| Index: trunk/src/net/spdy/spdy_session_unittest.cc
|
| ===================================================================
|
| --- trunk/src/net/spdy/spdy_session_unittest.cc (revision 290384)
|
| +++ trunk/src/net/spdy/spdy_session_unittest.cc (working copy)
|
| @@ -4,6 +4,7 @@
|
|
|
| #include "net/spdy/spdy_session.h"
|
|
|
| +#include "base/base64.h"
|
| #include "base/bind.h"
|
| #include "base/callback.h"
|
| #include "base/memory/scoped_ptr.h"
|
| @@ -2375,7 +2376,7 @@
|
| EXPECT_TRUE(session == NULL);
|
| }
|
|
|
| -TEST_P(SpdySessionTest, DISABLED_VerifyDomainAuthentication) {
|
| +TEST_P(SpdySessionTest, VerifyDomainAuthentication) {
|
| session_deps_.host_resolver->set_synchronous_mode(true);
|
|
|
| MockConnect connect_data(SYNCHRONOUS, OK);
|
| @@ -2417,8 +2418,7 @@
|
| EXPECT_FALSE(session->VerifyDomainAuthentication("mail.google.com"));
|
| }
|
|
|
| -// TODO(rch): re-enable this.
|
| -TEST_P(SpdySessionTest, DISABLED_ConnectionPooledWithTlsChannelId) {
|
| +TEST_P(SpdySessionTest, ConnectionPooledWithTlsChannelId) {
|
| session_deps_.host_resolver->set_synchronous_mode(true);
|
|
|
| MockConnect connect_data(SYNCHRONOUS, OK);
|
| @@ -5001,4 +5001,108 @@
|
| CHECK_EQ(GOAWAY_PROTOCOL_ERROR, MapNetErrorToGoAwayStatus(ERR_UNEXPECTED));
|
| }
|
|
|
| +TEST(CanPoolTest, CanPool) {
|
| + // Load a cert that is valid for:
|
| + // www.example.org
|
| + // mail.example.org
|
| + // www.example.com
|
| +
|
| + TransportSecurityState tss;
|
| + SSLInfo ssl_info;
|
| + ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
|
| + "spdy_pooling.pem");
|
| +
|
| + EXPECT_TRUE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "www.example.org"));
|
| + EXPECT_TRUE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.org"));
|
| + EXPECT_TRUE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.com"));
|
| + EXPECT_FALSE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.google.com"));
|
| +}
|
| +
|
| +TEST(CanPoolTest, CanNotPoolWithCertErrors) {
|
| + // Load a cert that is valid for:
|
| + // www.example.org
|
| + // mail.example.org
|
| + // www.example.com
|
| +
|
| + TransportSecurityState tss;
|
| + SSLInfo ssl_info;
|
| + ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
|
| + "spdy_pooling.pem");
|
| + ssl_info.cert_status = CERT_STATUS_REVOKED;
|
| +
|
| + EXPECT_FALSE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.org"));
|
| +}
|
| +
|
| +TEST(CanPoolTest, CanNotPoolWithClientCerts) {
|
| + // Load a cert that is valid for:
|
| + // www.example.org
|
| + // mail.example.org
|
| + // www.example.com
|
| +
|
| + TransportSecurityState tss;
|
| + SSLInfo ssl_info;
|
| + ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
|
| + "spdy_pooling.pem");
|
| + ssl_info.client_cert_sent = true;
|
| +
|
| + EXPECT_FALSE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.org"));
|
| +}
|
| +
|
| +TEST(CanPoolTest, CanNotPoolAcrossETLDsWithChannelID) {
|
| + // Load a cert that is valid for:
|
| + // www.example.org
|
| + // mail.example.org
|
| + // www.example.com
|
| +
|
| + TransportSecurityState tss;
|
| + SSLInfo ssl_info;
|
| + ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
|
| + "spdy_pooling.pem");
|
| + ssl_info.channel_id_sent = true;
|
| +
|
| + EXPECT_TRUE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.org"));
|
| + EXPECT_FALSE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "www.example.com"));
|
| +}
|
| +
|
| +TEST(CanPoolTest, CanNotPoolWithBadPins) {
|
| + uint8 primary_pin = 1;
|
| + uint8 backup_pin = 2;
|
| + uint8 bad_pin = 3;
|
| + TransportSecurityState tss;
|
| + test::AddPin(&tss, "mail.example.org", primary_pin, backup_pin);
|
| +
|
| + SSLInfo ssl_info;
|
| + ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
|
| + "spdy_pooling.pem");
|
| + ssl_info.is_issued_by_known_root = true;
|
| + ssl_info.public_key_hashes.push_back(test::GetTestHashValue(bad_pin));
|
| +
|
| + EXPECT_FALSE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.org"));
|
| +}
|
| +
|
| +TEST(CanPoolTest, CanPoolWithAcceptablePins) {
|
| + uint8 primary_pin = 1;
|
| + uint8 backup_pin = 2;
|
| + TransportSecurityState tss;
|
| + test::AddPin(&tss, "mail.example.org", primary_pin, backup_pin);
|
| +
|
| + SSLInfo ssl_info;
|
| + ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(),
|
| + "spdy_pooling.pem");
|
| + ssl_info.is_issued_by_known_root = true;
|
| + ssl_info.public_key_hashes.push_back(test::GetTestHashValue(primary_pin));
|
| +
|
| + EXPECT_TRUE(SpdySession::CanPool(
|
| + &tss, ssl_info, "www.example.org", "mail.example.org"));
|
| +}
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 483963002:
Revert 290384 "Revert 289433 "Refactor pooling logic into a help..." (Closed)
Base URL: svn://svn.chromium.org/chrome/