Make QUIC tests use certs which are valid for the hosts they connect to.
BUG=
Review URL: https://codereview.chromium.org/1680243005
Cr-Commit-Position: refs/heads/master@{#374803}
diff --git a/net/quic/quic_http_stream_test.cc b/net/quic/quic_http_stream_test.cc
index 275d9d9..6cf98a1 100644
--- a/net/quic/quic_http_stream_test.cc
+++ b/net/quic/quic_http_stream_test.cc
@@ -60,7 +60,7 @@
namespace {
const char kUploadData[] = "Really nifty data!";
-const char kDefaultServerHostName[] = "www.google.com";
+const char kDefaultServerHostName[] = "www.example.org";
const uint16_t kDefaultServerPort = 80;
class TestQuicConnection : public QuicConnection {
@@ -379,7 +379,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -428,7 +428,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -478,7 +478,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -498,7 +498,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -525,7 +525,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -555,7 +555,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -589,7 +589,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -623,7 +623,7 @@
new UploadBytesElementReader(kUploadData, strlen(kUploadData))));
ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0);
request_.method = "POST";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
request_.upload_data_stream = &upload_data_stream;
ASSERT_EQ(OK, request_.upload_data_stream->Init(CompletionCallback()));
@@ -685,7 +685,7 @@
upload_data_stream.AppendData(kUploadData, chunk_size, false);
request_.method = "POST";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
request_.upload_data_stream = &upload_data_stream;
ASSERT_EQ(OK, request_.upload_data_stream->Init(
TestCompletionCallback().callback()));
@@ -752,7 +752,7 @@
upload_data_stream.AppendData(kUploadData, chunk_size, false);
request_.method = "POST";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
request_.upload_data_stream = &upload_data_stream;
ASSERT_EQ(OK, request_.upload_data_stream->Init(
TestCompletionCallback().callback()));
@@ -814,7 +814,7 @@
ChunkedUploadDataStream upload_data_stream(0);
request_.method = "POST";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
request_.upload_data_stream = &upload_data_stream;
ASSERT_EQ(OK, request_.upload_data_stream->Init(
TestCompletionCallback().callback()));
@@ -874,7 +874,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, net_log_,
callback_.callback()));
@@ -912,7 +912,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, MEDIUM, net_log_,
callback_.callback()));
@@ -961,7 +961,7 @@
Initialize();
request_.method = "GET";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
EXPECT_EQ(OK, stream_->InitializeStream(&request_, MEDIUM, net_log_,
callback_.callback()));
@@ -992,7 +992,7 @@
ChunkedUploadDataStream upload_data_stream(0);
request_.method = "POST";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
request_.upload_data_stream = &upload_data_stream;
ASSERT_EQ(OK, request_.upload_data_stream->Init(
TestCompletionCallback().callback()));
@@ -1016,7 +1016,7 @@
upload_data_stream.AppendData(kUploadData, chunk_size, false);
request_.method = "POST";
- request_.url = GURL("http://www.google.com/");
+ request_.url = GURL("http://www.example.org/");
request_.upload_data_stream = &upload_data_stream;
ASSERT_EQ(OK, request_.upload_data_stream->Init(
TestCompletionCallback().callback()));
diff --git a/net/quic/quic_network_transaction_unittest.cc b/net/quic/quic_network_transaction_unittest.cc
index e120c24..3a3b6a10 100644
--- a/net/quic/quic_network_transaction_unittest.cc
+++ b/net/quic/quic_network_transaction_unittest.cc
@@ -72,7 +72,7 @@
static const char kQuicAlternativeServiceDifferentPortHeader[] =
"Alt-Svc: quic=\":137\"\r\n\r\n";
-const char kDefaultServerHostName[] = "mail.example.com";
+const char kDefaultServerHostName[] = "mail.example.org";
} // namespace
@@ -205,7 +205,7 @@
clock_->AdvanceTime(QuicTime::Delta::FromMilliseconds(20));
scoped_refptr<X509Certificate> cert(
- ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
+ ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
verify_details_.cert_verify_result.verified_cert = cert;
verify_details_.cert_verify_result.is_issued_by_known_root = true;
crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_);
@@ -433,9 +433,9 @@
params_.http_server_properties = http_server_properties_.GetWeakPtr();
params_.quic_supported_versions = SupportedVersions(GetParam());
for (const char* host :
- {kDefaultServerHostName, "www.example.com", "news.example.com",
- "bar.example.com", "foo.example.com", "www.example.org",
- "invalid.example.org", "docs.example.org"}) {
+ {kDefaultServerHostName, "www.example.org", "news.example.org",
+ "bar.example.org", "foo.example.org", "invalid.example.org",
+ "mail.example.com"}) {
params_.quic_host_whitelist.insert(host);
}
@@ -603,7 +603,7 @@
TEST_P(QuicNetworkTransactionTest, ForceQuic) {
params_.origin_to_force_quic_on =
- HostPortPair::FromString("mail.example.com:443");
+ HostPortPair::FromString("mail.example.org:443");
MockQuicData mock_quic_data;
mock_quic_data.AddWrite(
@@ -670,7 +670,7 @@
TEST_P(QuicNetworkTransactionTest, QuicProxy) {
params_.enable_quic_for_proxies = true;
proxy_service_ =
- ProxyService::CreateFixedFromPacResult("QUIC mail.example.com:70");
+ ProxyService::CreateFixedFromPacResult("QUIC mail.example.org:70");
MockQuicData mock_quic_data;
mock_quic_data.AddWrite(
@@ -690,7 +690,7 @@
// There is no need to set up an alternate protocol job, because
// no attempt will be made to speak to the proxy over TCP.
- request_.url = GURL("http://mail.example.com/");
+ request_.url = GURL("http://mail.example.org/");
CreateSession();
SendRequestAndExpectQuicResponseFromProxyOnPort("hello!", 70);
@@ -701,7 +701,7 @@
// connection through a QUIC proxy, the certificate exhibited by the proxy is
// checked against the proxy hostname, not the origin hostname.
TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) {
- const std::string origin_host = "news.example.com";
+ const std::string origin_host = "mail.example.com";
const std::string proxy_host = "www.example.org";
params_.enable_quic_for_proxies = true;
@@ -723,7 +723,7 @@
mock_quic_data.AddSocketDataToFactory(&socket_factory_);
scoped_refptr<X509Certificate> cert(
- ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
+ ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
ASSERT_TRUE(cert.get());
// This certificate is valid for the proxy, but not for the origin.
bool common_name_fallback_used;
@@ -745,7 +745,7 @@
TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) {
params_.origin_to_force_quic_on =
- HostPortPair::FromString("mail.example.com:443");
+ HostPortPair::FromString("mail.example.org:443");
MockQuicData mock_quic_data1;
mock_quic_data1.AddRead(ASYNC, ERR_SOCKET_NOT_CONNECTED);
@@ -891,7 +891,7 @@
TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) {
MockRead http_reads[] = {
MockRead("HTTP/1.1 200 OK\r\n"),
- MockRead("Alt-Svc: quic=\"foo.example.com:443\", quic=\":444\"\r\n\r\n"),
+ MockRead("Alt-Svc: quic=\"foo.example.org:443\", quic=\":444\"\r\n\r\n"),
MockRead("hello world"),
MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
MockRead(ASYNC, OK)};
@@ -904,7 +904,7 @@
QuicStreamOffset request_header_offset = 0;
QuicStreamOffset response_header_offset = 0;
// First QUIC request data.
- // Open a session to foo.example.com:443 using the first entry of the
+ // Open a session to foo.example.org:443 using the first entry of the
// alternative service list.
MockQuicData mock_quic_data;
mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
@@ -912,8 +912,8 @@
GetRequestHeaders("GET", "https", "/"), &request_header_offset));
std::string alt_svc_list =
- "quic=\"mail.example.com:444\", quic=\"foo.example.com:443\", "
- "quic=\"bar.example.com:445\"";
+ "quic=\"mail.example.org:444\", quic=\"foo.example.org:443\", "
+ "quic=\"bar.example.org:445\"";
mock_quic_data.AddRead(ConstructResponseHeadersPacket(
1, kClientDataStreamId1, false, false,
GetResponseHeaders("200 OK", alt_svc_list), &response_header_offset));
@@ -953,7 +953,7 @@
TEST_P(QuicNetworkTransactionTest, UseFirstExistingAlternativeServiceForQuic) {
MockRead http_reads[] = {
MockRead("HTTP/1.1 200 OK\r\n"),
- MockRead("Alt-Svc: quic=\"foo.example.com:443\", quic=\":446\"\r\n\r\n"),
+ MockRead("Alt-Svc: quic=\"foo.example.org:443\", quic=\":446\"\r\n\r\n"),
MockRead("hello world"),
MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
MockRead(ASYNC, OK)};
@@ -972,14 +972,14 @@
MockQuicData mock_quic_data2;
crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_);
// First QUIC request data.
- // Open a QUIC session to foo.example.com:443.
+ // Open a QUIC session to foo.example.org:443.
mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
1, kClientDataStreamId1, true, true,
GetRequestHeaders("GET", "https", "/"), &request_header_offset));
std::string alt_svc_list =
- "quic=\"bar.example.com:444\", quic=\"frog.example.com:445\", "
- "quic=\"mail.example.com:446\"";
+ "quic=\"bar.example.org:444\", quic=\"frog.example.org:445\", "
+ "quic=\"mail.example.org:446\"";
// Response header from the server resets the alt_svc list for the origin.
mock_quic_data.AddRead(ConstructResponseHeadersPacket(
1, kClientDataStreamId1, false, false,
@@ -989,15 +989,15 @@
mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
// Second QUIC request data.
- // Existing QUIC session to foo.example.com is not viable from the updated
+ // Existing QUIC session to foo.example.org is not viable from the updated
// alt_svc. Unable to pool the existing QUIC session.
- // Open a new QUIC session to bar.example.com:443.
+ // Open a new QUIC session to bar.example.org:443.
mock_quic_data2.AddWrite(ConstructRequestHeadersPacket(
1, kClientDataStreamId1, true, true,
GetRequestHeaders("GET", "https", "/"), &maker));
alt_svc_list =
- "quic=\"foo.example.com:443\", quic=\"mail.example.com:446\", "
- "quic=\"bar.example.com:444\"";
+ "quic=\"foo.example.org:443\", quic=\"mail.example.org:446\", "
+ "quic=\"bar.example.org:444\"";
// Response header from the server resets the alt_svc list for the origin.
mock_quic_data2.AddRead(ConstructResponseHeadersPacket(
1, kClientDataStreamId1, false, false,
@@ -1009,7 +1009,7 @@
mock_quic_data2.AddRead(ASYNC, 0); // EOF
// Third QUIC request data.
- // Connection pooling, using the first existing session to foo.example.com
+ // Connection pooling, using the first existing session to foo.example.org
mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
3, kClientDataStreamId2, false, true,
GetRequestHeaders("GET", "https", "/"), &request_header_offset));
@@ -1043,14 +1043,13 @@
// if this is also the first existing QUIC session.
TEST_P(QuicNetworkTransactionTest,
UseSharedExistingAlternativeServiceForQuicWithValidCert) {
- // Default cert is valid for the following origins:
- // mail.example.com, mail.example.org, and www.example.org.
+ // Default cert is valid for *.example.org
- // HTTP data for request to mail.example.com.
+ // HTTP data for request to www.example.org.
MockRead http_reads[] = {
MockRead("HTTP/1.1 200 OK\r\n"),
MockRead("Alt-Svc: quic=\":443\"\r\n\r\n"),
- MockRead("hello world from mail.example.com"),
+ MockRead("hello world from www.example.org"),
MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
MockRead(ASYNC, OK)};
@@ -1062,7 +1061,7 @@
// HTTP data for request to mail.example.org.
MockRead http_reads2[] = {
MockRead("HTTP/1.1 200 OK\r\n"),
- MockRead("Alt-Svc: quic=\":444\", quic=\"mail.example.com:443\"\r\n\r\n"),
+ MockRead("Alt-Svc: quic=\":444\", quic=\"www.example.org:443\"\r\n\r\n"),
MockRead("hello world from mail.example.org"),
MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
MockRead(ASYNC, OK)};
@@ -1075,8 +1074,8 @@
QuicStreamOffset request_header_offset = 0;
QuicStreamOffset response_header_offset = 0;
- QuicTestPacketMaker maker(GetParam(), 0, clock_, kDefaultServerHostName);
- maker.set_hostname("mail.example.org");
+ QuicTestPacketMaker maker(GetParam(), 0, clock_, "mail.example.org");
+ maker_.set_hostname("www.example.org");
MockQuicData mock_quic_data;
// First QUIC request data.
@@ -1090,7 +1089,6 @@
mock_quic_data.AddRead(ConstructDataPacket(2, kClientDataStreamId1, false,
true, 0, "hello from mail QUIC!"));
mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-
// Second QUIC request data.
mock_quic_data.AddWrite(ConstructRequestHeadersPacket(
3, kClientDataStreamId2, false, true,
@@ -1111,16 +1109,17 @@
CreateSessionWithNextProtos();
// Send two HTTP requests, responses set up alt-svc lists for the origins.
- SendRequestAndExpectHttpResponse("hello world from mail.example.com");
+ request_.url = GURL("https://www.example.org/");
+ SendRequestAndExpectHttpResponse("hello world from www.example.org");
request_.url = GURL("https://mail.example.org/");
SendRequestAndExpectHttpResponse("hello world from mail.example.org");
- // Open a QUIC session to mail.example.com:443 when making request
- // to mail.example.com.
- request_.url = GURL("https://mail.example.com/");
+ // Open a QUIC session to mail.example.org:443 when making request
+ // to mail.example.org.
+ request_.url = GURL("https://www.example.org/");
SendRequestAndExpectQuicResponseOnPort("hello from mail QUIC!", 443);
- // Uses the existing QUIC session when making request to mail.example.org.
+ // Uses the existing QUIC session when making request to www.example.org.
request_.url = GURL("https://mail.example.org/");
SendRequestAndExpectQuicResponseOnPort("hello from mail QUIC!", 443);
}
@@ -1130,15 +1129,14 @@
// if the cert is NOT valid, should ignore this QUIC session.
TEST_P(QuicNetworkTransactionTest,
DoNotUseSharedExistingAlternativeServiceForQuicWithInvalidCert) {
- // Default cert is only valid for the following origins:
- // mail.example.com, mail.example.org, and www.example.org.
- // NOT valid for docs.example.org.
+ // Default cert is valid *.example.org
+ // NOT valid for mail.example.com.
- // HTTP data for request to mail.example.com.
+ // HTTP data for request to mail.example.org.
MockRead http_reads[] = {
MockRead("HTTP/1.1 200 OK\r\n"),
MockRead("Alt-Svc: quic=\":443\"\r\n\r\n"),
- MockRead("hello world from mail.example.com"),
+ MockRead("hello world from mail.example.org"),
MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
MockRead(ASYNC, OK)};
@@ -1147,11 +1145,11 @@
socket_factory_.AddSocketDataProvider(&http_data);
socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
- // HTTP data for request to docs.example.org.
+ // HTTP data for request to mail.example.com.
MockRead http_reads2[] = {
MockRead("HTTP/1.1 200 OK\r\n"),
- MockRead("Alt-Svc: quic=\":444\", quic=\"mail.example.com:443\"\r\n\r\n"),
- MockRead("hello world from docs.example.org"),
+ MockRead("Alt-Svc: quic=\":444\", quic=\"mail.example.org:443\"\r\n\r\n"),
+ MockRead("hello world from mail.example.com"),
MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
MockRead(ASYNC, OK)};
@@ -1160,15 +1158,15 @@
socket_factory_.AddSocketDataProvider(&http_data2);
socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
- QuicTestPacketMaker maker(GetParam(), 0, clock_, kDefaultServerHostName);
- maker.set_hostname("docs.example.org");
+ QuicTestPacketMaker maker(GetParam(), 0, clock_, "mail.example.org");
+ maker.set_hostname("mail.example.com");
MockQuicData mock_quic_data;
MockQuicData mock_quic_data2;
// Adding a valid cert for *.example.org but not mail.example.com.
ProofVerifyDetailsChromium verify_details;
scoped_refptr<X509Certificate> cert(
- ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
+ ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
verify_details.cert_verify_result.verified_cert = cert;
verify_details.cert_verify_result.is_issued_by_known_root = true;
crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
@@ -1207,17 +1205,17 @@
CreateSessionWithNextProtos();
// Send HTTP requests, responses set up the alt-svc lists for the origins.
- SendRequestAndExpectHttpResponse("hello world from mail.example.com");
- request_.url = GURL("https://docs.example.org/");
- SendRequestAndExpectHttpResponse("hello world from docs.example.org");
-
- // Open a QUIC session to mail.example.com:443 when making request
- // to mail.example.com.
+ SendRequestAndExpectHttpResponse("hello world from mail.example.org");
request_.url = GURL("https://mail.example.com/");
+ SendRequestAndExpectHttpResponse("hello world from mail.example.com");
+
+ // Open a QUIC session to mail.example.org:443 when making request
+ // to mail.example.org.
+ request_.url = GURL("https://mail.example.org/");
SendRequestAndExpectQuicResponseOnPort("hello from mail QUIC!", 443);
- // Open another new QUIC session to docs.example.org:444.
- request_.url = GURL("https://docs.example.org/");
+ // Open another new QUIC session to mail.example.com:444.
+ request_.url = GURL("https://mail.example.com/");
SendRequestAndExpectQuicResponseOnPort("hello from docs QUIC!", 444);
}
@@ -1650,8 +1648,7 @@
: public QuicNetworkTransactionTest {
public:
void Run(bool valid) {
- HostPortPair origin(valid ? "mail.example.org" : "invalid.example.org",
- 443);
+ HostPortPair origin(valid ? "mail.example.org" : "mail.example.com", 443);
HostPortPair alternative("www.example.org", 443);
std::string url("https://");
url.append(origin.host());
@@ -1672,7 +1669,7 @@
mock_quic_data.AddSocketDataToFactory(&socket_factory_);
scoped_refptr<X509Certificate> cert(
- ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
+ ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem"));
ASSERT_TRUE(cert.get());
bool common_name_fallback_used;
EXPECT_EQ(valid,
@@ -1735,7 +1732,7 @@
MockWrite http_writes[] = {
MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"),
- MockWrite(SYNCHRONOUS, 1, "Host: mail.example.com\r\n"),
+ MockWrite(SYNCHRONOUS, 1, "Host: mail.example.org\r\n"),
MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")};
MockRead http_reads[] = {
@@ -1824,9 +1821,9 @@
// without racing an HTTP connection, we need the host resolution to happen
// synchronously.
host_resolver_.set_synchronous_mode(true);
- host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+ host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
"");
- HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
+ HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
AddressList address;
host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
nullptr, net_log_.bound());
@@ -1841,8 +1838,8 @@
// Since we are using a proxy, the QUIC job will not succeed.
MockWrite http_writes[] = {
- MockWrite(SYNCHRONOUS, 0, "GET http://mail.example.com/ HTTP/1.1\r\n"),
- MockWrite(SYNCHRONOUS, 1, "Host: mail.example.com\r\n"),
+ MockWrite(SYNCHRONOUS, 0, "GET http://mail.example.org/ HTTP/1.1\r\n"),
+ MockWrite(SYNCHRONOUS, 1, "Host: mail.example.org\r\n"),
MockWrite(SYNCHRONOUS, 2, "Proxy-Connection: keep-alive\r\n\r\n")};
MockRead http_reads[] = {
@@ -1858,14 +1855,14 @@
// without racing an HTTP connection, we need the host resolution to happen
// synchronously.
host_resolver_.set_synchronous_mode(true);
- host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+ host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
"");
- HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
+ HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
AddressList address;
host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
nullptr, net_log_.bound());
- request_.url = GURL("http://mail.example.com/");
+ request_.url = GURL("http://mail.example.org/");
CreateSessionWithNextProtos();
AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
SendRequestAndExpectHttpResponse("hello world");
@@ -1894,9 +1891,9 @@
// connection to the the server, in this test we require confirmation
// before encrypting so the HTTP job will still start.
host_resolver_.set_synchronous_mode(true);
- host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+ host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
"");
- HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
+ HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
AddressList address;
host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
nullptr, net_log_.bound());
@@ -1940,9 +1937,9 @@
// connection to the the server, in this test we require confirmation
// before encrypting so the HTTP job will still start.
host_resolver_.set_synchronous_mode(true);
- host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+ host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
"");
- HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
+ HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
AddressList address;
host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
nullptr, net_log_.bound());
@@ -1995,9 +1992,9 @@
// connection to the the server, in this test we require confirmation
// before encrypting so the HTTP job will still start.
host_resolver_.set_synchronous_mode(true);
- host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+ host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
"");
- HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
+ HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
AddressList address;
host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
nullptr, net_log_.bound());
@@ -2225,9 +2222,9 @@
// without racing an HTTP connection, we need the host resolution to happen
// synchronously.
host_resolver_.set_synchronous_mode(true);
- host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+ host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1",
"");
- HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
+ HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443));
AddressList address;
host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(),
nullptr, net_log_.bound());
@@ -2262,7 +2259,7 @@
TEST_P(QuicNetworkTransactionTest, QuicUpload) {
params_.origin_to_force_quic_on =
- HostPortPair::FromString("mail.example.com:443");
+ HostPortPair::FromString("mail.example.org:443");
MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)};
MockWrite writes[] = {MockWrite(SYNCHRONOUS, ERR_FAILED, 1)};
diff --git a/net/quic/test_tools/mock_crypto_client_stream.cc b/net/quic/test_tools/mock_crypto_client_stream.cc
index 580beb6..aba39e9 100644
--- a/net/quic/test_tools/mock_crypto_client_stream.cc
+++ b/net/quic/test_tools/mock_crypto_client_stream.cc
@@ -20,13 +20,14 @@
ProofVerifyContext* verify_context,
QuicCryptoClientConfig* crypto_config,
HandshakeMode handshake_mode,
- const ProofVerifyDetails* proof_verify_details)
+ const ProofVerifyDetailsChromium* proof_verify_details)
: QuicCryptoClientStream(server_id,
session,
verify_context,
crypto_config,
session),
handshake_mode_(handshake_mode),
+ server_id_(server_id),
proof_verify_details_(proof_verify_details) {}
MockCryptoClientStream::~MockCryptoClientStream() {}
@@ -38,6 +39,17 @@
}
void MockCryptoClientStream::CryptoConnect() {
+ if (proof_verify_details_) {
+ bool unused = false;
+ if (!proof_verify_details_->cert_verify_result.verified_cert
+ ->VerifyNameMatch(server_id_.host(), &unused)) {
+ handshake_confirmed_ = false;
+ encryption_established_ = false;
+ session()->connection()->CloseConnection(QUIC_PROOF_INVALID, false);
+ return;
+ }
+ }
+
switch (handshake_mode_) {
case ZERO_RTT: {
encryption_established_ = true;
diff --git a/net/quic/test_tools/mock_crypto_client_stream.h b/net/quic/test_tools/mock_crypto_client_stream.h
index 4aefb7c..b9bb57ff 100644
--- a/net/quic/test_tools/mock_crypto_client_stream.h
+++ b/net/quic/test_tools/mock_crypto_client_stream.h
@@ -10,6 +10,7 @@
#include "base/macros.h"
#include "net/quic/crypto/crypto_handshake.h"
#include "net/quic/crypto/crypto_protocol.h"
+#include "net/quic/crypto/proof_verifier_chromium.h"
#include "net/quic/quic_client_session_base.h"
#include "net/quic/quic_crypto_client_stream.h"
#include "net/quic/quic_session.h"
@@ -37,12 +38,13 @@
COLD_START,
};
- MockCryptoClientStream(const QuicServerId& server_id,
- QuicClientSessionBase* session,
- ProofVerifyContext* verify_context,
- QuicCryptoClientConfig* crypto_config,
- HandshakeMode handshake_mode,
- const ProofVerifyDetails* proof_verify_details_);
+ MockCryptoClientStream(
+ const QuicServerId& server_id,
+ QuicClientSessionBase* session,
+ ProofVerifyContext* verify_context,
+ QuicCryptoClientConfig* crypto_config,
+ HandshakeMode handshake_mode,
+ const ProofVerifyDetailsChromium* proof_verify_details_);
~MockCryptoClientStream() override;
// CryptoFramerVisitorInterface implementation.
@@ -60,7 +62,8 @@
private:
void SetConfigNegotiated();
- const ProofVerifyDetails* proof_verify_details_;
+ const QuicServerId server_id_;
+ const ProofVerifyDetailsChromium* proof_verify_details_;
DISALLOW_COPY_AND_ASSIGN(MockCryptoClientStream);
};
diff --git a/net/quic/test_tools/mock_crypto_client_stream_factory.cc b/net/quic/test_tools/mock_crypto_client_stream_factory.cc
index 1773059..52501788b 100644
--- a/net/quic/test_tools/mock_crypto_client_stream_factory.cc
+++ b/net/quic/test_tools/mock_crypto_client_stream_factory.cc
@@ -25,7 +25,7 @@
QuicChromiumClientSession* session,
scoped_ptr<ProofVerifyContext> /*proof_verify_context*/,
QuicCryptoClientConfig* crypto_config) {
- const ProofVerifyDetails* proof_verify_details = nullptr;
+ const ProofVerifyDetailsChromium* proof_verify_details = nullptr;
if (!proof_verify_details_queue_.empty()) {
proof_verify_details = proof_verify_details_queue_.front();
proof_verify_details_queue_.pop();
diff --git a/net/quic/test_tools/mock_crypto_client_stream_factory.h b/net/quic/test_tools/mock_crypto_client_stream_factory.h
index 5ca04bf..1a12a39 100644
--- a/net/quic/test_tools/mock_crypto_client_stream_factory.h
+++ b/net/quic/test_tools/mock_crypto_client_stream_factory.h
@@ -9,6 +9,7 @@
#include <string>
#include "base/macros.h"
+#include "net/quic/crypto/proof_verifier_chromium.h"
#include "net/quic/quic_crypto_client_stream.h"
#include "net/quic/quic_crypto_client_stream_factory.h"
#include "net/quic/test_tools/mock_crypto_client_stream.h"
@@ -34,7 +35,8 @@
}
// The caller keeps ownership of |proof_verify_details|.
- void AddProofVerifyDetails(const ProofVerifyDetails* proof_verify_details) {
+ void AddProofVerifyDetails(
+ const ProofVerifyDetailsChromium* proof_verify_details) {
proof_verify_details_queue_.push(proof_verify_details);
}
@@ -43,7 +45,7 @@
private:
MockCryptoClientStream::HandshakeMode handshake_mode_;
MockCryptoClientStream* last_stream_;
- std::queue<const ProofVerifyDetails*> proof_verify_details_queue_;
+ std::queue<const ProofVerifyDetailsChromium*> proof_verify_details_queue_;
DISALLOW_COPY_AND_ASSIGN(MockCryptoClientStreamFactory);
};
