Google Git
Sign in
chromium / chromium / src / 13072a47ac5ba9e9f20ccb727bab849ee73a71b2 / . / net / socket / ssl_connect_job_unittest.cc
blob: e324d6b0a70a789600d00ee2743309af242ef65a [file] [log] [blame]
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]1// Copyright 2019 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/socket/ssl_connect_job.h"
6
7#include <memory>
8#include <string>
9
10#include "base/callback.h"
11#include "base/compiler_specific.h"
Lei Zhang305c015e12021-06-04 21:07:02[diff] [blame]12#include "base/cxx17_backports.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]13#include "base/strings/string_util.h"
14#include "base/strings/utf_string_conversions.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]15#include "base/test/metrics/histogram_tester.h"
16#include "base/test/scoped_feature_list.h"
Gabriel Charettec7108742019-08-23 03:31:40[diff] [blame]17#include "base/test/task_environment.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]18#include "base/time/time.h"
19#include "net/base/auth.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]20#include "net/base/features.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]21#include "net/base/load_timing_info.h"
22#include "net/base/net_errors.h"
Matt Menkeae58eeb2019-05-24 21:09:50[diff] [blame]23#include "net/base/network_isolation_key.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]24#include "net/cert/ct_policy_enforcer.h"
25#include "net/cert/mock_cert_verifier.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]26#include "net/dns/mock_host_resolver.h"
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]27#include "net/dns/public/secure_dns_policy.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]28#include "net/http/http_auth_handler_factory.h"
29#include "net/http/http_network_session.h"
Matt Menke0754b5d02019-02-10 21:46:43[diff] [blame]30#include "net/http/http_proxy_connect_job.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]31#include "net/http/http_request_headers.h"
32#include "net/http/http_response_headers.h"
Matt Menke609160742019-08-02 18:47:26[diff] [blame]33#include "net/http/http_server_properties.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]34#include "net/http/transport_security_state.h"
35#include "net/log/net_log_source.h"
36#include "net/log/net_log_with_source.h"
Nicolas Arciniegad2013f92020-02-07 23:00:56[diff] [blame]37#include "net/proxy_resolution/configured_proxy_resolution_service.h"
Victor Vasiliev7752898d2019-11-14 21:30:22[diff] [blame]38#include "net/quic/quic_context.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]39#include "net/socket/connect_job_test_util.h"
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]40#include "net/socket/connection_attempts.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]41#include "net/socket/next_proto.h"
42#include "net/socket/socket_tag.h"
43#include "net/socket/socket_test_util.h"
44#include "net/socket/socks_connect_job.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]45#include "net/socket/transport_connect_job.h"
46#include "net/ssl/ssl_config_service_defaults.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]47#include "net/ssl/ssl_connection_status_flags.h"
48#include "net/ssl/ssl_legacy_crypto_fallback.h"
49#include "net/test/cert_test_util.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]50#include "net/test/gtest_util.h"
51#include "net/test/test_certificate_data.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]52#include "net/test/test_data_directory.h"
Gabriel Charettec7108742019-08-23 03:31:40[diff] [blame]53#include "net/test/test_with_task_environment.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]54#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
55#include "testing/gtest/include/gtest/gtest.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]56#include "third_party/boringssl/src/include/openssl/ssl.h"
Matt Menke8db2ff52021-11-23 20:17:46[diff] [blame]57#include "url/gurl.h"
Eric Orthc98a3e62021-07-02 17:46:37[diff] [blame]58#include "url/scheme_host_port.h"
59#include "url/url_constants.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]60
61namespace net {
62namespace {
63
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]64// Just check that all connect times are set to base::TimeTicks::Now(), for
65// tests that don't update the mocked out time.
66void CheckConnectTimesSet(const LoadTimingInfo::ConnectTiming& connect_timing) {
67 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.dns_start);
68 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.dns_end);
69 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_start);
70 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_start);
71 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_end);
72 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_end);
73}
74
75// Just check that all connect times are set to base::TimeTicks::Now(), except
76// for DNS times, for tests that don't update the mocked out time and use a
77// proxy.
78void CheckConnectTimesExceptDnsSet(
79 const LoadTimingInfo::ConnectTiming& connect_timing) {
80 EXPECT_TRUE(connect_timing.dns_start.is_null());
81 EXPECT_TRUE(connect_timing.dns_end.is_null());
82 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_start);
83 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_start);
84 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_end);
85 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_end);
86}
87
Gabriel Charette694c3c332019-08-19 14:53:05[diff] [blame]88class SSLConnectJobTest : public WithTaskEnvironment, public testing::Test {
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]89 public:
90 SSLConnectJobTest()
Gabriel Charette694c3c332019-08-19 14:53:05[diff] [blame]91 : WithTaskEnvironment(base::test::TaskEnvironment::TimeSource::MOCK_TIME),
Nicolas Arciniegad2013f92020-02-07 23:00:56[diff] [blame]92 proxy_resolution_service_(
93 ConfiguredProxyResolutionService::CreateDirect()),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]94 ssl_config_service_(new SSLConfigServiceDefaults),
Eric Orthbe2efac2019-03-06 01:11:11[diff] [blame]95 http_auth_handler_factory_(HttpAuthHandlerFactory::CreateDefault()),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]96 session_(CreateNetworkSession()),
Eric Orthc98a3e62021-07-02 17:46:37[diff] [blame]97 direct_transport_socket_params_(new TransportSocketParams(
98 url::SchemeHostPort(url::kHttpsScheme, "host", 443),
99 NetworkIsolationKey(),
100 SecureDnsPolicy::kAllow,
David Benjamin13072a42022-02-10 22:23:21[diff] [blame^]101 OnHostResolutionCallback(),
102 /*supported_alpns=*/{"h2", "http/1.1"})),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]103 proxy_transport_socket_params_(
104 new TransportSocketParams(HostPortPair("proxy", 443),
Matt Menkecd439232019-11-05 15:15:33[diff] [blame]105 NetworkIsolationKey(),
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]106 SecureDnsPolicy::kAllow,
David Benjamin13072a42022-02-10 22:23:21[diff] [blame^]107 OnHostResolutionCallback(),
108 /*supported_alpns=*/{})),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]109 socks_socket_params_(
110 new SOCKSSocketParams(proxy_transport_socket_params_,
111 true,
112 HostPortPair("sockshost", 443),
Matt Menke166710e2019-11-06 03:35:51[diff] [blame]113 NetworkIsolationKey(),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]114 TRAFFIC_ANNOTATION_FOR_TESTS)),
115 http_proxy_socket_params_(
116 new HttpProxySocketParams(proxy_transport_socket_params_,
117 nullptr /* ssl_params */,
Matt Menkeb5fb42b2019-03-22 17:26:13[diff] [blame]118 false /* is_quic */,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]119 HostPortPair("host", 80),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]120 /*tunnel=*/true,
Matt Menkeae58eeb2019-05-24 21:09:50[diff] [blame]121 TRAFFIC_ANNOTATION_FOR_TESTS,
122 NetworkIsolationKey())),
Gabriel Charette694c3c332019-08-19 14:53:05[diff] [blame]123 common_connect_job_params_(session_->CreateCommonConnectJobParams()) {}
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]124
125 ~SSLConnectJobTest() override = default;
126
127 std::unique_ptr<ConnectJob> CreateConnectJob(
128 TestConnectJobDelegate* test_delegate,
129 ProxyServer::Scheme proxy_scheme = ProxyServer::SCHEME_DIRECT,
130 RequestPriority priority = DEFAULT_PRIORITY) {
131 return std::make_unique<SSLConnectJob>(
Matt Menkea6f99ad2019-03-08 02:26:43[diff] [blame]132 priority, SocketTag(), &common_connect_job_params_,
Matt Menke14819512019-03-02 16:59:58[diff] [blame]133 SSLParams(proxy_scheme), test_delegate, nullptr /* net_log */);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]134 }
135
136 scoped_refptr<SSLSocketParams> SSLParams(ProxyServer::Scheme proxy) {
137 return base::MakeRefCounted<SSLSocketParams>(
138 proxy == ProxyServer::SCHEME_DIRECT ? direct_transport_socket_params_
139 : nullptr,
140 proxy == ProxyServer::SCHEME_SOCKS5 ? socks_socket_params_ : nullptr,
141 proxy == ProxyServer::SCHEME_HTTP ? http_proxy_socket_params_ : nullptr,
David Benjamin151ec6b2019-08-02 19:38:52[diff] [blame]142 HostPortPair("host", 443), SSLConfig(), PRIVACY_MODE_DISABLED,
David Benjamin6f2da652019-06-26 23:36:35[diff] [blame]143 NetworkIsolationKey());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]144 }
145
146 void AddAuthToCache() {
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]147 const std::u16string kFoo(u"foo");
148 const std::u16string kBar(u"bar");
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]149 session_->http_auth_cache()->Add(
Matt Menke8db2ff52021-11-23 20:17:46[diff] [blame]150 url::SchemeHostPort(GURL("http://proxy:443/")), HttpAuth::AUTH_PROXY,
151 "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
Matt Menkebe090422019-10-18 20:25:26[diff] [blame]152 "Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]153 }
154
155 HttpNetworkSession* CreateNetworkSession() {
Matt Menke30a878c2021-07-20 22:25:09[diff] [blame]156 HttpNetworkSessionContext session_context;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]157 session_context.host_resolver = &host_resolver_;
158 session_context.cert_verifier = &cert_verifier_;
159 session_context.transport_security_state = &transport_security_state_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]160 session_context.ct_policy_enforcer = &ct_policy_enforcer_;
161 session_context.proxy_resolution_service = proxy_resolution_service_.get();
162 session_context.client_socket_factory = &socket_factory_;
163 session_context.ssl_config_service = ssl_config_service_.get();
164 session_context.http_auth_handler_factory =
165 http_auth_handler_factory_.get();
166 session_context.http_server_properties = &http_server_properties_;
Victor Vasiliev7752898d2019-11-14 21:30:22[diff] [blame]167 session_context.quic_context = &quic_context_;
Matt Menke30a878c2021-07-20 22:25:09[diff] [blame]168 return new HttpNetworkSession(HttpNetworkSessionParams(), session_context);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]169 }
170
171 protected:
172 MockClientSocketFactory socket_factory_;
Eric Orthbe86fee2021-10-28 22:31:11[diff] [blame]173 MockHostResolver host_resolver_{/*default_result=*/MockHostResolverBase::
174 RuleResolver::GetLocalhostResult()};
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]175 MockCertVerifier cert_verifier_;
176 TransportSecurityState transport_security_state_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]177 DefaultCTPolicyEnforcer ct_policy_enforcer_;
Nicolas Arciniega8ec5bfa2020-03-20 05:07:26[diff] [blame]178 const std::unique_ptr<ProxyResolutionService> proxy_resolution_service_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]179 const std::unique_ptr<SSLConfigService> ssl_config_service_;
180 const std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
Matt Menke609160742019-08-02 18:47:26[diff] [blame]181 HttpServerProperties http_server_properties_;
Victor Vasiliev7752898d2019-11-14 21:30:22[diff] [blame]182 QuicContext quic_context_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]183 const std::unique_ptr<HttpNetworkSession> session_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]184
185 scoped_refptr<TransportSocketParams> direct_transport_socket_params_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]186
187 scoped_refptr<TransportSocketParams> proxy_transport_socket_params_;
188 scoped_refptr<SOCKSSocketParams> socks_socket_params_;
189 scoped_refptr<HttpProxySocketParams> http_proxy_socket_params_;
190
Matt Menkea6f99ad2019-03-08 02:26:43[diff] [blame]191 const CommonConnectJobParams common_connect_job_params_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]192};
193
194TEST_F(SSLConnectJobTest, TCPFail) {
195 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
196 SCOPED_TRACE(io_mode);
197 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
198 StaticSocketDataProvider data;
199 data.set_connect_data(MockConnect(io_mode, ERR_CONNECTION_FAILED));
200 socket_factory_.AddSocketDataProvider(&data);
201
202 TestConnectJobDelegate test_delegate;
203 std::unique_ptr<ConnectJob> ssl_connect_job =
204 CreateConnectJob(&test_delegate);
205 test_delegate.StartJobExpectingResult(
206 ssl_connect_job.get(), ERR_CONNECTION_FAILED, io_mode == SYNCHRONOUS);
207 EXPECT_FALSE(test_delegate.socket());
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]208 EXPECT_FALSE(ssl_connect_job->IsSSLError());
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]209 ConnectionAttempts connection_attempts =
210 ssl_connect_job->GetConnectionAttempts();
211 ASSERT_EQ(1u, connection_attempts.size());
212 EXPECT_THAT(connection_attempts[0].result,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]213 test::IsError(ERR_CONNECTION_FAILED));
214 }
215}
216
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]217TEST_F(SSLConnectJobTest, TCPTimeout) {
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]218 const base::TimeDelta kTinyTime = base::Microseconds(1);
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]219
220 // Make request hang.
221 host_resolver_.set_ondemand_mode(true);
222
223 TestConnectJobDelegate test_delegate;
224 std::unique_ptr<ConnectJob> ssl_connect_job =
225 CreateConnectJob(&test_delegate);
226 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
227
228 // Right up until just before the TCP connection timeout, the job does not
229 // time out.
230 FastForwardBy(TransportConnectJob::ConnectionTimeout() - kTinyTime);
231 EXPECT_FALSE(test_delegate.has_result());
232
233 // But at the exact time of TCP connection timeout, the job fails.
234 FastForwardBy(kTinyTime);
235 EXPECT_TRUE(test_delegate.has_result());
236 EXPECT_THAT(test_delegate.WaitForResult(), test::IsError(ERR_TIMED_OUT));
237}
238
239TEST_F(SSLConnectJobTest, SSLTimeoutSyncConnect) {
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]240 const base::TimeDelta kTinyTime = base::Microseconds(1);
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]241
242 // DNS lookup and transport connect complete synchronously, but SSL
243 // negotiation hangs.
244 host_resolver_.set_synchronous_mode(true);
245 StaticSocketDataProvider data;
246 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
247 socket_factory_.AddSocketDataProvider(&data);
248 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
249 socket_factory_.AddSSLSocketDataProvider(&ssl);
250
251 // Make request hang.
252 TestConnectJobDelegate test_delegate;
253 std::unique_ptr<ConnectJob> ssl_connect_job =
254 CreateConnectJob(&test_delegate);
255 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
256
257 // Right up until just before the SSL handshake timeout, the job does not time
258 // out.
259 FastForwardBy(SSLConnectJob::HandshakeTimeoutForTesting() - kTinyTime);
260 EXPECT_FALSE(test_delegate.has_result());
261
262 // But at the exact SSL handshake timeout time, the job fails.
263 FastForwardBy(kTinyTime);
264 EXPECT_TRUE(test_delegate.has_result());
265 EXPECT_THAT(test_delegate.WaitForResult(), test::IsError(ERR_TIMED_OUT));
266}
267
268TEST_F(SSLConnectJobTest, SSLTimeoutAsyncTcpConnect) {
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]269 const base::TimeDelta kTinyTime = base::Microseconds(1);
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]270
271 // DNS lookup is asynchronous, and later SSL negotiation hangs.
272 host_resolver_.set_ondemand_mode(true);
273 StaticSocketDataProvider data;
274 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
275 socket_factory_.AddSocketDataProvider(&data);
276 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
277 socket_factory_.AddSSLSocketDataProvider(&ssl);
278
279 TestConnectJobDelegate test_delegate;
280 std::unique_ptr<ConnectJob> ssl_connect_job =
281 CreateConnectJob(&test_delegate);
282 // Connecting should hand on the TransportConnectJob connect.
283 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
284
285 // Right up until just before the TCP connection timeout, the job does not
286 // time out.
287 FastForwardBy(TransportConnectJob::ConnectionTimeout() - kTinyTime);
288 EXPECT_FALSE(test_delegate.has_result());
289
290 // The DNS lookup completes, and a TCP connection is immediately establshed,
291 // which cancels the TCP connection timer. The SSL handshake timer is started,
292 // and the SSL handshake hangs.
293 host_resolver_.ResolveOnlyRequestNow();
294 EXPECT_FALSE(test_delegate.has_result());
295
296 // Right up until just before the SSL handshake timeout, the job does not time
297 // out.
298 FastForwardBy(SSLConnectJob::HandshakeTimeoutForTesting() - kTinyTime);
299 EXPECT_FALSE(test_delegate.has_result());
300
301 // But at the exact SSL handshake timeout time, the job fails.
302 FastForwardBy(kTinyTime);
303 EXPECT_TRUE(test_delegate.has_result());
304 EXPECT_THAT(test_delegate.WaitForResult(), test::IsError(ERR_TIMED_OUT));
305}
306
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]307TEST_F(SSLConnectJobTest, BasicDirectSync) {
308 host_resolver_.set_synchronous_mode(true);
309 StaticSocketDataProvider data;
310 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
311 socket_factory_.AddSocketDataProvider(&data);
312 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
313 socket_factory_.AddSSLSocketDataProvider(&ssl);
314
315 TestConnectJobDelegate test_delegate;
316 std::unique_ptr<ConnectJob> ssl_connect_job =
317 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
318
319 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
320 true /* expect_sync_result */);
321 EXPECT_EQ(MEDIUM, host_resolver_.last_request_priority());
322
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]323 ConnectionAttempts connection_attempts =
324 ssl_connect_job->GetConnectionAttempts();
325 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]326 CheckConnectTimesSet(ssl_connect_job->connect_timing());
327}
328
329TEST_F(SSLConnectJobTest, BasicDirectAsync) {
330 host_resolver_.set_ondemand_mode(true);
331 base::TimeTicks start_time = base::TimeTicks::Now();
332 StaticSocketDataProvider data;
333 data.set_connect_data(MockConnect(ASYNC, OK));
334 socket_factory_.AddSocketDataProvider(&data);
335 SSLSocketDataProvider ssl(ASYNC, OK);
336 socket_factory_.AddSSLSocketDataProvider(&ssl);
337
338 TestConnectJobDelegate test_delegate;
339 std::unique_ptr<ConnectJob> ssl_connect_job =
340 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
341 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
342 EXPECT_TRUE(host_resolver_.has_pending_requests());
343 EXPECT_EQ(MEDIUM, host_resolver_.last_request_priority());
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]344 FastForwardBy(base::Seconds(5));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]345
346 base::TimeTicks resolve_complete_time = base::TimeTicks::Now();
347 host_resolver_.ResolveAllPending();
348 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
349
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]350 ConnectionAttempts connection_attempts =
351 ssl_connect_job->GetConnectionAttempts();
352 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]353
354 // Check times. Since time is mocked out, all times will be the same, except
355 // |dns_start|, which is the only one recorded before the FastForwardBy()
356 // call. The test classes don't allow any other phases to be triggered on
357 // demand, or delayed by a set interval.
358 EXPECT_EQ(start_time, ssl_connect_job->connect_timing().dns_start);
359 EXPECT_EQ(resolve_complete_time, ssl_connect_job->connect_timing().dns_end);
360 EXPECT_EQ(resolve_complete_time,
361 ssl_connect_job->connect_timing().connect_start);
362 EXPECT_EQ(resolve_complete_time, ssl_connect_job->connect_timing().ssl_start);
363 EXPECT_EQ(resolve_complete_time, ssl_connect_job->connect_timing().ssl_end);
364 EXPECT_EQ(resolve_complete_time,
365 ssl_connect_job->connect_timing().connect_end);
366}
367
Matt Menke9d5e2c92019-02-05 01:42:23[diff] [blame]368TEST_F(SSLConnectJobTest, DirectHasEstablishedConnection) {
369 host_resolver_.set_ondemand_mode(true);
370 StaticSocketDataProvider data;
371 data.set_connect_data(MockConnect(ASYNC, OK));
372 socket_factory_.AddSocketDataProvider(&data);
373
374 // SSL negotiation hangs. Value returned after SSL negotiation is complete
375 // doesn't matter, as HasEstablishedConnection() may only be used between job
376 // start and job complete.
377 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
378 socket_factory_.AddSSLSocketDataProvider(&ssl);
379
380 TestConnectJobDelegate test_delegate;
381 std::unique_ptr<ConnectJob> ssl_connect_job =
382 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
383 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
384 EXPECT_TRUE(host_resolver_.has_pending_requests());
385 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
386 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
387
388 // DNS resolution completes, and then the ConnectJob tries to connect the
389 // socket, which should succeed asynchronously.
390 host_resolver_.ResolveNow(1);
391 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
392 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
393
394 // Spinning the message loop causes the socket to finish connecting. The SSL
395 // handshake should start and hang.
396 base::RunLoop().RunUntilIdle();
397 EXPECT_FALSE(test_delegate.has_result());
398 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
399 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
400}
401
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]402TEST_F(SSLConnectJobTest, RequestPriority) {
403 host_resolver_.set_ondemand_mode(true);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]404 for (int initial_priority = MINIMUM_PRIORITY;
405 initial_priority <= MAXIMUM_PRIORITY; ++initial_priority) {
406 SCOPED_TRACE(initial_priority);
407 for (int new_priority = MINIMUM_PRIORITY; new_priority <= MAXIMUM_PRIORITY;
408 ++new_priority) {
409 SCOPED_TRACE(new_priority);
410 if (initial_priority == new_priority)
411 continue;
412 TestConnectJobDelegate test_delegate;
413 std::unique_ptr<ConnectJob> ssl_connect_job =
414 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT,
415 static_cast<RequestPriority>(initial_priority));
416 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
417 EXPECT_TRUE(host_resolver_.has_pending_requests());
418 int request_id = host_resolver_.num_resolve();
419 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
420
421 ssl_connect_job->ChangePriority(
422 static_cast<RequestPriority>(new_priority));
423 EXPECT_EQ(new_priority, host_resolver_.request_priority(request_id));
424
425 ssl_connect_job->ChangePriority(
426 static_cast<RequestPriority>(initial_priority));
427 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]428 }
429 }
430}
431
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]432TEST_F(SSLConnectJobTest, SecureDnsPolicy) {
433 for (auto secure_dns_policy :
434 {SecureDnsPolicy::kAllow, SecureDnsPolicy::kDisable}) {
dalyk5f48a132019-10-14 15:20:19[diff] [blame]435 TestConnectJobDelegate test_delegate;
436 direct_transport_socket_params_ =
Matt Menkecd439232019-11-05 15:15:33[diff] [blame]437 base::MakeRefCounted<TransportSocketParams>(
Eric Orthc98a3e62021-07-02 17:46:37[diff] [blame]438 url::SchemeHostPort(url::kHttpsScheme, "host", 443),
439 NetworkIsolationKey(), secure_dns_policy,
David Benjamin13072a42022-02-10 22:23:21[diff] [blame^]440 OnHostResolutionCallback(),
441 /*supported_alpns=*/base::flat_set<std::string>{"h2", "http/1.1"});
dalyk5f48a132019-10-14 15:20:19[diff] [blame]442 auto common_connect_job_params = session_->CreateCommonConnectJobParams();
443 std::unique_ptr<ConnectJob> ssl_connect_job =
444 std::make_unique<SSLConnectJob>(DEFAULT_PRIORITY, SocketTag(),
445 &common_connect_job_params,
446 SSLParams(ProxyServer::SCHEME_DIRECT),
447 &test_delegate, nullptr /* net_log */);
448
449 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
Ben Schwartz432ce032021-05-05 21:49:24[diff] [blame]450 EXPECT_EQ(secure_dns_policy, host_resolver_.last_secure_dns_policy());
dalyk5f48a132019-10-14 15:20:19[diff] [blame]451 }
452}
453
dalykedd30d982019-12-16 15:31:10[diff] [blame]454TEST_F(SSLConnectJobTest, DirectHostResolutionFailure) {
455 host_resolver_.rules()->AddSimulatedTimeoutFailure("host");
456
457 TestConnectJobDelegate test_delegate;
458 std::unique_ptr<ConnectJob> ssl_connect_job =
459 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT);
460 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
461 ERR_NAME_NOT_RESOLVED,
462 false /* expect_sync_result */);
463 EXPECT_THAT(ssl_connect_job->GetResolveErrorInfo().error,
464 test::IsError(ERR_DNS_TIMED_OUT));
465}
466
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]467TEST_F(SSLConnectJobTest, DirectCertError) {
468 StaticSocketDataProvider data;
469 socket_factory_.AddSocketDataProvider(&data);
470 SSLSocketDataProvider ssl(ASYNC, ERR_CERT_COMMON_NAME_INVALID);
471 socket_factory_.AddSSLSocketDataProvider(&ssl);
472
473 TestConnectJobDelegate test_delegate(
474 TestConnectJobDelegate::SocketExpected::ALWAYS);
475 std::unique_ptr<ConnectJob> ssl_connect_job =
476 CreateConnectJob(&test_delegate);
477
478 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
479 ERR_CERT_COMMON_NAME_INVALID,
480 false /* expect_sync_result */);
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]481 EXPECT_TRUE(ssl_connect_job->IsSSLError());
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]482 ConnectionAttempts connection_attempts =
483 ssl_connect_job->GetConnectionAttempts();
484 ASSERT_EQ(1u, connection_attempts.size());
485 EXPECT_THAT(connection_attempts[0].result,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]486 test::IsError(ERR_CERT_COMMON_NAME_INVALID));
487 CheckConnectTimesSet(ssl_connect_job->connect_timing());
488}
489
490TEST_F(SSLConnectJobTest, DirectSSLError) {
491 StaticSocketDataProvider data;
492 socket_factory_.AddSocketDataProvider(&data);
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]493 SSLSocketDataProvider ssl(ASYNC, ERR_BAD_SSL_CLIENT_AUTH_CERT);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]494 socket_factory_.AddSSLSocketDataProvider(&ssl);
495
496 TestConnectJobDelegate test_delegate;
497 std::unique_ptr<ConnectJob> ssl_connect_job =
498 CreateConnectJob(&test_delegate);
499
500 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]501 ERR_BAD_SSL_CLIENT_AUTH_CERT,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]502 false /* expect_sync_result */);
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]503 ConnectionAttempts connection_attempts =
504 ssl_connect_job->GetConnectionAttempts();
505 ASSERT_EQ(1u, connection_attempts.size());
506 EXPECT_THAT(connection_attempts[0].result,
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]507 test::IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
508}
509
510// Test that the legacy crypto fallback is triggered on applicable error codes.
511TEST_F(SSLConnectJobTest, DirectLegacyCryptoFallback) {
512 for (Error error :
513 {ERR_CONNECTION_CLOSED, ERR_CONNECTION_RESET, ERR_SSL_PROTOCOL_ERROR,
514 ERR_SSL_VERSION_OR_CIPHER_MISMATCH}) {
515 SCOPED_TRACE(error);
516
517 for (bool second_attempt_ok : {true, false}) {
518 SCOPED_TRACE(second_attempt_ok);
519
520 StaticSocketDataProvider data;
521 socket_factory_.AddSocketDataProvider(&data);
522 SSLSocketDataProvider ssl(ASYNC, error);
523 socket_factory_.AddSSLSocketDataProvider(&ssl);
524 ssl.expected_disable_legacy_crypto = true;
525
526 Error error2 = second_attempt_ok ? OK : error;
527 StaticSocketDataProvider data2;
528 socket_factory_.AddSocketDataProvider(&data2);
529 SSLSocketDataProvider ssl2(ASYNC, error2);
530 socket_factory_.AddSSLSocketDataProvider(&ssl2);
531 ssl2.expected_disable_legacy_crypto = false;
532
533 TestConnectJobDelegate test_delegate;
534 std::unique_ptr<ConnectJob> ssl_connect_job =
535 CreateConnectJob(&test_delegate);
536
537 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), error2,
538 /*expect_sync_result=*/false);
539 ConnectionAttempts connection_attempts =
540 ssl_connect_job->GetConnectionAttempts();
541 if (second_attempt_ok) {
542 ASSERT_EQ(1u, connection_attempts.size());
543 EXPECT_THAT(connection_attempts[0].result, test::IsError(error));
544 } else {
545 ASSERT_EQ(2u, connection_attempts.size());
546 EXPECT_THAT(connection_attempts[0].result, test::IsError(error));
547 EXPECT_THAT(connection_attempts[1].result, test::IsError(error));
548 }
549 }
550 }
551}
552
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]553TEST_F(SSLConnectJobTest, LegacyCryptoFallbackHistograms) {
554 base::FilePath certs_dir = GetTestCertsDirectory();
555
556 scoped_refptr<X509Certificate> sha1_leaf =
557 ImportCertFromFile(certs_dir, "sha1_leaf.pem");
558 ASSERT_TRUE(sha1_leaf);
559
560 scoped_refptr<X509Certificate> ok_cert =
561 ImportCertFromFile(certs_dir, "ok_cert.pem");
562 ASSERT_TRUE(ok_cert);
563
564 // Make a copy of |ok_cert| with an unused |sha1_leaf| in the intermediate
565 // list.
566 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
567 for (const auto& cert : ok_cert->intermediate_buffers()) {
568 intermediates.push_back(bssl::UpRef(cert));
569 }
570 intermediates.push_back(bssl::UpRef(sha1_leaf->cert_buffer()));
571 scoped_refptr<X509Certificate> ok_with_unused_sha1 =
572 X509Certificate::CreateFromBuffer(bssl::UpRef(ok_cert->cert_buffer()),
573 std::move(intermediates));
574 ASSERT_TRUE(ok_with_unused_sha1);
575
576 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
577 const uint16_t kModernCipher = 0xc02f;
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]578
579 struct HistogramTest {
580 SSLLegacyCryptoFallback expected;
581 Error first_attempt;
582 uint16_t cipher_suite;
583 uint16_t peer_signature_algorithm;
584 scoped_refptr<X509Certificate> unverified_cert;
585 };
586
587 const HistogramTest kHistogramTests[] = {
588 // Connections not using the fallback map to kNoFallback.
589 {SSLLegacyCryptoFallback::kNoFallback, OK, kModernCipher,
590 SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_cert},
591 {SSLLegacyCryptoFallback::kNoFallback, OK, kModernCipher,
592 SSL_SIGN_RSA_PSS_RSAE_SHA256, sha1_leaf},
593 {SSLLegacyCryptoFallback::kNoFallback, OK, kModernCipher,
594 SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_with_unused_sha1},
595
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]596 // Connections using SHA-1 map to kUsedSHA1 or kSentSHA1CertAndUsedSHA1.
597 {SSLLegacyCryptoFallback::kUsedSHA1, ERR_SSL_PROTOCOL_ERROR,
598 kModernCipher, SSL_SIGN_RSA_PKCS1_SHA1, ok_cert},
599 {SSLLegacyCryptoFallback::kSentSHA1CertAndUsedSHA1,
600 ERR_SSL_PROTOCOL_ERROR, kModernCipher, SSL_SIGN_RSA_PKCS1_SHA1,
601 sha1_leaf},
602 {SSLLegacyCryptoFallback::kSentSHA1CertAndUsedSHA1,
603 ERR_SSL_PROTOCOL_ERROR, kModernCipher, SSL_SIGN_RSA_PKCS1_SHA1,
604 ok_with_unused_sha1},
605
606 // Connections using neither map to kUnknownReason or kSentSHA1Cert.
607 {SSLLegacyCryptoFallback::kUnknownReason, ERR_SSL_PROTOCOL_ERROR,
608 kModernCipher, SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_cert},
609 {SSLLegacyCryptoFallback::kSentSHA1Cert, ERR_SSL_PROTOCOL_ERROR,
610 kModernCipher, SSL_SIGN_RSA_PSS_RSAE_SHA256, sha1_leaf},
611 {SSLLegacyCryptoFallback::kSentSHA1Cert, ERR_SSL_PROTOCOL_ERROR,
612 kModernCipher, SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_with_unused_sha1},
613 };
614 for (size_t i = 0; i < base::size(kHistogramTests); i++) {
615 SCOPED_TRACE(i);
616 const auto& test = kHistogramTests[i];
617
618 base::HistogramTester tester;
619
620 SSLInfo ssl_info;
621 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
622 &ssl_info.connection_status);
623 SSLConnectionStatusSetCipherSuite(test.cipher_suite,
624 &ssl_info.connection_status);
625 ssl_info.peer_signature_algorithm = test.peer_signature_algorithm;
626 ssl_info.unverified_cert = test.unverified_cert;
627
628 StaticSocketDataProvider data;
629 socket_factory_.AddSocketDataProvider(&data);
630 SSLSocketDataProvider ssl(ASYNC, test.first_attempt);
631 socket_factory_.AddSSLSocketDataProvider(&ssl);
632 ssl.expected_disable_legacy_crypto = true;
633
634 StaticSocketDataProvider data2;
635 SSLSocketDataProvider ssl2(ASYNC, OK);
636 if (test.first_attempt != OK) {
637 socket_factory_.AddSocketDataProvider(&data2);
638 socket_factory_.AddSSLSocketDataProvider(&ssl2);
639 ssl2.ssl_info = ssl_info;
640 ssl2.expected_disable_legacy_crypto = false;
641 } else {
642 ssl.ssl_info = ssl_info;
643 }
644
645 TestConnectJobDelegate test_delegate;
646 std::unique_ptr<ConnectJob> ssl_connect_job =
647 CreateConnectJob(&test_delegate);
648
649 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
650 /*expect_sync_result=*/false);
651
652 tester.ExpectUniqueSample("Net.SSLLegacyCryptoFallback", test.expected, 1);
653 }
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]654}
655
656TEST_F(SSLConnectJobTest, DirectWithNPN) {
657 StaticSocketDataProvider data;
658 socket_factory_.AddSocketDataProvider(&data);
659 SSLSocketDataProvider ssl(ASYNC, OK);
660 ssl.next_proto = kProtoHTTP11;
661 socket_factory_.AddSSLSocketDataProvider(&ssl);
662
663 TestConnectJobDelegate test_delegate;
664 std::unique_ptr<ConnectJob> ssl_connect_job =
665 CreateConnectJob(&test_delegate);
666
667 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
668 false /* expect_sync_result */);
669 EXPECT_TRUE(test_delegate.socket()->WasAlpnNegotiated());
670 CheckConnectTimesSet(ssl_connect_job->connect_timing());
671}
672
673TEST_F(SSLConnectJobTest, DirectGotHTTP2) {
674 StaticSocketDataProvider data;
675 socket_factory_.AddSocketDataProvider(&data);
676 SSLSocketDataProvider ssl(ASYNC, OK);
677 ssl.next_proto = kProtoHTTP2;
678 socket_factory_.AddSSLSocketDataProvider(&ssl);
679
680 TestConnectJobDelegate test_delegate;
681 std::unique_ptr<ConnectJob> ssl_connect_job =
682 CreateConnectJob(&test_delegate);
683
684 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
685 false /* expect_sync_result */);
686 EXPECT_TRUE(test_delegate.socket()->WasAlpnNegotiated());
687 EXPECT_EQ(kProtoHTTP2, test_delegate.socket()->GetNegotiatedProtocol());
688 CheckConnectTimesSet(ssl_connect_job->connect_timing());
689}
690
691TEST_F(SSLConnectJobTest, SOCKSFail) {
692 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
693 SCOPED_TRACE(io_mode);
694 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
695 StaticSocketDataProvider data;
696 data.set_connect_data(MockConnect(io_mode, ERR_CONNECTION_FAILED));
697 socket_factory_.AddSocketDataProvider(&data);
698
699 TestConnectJobDelegate test_delegate;
700 std::unique_ptr<ConnectJob> ssl_connect_job =
701 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
702 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
703 ERR_PROXY_CONNECTION_FAILED,
704 io_mode == SYNCHRONOUS);
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]705 EXPECT_FALSE(ssl_connect_job->IsSSLError());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]706
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]707 ConnectionAttempts connection_attempts =
708 ssl_connect_job->GetConnectionAttempts();
709 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]710 }
711}
712
dalykedd30d982019-12-16 15:31:10[diff] [blame]713TEST_F(SSLConnectJobTest, SOCKSHostResolutionFailure) {
714 host_resolver_.rules()->AddSimulatedTimeoutFailure("proxy");
715
716 TestConnectJobDelegate test_delegate;
717 std::unique_ptr<ConnectJob> ssl_connect_job =
718 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
719 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
720 ERR_PROXY_CONNECTION_FAILED,
721 false /* expect_sync_result */);
722 EXPECT_THAT(ssl_connect_job->GetResolveErrorInfo().error,
723 test::IsError(ERR_DNS_TIMED_OUT));
724}
725
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]726TEST_F(SSLConnectJobTest, SOCKSBasic) {
727 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
728 SCOPED_TRACE(io_mode);
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]729 const uint8_t kSOCKS5Request[] = {0x05, 0x01, 0x00, 0x03, 0x09, 's',
730 'o', 'c', 'k', 's', 'h', 'o',
731 's', 't', 0x01, 0xBB};
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]732
733 MockWrite writes[] = {
734 MockWrite(io_mode, kSOCKS5GreetRequest, kSOCKS5GreetRequestLength),
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]735 MockWrite(io_mode, reinterpret_cast<const char*>(kSOCKS5Request),
736 base::size(kSOCKS5Request)),
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]737 };
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]738
739 MockRead reads[] = {
740 MockRead(io_mode, kSOCKS5GreetResponse, kSOCKS5GreetResponseLength),
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]741 MockRead(io_mode, kSOCKS5OkResponse, kSOCKS5OkResponseLength),
742 };
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]743
744 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
745 StaticSocketDataProvider data(reads, writes);
746 data.set_connect_data(MockConnect(io_mode, OK));
747 socket_factory_.AddSocketDataProvider(&data);
748 SSLSocketDataProvider ssl(io_mode, OK);
749 socket_factory_.AddSSLSocketDataProvider(&ssl);
750
751 TestConnectJobDelegate test_delegate;
752 std::unique_ptr<ConnectJob> ssl_connect_job =
753 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
754 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
755 io_mode == SYNCHRONOUS);
756 CheckConnectTimesExceptDnsSet(ssl_connect_job->connect_timing());
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]757
758 // Proxies should not set any DNS aliases.
759 EXPECT_TRUE(test_delegate.socket()->GetDnsAliases().empty());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]760 }
761}
762
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]763TEST_F(SSLConnectJobTest, SOCKSHasEstablishedConnection) {
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]764 const uint8_t kSOCKS5Request[] = {0x05, 0x01, 0x00, 0x03, 0x09, 's',
765 'o', 'c', 'k', 's', 'h', 'o',
766 's', 't', 0x01, 0xBB};
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]767
768 MockWrite writes[] = {
769 MockWrite(SYNCHRONOUS, kSOCKS5GreetRequest, kSOCKS5GreetRequestLength, 0),
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]770 MockWrite(SYNCHRONOUS, reinterpret_cast<const char*>(kSOCKS5Request),
771 base::size(kSOCKS5Request), 3),
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]772 };
773
774 MockRead reads[] = {
775 // Pause so can probe current state.
776 MockRead(ASYNC, ERR_IO_PENDING, 1),
777 MockRead(ASYNC, kSOCKS5GreetResponse, kSOCKS5GreetResponseLength, 2),
778 MockRead(SYNCHRONOUS, kSOCKS5OkResponse, kSOCKS5OkResponseLength, 4),
779 };
780
781 host_resolver_.set_ondemand_mode(true);
782 SequencedSocketData data(reads, writes);
783 data.set_connect_data(MockConnect(ASYNC, OK));
784 socket_factory_.AddSocketDataProvider(&data);
785
786 // SSL negotiation hangs. Value returned after SSL negotiation is complete
787 // doesn't matter, as HasEstablishedConnection() may only be used between job
788 // start and job complete.
789 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
790 socket_factory_.AddSSLSocketDataProvider(&ssl);
791
792 TestConnectJobDelegate test_delegate;
793 std::unique_ptr<ConnectJob> ssl_connect_job =
794 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
795 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
796 EXPECT_TRUE(host_resolver_.has_pending_requests());
797 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
798 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
799
800 // DNS resolution completes, and then the ConnectJob tries to connect the
801 // socket, which should succeed asynchronously.
802 host_resolver_.ResolveNow(1);
803 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
804 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
805
806 // Spin the message loop until the first read of the handshake.
807 // HasEstablishedConnection() should return true, as a TCP connection has been
808 // successfully established by this point.
809 data.RunUntilPaused();
810 EXPECT_FALSE(test_delegate.has_result());
811 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
812 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
813
814 // Finish up the handshake, and spin the message loop until the SSL handshake
815 // starts and hang.
816 data.Resume();
817 base::RunLoop().RunUntilIdle();
818 EXPECT_FALSE(test_delegate.has_result());
819 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
820 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
821}
822
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]823TEST_F(SSLConnectJobTest, SOCKSRequestPriority) {
824 host_resolver_.set_ondemand_mode(true);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]825 for (int initial_priority = MINIMUM_PRIORITY;
826 initial_priority <= MAXIMUM_PRIORITY; ++initial_priority) {
827 SCOPED_TRACE(initial_priority);
828 for (int new_priority = MINIMUM_PRIORITY; new_priority <= MAXIMUM_PRIORITY;
829 ++new_priority) {
830 SCOPED_TRACE(new_priority);
831 if (initial_priority == new_priority)
832 continue;
833 TestConnectJobDelegate test_delegate;
834 std::unique_ptr<ConnectJob> ssl_connect_job =
835 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5,
836 static_cast<RequestPriority>(initial_priority));
837 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
838 EXPECT_TRUE(host_resolver_.has_pending_requests());
839 int request_id = host_resolver_.num_resolve();
840 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
841
842 ssl_connect_job->ChangePriority(
843 static_cast<RequestPriority>(new_priority));
844 EXPECT_EQ(new_priority, host_resolver_.request_priority(request_id));
845
846 ssl_connect_job->ChangePriority(
847 static_cast<RequestPriority>(initial_priority));
848 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]849 }
850 }
851}
852
853TEST_F(SSLConnectJobTest, HttpProxyFail) {
854 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
855 SCOPED_TRACE(io_mode);
856 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
857 StaticSocketDataProvider data;
858 data.set_connect_data(MockConnect(io_mode, ERR_CONNECTION_FAILED));
859 socket_factory_.AddSocketDataProvider(&data);
860
861 TestConnectJobDelegate test_delegate;
862 std::unique_ptr<ConnectJob> ssl_connect_job =
863 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
864 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
865 ERR_PROXY_CONNECTION_FAILED,
866 io_mode == SYNCHRONOUS);
867
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]868 EXPECT_FALSE(ssl_connect_job->IsSSLError());
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]869 ConnectionAttempts connection_attempts =
870 ssl_connect_job->GetConnectionAttempts();
871 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]872 }
873}
874
dalykedd30d982019-12-16 15:31:10[diff] [blame]875TEST_F(SSLConnectJobTest, HttpProxyHostResolutionFailure) {
876 host_resolver_.rules()->AddSimulatedTimeoutFailure("proxy");
877
878 TestConnectJobDelegate test_delegate;
879 std::unique_ptr<ConnectJob> ssl_connect_job =
880 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
881 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
882 ERR_PROXY_CONNECTION_FAILED,
883 false /* expect_sync_result */);
884 EXPECT_THAT(ssl_connect_job->GetResolveErrorInfo().error,
885 test::IsError(ERR_DNS_TIMED_OUT));
886}
887
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]888TEST_F(SSLConnectJobTest, HttpProxyAuthChallenge) {
889 MockWrite writes[] = {
890 MockWrite(ASYNC, 0,
891 "CONNECT host:80 HTTP/1.1\r\n"
892 "Host: host:80\r\n"
893 "Proxy-Connection: keep-alive\r\n\r\n"),
894 MockWrite(ASYNC, 5,
895 "CONNECT host:80 HTTP/1.1\r\n"
896 "Host: host:80\r\n"
897 "Proxy-Connection: keep-alive\r\n"
898 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
899 };
900 MockRead reads[] = {
901 MockRead(ASYNC, 1, "HTTP/1.1 407 Proxy Authentication Required\r\n"),
902 MockRead(ASYNC, 2, "Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"),
903 MockRead(ASYNC, 3, "Content-Length: 10\r\n\r\n"),
904 MockRead(ASYNC, 4, "0123456789"),
905 MockRead(ASYNC, 6, "HTTP/1.1 200 Connection Established\r\n\r\n"),
906 };
907 StaticSocketDataProvider data(reads, writes);
908 socket_factory_.AddSocketDataProvider(&data);
909 SSLSocketDataProvider ssl(ASYNC, OK);
910 socket_factory_.AddSSLSocketDataProvider(&ssl);
911
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]912 TestConnectJobDelegate test_delegate;
913 std::unique_ptr<ConnectJob> ssl_connect_job =
914 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
915 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
916 test_delegate.WaitForAuthChallenge(1);
917
918 EXPECT_EQ(407, test_delegate.auth_response_info().headers->response_code());
919 std::string proxy_authenticate;
920 ASSERT_TRUE(test_delegate.auth_response_info().headers->EnumerateHeader(
921 nullptr, "Proxy-Authenticate", &proxy_authenticate));
922 EXPECT_EQ(proxy_authenticate, "Basic realm=\"MyRealm1\"");
923
924 // While waiting for auth credentials to be provided, the Job should not time
925 // out.
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]926 FastForwardBy(base::Days(1));
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]927 test_delegate.WaitForAuthChallenge(1);
928 EXPECT_FALSE(test_delegate.has_result());
929
930 // Respond to challenge.
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]931 test_delegate.auth_controller()->ResetAuth(AuthCredentials(u"foo", u"bar"));
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]932 test_delegate.RunAuthCallback();
933
934 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]935
936 // Proxies should not set any DNS aliases.
937 EXPECT_TRUE(test_delegate.socket()->GetDnsAliases().empty());
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]938}
939
940TEST_F(SSLConnectJobTest, HttpProxyAuthWithCachedCredentials) {
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]941 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
942 SCOPED_TRACE(io_mode);
943 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
944 MockWrite writes[] = {
945 MockWrite(io_mode,
946 "CONNECT host:80 HTTP/1.1\r\n"
947 "Host: host:80\r\n"
948 "Proxy-Connection: keep-alive\r\n"
949 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
950 };
951 MockRead reads[] = {
952 MockRead(io_mode, "HTTP/1.1 200 Connection Established\r\n\r\n"),
953 };
954 StaticSocketDataProvider data(reads, writes);
955 data.set_connect_data(MockConnect(io_mode, OK));
956 socket_factory_.AddSocketDataProvider(&data);
957 AddAuthToCache();
958 SSLSocketDataProvider ssl(io_mode, OK);
959 socket_factory_.AddSSLSocketDataProvider(&ssl);
960
961 TestConnectJobDelegate test_delegate;
962 std::unique_ptr<ConnectJob> ssl_connect_job =
963 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
964 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
965 io_mode == SYNCHRONOUS);
966 CheckConnectTimesExceptDnsSet(ssl_connect_job->connect_timing());
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]967 EXPECT_TRUE(test_delegate.socket()->GetDnsAliases().empty());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]968 }
969}
970
971TEST_F(SSLConnectJobTest, HttpProxyRequestPriority) {
972 host_resolver_.set_ondemand_mode(true);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]973 for (int initial_priority = MINIMUM_PRIORITY;
974 initial_priority <= MAXIMUM_PRIORITY; ++initial_priority) {
975 SCOPED_TRACE(initial_priority);
976 for (int new_priority = MINIMUM_PRIORITY; new_priority <= MAXIMUM_PRIORITY;
977 ++new_priority) {
978 SCOPED_TRACE(new_priority);
979 if (initial_priority == new_priority)
980 continue;
981 TestConnectJobDelegate test_delegate;
982 std::unique_ptr<ConnectJob> ssl_connect_job =
983 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP,
984 static_cast<RequestPriority>(initial_priority));
985 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
986 EXPECT_TRUE(host_resolver_.has_pending_requests());
987 int request_id = host_resolver_.num_resolve();
988 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
989
990 ssl_connect_job->ChangePriority(
991 static_cast<RequestPriority>(new_priority));
992 EXPECT_EQ(new_priority, host_resolver_.request_priority(request_id));
993
994 ssl_connect_job->ChangePriority(
995 static_cast<RequestPriority>(initial_priority));
996 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]997 }
998 }
999}
1000
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1001TEST_F(SSLConnectJobTest, HttpProxyAuthHasEstablishedConnection) {
1002 host_resolver_.set_ondemand_mode(true);
1003 MockWrite writes[] = {
1004 MockWrite(ASYNC, 0,
1005 "CONNECT host:80 HTTP/1.1\r\n"
1006 "Host: host:80\r\n"
1007 "Proxy-Connection: keep-alive\r\n\r\n"),
1008 MockWrite(ASYNC, 3,
1009 "CONNECT host:80 HTTP/1.1\r\n"
1010 "Host: host:80\r\n"
1011 "Proxy-Connection: keep-alive\r\n"
1012 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
1013 };
1014 MockRead reads[] = {
1015 // Pause reading.
1016 MockRead(ASYNC, ERR_IO_PENDING, 1),
1017 MockRead(ASYNC, 2,
1018 "HTTP/1.1 407 Proxy Authentication Required\r\n"
1019 "Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"
1020 "Content-Length: 0\r\n\r\n"),
1021 // Pause reading.
1022 MockRead(ASYNC, ERR_IO_PENDING, 4),
1023 MockRead(ASYNC, 5, "HTTP/1.1 200 Connection Established\r\n\r\n"),
1024 };
1025 SequencedSocketData data(reads, writes);
1026 socket_factory_.AddSocketDataProvider(&data);
1027 SSLSocketDataProvider ssl(ASYNC, OK);
1028 socket_factory_.AddSSLSocketDataProvider(&ssl);
1029
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1030 TestConnectJobDelegate test_delegate;
1031 std::unique_ptr<ConnectJob> ssl_connect_job =
1032 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
1033 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1034 EXPECT_TRUE(host_resolver_.has_pending_requests());
1035 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
1036 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1037
1038 // DNS resolution completes, and then the ConnectJob tries to connect the
1039 // socket, which should succeed asynchronously.
1040 host_resolver_.ResolveOnlyRequestNow();
1041 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
1042 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1043
1044 // Spinning the message loop causes the connection to be established and the
1045 // nested HttpProxyConnectJob to start establishing a tunnel.
1046 base::RunLoop().RunUntilIdle();
1047 EXPECT_FALSE(test_delegate.has_result());
1048 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1049 ssl_connect_job->GetLoadState());
1050 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1051
1052 // Receive the auth challenge.
1053 data.Resume();
1054 test_delegate.WaitForAuthChallenge(1);
1055 EXPECT_FALSE(test_delegate.has_result());
1056 EXPECT_EQ(LOAD_STATE_IDLE, ssl_connect_job->GetLoadState());
1057 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1058
1059 // Respond to challenge.
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]1060 test_delegate.auth_controller()->ResetAuth(AuthCredentials(u"foo", u"bar"));
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1061 test_delegate.RunAuthCallback();
1062 EXPECT_FALSE(test_delegate.has_result());
1063 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1064 ssl_connect_job->GetLoadState());
1065 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1066
1067 // Run until the next read pauses.
1068 base::RunLoop().RunUntilIdle();
1069 EXPECT_FALSE(test_delegate.has_result());
1070 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1071 ssl_connect_job->GetLoadState());
1072 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1073
1074 // Receive the connection established response, at which point SSL negotiation
1075 // finally starts.
1076 data.Resume();
1077 EXPECT_FALSE(test_delegate.has_result());
1078 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
1079 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1080
1081 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
1082}
1083
1084TEST_F(SSLConnectJobTest,
1085 HttpProxyAuthHasEstablishedConnectionWithProxyConnectionClose) {
1086 host_resolver_.set_ondemand_mode(true);
1087 MockWrite writes1[] = {
1088 MockWrite(ASYNC, 0,
1089 "CONNECT host:80 HTTP/1.1\r\n"
1090 "Host: host:80\r\n"
1091 "Proxy-Connection: keep-alive\r\n\r\n"),
1092 };
1093 MockRead reads1[] = {
1094 // Pause reading.
1095 MockRead(ASYNC, ERR_IO_PENDING, 1),
1096 MockRead(ASYNC, 2,
1097 "HTTP/1.1 407 Proxy Authentication Required\r\n"
1098 "Proxy-Connection: Close\r\n"
1099 "Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"
1100 "Content-Length: 0\r\n\r\n"),
1101 };
1102 SequencedSocketData data1(reads1, writes1);
1103 socket_factory_.AddSocketDataProvider(&data1);
1104
1105 MockWrite writes2[] = {
1106 MockWrite(ASYNC, 0,
1107 "CONNECT host:80 HTTP/1.1\r\n"
1108 "Host: host:80\r\n"
1109 "Proxy-Connection: keep-alive\r\n"
1110 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
1111 };
1112 MockRead reads2[] = {
1113 // Pause reading.
1114 MockRead(ASYNC, ERR_IO_PENDING, 1),
1115 MockRead(ASYNC, 2, "HTTP/1.1 200 Connection Established\r\n\r\n"),
1116 };
1117 SequencedSocketData data2(reads2, writes2);
1118 socket_factory_.AddSocketDataProvider(&data2);
1119 SSLSocketDataProvider ssl(ASYNC, OK);
1120 socket_factory_.AddSSLSocketDataProvider(&ssl);
1121
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1122 TestConnectJobDelegate test_delegate;
1123 std::unique_ptr<ConnectJob> ssl_connect_job =
1124 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
1125 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1126 EXPECT_TRUE(host_resolver_.has_pending_requests());
1127 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
1128 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1129
1130 // DNS resolution completes, and then the ConnectJob tries to connect the
1131 // socket, which should succeed asynchronously.
1132 host_resolver_.ResolveOnlyRequestNow();
1133 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
1134 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1135
1136 // Spinning the message loop causes the connection to be established and the
1137 // nested HttpProxyConnectJob to start establishing a tunnel.
1138 base::RunLoop().RunUntilIdle();
1139 EXPECT_FALSE(test_delegate.has_result());
1140 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1141 ssl_connect_job->GetLoadState());
1142 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1143
1144 // Receive the auth challenge.
1145 data1.Resume();
1146 test_delegate.WaitForAuthChallenge(1);
1147 EXPECT_FALSE(test_delegate.has_result());
1148 EXPECT_EQ(LOAD_STATE_IDLE, ssl_connect_job->GetLoadState());
1149 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1150
1151 // Respond to challenge.
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]1152 test_delegate.auth_controller()->ResetAuth(AuthCredentials(u"foo", u"bar"));
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1153 test_delegate.RunAuthCallback();
1154 EXPECT_FALSE(test_delegate.has_result());
1155 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1156 ssl_connect_job->GetLoadState());
1157 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1158
1159 // Run until the next DNS lookup.
1160 base::RunLoop().RunUntilIdle();
1161 EXPECT_TRUE(host_resolver_.has_pending_requests());
1162 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
1163 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1164
1165 // DNS resolution completes, and then the ConnectJob tries to connect the
1166 // socket, which should succeed asynchronously.
1167 host_resolver_.ResolveOnlyRequestNow();
1168 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
1169 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1170
1171 // Spinning the message loop causes the connection to be established and the
1172 // nested HttpProxyConnectJob to start establishing a tunnel.
1173 base::RunLoop().RunUntilIdle();
1174 EXPECT_FALSE(test_delegate.has_result());
1175 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1176 ssl_connect_job->GetLoadState());
1177 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1178
1179 // Receive the connection established response, at which point SSL negotiation
1180 // finally starts.
1181 data2.Resume();
1182 EXPECT_FALSE(test_delegate.has_result());
1183 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
1184 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1185
1186 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
1187}
1188
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]1189TEST_F(SSLConnectJobTest, DnsAliases) {
1190 host_resolver_.set_synchronous_mode(true);
1191
1192 // Resolve an AddressList with DNS aliases.
1193 std::vector<std::string> aliases({"alias1", "alias2", "host"});
1194 host_resolver_.rules()->AddIPLiteralRuleWithDnsAliases("host", "2.2.2.2",
1195 std::move(aliases));
1196 StaticSocketDataProvider data;
1197 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
1198 socket_factory_.AddSocketDataProvider(&data);
1199 SSLSocketDataProvider ssl(ASYNC, OK);
1200 socket_factory_.AddSSLSocketDataProvider(&ssl);
1201 TestConnectJobDelegate test_delegate;
1202
1203 std::unique_ptr<ConnectJob> ssl_connect_job =
1204 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
1205
1206 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1207
1208 base::RunLoop().RunUntilIdle();
1209
1210 // Verify that the elements of the alias list are those from the
1211 // parameter vector.
1212 EXPECT_THAT(test_delegate.socket()->GetDnsAliases(),
1213 testing::ElementsAre("alias1", "alias2", "host"));
1214}
1215
1216TEST_F(SSLConnectJobTest, NoAdditionalDnsAliases) {
1217 host_resolver_.set_synchronous_mode(true);
1218
1219 // Resolve an AddressList without additional DNS aliases. (The parameter
1220 // is an empty vector.)
1221 std::vector<std::string> aliases;
1222 host_resolver_.rules()->AddIPLiteralRuleWithDnsAliases("host", "2.2.2.2",
1223 std::move(aliases));
1224 StaticSocketDataProvider data;
1225 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
1226 socket_factory_.AddSocketDataProvider(&data);
1227 SSLSocketDataProvider ssl(ASYNC, OK);
1228 socket_factory_.AddSSLSocketDataProvider(&ssl);
1229 TestConnectJobDelegate test_delegate;
1230
1231 std::unique_ptr<ConnectJob> ssl_connect_job =
1232 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
1233
1234 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1235
1236 base::RunLoop().RunUntilIdle();
1237
1238 // Verify that the alias list only contains "host".
1239 EXPECT_THAT(test_delegate.socket()->GetDnsAliases(),
1240 testing::ElementsAre("host"));
1241}
1242
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]1243} // namespace
1244} // namespace net