Google Git
Sign in
chromium / chromium / src / be86fee19e23e886e493218a5dc1188902acebdb / . / net / socket / ssl_connect_job_unittest.cc
blob: 65ec9392bc6c4e102ac9e3d53725935169834013 [file] [log] [blame]
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]1// Copyright 2019 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/socket/ssl_connect_job.h"
6
7#include <memory>
8#include <string>
9
10#include "base/callback.h"
11#include "base/compiler_specific.h"
Lei Zhang305c015e12021-06-04 21:07:02[diff] [blame]12#include "base/cxx17_backports.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]13#include "base/strings/string_util.h"
14#include "base/strings/utf_string_conversions.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]15#include "base/test/metrics/histogram_tester.h"
16#include "base/test/scoped_feature_list.h"
Gabriel Charettec7108742019-08-23 03:31:40[diff] [blame]17#include "base/test/task_environment.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]18#include "base/time/time.h"
19#include "net/base/auth.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]20#include "net/base/features.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]21#include "net/base/load_timing_info.h"
22#include "net/base/net_errors.h"
Matt Menkeae58eeb2019-05-24 21:09:50[diff] [blame]23#include "net/base/network_isolation_key.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]24#include "net/cert/ct_policy_enforcer.h"
25#include "net/cert/mock_cert_verifier.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]26#include "net/dns/mock_host_resolver.h"
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]27#include "net/dns/public/secure_dns_policy.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]28#include "net/http/http_auth_handler_factory.h"
29#include "net/http/http_network_session.h"
Matt Menke0754b5d02019-02-10 21:46:43[diff] [blame]30#include "net/http/http_proxy_connect_job.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]31#include "net/http/http_request_headers.h"
32#include "net/http/http_response_headers.h"
Matt Menke609160742019-08-02 18:47:26[diff] [blame]33#include "net/http/http_server_properties.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]34#include "net/http/transport_security_state.h"
35#include "net/log/net_log_source.h"
36#include "net/log/net_log_with_source.h"
Nicolas Arciniegad2013f92020-02-07 23:00:56[diff] [blame]37#include "net/proxy_resolution/configured_proxy_resolution_service.h"
Victor Vasiliev7752898d2019-11-14 21:30:22[diff] [blame]38#include "net/quic/quic_context.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]39#include "net/socket/connect_job_test_util.h"
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]40#include "net/socket/connection_attempts.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]41#include "net/socket/next_proto.h"
42#include "net/socket/socket_tag.h"
43#include "net/socket/socket_test_util.h"
44#include "net/socket/socks_connect_job.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]45#include "net/socket/transport_connect_job.h"
46#include "net/ssl/ssl_config_service_defaults.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]47#include "net/ssl/ssl_connection_status_flags.h"
48#include "net/ssl/ssl_legacy_crypto_fallback.h"
49#include "net/test/cert_test_util.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]50#include "net/test/gtest_util.h"
51#include "net/test/test_certificate_data.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]52#include "net/test/test_data_directory.h"
Gabriel Charettec7108742019-08-23 03:31:40[diff] [blame]53#include "net/test/test_with_task_environment.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]54#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
55#include "testing/gtest/include/gtest/gtest.h"
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]56#include "third_party/boringssl/src/include/openssl/ssl.h"
Eric Orthc98a3e62021-07-02 17:46:37[diff] [blame]57#include "url/scheme_host_port.h"
58#include "url/url_constants.h"
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]59
60namespace net {
61namespace {
62
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]63// Just check that all connect times are set to base::TimeTicks::Now(), for
64// tests that don't update the mocked out time.
65void CheckConnectTimesSet(const LoadTimingInfo::ConnectTiming& connect_timing) {
66 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.dns_start);
67 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.dns_end);
68 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_start);
69 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_start);
70 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_end);
71 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_end);
72}
73
74// Just check that all connect times are set to base::TimeTicks::Now(), except
75// for DNS times, for tests that don't update the mocked out time and use a
76// proxy.
77void CheckConnectTimesExceptDnsSet(
78 const LoadTimingInfo::ConnectTiming& connect_timing) {
79 EXPECT_TRUE(connect_timing.dns_start.is_null());
80 EXPECT_TRUE(connect_timing.dns_end.is_null());
81 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_start);
82 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_start);
83 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.ssl_end);
84 EXPECT_EQ(base::TimeTicks::Now(), connect_timing.connect_end);
85}
86
Gabriel Charette694c3c332019-08-19 14:53:05[diff] [blame]87class SSLConnectJobTest : public WithTaskEnvironment, public testing::Test {
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]88 public:
89 SSLConnectJobTest()
Gabriel Charette694c3c332019-08-19 14:53:05[diff] [blame]90 : WithTaskEnvironment(base::test::TaskEnvironment::TimeSource::MOCK_TIME),
Nicolas Arciniegad2013f92020-02-07 23:00:56[diff] [blame]91 proxy_resolution_service_(
92 ConfiguredProxyResolutionService::CreateDirect()),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]93 ssl_config_service_(new SSLConfigServiceDefaults),
Eric Orthbe2efac2019-03-06 01:11:11[diff] [blame]94 http_auth_handler_factory_(HttpAuthHandlerFactory::CreateDefault()),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]95 session_(CreateNetworkSession()),
Eric Orthc98a3e62021-07-02 17:46:37[diff] [blame]96 direct_transport_socket_params_(new TransportSocketParams(
97 url::SchemeHostPort(url::kHttpsScheme, "host", 443),
98 NetworkIsolationKey(),
99 SecureDnsPolicy::kAllow,
100 OnHostResolutionCallback())),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]101 proxy_transport_socket_params_(
102 new TransportSocketParams(HostPortPair("proxy", 443),
Matt Menkecd439232019-11-05 15:15:33[diff] [blame]103 NetworkIsolationKey(),
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]104 SecureDnsPolicy::kAllow,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]105 OnHostResolutionCallback())),
106 socks_socket_params_(
107 new SOCKSSocketParams(proxy_transport_socket_params_,
108 true,
109 HostPortPair("sockshost", 443),
Matt Menke166710e2019-11-06 03:35:51[diff] [blame]110 NetworkIsolationKey(),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]111 TRAFFIC_ANNOTATION_FOR_TESTS)),
112 http_proxy_socket_params_(
113 new HttpProxySocketParams(proxy_transport_socket_params_,
114 nullptr /* ssl_params */,
Matt Menkeb5fb42b2019-03-22 17:26:13[diff] [blame]115 false /* is_quic */,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]116 HostPortPair("host", 80),
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]117 /*tunnel=*/true,
Matt Menkeae58eeb2019-05-24 21:09:50[diff] [blame]118 TRAFFIC_ANNOTATION_FOR_TESTS,
119 NetworkIsolationKey())),
Gabriel Charette694c3c332019-08-19 14:53:05[diff] [blame]120 common_connect_job_params_(session_->CreateCommonConnectJobParams()) {}
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]121
122 ~SSLConnectJobTest() override = default;
123
124 std::unique_ptr<ConnectJob> CreateConnectJob(
125 TestConnectJobDelegate* test_delegate,
126 ProxyServer::Scheme proxy_scheme = ProxyServer::SCHEME_DIRECT,
127 RequestPriority priority = DEFAULT_PRIORITY) {
128 return std::make_unique<SSLConnectJob>(
Matt Menkea6f99ad2019-03-08 02:26:43[diff] [blame]129 priority, SocketTag(), &common_connect_job_params_,
Matt Menke14819512019-03-02 16:59:58[diff] [blame]130 SSLParams(proxy_scheme), test_delegate, nullptr /* net_log */);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]131 }
132
133 scoped_refptr<SSLSocketParams> SSLParams(ProxyServer::Scheme proxy) {
134 return base::MakeRefCounted<SSLSocketParams>(
135 proxy == ProxyServer::SCHEME_DIRECT ? direct_transport_socket_params_
136 : nullptr,
137 proxy == ProxyServer::SCHEME_SOCKS5 ? socks_socket_params_ : nullptr,
138 proxy == ProxyServer::SCHEME_HTTP ? http_proxy_socket_params_ : nullptr,
David Benjamin151ec6b2019-08-02 19:38:52[diff] [blame]139 HostPortPair("host", 443), SSLConfig(), PRIVACY_MODE_DISABLED,
David Benjamin6f2da652019-06-26 23:36:35[diff] [blame]140 NetworkIsolationKey());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]141 }
142
143 void AddAuthToCache() {
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]144 const std::u16string kFoo(u"foo");
145 const std::u16string kBar(u"bar");
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]146 session_->http_auth_cache()->Add(
Matt Menke96092e62019-10-18 04:09:33[diff] [blame]147 GURL("http://proxy:443/"), HttpAuth::AUTH_PROXY, "MyRealm1",
Matt Menkebe090422019-10-18 20:25:26[diff] [blame]148 HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
149 "Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]150 }
151
152 HttpNetworkSession* CreateNetworkSession() {
Matt Menke30a878c2021-07-20 22:25:09[diff] [blame]153 HttpNetworkSessionContext session_context;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]154 session_context.host_resolver = &host_resolver_;
155 session_context.cert_verifier = &cert_verifier_;
156 session_context.transport_security_state = &transport_security_state_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]157 session_context.ct_policy_enforcer = &ct_policy_enforcer_;
158 session_context.proxy_resolution_service = proxy_resolution_service_.get();
159 session_context.client_socket_factory = &socket_factory_;
160 session_context.ssl_config_service = ssl_config_service_.get();
161 session_context.http_auth_handler_factory =
162 http_auth_handler_factory_.get();
163 session_context.http_server_properties = &http_server_properties_;
Victor Vasiliev7752898d2019-11-14 21:30:22[diff] [blame]164 session_context.quic_context = &quic_context_;
Matt Menke30a878c2021-07-20 22:25:09[diff] [blame]165 return new HttpNetworkSession(HttpNetworkSessionParams(), session_context);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]166 }
167
168 protected:
169 MockClientSocketFactory socket_factory_;
Eric Orthbe86fee2021-10-28 22:31:11[diff] [blame^]170 MockHostResolver host_resolver_{/*default_result=*/MockHostResolverBase::
171 RuleResolver::GetLocalhostResult()};
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]172 MockCertVerifier cert_verifier_;
173 TransportSecurityState transport_security_state_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]174 DefaultCTPolicyEnforcer ct_policy_enforcer_;
Nicolas Arciniega8ec5bfa2020-03-20 05:07:26[diff] [blame]175 const std::unique_ptr<ProxyResolutionService> proxy_resolution_service_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]176 const std::unique_ptr<SSLConfigService> ssl_config_service_;
177 const std::unique_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
Matt Menke609160742019-08-02 18:47:26[diff] [blame]178 HttpServerProperties http_server_properties_;
Victor Vasiliev7752898d2019-11-14 21:30:22[diff] [blame]179 QuicContext quic_context_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]180 const std::unique_ptr<HttpNetworkSession> session_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]181
182 scoped_refptr<TransportSocketParams> direct_transport_socket_params_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]183
184 scoped_refptr<TransportSocketParams> proxy_transport_socket_params_;
185 scoped_refptr<SOCKSSocketParams> socks_socket_params_;
186 scoped_refptr<HttpProxySocketParams> http_proxy_socket_params_;
187
Matt Menkea6f99ad2019-03-08 02:26:43[diff] [blame]188 const CommonConnectJobParams common_connect_job_params_;
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]189};
190
191TEST_F(SSLConnectJobTest, TCPFail) {
192 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
193 SCOPED_TRACE(io_mode);
194 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
195 StaticSocketDataProvider data;
196 data.set_connect_data(MockConnect(io_mode, ERR_CONNECTION_FAILED));
197 socket_factory_.AddSocketDataProvider(&data);
198
199 TestConnectJobDelegate test_delegate;
200 std::unique_ptr<ConnectJob> ssl_connect_job =
201 CreateConnectJob(&test_delegate);
202 test_delegate.StartJobExpectingResult(
203 ssl_connect_job.get(), ERR_CONNECTION_FAILED, io_mode == SYNCHRONOUS);
204 EXPECT_FALSE(test_delegate.socket());
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]205 EXPECT_FALSE(ssl_connect_job->IsSSLError());
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]206 ConnectionAttempts connection_attempts =
207 ssl_connect_job->GetConnectionAttempts();
208 ASSERT_EQ(1u, connection_attempts.size());
209 EXPECT_THAT(connection_attempts[0].result,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]210 test::IsError(ERR_CONNECTION_FAILED));
211 }
212}
213
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]214TEST_F(SSLConnectJobTest, TCPTimeout) {
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]215 const base::TimeDelta kTinyTime = base::Microseconds(1);
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]216
217 // Make request hang.
218 host_resolver_.set_ondemand_mode(true);
219
220 TestConnectJobDelegate test_delegate;
221 std::unique_ptr<ConnectJob> ssl_connect_job =
222 CreateConnectJob(&test_delegate);
223 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
224
225 // Right up until just before the TCP connection timeout, the job does not
226 // time out.
227 FastForwardBy(TransportConnectJob::ConnectionTimeout() - kTinyTime);
228 EXPECT_FALSE(test_delegate.has_result());
229
230 // But at the exact time of TCP connection timeout, the job fails.
231 FastForwardBy(kTinyTime);
232 EXPECT_TRUE(test_delegate.has_result());
233 EXPECT_THAT(test_delegate.WaitForResult(), test::IsError(ERR_TIMED_OUT));
234}
235
236TEST_F(SSLConnectJobTest, SSLTimeoutSyncConnect) {
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]237 const base::TimeDelta kTinyTime = base::Microseconds(1);
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]238
239 // DNS lookup and transport connect complete synchronously, but SSL
240 // negotiation hangs.
241 host_resolver_.set_synchronous_mode(true);
242 StaticSocketDataProvider data;
243 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
244 socket_factory_.AddSocketDataProvider(&data);
245 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
246 socket_factory_.AddSSLSocketDataProvider(&ssl);
247
248 // Make request hang.
249 TestConnectJobDelegate test_delegate;
250 std::unique_ptr<ConnectJob> ssl_connect_job =
251 CreateConnectJob(&test_delegate);
252 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
253
254 // Right up until just before the SSL handshake timeout, the job does not time
255 // out.
256 FastForwardBy(SSLConnectJob::HandshakeTimeoutForTesting() - kTinyTime);
257 EXPECT_FALSE(test_delegate.has_result());
258
259 // But at the exact SSL handshake timeout time, the job fails.
260 FastForwardBy(kTinyTime);
261 EXPECT_TRUE(test_delegate.has_result());
262 EXPECT_THAT(test_delegate.WaitForResult(), test::IsError(ERR_TIMED_OUT));
263}
264
265TEST_F(SSLConnectJobTest, SSLTimeoutAsyncTcpConnect) {
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]266 const base::TimeDelta kTinyTime = base::Microseconds(1);
Matt Menke36eaf5c2019-04-02 16:15:52[diff] [blame]267
268 // DNS lookup is asynchronous, and later SSL negotiation hangs.
269 host_resolver_.set_ondemand_mode(true);
270 StaticSocketDataProvider data;
271 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
272 socket_factory_.AddSocketDataProvider(&data);
273 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
274 socket_factory_.AddSSLSocketDataProvider(&ssl);
275
276 TestConnectJobDelegate test_delegate;
277 std::unique_ptr<ConnectJob> ssl_connect_job =
278 CreateConnectJob(&test_delegate);
279 // Connecting should hand on the TransportConnectJob connect.
280 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
281
282 // Right up until just before the TCP connection timeout, the job does not
283 // time out.
284 FastForwardBy(TransportConnectJob::ConnectionTimeout() - kTinyTime);
285 EXPECT_FALSE(test_delegate.has_result());
286
287 // The DNS lookup completes, and a TCP connection is immediately establshed,
288 // which cancels the TCP connection timer. The SSL handshake timer is started,
289 // and the SSL handshake hangs.
290 host_resolver_.ResolveOnlyRequestNow();
291 EXPECT_FALSE(test_delegate.has_result());
292
293 // Right up until just before the SSL handshake timeout, the job does not time
294 // out.
295 FastForwardBy(SSLConnectJob::HandshakeTimeoutForTesting() - kTinyTime);
296 EXPECT_FALSE(test_delegate.has_result());
297
298 // But at the exact SSL handshake timeout time, the job fails.
299 FastForwardBy(kTinyTime);
300 EXPECT_TRUE(test_delegate.has_result());
301 EXPECT_THAT(test_delegate.WaitForResult(), test::IsError(ERR_TIMED_OUT));
302}
303
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]304TEST_F(SSLConnectJobTest, BasicDirectSync) {
305 host_resolver_.set_synchronous_mode(true);
306 StaticSocketDataProvider data;
307 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
308 socket_factory_.AddSocketDataProvider(&data);
309 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
310 socket_factory_.AddSSLSocketDataProvider(&ssl);
311
312 TestConnectJobDelegate test_delegate;
313 std::unique_ptr<ConnectJob> ssl_connect_job =
314 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
315
316 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
317 true /* expect_sync_result */);
318 EXPECT_EQ(MEDIUM, host_resolver_.last_request_priority());
319
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]320 ConnectionAttempts connection_attempts =
321 ssl_connect_job->GetConnectionAttempts();
322 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]323 CheckConnectTimesSet(ssl_connect_job->connect_timing());
324}
325
326TEST_F(SSLConnectJobTest, BasicDirectAsync) {
327 host_resolver_.set_ondemand_mode(true);
328 base::TimeTicks start_time = base::TimeTicks::Now();
329 StaticSocketDataProvider data;
330 data.set_connect_data(MockConnect(ASYNC, OK));
331 socket_factory_.AddSocketDataProvider(&data);
332 SSLSocketDataProvider ssl(ASYNC, OK);
333 socket_factory_.AddSSLSocketDataProvider(&ssl);
334
335 TestConnectJobDelegate test_delegate;
336 std::unique_ptr<ConnectJob> ssl_connect_job =
337 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
338 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
339 EXPECT_TRUE(host_resolver_.has_pending_requests());
340 EXPECT_EQ(MEDIUM, host_resolver_.last_request_priority());
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]341 FastForwardBy(base::Seconds(5));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]342
343 base::TimeTicks resolve_complete_time = base::TimeTicks::Now();
344 host_resolver_.ResolveAllPending();
345 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
346
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]347 ConnectionAttempts connection_attempts =
348 ssl_connect_job->GetConnectionAttempts();
349 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]350
351 // Check times. Since time is mocked out, all times will be the same, except
352 // |dns_start|, which is the only one recorded before the FastForwardBy()
353 // call. The test classes don't allow any other phases to be triggered on
354 // demand, or delayed by a set interval.
355 EXPECT_EQ(start_time, ssl_connect_job->connect_timing().dns_start);
356 EXPECT_EQ(resolve_complete_time, ssl_connect_job->connect_timing().dns_end);
357 EXPECT_EQ(resolve_complete_time,
358 ssl_connect_job->connect_timing().connect_start);
359 EXPECT_EQ(resolve_complete_time, ssl_connect_job->connect_timing().ssl_start);
360 EXPECT_EQ(resolve_complete_time, ssl_connect_job->connect_timing().ssl_end);
361 EXPECT_EQ(resolve_complete_time,
362 ssl_connect_job->connect_timing().connect_end);
363}
364
Matt Menke9d5e2c92019-02-05 01:42:23[diff] [blame]365TEST_F(SSLConnectJobTest, DirectHasEstablishedConnection) {
366 host_resolver_.set_ondemand_mode(true);
367 StaticSocketDataProvider data;
368 data.set_connect_data(MockConnect(ASYNC, OK));
369 socket_factory_.AddSocketDataProvider(&data);
370
371 // SSL negotiation hangs. Value returned after SSL negotiation is complete
372 // doesn't matter, as HasEstablishedConnection() may only be used between job
373 // start and job complete.
374 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
375 socket_factory_.AddSSLSocketDataProvider(&ssl);
376
377 TestConnectJobDelegate test_delegate;
378 std::unique_ptr<ConnectJob> ssl_connect_job =
379 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
380 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
381 EXPECT_TRUE(host_resolver_.has_pending_requests());
382 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
383 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
384
385 // DNS resolution completes, and then the ConnectJob tries to connect the
386 // socket, which should succeed asynchronously.
387 host_resolver_.ResolveNow(1);
388 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
389 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
390
391 // Spinning the message loop causes the socket to finish connecting. The SSL
392 // handshake should start and hang.
393 base::RunLoop().RunUntilIdle();
394 EXPECT_FALSE(test_delegate.has_result());
395 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
396 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
397}
398
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]399TEST_F(SSLConnectJobTest, RequestPriority) {
400 host_resolver_.set_ondemand_mode(true);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]401 for (int initial_priority = MINIMUM_PRIORITY;
402 initial_priority <= MAXIMUM_PRIORITY; ++initial_priority) {
403 SCOPED_TRACE(initial_priority);
404 for (int new_priority = MINIMUM_PRIORITY; new_priority <= MAXIMUM_PRIORITY;
405 ++new_priority) {
406 SCOPED_TRACE(new_priority);
407 if (initial_priority == new_priority)
408 continue;
409 TestConnectJobDelegate test_delegate;
410 std::unique_ptr<ConnectJob> ssl_connect_job =
411 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT,
412 static_cast<RequestPriority>(initial_priority));
413 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
414 EXPECT_TRUE(host_resolver_.has_pending_requests());
415 int request_id = host_resolver_.num_resolve();
416 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
417
418 ssl_connect_job->ChangePriority(
419 static_cast<RequestPriority>(new_priority));
420 EXPECT_EQ(new_priority, host_resolver_.request_priority(request_id));
421
422 ssl_connect_job->ChangePriority(
423 static_cast<RequestPriority>(initial_priority));
424 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]425 }
426 }
427}
428
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]429TEST_F(SSLConnectJobTest, SecureDnsPolicy) {
430 for (auto secure_dns_policy :
431 {SecureDnsPolicy::kAllow, SecureDnsPolicy::kDisable}) {
dalyk5f48a132019-10-14 15:20:19[diff] [blame]432 TestConnectJobDelegate test_delegate;
433 direct_transport_socket_params_ =
Matt Menkecd439232019-11-05 15:15:33[diff] [blame]434 base::MakeRefCounted<TransportSocketParams>(
Eric Orthc98a3e62021-07-02 17:46:37[diff] [blame]435 url::SchemeHostPort(url::kHttpsScheme, "host", 443),
436 NetworkIsolationKey(), secure_dns_policy,
Ben Schwartz3ff4dc1e62021-04-27 21:15:23[diff] [blame]437 OnHostResolutionCallback());
dalyk5f48a132019-10-14 15:20:19[diff] [blame]438 auto common_connect_job_params = session_->CreateCommonConnectJobParams();
439 std::unique_ptr<ConnectJob> ssl_connect_job =
440 std::make_unique<SSLConnectJob>(DEFAULT_PRIORITY, SocketTag(),
441 &common_connect_job_params,
442 SSLParams(ProxyServer::SCHEME_DIRECT),
443 &test_delegate, nullptr /* net_log */);
444
445 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
Ben Schwartz432ce032021-05-05 21:49:24[diff] [blame]446 EXPECT_EQ(secure_dns_policy, host_resolver_.last_secure_dns_policy());
dalyk5f48a132019-10-14 15:20:19[diff] [blame]447 }
448}
449
dalykedd30d982019-12-16 15:31:10[diff] [blame]450TEST_F(SSLConnectJobTest, DirectHostResolutionFailure) {
451 host_resolver_.rules()->AddSimulatedTimeoutFailure("host");
452
453 TestConnectJobDelegate test_delegate;
454 std::unique_ptr<ConnectJob> ssl_connect_job =
455 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT);
456 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
457 ERR_NAME_NOT_RESOLVED,
458 false /* expect_sync_result */);
459 EXPECT_THAT(ssl_connect_job->GetResolveErrorInfo().error,
460 test::IsError(ERR_DNS_TIMED_OUT));
461}
462
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]463TEST_F(SSLConnectJobTest, DirectCertError) {
464 StaticSocketDataProvider data;
465 socket_factory_.AddSocketDataProvider(&data);
466 SSLSocketDataProvider ssl(ASYNC, ERR_CERT_COMMON_NAME_INVALID);
467 socket_factory_.AddSSLSocketDataProvider(&ssl);
468
469 TestConnectJobDelegate test_delegate(
470 TestConnectJobDelegate::SocketExpected::ALWAYS);
471 std::unique_ptr<ConnectJob> ssl_connect_job =
472 CreateConnectJob(&test_delegate);
473
474 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
475 ERR_CERT_COMMON_NAME_INVALID,
476 false /* expect_sync_result */);
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]477 EXPECT_TRUE(ssl_connect_job->IsSSLError());
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]478 ConnectionAttempts connection_attempts =
479 ssl_connect_job->GetConnectionAttempts();
480 ASSERT_EQ(1u, connection_attempts.size());
481 EXPECT_THAT(connection_attempts[0].result,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]482 test::IsError(ERR_CERT_COMMON_NAME_INVALID));
483 CheckConnectTimesSet(ssl_connect_job->connect_timing());
484}
485
486TEST_F(SSLConnectJobTest, DirectSSLError) {
487 StaticSocketDataProvider data;
488 socket_factory_.AddSocketDataProvider(&data);
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]489 SSLSocketDataProvider ssl(ASYNC, ERR_BAD_SSL_CLIENT_AUTH_CERT);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]490 socket_factory_.AddSSLSocketDataProvider(&ssl);
491
492 TestConnectJobDelegate test_delegate;
493 std::unique_ptr<ConnectJob> ssl_connect_job =
494 CreateConnectJob(&test_delegate);
495
496 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]497 ERR_BAD_SSL_CLIENT_AUTH_CERT,
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]498 false /* expect_sync_result */);
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]499 ConnectionAttempts connection_attempts =
500 ssl_connect_job->GetConnectionAttempts();
501 ASSERT_EQ(1u, connection_attempts.size());
502 EXPECT_THAT(connection_attempts[0].result,
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]503 test::IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
504}
505
506// Test that the legacy crypto fallback is triggered on applicable error codes.
507TEST_F(SSLConnectJobTest, DirectLegacyCryptoFallback) {
508 for (Error error :
509 {ERR_CONNECTION_CLOSED, ERR_CONNECTION_RESET, ERR_SSL_PROTOCOL_ERROR,
510 ERR_SSL_VERSION_OR_CIPHER_MISMATCH}) {
511 SCOPED_TRACE(error);
512
513 for (bool second_attempt_ok : {true, false}) {
514 SCOPED_TRACE(second_attempt_ok);
515
516 StaticSocketDataProvider data;
517 socket_factory_.AddSocketDataProvider(&data);
518 SSLSocketDataProvider ssl(ASYNC, error);
519 socket_factory_.AddSSLSocketDataProvider(&ssl);
520 ssl.expected_disable_legacy_crypto = true;
521
522 Error error2 = second_attempt_ok ? OK : error;
523 StaticSocketDataProvider data2;
524 socket_factory_.AddSocketDataProvider(&data2);
525 SSLSocketDataProvider ssl2(ASYNC, error2);
526 socket_factory_.AddSSLSocketDataProvider(&ssl2);
527 ssl2.expected_disable_legacy_crypto = false;
528
529 TestConnectJobDelegate test_delegate;
530 std::unique_ptr<ConnectJob> ssl_connect_job =
531 CreateConnectJob(&test_delegate);
532
533 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), error2,
534 /*expect_sync_result=*/false);
535 ConnectionAttempts connection_attempts =
536 ssl_connect_job->GetConnectionAttempts();
537 if (second_attempt_ok) {
538 ASSERT_EQ(1u, connection_attempts.size());
539 EXPECT_THAT(connection_attempts[0].result, test::IsError(error));
540 } else {
541 ASSERT_EQ(2u, connection_attempts.size());
542 EXPECT_THAT(connection_attempts[0].result, test::IsError(error));
543 EXPECT_THAT(connection_attempts[1].result, test::IsError(error));
544 }
545 }
546 }
547}
548
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]549TEST_F(SSLConnectJobTest, LegacyCryptoFallbackHistograms) {
550 base::FilePath certs_dir = GetTestCertsDirectory();
551
552 scoped_refptr<X509Certificate> sha1_leaf =
553 ImportCertFromFile(certs_dir, "sha1_leaf.pem");
554 ASSERT_TRUE(sha1_leaf);
555
556 scoped_refptr<X509Certificate> ok_cert =
557 ImportCertFromFile(certs_dir, "ok_cert.pem");
558 ASSERT_TRUE(ok_cert);
559
560 // Make a copy of |ok_cert| with an unused |sha1_leaf| in the intermediate
561 // list.
562 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates;
563 for (const auto& cert : ok_cert->intermediate_buffers()) {
564 intermediates.push_back(bssl::UpRef(cert));
565 }
566 intermediates.push_back(bssl::UpRef(sha1_leaf->cert_buffer()));
567 scoped_refptr<X509Certificate> ok_with_unused_sha1 =
568 X509Certificate::CreateFromBuffer(bssl::UpRef(ok_cert->cert_buffer()),
569 std::move(intermediates));
570 ASSERT_TRUE(ok_with_unused_sha1);
571
572 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
573 const uint16_t kModernCipher = 0xc02f;
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]574
575 struct HistogramTest {
576 SSLLegacyCryptoFallback expected;
577 Error first_attempt;
578 uint16_t cipher_suite;
579 uint16_t peer_signature_algorithm;
580 scoped_refptr<X509Certificate> unverified_cert;
581 };
582
583 const HistogramTest kHistogramTests[] = {
584 // Connections not using the fallback map to kNoFallback.
585 {SSLLegacyCryptoFallback::kNoFallback, OK, kModernCipher,
586 SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_cert},
587 {SSLLegacyCryptoFallback::kNoFallback, OK, kModernCipher,
588 SSL_SIGN_RSA_PSS_RSAE_SHA256, sha1_leaf},
589 {SSLLegacyCryptoFallback::kNoFallback, OK, kModernCipher,
590 SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_with_unused_sha1},
591
David Benjamin07a07d652020-02-26 22:26:59[diff] [blame]592 // Connections using SHA-1 map to kUsedSHA1 or kSentSHA1CertAndUsedSHA1.
593 {SSLLegacyCryptoFallback::kUsedSHA1, ERR_SSL_PROTOCOL_ERROR,
594 kModernCipher, SSL_SIGN_RSA_PKCS1_SHA1, ok_cert},
595 {SSLLegacyCryptoFallback::kSentSHA1CertAndUsedSHA1,
596 ERR_SSL_PROTOCOL_ERROR, kModernCipher, SSL_SIGN_RSA_PKCS1_SHA1,
597 sha1_leaf},
598 {SSLLegacyCryptoFallback::kSentSHA1CertAndUsedSHA1,
599 ERR_SSL_PROTOCOL_ERROR, kModernCipher, SSL_SIGN_RSA_PKCS1_SHA1,
600 ok_with_unused_sha1},
601
602 // Connections using neither map to kUnknownReason or kSentSHA1Cert.
603 {SSLLegacyCryptoFallback::kUnknownReason, ERR_SSL_PROTOCOL_ERROR,
604 kModernCipher, SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_cert},
605 {SSLLegacyCryptoFallback::kSentSHA1Cert, ERR_SSL_PROTOCOL_ERROR,
606 kModernCipher, SSL_SIGN_RSA_PSS_RSAE_SHA256, sha1_leaf},
607 {SSLLegacyCryptoFallback::kSentSHA1Cert, ERR_SSL_PROTOCOL_ERROR,
608 kModernCipher, SSL_SIGN_RSA_PSS_RSAE_SHA256, ok_with_unused_sha1},
609 };
610 for (size_t i = 0; i < base::size(kHistogramTests); i++) {
611 SCOPED_TRACE(i);
612 const auto& test = kHistogramTests[i];
613
614 base::HistogramTester tester;
615
616 SSLInfo ssl_info;
617 SSLConnectionStatusSetVersion(SSL_CONNECTION_VERSION_TLS1_2,
618 &ssl_info.connection_status);
619 SSLConnectionStatusSetCipherSuite(test.cipher_suite,
620 &ssl_info.connection_status);
621 ssl_info.peer_signature_algorithm = test.peer_signature_algorithm;
622 ssl_info.unverified_cert = test.unverified_cert;
623
624 StaticSocketDataProvider data;
625 socket_factory_.AddSocketDataProvider(&data);
626 SSLSocketDataProvider ssl(ASYNC, test.first_attempt);
627 socket_factory_.AddSSLSocketDataProvider(&ssl);
628 ssl.expected_disable_legacy_crypto = true;
629
630 StaticSocketDataProvider data2;
631 SSLSocketDataProvider ssl2(ASYNC, OK);
632 if (test.first_attempt != OK) {
633 socket_factory_.AddSocketDataProvider(&data2);
634 socket_factory_.AddSSLSocketDataProvider(&ssl2);
635 ssl2.ssl_info = ssl_info;
636 ssl2.expected_disable_legacy_crypto = false;
637 } else {
638 ssl.ssl_info = ssl_info;
639 }
640
641 TestConnectJobDelegate test_delegate;
642 std::unique_ptr<ConnectJob> ssl_connect_job =
643 CreateConnectJob(&test_delegate);
644
645 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
646 /*expect_sync_result=*/false);
647
648 tester.ExpectUniqueSample("Net.SSLLegacyCryptoFallback", test.expected, 1);
649 }
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]650}
651
652TEST_F(SSLConnectJobTest, DirectWithNPN) {
653 StaticSocketDataProvider data;
654 socket_factory_.AddSocketDataProvider(&data);
655 SSLSocketDataProvider ssl(ASYNC, OK);
656 ssl.next_proto = kProtoHTTP11;
657 socket_factory_.AddSSLSocketDataProvider(&ssl);
658
659 TestConnectJobDelegate test_delegate;
660 std::unique_ptr<ConnectJob> ssl_connect_job =
661 CreateConnectJob(&test_delegate);
662
663 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
664 false /* expect_sync_result */);
665 EXPECT_TRUE(test_delegate.socket()->WasAlpnNegotiated());
666 CheckConnectTimesSet(ssl_connect_job->connect_timing());
667}
668
669TEST_F(SSLConnectJobTest, DirectGotHTTP2) {
670 StaticSocketDataProvider data;
671 socket_factory_.AddSocketDataProvider(&data);
672 SSLSocketDataProvider ssl(ASYNC, OK);
673 ssl.next_proto = kProtoHTTP2;
674 socket_factory_.AddSSLSocketDataProvider(&ssl);
675
676 TestConnectJobDelegate test_delegate;
677 std::unique_ptr<ConnectJob> ssl_connect_job =
678 CreateConnectJob(&test_delegate);
679
680 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
681 false /* expect_sync_result */);
682 EXPECT_TRUE(test_delegate.socket()->WasAlpnNegotiated());
683 EXPECT_EQ(kProtoHTTP2, test_delegate.socket()->GetNegotiatedProtocol());
684 CheckConnectTimesSet(ssl_connect_job->connect_timing());
685}
686
687TEST_F(SSLConnectJobTest, SOCKSFail) {
688 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
689 SCOPED_TRACE(io_mode);
690 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
691 StaticSocketDataProvider data;
692 data.set_connect_data(MockConnect(io_mode, ERR_CONNECTION_FAILED));
693 socket_factory_.AddSocketDataProvider(&data);
694
695 TestConnectJobDelegate test_delegate;
696 std::unique_ptr<ConnectJob> ssl_connect_job =
697 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
698 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
699 ERR_PROXY_CONNECTION_FAILED,
700 io_mode == SYNCHRONOUS);
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]701 EXPECT_FALSE(ssl_connect_job->IsSSLError());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]702
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]703 ConnectionAttempts connection_attempts =
704 ssl_connect_job->GetConnectionAttempts();
705 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]706 }
707}
708
dalykedd30d982019-12-16 15:31:10[diff] [blame]709TEST_F(SSLConnectJobTest, SOCKSHostResolutionFailure) {
710 host_resolver_.rules()->AddSimulatedTimeoutFailure("proxy");
711
712 TestConnectJobDelegate test_delegate;
713 std::unique_ptr<ConnectJob> ssl_connect_job =
714 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
715 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
716 ERR_PROXY_CONNECTION_FAILED,
717 false /* expect_sync_result */);
718 EXPECT_THAT(ssl_connect_job->GetResolveErrorInfo().error,
719 test::IsError(ERR_DNS_TIMED_OUT));
720}
721
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]722TEST_F(SSLConnectJobTest, SOCKSBasic) {
723 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
724 SCOPED_TRACE(io_mode);
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]725 const uint8_t kSOCKS5Request[] = {0x05, 0x01, 0x00, 0x03, 0x09, 's',
726 'o', 'c', 'k', 's', 'h', 'o',
727 's', 't', 0x01, 0xBB};
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]728
729 MockWrite writes[] = {
730 MockWrite(io_mode, kSOCKS5GreetRequest, kSOCKS5GreetRequestLength),
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]731 MockWrite(io_mode, reinterpret_cast<const char*>(kSOCKS5Request),
732 base::size(kSOCKS5Request)),
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]733 };
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]734
735 MockRead reads[] = {
736 MockRead(io_mode, kSOCKS5GreetResponse, kSOCKS5GreetResponseLength),
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]737 MockRead(io_mode, kSOCKS5OkResponse, kSOCKS5OkResponseLength),
738 };
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]739
740 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
741 StaticSocketDataProvider data(reads, writes);
742 data.set_connect_data(MockConnect(io_mode, OK));
743 socket_factory_.AddSocketDataProvider(&data);
744 SSLSocketDataProvider ssl(io_mode, OK);
745 socket_factory_.AddSSLSocketDataProvider(&ssl);
746
747 TestConnectJobDelegate test_delegate;
748 std::unique_ptr<ConnectJob> ssl_connect_job =
749 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
750 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
751 io_mode == SYNCHRONOUS);
752 CheckConnectTimesExceptDnsSet(ssl_connect_job->connect_timing());
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]753
754 // Proxies should not set any DNS aliases.
755 EXPECT_TRUE(test_delegate.socket()->GetDnsAliases().empty());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]756 }
757}
758
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]759TEST_F(SSLConnectJobTest, SOCKSHasEstablishedConnection) {
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]760 const uint8_t kSOCKS5Request[] = {0x05, 0x01, 0x00, 0x03, 0x09, 's',
761 'o', 'c', 'k', 's', 'h', 'o',
762 's', 't', 0x01, 0xBB};
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]763
764 MockWrite writes[] = {
765 MockWrite(SYNCHRONOUS, kSOCKS5GreetRequest, kSOCKS5GreetRequestLength, 0),
Peter Kasting0ff39d42021-06-14 13:26:06[diff] [blame]766 MockWrite(SYNCHRONOUS, reinterpret_cast<const char*>(kSOCKS5Request),
767 base::size(kSOCKS5Request), 3),
Matt Menke628d624f2019-02-09 00:40:24[diff] [blame]768 };
769
770 MockRead reads[] = {
771 // Pause so can probe current state.
772 MockRead(ASYNC, ERR_IO_PENDING, 1),
773 MockRead(ASYNC, kSOCKS5GreetResponse, kSOCKS5GreetResponseLength, 2),
774 MockRead(SYNCHRONOUS, kSOCKS5OkResponse, kSOCKS5OkResponseLength, 4),
775 };
776
777 host_resolver_.set_ondemand_mode(true);
778 SequencedSocketData data(reads, writes);
779 data.set_connect_data(MockConnect(ASYNC, OK));
780 socket_factory_.AddSocketDataProvider(&data);
781
782 // SSL negotiation hangs. Value returned after SSL negotiation is complete
783 // doesn't matter, as HasEstablishedConnection() may only be used between job
784 // start and job complete.
785 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
786 socket_factory_.AddSSLSocketDataProvider(&ssl);
787
788 TestConnectJobDelegate test_delegate;
789 std::unique_ptr<ConnectJob> ssl_connect_job =
790 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5);
791 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
792 EXPECT_TRUE(host_resolver_.has_pending_requests());
793 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
794 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
795
796 // DNS resolution completes, and then the ConnectJob tries to connect the
797 // socket, which should succeed asynchronously.
798 host_resolver_.ResolveNow(1);
799 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
800 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
801
802 // Spin the message loop until the first read of the handshake.
803 // HasEstablishedConnection() should return true, as a TCP connection has been
804 // successfully established by this point.
805 data.RunUntilPaused();
806 EXPECT_FALSE(test_delegate.has_result());
807 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
808 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
809
810 // Finish up the handshake, and spin the message loop until the SSL handshake
811 // starts and hang.
812 data.Resume();
813 base::RunLoop().RunUntilIdle();
814 EXPECT_FALSE(test_delegate.has_result());
815 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
816 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
817}
818
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]819TEST_F(SSLConnectJobTest, SOCKSRequestPriority) {
820 host_resolver_.set_ondemand_mode(true);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]821 for (int initial_priority = MINIMUM_PRIORITY;
822 initial_priority <= MAXIMUM_PRIORITY; ++initial_priority) {
823 SCOPED_TRACE(initial_priority);
824 for (int new_priority = MINIMUM_PRIORITY; new_priority <= MAXIMUM_PRIORITY;
825 ++new_priority) {
826 SCOPED_TRACE(new_priority);
827 if (initial_priority == new_priority)
828 continue;
829 TestConnectJobDelegate test_delegate;
830 std::unique_ptr<ConnectJob> ssl_connect_job =
831 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_SOCKS5,
832 static_cast<RequestPriority>(initial_priority));
833 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
834 EXPECT_TRUE(host_resolver_.has_pending_requests());
835 int request_id = host_resolver_.num_resolve();
836 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
837
838 ssl_connect_job->ChangePriority(
839 static_cast<RequestPriority>(new_priority));
840 EXPECT_EQ(new_priority, host_resolver_.request_priority(request_id));
841
842 ssl_connect_job->ChangePriority(
843 static_cast<RequestPriority>(initial_priority));
844 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]845 }
846 }
847}
848
849TEST_F(SSLConnectJobTest, HttpProxyFail) {
850 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
851 SCOPED_TRACE(io_mode);
852 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
853 StaticSocketDataProvider data;
854 data.set_connect_data(MockConnect(io_mode, ERR_CONNECTION_FAILED));
855 socket_factory_.AddSocketDataProvider(&data);
856
857 TestConnectJobDelegate test_delegate;
858 std::unique_ptr<ConnectJob> ssl_connect_job =
859 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
860 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
861 ERR_PROXY_CONNECTION_FAILED,
862 io_mode == SYNCHRONOUS);
863
Matt Menke6f84d1f12019-04-11 19:26:47[diff] [blame]864 EXPECT_FALSE(ssl_connect_job->IsSSLError());
Matt Menke6030ed9f2019-04-11 20:25:55[diff] [blame]865 ConnectionAttempts connection_attempts =
866 ssl_connect_job->GetConnectionAttempts();
867 EXPECT_EQ(0u, connection_attempts.size());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]868 }
869}
870
dalykedd30d982019-12-16 15:31:10[diff] [blame]871TEST_F(SSLConnectJobTest, HttpProxyHostResolutionFailure) {
872 host_resolver_.rules()->AddSimulatedTimeoutFailure("proxy");
873
874 TestConnectJobDelegate test_delegate;
875 std::unique_ptr<ConnectJob> ssl_connect_job =
876 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
877 test_delegate.StartJobExpectingResult(ssl_connect_job.get(),
878 ERR_PROXY_CONNECTION_FAILED,
879 false /* expect_sync_result */);
880 EXPECT_THAT(ssl_connect_job->GetResolveErrorInfo().error,
881 test::IsError(ERR_DNS_TIMED_OUT));
882}
883
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]884TEST_F(SSLConnectJobTest, HttpProxyAuthChallenge) {
885 MockWrite writes[] = {
886 MockWrite(ASYNC, 0,
887 "CONNECT host:80 HTTP/1.1\r\n"
888 "Host: host:80\r\n"
889 "Proxy-Connection: keep-alive\r\n\r\n"),
890 MockWrite(ASYNC, 5,
891 "CONNECT host:80 HTTP/1.1\r\n"
892 "Host: host:80\r\n"
893 "Proxy-Connection: keep-alive\r\n"
894 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
895 };
896 MockRead reads[] = {
897 MockRead(ASYNC, 1, "HTTP/1.1 407 Proxy Authentication Required\r\n"),
898 MockRead(ASYNC, 2, "Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"),
899 MockRead(ASYNC, 3, "Content-Length: 10\r\n\r\n"),
900 MockRead(ASYNC, 4, "0123456789"),
901 MockRead(ASYNC, 6, "HTTP/1.1 200 Connection Established\r\n\r\n"),
902 };
903 StaticSocketDataProvider data(reads, writes);
904 socket_factory_.AddSocketDataProvider(&data);
905 SSLSocketDataProvider ssl(ASYNC, OK);
906 socket_factory_.AddSSLSocketDataProvider(&ssl);
907
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]908 TestConnectJobDelegate test_delegate;
909 std::unique_ptr<ConnectJob> ssl_connect_job =
910 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
911 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
912 test_delegate.WaitForAuthChallenge(1);
913
914 EXPECT_EQ(407, test_delegate.auth_response_info().headers->response_code());
915 std::string proxy_authenticate;
916 ASSERT_TRUE(test_delegate.auth_response_info().headers->EnumerateHeader(
917 nullptr, "Proxy-Authenticate", &proxy_authenticate));
918 EXPECT_EQ(proxy_authenticate, "Basic realm=\"MyRealm1\"");
919
920 // While waiting for auth credentials to be provided, the Job should not time
921 // out.
Peter Kastinge5a38ed2021-10-02 03:06:35[diff] [blame]922 FastForwardBy(base::Days(1));
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]923 test_delegate.WaitForAuthChallenge(1);
924 EXPECT_FALSE(test_delegate.has_result());
925
926 // Respond to challenge.
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]927 test_delegate.auth_controller()->ResetAuth(AuthCredentials(u"foo", u"bar"));
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]928 test_delegate.RunAuthCallback();
929
930 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]931
932 // Proxies should not set any DNS aliases.
933 EXPECT_TRUE(test_delegate.socket()->GetDnsAliases().empty());
Matt Menkeb57663b32019-03-01 17:17:10[diff] [blame]934}
935
936TEST_F(SSLConnectJobTest, HttpProxyAuthWithCachedCredentials) {
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]937 for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
938 SCOPED_TRACE(io_mode);
939 host_resolver_.set_synchronous_mode(io_mode == SYNCHRONOUS);
940 MockWrite writes[] = {
941 MockWrite(io_mode,
942 "CONNECT host:80 HTTP/1.1\r\n"
943 "Host: host:80\r\n"
944 "Proxy-Connection: keep-alive\r\n"
945 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
946 };
947 MockRead reads[] = {
948 MockRead(io_mode, "HTTP/1.1 200 Connection Established\r\n\r\n"),
949 };
950 StaticSocketDataProvider data(reads, writes);
951 data.set_connect_data(MockConnect(io_mode, OK));
952 socket_factory_.AddSocketDataProvider(&data);
953 AddAuthToCache();
954 SSLSocketDataProvider ssl(io_mode, OK);
955 socket_factory_.AddSSLSocketDataProvider(&ssl);
956
957 TestConnectJobDelegate test_delegate;
958 std::unique_ptr<ConnectJob> ssl_connect_job =
959 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
960 test_delegate.StartJobExpectingResult(ssl_connect_job.get(), OK,
961 io_mode == SYNCHRONOUS);
962 CheckConnectTimesExceptDnsSet(ssl_connect_job->connect_timing());
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]963 EXPECT_TRUE(test_delegate.socket()->GetDnsAliases().empty());
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]964 }
965}
966
967TEST_F(SSLConnectJobTest, HttpProxyRequestPriority) {
968 host_resolver_.set_ondemand_mode(true);
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]969 for (int initial_priority = MINIMUM_PRIORITY;
970 initial_priority <= MAXIMUM_PRIORITY; ++initial_priority) {
971 SCOPED_TRACE(initial_priority);
972 for (int new_priority = MINIMUM_PRIORITY; new_priority <= MAXIMUM_PRIORITY;
973 ++new_priority) {
974 SCOPED_TRACE(new_priority);
975 if (initial_priority == new_priority)
976 continue;
977 TestConnectJobDelegate test_delegate;
978 std::unique_ptr<ConnectJob> ssl_connect_job =
979 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP,
980 static_cast<RequestPriority>(initial_priority));
981 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
982 EXPECT_TRUE(host_resolver_.has_pending_requests());
983 int request_id = host_resolver_.num_resolve();
984 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
985
986 ssl_connect_job->ChangePriority(
987 static_cast<RequestPriority>(new_priority));
988 EXPECT_EQ(new_priority, host_resolver_.request_priority(request_id));
989
990 ssl_connect_job->ChangePriority(
991 static_cast<RequestPriority>(initial_priority));
992 EXPECT_EQ(initial_priority, host_resolver_.request_priority(request_id));
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]993 }
994 }
995}
996
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]997TEST_F(SSLConnectJobTest, HttpProxyAuthHasEstablishedConnection) {
998 host_resolver_.set_ondemand_mode(true);
999 MockWrite writes[] = {
1000 MockWrite(ASYNC, 0,
1001 "CONNECT host:80 HTTP/1.1\r\n"
1002 "Host: host:80\r\n"
1003 "Proxy-Connection: keep-alive\r\n\r\n"),
1004 MockWrite(ASYNC, 3,
1005 "CONNECT host:80 HTTP/1.1\r\n"
1006 "Host: host:80\r\n"
1007 "Proxy-Connection: keep-alive\r\n"
1008 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
1009 };
1010 MockRead reads[] = {
1011 // Pause reading.
1012 MockRead(ASYNC, ERR_IO_PENDING, 1),
1013 MockRead(ASYNC, 2,
1014 "HTTP/1.1 407 Proxy Authentication Required\r\n"
1015 "Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"
1016 "Content-Length: 0\r\n\r\n"),
1017 // Pause reading.
1018 MockRead(ASYNC, ERR_IO_PENDING, 4),
1019 MockRead(ASYNC, 5, "HTTP/1.1 200 Connection Established\r\n\r\n"),
1020 };
1021 SequencedSocketData data(reads, writes);
1022 socket_factory_.AddSocketDataProvider(&data);
1023 SSLSocketDataProvider ssl(ASYNC, OK);
1024 socket_factory_.AddSSLSocketDataProvider(&ssl);
1025
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1026 TestConnectJobDelegate test_delegate;
1027 std::unique_ptr<ConnectJob> ssl_connect_job =
1028 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
1029 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1030 EXPECT_TRUE(host_resolver_.has_pending_requests());
1031 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
1032 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1033
1034 // DNS resolution completes, and then the ConnectJob tries to connect the
1035 // socket, which should succeed asynchronously.
1036 host_resolver_.ResolveOnlyRequestNow();
1037 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
1038 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1039
1040 // Spinning the message loop causes the connection to be established and the
1041 // nested HttpProxyConnectJob to start establishing a tunnel.
1042 base::RunLoop().RunUntilIdle();
1043 EXPECT_FALSE(test_delegate.has_result());
1044 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1045 ssl_connect_job->GetLoadState());
1046 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1047
1048 // Receive the auth challenge.
1049 data.Resume();
1050 test_delegate.WaitForAuthChallenge(1);
1051 EXPECT_FALSE(test_delegate.has_result());
1052 EXPECT_EQ(LOAD_STATE_IDLE, ssl_connect_job->GetLoadState());
1053 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1054
1055 // Respond to challenge.
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]1056 test_delegate.auth_controller()->ResetAuth(AuthCredentials(u"foo", u"bar"));
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1057 test_delegate.RunAuthCallback();
1058 EXPECT_FALSE(test_delegate.has_result());
1059 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1060 ssl_connect_job->GetLoadState());
1061 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1062
1063 // Run until the next read pauses.
1064 base::RunLoop().RunUntilIdle();
1065 EXPECT_FALSE(test_delegate.has_result());
1066 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1067 ssl_connect_job->GetLoadState());
1068 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1069
1070 // Receive the connection established response, at which point SSL negotiation
1071 // finally starts.
1072 data.Resume();
1073 EXPECT_FALSE(test_delegate.has_result());
1074 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
1075 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1076
1077 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
1078}
1079
1080TEST_F(SSLConnectJobTest,
1081 HttpProxyAuthHasEstablishedConnectionWithProxyConnectionClose) {
1082 host_resolver_.set_ondemand_mode(true);
1083 MockWrite writes1[] = {
1084 MockWrite(ASYNC, 0,
1085 "CONNECT host:80 HTTP/1.1\r\n"
1086 "Host: host:80\r\n"
1087 "Proxy-Connection: keep-alive\r\n\r\n"),
1088 };
1089 MockRead reads1[] = {
1090 // Pause reading.
1091 MockRead(ASYNC, ERR_IO_PENDING, 1),
1092 MockRead(ASYNC, 2,
1093 "HTTP/1.1 407 Proxy Authentication Required\r\n"
1094 "Proxy-Connection: Close\r\n"
1095 "Proxy-Authenticate: Basic realm=\"MyRealm1\"\r\n"
1096 "Content-Length: 0\r\n\r\n"),
1097 };
1098 SequencedSocketData data1(reads1, writes1);
1099 socket_factory_.AddSocketDataProvider(&data1);
1100
1101 MockWrite writes2[] = {
1102 MockWrite(ASYNC, 0,
1103 "CONNECT host:80 HTTP/1.1\r\n"
1104 "Host: host:80\r\n"
1105 "Proxy-Connection: keep-alive\r\n"
1106 "Proxy-Authorization: Basic Zm9vOmJhcg==\r\n\r\n"),
1107 };
1108 MockRead reads2[] = {
1109 // Pause reading.
1110 MockRead(ASYNC, ERR_IO_PENDING, 1),
1111 MockRead(ASYNC, 2, "HTTP/1.1 200 Connection Established\r\n\r\n"),
1112 };
1113 SequencedSocketData data2(reads2, writes2);
1114 socket_factory_.AddSocketDataProvider(&data2);
1115 SSLSocketDataProvider ssl(ASYNC, OK);
1116 socket_factory_.AddSSLSocketDataProvider(&ssl);
1117
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1118 TestConnectJobDelegate test_delegate;
1119 std::unique_ptr<ConnectJob> ssl_connect_job =
1120 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_HTTP);
1121 ASSERT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1122 EXPECT_TRUE(host_resolver_.has_pending_requests());
1123 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
1124 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1125
1126 // DNS resolution completes, and then the ConnectJob tries to connect the
1127 // socket, which should succeed asynchronously.
1128 host_resolver_.ResolveOnlyRequestNow();
1129 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
1130 EXPECT_FALSE(ssl_connect_job->HasEstablishedConnection());
1131
1132 // Spinning the message loop causes the connection to be established and the
1133 // nested HttpProxyConnectJob to start establishing a tunnel.
1134 base::RunLoop().RunUntilIdle();
1135 EXPECT_FALSE(test_delegate.has_result());
1136 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1137 ssl_connect_job->GetLoadState());
1138 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1139
1140 // Receive the auth challenge.
1141 data1.Resume();
1142 test_delegate.WaitForAuthChallenge(1);
1143 EXPECT_FALSE(test_delegate.has_result());
1144 EXPECT_EQ(LOAD_STATE_IDLE, ssl_connect_job->GetLoadState());
1145 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1146
1147 // Respond to challenge.
Jan Wilken Dörriec92a6d7242021-03-23 17:43:48[diff] [blame]1148 test_delegate.auth_controller()->ResetAuth(AuthCredentials(u"foo", u"bar"));
Matt Menkeaade5812019-03-02 13:38:00[diff] [blame]1149 test_delegate.RunAuthCallback();
1150 EXPECT_FALSE(test_delegate.has_result());
1151 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1152 ssl_connect_job->GetLoadState());
1153 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1154
1155 // Run until the next DNS lookup.
1156 base::RunLoop().RunUntilIdle();
1157 EXPECT_TRUE(host_resolver_.has_pending_requests());
1158 EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, ssl_connect_job->GetLoadState());
1159 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1160
1161 // DNS resolution completes, and then the ConnectJob tries to connect the
1162 // socket, which should succeed asynchronously.
1163 host_resolver_.ResolveOnlyRequestNow();
1164 EXPECT_EQ(LOAD_STATE_CONNECTING, ssl_connect_job->GetLoadState());
1165 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1166
1167 // Spinning the message loop causes the connection to be established and the
1168 // nested HttpProxyConnectJob to start establishing a tunnel.
1169 base::RunLoop().RunUntilIdle();
1170 EXPECT_FALSE(test_delegate.has_result());
1171 EXPECT_EQ(LOAD_STATE_ESTABLISHING_PROXY_TUNNEL,
1172 ssl_connect_job->GetLoadState());
1173 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1174
1175 // Receive the connection established response, at which point SSL negotiation
1176 // finally starts.
1177 data2.Resume();
1178 EXPECT_FALSE(test_delegate.has_result());
1179 EXPECT_EQ(LOAD_STATE_SSL_HANDSHAKE, ssl_connect_job->GetLoadState());
1180 EXPECT_TRUE(ssl_connect_job->HasEstablishedConnection());
1181
1182 EXPECT_THAT(test_delegate.WaitForResult(), test::IsOk());
1183}
1184
Cammie Smith Barnesaa2a8b52020-12-17 19:33:19[diff] [blame]1185TEST_F(SSLConnectJobTest, DnsAliases) {
1186 host_resolver_.set_synchronous_mode(true);
1187
1188 // Resolve an AddressList with DNS aliases.
1189 std::vector<std::string> aliases({"alias1", "alias2", "host"});
1190 host_resolver_.rules()->AddIPLiteralRuleWithDnsAliases("host", "2.2.2.2",
1191 std::move(aliases));
1192 StaticSocketDataProvider data;
1193 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
1194 socket_factory_.AddSocketDataProvider(&data);
1195 SSLSocketDataProvider ssl(ASYNC, OK);
1196 socket_factory_.AddSSLSocketDataProvider(&ssl);
1197 TestConnectJobDelegate test_delegate;
1198
1199 std::unique_ptr<ConnectJob> ssl_connect_job =
1200 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
1201
1202 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1203
1204 base::RunLoop().RunUntilIdle();
1205
1206 // Verify that the elements of the alias list are those from the
1207 // parameter vector.
1208 EXPECT_THAT(test_delegate.socket()->GetDnsAliases(),
1209 testing::ElementsAre("alias1", "alias2", "host"));
1210}
1211
1212TEST_F(SSLConnectJobTest, NoAdditionalDnsAliases) {
1213 host_resolver_.set_synchronous_mode(true);
1214
1215 // Resolve an AddressList without additional DNS aliases. (The parameter
1216 // is an empty vector.)
1217 std::vector<std::string> aliases;
1218 host_resolver_.rules()->AddIPLiteralRuleWithDnsAliases("host", "2.2.2.2",
1219 std::move(aliases));
1220 StaticSocketDataProvider data;
1221 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
1222 socket_factory_.AddSocketDataProvider(&data);
1223 SSLSocketDataProvider ssl(ASYNC, OK);
1224 socket_factory_.AddSSLSocketDataProvider(&ssl);
1225 TestConnectJobDelegate test_delegate;
1226
1227 std::unique_ptr<ConnectJob> ssl_connect_job =
1228 CreateConnectJob(&test_delegate, ProxyServer::SCHEME_DIRECT, MEDIUM);
1229
1230 EXPECT_THAT(ssl_connect_job->Connect(), test::IsError(ERR_IO_PENDING));
1231
1232 base::RunLoop().RunUntilIdle();
1233
1234 // Verify that the alias list only contains "host".
1235 EXPECT_THAT(test_delegate.socket()->GetDnsAliases(),
1236 testing::ElementsAre("host"));
1237}
1238
Matt Menke7b5051072019-01-27 21:22:49[diff] [blame]1239} // namespace
1240} // namespace net