Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1899)

Unified Diff: net/quic/crypto/quic_crypto_server_config_test.cc

Issue 839143002: Roll Chrome into Mojo. (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Rebase Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/congestion_control/rtt_stats.h ('k') | net/quic/quic_client_session.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_server_config_test.cc
diff --git a/net/quic/crypto/quic_crypto_server_config_test.cc b/net/quic/crypto/quic_crypto_server_config_test.cc
index 69481651e49c4f9e942a8ebc462c7880bec3c8c6..ac7f3e031a915d9781701db6bf77abdc54e71952 100644
--- a/net/quic/crypto/quic_crypto_server_config_test.cc
+++ b/net/quic/crypto/quic_crypto_server_config_test.cc
@@ -52,27 +52,11 @@ class QuicCryptoServerConfigPeer {
}
string NewSourceAddressToken(string config_id,
- const IPEndPoint& ip,
- QuicRandom* rand,
- QuicWallTime now) {
- return NewSourceAddressToken(config_id, ip, rand, now, NULL);
- }
-
- string NewSourceAddressToken(string config_id,
- const IPEndPoint& ip,
- QuicRandom* rand,
- QuicWallTime now,
- const SourceAddressTokens& previous_tokens) {
- return server_config_->NewSourceAddressToken(
- *GetConfig(config_id), previous_tokens, ip, rand, now, NULL);
- }
-
- string NewSourceAddressToken(string config_id,
+ SourceAddressTokens previous_tokens,
const IPEndPoint& ip,
QuicRandom* rand,
QuicWallTime now,
CachedNetworkParameters* cached_network_params) {
- SourceAddressTokens previous_tokens;
return server_config_->NewSourceAddressToken(*GetConfig(config_id),
previous_tokens, ip, rand, now,
cached_network_params);
@@ -321,6 +305,55 @@ class SourceAddressTokenTest : public ::testing::Test {
server_.AddConfig(override_config_protobuf_.get(), original_time_));
}
+ string NewSourceAddressToken(string config_id, const IPEndPoint& ip) {
+ return NewSourceAddressToken(config_id, ip, NULL);
+ }
+
+ string NewSourceAddressToken(string config_id,
+ const IPEndPoint& ip,
+ const SourceAddressTokens& previous_tokens) {
+ return peer_.NewSourceAddressToken(config_id, previous_tokens, ip, rand_,
+ clock_.WallNow(), NULL);
+ }
+
+ string NewSourceAddressToken(string config_id,
+ const IPEndPoint& ip,
+ CachedNetworkParameters* cached_network_params) {
+ SourceAddressTokens previous_tokens;
+ return peer_.NewSourceAddressToken(config_id, previous_tokens, ip, rand_,
+ clock_.WallNow(), cached_network_params);
+ }
+
+ HandshakeFailureReason ValidateSourceAddressToken(string config_id,
+ StringPiece srct,
+ const IPEndPoint& ip) {
+ return ValidateSourceAddressToken(config_id, srct, ip, NULL);
+ }
+
+ HandshakeFailureReason ValidateSourceAddressToken(
+ string config_id,
+ StringPiece srct,
+ const IPEndPoint& ip,
+ CachedNetworkParameters* cached_network_params) {
+ return peer_.ValidateSourceAddressToken(
+ config_id, srct, ip, clock_.WallNow(), cached_network_params);
+ }
+
+ HandshakeFailureReason ValidateSourceAddressTokens(string config_id,
+ StringPiece srct,
+ const IPEndPoint& ip) {
+ return ValidateSourceAddressTokens(config_id, srct, ip, NULL);
+ }
+
+ HandshakeFailureReason ValidateSourceAddressTokens(
+ string config_id,
+ StringPiece srct,
+ const IPEndPoint& ip,
+ CachedNetworkParameters* cached_network_params) {
+ return peer_.ValidateSourceAddressTokens(
+ config_id, srct, ip, clock_.WallNow(), cached_network_params);
+ }
+
const string kPrimary = "<primary>";
const string kOverride = "Config with custom source address token key";
@@ -343,88 +376,74 @@ TEST_F(SourceAddressTokenTest, SourceAddressToken) {
ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
false);
- QuicWallTime now = clock_.WallNow();
-
EXPECT_TRUE(peer_.ConfigHasDefaultSourceAddressTokenBoxer(kPrimary));
EXPECT_FALSE(peer_.ConfigHasDefaultSourceAddressTokenBoxer(kOverride));
// Primary config generates configs that validate successfully.
- const string token4 = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
- const string token4d =
- peer_.NewSourceAddressToken(kPrimary, ip4_dual_, rand_, now);
- const string token6 = peer_.NewSourceAddressToken(kPrimary, ip6_, rand_, now);
- EXPECT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressToken(kPrimary, token4, ip4_, now));
+ const string token4 = NewSourceAddressToken(kPrimary, ip4_);
+ const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_);
+ const string token6 = NewSourceAddressToken(kPrimary, ip6_);
+ EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressToken(kPrimary, token4, ip4_));
ASSERT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressToken(kPrimary, token4, ip4_dual_, now));
+ ValidateSourceAddressToken(kPrimary, token4, ip4_dual_));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
- peer_.ValidateSourceAddressToken(kPrimary, token4, ip6_, now));
+ ValidateSourceAddressToken(kPrimary, token4, ip6_));
+ ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressToken(kPrimary, token4d, ip4_));
ASSERT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressToken(kPrimary, token4d, ip4_, now));
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressToken(kPrimary, token4d,
- ip4_dual_, now));
+ ValidateSourceAddressToken(kPrimary, token4d, ip4_dual_));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
- peer_.ValidateSourceAddressToken(kPrimary, token4d, ip6_, now));
- ASSERT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressToken(kPrimary, token6, ip6_, now));
+ ValidateSourceAddressToken(kPrimary, token4d, ip6_));
+ ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressToken(kPrimary, token6, ip6_));
// Override config generates configs that validate successfully.
- const string override_token4 =
- peer_.NewSourceAddressToken(kOverride, ip4_, rand_, now);
- const string override_token6 =
- peer_.NewSourceAddressToken(kOverride, ip6_, rand_, now);
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressToken(
- kOverride, override_token4, ip4_, now));
- ASSERT_EQ(
- SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
- peer_.ValidateSourceAddressToken(kOverride, override_token4, ip6_, now));
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressToken(
- kOverride, override_token6, ip6_, now));
+ const string override_token4 = NewSourceAddressToken(kOverride, ip4_);
+ const string override_token6 = NewSourceAddressToken(kOverride, ip6_);
+ ASSERT_EQ(HANDSHAKE_OK,
+ ValidateSourceAddressToken(kOverride, override_token4, ip4_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+ ValidateSourceAddressToken(kOverride, override_token4, ip6_));
+ ASSERT_EQ(HANDSHAKE_OK,
+ ValidateSourceAddressToken(kOverride, override_token6, ip6_));
// Tokens generated by the primary config do not validate
// successfully against the override config, and vice versa.
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressToken(kOverride, token4, ip4_, now));
+ ValidateSourceAddressToken(kOverride, token4, ip4_));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressToken(kOverride, token6, ip6_, now));
- ASSERT_EQ(
- SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressToken(kPrimary, override_token4, ip4_, now));
- ASSERT_EQ(
- SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressToken(kPrimary, override_token6, ip6_, now));
+ ValidateSourceAddressToken(kOverride, token6, ip6_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ ValidateSourceAddressToken(kPrimary, override_token4, ip4_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ ValidateSourceAddressToken(kPrimary, override_token6, ip6_));
}
TEST_F(SourceAddressTokenTest, SourceAddressTokenExpiration) {
ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
false);
- QuicWallTime now = clock_.WallNow();
+ const string token = NewSourceAddressToken(kPrimary, ip4_);
- const string token = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
+ // Validation fails if the token is from the future.
+ clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+ ValidateSourceAddressToken(kPrimary, token, ip4_));
// Validation fails after tokens expire.
- now = original_time_.Add(QuicTime::Delta::FromSeconds(86400 * 7));
+ clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
- peer_.ValidateSourceAddressToken(kPrimary, token, ip4_, now));
-
- now = original_time_.Subtract(QuicTime::Delta::FromSeconds(3600 * 2));
- ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
- peer_.ValidateSourceAddressToken(kPrimary, token, ip4_, now));
+ ValidateSourceAddressToken(kPrimary, token, ip4_));
}
TEST_F(SourceAddressTokenTest, SourceAddressTokenWithNetworkParams) {
ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
false);
- QuicWallTime now = clock_.WallNow();
-
// Make sure that if the source address token contains CachedNetworkParameters
// that this gets written to ValidateSourceAddressToken output argument.
CachedNetworkParameters cached_network_params_input;
cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234);
- const string token4_with_cached_network_params = peer_.NewSourceAddressToken(
- kPrimary, ip4_, rand_, now, &cached_network_params_input);
+ const string token4_with_cached_network_params =
+ NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input);
CachedNetworkParameters cached_network_params_output;
#if 0
@@ -433,8 +452,8 @@ TEST_F(SourceAddressTokenTest, SourceAddressTokenWithNetworkParams) {
EXPECT_NE(cached_network_params_output.DebugString(),
cached_network_params_input.DebugString());
#endif
- peer_.ValidateSourceAddressToken(kPrimary, token4_with_cached_network_params,
- ip4_, now, &cached_network_params_output);
+ ValidateSourceAddressToken(kPrimary, token4_with_cached_network_params, ip4_,
+ &cached_network_params_output);
#if 0
// TODO(rtenneti): For server, enable the following check after serialization
// of optional CachedNetworkParameters is implemented.
@@ -452,53 +471,42 @@ TEST_F(SourceAddressTokenTest, DISABLED_NewSourceAddressToken) {
ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
true);
- QuicWallTime now = clock_.WallNow();
-
// Primary config generates configs that validate successfully.
- const string token4 = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
- const string token4d =
- peer_.NewSourceAddressToken(kPrimary, ip4_dual_, rand_, now);
- const string token6 = peer_.NewSourceAddressToken(kPrimary, ip6_, rand_, now);
- EXPECT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressTokens(kPrimary, token4, ip4_, now));
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(kPrimary, token4,
- ip4_dual_, now));
- ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
- peer_.ValidateSourceAddressTokens(kPrimary, token4, ip6_, now));
+ const string token4 = NewSourceAddressToken(kPrimary, ip4_);
+ const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_);
+ const string token6 = NewSourceAddressToken(kPrimary, ip6_);
+ EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4, ip4_));
ASSERT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressTokens(kPrimary, token4d, ip4_, now));
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(kPrimary, token4d,
- ip4_dual_, now));
+ ValidateSourceAddressTokens(kPrimary, token4, ip4_dual_));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
- peer_.ValidateSourceAddressTokens(kPrimary, token4d, ip6_, now));
+ ValidateSourceAddressTokens(kPrimary, token4, ip6_));
+ ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4d, ip4_));
ASSERT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressTokens(kPrimary, token6, ip6_, now));
+ ValidateSourceAddressTokens(kPrimary, token4d, ip4_dual_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+ ValidateSourceAddressTokens(kPrimary, token4d, ip6_));
+ ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token6, ip6_));
// Override config generates configs that validate successfully.
- const string override_token4 =
- peer_.NewSourceAddressToken(kOverride, ip4_, rand_, now);
- const string override_token6 =
- peer_.NewSourceAddressToken(kOverride, ip6_, rand_, now);
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(
- kOverride, override_token4, ip4_, now));
- ASSERT_EQ(
- SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
- peer_.ValidateSourceAddressTokens(kOverride, override_token4, ip6_, now));
- ASSERT_EQ(HANDSHAKE_OK, peer_.ValidateSourceAddressTokens(
- kOverride, override_token6, ip6_, now));
+ const string override_token4 = NewSourceAddressToken(kOverride, ip4_);
+ const string override_token6 = NewSourceAddressToken(kOverride, ip6_);
+ ASSERT_EQ(HANDSHAKE_OK,
+ ValidateSourceAddressTokens(kOverride, override_token4, ip4_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+ ValidateSourceAddressTokens(kOverride, override_token4, ip6_));
+ ASSERT_EQ(HANDSHAKE_OK,
+ ValidateSourceAddressTokens(kOverride, override_token6, ip6_));
// Tokens generated by the primary config do not validate
// successfully against the override config, and vice versa.
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressTokens(kOverride, token4, ip4_, now));
+ ValidateSourceAddressTokens(kOverride, token4, ip4_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ ValidateSourceAddressTokens(kOverride, token6, ip6_));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ ValidateSourceAddressTokens(kPrimary, override_token4, ip4_));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressTokens(kOverride, token6, ip6_, now));
- ASSERT_EQ(
- SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressTokens(kPrimary, override_token4, ip4_, now));
- ASSERT_EQ(
- SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
- peer_.ValidateSourceAddressTokens(kPrimary, override_token6, ip6_, now));
+ ValidateSourceAddressTokens(kPrimary, override_token6, ip6_));
}
// TODO(rtenneti): For server, enable the following test after serialization of
@@ -507,32 +515,29 @@ TEST_F(SourceAddressTokenTest, DISABLED_NewSourceAddressTokenExpiration) {
ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
true);
- QuicWallTime now = clock_.WallNow();
+ const string token = NewSourceAddressToken(kPrimary, ip4_);
- const string token = peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now);
+ // Validation fails if the token is from the future.
+ clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2));
+ ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+ ValidateSourceAddressTokens(kPrimary, token, ip4_));
// Validation fails after tokens expire.
- now = original_time_.Add(QuicTime::Delta::FromSeconds(86400 * 7));
+ clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7));
ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
- peer_.ValidateSourceAddressTokens(kPrimary, token, ip4_, now));
-
- now = original_time_.Subtract(QuicTime::Delta::FromSeconds(3600 * 2));
- ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
- peer_.ValidateSourceAddressTokens(kPrimary, token, ip4_, now));
+ ValidateSourceAddressTokens(kPrimary, token, ip4_));
}
TEST_F(SourceAddressTokenTest, NewSourceAddressTokenWithNetworkParams) {
ValueRestore<bool> old_flag(&FLAGS_quic_use_multiple_address_in_source_tokens,
true);
- QuicWallTime now = clock_.WallNow();
-
// Make sure that if the source address token contains CachedNetworkParameters
// that this gets written to ValidateSourceAddressToken output argument.
CachedNetworkParameters cached_network_params_input;
cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234);
- const string token4_with_cached_network_params = peer_.NewSourceAddressToken(
- kPrimary, ip4_, rand_, now, &cached_network_params_input);
+ const string token4_with_cached_network_params =
+ NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input);
CachedNetworkParameters cached_network_params_output;
#if 0
@@ -541,8 +546,8 @@ TEST_F(SourceAddressTokenTest, NewSourceAddressTokenWithNetworkParams) {
EXPECT_NE(cached_network_params_output.DebugString(),
cached_network_params_input.DebugString());
#endif
- peer_.ValidateSourceAddressTokens(kPrimary, token4_with_cached_network_params,
- ip4_, now, &cached_network_params_output);
+ ValidateSourceAddressTokens(kPrimary, token4_with_cached_network_params, ip4_,
+ &cached_network_params_output);
#if 0
// TODO(rtenneti): For server, enable the following check after serialization
// of optional CachedNetworkParameters is implemented.
@@ -573,12 +578,12 @@ TEST_F(SourceAddressTokenTest, DISABLED_SourceAddressTokenMultipleAddresses) {
SourceAddressTokens previous_tokens;
(*previous_tokens.add_tokens()) = previous_token;
const string token4or6 =
- peer_.NewSourceAddressToken(kPrimary, ip4_, rand_, now, previous_tokens);
+ NewSourceAddressToken(kPrimary, ip4_, previous_tokens);
EXPECT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressTokens(kPrimary, token4or6, ip4_, now));
+ ValidateSourceAddressTokens(kPrimary, token4or6, ip4_));
ASSERT_EQ(HANDSHAKE_OK,
- peer_.ValidateSourceAddressTokens(kPrimary, token4or6, ip6_, now));
+ ValidateSourceAddressTokens(kPrimary, token4or6, ip6_));
}
TEST(QuicCryptoServerConfigTest, ValidateServerNonce) {
« no previous file with comments | « net/quic/congestion_control/rtt_stats.h ('k') | net/quic/quic_client_session.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698