This CL adds unit tests for false start connections.

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include "base/callback_helpers.h"
 #include "base/memory/ref_counted.h"
 #include "base/run_loop.h"
 #include "base/time/time.h"
@@ skipping 340 matching lines @@
   // underlying transport until UnblockWrite() has been called. Note: if there
   // is a pending asynchronous write, it is NOT blocked. For purposes of
   // blocking writes, data is considered to have reached the underlying
   // transport as soon as Write() is called.
   void BlockWrite();
   void UnblockWrite();
 
   // Waits for the blocked Write() call to be scheduled.
   void WaitForWrite();
 
+  // Returns the wrapped stream socket.
+  StreamSocket* transport() { return transport_.get(); }
+
  private:
   // Handles completion from the underlying transport read.
   void OnReadCompleted(int result);
 
   // True if read callbacks are blocked.
   bool should_block_read_;
 
   // The user callback for the pending read call.
   CompletionCallback pending_read_callback_;
 
@@ skipping 418 matching lines @@
     sock->Disconnect();
     EXPECT_FALSE(sock->IsConnected());
     EXPECT_TRUE(
         test_server.host_port_pair().Equals(request_info->host_and_port));
 
     return request_info;
   }
 };
 
 class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
+ public:
+  SSLClientSocketFalseStartTest()
+      : monitor_handshake_callback_(false), expect_false_start_error_(false) {}
+
  protected:
   // Creates an SSLClientSocket with |client_config| attached to a
   // FakeBlockingStreamSocket, returning both in |*out_raw_transport| and
   // |*out_sock|. The FakeBlockingStreamSocket is owned by the SSLClientSocket,
   // so |*out_raw_transport| is a raw pointer.
   //
   // The client socket will begin a connect using |callback| but stop before the
   // server's finished message is received. The finished message will be blocked
   // in |*out_raw_transport|. To complete the handshake and successfully read
   // data, the caller must unblock reads on |*out_raw_transport|. (Note that, if
   // the client successfully false started, |callback.WaitForResult()| will
   // return OK without unblocking transport reads. But Read() will still block.)
   //
   // Must be called after StartTestServer is called.
   void CreateAndConnectUntilServerFinishedReceived(
       const SSLConfig& client_config,
       TestCompletionCallback* callback,
       FakeBlockingStreamSocket** out_raw_transport,
+      scoped_ptr<StreamSocket> real_transport,

[davidben, 2014/08/07 21:24:19]

Nit: Switch the order of out_raw_transport and real_transport. (So that the
input parameters all come before the output ones.)

       scoped_ptr<SSLClientSocket>* out_sock) {
     CHECK(test_server());
 
-    scoped_ptr<StreamSocket> real_transport(
-        new TCPClientSocket(addr(), NULL, NetLog::Source()));
     scoped_ptr<FakeBlockingStreamSocket> transport(
         new FakeBlockingStreamSocket(real_transport.Pass()));
     int rv = callback->GetResult(transport->Connect(callback->callback()));
     EXPECT_EQ(OK, rv);
 
     FakeBlockingStreamSocket* raw_transport = transport.get();
     scoped_ptr<SSLClientSocket> sock =
         CreateSSLClientSocket(transport.PassAs<StreamSocket>(),
                               test_server()->host_port_pair(),
                               client_config);
 
+    if (monitor_handshake_callback_) {
+      sock->SetHandshakeCompletionCallback(
+          base::Bind(&SSLClientSocketTest::RecordCompletedHandshake,
+                     base::Unretained(this)));
+    }
+
     // Connect. Stop before the client processes the first server leg
     // (ServerHello, etc.)
     raw_transport->BlockReadResult();
     rv = sock->Connect(callback->callback());
     EXPECT_EQ(ERR_IO_PENDING, rv);
     raw_transport->WaitForReadResult();
 
     // Release the ServerHello and wait for the client to write
     // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the
     // server's leg to complete, since it may span multiple reads.)
     EXPECT_FALSE(callback->have_result());
     raw_transport->BlockWrite();
     raw_transport->UnblockReadResult();
     raw_transport->WaitForWrite();
 
+    if (expect_false_start_error_) {

[davidben, 2014/08/07 21:24:19]

So this is a little odd in that, if |expect_false_start_error_| is true, it
assumes that |real_transport| is a SynchronousErrorStreamSocket rather than a
generic StreamSocket. I was actually thinking you'd call SetNextReadError
outside of CreateAndConnectUntilServerFinishedReceived (Aaah that function name.
I should have picked something shorter. :-) ).

But now that I look at UnblockWrite, that probably wouldn't work. Sorry, my
fault. I did not realize that, by calling UnblockWrite, we'd likely immediately
run the OpenSSL state machine (by virtue of running the callback on line 499),
causing SSLClientSocket to call Read no the transport earlier.

Option 1: I suspect if you change that line to

  // Defer running the callback by an event loop iteration so the
  // caller has a chance to affect the next read.
  base::MessageLoop::current()->PostTask(
      FROM_HERE, base::Bind(
          base::ResetAndReturn(&pending_write_callback_), rv));

it wouldn't break other tests and you could move the SetNextReadError call to
TestFalseStart...

Option 2: ...but I'm fine with just having
CreateAndConnectUntilServerFinishedReceived also handle the false start error
case. (I.e. disregard my suggestion of passing real_transport in as a parameter.
I didn't realize UnblockWrite worked that way.) In that case you can rename
expect_false_start_error_ to maybe fail_handshake_after_false_start_, always
wrap real_transport in a SynchronousErrorStreamSocket before wrapping in a
FakeBlockingStreamSocket, and then do all your SetNextReadError logic in there.
Then you wouldn't need to change the other tests.

+      SynchronousErrorStreamSocket* error_socket =
+          static_cast<SynchronousErrorStreamSocket*>(
+              raw_transport->transport());
+      error_socket->SetNextReadError(ERR_CONNECTION_RESET);
+    }
     // And, finally, release that and block the next server leg
     // (ChangeCipherSpec, Finished).
     raw_transport->BlockReadResult();
     raw_transport->UnblockWrite();
 
     *out_raw_transport = raw_transport;
     *out_sock = sock.Pass();
   }
 
   void TestFalseStart(const SpawnedTestServer::SSLOptions& server_options,
                       const SSLConfig& client_config,
                       bool expect_false_start) {
     ASSERT_TRUE(StartTestServer(server_options));
 
     TestCompletionCallback callback;
     FakeBlockingStreamSocket* raw_transport = NULL;
     scoped_ptr<SSLClientSocket> sock;
-    ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
-        client_config, &callback, &raw_transport, &sock));
+    scoped_ptr<StreamSocket> real_transport = scoped_ptr<StreamSocket>(
+        new TCPClientSocket(addr(), NULL, NetLog::Source()));
+    if (expect_false_start_error_)
+      real_transport.reset(
+          new SynchronousErrorStreamSocket(real_transport.Pass()));
+
+    ASSERT_NO_FATAL_FAILURE(
+        CreateAndConnectUntilServerFinishedReceived(client_config,
+                                                    &callback,
+                                                    &raw_transport,
+                                                    real_transport.Pass(),
+                                                    &sock));
 
     if (expect_false_start) {
       // When False Starting, the handshake should complete before receiving the
       // Change Cipher Spec and Finished messages.
       //
       // Note: callback.have_result() may not be true without waiting. The NSS
       // state machine sometimes lives on a separate thread, so this thread may
       // not yet have processed the signal that the handshake has completed.
       int rv = callback.WaitForResult();
       EXPECT_EQ(OK, rv);
@@ skipping 12 matching lines @@
       EXPECT_EQ(kRequestTextSize, rv);
 
       // The read will hang; it's waiting for the peer to complete the
       // handshake, and the handshake is still blocked.
       scoped_refptr<IOBuffer> buf(new IOBuffer(4096));
       rv = sock->Read(buf.get(), 4096, callback.callback());
 
       // After releasing reads, the connection proceeds.
       raw_transport->UnblockReadResult();
       rv = callback.GetResult(rv);
-      EXPECT_LT(0, rv);
+      if (expect_false_start_error_)
+        EXPECT_EQ(ERR_CONNECTION_RESET, rv);
+      else
+        EXPECT_LT(0, rv);
     } else {
       // False Start is not enabled, so the handshake will not complete because
       // the server second leg is blocked.
       base::RunLoop().RunUntilIdle();
       EXPECT_FALSE(callback.have_result());
     }
   }
+
+  // Indicates that the socket's handshake completion callback should
+  // be monitored.
+  bool monitor_handshake_callback_;
+  // Indicates that this test's handshake should fail after the client
+  // "finished" message is sent.
+  bool expect_false_start_error_;
 };
 
 class SSLClientSocketChannelIDTest : public SSLClientSocketTest {
  protected:
   void EnableChannelID() {
     channel_id_service_.reset(
         new ChannelIDService(new DefaultChannelIDStore(NULL),
                              base::MessageLoopProxy::current()));
     context_.channel_id_service = channel_id_service_.get();
   }
@@ skipping 1846 matching lines @@
 
   if (sock->IsConnected())
     LOG(ERROR) << "SSL Socket prematurely connected";
 
   rv = callback.GetResult(sock->Connect(callback.callback()));
 
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(sock->IsConnected());
   EXPECT_TRUE(ran_handshake_completion_callback_);
 }
+
+TEST_F(SSLClientSocketFalseStartTest,
+       HandshakeCallbackIsRun_WithFalseStartFailure) {
+  // False Start requires NPN and a forward-secret cipher suite.
+  SpawnedTestServer::SSLOptions server_options;
+  server_options.key_exchanges =
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+  server_options.enable_npn = true;
+  SSLConfig client_config;
+  client_config.next_protos.push_back("http/1.1");
+  monitor_handshake_callback_ = true;
+  expect_false_start_error_ = true;
+  ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true));
+  ASSERT_TRUE(ran_handshake_completion_callback_);
+}
+
+TEST_F(SSLClientSocketFalseStartTest,
+       HandshakeCallbackIsRun_WithFalseStartSuccess) {
+  // False Start requires NPN and a forward-secret cipher suite.
+  SpawnedTestServer::SSLOptions server_options;
+  server_options.key_exchanges =
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+  server_options.enable_npn = true;
+  SSLConfig client_config;
+  client_config.next_protos.push_back("http/1.1");
+  monitor_handshake_callback_ = true;
+  ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, true));
+  ASSERT_TRUE(ran_handshake_completion_callback_);
+}
 #endif  // defined(USE_OPENSSL)
 
 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
   // False Start requires NPN and a forward-secret cipher suite.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
   server_options.enable_npn = true;
   SSLConfig client_config;
   client_config.next_protos.push_back("http/1.1");
@@ skipping 64 matching lines @@
   server_options.enable_npn = true;
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
   client_config.next_protos.push_back("http/1.1");
 
   // Start a handshake up to the server Finished message.
   TestCompletionCallback callback;
   FakeBlockingStreamSocket* raw_transport1;
   scoped_ptr<SSLClientSocket> sock1;
-  ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
-      client_config, &callback, &raw_transport1, &sock1));
+  scoped_ptr<StreamSocket> real_transport(
+      new TCPClientSocket(addr(), NULL, NetLog::Source()));
+  ASSERT_NO_FATAL_FAILURE(
+      CreateAndConnectUntilServerFinishedReceived(client_config,
+                                                  &callback,
+                                                  &raw_transport1,
+                                                  real_transport.Pass(),
+                                                  &sock1));
   // Although raw_transport1 has the server Finished blocked, the handshake
   // still completes.
   EXPECT_EQ(OK, callback.WaitForResult());
 
   // Drop the old socket. This is needed because the Python test server can't
   // service two sockets in parallel.
   sock1.reset();
 
   // Start a second connection.
   scoped_ptr<StreamSocket> transport2(
@@ skipping 65 matching lines @@
   ssl_config.channel_id_enabled = true;
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
 
   EXPECT_EQ(ERR_UNEXPECTED, rv);
   EXPECT_FALSE(sock_->IsConnected());
 }
 
 }  // namespace net