERRIDE {}
   virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {}
   virtual void GetAllServerBoundCerts(const GetCertListCallback& callback)
       OVERRIDE {}
   virtual int GetCertCount() OVERRIDE { return 0; }
   virtual void SetForceKeepSessionState() OVERRIDE {}
 };
 
+// A ServerBoundCertStore that asynchronously returns an error when asked for a
+// certificate.
+class AsyncFailingServerBoundCertStore : public ServerBoundCertStore {
+  virtual int GetServerBoundCert(const std::string& server_identifier,
+                                 base::Time* expiration_time,
+                                 std::string* private_key_result,
+                                 std::string* cert_result,
+                                 const GetCertCallback& callback) OVERRIDE {
+    base::MessageLoop::current()->PostTask(
+        FROM_HERE, base::Bind(callback, ERR_UNEXPECTED,
+                              server_identifier, base::Time(), "", ""));
+    return ERR_IO_PENDING;
+  }
+  virtual void SetServerBoundCert(const std::string& server_identifier,
+                                  base::Time creation_time,
+                                  base::Time expiration_time,
+                                  const std::string& private_key,
+                                  const std::string& cert) OVERRIDE {}
+  virtual void DeleteServerBoundCert(const std::string& server_identifier,
+                                     const base::Closure& completion_callback)
+      OVERRIDE {}
+  virtual void DeleteAllCreatedBetween(base::Time delete_begin,
+                                       base::Time delete_end,
+                                       const base::Closure& completion_callback)
+      OVERRIDE {}
+  virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {}
+  virtual void GetAllServerBoundCerts(const GetCertListCallback& callback)
+      OVERRIDE {}
+  virtual int GetCertCount() OVERRIDE { return 0; }
+  virtual void SetForceKeepSessionState() OVERRIDE {}
+};
+
 class SSLClientSocketTest : public PlatformTest {
  public:
   SSLClientSocketTest()
       : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
         cert_verifier_(new MockCertVerifier),
         transport_security_state_(new TransportSecurityState) {
     cert_verifier_->set_default_result(OK);
     context_.cert_verifier = cert_verifier_.get();
     context_.transport_security_state = transport_security_state_.get();
   }
@@ skipping 244 matching lines @@
                                    base::MessageLoopProxy::current()));
     context_.server_bound_cert_service = cert_service_.get();
   }
 
   void EnableFailingChannelID() {
     cert_service_.reset(new ServerBoundCertService(
         new FailingServerBoundCertStore(), base::MessageLoopProxy::current()));
     context_.server_bound_cert_service = cert_service_.get();
   }
 
+  void EnableAsyncFailingChannelID() {
+    cert_service_.reset(new ServerBoundCertService(
+        new AsyncFailingServerBoundCertStore(),
+        base::MessageLoopProxy::current()));
+    context_.server_bound_cert_service = cert_service_.get();
+  }
+
  private:
   scoped_ptr<ServerBoundCertService> cert_service_;
 };
 
 //-----------------------------------------------------------------------------
 
 // LogContainsSSLConnectEndEvent returns true if the given index in the given
 // log is an SSL connect end event. The NSS sockets will cork in an attempt to
 // merge the first application data record with the Finished message when false
 // starting. However, in order to avoid the server timing out the handshake,
@@ skipping 1814 matching lines @@
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
 
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(sock_->IsConnected());
   EXPECT_TRUE(sock_->WasChannelIDSent());
 
   sock_->Disconnect();
   EXPECT_FALSE(sock_->IsConnected());
 }
 
-// Connect to a server using channel id but without sending a key. It should
-// fail.
+// Connect to a server using Channel ID but failing to look up the Channel
+// ID. It should fail.
 TEST_F(SSLClientSocketChannelIDTest, FailingChannelID) {
   SpawnedTestServer::SSLOptions ssl_options;
 
   ASSERT_TRUE(ConnectToTestServer(ssl_options));
 
   EnableFailingChannelID();
   SSLConfig ssl_config = kDefaultSSLConfig;
   ssl_config.channel_id_enabled = true;
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
 
   // TODO(haavardm@opera.com): Due to differences in threading, Linux returns
   // ERR_UNEXPECTED while Mac and Windows return ERR_PROTOCOL_ERROR. Accept all
   // error codes for now.
   // http://crbug.com/373670
   EXPECT_NE(OK, rv);
   EXPECT_FALSE(sock_->IsConnected());
 }
 
+// Connect to a server using Channel ID but asynchronously failing to look up
+// the Channel ID. It should fail.
+TEST_F(SSLClientSocketChannelIDTest, FailingChannelIDAsync) {
+  SpawnedTestServer::SSLOptions ssl_options;
+
+  ASSERT_TRUE(ConnectToTestServer(ssl_options));
+
+  EnableAsyncFailingChannelID();
+  SSLConfig ssl_config = kDefaultSSLConfig;
+  ssl_config.channel_id_enabled = true;
+
+  int rv;
+  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+
+  EXPECT_EQ(ERR_UNEXPECTED, rv);
+  EXPECT_FALSE(sock_->IsConnected());
+}
+
 }  // namespace net