1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/ssl_client_socket.h"
6
7 #include <errno.h>
8 #include <string.h>
9
10 #include <algorithm>
11 #include <memory>
12 #include <tuple>
13 #include <utility>
14
15 #include "base/files/file_util.h"
16 #include "base/functional/bind.h"
17 #include "base/functional/callback_helpers.h"
18 #include "base/location.h"
19 #include "base/memory/raw_ptr.h"
20 #include "base/memory/ref_counted.h"
21 #include "base/run_loop.h"
22 #include "base/strings/string_number_conversions.h"
23 #include "base/strings/string_piece.h"
24 #include "base/strings/stringprintf.h"
25 #include "base/synchronization/lock.h"
26 #include "base/task/single_thread_task_runner.h"
27 #include "base/test/bind.h"
28 #include "base/test/metrics/histogram_tester.h"
29 #include "base/test/scoped_feature_list.h"
30 #include "base/time/time.h"
31 #include "base/values.h"
32 #include "build/build_config.h"
33 #include "crypto/rsa_private_key.h"
34 #include "net/base/address_list.h"
35 #include "net/base/completion_once_callback.h"
36 #include "net/base/features.h"
37 #include "net/base/io_buffer.h"
38 #include "net/base/ip_address.h"
39 #include "net/base/ip_endpoint.h"
40 #include "net/base/net_errors.h"
41 #include "net/base/network_anonymization_key.h"
42 #include "net/base/schemeful_site.h"
43 #include "net/base/test_completion_callback.h"
44 #include "net/cert/asn1_util.h"
45 #include "net/cert/cert_and_ct_verifier.h"
46 #include "net/cert/ct_policy_enforcer.h"
47 #include "net/cert/ct_policy_status.h"
48 #include "net/cert/ct_verifier.h"
49 #include "net/cert/do_nothing_ct_verifier.h"
50 #include "net/cert/mock_cert_verifier.h"
51 #include "net/cert/mock_client_cert_verifier.h"
52 #include "net/cert/sct_auditing_delegate.h"
53 #include "net/cert/signed_certificate_timestamp_and_status.h"
54 #include "net/cert/test_root_certs.h"
55 #include "net/cert/x509_util.h"
56 #include "net/der/input.h"
57 #include "net/der/parser.h"
58 #include "net/der/tag.h"
59 #include "net/dns/host_resolver.h"
60 #include "net/http/transport_security_state.h"
61 #include "net/http/transport_security_state_test_util.h"
62 #include "net/log/net_log_event_type.h"
63 #include "net/log/net_log_source.h"
64 #include "net/log/test_net_log.h"
65 #include "net/log/test_net_log_util.h"
66 #include "net/socket/client_socket_factory.h"
67 #include "net/socket/client_socket_handle.h"
68 #include "net/socket/read_buffering_stream_socket.h"
69 #include "net/socket/socket_test_util.h"
70 #include "net/socket/ssl_server_socket.h"
71 #include "net/socket/stream_socket.h"
72 #include "net/socket/tcp_client_socket.h"
73 #include "net/socket/tcp_server_socket.h"
74 #include "net/ssl/ssl_cert_request_info.h"
75 #include "net/ssl/ssl_client_session_cache.h"
76 #include "net/ssl/ssl_config.h"
77 #include "net/ssl/ssl_config_service.h"
78 #include "net/ssl/ssl_connection_status_flags.h"
79 #include "net/ssl/ssl_handshake_details.h"
80 #include "net/ssl/ssl_info.h"
81 #include "net/ssl/ssl_server_config.h"
82 #include "net/ssl/test_ssl_config_service.h"
83 #include "net/ssl/test_ssl_private_key.h"
84 #include "net/test/cert_test_util.h"
85 #include "net/test/embedded_test_server/embedded_test_server.h"
86 #include "net/test/embedded_test_server/http_request.h"
87 #include "net/test/embedded_test_server/http_response.h"
88 #include "net/test/gtest_util.h"
89 #include "net/test/key_util.h"
90 #include "net/test/ssl_test_util.h"
91 #include "net/test/test_data_directory.h"
92 #include "net/test/test_with_task_environment.h"
93 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
94 #include "testing/gmock/include/gmock/gmock.h"
95 #include "testing/gtest/include/gtest/gtest.h"
96 #include "testing/platform_test.h"
97 #include "third_party/abseil-cpp/absl/types/optional.h"
98 #include "third_party/boringssl/src/include/openssl/bio.h"
99 #include "third_party/boringssl/src/include/openssl/evp.h"
100 #include "third_party/boringssl/src/include/openssl/hpke.h"
101 #include "third_party/boringssl/src/include/openssl/pem.h"
102 #include "third_party/boringssl/src/include/openssl/ssl.h"
103 #include "url/gurl.h"
104
105 using net::test::IsError;
106 using net::test::IsOk;
107
108 using testing::_;
109 using testing::Bool;
110 using testing::Combine;
111 using testing::Return;
112 using testing::Values;
113 using testing::ValuesIn;
114
115 namespace net {
116
117 class NetLogWithSource;
118
119 namespace {
120
121 // When passed to |MakeHashValueVector|, this will generate a key pin that is
122 // sha256/AA...=, and hence will cause pin validation success with the TestSPKI
123 // pin from transport_security_state_static.pins. ("A" is the 0th element of the
124 // base-64 alphabet.)
125 const uint8_t kGoodHashValueVectorInput = 0;
126
127 // When passed to |MakeHashValueVector|, this will generate a key pin that is
128 // not sha256/AA...=, and hence will cause pin validation failure with the
129 // TestSPKI pin.
130 const uint8_t kBadHashValueVectorInput = 3;
131
132 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
133 constexpr uint16_t kModernTLS12Cipher = 0xc02f;
134 // TLS_RSA_WITH_AES_128_GCM_SHA256
135 constexpr uint16_t kRSACipher = 0x009c;
136 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
137 constexpr uint16_t kCBCCipher = 0xc013;
138 // TLS_RSA_WITH_3DES_EDE_CBC_SHA
139 constexpr uint16_t k3DESCipher = 0x000a;
140
141 // Simulates synchronously receiving an error during Read() or Write()
142 class SynchronousErrorStreamSocket : public WrappedStreamSocket {
143 public:
SynchronousErrorStreamSocket(std::unique_ptr<StreamSocket> transport)144 explicit SynchronousErrorStreamSocket(std::unique_ptr<StreamSocket> transport)
145 : WrappedStreamSocket(std::move(transport)) {}
146
147 SynchronousErrorStreamSocket(const SynchronousErrorStreamSocket&) = delete;
148 SynchronousErrorStreamSocket& operator=(const SynchronousErrorStreamSocket&) =
149 delete;
150
151 ~SynchronousErrorStreamSocket() override = default;
152
153 // Socket implementation:
154 int Read(IOBuffer* buf,
155 int buf_len,
156 CompletionOnceCallback callback) override;
157 int ReadIfReady(IOBuffer* buf,
158 int buf_len,
159 CompletionOnceCallback callback) override;
160 int Write(IOBuffer* buf,
161 int buf_len,
162 CompletionOnceCallback callback,
163 const NetworkTrafficAnnotationTag& traffic_annotation) override;
164
165 // Sets the next Read() call and all future calls to return |error|.
166 // If there is already a pending asynchronous read, the configured error
167 // will not be returned until that asynchronous read has completed and Read()
168 // is called again.
SetNextReadError(int error)169 void SetNextReadError(int error) {
170 DCHECK_GE(0, error);
171 have_read_error_ = true;
172 pending_read_error_ = error;
173 }
174
175 // Sets the next Write() call and all future calls to return |error|.
176 // If there is already a pending asynchronous write, the configured error
177 // will not be returned until that asynchronous write has completed and
178 // Write() is called again.
SetNextWriteError(int error)179 void SetNextWriteError(int error) {
180 DCHECK_GE(0, error);
181 have_write_error_ = true;
182 pending_write_error_ = error;
183 }
184
185 private:
186 bool have_read_error_ = false;
187 int pending_read_error_ = OK;
188
189 bool have_write_error_ = false;
190 int pending_write_error_ = OK;
191 };
192
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)193 int SynchronousErrorStreamSocket::Read(IOBuffer* buf,
194 int buf_len,
195 CompletionOnceCallback callback) {
196 if (have_read_error_)
197 return pending_read_error_;
198 return transport_->Read(buf, buf_len, std::move(callback));
199 }
200
ReadIfReady(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)201 int SynchronousErrorStreamSocket::ReadIfReady(IOBuffer* buf,
202 int buf_len,
203 CompletionOnceCallback callback) {
204 if (have_read_error_)
205 return pending_read_error_;
206 return transport_->ReadIfReady(buf, buf_len, std::move(callback));
207 }
208
Write(IOBuffer * buf,int buf_len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)209 int SynchronousErrorStreamSocket::Write(
210 IOBuffer* buf,
211 int buf_len,
212 CompletionOnceCallback callback,
213 const NetworkTrafficAnnotationTag& traffic_annotation) {
214 if (have_write_error_)
215 return pending_write_error_;
216 return transport_->Write(buf, buf_len, std::move(callback),
217 traffic_annotation);
218 }
219
220 // FakeBlockingStreamSocket wraps an existing StreamSocket and simulates the
221 // underlying transport needing to complete things asynchronously in a
222 // deterministic manner (e.g.: independent of the TestServer and the OS's
223 // semantics).
224 class FakeBlockingStreamSocket : public WrappedStreamSocket {
225 public:
FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport)226 explicit FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport)
227 : WrappedStreamSocket(std::move(transport)) {}
228 ~FakeBlockingStreamSocket() override = default;
229
230 // Socket implementation:
231 int Read(IOBuffer* buf,
232 int buf_len,
233 CompletionOnceCallback callback) override;
234 int ReadIfReady(IOBuffer* buf,
235 int buf_len,
236 CompletionOnceCallback callback) override;
237 int CancelReadIfReady() override;
238 int Write(IOBuffer* buf,
239 int buf_len,
240 CompletionOnceCallback callback,
241 const NetworkTrafficAnnotationTag& traffic_annotation) override;
242
pending_read_result() const243 int pending_read_result() const { return pending_read_result_; }
pending_read_buf() const244 IOBuffer* pending_read_buf() const { return pending_read_buf_.get(); }
245
246 // Blocks read results on the socket. Reads will not complete until
247 // UnblockReadResult() has been called and a result is ready from the
248 // underlying transport. Note: if BlockReadResult() is called while there is a
249 // hanging asynchronous Read(), that Read is blocked.
250 void BlockReadResult();
251 void UnblockReadResult();
252
253 // Replaces the pending read with |data|. Returns true on success or false if
254 // the caller's reads were too small.
255 bool ReplaceReadResult(const std::string& data);
256
257 // Waits for the blocked Read() call to be complete at the underlying
258 // transport.
259 void WaitForReadResult();
260
261 // Causes the next call to Write() to return ERR_IO_PENDING, not beginning the
262 // underlying transport until UnblockWrite() has been called. Note: if there
263 // is a pending asynchronous write, it is NOT blocked. For purposes of
264 // blocking writes, data is considered to have reached the underlying
265 // transport as soon as Write() is called.
266 void BlockWrite();
267 void UnblockWrite();
268
269 // Waits for the blocked Write() call to be scheduled.
270 void WaitForWrite();
271
272 private:
273 // Handles completion from the underlying transport read.
274 void OnReadCompleted(int result);
275
276 // Handles async completion of ReadIfReady().
277 void CompleteReadIfReady(scoped_refptr<IOBuffer> buffer, int rv);
278
279 // Finishes the current read.
280 void ReturnReadResult();
281
282 // Callback for writes.
283 void CallPendingWriteCallback(int result);
284
285 // True if read callbacks are blocked.
286 bool should_block_read_ = false;
287
288 // Used to buffer result returned by a completed ReadIfReady().
289 std::string read_if_ready_buf_;
290
291 // Non-null if there is a pending ReadIfReady().
292 CompletionOnceCallback read_if_ready_callback_;
293
294 // The buffer for the pending read, or NULL if not consumed.
295 scoped_refptr<IOBuffer> pending_read_buf_;
296
297 // The size of the pending read buffer, or -1 if not set.
298 int pending_read_buf_len_ = -1;
299
300 // The user callback for the pending read call.
301 CompletionOnceCallback pending_read_callback_;
302
303 // The result for the blocked read callback, or ERR_IO_PENDING if not
304 // completed.
305 int pending_read_result_ = ERR_IO_PENDING;
306
307 // WaitForReadResult() wait loop.
308 std::unique_ptr<base::RunLoop> read_loop_;
309
310 // True if write calls are blocked.
311 bool should_block_write_ = false;
312
313 // The buffer for the pending write, or NULL if not scheduled.
314 scoped_refptr<IOBuffer> pending_write_buf_;
315
316 // The callback for the pending write call.
317 CompletionOnceCallback pending_write_callback_;
318
319 // The length for the pending write, or -1 if not scheduled.
320 int pending_write_len_ = -1;
321
322 // WaitForWrite() wait loop.
323 std::unique_ptr<base::RunLoop> write_loop_;
324 };
325
Read(IOBuffer * buf,int len,CompletionOnceCallback callback)326 int FakeBlockingStreamSocket::Read(IOBuffer* buf,
327 int len,
328 CompletionOnceCallback callback) {
329 DCHECK(!pending_read_buf_);
330 DCHECK(pending_read_callback_.is_null());
331 DCHECK_EQ(ERR_IO_PENDING, pending_read_result_);
332 DCHECK(!callback.is_null());
333
334 int rv = transport_->Read(
335 buf, len,
336 base::BindOnce(&FakeBlockingStreamSocket::OnReadCompleted,
337 base::Unretained(this)));
338 if (rv == ERR_IO_PENDING || should_block_read_) {
339 // Save the callback to be called later.
340 pending_read_buf_ = buf;
341 pending_read_buf_len_ = len;
342 pending_read_callback_ = std::move(callback);
343 // Save the read result.
344 if (rv != ERR_IO_PENDING) {
345 OnReadCompleted(rv);
346 rv = ERR_IO_PENDING;
347 }
348 }
349 return rv;
350 }
351
ReadIfReady(IOBuffer * buf,int len,CompletionOnceCallback callback)352 int FakeBlockingStreamSocket::ReadIfReady(IOBuffer* buf,
353 int len,
354 CompletionOnceCallback callback) {
355 if (!read_if_ready_buf_.empty()) {
356 // If ReadIfReady() is used, asynchronous reads with a large enough buffer
357 // and no BlockReadResult() are supported by this class. Explicitly check
358 // that |should_block_read_| doesn't apply and |len| is greater than the
359 // size of the buffered data.
360 CHECK(!should_block_read_);
361 CHECK_GE(len, static_cast<int>(read_if_ready_buf_.size()));
362 int rv = read_if_ready_buf_.size();
363 memcpy(buf->data(), read_if_ready_buf_.data(), rv);
364 read_if_ready_buf_.clear();
365 return rv;
366 }
367 scoped_refptr<IOBuffer> buf_copy = base::MakeRefCounted<IOBuffer>(len);
368 int rv = Read(buf_copy.get(), len,
369 base::BindOnce(&FakeBlockingStreamSocket::CompleteReadIfReady,
370 base::Unretained(this), buf_copy));
371 if (rv > 0)
372 memcpy(buf->data(), buf_copy->data(), rv);
373 if (rv == ERR_IO_PENDING)
374 read_if_ready_callback_ = std::move(callback);
375 return rv;
376 }
377
CancelReadIfReady()378 int FakeBlockingStreamSocket::CancelReadIfReady() {
379 DCHECK(!read_if_ready_callback_.is_null());
380 read_if_ready_callback_.Reset();
381 return OK;
382 }
383
Write(IOBuffer * buf,int len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)384 int FakeBlockingStreamSocket::Write(
385 IOBuffer* buf,
386 int len,
387 CompletionOnceCallback callback,
388 const NetworkTrafficAnnotationTag& traffic_annotation) {
389 DCHECK(buf);
390 DCHECK_LE(0, len);
391
392 if (!should_block_write_)
393 return transport_->Write(buf, len, std::move(callback), traffic_annotation);
394
395 // Schedule the write, but do nothing.
396 DCHECK(!pending_write_buf_.get());
397 DCHECK_EQ(-1, pending_write_len_);
398 DCHECK(pending_write_callback_.is_null());
399 DCHECK(!callback.is_null());
400 pending_write_buf_ = buf;
401 pending_write_len_ = len;
402 pending_write_callback_ = std::move(callback);
403
404 // Stop the write loop, if any.
405 if (write_loop_)
406 write_loop_->Quit();
407 return ERR_IO_PENDING;
408 }
409
BlockReadResult()410 void FakeBlockingStreamSocket::BlockReadResult() {
411 DCHECK(!should_block_read_);
412 should_block_read_ = true;
413 }
414
UnblockReadResult()415 void FakeBlockingStreamSocket::UnblockReadResult() {
416 DCHECK(should_block_read_);
417 should_block_read_ = false;
418
419 // If the operation has since completed, return the result to the caller.
420 if (pending_read_result_ != ERR_IO_PENDING)
421 ReturnReadResult();
422 }
423
ReplaceReadResult(const std::string & data)424 bool FakeBlockingStreamSocket::ReplaceReadResult(const std::string& data) {
425 DCHECK(should_block_read_);
426 DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
427 DCHECK(pending_read_buf_);
428 DCHECK_NE(-1, pending_read_buf_len_);
429
430 if (static_cast<size_t>(pending_read_buf_len_) < data.size())
431 return false;
432
433 memcpy(pending_read_buf_->data(), data.data(), data.size());
434 pending_read_result_ = data.size();
435 return true;
436 }
437
WaitForReadResult()438 void FakeBlockingStreamSocket::WaitForReadResult() {
439 DCHECK(should_block_read_);
440 DCHECK(!read_loop_);
441
442 if (pending_read_result_ != ERR_IO_PENDING)
443 return;
444 read_loop_ = std::make_unique<base::RunLoop>();
445 read_loop_->Run();
446 read_loop_.reset();
447 DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
448 }
449
BlockWrite()450 void FakeBlockingStreamSocket::BlockWrite() {
451 DCHECK(!should_block_write_);
452 should_block_write_ = true;
453 }
454
CallPendingWriteCallback(int rv)455 void FakeBlockingStreamSocket::CallPendingWriteCallback(int rv) {
456 std::move(pending_write_callback_).Run(rv);
457 }
458
UnblockWrite()459 void FakeBlockingStreamSocket::UnblockWrite() {
460 DCHECK(should_block_write_);
461 should_block_write_ = false;
462
463 // Do nothing if UnblockWrite() was called after BlockWrite(),
464 // without a Write() in between.
465 if (!pending_write_buf_.get())
466 return;
467
468 int rv = transport_->Write(
469 pending_write_buf_.get(), pending_write_len_,
470 base::BindOnce(&FakeBlockingStreamSocket::CallPendingWriteCallback,
471 base::Unretained(this)),
472 TRAFFIC_ANNOTATION_FOR_TESTS);
473
474 pending_write_buf_ = nullptr;
475 pending_write_len_ = -1;
476 if (rv != ERR_IO_PENDING) {
477 std::move(pending_write_callback_).Run(rv);
478 }
479 }
480
WaitForWrite()481 void FakeBlockingStreamSocket::WaitForWrite() {
482 DCHECK(should_block_write_);
483 DCHECK(!write_loop_);
484
485 if (pending_write_buf_.get())
486 return;
487 write_loop_ = std::make_unique<base::RunLoop>();
488 write_loop_->Run();
489 write_loop_.reset();
490 DCHECK(pending_write_buf_.get());
491 }
492
OnReadCompleted(int result)493 void FakeBlockingStreamSocket::OnReadCompleted(int result) {
494 DCHECK_EQ(ERR_IO_PENDING, pending_read_result_);
495 DCHECK(!pending_read_callback_.is_null());
496
497 pending_read_result_ = result;
498
499 if (should_block_read_) {
500 // Defer the result until UnblockReadResult is called.
501 if (read_loop_)
502 read_loop_->Quit();
503 return;
504 }
505
506 ReturnReadResult();
507 }
508
CompleteReadIfReady(scoped_refptr<IOBuffer> buf,int rv)509 void FakeBlockingStreamSocket::CompleteReadIfReady(scoped_refptr<IOBuffer> buf,
510 int rv) {
511 DCHECK(read_if_ready_buf_.empty());
512 DCHECK(!should_block_read_);
513 if (rv > 0)
514 read_if_ready_buf_ = std::string(buf->data(), buf->data() + rv);
515 // The callback may be null if CancelReadIfReady() was called.
516 if (!read_if_ready_callback_.is_null())
517 std::move(read_if_ready_callback_).Run(rv > 0 ? OK : rv);
518 }
519
ReturnReadResult()520 void FakeBlockingStreamSocket::ReturnReadResult() {
521 int result = pending_read_result_;
522 pending_read_result_ = ERR_IO_PENDING;
523 pending_read_buf_ = nullptr;
524 pending_read_buf_len_ = -1;
525 std::move(pending_read_callback_).Run(result);
526 }
527
528 // CountingStreamSocket wraps an existing StreamSocket and maintains a count of
529 // reads and writes on the socket.
530 class CountingStreamSocket : public WrappedStreamSocket {
531 public:
CountingStreamSocket(std::unique_ptr<StreamSocket> transport)532 explicit CountingStreamSocket(std::unique_ptr<StreamSocket> transport)
533 : WrappedStreamSocket(std::move(transport)) {}
534 ~CountingStreamSocket() override = default;
535
536 // Socket implementation:
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)537 int Read(IOBuffer* buf,
538 int buf_len,
539 CompletionOnceCallback callback) override {
540 read_count_++;
541 return transport_->Read(buf, buf_len, std::move(callback));
542 }
Write(IOBuffer * buf,int buf_len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)543 int Write(IOBuffer* buf,
544 int buf_len,
545 CompletionOnceCallback callback,
546 const NetworkTrafficAnnotationTag& traffic_annotation) override {
547 write_count_++;
548 return transport_->Write(buf, buf_len, std::move(callback),
549 traffic_annotation);
550 }
551
read_count() const552 int read_count() const { return read_count_; }
write_count() const553 int write_count() const { return write_count_; }
554
555 private:
556 int read_count_ = 0;
557 int write_count_ = 0;
558 };
559
560 // A helper class that will delete |socket| when the callback is invoked.
561 class DeleteSocketCallback : public TestCompletionCallbackBase {
562 public:
DeleteSocketCallback(StreamSocket * socket)563 explicit DeleteSocketCallback(StreamSocket* socket) : socket_(socket) {}
564
565 DeleteSocketCallback(const DeleteSocketCallback&) = delete;
566 DeleteSocketCallback& operator=(const DeleteSocketCallback&) = delete;
567
568 ~DeleteSocketCallback() override = default;
569
callback()570 CompletionOnceCallback callback() {
571 return base::BindOnce(&DeleteSocketCallback::OnComplete,
572 base::Unretained(this));
573 }
574
575 private:
OnComplete(int result)576 void OnComplete(int result) {
577 if (socket_) {
578 delete socket_;
579 socket_ = nullptr;
580 } else {
581 ADD_FAILURE() << "Deleting socket twice";
582 }
583 SetResult(result);
584 }
585
586 raw_ptr<StreamSocket> socket_;
587 };
588
589 // A mock CTVerifier that records every call to Verify but doesn't verify
590 // anything.
591 class MockCTVerifier : public CTVerifier {
592 public:
593 MOCK_METHOD6(Verify,
594 void(base::StringPiece,
595 X509Certificate*,
596 base::StringPiece,
597 base::StringPiece,
598 SignedCertificateTimestampAndStatusList*,
599 const NetLogWithSource&));
600 };
601
602 // A mock CTPolicyEnforcer that returns a custom verification result.
603 class MockCTPolicyEnforcer : public CTPolicyEnforcer {
604 public:
605 MOCK_METHOD3(CheckCompliance,
606 ct::CTPolicyCompliance(X509Certificate* cert,
607 const ct::SCTList&,
608 const NetLogWithSource&));
609 };
610
611 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
612 public:
613 MOCK_METHOD3(IsCTRequiredForHost,
614 CTRequirementLevel(const std::string& host,
615 const X509Certificate* chain,
616 const HashValueVector& hashes));
617 };
618
619 class MockSCTAuditingDelegate : public SCTAuditingDelegate {
620 public:
621 MOCK_METHOD(bool, IsSCTAuditingEnabled, ());
622 MOCK_METHOD(void,
623 MaybeEnqueueReport,
624 (const net::HostPortPair&,
625 const net::X509Certificate*,
626 const net::SignedCertificateTimestampAndStatusList&));
627 };
628
629 class ManySmallRecordsHttpResponse : public test_server::HttpResponse {
630 public:
HandleRequest(const test_server::HttpRequest & request)631 static std::unique_ptr<test_server::HttpResponse> HandleRequest(
632 const test_server::HttpRequest& request) {
633 if (request.relative_url != "/ssl-many-small-records") {
634 return nullptr;
635 }
636
637 // Write ~26K of data, in 1350 byte chunks
638 return std::make_unique<ManySmallRecordsHttpResponse>(/*chunk_size=*/1350,
639 /*chunk_count=*/20);
640 }
641
ManySmallRecordsHttpResponse(size_t chunk_size,size_t chunk_count)642 ManySmallRecordsHttpResponse(size_t chunk_size, size_t chunk_count)
643 : chunk_size_(chunk_size), chunk_count_(chunk_count) {}
644
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)645 void SendResponse(
646 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
647 base::StringPairs headers = {
648 {"Connection", "close"},
649 {"Content-Length", base::NumberToString(chunk_size_ * chunk_count_)},
650 {"Content-Type", "text/plain"}};
651 delegate->SendResponseHeaders(HTTP_OK, "OK", headers);
652 SendChunks(chunk_size_, chunk_count_, delegate);
653 }
654
655 private:
SendChunks(size_t chunk_size,size_t chunk_count,base::WeakPtr<test_server::HttpResponseDelegate> delegate)656 static void SendChunks(
657 size_t chunk_size,
658 size_t chunk_count,
659 base::WeakPtr<test_server::HttpResponseDelegate> delegate) {
660 if (!delegate)
661 return;
662
663 if (chunk_count == 0) {
664 delegate->FinishResponse();
665 return;
666 }
667
668 std::string chunk(chunk_size, '*');
669 // This assumes that splitting output into separate |send| calls will
670 // produce separate TLS records.
671 delegate->SendContents(chunk, base::BindOnce(&SendChunks, chunk_size,
672 chunk_count - 1, delegate));
673 }
674
675 size_t chunk_size_;
676 size_t chunk_count_;
677 };
678
679 class SSLClientSocketTest : public PlatformTest, public WithTaskEnvironment {
680 public:
SSLClientSocketTest()681 SSLClientSocketTest()
682 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
683 ssl_config_service_(
684 std::make_unique<TestSSLConfigService>(SSLContextConfig())),
685 cert_verifier_(std::make_unique<MockCertVerifier>()),
686 transport_security_state_(std::make_unique<TransportSecurityState>()),
687 ct_policy_enforcer_(std::make_unique<MockCTPolicyEnforcer>()),
688 ssl_client_session_cache_(std::make_unique<SSLClientSessionCache>(
689 SSLClientSessionCache::Config())),
690 context_(
691 std::make_unique<SSLClientContext>(ssl_config_service_.get(),
692 cert_verifier_.get(),
693 transport_security_state_.get(),
694 ct_policy_enforcer_.get(),
695 ssl_client_session_cache_.get(),
696 nullptr)) {
697 cert_verifier_->set_default_result(OK);
698 cert_verifier_->set_async(true);
699
700 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _))
701 .WillRepeatedly(
702 Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
703 }
704
705 protected:
706 // The address of the test server, after calling StartEmbeddedTestServer().
addr() const707 const AddressList& addr() const { return addr_; }
708
709 // The hostname of the test server, after calling StartEmbeddedTestServer().
host_port_pair() const710 const HostPortPair& host_port_pair() const { return host_port_pair_; }
711
712 // The EmbeddedTestServer object, after calling StartEmbeddedTestServer().
embedded_test_server()713 EmbeddedTestServer* embedded_test_server() {
714 return embedded_test_server_.get();
715 }
716
717 // Starts the embedded test server with the specified parameters. Returns true
718 // on success.
StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert,const SSLServerConfig & server_config)719 bool StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert,
720 const SSLServerConfig& server_config) {
721 embedded_test_server_ =
722 std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS);
723 embedded_test_server_->SetSSLConfig(cert, server_config);
724 return FinishStartingEmbeddedTestServer();
725 }
726
727 // Starts the embedded test server with the specified parameters. Returns true
728 // on success.
StartEmbeddedTestServer(const EmbeddedTestServer::ServerCertificateConfig & cert_config,const SSLServerConfig & server_config)729 bool StartEmbeddedTestServer(
730 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
731 const SSLServerConfig& server_config) {
732 embedded_test_server_ =
733 std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS);
734 embedded_test_server_->SetSSLConfig(cert_config, server_config);
735 return FinishStartingEmbeddedTestServer();
736 }
737
FinishStartingEmbeddedTestServer()738 bool FinishStartingEmbeddedTestServer() {
739 RegisterEmbeddedTestServerHandlers(embedded_test_server_.get());
740 if (!embedded_test_server_->Start()) {
741 LOG(ERROR) << "Could not start EmbeddedTestServer";
742 return false;
743 }
744
745 if (!embedded_test_server_->GetAddressList(&addr_)) {
746 LOG(ERROR) << "Could not get EmbeddedTestServer address list";
747 return false;
748 }
749 host_port_pair_ = embedded_test_server_->host_port_pair();
750 return true;
751 }
752
753 // May be overridden by the subclass to customize the EmbeddedTestServer.
RegisterEmbeddedTestServerHandlers(EmbeddedTestServer * server)754 virtual void RegisterEmbeddedTestServerHandlers(EmbeddedTestServer* server) {
755 server->AddDefaultHandlers(base::FilePath());
756 server->RegisterRequestHandler(
757 base::BindRepeating(&ManySmallRecordsHttpResponse::HandleRequest));
758 server->RegisterRequestHandler(
759 base::BindRepeating(&HandleSSLInfoRequest, base::Unretained(this)));
760 }
761
CreateSSLClientSocket(std::unique_ptr<StreamSocket> transport_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)762 std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
763 std::unique_ptr<StreamSocket> transport_socket,
764 const HostPortPair& host_and_port,
765 const SSLConfig& ssl_config) {
766 return socket_factory_->CreateSSLClientSocket(
767 context_.get(), std::move(transport_socket), host_and_port, ssl_config);
768 }
769
770 // Create an SSLClientSocket object and use it to connect to a test server,
771 // then wait for connection results. This must be called after a successful
772 // StartEmbeddedTestServer() call.
773 //
774 // |ssl_config| The SSL configuration to use.
775 // |host_port_pair| The hostname and port to use at the SSL layer. (The
776 // socket connection will still be made to |embedded_test_server_|.)
777 // |result| will retrieve the ::Connect() result value.
778 //
779 // Returns true on success, false otherwise. Success means that the SSL
780 // socket could be created and its Connect() was called, not that the
781 // connection itself was a success.
CreateAndConnectSSLClientSocketWithHost(const SSLConfig & ssl_config,const HostPortPair & host_port_pair,int * result)782 bool CreateAndConnectSSLClientSocketWithHost(
783 const SSLConfig& ssl_config,
784 const HostPortPair& host_port_pair,
785 int* result) {
786 auto transport = std::make_unique<TCPClientSocket>(
787 addr_, nullptr, nullptr, NetLog::Get(), NetLogSource());
788 int rv = callback_.GetResult(transport->Connect(callback_.callback()));
789 if (rv != OK) {
790 LOG(ERROR) << "Could not connect to test server";
791 return false;
792 }
793
794 sock_ =
795 CreateSSLClientSocket(std::move(transport), host_port_pair, ssl_config);
796 EXPECT_FALSE(sock_->IsConnected());
797
798 *result = callback_.GetResult(sock_->Connect(callback_.callback()));
799 return true;
800 }
801
CreateAndConnectSSLClientSocket(const SSLConfig & ssl_config,int * result)802 bool CreateAndConnectSSLClientSocket(const SSLConfig& ssl_config,
803 int* result) {
804 return CreateAndConnectSSLClientSocketWithHost(ssl_config, host_port_pair(),
805 result);
806 }
807
808 // Adds the server certificate with provided cert status.
809 // Must be called after StartEmbeddedTestServer has been called.
AddServerCertStatusToSSLConfig(CertStatus status,SSLConfig * ssl_config)810 void AddServerCertStatusToSSLConfig(CertStatus status,
811 SSLConfig* ssl_config) {
812 ASSERT_TRUE(embedded_test_server());
813 scoped_refptr<X509Certificate> server_cert =
814 embedded_test_server()->GetCertificate();
815 CertVerifyResult verify_result;
816 verify_result.cert_status = status;
817 verify_result.verified_cert = server_cert;
818 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
819 }
820
LastSSLInfoFromServer()821 absl::optional<SSLInfo> LastSSLInfoFromServer() {
822 // EmbeddedTestServer callbacks run on another thread, so protect this
823 // with a lock.
824 base::AutoLock lock(server_ssl_info_lock_);
825 auto result = server_ssl_info_;
826 server_ssl_info_ = absl::nullopt;
827 return result;
828 }
829
830 RecordingNetLogObserver log_observer_;
831 raw_ptr<ClientSocketFactory> socket_factory_;
832 std::unique_ptr<TestSSLConfigService> ssl_config_service_;
833 std::unique_ptr<MockCertVerifier> cert_verifier_;
834 std::unique_ptr<TransportSecurityState> transport_security_state_;
835 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
836 std::unique_ptr<SSLClientSessionCache> ssl_client_session_cache_;
837 std::unique_ptr<SSLClientContext> context_;
838 std::unique_ptr<SSLClientSocket> sock_;
839
840 private:
HandleSSLInfoRequest(SSLClientSocketTest * test,const test_server::HttpRequest & request)841 static std::unique_ptr<test_server::HttpResponse> HandleSSLInfoRequest(
842 SSLClientSocketTest* test,
843 const test_server::HttpRequest& request) {
844 if (request.relative_url != "/ssl-info") {
845 return nullptr;
846 }
847 {
848 // EmbeddedTestServer callbacks run on another thread, so protect this
849 // with a lock.
850 base::AutoLock lock(test->server_ssl_info_lock_);
851 test->server_ssl_info_ = request.ssl_info;
852 }
853 return std::make_unique<test_server::BasicHttpResponse>();
854 }
855
856 std::unique_ptr<EmbeddedTestServer> embedded_test_server_;
857 base::Lock server_ssl_info_lock_;
858 absl::optional<SSLInfo> server_ssl_info_ GUARDED_BY(server_ssl_info_lock_);
859 TestCompletionCallback callback_;
860 AddressList addr_;
861 HostPortPair host_port_pair_;
862 };
863
864 enum ReadIfReadyTransport {
865 // ReadIfReady() is implemented by the underlying transport.
866 READ_IF_READY_SUPPORTED,
867 // ReadIfReady() is not implemented by the underlying transport.
868 READ_IF_READY_NOT_SUPPORTED,
869 };
870
871 enum ReadIfReadySSL {
872 // Test reads by calling ReadIfReady() on the SSL socket.
873 TEST_SSL_READ_IF_READY,
874 // Test reads by calling Read() on the SSL socket.
875 TEST_SSL_READ,
876 };
877
878 class StreamSocketWithoutReadIfReady : public WrappedStreamSocket {
879 public:
StreamSocketWithoutReadIfReady(std::unique_ptr<StreamSocket> transport)880 explicit StreamSocketWithoutReadIfReady(
881 std::unique_ptr<StreamSocket> transport)
882 : WrappedStreamSocket(std::move(transport)) {}
883
ReadIfReady(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)884 int ReadIfReady(IOBuffer* buf,
885 int buf_len,
886 CompletionOnceCallback callback) override {
887 return ERR_READ_IF_READY_NOT_IMPLEMENTED;
888 }
889
CancelReadIfReady()890 int CancelReadIfReady() override { return ERR_READ_IF_READY_NOT_IMPLEMENTED; }
891 };
892
893 class ClientSocketFactoryWithoutReadIfReady : public ClientSocketFactory {
894 public:
ClientSocketFactoryWithoutReadIfReady(ClientSocketFactory * factory)895 explicit ClientSocketFactoryWithoutReadIfReady(ClientSocketFactory* factory)
896 : factory_(factory) {}
897
CreateDatagramClientSocket(DatagramSocket::BindType bind_type,NetLog * net_log,const NetLogSource & source)898 std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
899 DatagramSocket::BindType bind_type,
900 NetLog* net_log,
901 const NetLogSource& source) override {
902 return factory_->CreateDatagramClientSocket(bind_type, net_log, source);
903 }
904
CreateTransportClientSocket(const AddressList & addresses,std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,NetworkQualityEstimator * network_quality_estimator,NetLog * net_log,const NetLogSource & source)905 std::unique_ptr<TransportClientSocket> CreateTransportClientSocket(
906 const AddressList& addresses,
907 std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
908 NetworkQualityEstimator* network_quality_estimator,
909 NetLog* net_log,
910 const NetLogSource& source) override {
911 return factory_->CreateTransportClientSocket(
912 addresses, std::move(socket_performance_watcher),
913 network_quality_estimator, net_log, source);
914 }
915
CreateSSLClientSocket(SSLClientContext * context,std::unique_ptr<StreamSocket> stream_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)916 std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
917 SSLClientContext* context,
918 std::unique_ptr<StreamSocket> stream_socket,
919 const HostPortPair& host_and_port,
920 const SSLConfig& ssl_config) override {
921 stream_socket = std::make_unique<StreamSocketWithoutReadIfReady>(
922 std::move(stream_socket));
923 return factory_->CreateSSLClientSocket(context, std::move(stream_socket),
924 host_and_port, ssl_config);
925 }
926
927 private:
928 const raw_ptr<ClientSocketFactory> factory_;
929 };
930
GetTLSVersions()931 std::vector<uint16_t> GetTLSVersions() {
932 return {SSL_PROTOCOL_VERSION_TLS1_2, SSL_PROTOCOL_VERSION_TLS1_3};
933 }
934
935 class SSLClientSocketVersionTest
936 : public SSLClientSocketTest,
937 public ::testing::WithParamInterface<uint16_t> {
938 protected:
939 SSLClientSocketVersionTest() = default;
940
version() const941 uint16_t version() const { return GetParam(); }
942
GetServerConfig()943 SSLServerConfig GetServerConfig() {
944 SSLServerConfig config;
945 config.version_max = version();
946 config.version_min = version();
947 return config;
948 }
949 };
950
951 // If GetParam(), try ReadIfReady() and fall back to Read() if needed.
952 class SSLClientSocketReadTest
953 : public SSLClientSocketTest,
954 public ::testing::WithParamInterface<
955 std::tuple<ReadIfReadyTransport, ReadIfReadySSL, uint16_t>> {
956 protected:
SSLClientSocketReadTest()957 SSLClientSocketReadTest() : SSLClientSocketTest() {
958 if (!read_if_ready_supported()) {
959 wrapped_socket_factory_ =
960 std::make_unique<ClientSocketFactoryWithoutReadIfReady>(
961 socket_factory_);
962 socket_factory_ = wrapped_socket_factory_.get();
963 }
964 }
965
966 // Convienient wrapper to call Read()/ReadIfReady() depending on whether
967 // ReadyIfReady() is enabled.
Read(StreamSocket * socket,IOBuffer * buf,int buf_len,CompletionOnceCallback callback)968 int Read(StreamSocket* socket,
969 IOBuffer* buf,
970 int buf_len,
971 CompletionOnceCallback callback) {
972 if (test_ssl_read_if_ready())
973 return socket->ReadIfReady(buf, buf_len, std::move(callback));
974 return socket->Read(buf, buf_len, std::move(callback));
975 }
976
977 // Wait for Read()/ReadIfReady() to complete.
WaitForReadCompletion(StreamSocket * socket,IOBuffer * buf,int buf_len,TestCompletionCallback * callback,int rv)978 int WaitForReadCompletion(StreamSocket* socket,
979 IOBuffer* buf,
980 int buf_len,
981 TestCompletionCallback* callback,
982 int rv) {
983 if (!test_ssl_read_if_ready())
984 return callback->GetResult(rv);
985 while (rv == ERR_IO_PENDING) {
986 rv = callback->GetResult(rv);
987 if (rv != OK)
988 return rv;
989 rv = socket->ReadIfReady(buf, buf_len, callback->callback());
990 }
991 return rv;
992 }
993
994 // Calls Read()/ReadIfReady() and waits for it to return data.
ReadAndWaitForCompletion(StreamSocket * socket,IOBuffer * buf,int buf_len)995 int ReadAndWaitForCompletion(StreamSocket* socket,
996 IOBuffer* buf,
997 int buf_len) {
998 TestCompletionCallback callback;
999 int rv = Read(socket, buf, buf_len, callback.callback());
1000 return WaitForReadCompletion(socket, buf, buf_len, &callback, rv);
1001 }
1002
GetServerConfig()1003 SSLServerConfig GetServerConfig() {
1004 SSLServerConfig config;
1005 config.version_max = version();
1006 config.version_min = version();
1007 return config;
1008 }
1009
test_ssl_read_if_ready() const1010 bool test_ssl_read_if_ready() const {
1011 return std::get<1>(GetParam()) == TEST_SSL_READ_IF_READY;
1012 }
1013
read_if_ready_supported() const1014 bool read_if_ready_supported() const {
1015 return std::get<0>(GetParam()) == READ_IF_READY_SUPPORTED;
1016 }
1017
version() const1018 uint16_t version() const { return std::get<2>(GetParam()); }
1019
1020 private:
1021 std::unique_ptr<ClientSocketFactory> wrapped_socket_factory_;
1022 };
1023
1024 INSTANTIATE_TEST_SUITE_P(All,
1025 SSLClientSocketReadTest,
1026 Combine(Values(READ_IF_READY_SUPPORTED,
1027 READ_IF_READY_NOT_SUPPORTED),
1028 Values(TEST_SSL_READ_IF_READY, TEST_SSL_READ),
1029 ValuesIn(GetTLSVersions())));
1030
1031 // Verifies the correctness of GetSSLCertRequestInfo.
1032 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketVersionTest {
1033 protected:
1034 // Connects to the test server and returns the SSLCertRequestInfo reported by
1035 // the socket.
GetCertRequest()1036 scoped_refptr<SSLCertRequestInfo> GetCertRequest() {
1037 int rv;
1038 if (!CreateAndConnectSSLClientSocket(SSLConfig(), &rv)) {
1039 return nullptr;
1040 }
1041 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
1042
1043 auto request_info = base::MakeRefCounted<SSLCertRequestInfo>();
1044 sock_->GetSSLCertRequestInfo(request_info.get());
1045 sock_->Disconnect();
1046 EXPECT_FALSE(sock_->IsConnected());
1047 EXPECT_TRUE(host_port_pair().Equals(request_info->host_and_port));
1048
1049 return request_info;
1050 }
1051 };
1052
1053 class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
1054 protected:
1055 // Creates an SSLClientSocket with |client_config| attached to a
1056 // FakeBlockingStreamSocket, returning both in |*out_raw_transport| and
1057 // |*out_sock|. The FakeBlockingStreamSocket is owned by the SSLClientSocket,
1058 // so |*out_raw_transport| is a raw pointer.
1059 //
1060 // The client socket will begin a connect using |callback| but stop before the
1061 // server's finished message is received. The finished message will be blocked
1062 // in |*out_raw_transport|. To complete the handshake and successfully read
1063 // data, the caller must unblock reads on |*out_raw_transport|. (Note that, if
1064 // the client successfully false started, |callback.WaitForResult()| will
1065 // return OK without unblocking transport reads. But Read() will still block.)
1066 //
1067 // Must be called after StartEmbeddedTestServer is called.
CreateAndConnectUntilServerFinishedReceived(const SSLConfig & client_config,TestCompletionCallback * callback,FakeBlockingStreamSocket ** out_raw_transport,std::unique_ptr<SSLClientSocket> * out_sock)1068 void CreateAndConnectUntilServerFinishedReceived(
1069 const SSLConfig& client_config,
1070 TestCompletionCallback* callback,
1071 FakeBlockingStreamSocket** out_raw_transport,
1072 std::unique_ptr<SSLClientSocket>* out_sock) {
1073 CHECK(embedded_test_server());
1074
1075 auto real_transport = std::make_unique<TCPClientSocket>(
1076 addr(), nullptr, nullptr, nullptr, NetLogSource());
1077 auto transport =
1078 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
1079 int rv = callback->GetResult(transport->Connect(callback->callback()));
1080 EXPECT_THAT(rv, IsOk());
1081
1082 FakeBlockingStreamSocket* raw_transport = transport.get();
1083 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1084 std::move(transport), host_port_pair(), client_config);
1085
1086 // Connect. Stop before the client processes the first server leg
1087 // (ServerHello, etc.)
1088 raw_transport->BlockReadResult();
1089 rv = sock->Connect(callback->callback());
1090 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1091 raw_transport->WaitForReadResult();
1092
1093 // Release the ServerHello and wait for the client to write
1094 // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the
1095 // server's leg to complete, since it may span multiple reads.)
1096 EXPECT_FALSE(callback->have_result());
1097 raw_transport->BlockWrite();
1098 raw_transport->UnblockReadResult();
1099 raw_transport->WaitForWrite();
1100
1101 // And, finally, release that and block the next server leg
1102 // (ChangeCipherSpec, Finished).
1103 raw_transport->BlockReadResult();
1104 raw_transport->UnblockWrite();
1105
1106 *out_raw_transport = raw_transport;
1107 *out_sock = std::move(sock);
1108 }
1109
TestFalseStart(const SSLServerConfig & server_config,const SSLConfig & client_config,bool expect_false_start)1110 void TestFalseStart(const SSLServerConfig& server_config,
1111 const SSLConfig& client_config,
1112 bool expect_false_start) {
1113 ASSERT_TRUE(
1114 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1115
1116 TestCompletionCallback callback;
1117 FakeBlockingStreamSocket* raw_transport = nullptr;
1118 std::unique_ptr<SSLClientSocket> sock;
1119 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
1120 client_config, &callback, &raw_transport, &sock));
1121
1122 if (expect_false_start) {
1123 // When False Starting, the handshake should complete before receiving the
1124 // Change Cipher Spec and Finished messages.
1125 //
1126 // Note: callback.have_result() may not be true without waiting. The NSS
1127 // state machine sometimes lives on a separate thread, so this thread may
1128 // not yet have processed the signal that the handshake has completed.
1129 int rv = callback.WaitForResult();
1130 EXPECT_THAT(rv, IsOk());
1131 EXPECT_TRUE(sock->IsConnected());
1132
1133 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1134 static const int kRequestTextSize =
1135 static_cast<int>(std::size(request_text) - 1);
1136 scoped_refptr<IOBuffer> request_buffer =
1137 base::MakeRefCounted<IOBuffer>(kRequestTextSize);
1138 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1139
1140 // Write the request.
1141 rv = callback.GetResult(sock->Write(request_buffer.get(),
1142 kRequestTextSize, callback.callback(),
1143 TRAFFIC_ANNOTATION_FOR_TESTS));
1144 EXPECT_EQ(kRequestTextSize, rv);
1145
1146 // The read will hang; it's waiting for the peer to complete the
1147 // handshake, and the handshake is still blocked.
1148 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
1149 rv = sock->Read(buf.get(), 4096, callback.callback());
1150
1151 // After releasing reads, the connection proceeds.
1152 raw_transport->UnblockReadResult();
1153 rv = callback.GetResult(rv);
1154 EXPECT_LT(0, rv);
1155 } else {
1156 // False Start is not enabled, so the handshake will not complete because
1157 // the server second leg is blocked.
1158 base::RunLoop().RunUntilIdle();
1159 EXPECT_FALSE(callback.have_result());
1160 }
1161 }
1162 };
1163
1164 // Sends an HTTP request on the socket and reads the response. This may be used
1165 // to ensure some data has been consumed from the server.
MakeHTTPRequest(StreamSocket * socket,const char * path="/")1166 int MakeHTTPRequest(StreamSocket* socket, const char* path = "/") {
1167 std::string request = base::StringPrintf("GET %s HTTP/1.0\r\n\r\n", path);
1168 TestCompletionCallback callback;
1169 while (!request.empty()) {
1170 auto request_buffer =
1171 base::MakeRefCounted<StringIOBuffer>(std::string(request));
1172 int rv = callback.GetResult(
1173 socket->Write(request_buffer.get(), request_buffer->size(),
1174 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1175 if (rv < 0) {
1176 return rv;
1177 }
1178 request = request.substr(rv);
1179 }
1180
1181 auto response_buffer = base::MakeRefCounted<IOBuffer>(1024);
1182 int rv = callback.GetResult(
1183 socket->Read(response_buffer.get(), 1024, callback.callback()));
1184 if (rv < 0) {
1185 return rv;
1186 }
1187 return OK;
1188 }
1189
1190 // Provides a response to the 0RTT request indicating whether it was received
1191 // as early data.
1192 class ZeroRTTResponse : public test_server::HttpResponse {
1193 public:
ZeroRTTResponse(bool zero_rtt)1194 explicit ZeroRTTResponse(bool zero_rtt) : zero_rtt_(zero_rtt) {}
1195
1196 ZeroRTTResponse(const ZeroRTTResponse&) = delete;
1197 ZeroRTTResponse& operator=(const ZeroRTTResponse&) = delete;
1198
1199 ~ZeroRTTResponse() override = default;
1200
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)1201 void SendResponse(
1202 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
1203 std::string response;
1204 if (zero_rtt_) {
1205 response = "1";
1206 } else {
1207 response = "0";
1208 }
1209
1210 // Since the EmbeddedTestServer doesn't keep the socket open by default, it
1211 // is explicitly kept alive to allow the remaining leg of the 0RTT handshake
1212 // to be received after the early data.
1213 delegate->SendContents(response);
1214 }
1215
1216 private:
1217 bool zero_rtt_;
1218 };
1219
HandleZeroRTTRequest(const test_server::HttpRequest & request)1220 std::unique_ptr<test_server::HttpResponse> HandleZeroRTTRequest(
1221 const test_server::HttpRequest& request) {
1222 if (request.GetURL().path() != "/zerortt" || !request.ssl_info)
1223 return nullptr;
1224
1225 return std::make_unique<ZeroRTTResponse>(
1226 request.ssl_info->early_data_received);
1227 }
1228
1229 class SSLClientSocketZeroRTTTest : public SSLClientSocketTest {
1230 protected:
SSLClientSocketZeroRTTTest()1231 SSLClientSocketZeroRTTTest() : SSLClientSocketTest() {
1232 SSLContextConfig config;
1233 config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
1234 ssl_config_service_->UpdateSSLConfigAndNotify(config);
1235 }
1236
StartServer()1237 bool StartServer() {
1238 SSLServerConfig server_config;
1239 server_config.early_data_enabled = true;
1240 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
1241 return StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config);
1242 }
1243
RegisterEmbeddedTestServerHandlers(EmbeddedTestServer * server)1244 void RegisterEmbeddedTestServerHandlers(EmbeddedTestServer* server) override {
1245 SSLClientSocketTest::RegisterEmbeddedTestServerHandlers(server);
1246 server->RegisterRequestHandler(base::BindRepeating(&HandleZeroRTTRequest));
1247 }
1248
SetServerConfig(SSLServerConfig server_config)1249 void SetServerConfig(SSLServerConfig server_config) {
1250 embedded_test_server()->ResetSSLConfig(net::EmbeddedTestServer::CERT_OK,
1251 server_config);
1252 }
1253
1254 // Makes a new connection to the test server and returns a
1255 // FakeBlockingStreamSocket which may be used to block transport I/O.
1256 //
1257 // Most tests should call BlockReadResult() before calling Connect(). This
1258 // avoid race conditions by controlling the order of events. 0-RTT typically
1259 // races the ServerHello from the server with early data from the client. If
1260 // the ServerHello arrives before client calls Write(), the data may be sent
1261 // with 1-RTT keys rather than 0-RTT keys.
MakeClient(bool early_data_enabled)1262 FakeBlockingStreamSocket* MakeClient(bool early_data_enabled) {
1263 SSLConfig ssl_config;
1264 ssl_config.early_data_enabled = early_data_enabled;
1265
1266 real_transport_ = std::make_unique<TCPClientSocket>(
1267 addr(), nullptr, nullptr, nullptr, NetLogSource());
1268 auto transport =
1269 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport_));
1270 FakeBlockingStreamSocket* raw_transport = transport.get();
1271
1272 int rv = callback_.GetResult(transport->Connect(callback_.callback()));
1273 EXPECT_THAT(rv, IsOk());
1274
1275 ssl_socket_ = CreateSSLClientSocket(std::move(transport), host_port_pair(),
1276 ssl_config);
1277 EXPECT_FALSE(ssl_socket_->IsConnected());
1278
1279 return raw_transport;
1280 }
1281
Connect()1282 int Connect() {
1283 return callback_.GetResult(ssl_socket_->Connect(callback_.callback()));
1284 }
1285
WriteAndWait(base::StringPiece request)1286 int WriteAndWait(base::StringPiece request) {
1287 scoped_refptr<IOBuffer> request_buffer =
1288 base::MakeRefCounted<IOBuffer>(request.size());
1289 memcpy(request_buffer->data(), request.data(), request.size());
1290 return callback_.GetResult(
1291 ssl_socket_->Write(request_buffer.get(), request.size(),
1292 callback_.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1293 }
1294
ReadAndWait(IOBuffer * buf,size_t len)1295 int ReadAndWait(IOBuffer* buf, size_t len) {
1296 return callback_.GetResult(
1297 ssl_socket_->Read(buf, len, callback_.callback()));
1298 }
1299
GetSSLInfo(SSLInfo * ssl_info)1300 bool GetSSLInfo(SSLInfo* ssl_info) {
1301 return ssl_socket_->GetSSLInfo(ssl_info);
1302 }
1303
RunInitialConnection()1304 bool RunInitialConnection() {
1305 if (MakeClient(true) == nullptr)
1306 return false;
1307
1308 EXPECT_THAT(Connect(), IsOk());
1309
1310 // Use the socket for an HTTP request to ensure we've processed the
1311 // post-handshake TLS 1.3 ticket.
1312 EXPECT_THAT(MakeHTTPRequest(ssl_socket_.get()), IsOk());
1313
1314 SSLInfo ssl_info;
1315 EXPECT_TRUE(GetSSLInfo(&ssl_info));
1316
1317 // Make sure all asynchronous histogram logging is complete.
1318 base::RunLoop().RunUntilIdle();
1319
1320 return SSLInfo::HANDSHAKE_FULL == ssl_info.handshake_type;
1321 }
1322
ssl_socket()1323 SSLClientSocket* ssl_socket() { return ssl_socket_.get(); }
1324
1325 private:
1326 TestCompletionCallback callback_;
1327 std::unique_ptr<StreamSocket> real_transport_;
1328 std::unique_ptr<SSLClientSocket> ssl_socket_;
1329 };
1330
1331 // Returns a serialized unencrypted TLS 1.2 alert record for the given alert
1332 // value.
FormatTLS12Alert(uint8_t alert)1333 std::string FormatTLS12Alert(uint8_t alert) {
1334 std::string ret;
1335 // ContentType.alert
1336 ret.push_back(21);
1337 // Record-layer version. Assume TLS 1.2.
1338 ret.push_back(0x03);
1339 ret.push_back(0x03);
1340 // Record length.
1341 ret.push_back(0);
1342 ret.push_back(2);
1343 // AlertLevel.fatal.
1344 ret.push_back(2);
1345 // The alert itself.
1346 ret.push_back(alert);
1347 return ret;
1348 }
1349
1350 // A CertVerifier that never returns on any requests.
1351 class HangingCertVerifier : public CertVerifier {
1352 public:
num_active_requests() const1353 int num_active_requests() const { return num_active_requests_; }
1354
WaitForRequest()1355 void WaitForRequest() {
1356 if (!num_active_requests_) {
1357 run_loop_.Run();
1358 }
1359 }
1360
Verify(const RequestParams & params,CertVerifyResult * verify_result,CompletionOnceCallback callback,std::unique_ptr<Request> * out_req,const NetLogWithSource & net_log)1361 int Verify(const RequestParams& params,
1362 CertVerifyResult* verify_result,
1363 CompletionOnceCallback callback,
1364 std::unique_ptr<Request>* out_req,
1365 const NetLogWithSource& net_log) override {
1366 *out_req = std::make_unique<HangingRequest>(this);
1367 return ERR_IO_PENDING;
1368 }
1369
SetConfig(const Config & config)1370 void SetConfig(const Config& config) override {}
AddObserver(Observer * observer)1371 void AddObserver(Observer* observer) override {}
RemoveObserver(Observer * observer)1372 void RemoveObserver(Observer* observer) override {}
1373
1374 private:
1375 class HangingRequest : public Request {
1376 public:
HangingRequest(HangingCertVerifier * verifier)1377 explicit HangingRequest(HangingCertVerifier* verifier)
1378 : verifier_(verifier) {
1379 verifier_->num_active_requests_++;
1380 verifier_->run_loop_.Quit();
1381 }
1382
~HangingRequest()1383 ~HangingRequest() override { verifier_->num_active_requests_--; }
1384
1385 private:
1386 raw_ptr<HangingCertVerifier> verifier_;
1387 };
1388
1389 base::RunLoop run_loop_;
1390 int num_active_requests_ = 0;
1391 };
1392
1393 } // namespace
1394
1395 INSTANTIATE_TEST_SUITE_P(TLSVersion,
1396 SSLClientSocketVersionTest,
1397 ValuesIn(GetTLSVersions()));
1398
TEST_P(SSLClientSocketVersionTest,Connect)1399 TEST_P(SSLClientSocketVersionTest, Connect) {
1400 ASSERT_TRUE(
1401 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1402
1403 TestCompletionCallback callback;
1404 auto transport = std::make_unique<TCPClientSocket>(
1405 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
1406 int rv = callback.GetResult(transport->Connect(callback.callback()));
1407 EXPECT_THAT(rv, IsOk());
1408
1409 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1410 std::move(transport), host_port_pair(), SSLConfig()));
1411
1412 EXPECT_FALSE(sock->IsConnected());
1413
1414 rv = sock->Connect(callback.callback());
1415
1416 auto entries = log_observer_.GetEntries();
1417 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLogEventType::SSL_CONNECT));
1418 if (rv == ERR_IO_PENDING)
1419 rv = callback.WaitForResult();
1420 EXPECT_THAT(rv, IsOk());
1421 EXPECT_TRUE(sock->IsConnected());
1422 entries = log_observer_.GetEntries();
1423 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1424
1425 sock->Disconnect();
1426 EXPECT_FALSE(sock->IsConnected());
1427 }
1428
TEST_P(SSLClientSocketVersionTest,ConnectSyncVerify)1429 TEST_P(SSLClientSocketVersionTest, ConnectSyncVerify) {
1430 ASSERT_TRUE(
1431 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1432
1433 cert_verifier_->set_async(false);
1434 int rv;
1435 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1436 EXPECT_THAT(rv, IsError(OK));
1437 }
1438
TEST_P(SSLClientSocketVersionTest,ConnectExpired)1439 TEST_P(SSLClientSocketVersionTest, ConnectExpired) {
1440 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED,
1441 GetServerConfig()));
1442
1443 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1444
1445 int rv;
1446 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1447 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1448
1449 // Rather than testing whether or not the underlying socket is connected,
1450 // test that the handshake has finished. This is because it may be
1451 // desirable to disconnect the socket before showing a user prompt, since
1452 // the user may take indefinitely long to respond.
1453 auto entries = log_observer_.GetEntries();
1454 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1455 }
1456
TEST_P(SSLClientSocketVersionTest,ConnectExpiredSyncVerify)1457 TEST_P(SSLClientSocketVersionTest, ConnectExpiredSyncVerify) {
1458 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED,
1459 GetServerConfig()));
1460
1461 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1462 cert_verifier_->set_async(false);
1463
1464 int rv;
1465 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1466 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1467 }
1468
1469 // Test that SSLClientSockets may be destroyed while waiting on a certificate
1470 // verification.
TEST_P(SSLClientSocketVersionTest,SocketDestroyedDuringVerify)1471 TEST_P(SSLClientSocketVersionTest, SocketDestroyedDuringVerify) {
1472 ASSERT_TRUE(
1473 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1474
1475 HangingCertVerifier verifier;
1476 context_ = std::make_unique<SSLClientContext>(
1477 ssl_config_service_.get(), &verifier, transport_security_state_.get(),
1478 ct_policy_enforcer_.get(), ssl_client_session_cache_.get(), nullptr);
1479
1480 TestCompletionCallback callback;
1481 auto transport = std::make_unique<TCPClientSocket>(
1482 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
1483 int rv = callback.GetResult(transport->Connect(callback.callback()));
1484 ASSERT_THAT(rv, IsOk());
1485
1486 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1487 std::move(transport), host_port_pair(), SSLConfig());
1488 rv = sock->Connect(callback.callback());
1489 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1490
1491 // The socket should attempt a certificate verification.
1492 verifier.WaitForRequest();
1493 EXPECT_EQ(1, verifier.num_active_requests());
1494
1495 // Destroying the socket should cancel it.
1496 sock = nullptr;
1497 EXPECT_EQ(0, verifier.num_active_requests());
1498
1499 context_ = nullptr;
1500 }
1501
TEST_P(SSLClientSocketVersionTest,ConnectMismatched)1502 TEST_P(SSLClientSocketVersionTest, ConnectMismatched) {
1503 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_MISMATCHED_NAME,
1504 GetServerConfig()));
1505
1506 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
1507
1508 int rv;
1509 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1510 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
1511
1512 // Rather than testing whether or not the underlying socket is connected,
1513 // test that the handshake has finished. This is because it may be
1514 // desirable to disconnect the socket before showing a user prompt, since
1515 // the user may take indefinitely long to respond.
1516 auto entries = log_observer_.GetEntries();
1517 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1518 }
1519
1520 // Tests that certificates parsable by SSLClientSocket's internal SSL
1521 // implementation, but not X509Certificate are treated as fatal connection
1522 // errors. This is a regression test for https://crbug.com/91341.
TEST_P(SSLClientSocketVersionTest,ConnectBadValidity)1523 TEST_P(SSLClientSocketVersionTest, ConnectBadValidity) {
1524 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_BAD_VALIDITY,
1525 GetServerConfig()));
1526 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1527
1528 SSLConfig ssl_config;
1529 int rv;
1530 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
1531 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1532 }
1533
1534 // Ignoring the certificate error from an invalid certificate should
1535 // allow a complete connection.
TEST_P(SSLClientSocketVersionTest,ConnectBadValidityIgnoreCertErrors)1536 TEST_P(SSLClientSocketVersionTest, ConnectBadValidityIgnoreCertErrors) {
1537 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_BAD_VALIDITY,
1538 GetServerConfig()));
1539 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1540
1541 SSLConfig ssl_config;
1542 ssl_config.ignore_certificate_errors = true;
1543 int rv;
1544 CreateAndConnectSSLClientSocket(ssl_config, &rv);
1545 EXPECT_THAT(rv, IsOk());
1546 EXPECT_TRUE(sock_->IsConnected());
1547 }
1548
1549 // Client certificates are disabled on iOS.
1550 #if !BUILDFLAG(IS_IOS)
1551 // Attempt to connect to a page which requests a client certificate. It should
1552 // return an error code on connect.
TEST_P(SSLClientSocketVersionTest,ConnectClientAuthCertRequested)1553 TEST_P(SSLClientSocketVersionTest, ConnectClientAuthCertRequested) {
1554 SSLServerConfig server_config = GetServerConfig();
1555 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
1556 ASSERT_TRUE(
1557 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1558
1559 int rv;
1560 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1561 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
1562
1563 auto entries = log_observer_.GetEntries();
1564 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1565 EXPECT_FALSE(sock_->IsConnected());
1566 }
1567
1568 // Connect to a server requesting optional client authentication. Send it a
1569 // null certificate. It should allow the connection.
TEST_P(SSLClientSocketVersionTest,ConnectClientAuthSendNullCert)1570 TEST_P(SSLClientSocketVersionTest, ConnectClientAuthSendNullCert) {
1571 SSLServerConfig server_config = GetServerConfig();
1572 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
1573 ASSERT_TRUE(
1574 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1575
1576 // Our test server accepts certificate-less connections.
1577 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
1578
1579 int rv;
1580 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1581 EXPECT_THAT(rv, IsOk());
1582
1583 // We responded to the server's certificate request with a Certificate
1584 // message with no client certificate in it. ssl_info.client_cert_sent
1585 // should be false in this case.
1586 SSLInfo ssl_info;
1587 sock_->GetSSLInfo(&ssl_info);
1588 EXPECT_FALSE(ssl_info.client_cert_sent);
1589
1590 sock_->Disconnect();
1591 EXPECT_FALSE(sock_->IsConnected());
1592 }
1593 #endif // !IS_IOS
1594
1595 // TODO(wtc): Add unit tests for IsConnectedAndIdle:
1596 // - Server closes an SSL connection (with a close_notify alert message).
1597 // - Server closes the underlying TCP connection directly.
1598 // - Server sends data unexpectedly.
1599
1600 // Tests that the socket can be read from successfully. Also test that a peer's
1601 // close_notify alert is successfully processed without error.
TEST_P(SSLClientSocketReadTest,Read)1602 TEST_P(SSLClientSocketReadTest, Read) {
1603 ASSERT_TRUE(
1604 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1605
1606 TestCompletionCallback callback;
1607 auto transport = std::make_unique<TCPClientSocket>(addr(), nullptr, nullptr,
1608 nullptr, NetLogSource());
1609 EXPECT_EQ(0, transport->GetTotalReceivedBytes());
1610
1611 int rv = callback.GetResult(transport->Connect(callback.callback()));
1612 EXPECT_THAT(rv, IsOk());
1613
1614 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1615 std::move(transport), host_port_pair(), SSLConfig()));
1616 EXPECT_EQ(0, sock->GetTotalReceivedBytes());
1617
1618 rv = callback.GetResult(sock->Connect(callback.callback()));
1619 EXPECT_THAT(rv, IsOk());
1620
1621 // Number of network bytes received should increase because of SSL socket
1622 // establishment.
1623 EXPECT_GT(sock->GetTotalReceivedBytes(), 0);
1624
1625 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1626 scoped_refptr<IOBuffer> request_buffer =
1627 base::MakeRefCounted<IOBuffer>(std::size(request_text) - 1);
1628 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
1629
1630 rv = callback.GetResult(
1631 sock->Write(request_buffer.get(), std::size(request_text) - 1,
1632 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1633 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
1634
1635 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
1636 int64_t unencrypted_bytes_read = 0;
1637 int64_t network_bytes_read_during_handshake = sock->GetTotalReceivedBytes();
1638 do {
1639 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
1640 EXPECT_GE(rv, 0);
1641 if (rv >= 0) {
1642 unencrypted_bytes_read += rv;
1643 }
1644 } while (rv > 0);
1645 EXPECT_GT(unencrypted_bytes_read, 0);
1646 // Reading the payload should increase the number of bytes on network layer.
1647 EXPECT_GT(sock->GetTotalReceivedBytes(), network_bytes_read_during_handshake);
1648 // Number of bytes received on the network after the handshake should be
1649 // higher than the number of encrypted bytes read.
1650 EXPECT_GE(sock->GetTotalReceivedBytes() - network_bytes_read_during_handshake,
1651 unencrypted_bytes_read);
1652
1653 // The peer should have cleanly closed the connection with a close_notify.
1654 EXPECT_EQ(0, rv);
1655 }
1656
1657 // Tests that SSLClientSocket properly handles when the underlying transport
1658 // synchronously fails a transport write in during the handshake.
TEST_F(SSLClientSocketTest,Connect_WithSynchronousError)1659 TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
1660 ASSERT_TRUE(
1661 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
1662
1663 TestCompletionCallback callback;
1664 auto real_transport = std::make_unique<TCPClientSocket>(
1665 addr(), nullptr, nullptr, nullptr, NetLogSource());
1666 auto transport =
1667 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1668 int rv = callback.GetResult(transport->Connect(callback.callback()));
1669 EXPECT_THAT(rv, IsOk());
1670
1671 SynchronousErrorStreamSocket* raw_transport = transport.get();
1672 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1673 std::move(transport), host_port_pair(), SSLConfig()));
1674
1675 raw_transport->SetNextWriteError(ERR_CONNECTION_RESET);
1676
1677 rv = callback.GetResult(sock->Connect(callback.callback()));
1678 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1679 EXPECT_FALSE(sock->IsConnected());
1680 }
1681
1682 // Tests that the SSLClientSocket properly handles when the underlying transport
1683 // synchronously returns an error code - such as if an intermediary terminates
1684 // the socket connection uncleanly.
1685 // This is a regression test for http://crbug.com/238536
TEST_P(SSLClientSocketReadTest,Read_WithSynchronousError)1686 TEST_P(SSLClientSocketReadTest, Read_WithSynchronousError) {
1687 ASSERT_TRUE(
1688 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1689
1690 TestCompletionCallback callback;
1691 auto real_transport = std::make_unique<TCPClientSocket>(
1692 addr(), nullptr, nullptr, nullptr, NetLogSource());
1693 auto transport =
1694 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1695 int rv = callback.GetResult(transport->Connect(callback.callback()));
1696 EXPECT_THAT(rv, IsOk());
1697
1698 SSLConfig config;
1699 config.disable_post_handshake_peek_for_testing = true;
1700 SynchronousErrorStreamSocket* raw_transport = transport.get();
1701 std::unique_ptr<SSLClientSocket> sock(
1702 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
1703
1704 rv = callback.GetResult(sock->Connect(callback.callback()));
1705 EXPECT_THAT(rv, IsOk());
1706 EXPECT_TRUE(sock->IsConnected());
1707
1708 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1709 static const int kRequestTextSize =
1710 static_cast<int>(std::size(request_text) - 1);
1711 scoped_refptr<IOBuffer> request_buffer =
1712 base::MakeRefCounted<IOBuffer>(kRequestTextSize);
1713 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1714
1715 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1716 callback.callback(),
1717 TRAFFIC_ANNOTATION_FOR_TESTS));
1718 EXPECT_EQ(kRequestTextSize, rv);
1719
1720 // Simulate an unclean/forcible shutdown.
1721 raw_transport->SetNextReadError(ERR_CONNECTION_RESET);
1722
1723 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
1724
1725 // Note: This test will hang if this bug has regressed. Simply checking that
1726 // rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING is a legitimate
1727 // result when using a dedicated task runner for NSS.
1728 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
1729 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1730 }
1731
1732 // Tests that the SSLClientSocket properly handles when the underlying transport
1733 // asynchronously returns an error code while writing data - such as if an
1734 // intermediary terminates the socket connection uncleanly.
1735 // This is a regression test for http://crbug.com/249848
TEST_P(SSLClientSocketVersionTest,Write_WithSynchronousError)1736 TEST_P(SSLClientSocketVersionTest, Write_WithSynchronousError) {
1737 ASSERT_TRUE(
1738 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1739
1740 TestCompletionCallback callback;
1741 auto real_transport = std::make_unique<TCPClientSocket>(
1742 addr(), nullptr, nullptr, nullptr, NetLogSource());
1743 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1744 // is retained in order to configure additional errors.
1745 auto error_socket =
1746 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1747 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1748 auto transport =
1749 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1750 FakeBlockingStreamSocket* raw_transport = transport.get();
1751 int rv = callback.GetResult(transport->Connect(callback.callback()));
1752 EXPECT_THAT(rv, IsOk());
1753
1754 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1755 std::move(transport), host_port_pair(), SSLConfig()));
1756
1757 rv = callback.GetResult(sock->Connect(callback.callback()));
1758 EXPECT_THAT(rv, IsOk());
1759 EXPECT_TRUE(sock->IsConnected());
1760
1761 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1762 static const int kRequestTextSize =
1763 static_cast<int>(std::size(request_text) - 1);
1764 scoped_refptr<IOBuffer> request_buffer =
1765 base::MakeRefCounted<IOBuffer>(kRequestTextSize);
1766 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1767
1768 // Simulate an unclean/forcible shutdown on the underlying socket.
1769 // However, simulate this error asynchronously.
1770 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1771 raw_transport->BlockWrite();
1772
1773 // This write should complete synchronously, because the TLS ciphertext
1774 // can be created and placed into the outgoing buffers independent of the
1775 // underlying transport.
1776 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1777 callback.callback(),
1778 TRAFFIC_ANNOTATION_FOR_TESTS));
1779 EXPECT_EQ(kRequestTextSize, rv);
1780
1781 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
1782
1783 rv = sock->Read(buf.get(), 4096, callback.callback());
1784 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1785
1786 // Now unblock the outgoing request, having it fail with the connection
1787 // being reset.
1788 raw_transport->UnblockWrite();
1789
1790 // Note: This will cause an inifite loop if this bug has regressed. Simply
1791 // checking that rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING
1792 // is a legitimate result when using a dedicated task runner for NSS.
1793 rv = callback.GetResult(rv);
1794 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1795 }
1796
1797 // If there is a Write failure at the transport with no follow-up Read, although
1798 // the write error will not be returned to the client until a future Read or
1799 // Write operation, SSLClientSocket should not spin attempting to re-write on
1800 // the socket. This is a regression test for part of https://crbug.com/381160.
TEST_P(SSLClientSocketVersionTest,Write_WithSynchronousErrorNoRead)1801 TEST_P(SSLClientSocketVersionTest, Write_WithSynchronousErrorNoRead) {
1802 ASSERT_TRUE(
1803 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
1804
1805 TestCompletionCallback callback;
1806 auto real_transport = std::make_unique<TCPClientSocket>(
1807 addr(), nullptr, nullptr, nullptr, NetLogSource());
1808 // Note: intermediate sockets' ownership are handed to |sock|, but a pointer
1809 // is retained in order to query them.
1810 auto error_socket =
1811 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1812 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1813 auto counting_socket =
1814 std::make_unique<CountingStreamSocket>(std::move(error_socket));
1815 CountingStreamSocket* raw_counting_socket = counting_socket.get();
1816 int rv = callback.GetResult(counting_socket->Connect(callback.callback()));
1817 ASSERT_THAT(rv, IsOk());
1818
1819 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1820 std::move(counting_socket), host_port_pair(), SSLConfig()));
1821
1822 rv = callback.GetResult(sock->Connect(callback.callback()));
1823 ASSERT_THAT(rv, IsOk());
1824 ASSERT_TRUE(sock->IsConnected());
1825
1826 // Simulate an unclean/forcible shutdown on the underlying socket.
1827 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1828
1829 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1830 static const int kRequestTextSize =
1831 static_cast<int>(std::size(request_text) - 1);
1832 scoped_refptr<IOBuffer> request_buffer =
1833 base::MakeRefCounted<IOBuffer>(kRequestTextSize);
1834 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1835
1836 // This write should complete synchronously, because the TLS ciphertext
1837 // can be created and placed into the outgoing buffers independent of the
1838 // underlying transport.
1839 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1840 callback.callback(),
1841 TRAFFIC_ANNOTATION_FOR_TESTS));
1842 ASSERT_EQ(kRequestTextSize, rv);
1843
1844 // Let the event loop spin for a little bit of time. Even on platforms where
1845 // pumping the state machine involve thread hops, there should be no further
1846 // writes on the transport socket.
1847 //
1848 // TODO(davidben): Avoid the arbitrary timeout?
1849 int old_write_count = raw_counting_socket->write_count();
1850 base::RunLoop loop;
1851 base::SingleThreadTaskRunner::GetCurrentDefault()->PostDelayedTask(
1852 FROM_HERE, loop.QuitClosure(), base::Milliseconds(100));
1853 loop.Run();
1854 EXPECT_EQ(old_write_count, raw_counting_socket->write_count());
1855 }
1856
1857 // Test the full duplex mode, with Read and Write pending at the same time.
1858 // This test also serves as a regression test for http://crbug.com/29815.
TEST_P(SSLClientSocketReadTest,Read_FullDuplex)1859 TEST_P(SSLClientSocketReadTest, Read_FullDuplex) {
1860 ASSERT_TRUE(
1861 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1862
1863 int rv;
1864 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1865 EXPECT_THAT(rv, IsOk());
1866
1867 // Issue a "hanging" Read first.
1868 TestCompletionCallback callback;
1869 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
1870 int read_rv = Read(sock_.get(), buf.get(), 4096, callback.callback());
1871 // We haven't written the request, so there should be no response yet.
1872 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
1873
1874 // Write the request.
1875 // The request is padded with a User-Agent header to a size that causes the
1876 // memio circular buffer (4k bytes) in SSLClientSocketNSS to wrap around.
1877 // This tests the fix for http://crbug.com/29815.
1878 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1879 for (int i = 0; i < 3770; ++i)
1880 request_text.push_back('*');
1881 request_text.append("\r\n\r\n");
1882 scoped_refptr<IOBuffer> request_buffer =
1883 base::MakeRefCounted<StringIOBuffer>(request_text);
1884
1885 TestCompletionCallback callback2; // Used for Write only.
1886 rv = callback2.GetResult(
1887 sock_->Write(request_buffer.get(), request_text.size(),
1888 callback2.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1889 EXPECT_EQ(static_cast<int>(request_text.size()), rv);
1890
1891 // Now get the Read result.
1892 read_rv =
1893 WaitForReadCompletion(sock_.get(), buf.get(), 4096, &callback, read_rv);
1894 EXPECT_GT(read_rv, 0);
1895 }
1896
1897 // Attempts to Read() and Write() from an SSLClientSocketNSS in full duplex
1898 // mode when the underlying transport is blocked on sending data. When the
1899 // underlying transport completes due to an error, it should invoke both the
1900 // Read() and Write() callbacks. If the socket is deleted by the Read()
1901 // callback, the Write() callback should not be invoked.
1902 // Regression test for http://crbug.com/232633
TEST_P(SSLClientSocketReadTest,Read_DeleteWhilePendingFullDuplex)1903 TEST_P(SSLClientSocketReadTest, Read_DeleteWhilePendingFullDuplex) {
1904 ASSERT_TRUE(
1905 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1906
1907 TestCompletionCallback callback;
1908 auto real_transport = std::make_unique<TCPClientSocket>(
1909 addr(), nullptr, nullptr, nullptr, NetLogSource());
1910 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1911 // is retained in order to configure additional errors.
1912 auto error_socket =
1913 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1914 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1915 auto transport =
1916 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1917 FakeBlockingStreamSocket* raw_transport = transport.get();
1918
1919 int rv = callback.GetResult(transport->Connect(callback.callback()));
1920 EXPECT_THAT(rv, IsOk());
1921
1922 SSLConfig config;
1923 config.disable_post_handshake_peek_for_testing = true;
1924 std::unique_ptr<SSLClientSocket> sock =
1925 CreateSSLClientSocket(std::move(transport), host_port_pair(), config);
1926
1927 rv = callback.GetResult(sock->Connect(callback.callback()));
1928 EXPECT_THAT(rv, IsOk());
1929 EXPECT_TRUE(sock->IsConnected());
1930
1931 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1932 request_text.append(20 * 1024, '*');
1933 request_text.append("\r\n\r\n");
1934 scoped_refptr<DrainableIOBuffer> request_buffer =
1935 base::MakeRefCounted<DrainableIOBuffer>(
1936 base::MakeRefCounted<StringIOBuffer>(request_text),
1937 request_text.size());
1938
1939 // Simulate errors being returned from the underlying Read() and Write() ...
1940 raw_error_socket->SetNextReadError(ERR_CONNECTION_RESET);
1941 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1942 // ... but have those errors returned asynchronously. Because the Write() will
1943 // return first, this will trigger the error.
1944 raw_transport->BlockReadResult();
1945 raw_transport->BlockWrite();
1946
1947 // Enqueue a Read() before calling Write(), which should "hang" due to
1948 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return.
1949 SSLClientSocket* raw_sock = sock.get();
1950 DeleteSocketCallback read_callback(sock.release());
1951 scoped_refptr<IOBuffer> read_buf = base::MakeRefCounted<IOBuffer>(4096);
1952 rv = Read(raw_sock, read_buf.get(), 4096, read_callback.callback());
1953
1954 // Ensure things didn't complete synchronously, otherwise |sock| is invalid.
1955 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1956 ASSERT_FALSE(read_callback.have_result());
1957
1958 // Attempt to write the remaining data. OpenSSL will return that its blocked
1959 // because the underlying transport is blocked.
1960 rv = raw_sock->Write(request_buffer.get(), request_buffer->BytesRemaining(),
1961 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS);
1962 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1963 ASSERT_FALSE(callback.have_result());
1964
1965 // Now unblock Write(), which will invoke OnSendComplete and (eventually)
1966 // call the Read() callback, deleting the socket and thus aborting calling
1967 // the Write() callback.
1968 raw_transport->UnblockWrite();
1969
1970 // |read_callback| deletes |sock| so if ReadIfReady() is used, we will get OK
1971 // asynchronously but can't continue reading because the socket is gone.
1972 rv = read_callback.WaitForResult();
1973 if (test_ssl_read_if_ready()) {
1974 EXPECT_THAT(rv, IsOk());
1975 } else {
1976 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1977 }
1978
1979 // The Write callback should not have been called.
1980 EXPECT_FALSE(callback.have_result());
1981 }
1982
1983 // Tests that the SSLClientSocket does not crash if data is received on the
1984 // transport socket after a failing write. This can occur if we have a Write
1985 // error in a SPDY socket.
1986 // Regression test for http://crbug.com/335557
TEST_P(SSLClientSocketReadTest,Read_WithWriteError)1987 TEST_P(SSLClientSocketReadTest, Read_WithWriteError) {
1988 ASSERT_TRUE(
1989 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1990
1991 TestCompletionCallback callback;
1992 auto real_transport = std::make_unique<TCPClientSocket>(
1993 addr(), nullptr, nullptr, nullptr, NetLogSource());
1994 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1995 // is retained in order to configure additional errors.
1996 auto error_socket =
1997 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1998 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1999 auto transport =
2000 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
2001 FakeBlockingStreamSocket* raw_transport = transport.get();
2002
2003 int rv = callback.GetResult(transport->Connect(callback.callback()));
2004 EXPECT_THAT(rv, IsOk());
2005
2006 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2007 std::move(transport), host_port_pair(), SSLConfig()));
2008
2009 rv = callback.GetResult(sock->Connect(callback.callback()));
2010 EXPECT_THAT(rv, IsOk());
2011 EXPECT_TRUE(sock->IsConnected());
2012
2013 // Send a request so there is something to read from the socket.
2014 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2015 static const int kRequestTextSize =
2016 static_cast<int>(std::size(request_text) - 1);
2017 scoped_refptr<IOBuffer> request_buffer =
2018 base::MakeRefCounted<IOBuffer>(kRequestTextSize);
2019 memcpy(request_buffer->data(), request_text, kRequestTextSize);
2020
2021 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
2022 callback.callback(),
2023 TRAFFIC_ANNOTATION_FOR_TESTS));
2024 EXPECT_EQ(kRequestTextSize, rv);
2025
2026 // Start a hanging read.
2027 TestCompletionCallback read_callback;
2028 raw_transport->BlockReadResult();
2029 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
2030 rv = Read(sock.get(), buf.get(), 4096, read_callback.callback());
2031 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2032
2033 // Perform another write, but have it fail. Write a request larger than the
2034 // internal socket buffers so that the request hits the underlying transport
2035 // socket and detects the error.
2036 std::string long_request_text =
2037 "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
2038 long_request_text.append(20 * 1024, '*');
2039 long_request_text.append("\r\n\r\n");
2040 scoped_refptr<DrainableIOBuffer> long_request_buffer =
2041 base::MakeRefCounted<DrainableIOBuffer>(
2042 base::MakeRefCounted<StringIOBuffer>(long_request_text),
2043 long_request_text.size());
2044
2045 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
2046
2047 // Write as much data as possible until hitting an error.
2048 do {
2049 rv = callback.GetResult(sock->Write(
2050 long_request_buffer.get(), long_request_buffer->BytesRemaining(),
2051 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2052 if (rv > 0) {
2053 long_request_buffer->DidConsume(rv);
2054 // Abort if the entire input is ever consumed. The input is larger than
2055 // the SSLClientSocket's write buffers.
2056 ASSERT_LT(0, long_request_buffer->BytesRemaining());
2057 }
2058 } while (rv > 0);
2059
2060 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
2061
2062 // At this point the Read result is available. Transport write errors are
2063 // surfaced through Writes. See https://crbug.com/249848.
2064 rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv);
2065 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
2066
2067 // Release the read. This does not cause a crash.
2068 raw_transport->UnblockReadResult();
2069 base::RunLoop().RunUntilIdle();
2070 }
2071
2072 // Tests that SSLClientSocket fails the handshake if the underlying
2073 // transport is cleanly closed.
TEST_F(SSLClientSocketTest,Connect_WithZeroReturn)2074 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) {
2075 // There is no need to vary by TLS version because this test never reads a
2076 // response from the server.
2077 ASSERT_TRUE(
2078 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2079
2080 TestCompletionCallback callback;
2081 auto real_transport = std::make_unique<TCPClientSocket>(
2082 addr(), nullptr, nullptr, nullptr, NetLogSource());
2083 auto transport =
2084 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2085 int rv = callback.GetResult(transport->Connect(callback.callback()));
2086 EXPECT_THAT(rv, IsOk());
2087
2088 SynchronousErrorStreamSocket* raw_transport = transport.get();
2089 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2090 std::move(transport), host_port_pair(), SSLConfig()));
2091
2092 raw_transport->SetNextReadError(0);
2093
2094 rv = callback.GetResult(sock->Connect(callback.callback()));
2095 EXPECT_THAT(rv, IsError(ERR_CONNECTION_CLOSED));
2096 EXPECT_FALSE(sock->IsConnected());
2097 }
2098
2099 // Tests that SSLClientSocket returns a Read of size 0 if the underlying socket
2100 // is cleanly closed, but the peer does not send close_notify.
2101 // This is a regression test for https://crbug.com/422246
TEST_P(SSLClientSocketReadTest,Read_WithZeroReturn)2102 TEST_P(SSLClientSocketReadTest, Read_WithZeroReturn) {
2103 ASSERT_TRUE(
2104 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2105
2106 TestCompletionCallback callback;
2107 auto real_transport = std::make_unique<TCPClientSocket>(
2108 addr(), nullptr, nullptr, nullptr, NetLogSource());
2109 auto transport =
2110 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2111 int rv = callback.GetResult(transport->Connect(callback.callback()));
2112 EXPECT_THAT(rv, IsOk());
2113
2114 SSLConfig config;
2115 config.disable_post_handshake_peek_for_testing = true;
2116 SynchronousErrorStreamSocket* raw_transport = transport.get();
2117 std::unique_ptr<SSLClientSocket> sock(
2118 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2119
2120 rv = callback.GetResult(sock->Connect(callback.callback()));
2121 EXPECT_THAT(rv, IsOk());
2122 EXPECT_TRUE(sock->IsConnected());
2123
2124 raw_transport->SetNextReadError(0);
2125 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
2126 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
2127 EXPECT_EQ(0, rv);
2128 }
2129
2130 // Tests that SSLClientSocket cleanly returns a Read of size 0 if the
2131 // underlying socket is cleanly closed asynchronously.
2132 // This is a regression test for https://crbug.com/422246
TEST_P(SSLClientSocketReadTest,Read_WithAsyncZeroReturn)2133 TEST_P(SSLClientSocketReadTest, Read_WithAsyncZeroReturn) {
2134 ASSERT_TRUE(
2135 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2136
2137 TestCompletionCallback callback;
2138 auto real_transport = std::make_unique<TCPClientSocket>(
2139 addr(), nullptr, nullptr, nullptr, NetLogSource());
2140 auto error_socket =
2141 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2142 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
2143 auto transport =
2144 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
2145 FakeBlockingStreamSocket* raw_transport = transport.get();
2146 int rv = callback.GetResult(transport->Connect(callback.callback()));
2147 EXPECT_THAT(rv, IsOk());
2148
2149 SSLConfig config;
2150 config.disable_post_handshake_peek_for_testing = true;
2151 std::unique_ptr<SSLClientSocket> sock(
2152 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2153
2154 rv = callback.GetResult(sock->Connect(callback.callback()));
2155 EXPECT_THAT(rv, IsOk());
2156 EXPECT_TRUE(sock->IsConnected());
2157
2158 raw_error_socket->SetNextReadError(0);
2159 raw_transport->BlockReadResult();
2160 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
2161 TestCompletionCallback read_callback;
2162 rv = Read(sock.get(), buf.get(), 4096, read_callback.callback());
2163 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2164
2165 raw_transport->UnblockReadResult();
2166 rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv);
2167 EXPECT_EQ(0, rv);
2168 }
2169
2170 // Tests that fatal alerts from the peer are processed. This is a regression
2171 // test for https://crbug.com/466303.
TEST_P(SSLClientSocketReadTest,Read_WithFatalAlert)2172 TEST_P(SSLClientSocketReadTest, Read_WithFatalAlert) {
2173 SSLServerConfig server_config = GetServerConfig();
2174 server_config.alert_after_handshake_for_testing = SSL_AD_INTERNAL_ERROR;
2175 ASSERT_TRUE(
2176 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2177
2178 int rv;
2179 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2180 EXPECT_THAT(rv, IsOk());
2181
2182 // Receive the fatal alert.
2183 TestCompletionCallback callback;
2184 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
2185 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR,
2186 ReadAndWaitForCompletion(sock_.get(), buf.get(), 4096));
2187 }
2188
TEST_P(SSLClientSocketReadTest,Read_SmallChunks)2189 TEST_P(SSLClientSocketReadTest, Read_SmallChunks) {
2190 ASSERT_TRUE(
2191 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2192
2193 int rv;
2194 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2195 EXPECT_THAT(rv, IsOk());
2196
2197 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2198 scoped_refptr<IOBuffer> request_buffer =
2199 base::MakeRefCounted<IOBuffer>(std::size(request_text) - 1);
2200 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2201
2202 TestCompletionCallback callback;
2203 rv = callback.GetResult(
2204 sock_->Write(request_buffer.get(), std::size(request_text) - 1,
2205 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2206 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2207
2208 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(1);
2209 do {
2210 rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 1);
2211 EXPECT_GE(rv, 0);
2212 } while (rv > 0);
2213 }
2214
TEST_P(SSLClientSocketReadTest,Read_ManySmallRecords)2215 TEST_P(SSLClientSocketReadTest, Read_ManySmallRecords) {
2216 ASSERT_TRUE(
2217 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2218
2219 TestCompletionCallback callback;
2220
2221 auto real_transport = std::make_unique<TCPClientSocket>(
2222 addr(), nullptr, nullptr, nullptr, NetLogSource());
2223 auto transport =
2224 std::make_unique<ReadBufferingStreamSocket>(std::move(real_transport));
2225 ReadBufferingStreamSocket* raw_transport = transport.get();
2226 int rv = callback.GetResult(transport->Connect(callback.callback()));
2227 ASSERT_THAT(rv, IsOk());
2228
2229 SSLConfig config;
2230 config.disable_post_handshake_peek_for_testing = true;
2231 std::unique_ptr<SSLClientSocket> sock(
2232 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2233
2234 rv = callback.GetResult(sock->Connect(callback.callback()));
2235 ASSERT_THAT(rv, IsOk());
2236 ASSERT_TRUE(sock->IsConnected());
2237
2238 const char request_text[] = "GET /ssl-many-small-records HTTP/1.0\r\n\r\n";
2239 scoped_refptr<IOBuffer> request_buffer =
2240 base::MakeRefCounted<IOBuffer>(std::size(request_text) - 1);
2241 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2242
2243 rv = callback.GetResult(
2244 sock->Write(request_buffer.get(), std::size(request_text) - 1,
2245 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2246 ASSERT_GT(rv, 0);
2247 ASSERT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2248
2249 // Note: This relies on SSLClientSocketNSS attempting to read up to 17K of
2250 // data (the max SSL record size) at a time. Ensure that at least 15K worth
2251 // of SSL data is buffered first. The 15K of buffered data is made up of
2252 // many smaller SSL records (the TestServer writes along 1350 byte
2253 // plaintext boundaries), although there may also be a few records that are
2254 // smaller or larger, due to timing and SSL False Start.
2255 // 15K was chosen because 15K is smaller than the 17K (max) read issued by
2256 // the SSLClientSocket implementation, and larger than the minimum amount
2257 // of ciphertext necessary to contain the 8K of plaintext requested below.
2258 raw_transport->BufferNextRead(15000);
2259
2260 scoped_refptr<IOBuffer> buffer = base::MakeRefCounted<IOBuffer>(8192);
2261 rv = ReadAndWaitForCompletion(sock.get(), buffer.get(), 8192);
2262 ASSERT_EQ(rv, 8192);
2263 }
2264
TEST_P(SSLClientSocketReadTest,Read_Interrupted)2265 TEST_P(SSLClientSocketReadTest, Read_Interrupted) {
2266 ASSERT_TRUE(
2267 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2268
2269 int rv;
2270 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2271 EXPECT_THAT(rv, IsOk());
2272
2273 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2274 scoped_refptr<IOBuffer> request_buffer =
2275 base::MakeRefCounted<IOBuffer>(std::size(request_text) - 1);
2276 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2277
2278 TestCompletionCallback callback;
2279 rv = callback.GetResult(
2280 sock_->Write(request_buffer.get(), std::size(request_text) - 1,
2281 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2282 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2283
2284 // Do a partial read and then exit. This test should not crash!
2285 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(512);
2286 rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 512);
2287 EXPECT_GT(rv, 0);
2288 }
2289
TEST_P(SSLClientSocketReadTest,Read_FullLogging)2290 TEST_P(SSLClientSocketReadTest, Read_FullLogging) {
2291 ASSERT_TRUE(
2292 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2293
2294 TestCompletionCallback callback;
2295 log_observer_.SetObserverCaptureMode(NetLogCaptureMode::kEverything);
2296 auto transport = std::make_unique<TCPClientSocket>(
2297 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2298 int rv = callback.GetResult(transport->Connect(callback.callback()));
2299 EXPECT_THAT(rv, IsOk());
2300
2301 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2302 std::move(transport), host_port_pair(), SSLConfig()));
2303
2304 rv = callback.GetResult(sock->Connect(callback.callback()));
2305 EXPECT_THAT(rv, IsOk());
2306 EXPECT_TRUE(sock->IsConnected());
2307
2308 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2309 scoped_refptr<IOBuffer> request_buffer =
2310 base::MakeRefCounted<IOBuffer>(std::size(request_text) - 1);
2311 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2312
2313 rv = callback.GetResult(
2314 sock->Write(request_buffer.get(), std::size(request_text) - 1,
2315 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2316 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2317
2318 auto entries = log_observer_.GetEntries();
2319 size_t last_index = ExpectLogContainsSomewhereAfter(
2320 entries, 5, NetLogEventType::SSL_SOCKET_BYTES_SENT,
2321 NetLogEventPhase::NONE);
2322
2323 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
2324 for (;;) {
2325 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
2326 EXPECT_GE(rv, 0);
2327 if (rv <= 0)
2328 break;
2329
2330 entries = log_observer_.GetEntries();
2331 last_index = ExpectLogContainsSomewhereAfter(
2332 entries, last_index + 1, NetLogEventType::SSL_SOCKET_BYTES_RECEIVED,
2333 NetLogEventPhase::NONE);
2334 }
2335 }
2336
2337 // Regression test for http://crbug.com/42538
TEST_F(SSLClientSocketTest,PrematureApplicationData)2338 TEST_F(SSLClientSocketTest, PrematureApplicationData) {
2339 ASSERT_TRUE(
2340 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2341
2342 static const unsigned char application_data[] = {
2343 0x17, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00, 0x46, 0x03, 0x01, 0x4b,
2344 0xc2, 0xf8, 0xb2, 0xc1, 0x56, 0x42, 0xb9, 0x57, 0x7f, 0xde, 0x87, 0x46,
2345 0xf7, 0xa3, 0x52, 0x42, 0x21, 0xf0, 0x13, 0x1c, 0x9c, 0x83, 0x88, 0xd6,
2346 0x93, 0x0c, 0xf6, 0x36, 0x30, 0x05, 0x7e, 0x20, 0xb5, 0xb5, 0x73, 0x36,
2347 0x53, 0x83, 0x0a, 0xfc, 0x17, 0x63, 0xbf, 0xa0, 0xe4, 0x42, 0x90, 0x0d,
2348 0x2f, 0x18, 0x6d, 0x20, 0xd8, 0x36, 0x3f, 0xfc, 0xe6, 0x01, 0xfa, 0x0f,
2349 0xa5, 0x75, 0x7f, 0x09, 0x00, 0x04, 0x00, 0x16, 0x03, 0x01, 0x11, 0x57,
2350 0x0b, 0x00, 0x11, 0x53, 0x00, 0x11, 0x50, 0x00, 0x06, 0x22, 0x30, 0x82,
2351 0x06, 0x1e, 0x30, 0x82, 0x05, 0x06, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
2352 0x0a};
2353
2354 // All reads and writes complete synchronously (async=false).
2355 MockRead data_reads[] = {
2356 MockRead(SYNCHRONOUS, reinterpret_cast<const char*>(application_data),
2357 std::size(application_data)),
2358 MockRead(SYNCHRONOUS, OK),
2359 };
2360
2361 StaticSocketDataProvider data(data_reads, base::span<MockWrite>());
2362
2363 TestCompletionCallback callback;
2364 std::unique_ptr<StreamSocket> transport(
2365 std::make_unique<MockTCPClientSocket>(addr(), nullptr, &data));
2366 int rv = callback.GetResult(transport->Connect(callback.callback()));
2367 EXPECT_THAT(rv, IsOk());
2368
2369 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2370 std::move(transport), host_port_pair(), SSLConfig()));
2371
2372 rv = callback.GetResult(sock->Connect(callback.callback()));
2373 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
2374 }
2375
TEST_F(SSLClientSocketTest,CipherSuiteDisables)2376 TEST_F(SSLClientSocketTest, CipherSuiteDisables) {
2377 SSLServerConfig server_config;
2378 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
2379 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
2380 ASSERT_TRUE(
2381 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2382
2383 SSLContextConfig ssl_context_config;
2384 ssl_context_config.disabled_cipher_suites.push_back(kModernTLS12Cipher);
2385 ssl_config_service_->UpdateSSLConfigAndNotify(ssl_context_config);
2386
2387 int rv;
2388 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2389 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
2390 }
2391
2392 // Test that TLS versions prior to TLS 1.2 cannot be configured in
2393 // SSLClientSocket.
TEST_F(SSLClientSocketTest,LegacyTLSVersions)2394 TEST_F(SSLClientSocketTest, LegacyTLSVersions) {
2395 // Start a server, just so the underlying socket can connect somewhere, but it
2396 // will fail before talking to the server, so it is fine that the server does
2397 // not speak these versions.
2398 ASSERT_TRUE(
2399 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2400
2401 // Although we don't have `SSL_PROTOCOL_VERSION_*` constants for SSL 3.0
2402 // through TLS 1.1, these values are just passed through to the BoringSSL API,
2403 // which means the underlying protocol version numbers can be used here.
2404 //
2405 // TODO(https://crbug.com/1416295): Ideally SSLConfig would just take an enum,
2406 // at which point this test can be removed.
2407 for (uint16_t version : {SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION}) {
2408 SCOPED_TRACE(version);
2409
2410 SSLConfig config;
2411 config.version_min_override = version;
2412 int rv;
2413 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2414 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
2415
2416 config.version_min_override = absl::nullopt;
2417 config.version_max_override = version;
2418 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2419 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
2420 }
2421 }
2422
2423 // When creating an SSLClientSocket, it is allowed to pass in a
2424 // ClientSocketHandle that is not obtained from a client socket pool.
2425 // Here we verify that such a simple ClientSocketHandle, not associated with any
2426 // client socket pool, can be destroyed safely.
TEST_F(SSLClientSocketTest,ClientSocketHandleNotFromPool)2427 TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
2428 ASSERT_TRUE(
2429 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2430
2431 TestCompletionCallback callback;
2432 auto transport = std::make_unique<TCPClientSocket>(addr(), nullptr, nullptr,
2433 nullptr, NetLogSource());
2434 int rv = callback.GetResult(transport->Connect(callback.callback()));
2435 EXPECT_THAT(rv, IsOk());
2436
2437 std::unique_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket(
2438 context_.get(), std::move(transport), host_port_pair(), SSLConfig()));
2439
2440 EXPECT_FALSE(sock->IsConnected());
2441 rv = callback.GetResult(sock->Connect(callback.callback()));
2442 EXPECT_THAT(rv, IsOk());
2443 }
2444
2445 // Verifies that SSLClientSocket::ExportKeyingMaterial return a success
2446 // code and different keying label results in different keying material.
TEST_P(SSLClientSocketVersionTest,ExportKeyingMaterial)2447 TEST_P(SSLClientSocketVersionTest, ExportKeyingMaterial) {
2448 ASSERT_TRUE(
2449 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2450
2451 int rv;
2452 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2453 EXPECT_THAT(rv, IsOk());
2454 EXPECT_TRUE(sock_->IsConnected());
2455
2456 const int kKeyingMaterialSize = 32;
2457 const char kKeyingLabel1[] = "client-socket-test-1";
2458 const char kKeyingContext1[] = "";
2459 unsigned char client_out1[kKeyingMaterialSize];
2460 memset(client_out1, 0, sizeof(client_out1));
2461 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, false, kKeyingContext1,
2462 client_out1, sizeof(client_out1));
2463 EXPECT_EQ(rv, OK);
2464
2465 const char kKeyingLabel2[] = "client-socket-test-2";
2466 unsigned char client_out2[kKeyingMaterialSize];
2467 memset(client_out2, 0, sizeof(client_out2));
2468 rv = sock_->ExportKeyingMaterial(kKeyingLabel2, false, kKeyingContext1,
2469 client_out2, sizeof(client_out2));
2470 EXPECT_EQ(rv, OK);
2471 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2472
2473 const char kKeyingContext2[] = "context";
2474 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, true, kKeyingContext2,
2475 client_out2, sizeof(client_out2));
2476 EXPECT_EQ(rv, OK);
2477 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2478
2479 // Prior to TLS 1.3, using an empty context should give different key material
2480 // from not using a context at all. In TLS 1.3, the distinction is deprecated
2481 // and they are the same.
2482 memset(client_out2, 0, sizeof(client_out2));
2483 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, true, kKeyingContext1,
2484 client_out2, sizeof(client_out2));
2485 EXPECT_EQ(rv, OK);
2486 if (version() >= SSL_PROTOCOL_VERSION_TLS1_3) {
2487 EXPECT_EQ(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2488 } else {
2489 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2490 }
2491 }
2492
TEST(SSLClientSocket,SerializeNextProtos)2493 TEST(SSLClientSocket, SerializeNextProtos) {
2494 NextProtoVector next_protos;
2495 next_protos.push_back(kProtoHTTP11);
2496 next_protos.push_back(kProtoHTTP2);
2497 static std::vector<uint8_t> serialized =
2498 SSLClientSocket::SerializeNextProtos(next_protos);
2499 ASSERT_EQ(12u, serialized.size());
2500 EXPECT_EQ(8, serialized[0]); // length("http/1.1")
2501 EXPECT_EQ('h', serialized[1]);
2502 EXPECT_EQ('t', serialized[2]);
2503 EXPECT_EQ('t', serialized[3]);
2504 EXPECT_EQ('p', serialized[4]);
2505 EXPECT_EQ('/', serialized[5]);
2506 EXPECT_EQ('1', serialized[6]);
2507 EXPECT_EQ('.', serialized[7]);
2508 EXPECT_EQ('1', serialized[8]);
2509 EXPECT_EQ(2, serialized[9]); // length("h2")
2510 EXPECT_EQ('h', serialized[10]);
2511 EXPECT_EQ('2', serialized[11]);
2512 }
2513
2514 // Test that the server certificates are properly retrieved from the underlying
2515 // SSL stack.
TEST_P(SSLClientSocketVersionTest,VerifyServerChainProperlyOrdered)2516 TEST_P(SSLClientSocketVersionTest, VerifyServerChainProperlyOrdered) {
2517 // The connection does not have to be successful.
2518 cert_verifier_->set_default_result(ERR_CERT_INVALID);
2519
2520 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2521 // This makes the server present redundant-server-chain.pem, which contains
2522 // intermediate certificates.
2523 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2524 GetServerConfig()));
2525
2526 int rv;
2527 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2528 EXPECT_THAT(rv, IsError(ERR_CERT_INVALID));
2529 EXPECT_FALSE(sock_->IsConnected());
2530
2531 // When given option CERT_CHAIN_WRONG_ROOT, EmbeddedTestServer will present
2532 // certs from redundant-server-chain.pem.
2533 CertificateList server_certs =
2534 CreateCertificateListFromFile(GetTestCertsDirectory(),
2535 "redundant-server-chain.pem",
2536 X509Certificate::FORMAT_AUTO);
2537
2538 // Get the server certificate as received client side.
2539 SSLInfo ssl_info;
2540 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2541 scoped_refptr<X509Certificate> server_certificate = ssl_info.unverified_cert;
2542
2543 // Get the intermediates as received client side.
2544 const auto& server_intermediates = server_certificate->intermediate_buffers();
2545
2546 // Check that the unverified server certificate chain is properly retrieved
2547 // from the underlying ssl stack.
2548 ASSERT_EQ(4U, server_certs.size());
2549
2550 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_certificate->cert_buffer(),
2551 server_certs[0]->cert_buffer()));
2552
2553 ASSERT_EQ(3U, server_intermediates.size());
2554
2555 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[0].get(),
2556 server_certs[1]->cert_buffer()));
2557 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[1].get(),
2558 server_certs[2]->cert_buffer()));
2559 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[2].get(),
2560 server_certs[3]->cert_buffer()));
2561
2562 sock_->Disconnect();
2563 EXPECT_FALSE(sock_->IsConnected());
2564 }
2565
2566 // This tests that SSLInfo contains a properly re-constructed certificate
2567 // chain. That, in turn, verifies that GetSSLInfo is giving us the chain as
2568 // verified, not the chain as served by the server. (They may be different.)
2569 //
2570 // CERT_CHAIN_WRONG_ROOT is redundant-server-chain.pem. It contains A
2571 // (end-entity) -> B -> C, and C is signed by D. redundant-validated-chain.pem
2572 // contains a chain of A -> B -> C2, where C2 is the same public key as C, but
2573 // a self-signed root. Such a situation can occur when a new root (C2) is
2574 // cross-certified by an old root (D) and has two different versions of its
2575 // floating around. Servers may supply C2 as an intermediate, but the
2576 // SSLClientSocket should return the chain that was verified, from
2577 // verify_result, instead.
TEST_P(SSLClientSocketVersionTest,VerifyReturnChainProperlyOrdered)2578 TEST_P(SSLClientSocketVersionTest, VerifyReturnChainProperlyOrdered) {
2579 // By default, cause the CertVerifier to treat all certificates as
2580 // expired.
2581 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2582
2583 CertificateList unverified_certs = CreateCertificateListFromFile(
2584 GetTestCertsDirectory(), "redundant-server-chain.pem",
2585 X509Certificate::FORMAT_AUTO);
2586 ASSERT_EQ(4u, unverified_certs.size());
2587
2588 // We will expect SSLInfo to ultimately contain this chain.
2589 CertificateList certs =
2590 CreateCertificateListFromFile(GetTestCertsDirectory(),
2591 "redundant-validated-chain.pem",
2592 X509Certificate::FORMAT_AUTO);
2593 ASSERT_EQ(3U, certs.size());
2594
2595 ASSERT_TRUE(certs[0]->EqualsExcludingChain(unverified_certs[0].get()));
2596
2597 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> temp_intermediates;
2598 temp_intermediates.push_back(bssl::UpRef(certs[1]->cert_buffer()));
2599 temp_intermediates.push_back(bssl::UpRef(certs[2]->cert_buffer()));
2600
2601 CertVerifyResult verify_result;
2602 verify_result.verified_cert = X509Certificate::CreateFromBuffer(
2603 bssl::UpRef(certs[0]->cert_buffer()), std::move(temp_intermediates));
2604 ASSERT_TRUE(verify_result.verified_cert);
2605
2606 // Add a rule that maps the server cert (A) to the chain of A->B->C2
2607 // rather than A->B->C.
2608 cert_verifier_->AddResultForCert(certs[0].get(), verify_result, OK);
2609
2610 // Load and install the root for the validated chain.
2611 scoped_refptr<X509Certificate> root_cert = ImportCertFromFile(
2612 GetTestCertsDirectory(), "redundant-validated-chain-root.pem");
2613 ASSERT_NE(static_cast<X509Certificate*>(nullptr), root_cert.get());
2614 ScopedTestRoot scoped_root(root_cert.get());
2615
2616 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2617 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2618 GetServerConfig()));
2619
2620 int rv;
2621 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2622 EXPECT_THAT(rv, IsOk());
2623 EXPECT_TRUE(sock_->IsConnected());
2624
2625 auto entries = log_observer_.GetEntries();
2626 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
2627
2628 SSLInfo ssl_info;
2629 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2630
2631 // Verify that SSLInfo contains the corrected re-constructed chain A -> B
2632 // -> C2.
2633 ASSERT_TRUE(ssl_info.cert);
2634 const auto& intermediates = ssl_info.cert->intermediate_buffers();
2635 ASSERT_EQ(2U, intermediates.size());
2636 EXPECT_TRUE(x509_util::CryptoBufferEqual(ssl_info.cert->cert_buffer(),
2637 certs[0]->cert_buffer()));
2638 EXPECT_TRUE(x509_util::CryptoBufferEqual(intermediates[0].get(),
2639 certs[1]->cert_buffer()));
2640 EXPECT_TRUE(x509_util::CryptoBufferEqual(intermediates[1].get(),
2641 certs[2]->cert_buffer()));
2642
2643 // Verify that SSLInfo also contains the chain as received from the server.
2644 ASSERT_TRUE(ssl_info.unverified_cert);
2645 const auto& served_intermediates =
2646 ssl_info.unverified_cert->intermediate_buffers();
2647 ASSERT_EQ(3U, served_intermediates.size());
2648 EXPECT_TRUE(x509_util::CryptoBufferEqual(ssl_info.cert->cert_buffer(),
2649 unverified_certs[0]->cert_buffer()));
2650 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[0].get(),
2651 unverified_certs[1]->cert_buffer()));
2652 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[1].get(),
2653 unverified_certs[2]->cert_buffer()));
2654 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[2].get(),
2655 unverified_certs[3]->cert_buffer()));
2656
2657 sock_->Disconnect();
2658 EXPECT_FALSE(sock_->IsConnected());
2659 }
2660
2661 // Client certificates are disabled on iOS.
2662 #if !BUILDFLAG(IS_IOS)
2663 INSTANTIATE_TEST_SUITE_P(TLSVersion,
2664 SSLClientSocketCertRequestInfoTest,
2665 ValuesIn(GetTLSVersions()));
2666
TEST_P(SSLClientSocketCertRequestInfoTest,DontRequestClientCertsIfServerCertInvalid)2667 TEST_P(SSLClientSocketCertRequestInfoTest,
2668 DontRequestClientCertsIfServerCertInvalid) {
2669 SSLServerConfig config = GetServerConfig();
2670 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2671 ASSERT_TRUE(
2672 StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED, config));
2673
2674 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2675 int rv;
2676 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2677 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
2678 }
2679
TEST_P(SSLClientSocketCertRequestInfoTest,NoAuthorities)2680 TEST_P(SSLClientSocketCertRequestInfoTest, NoAuthorities) {
2681 SSLServerConfig config = GetServerConfig();
2682 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2683 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2684 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2685 ASSERT_TRUE(request_info.get());
2686 EXPECT_EQ(0u, request_info->cert_authorities.size());
2687 }
2688
TEST_P(SSLClientSocketCertRequestInfoTest,TwoAuthorities)2689 TEST_P(SSLClientSocketCertRequestInfoTest, TwoAuthorities) {
2690 const unsigned char kThawteDN[] = {
2691 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
2692 0x02, 0x5a, 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a,
2693 0x13, 0x1c, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e,
2694 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79,
2695 0x29, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
2696 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20,
2697 0x53, 0x47, 0x43, 0x20, 0x43, 0x41};
2698
2699 const unsigned char kDiginotarDN[] = {
2700 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
2701 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
2702 0x13, 0x09, 0x44, 0x69, 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x31,
2703 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x44, 0x69,
2704 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x20, 0x52, 0x6f, 0x6f, 0x74,
2705 0x20, 0x43, 0x41, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86, 0x48,
2706 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x11, 0x69, 0x6e, 0x66, 0x6f,
2707 0x40, 0x64, 0x69, 0x67, 0x69, 0x6e, 0x6f, 0x74, 0x61, 0x72, 0x2e, 0x6e,
2708 0x6c};
2709
2710 SSLServerConfig config = GetServerConfig();
2711 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2712 config.cert_authorities.emplace_back(std::begin(kThawteDN),
2713 std::end(kThawteDN));
2714 config.cert_authorities.emplace_back(std::begin(kDiginotarDN),
2715 std::end(kDiginotarDN));
2716 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2717 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2718 ASSERT_TRUE(request_info.get());
2719 EXPECT_EQ(config.cert_authorities, request_info->cert_authorities);
2720 }
2721
TEST_P(SSLClientSocketCertRequestInfoTest,CertKeyTypes)2722 TEST_P(SSLClientSocketCertRequestInfoTest, CertKeyTypes) {
2723 SSLServerConfig config = GetServerConfig();
2724 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2725 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2726 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2727 ASSERT_TRUE(request_info.get());
2728 if (version() >= SSL_PROTOCOL_VERSION_TLS1_3) {
2729 // TLS 1.3 does not use cert_key_types, only signature algorithms. This
2730 // should be migrated to a more modern mechanism. See
2731 // https://crbug.com/1270530.
2732 EXPECT_EQ(0u, request_info->cert_key_types.size());
2733 } else {
2734 // BoringSSL always sends rsa_sign and ecdsa_sign.
2735 ASSERT_EQ(2u, request_info->cert_key_types.size());
2736 EXPECT_EQ(SSLClientCertType::kRsaSign, request_info->cert_key_types[0]);
2737 EXPECT_EQ(SSLClientCertType::kEcdsaSign, request_info->cert_key_types[1]);
2738 }
2739 }
2740 #endif // !IS_IOS
2741
2742 // Tests that the Certificate Transparency (RFC 6962) TLS extension is
2743 // supported.
TEST_P(SSLClientSocketVersionTest,ConnectSignedCertTimestampsTLSExtension)2744 TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsTLSExtension) {
2745 // Encoding of SCT List containing 'test'.
2746 base::StringPiece sct_ext("\x00\x06\x00\x04test", 8);
2747
2748 SSLServerConfig server_config = GetServerConfig();
2749 server_config.signed_cert_timestamp_list =
2750 std::vector<uint8_t>(sct_ext.begin(), sct_ext.end());
2751 ASSERT_TRUE(
2752 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2753
2754 auto ct_verifier = std::make_unique<MockCTVerifier>();
2755
2756 // Check that the SCT list is extracted from the TLS extension as expected,
2757 // while also simulating that it was an unparsable response.
2758 SignedCertificateTimestampAndStatusList sct_list;
2759 EXPECT_CALL(*ct_verifier, Verify(_, _, _, sct_ext, _, _))
2760 .WillOnce(testing::SetArgPointee<4>(sct_list));
2761
2762 auto cert_and_ct_verifier = std::make_unique<CertAndCTVerifier>(
2763 std::move(cert_verifier_), std::move(ct_verifier));
2764
2765 context_ = std::make_unique<SSLClientContext>(
2766 ssl_config_service_.get(), cert_and_ct_verifier.get(),
2767 transport_security_state_.get(), ct_policy_enforcer_.get(),
2768 ssl_client_session_cache_.get(), nullptr);
2769
2770 int rv;
2771 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2772 EXPECT_THAT(rv, IsOk());
2773
2774 EXPECT_TRUE(sock_->signed_cert_timestamps_received_);
2775
2776 sock_ = nullptr;
2777 context_ = nullptr;
2778 }
2779
2780 // Test that when a CT verifier and a CTPolicyEnforcer are defined, and
2781 // the EV certificate used conforms to the CT/EV policy, its EV status
2782 // is maintained.
TEST_P(SSLClientSocketVersionTest,EVCertStatusMaintainedForCompliantCert)2783 TEST_P(SSLClientSocketVersionTest, EVCertStatusMaintainedForCompliantCert) {
2784 ASSERT_TRUE(
2785 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2786
2787 SSLConfig ssl_config;
2788 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config);
2789
2790 // Emulate compliance of the certificate to the policy.
2791 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _))
2792 .WillRepeatedly(
2793 Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
2794
2795 int rv;
2796 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2797 EXPECT_THAT(rv, IsOk());
2798
2799 SSLInfo result;
2800 ASSERT_TRUE(sock_->GetSSLInfo(&result));
2801
2802 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV);
2803 }
2804
2805 // Test that when a CT verifier and a CTPolicyEnforcer are defined, but
2806 // the EV certificate used does not conform to the CT/EV policy, its EV status
2807 // is removed.
TEST_P(SSLClientSocketVersionTest,EVCertStatusRemovedForNonCompliantCert)2808 TEST_P(SSLClientSocketVersionTest, EVCertStatusRemovedForNonCompliantCert) {
2809 ASSERT_TRUE(
2810 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2811
2812 SSLConfig ssl_config;
2813 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config);
2814
2815 // Emulate non-compliance of the certificate to the policy.
2816 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _))
2817 .WillRepeatedly(
2818 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
2819
2820 int rv;
2821 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2822 EXPECT_THAT(rv, IsOk());
2823
2824 SSLInfo result;
2825 ASSERT_TRUE(sock_->GetSSLInfo(&result));
2826
2827 EXPECT_FALSE(result.cert_status & CERT_STATUS_IS_EV);
2828 EXPECT_TRUE(result.cert_status & CERT_STATUS_CT_COMPLIANCE_FAILED);
2829 }
2830
2831 // Tests that OCSP stapling is requested, as per Certificate Transparency (RFC
2832 // 6962).
TEST_P(SSLClientSocketVersionTest,ConnectSignedCertTimestampsEnablesOCSP)2833 TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsEnablesOCSP) {
2834 // The test server currently only knows how to generate OCSP responses
2835 // for a freshly minted certificate.
2836 EmbeddedTestServer::ServerCertificateConfig cert_config;
2837 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
2838 {{OCSPRevocationStatus::GOOD,
2839 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
2840
2841 ASSERT_TRUE(StartEmbeddedTestServer(cert_config, GetServerConfig()));
2842
2843 SSLConfig ssl_config;
2844
2845 int rv;
2846 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2847 EXPECT_THAT(rv, IsOk());
2848
2849 EXPECT_TRUE(sock_->stapled_ocsp_response_received_);
2850 }
2851
2852 // Tests that IsConnectedAndIdle and WasEverUsed behave as expected.
TEST_P(SSLClientSocketVersionTest,ReuseStates)2853 TEST_P(SSLClientSocketVersionTest, ReuseStates) {
2854 ASSERT_TRUE(
2855 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2856
2857 int rv;
2858 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2859
2860 // The socket was just connected. It should be idle because it is speaking
2861 // HTTP. Although the transport has been used for the handshake, WasEverUsed()
2862 // returns false.
2863 EXPECT_TRUE(sock_->IsConnected());
2864 EXPECT_TRUE(sock_->IsConnectedAndIdle());
2865 EXPECT_FALSE(sock_->WasEverUsed());
2866
2867 const char kRequestText[] = "GET / HTTP/1.0\r\n\r\n";
2868 const size_t kRequestLen = std::size(kRequestText) - 1;
2869 scoped_refptr<IOBuffer> request_buffer =
2870 base::MakeRefCounted<IOBuffer>(kRequestLen);
2871 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2872
2873 TestCompletionCallback callback;
2874 rv = callback.GetResult(sock_->Write(request_buffer.get(), kRequestLen,
2875 callback.callback(),
2876 TRAFFIC_ANNOTATION_FOR_TESTS));
2877 EXPECT_EQ(static_cast<int>(kRequestLen), rv);
2878
2879 // The socket has now been used.
2880 EXPECT_TRUE(sock_->WasEverUsed());
2881
2882 // TODO(davidben): Read one byte to ensure the test server has responded and
2883 // then assert IsConnectedAndIdle is false. This currently doesn't work
2884 // because SSLClientSocketImpl doesn't check the implementation's internal
2885 // buffer. Call SSL_pending.
2886 }
2887
2888 // Tests that |is_fatal_cert_error| does not get set for a certificate error,
2889 // on a non-HSTS host.
TEST_P(SSLClientSocketVersionTest,IsFatalErrorNotSetOnNonFatalError)2890 TEST_P(SSLClientSocketVersionTest, IsFatalErrorNotSetOnNonFatalError) {
2891 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2892 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2893 GetServerConfig()));
2894 int rv;
2895 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2896 SSLInfo ssl_info;
2897 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2898 EXPECT_FALSE(ssl_info.is_fatal_cert_error);
2899 }
2900
2901 // Tests that |is_fatal_cert_error| gets set for a certificate error on an
2902 // HSTS host.
TEST_P(SSLClientSocketVersionTest,IsFatalErrorSetOnFatalError)2903 TEST_P(SSLClientSocketVersionTest, IsFatalErrorSetOnFatalError) {
2904 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2905 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2906 GetServerConfig()));
2907 int rv;
2908 const base::Time expiry = base::Time::Now() + base::Seconds(1000);
2909 transport_security_state_->AddHSTS(host_port_pair().host(), expiry, true);
2910 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2911 SSLInfo ssl_info;
2912 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2913 EXPECT_TRUE(ssl_info.is_fatal_cert_error);
2914 }
2915
2916 // Tests that IsConnectedAndIdle treats a socket as idle even if a Write hasn't
2917 // been flushed completely out of SSLClientSocket's internal buffers. This is a
2918 // regression test for https://crbug.com/466147.
TEST_P(SSLClientSocketVersionTest,ReusableAfterWrite)2919 TEST_P(SSLClientSocketVersionTest, ReusableAfterWrite) {
2920 ASSERT_TRUE(
2921 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2922
2923 TestCompletionCallback callback;
2924 auto real_transport = std::make_unique<TCPClientSocket>(
2925 addr(), nullptr, nullptr, nullptr, NetLogSource());
2926 auto transport =
2927 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
2928 FakeBlockingStreamSocket* raw_transport = transport.get();
2929 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2930 IsOk());
2931
2932 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2933 std::move(transport), host_port_pair(), SSLConfig()));
2934 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2935
2936 // Block any application data from reaching the network.
2937 raw_transport->BlockWrite();
2938
2939 // Write a partial HTTP request.
2940 const char kRequestText[] = "GET / HTTP/1.0";
2941 const size_t kRequestLen = std::size(kRequestText) - 1;
2942 scoped_refptr<IOBuffer> request_buffer =
2943 base::MakeRefCounted<IOBuffer>(kRequestLen);
2944 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2945
2946 // Although transport writes are blocked, SSLClientSocketImpl completes the
2947 // outer Write operation.
2948 EXPECT_EQ(static_cast<int>(kRequestLen),
2949 callback.GetResult(sock->Write(request_buffer.get(), kRequestLen,
2950 callback.callback(),
2951 TRAFFIC_ANNOTATION_FOR_TESTS)));
2952
2953 // The Write operation is complete, so the socket should be treated as
2954 // reusable, in case the server returns an HTTP response before completely
2955 // consuming the request body. In this case, we assume the server will
2956 // properly drain the request body before trying to read the next request.
2957 EXPECT_TRUE(sock->IsConnectedAndIdle());
2958 }
2959
2960 // Tests that basic session resumption works.
TEST_P(SSLClientSocketVersionTest,SessionResumption)2961 TEST_P(SSLClientSocketVersionTest, SessionResumption) {
2962 ASSERT_TRUE(
2963 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2964
2965 // First, perform a full handshake.
2966 SSLConfig ssl_config;
2967 int rv;
2968 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2969 ASSERT_THAT(rv, IsOk());
2970 SSLInfo ssl_info;
2971 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2972 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2973
2974 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
2975 // use the socket to ensure the session ticket has been picked up.
2976 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
2977
2978 // The next connection should resume.
2979 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2980 ASSERT_THAT(rv, IsOk());
2981 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2982 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2983 sock_.reset();
2984
2985 // Using a different HostPortPair uses a different session cache key.
2986 auto transport = std::make_unique<TCPClientSocket>(
2987 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2988 TestCompletionCallback callback;
2989 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2990 IsOk());
2991 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
2992 std::move(transport), HostPortPair("example.com", 443), ssl_config);
2993 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2994 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
2995 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2996 sock.reset();
2997
2998 ssl_client_session_cache_->Flush();
2999
3000 // After clearing the session cache, the next handshake doesn't resume.
3001 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3002 ASSERT_THAT(rv, IsOk());
3003 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3004 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3005 }
3006
3007 namespace {
3008
3009 // FakePeerAddressSocket wraps a |StreamSocket|, forwarding all calls except
3010 // that it provides a given answer for |GetPeerAddress|.
3011 class FakePeerAddressSocket : public WrappedStreamSocket {
3012 public:
FakePeerAddressSocket(std::unique_ptr<StreamSocket> socket,const IPEndPoint & address)3013 FakePeerAddressSocket(std::unique_ptr<StreamSocket> socket,
3014 const IPEndPoint& address)
3015 : WrappedStreamSocket(std::move(socket)), address_(address) {}
3016 ~FakePeerAddressSocket() override = default;
3017
GetPeerAddress(IPEndPoint * address) const3018 int GetPeerAddress(IPEndPoint* address) const override {
3019 *address = address_;
3020 return OK;
3021 }
3022
3023 private:
3024 const IPEndPoint address_;
3025 };
3026
3027 } // namespace
3028
TEST_F(SSLClientSocketTest,SessionResumption_RSA)3029 TEST_F(SSLClientSocketTest, SessionResumption_RSA) {
3030 for (bool use_rsa : {false, true}) {
3031 SCOPED_TRACE(use_rsa);
3032
3033 SSLServerConfig server_config;
3034 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3035 server_config.cipher_suite_for_testing =
3036 use_rsa ? kRSACipher : kModernTLS12Cipher;
3037 ASSERT_TRUE(
3038 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3039 SSLConfig ssl_config;
3040 ssl_client_session_cache_->Flush();
3041
3042 for (int i = 0; i < 3; i++) {
3043 SCOPED_TRACE(i);
3044
3045 auto transport = std::make_unique<TCPClientSocket>(
3046 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
3047 TestCompletionCallback callback;
3048 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
3049 IsOk());
3050 // The third handshake sees a different destination IP address.
3051 IPEndPoint fake_peer_address(IPAddress(1, 1, 1, i == 2 ? 2 : 1), 443);
3052 auto socket = std::make_unique<FakePeerAddressSocket>(
3053 std::move(transport), fake_peer_address);
3054 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
3055 std::move(socket), HostPortPair("example.com", 443), ssl_config);
3056 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())),
3057 IsOk());
3058 SSLInfo ssl_info;
3059 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
3060 sock.reset();
3061
3062 switch (i) {
3063 case 0:
3064 // Initial handshake should be a full handshake.
3065 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3066 break;
3067 case 1:
3068 // Second handshake should resume.
3069 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3070 break;
3071 case 2:
3072 // Third handshake gets a different IP address and, if the
3073 // session used RSA key exchange, it should not resume.
3074 EXPECT_EQ(
3075 use_rsa ? SSLInfo::HANDSHAKE_FULL : SSLInfo::HANDSHAKE_RESUME,
3076 ssl_info.handshake_type);
3077 break;
3078 default:
3079 NOTREACHED();
3080 }
3081 }
3082 }
3083 }
3084
3085 // Tests that ALPN works with session resumption.
TEST_F(SSLClientSocketTest,SessionResumptionAlpn)3086 TEST_F(SSLClientSocketTest, SessionResumptionAlpn) {
3087 SSLServerConfig server_config;
3088 server_config.alpn_protos = {NextProto::kProtoHTTP2, NextProto::kProtoHTTP11};
3089 ASSERT_TRUE(
3090 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3091
3092 // First, perform a full handshake.
3093 SSLConfig ssl_config;
3094 ssl_config.alpn_protos.push_back(kProtoHTTP2);
3095 int rv;
3096 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3097 ASSERT_THAT(rv, IsOk());
3098 SSLInfo ssl_info;
3099 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3100 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3101 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
3102
3103 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3104 // use the socket to ensure the session ticket has been picked up.
3105 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3106
3107 // The next connection should resume; ALPN should be renegotiated.
3108 ssl_config.alpn_protos.clear();
3109 ssl_config.alpn_protos.push_back(kProtoHTTP11);
3110 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3111 ASSERT_THAT(rv, IsOk());
3112 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3113 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3114 EXPECT_EQ(kProtoHTTP11, sock_->GetNegotiatedProtocol());
3115 }
3116
3117 // Tests that the session cache is not sharded by NetworkAnonymizationKey if the
3118 // feature is disabled.
TEST_P(SSLClientSocketVersionTest,SessionResumptionNetworkIsolationKeyDisabled)3119 TEST_P(SSLClientSocketVersionTest,
3120 SessionResumptionNetworkIsolationKeyDisabled) {
3121 base::test::ScopedFeatureList feature_list;
3122 feature_list.InitAndDisableFeature(
3123 features::kPartitionSSLSessionsByNetworkIsolationKey);
3124
3125 ASSERT_TRUE(
3126 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3127
3128 // First, perform a full handshake.
3129 SSLConfig ssl_config;
3130 int rv;
3131 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3132 ASSERT_THAT(rv, IsOk());
3133 SSLInfo ssl_info;
3134 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3135 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3136
3137 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3138 // use the socket to ensure the session ticket has been picked up. Do this for
3139 // every connection to avoid problems with TLS 1.3 single-use tickets.
3140 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3141
3142 // The next connection should resume.
3143 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3144 ASSERT_THAT(rv, IsOk());
3145 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3146 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3147 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3148 sock_.reset();
3149
3150 // Using a different NetworkAnonymizationKey shares session cache key because
3151 // sharding is disabled.
3152 const SchemefulSite kSiteA(GURL("https://a.test"));
3153 ssl_config.network_anonymization_key =
3154 NetworkAnonymizationKey::CreateSameSite(kSiteA);
3155 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3156 ASSERT_THAT(rv, IsOk());
3157 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3158 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3159 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3160 sock_.reset();
3161
3162 const SchemefulSite kSiteB(GURL("https://a.test"));
3163 ssl_config.network_anonymization_key =
3164 NetworkAnonymizationKey::CreateSameSite(kSiteB);
3165 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3166 ASSERT_THAT(rv, IsOk());
3167 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3168 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3169 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3170 sock_.reset();
3171 }
3172
3173 // Tests that the session cache is sharded by NetworkAnonymizationKey if the
3174 // feature is enabled.
TEST_P(SSLClientSocketVersionTest,SessionResumptionNetworkIsolationKeyEnabled)3175 TEST_P(SSLClientSocketVersionTest,
3176 SessionResumptionNetworkIsolationKeyEnabled) {
3177 base::test::ScopedFeatureList feature_list;
3178 feature_list.InitAndEnableFeature(
3179 features::kPartitionSSLSessionsByNetworkIsolationKey);
3180
3181 const SchemefulSite kSiteA(GURL("https://a.test"));
3182 const SchemefulSite kSiteB(GURL("https://b.test"));
3183 const auto kNetworkAnonymizationKeyA =
3184 NetworkAnonymizationKey::CreateSameSite(kSiteA);
3185 const auto kNetworkAnonymizationKeyB =
3186 NetworkAnonymizationKey::CreateSameSite(kSiteB);
3187
3188 ASSERT_TRUE(
3189 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3190
3191 // First, perform a full handshake.
3192 SSLConfig ssl_config;
3193 int rv;
3194 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3195 ASSERT_THAT(rv, IsOk());
3196 SSLInfo ssl_info;
3197 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3198 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3199
3200 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3201 // use the socket to ensure the session ticket has been picked up. Do this for
3202 // every connection to avoid problems with TLS 1.3 single-use tickets.
3203 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3204
3205 // The next connection should resume.
3206 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3207 ASSERT_THAT(rv, IsOk());
3208 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3209 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3210 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3211 sock_.reset();
3212
3213 // Using a different NetworkAnonymizationKey uses a different session cache
3214 // key.
3215 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyA;
3216 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3217 ASSERT_THAT(rv, IsOk());
3218 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3219 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3220 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3221 sock_.reset();
3222
3223 // We, however, can resume under that newly-established session.
3224 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3225 ASSERT_THAT(rv, IsOk());
3226 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3227 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3228 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3229 sock_.reset();
3230
3231 // Repeat with another non-null key.
3232 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyB;
3233 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3234 ASSERT_THAT(rv, IsOk());
3235 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3236 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3237 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3238 sock_.reset();
3239
3240 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3241 ASSERT_THAT(rv, IsOk());
3242 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3243 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3244 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3245 sock_.reset();
3246
3247 // b.test does not evict a.test's session.
3248 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyA;
3249 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3250 ASSERT_THAT(rv, IsOk());
3251 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3252 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3253 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3254 sock_.reset();
3255 }
3256
3257 // Tests that connections with certificate errors do not add entries to the
3258 // session cache.
TEST_P(SSLClientSocketVersionTest,CertificateErrorNoResume)3259 TEST_P(SSLClientSocketVersionTest, CertificateErrorNoResume) {
3260 ASSERT_TRUE(
3261 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3262
3263 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
3264
3265 SSLConfig ssl_config;
3266 int rv;
3267 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3268 ASSERT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
3269
3270 cert_verifier_->set_default_result(OK);
3271
3272 // The next connection should perform a full handshake.
3273 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3274 ASSERT_THAT(rv, IsOk());
3275 SSLInfo ssl_info;
3276 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3277 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3278 }
3279
TEST_F(SSLClientSocketTest,RequireECDHE)3280 TEST_F(SSLClientSocketTest, RequireECDHE) {
3281 // Run test server without ECDHE.
3282 SSLServerConfig server_config;
3283 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3284 server_config.cipher_suite_for_testing = kRSACipher;
3285 ASSERT_TRUE(
3286 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3287
3288 SSLConfig config;
3289 config.require_ecdhe = true;
3290 int rv;
3291 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
3292 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3293 }
3294
3295 TEST_F(SSLClientSocketTest, 3DES) {
3296 SSLServerConfig server_config;
3297 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3298 server_config.cipher_suite_for_testing = k3DESCipher;
3299 ASSERT_TRUE(
3300 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3301
3302 // 3DES is always disabled.
3303 int rv;
3304 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3305 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3306 }
3307
TEST_F(SSLClientSocketTest,SHA1)3308 TEST_F(SSLClientSocketTest, SHA1) {
3309 SSLServerConfig server_config;
3310 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3311 // Disable RSA key exchange, to ensure the server does not pick a non-signing
3312 // cipher.
3313 server_config.require_ecdhe = true;
3314 server_config.signature_algorithm_for_testing = SSL_SIGN_RSA_PKCS1_SHA1;
3315 ASSERT_TRUE(
3316 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3317
3318 int rv;
3319 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3320 EXPECT_THAT(rv, IsOk());
3321
3322 SSLConfig config;
3323 config.disable_sha1_server_signatures = true;
3324 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
3325 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
3326 }
3327
TEST_F(SSLClientSocketFalseStartTest,FalseStartEnabled)3328 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
3329 // False Start requires ALPN, ECDHE, and an AEAD.
3330 SSLServerConfig server_config;
3331 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3332 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3333 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3334 SSLConfig client_config;
3335 client_config.alpn_protos.push_back(kProtoHTTP11);
3336 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, true));
3337 }
3338
3339 // Test that False Start is disabled without ALPN.
TEST_F(SSLClientSocketFalseStartTest,NoAlpn)3340 TEST_F(SSLClientSocketFalseStartTest, NoAlpn) {
3341 SSLServerConfig server_config;
3342 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3343 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3344 SSLConfig client_config;
3345 client_config.alpn_protos.clear();
3346 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3347 }
3348
3349 // Test that False Start is disabled with plain RSA ciphers.
TEST_F(SSLClientSocketFalseStartTest,RSA)3350 TEST_F(SSLClientSocketFalseStartTest, RSA) {
3351 SSLServerConfig server_config;
3352 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3353 server_config.cipher_suite_for_testing = kRSACipher;
3354 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3355 SSLConfig client_config;
3356 client_config.alpn_protos.push_back(kProtoHTTP11);
3357 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3358 }
3359
3360 // Test that False Start is disabled without an AEAD.
TEST_F(SSLClientSocketFalseStartTest,NoAEAD)3361 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
3362 SSLServerConfig server_config;
3363 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3364 server_config.cipher_suite_for_testing = kCBCCipher;
3365 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3366 SSLConfig client_config;
3367 client_config.alpn_protos.push_back(kProtoHTTP11);
3368 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3369 }
3370
3371 // Test that sessions are resumable after receiving the server Finished message.
TEST_F(SSLClientSocketFalseStartTest,SessionResumption)3372 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
3373 // Start a server.
3374 SSLServerConfig server_config;
3375 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3376 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3377 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3378 SSLConfig client_config;
3379 client_config.alpn_protos.push_back(kProtoHTTP11);
3380
3381 // Let a full handshake complete with False Start.
3382 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, true));
3383
3384 // Make a second connection.
3385 int rv;
3386 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3387 EXPECT_THAT(rv, IsOk());
3388
3389 // It should resume the session.
3390 SSLInfo ssl_info;
3391 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3392 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3393 }
3394
3395 // Test that the client completes the handshake in the background and installs
3396 // new sessions, even if the socket isn't used. This also avoids a theoretical
3397 // deadlock if NewSessionTicket is sufficiently large that neither it nor the
3398 // client's HTTP/1.1 POST fit in transport windows.
TEST_F(SSLClientSocketFalseStartTest,CompleteHandshakeWithoutRequest)3399 TEST_F(SSLClientSocketFalseStartTest, CompleteHandshakeWithoutRequest) {
3400 // Start a server.
3401 SSLServerConfig server_config;
3402 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3403 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3404 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3405 ASSERT_TRUE(
3406 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3407
3408 SSLConfig client_config;
3409 client_config.alpn_protos.push_back(kProtoHTTP11);
3410
3411 // Start a handshake up to the server Finished message.
3412 TestCompletionCallback callback;
3413 FakeBlockingStreamSocket* raw_transport = nullptr;
3414 std::unique_ptr<SSLClientSocket> sock;
3415 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3416 client_config, &callback, &raw_transport, &sock));
3417
3418 // Wait for the server Finished to arrive, release it, and allow
3419 // SSLClientSocket to process it. This should install a session. It make take
3420 // a few iterations to complete if the server writes in small chunks
3421 while (ssl_client_session_cache_->size() == 0) {
3422 raw_transport->WaitForReadResult();
3423 raw_transport->UnblockReadResult();
3424 base::RunLoop().RunUntilIdle();
3425 raw_transport->BlockReadResult();
3426 }
3427
3428 // Drop the old socket. This is needed because the Python test server can't
3429 // service two sockets in parallel.
3430 sock.reset();
3431
3432 // Make a second connection.
3433 int rv;
3434 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3435 EXPECT_THAT(rv, IsOk());
3436
3437 // It should resume the session.
3438 SSLInfo ssl_info;
3439 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3440 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3441 }
3442
3443 // Test that False Started sessions are not resumable before receiving the
3444 // server Finished message.
TEST_F(SSLClientSocketFalseStartTest,NoSessionResumptionBeforeFinished)3445 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) {
3446 // Start a server.
3447 SSLServerConfig server_config;
3448 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3449 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3450 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3451 ASSERT_TRUE(
3452 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3453
3454 SSLConfig client_config;
3455 client_config.alpn_protos.push_back(kProtoHTTP11);
3456
3457 // Start a handshake up to the server Finished message.
3458 TestCompletionCallback callback;
3459 FakeBlockingStreamSocket* raw_transport1 = nullptr;
3460 std::unique_ptr<SSLClientSocket> sock1;
3461 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3462 client_config, &callback, &raw_transport1, &sock1));
3463 // Although raw_transport1 has the server Finished blocked, the handshake
3464 // still completes.
3465 EXPECT_THAT(callback.WaitForResult(), IsOk());
3466
3467 // Continue to block the client (|sock1|) from processing the Finished
3468 // message, but allow it to arrive on the socket. This ensures that, from the
3469 // server's point of view, it has completed the handshake and added the
3470 // session to its session cache.
3471 //
3472 // The actual read on |sock1| will not complete until the Finished message is
3473 // processed; however, pump the underlying transport so that it is read from
3474 // the socket. NOTE: This may flakily pass if the server's final flight
3475 // doesn't come in one Read.
3476 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
3477 int rv = sock1->Read(buf.get(), 4096, callback.callback());
3478 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
3479 raw_transport1->WaitForReadResult();
3480
3481 // Drop the old socket. This is needed because the Python test server can't
3482 // service two sockets in parallel.
3483 sock1.reset();
3484
3485 // Start a second connection.
3486 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3487 EXPECT_THAT(rv, IsOk());
3488
3489 // No session resumption because the first connection never received a server
3490 // Finished message.
3491 SSLInfo ssl_info;
3492 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3493 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3494 }
3495
3496 // Test that False Started sessions are not resumable if the server Finished
3497 // message was bad.
TEST_F(SSLClientSocketFalseStartTest,NoSessionResumptionBadFinished)3498 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) {
3499 // Start a server.
3500 SSLServerConfig server_config;
3501 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3502 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3503 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3504 ASSERT_TRUE(
3505 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3506
3507 SSLConfig client_config;
3508 client_config.alpn_protos.push_back(kProtoHTTP11);
3509
3510 // Start a handshake up to the server Finished message.
3511 TestCompletionCallback callback;
3512 FakeBlockingStreamSocket* raw_transport1 = nullptr;
3513 std::unique_ptr<SSLClientSocket> sock1;
3514 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3515 client_config, &callback, &raw_transport1, &sock1));
3516 // Although raw_transport1 has the server Finished blocked, the handshake
3517 // still completes.
3518 EXPECT_THAT(callback.WaitForResult(), IsOk());
3519
3520 // Continue to block the client (|sock1|) from processing the Finished
3521 // message, but allow it to arrive on the socket. This ensures that, from the
3522 // server's point of view, it has completed the handshake and added the
3523 // session to its session cache.
3524 //
3525 // The actual read on |sock1| will not complete until the Finished message is
3526 // processed; however, pump the underlying transport so that it is read from
3527 // the socket.
3528 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
3529 int rv = sock1->Read(buf.get(), 4096, callback.callback());
3530 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
3531 raw_transport1->WaitForReadResult();
3532
3533 // The server's second leg, or part of it, is now received but not yet sent to
3534 // |sock1|. Before doing so, break the server's second leg.
3535 int bytes_read = raw_transport1->pending_read_result();
3536 ASSERT_LT(0, bytes_read);
3537 raw_transport1->pending_read_buf()->data()[bytes_read - 1]++;
3538
3539 // Unblock the Finished message. |sock1->Read| should now fail.
3540 raw_transport1->UnblockReadResult();
3541 EXPECT_THAT(callback.GetResult(rv), IsError(ERR_SSL_PROTOCOL_ERROR));
3542
3543 // Drop the old socket. This is needed because the Python test server can't
3544 // service two sockets in parallel.
3545 sock1.reset();
3546
3547 // Start a second connection.
3548 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3549 EXPECT_THAT(rv, IsOk());
3550
3551 // No session resumption because the first connection never received a server
3552 // Finished message.
3553 SSLInfo ssl_info;
3554 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3555 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3556 }
3557
3558 // Server preference should win in ALPN.
TEST_F(SSLClientSocketTest,Alpn)3559 TEST_F(SSLClientSocketTest, Alpn) {
3560 SSLServerConfig server_config;
3561 server_config.alpn_protos = {NextProto::kProtoHTTP2, NextProto::kProtoHTTP11};
3562 ASSERT_TRUE(
3563 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3564
3565 SSLConfig client_config;
3566 client_config.alpn_protos.push_back(kProtoHTTP11);
3567 client_config.alpn_protos.push_back(kProtoHTTP2);
3568
3569 int rv;
3570 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3571 EXPECT_THAT(rv, IsOk());
3572
3573 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
3574 }
3575
3576 // If the server supports ALPN but the client does not, then ALPN is not used.
TEST_F(SSLClientSocketTest,AlpnClientDisabled)3577 TEST_F(SSLClientSocketTest, AlpnClientDisabled) {
3578 SSLServerConfig server_config;
3579 server_config.alpn_protos = {NextProto::kProtoHTTP2};
3580 ASSERT_TRUE(
3581 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3582
3583 SSLConfig client_config;
3584
3585 int rv;
3586 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3587 EXPECT_THAT(rv, IsOk());
3588
3589 EXPECT_EQ(kProtoUnknown, sock_->GetNegotiatedProtocol());
3590 }
3591
3592 // Client certificates are disabled on iOS.
3593 #if !BUILDFLAG(IS_IOS)
3594 // Connect to a server requesting client authentication, do not send
3595 // any client certificates. It should refuse the connection.
TEST_P(SSLClientSocketVersionTest,NoCert)3596 TEST_P(SSLClientSocketVersionTest, NoCert) {
3597 SSLServerConfig server_config = GetServerConfig();
3598 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3599 ASSERT_TRUE(
3600 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3601
3602 int rv;
3603 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3604
3605 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3606 EXPECT_FALSE(sock_->IsConnected());
3607 }
3608
3609 // Connect to a server requesting client authentication, and send it
3610 // an empty certificate.
TEST_P(SSLClientSocketVersionTest,SendEmptyCert)3611 TEST_P(SSLClientSocketVersionTest, SendEmptyCert) {
3612 SSLServerConfig server_config = GetServerConfig();
3613 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3614 ASSERT_TRUE(
3615 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3616
3617 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3618
3619 int rv;
3620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3621
3622 EXPECT_THAT(rv, IsOk());
3623 EXPECT_TRUE(sock_->IsConnected());
3624
3625 SSLInfo ssl_info;
3626 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3627 EXPECT_FALSE(ssl_info.client_cert_sent);
3628 }
3629
3630 // Connect to a server requesting client authentication and send a certificate.
TEST_P(SSLClientSocketVersionTest,SendGoodCert)3631 TEST_P(SSLClientSocketVersionTest, SendGoodCert) {
3632 base::FilePath certs_dir = GetTestCertsDirectory();
3633 scoped_refptr<X509Certificate> client_cert =
3634 ImportCertFromFile(certs_dir, "client_1.pem");
3635 ASSERT_TRUE(client_cert);
3636
3637 // Configure the server to only accept |client_cert|.
3638 MockClientCertVerifier verifier;
3639 verifier.set_default_result(ERR_CERT_INVALID);
3640 verifier.AddResultForCert(client_cert.get(), OK);
3641
3642 SSLServerConfig server_config = GetServerConfig();
3643 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3644 server_config.client_cert_verifier = &verifier;
3645 ASSERT_TRUE(
3646 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3647
3648 context_->SetClientCertificate(
3649 host_port_pair(), client_cert,
3650 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3651
3652 int rv;
3653 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3654
3655 EXPECT_THAT(rv, IsOk());
3656 EXPECT_TRUE(sock_->IsConnected());
3657
3658 SSLInfo ssl_info;
3659 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3660 EXPECT_TRUE(ssl_info.client_cert_sent);
3661
3662 sock_->Disconnect();
3663 EXPECT_FALSE(sock_->IsConnected());
3664
3665 // Shut down the test server before |verifier| goes out of scope.
3666 ASSERT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete());
3667 }
3668
3669 // When client certificate preferences change, the session cache should be
3670 // cleared so the client certificate preferences are applied.
TEST_F(SSLClientSocketTest,ClearSessionCacheOnClientCertChange)3671 TEST_F(SSLClientSocketTest, ClearSessionCacheOnClientCertChange) {
3672 SSLServerConfig server_config;
3673 // TLS 1.3 reports client certificate errors after the handshake, so test at
3674 // TLS 1.2 for simplicity.
3675 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3676 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3677 ASSERT_TRUE(
3678 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3679
3680 // Connecting without a client certificate will fail with
3681 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
3682 int rv;
3683 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3684 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3685
3686 // Configure a client certificate.
3687 base::FilePath certs_dir = GetTestCertsDirectory();
3688 context_->SetClientCertificate(
3689 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3690 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3691
3692 // Now the connection succeeds.
3693 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3694 EXPECT_THAT(rv, IsOk());
3695 EXPECT_TRUE(sock_->IsConnected());
3696
3697 SSLInfo ssl_info;
3698 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3699 EXPECT_TRUE(ssl_info.client_cert_sent);
3700 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
3701
3702 // Make a second connection. This should resume the session from the previous
3703 // connection.
3704 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3705 EXPECT_THAT(rv, IsOk());
3706 EXPECT_TRUE(sock_->IsConnected());
3707
3708 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3709 EXPECT_TRUE(ssl_info.client_cert_sent);
3710 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_RESUME);
3711
3712 // Clear the client certificate preference.
3713 context_->ClearClientCertificate(host_port_pair());
3714
3715 // Connections return to failing, rather than resume the previous session.
3716 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3717 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3718
3719 // Establish a new session with the correct client certificate.
3720 context_->SetClientCertificate(
3721 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3722 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3723 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3724 EXPECT_THAT(rv, IsOk());
3725 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3726 EXPECT_TRUE(ssl_info.client_cert_sent);
3727 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
3728
3729 // Switch to continuing without a client certificate.
3730 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3731
3732 // This also clears the session cache and the new preference is applied.
3733 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3734 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
3735 }
3736 #endif // !IS_IOS
3737
MakeHashValueVector(uint8_t value)3738 HashValueVector MakeHashValueVector(uint8_t value) {
3739 HashValueVector out;
3740 HashValue hash(HASH_VALUE_SHA256);
3741 memset(hash.data(), value, hash.size());
3742 out.push_back(hash);
3743 return out;
3744 }
3745
3746 // Test that |ssl_info.pkp_bypassed| is set when a local trust anchor causes
3747 // pinning to be bypassed.
TEST_P(SSLClientSocketVersionTest,PKPBypassedSet)3748 TEST_P(SSLClientSocketVersionTest, PKPBypassedSet) {
3749 base::test::ScopedFeatureList scoped_feature_list_;
3750 scoped_feature_list_.InitAndEnableFeature(
3751 net::features::kStaticKeyPinningEnforcement);
3752 ASSERT_TRUE(
3753 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3754 scoped_refptr<X509Certificate> server_cert =
3755 embedded_test_server()->GetCertificate();
3756
3757 // The certificate needs to be trusted, but chain to a local root with
3758 // different public key hashes than specified in the pin.
3759 CertVerifyResult verify_result;
3760 verify_result.is_issued_by_known_root = false;
3761 verify_result.verified_cert = server_cert;
3762 verify_result.public_key_hashes =
3763 MakeHashValueVector(kBadHashValueVectorInput);
3764 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
3765
3766 transport_security_state_->EnableStaticPinsForTesting();
3767 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
3768 ScopedTransportSecurityStateSource scoped_security_state_source;
3769
3770 SSLConfig ssl_config;
3771 int rv;
3772 HostPortPair new_host_port_pair("example.test", host_port_pair().port());
3773 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
3774 new_host_port_pair, &rv));
3775 SSLInfo ssl_info;
3776 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3777
3778 EXPECT_THAT(rv, IsOk());
3779 EXPECT_TRUE(sock_->IsConnected());
3780
3781 EXPECT_TRUE(ssl_info.pkp_bypassed);
3782 EXPECT_FALSE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3783 }
3784
TEST_P(SSLClientSocketVersionTest,PKPEnforced)3785 TEST_P(SSLClientSocketVersionTest, PKPEnforced) {
3786 base::test::ScopedFeatureList scoped_feature_list_;
3787 scoped_feature_list_.InitAndEnableFeature(
3788 net::features::kStaticKeyPinningEnforcement);
3789 ASSERT_TRUE(
3790 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3791 scoped_refptr<X509Certificate> server_cert =
3792 embedded_test_server()->GetCertificate();
3793
3794 // Certificate is trusted, but chains to a public root that doesn't match the
3795 // pin hashes.
3796 CertVerifyResult verify_result;
3797 verify_result.is_issued_by_known_root = true;
3798 verify_result.verified_cert = server_cert;
3799 verify_result.public_key_hashes =
3800 MakeHashValueVector(kBadHashValueVectorInput);
3801 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
3802
3803 transport_security_state_->EnableStaticPinsForTesting();
3804 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
3805 ScopedTransportSecurityStateSource scoped_security_state_source;
3806
3807 SSLConfig ssl_config;
3808 int rv;
3809 HostPortPair new_host_port_pair("example.test", host_port_pair().port());
3810 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
3811 new_host_port_pair, &rv));
3812 SSLInfo ssl_info;
3813 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3814
3815 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
3816 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
3817 EXPECT_FALSE(sock_->IsConnected());
3818
3819 EXPECT_FALSE(ssl_info.pkp_bypassed);
3820 }
3821
3822 namespace {
3823 // TLS_RSA_WITH_AES_128_GCM_SHA256's key exchange involves encrypting to the
3824 // server long-term key.
3825 const uint16_t kEncryptingCipher = kRSACipher;
3826 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256's key exchange involves a signature by
3827 // the server long-term key.
3828 const uint16_t kSigningCipher = kModernTLS12Cipher;
3829 } // namespace
3830
3831 struct KeyUsageTest {
3832 EmbeddedTestServer::ServerCertificate server_cert;
3833 uint16_t cipher_suite;
3834 bool known_root;
3835 bool success;
3836 };
3837
3838 class SSLClientSocketKeyUsageTest
3839 : public SSLClientSocketTest,
3840 public ::testing::WithParamInterface<struct KeyUsageTest> {};
3841
3842 const struct KeyUsageTest kKeyUsageTests[] = {
3843 // Known Root: Success iff keyUsage allows the key exchange method
3844 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kSigningCipher, true,
3845 false},
3846 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE, kSigningCipher,
3847 true, true},
3848 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kEncryptingCipher,
3849 true, true},
3850 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE,
3851 kEncryptingCipher, true, false},
3852 // Unknown Root: Always succeeds
3853 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kSigningCipher, false,
3854 true},
3855 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE, kSigningCipher,
3856 false, true},
3857 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kEncryptingCipher,
3858 false, true},
3859 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE,
3860 kEncryptingCipher, false, true},
3861 };
3862
TEST_P(SSLClientSocketKeyUsageTest,RSAKeyUsageEnforcedForKnownRoot)3863 TEST_P(SSLClientSocketKeyUsageTest, RSAKeyUsageEnforcedForKnownRoot) {
3864 const KeyUsageTest test = GetParam();
3865 SSLServerConfig server_config;
3866 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3867 server_config.cipher_suite_for_testing = test.cipher_suite;
3868 ASSERT_TRUE(StartEmbeddedTestServer(test.server_cert, server_config));
3869 scoped_refptr<X509Certificate> server_cert =
3870 embedded_test_server()->GetCertificate();
3871
3872 // Certificate is trusted.
3873 CertVerifyResult verify_result;
3874 verify_result.is_issued_by_known_root = test.known_root;
3875 verify_result.verified_cert = server_cert;
3876 verify_result.public_key_hashes =
3877 MakeHashValueVector(kGoodHashValueVectorInput);
3878 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
3879
3880 SSLConfig ssl_config;
3881 int rv;
3882 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3883 SSLInfo ssl_info;
3884 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3885
3886 if (test.success) {
3887 EXPECT_THAT(rv, IsOk());
3888 EXPECT_TRUE(sock_->IsConnected());
3889 } else {
3890 EXPECT_THAT(rv, IsError(ERR_SSL_KEY_USAGE_INCOMPATIBLE));
3891 EXPECT_FALSE(sock_->IsConnected());
3892 }
3893 }
3894
3895 INSTANTIATE_TEST_SUITE_P(RSAKeyUsageInstantiation,
3896 SSLClientSocketKeyUsageTest,
3897 ValuesIn(kKeyUsageTests));
3898
3899 // Test that when CT is required (in this case, by the delegate), the
3900 // absence of CT information is a socket error.
TEST_P(SSLClientSocketVersionTest,CTIsRequired)3901 TEST_P(SSLClientSocketVersionTest, CTIsRequired) {
3902 ASSERT_TRUE(
3903 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3904 scoped_refptr<X509Certificate> server_cert =
3905 embedded_test_server()->GetCertificate();
3906
3907 // Certificate is trusted and chains to a public root.
3908 CertVerifyResult verify_result;
3909 verify_result.is_issued_by_known_root = true;
3910 verify_result.verified_cert = server_cert;
3911 verify_result.public_key_hashes =
3912 MakeHashValueVector(kGoodHashValueVectorInput);
3913 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
3914
3915 // Set up CT
3916 MockRequireCTDelegate require_ct_delegate;
3917 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
3918 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
3919 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
3920 CTRequirementLevel::NOT_REQUIRED));
3921 EXPECT_CALL(require_ct_delegate,
3922 IsCTRequiredForHost(host_port_pair().host(), _, _))
3923 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
3924 CTRequirementLevel::REQUIRED));
3925 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
3926 .WillRepeatedly(
3927 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
3928
3929 SSLConfig ssl_config;
3930 int rv;
3931 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3932 SSLInfo ssl_info;
3933 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3934
3935 EXPECT_THAT(rv, IsError(ERR_CERTIFICATE_TRANSPARENCY_REQUIRED));
3936 EXPECT_TRUE(ssl_info.cert_status &
3937 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
3938 EXPECT_FALSE(sock_->IsConnected());
3939 }
3940
3941 // Test that when CT is required, setting ignore_certificate_errors
3942 // ignores errors in CT.
TEST_P(SSLClientSocketVersionTest,IgnoreCertificateErrorsBypassesRequiredCT)3943 TEST_P(SSLClientSocketVersionTest, IgnoreCertificateErrorsBypassesRequiredCT) {
3944 ASSERT_TRUE(
3945 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3946 scoped_refptr<X509Certificate> server_cert =
3947 embedded_test_server()->GetCertificate();
3948
3949 // Certificate is trusted and chains to a public root.
3950 CertVerifyResult verify_result;
3951 verify_result.is_issued_by_known_root = true;
3952 verify_result.verified_cert = server_cert;
3953 verify_result.public_key_hashes =
3954 MakeHashValueVector(kGoodHashValueVectorInput);
3955 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
3956
3957 // Set up CT
3958 MockRequireCTDelegate require_ct_delegate;
3959 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
3960 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
3961 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
3962 CTRequirementLevel::NOT_REQUIRED));
3963 EXPECT_CALL(require_ct_delegate,
3964 IsCTRequiredForHost(host_port_pair().host(), _, _))
3965 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
3966 CTRequirementLevel::REQUIRED));
3967 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
3968 .WillRepeatedly(
3969 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
3970
3971 SSLConfig ssl_config;
3972 ssl_config.ignore_certificate_errors = true;
3973 int rv;
3974 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3975 SSLInfo ssl_info;
3976 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3977
3978 EXPECT_THAT(rv, IsOk());
3979 EXPECT_TRUE(ssl_info.cert_status &
3980 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
3981 EXPECT_TRUE(sock_->IsConnected());
3982 }
3983
3984 // When both PKP and CT are required for a host, and both fail, the more
3985 // serious error is that the pin validation failed.
TEST_P(SSLClientSocketVersionTest,PKPMoreImportantThanCT)3986 TEST_P(SSLClientSocketVersionTest, PKPMoreImportantThanCT) {
3987 base::test::ScopedFeatureList scoped_feature_list_;
3988 scoped_feature_list_.InitAndEnableFeature(
3989 net::features::kStaticKeyPinningEnforcement);
3990 ASSERT_TRUE(
3991 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3992 scoped_refptr<X509Certificate> server_cert =
3993 embedded_test_server()->GetCertificate();
3994
3995 // Certificate is trusted, but chains to a public root that doesn't match the
3996 // pin hashes.
3997 CertVerifyResult verify_result;
3998 verify_result.is_issued_by_known_root = true;
3999 verify_result.verified_cert = server_cert;
4000 verify_result.public_key_hashes =
4001 MakeHashValueVector(kBadHashValueVectorInput);
4002 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4003
4004 transport_security_state_->EnableStaticPinsForTesting();
4005 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4006 ScopedTransportSecurityStateSource scoped_security_state_source;
4007
4008 const char kCTHost[] = "hsts-hpkp-preloaded.test";
4009
4010 // Set up CT.
4011 MockRequireCTDelegate require_ct_delegate;
4012 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4013 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4014 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4015 CTRequirementLevel::NOT_REQUIRED));
4016 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(kCTHost, _, _))
4017 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4018 CTRequirementLevel::REQUIRED));
4019 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
4020 .WillRepeatedly(
4021 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
4022
4023 SSLConfig ssl_config;
4024 int rv;
4025 HostPortPair ct_host_port_pair(kCTHost, host_port_pair().port());
4026 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4027 ct_host_port_pair, &rv));
4028 SSLInfo ssl_info;
4029 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4030
4031 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
4032 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4033 EXPECT_TRUE(ssl_info.cert_status &
4034 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4035 EXPECT_FALSE(sock_->IsConnected());
4036 }
4037
4038 // Tests that the SCTAuditingDelegate is called to enqueue SCT reports.
TEST_P(SSLClientSocketVersionTest,SCTAuditingReportCollected)4039 TEST_P(SSLClientSocketVersionTest, SCTAuditingReportCollected) {
4040 ASSERT_TRUE(
4041 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4042 scoped_refptr<X509Certificate> server_cert =
4043 embedded_test_server()->GetCertificate();
4044
4045 // Certificate is trusted and chains to a public root.
4046 CertVerifyResult verify_result;
4047 verify_result.is_issued_by_known_root = true;
4048 verify_result.verified_cert = server_cert;
4049 verify_result.public_key_hashes =
4050 MakeHashValueVector(kGoodHashValueVectorInput);
4051 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4052
4053 // Set up CT and auditing delegate.
4054 MockRequireCTDelegate require_ct_delegate;
4055 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4056 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4057 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4058 CTRequirementLevel::REQUIRED));
4059 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
4060 .WillRepeatedly(
4061 Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
4062
4063 MockSCTAuditingDelegate sct_auditing_delegate;
4064 context_ = std::make_unique<SSLClientContext>(
4065 ssl_config_service_.get(), cert_verifier_.get(),
4066 transport_security_state_.get(), ct_policy_enforcer_.get(),
4067 ssl_client_session_cache_.get(), &sct_auditing_delegate);
4068
4069 EXPECT_CALL(sct_auditing_delegate, IsSCTAuditingEnabled())
4070 .WillRepeatedly(Return(true));
4071 EXPECT_CALL(sct_auditing_delegate,
4072 MaybeEnqueueReport(host_port_pair(), server_cert.get(), _))
4073 .Times(1);
4074
4075 SSLConfig ssl_config;
4076 int rv;
4077 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4078 EXPECT_THAT(rv, 0);
4079 EXPECT_TRUE(sock_->IsConnected());
4080 }
4081
4082 // Test that handshake_failure alerts at the ServerHello are mapped to
4083 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
TEST_F(SSLClientSocketTest,HandshakeFailureServerHello)4084 TEST_F(SSLClientSocketTest, HandshakeFailureServerHello) {
4085 ASSERT_TRUE(
4086 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
4087
4088 TestCompletionCallback callback;
4089 auto real_transport = std::make_unique<TCPClientSocket>(
4090 addr(), nullptr, nullptr, nullptr, NetLogSource());
4091 auto transport =
4092 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4093 FakeBlockingStreamSocket* raw_transport = transport.get();
4094 int rv = callback.GetResult(transport->Connect(callback.callback()));
4095 ASSERT_THAT(rv, IsOk());
4096
4097 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4098 std::move(transport), host_port_pair(), SSLConfig()));
4099
4100 // Connect. Stop before the client processes ServerHello.
4101 raw_transport->BlockReadResult();
4102 rv = sock->Connect(callback.callback());
4103 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4104 raw_transport->WaitForReadResult();
4105
4106 // Replace it with an alert.
4107 raw_transport->ReplaceReadResult(
4108 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4109 raw_transport->UnblockReadResult();
4110
4111 rv = callback.GetResult(rv);
4112 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
4113 }
4114
4115 // Test that handshake_failure alerts after the ServerHello but without a
4116 // CertificateRequest are mapped to ERR_SSL_PROTOCOL_ERROR.
TEST_F(SSLClientSocketTest,HandshakeFailureNoClientCerts)4117 TEST_F(SSLClientSocketTest, HandshakeFailureNoClientCerts) {
4118 SSLServerConfig server_config;
4119 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4120 ASSERT_TRUE(
4121 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4122
4123 TestCompletionCallback callback;
4124 auto real_transport = std::make_unique<TCPClientSocket>(
4125 addr(), nullptr, nullptr, nullptr, NetLogSource());
4126 auto transport =
4127 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4128 FakeBlockingStreamSocket* raw_transport = transport.get();
4129 int rv = callback.GetResult(transport->Connect(callback.callback()));
4130 ASSERT_THAT(rv, IsOk());
4131
4132 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4133 std::move(transport), host_port_pair(), SSLConfig()));
4134
4135 // Connect. Stop before the client processes ServerHello.
4136 raw_transport->BlockReadResult();
4137 rv = sock->Connect(callback.callback());
4138 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4139 raw_transport->WaitForReadResult();
4140
4141 // Release the ServerHello and wait for the client to write its second flight.
4142 raw_transport->BlockWrite();
4143 raw_transport->UnblockReadResult();
4144 raw_transport->WaitForWrite();
4145
4146 // Wait for the server's final flight.
4147 raw_transport->BlockReadResult();
4148 raw_transport->UnblockWrite();
4149 raw_transport->WaitForReadResult();
4150
4151 // Replace it with an alert.
4152 raw_transport->ReplaceReadResult(
4153 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4154 raw_transport->UnblockReadResult();
4155
4156 rv = callback.GetResult(rv);
4157 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4158 }
4159
4160 // Test that handshake_failure alerts after the ServerHello map to
4161 // ERR_BAD_SSL_CLIENT_AUTH_CERT if a client certificate was requested but not
4162 // supplied. TLS does not have an alert for this case, so handshake_failure is
4163 // common. See https://crbug.com/646567.
TEST_F(SSLClientSocketTest,LateHandshakeFailureMissingClientCerts)4164 TEST_F(SSLClientSocketTest, LateHandshakeFailureMissingClientCerts) {
4165 // Request a client certificate.
4166 SSLServerConfig server_config;
4167 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4168 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4169 ASSERT_TRUE(
4170 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4171
4172 TestCompletionCallback callback;
4173 auto real_transport = std::make_unique<TCPClientSocket>(
4174 addr(), nullptr, nullptr, nullptr, NetLogSource());
4175 auto transport =
4176 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4177 FakeBlockingStreamSocket* raw_transport = transport.get();
4178 int rv = callback.GetResult(transport->Connect(callback.callback()));
4179 ASSERT_THAT(rv, IsOk());
4180
4181 // Send no client certificate.
4182 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
4183 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4184 std::move(transport), host_port_pair(), SSLConfig()));
4185
4186 // Connect. Stop before the client processes ServerHello.
4187 raw_transport->BlockReadResult();
4188 rv = sock->Connect(callback.callback());
4189 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4190 raw_transport->WaitForReadResult();
4191
4192 // Release the ServerHello and wait for the client to write its second flight.
4193 raw_transport->BlockWrite();
4194 raw_transport->UnblockReadResult();
4195 raw_transport->WaitForWrite();
4196
4197 // Wait for the server's final flight.
4198 raw_transport->BlockReadResult();
4199 raw_transport->UnblockWrite();
4200 raw_transport->WaitForReadResult();
4201
4202 // Replace it with an alert.
4203 raw_transport->ReplaceReadResult(
4204 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4205 raw_transport->UnblockReadResult();
4206
4207 rv = callback.GetResult(rv);
4208 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4209 }
4210
4211 // Test that handshake_failure alerts after the ServerHello map to
4212 // ERR_SSL_PROTOCOL_ERROR if received after sending a client certificate. It is
4213 // assumed servers will send a more appropriate alert in this case.
TEST_F(SSLClientSocketTest,LateHandshakeFailureSendClientCerts)4214 TEST_F(SSLClientSocketTest, LateHandshakeFailureSendClientCerts) {
4215 // Request a client certificate.
4216 SSLServerConfig server_config;
4217 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4218 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4219 ASSERT_TRUE(
4220 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4221
4222 TestCompletionCallback callback;
4223 auto real_transport = std::make_unique<TCPClientSocket>(
4224 addr(), nullptr, nullptr, nullptr, NetLogSource());
4225 auto transport =
4226 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4227 FakeBlockingStreamSocket* raw_transport = transport.get();
4228 int rv = callback.GetResult(transport->Connect(callback.callback()));
4229 ASSERT_THAT(rv, IsOk());
4230
4231 // Send a client certificate.
4232 base::FilePath certs_dir = GetTestCertsDirectory();
4233 context_->SetClientCertificate(
4234 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4235 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4236 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4237 std::move(transport), host_port_pair(), SSLConfig()));
4238
4239 // Connect. Stop before the client processes ServerHello.
4240 raw_transport->BlockReadResult();
4241 rv = sock->Connect(callback.callback());
4242 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4243 raw_transport->WaitForReadResult();
4244
4245 // Release the ServerHello and wait for the client to write its second flight.
4246 raw_transport->BlockWrite();
4247 raw_transport->UnblockReadResult();
4248 raw_transport->WaitForWrite();
4249
4250 // Wait for the server's final flight.
4251 raw_transport->BlockReadResult();
4252 raw_transport->UnblockWrite();
4253 raw_transport->WaitForReadResult();
4254
4255 // Replace it with an alert.
4256 raw_transport->ReplaceReadResult(
4257 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4258 raw_transport->UnblockReadResult();
4259
4260 rv = callback.GetResult(rv);
4261 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4262 }
4263
4264 // Test that access_denied alerts are mapped to ERR_SSL_PROTOCOL_ERROR if
4265 // received on a connection not requesting client certificates. This is an
4266 // incorrect use of the alert but is common. See https://crbug.com/630883.
TEST_F(SSLClientSocketTest,AccessDeniedNoClientCerts)4267 TEST_F(SSLClientSocketTest, AccessDeniedNoClientCerts) {
4268 // Request a client certificate.
4269 SSLServerConfig server_config;
4270 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4271 ASSERT_TRUE(
4272 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4273
4274 TestCompletionCallback callback;
4275 auto real_transport = std::make_unique<TCPClientSocket>(
4276 addr(), nullptr, nullptr, nullptr, NetLogSource());
4277 auto transport =
4278 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4279 FakeBlockingStreamSocket* raw_transport = transport.get();
4280 int rv = callback.GetResult(transport->Connect(callback.callback()));
4281 ASSERT_THAT(rv, IsOk());
4282
4283 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4284 std::move(transport), host_port_pair(), SSLConfig()));
4285
4286 // Connect. Stop before the client processes ServerHello.
4287 raw_transport->BlockReadResult();
4288 rv = sock->Connect(callback.callback());
4289 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4290 raw_transport->WaitForReadResult();
4291
4292 // Release the ServerHello and wait for the client to write its second flight.
4293 raw_transport->BlockWrite();
4294 raw_transport->UnblockReadResult();
4295 raw_transport->WaitForWrite();
4296
4297 // Wait for the server's final flight.
4298 raw_transport->BlockReadResult();
4299 raw_transport->UnblockWrite();
4300 raw_transport->WaitForReadResult();
4301
4302 // Replace it with an alert.
4303 raw_transport->ReplaceReadResult(
4304 FormatTLS12Alert(49 /* AlertDescription.access_denied */));
4305 raw_transport->UnblockReadResult();
4306
4307 rv = callback.GetResult(rv);
4308 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4309 }
4310
4311 // Test that access_denied alerts are mapped to ERR_BAD_SSL_CLIENT_AUTH_CERT if
4312 // received on a connection requesting client certificates.
TEST_F(SSLClientSocketTest,AccessDeniedClientCerts)4313 TEST_F(SSLClientSocketTest, AccessDeniedClientCerts) {
4314 // Request a client certificate.
4315 SSLServerConfig server_config;
4316 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4317 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4318 ASSERT_TRUE(
4319 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4320
4321 TestCompletionCallback callback;
4322 auto real_transport = std::make_unique<TCPClientSocket>(
4323 addr(), nullptr, nullptr, nullptr, NetLogSource());
4324 auto transport =
4325 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4326 FakeBlockingStreamSocket* raw_transport = transport.get();
4327 int rv = callback.GetResult(transport->Connect(callback.callback()));
4328 ASSERT_THAT(rv, IsOk());
4329
4330 // Send a client certificate.
4331 base::FilePath certs_dir = GetTestCertsDirectory();
4332 context_->SetClientCertificate(
4333 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4334 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4335 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4336 std::move(transport), host_port_pair(), SSLConfig()));
4337
4338 // Connect. Stop before the client processes ServerHello.
4339 raw_transport->BlockReadResult();
4340 rv = sock->Connect(callback.callback());
4341 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4342 raw_transport->WaitForReadResult();
4343
4344 // Release the ServerHello and wait for the client to write its second flight.
4345 raw_transport->BlockWrite();
4346 raw_transport->UnblockReadResult();
4347 raw_transport->WaitForWrite();
4348
4349 // Wait for the server's final flight.
4350 raw_transport->BlockReadResult();
4351 raw_transport->UnblockWrite();
4352 raw_transport->WaitForReadResult();
4353
4354 // Replace it with an alert.
4355 raw_transport->ReplaceReadResult(
4356 FormatTLS12Alert(49 /* AlertDescription.access_denied */));
4357 raw_transport->UnblockReadResult();
4358
4359 rv = callback.GetResult(rv);
4360 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4361 }
4362
4363 // Test the client can send application data before the ServerHello comes in.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataBeforeServerHello)4364 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataBeforeServerHello) {
4365 ASSERT_TRUE(StartServer());
4366 ASSERT_TRUE(RunInitialConnection());
4367
4368 // Make a 0-RTT Connection. Connect() and Write() complete even though the
4369 // ServerHello is blocked.
4370 FakeBlockingStreamSocket* socket = MakeClient(true);
4371 socket->BlockReadResult();
4372 ASSERT_THAT(Connect(), IsOk());
4373 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4374 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4375
4376 // Release the ServerHello. Now reads complete.
4377 socket->UnblockReadResult();
4378 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4379 int size = ReadAndWait(buf.get(), 4096);
4380 EXPECT_GT(size, 0);
4381 EXPECT_EQ('1', buf->data()[size - 1]);
4382
4383 SSLInfo ssl_info;
4384 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4385 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4386 }
4387
4388 // Test that the client sends 1-RTT data if the ServerHello happens to come in
4389 // before Write() is called. See https://crbug.com/950706.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataAfterServerHello)4390 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataAfterServerHello) {
4391 ASSERT_TRUE(StartServer());
4392 ASSERT_TRUE(RunInitialConnection());
4393
4394 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4395 // blocked.
4396 FakeBlockingStreamSocket* socket = MakeClient(true);
4397 socket->BlockReadResult();
4398 ASSERT_THAT(Connect(), IsOk());
4399
4400 // Wait for the ServerHello to come in and for SSLClientSocket to process it.
4401 socket->WaitForReadResult();
4402 socket->UnblockReadResult();
4403 base::RunLoop().RunUntilIdle();
4404
4405 // Now write to the socket.
4406 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4407 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4408
4409 // Although the socket was created in early data state and the client never
4410 // explicitly called ReaD() or ConfirmHandshake(), SSLClientSocketImpl
4411 // internally consumed the ServerHello and switch keys. The server then
4412 // responds with '0'.
4413 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4414 int size = ReadAndWait(buf.get(), 4096);
4415 EXPECT_GT(size, 0);
4416 EXPECT_EQ('0', buf->data()[size - 1]);
4417
4418 SSLInfo ssl_info;
4419 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4420 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4421 }
4422
4423 // Check that 0RTT is confirmed after a Write and Read.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTConfirmedAfterRead)4424 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTConfirmedAfterRead) {
4425 ASSERT_TRUE(StartServer());
4426 ASSERT_TRUE(RunInitialConnection());
4427
4428 // Make a 0-RTT Connection. Connect() and Write() complete even though the
4429 // ServerHello is blocked.
4430 FakeBlockingStreamSocket* socket = MakeClient(true);
4431 socket->BlockReadResult();
4432 ASSERT_THAT(Connect(), IsOk());
4433 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4434 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4435
4436 socket->UnblockReadResult();
4437 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4438 int size = ReadAndWait(buf.get(), 4096);
4439 EXPECT_GT(size, 0);
4440 EXPECT_EQ('1', buf->data()[size - 1]);
4441
4442 // After the handshake is confirmed, ConfirmHandshake should return
4443 // synchronously.
4444 TestCompletionCallback callback;
4445 ASSERT_THAT(ssl_socket()->ConfirmHandshake(callback.callback()), IsOk());
4446
4447 SSLInfo ssl_info;
4448 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4449 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4450 }
4451
4452 // Test that writes wait for the ServerHello once it has reached the early data
4453 // limit.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataLimit)4454 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimit) {
4455 ASSERT_TRUE(StartServer());
4456 ASSERT_TRUE(RunInitialConnection());
4457
4458 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4459 // blocked.
4460 FakeBlockingStreamSocket* socket = MakeClient(true);
4461 socket->BlockReadResult();
4462 ASSERT_THAT(Connect(), IsOk());
4463
4464 // EmbeddedTestServer uses BoringSSL's hard-coded early data limit, which is
4465 // below 16k.
4466 constexpr size_t kRequestSize = 16 * 1024;
4467 std::string request = "GET /zerortt HTTP/1.0\r\n";
4468 while (request.size() < kRequestSize) {
4469 request += "The-Answer-To-Life-The-Universe-And-Everything: 42\r\n";
4470 }
4471 request += "\r\n";
4472
4473 // Writing the large input should not succeed. It is blocked on the
4474 // ServerHello.
4475 TestCompletionCallback write_callback;
4476 auto write_buf = base::MakeRefCounted<StringIOBuffer>(request);
4477 int write_rv = ssl_socket()->Write(write_buf.get(), request.size(),
4478 write_callback.callback(),
4479 TRAFFIC_ANNOTATION_FOR_TESTS);
4480 ASSERT_THAT(write_rv, IsError(ERR_IO_PENDING));
4481
4482 // The Write should have issued a read for the ServerHello, so
4483 // WaitForReadResult has something to wait for.
4484 socket->WaitForReadResult();
4485 EXPECT_TRUE(socket->pending_read_result());
4486
4487 // Queue a read. It should be blocked on the ServerHello.
4488 TestCompletionCallback read_callback;
4489 auto read_buf = base::MakeRefCounted<IOBuffer>(4096);
4490 int read_rv =
4491 ssl_socket()->Read(read_buf.get(), 4096, read_callback.callback());
4492 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
4493
4494 // Also queue a ConfirmHandshake. It should also be blocked on ServerHello.
4495 TestCompletionCallback confirm_callback;
4496 int confirm_rv = ssl_socket()->ConfirmHandshake(confirm_callback.callback());
4497 ASSERT_THAT(confirm_rv, IsError(ERR_IO_PENDING));
4498
4499 // Double-check the write was not accidentally blocked on the network.
4500 base::RunLoop().RunUntilIdle();
4501 EXPECT_FALSE(write_callback.have_result());
4502
4503 // At this point, the maximum possible number of events are all blocked on the
4504 // same thing. Release the ServerHello. All three should complete.
4505 socket->UnblockReadResult();
4506 EXPECT_EQ(static_cast<int>(request.size()),
4507 write_callback.GetResult(write_rv));
4508 EXPECT_THAT(confirm_callback.GetResult(confirm_rv), IsOk());
4509 int size = read_callback.GetResult(read_rv);
4510 ASSERT_GT(size, 0);
4511 EXPECT_EQ('1', read_buf->data()[size - 1]);
4512
4513 SSLInfo ssl_info;
4514 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4515 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4516 }
4517
4518 // When a client socket reaches the 0-RTT early data limit, both Write() and
4519 // ConfirmHandshake() become blocked on a transport read. Test that
4520 // CancelReadIfReady() does not interrupt those.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataLimitCancelReadIfReady)4521 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimitCancelReadIfReady) {
4522 ASSERT_TRUE(StartServer());
4523 ASSERT_TRUE(RunInitialConnection());
4524
4525 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4526 // blocked.
4527 FakeBlockingStreamSocket* socket = MakeClient(true);
4528 socket->BlockReadResult();
4529 ASSERT_THAT(Connect(), IsOk());
4530
4531 // EmbeddedTestServer uses BoringSSL's hard-coded early data limit, which is
4532 // below 16k.
4533 constexpr size_t kRequestSize = 16 * 1024;
4534 std::string request = "GET /zerortt HTTP/1.0\r\n";
4535 while (request.size() < kRequestSize) {
4536 request += "The-Answer-To-Life-The-Universe-And-Everything: 42\r\n";
4537 }
4538 request += "\r\n";
4539
4540 // Writing the large input should not succeed. It is blocked on the
4541 // ServerHello.
4542 TestCompletionCallback write_callback;
4543 auto write_buf = base::MakeRefCounted<StringIOBuffer>(request);
4544 int write_rv = ssl_socket()->Write(write_buf.get(), request.size(),
4545 write_callback.callback(),
4546 TRAFFIC_ANNOTATION_FOR_TESTS);
4547 ASSERT_THAT(write_rv, IsError(ERR_IO_PENDING));
4548
4549 // The Write should have issued a read for the ServerHello, so
4550 // WaitForReadResult has something to wait for.
4551 socket->WaitForReadResult();
4552 EXPECT_TRUE(socket->pending_read_result());
4553
4554 // Attempt a ReadIfReady(). It should be blocked on the ServerHello.
4555 TestCompletionCallback read_callback;
4556 auto read_buf = base::MakeRefCounted<IOBuffer>(4096);
4557 int read_rv =
4558 ssl_socket()->ReadIfReady(read_buf.get(), 4096, read_callback.callback());
4559 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
4560
4561 // Also queue a ConfirmHandshake. It should also be blocked on ServerHello.
4562 TestCompletionCallback confirm_callback;
4563 int confirm_rv = ssl_socket()->ConfirmHandshake(confirm_callback.callback());
4564 ASSERT_THAT(confirm_rv, IsError(ERR_IO_PENDING));
4565
4566 // Cancel the ReadIfReady() and release the ServerHello. The remaining
4567 // operations should complete.
4568 ASSERT_THAT(ssl_socket()->CancelReadIfReady(), IsOk());
4569 socket->UnblockReadResult();
4570 EXPECT_EQ(static_cast<int>(request.size()),
4571 write_callback.GetResult(write_rv));
4572 EXPECT_THAT(confirm_callback.GetResult(confirm_rv), IsOk());
4573
4574 // ReadIfReady() should not complete.
4575 base::RunLoop().RunUntilIdle();
4576 EXPECT_FALSE(read_callback.have_result());
4577
4578 SSLInfo ssl_info;
4579 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4580 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4581
4582 // After a canceled read, future reads are still possible.
4583 TestCompletionCallback read_callback2;
4584 read_rv = read_callback2.GetResult(
4585 ssl_socket()->Read(read_buf.get(), 4096, read_callback2.callback()));
4586 ASSERT_GT(read_rv, 0);
4587 }
4588
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTReject)4589 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReject) {
4590 ASSERT_TRUE(StartServer());
4591 ASSERT_TRUE(RunInitialConnection());
4592
4593 SSLServerConfig server_config;
4594 server_config.early_data_enabled = false;
4595 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
4596 SetServerConfig(server_config);
4597
4598 // 0-RTT Connection
4599 FakeBlockingStreamSocket* socket = MakeClient(true);
4600 socket->BlockReadResult();
4601 ASSERT_THAT(Connect(), IsOk());
4602 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4603 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4604 socket->UnblockReadResult();
4605
4606 // Expect early data to be rejected.
4607 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4608 int rv = ReadAndWait(buf.get(), 4096);
4609 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
4610 rv = WriteAndWait(kRequest);
4611 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
4612
4613 // Run the event loop so the rejection has reached the TLS session cache.
4614 base::RunLoop().RunUntilIdle();
4615
4616 // Now that the session cache has been updated, retrying the connection
4617 // should succeed.
4618 socket = MakeClient(true);
4619 ASSERT_THAT(Connect(), IsOk());
4620 ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk());
4621 SSLInfo ssl_info;
4622 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4623 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
4624 }
4625
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTWrongVersion)4626 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTWrongVersion) {
4627 ASSERT_TRUE(StartServer());
4628 ASSERT_TRUE(RunInitialConnection());
4629
4630 SSLServerConfig server_config;
4631 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4632 SetServerConfig(server_config);
4633
4634 // 0-RTT Connection
4635 FakeBlockingStreamSocket* socket = MakeClient(true);
4636 socket->BlockReadResult();
4637 ASSERT_THAT(Connect(), IsOk());
4638 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4639 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4640 socket->UnblockReadResult();
4641
4642 // Expect early data to be rejected because the TLS version was incorrect.
4643 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4644 int rv = ReadAndWait(buf.get(), 4096);
4645 EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv);
4646 rv = WriteAndWait(kRequest);
4647 EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv);
4648
4649 // Run the event loop so the rejection has reached the TLS session cache.
4650 base::RunLoop().RunUntilIdle();
4651
4652 // Now that the session cache has been updated, retrying the connection
4653 // should succeed.
4654 socket = MakeClient(true);
4655 ASSERT_THAT(Connect(), IsOk());
4656 ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk());
4657 SSLInfo ssl_info;
4658 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4659 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
4660 }
4661
4662 // Test that the ConfirmHandshake successfully completes the handshake and that
4663 // it blocks until the server's leg has been received.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTConfirmHandshake)4664 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTConfirmHandshake) {
4665 ASSERT_TRUE(StartServer());
4666 ASSERT_TRUE(RunInitialConnection());
4667
4668 // 0-RTT Connection
4669 FakeBlockingStreamSocket* socket = MakeClient(true);
4670 socket->BlockReadResult();
4671 ASSERT_THAT(Connect(), IsOk());
4672
4673 // The ServerHello is blocked, so ConfirmHandshake should not complete.
4674 TestCompletionCallback callback;
4675 ASSERT_EQ(ERR_IO_PENDING,
4676 ssl_socket()->ConfirmHandshake(callback.callback()));
4677 base::RunLoop().RunUntilIdle();
4678 EXPECT_FALSE(callback.have_result());
4679
4680 // Release the ServerHello. ConfirmHandshake now completes.
4681 socket->UnblockReadResult();
4682 ASSERT_THAT(callback.GetResult(ERR_IO_PENDING), IsOk());
4683
4684 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4685 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4686
4687 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4688 int size = ReadAndWait(buf.get(), 4096);
4689 EXPECT_GT(size, 0);
4690 EXPECT_EQ('0', buf->data()[size - 1]);
4691
4692 SSLInfo ssl_info;
4693 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4694 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4695 }
4696
4697 // Test that an early read does not break during zero RTT.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTReadBeforeWrite)4698 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReadBeforeWrite) {
4699 ASSERT_TRUE(StartServer());
4700 ASSERT_TRUE(RunInitialConnection());
4701
4702 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4703 // blocked.
4704 FakeBlockingStreamSocket* socket = MakeClient(true);
4705 socket->BlockReadResult();
4706 ASSERT_THAT(Connect(), IsOk());
4707
4708 // Read() does not make progress.
4709 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4710 TestCompletionCallback read_callback;
4711 ASSERT_EQ(ERR_IO_PENDING,
4712 ssl_socket()->Read(buf.get(), 4096, read_callback.callback()));
4713
4714 // Write() completes, even though reads are blocked.
4715 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4716 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4717
4718 // Release the ServerHello, etc. The Read() now completes.
4719 socket->UnblockReadResult();
4720 int size = read_callback.GetResult(ERR_IO_PENDING);
4721 EXPECT_GT(size, 0);
4722 EXPECT_EQ('1', buf->data()[size - 1]);
4723
4724 SSLInfo ssl_info;
4725 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4726 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4727 }
4728
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTDoubleConfirmHandshake)4729 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTDoubleConfirmHandshake) {
4730 ASSERT_TRUE(StartServer());
4731 ASSERT_TRUE(RunInitialConnection());
4732
4733 // 0-RTT Connection
4734 MakeClient(true);
4735 ASSERT_THAT(Connect(), IsOk());
4736 TestCompletionCallback callback;
4737 ASSERT_THAT(
4738 callback.GetResult(ssl_socket()->ConfirmHandshake(callback.callback())),
4739 IsOk());
4740 // After the handshake is confirmed, ConfirmHandshake should return
4741 // synchronously.
4742 ASSERT_THAT(ssl_socket()->ConfirmHandshake(callback.callback()), IsOk());
4743 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4744 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4745
4746 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4747 int size = ReadAndWait(buf.get(), 4096);
4748 EXPECT_GT(size, 0);
4749 EXPECT_EQ('0', buf->data()[size - 1]);
4750
4751 SSLInfo ssl_info;
4752 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4753 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4754 }
4755
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTParallelReadConfirm)4756 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTParallelReadConfirm) {
4757 ASSERT_TRUE(StartServer());
4758 ASSERT_TRUE(RunInitialConnection());
4759
4760 // 0-RTT Connection
4761 FakeBlockingStreamSocket* socket = MakeClient(true);
4762 socket->BlockReadResult();
4763 ASSERT_THAT(Connect(), IsOk());
4764
4765 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4766 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4767
4768 // The ServerHello is blocked, so ConfirmHandshake should not complete.
4769 TestCompletionCallback callback;
4770 ASSERT_EQ(ERR_IO_PENDING,
4771 ssl_socket()->ConfirmHandshake(callback.callback()));
4772 base::RunLoop().RunUntilIdle();
4773 EXPECT_FALSE(callback.have_result());
4774
4775 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
4776 TestCompletionCallback read_callback;
4777 ASSERT_EQ(ERR_IO_PENDING,
4778 ssl_socket()->Read(buf.get(), 4096, read_callback.callback()));
4779 base::RunLoop().RunUntilIdle();
4780 EXPECT_FALSE(read_callback.have_result());
4781
4782 // Release the ServerHello. ConfirmHandshake now completes.
4783 socket->UnblockReadResult();
4784 ASSERT_THAT(callback.WaitForResult(), IsOk());
4785
4786 int result = read_callback.WaitForResult();
4787 EXPECT_GT(result, 0);
4788 EXPECT_EQ('1', buf->data()[result - 1]);
4789
4790 SSLInfo ssl_info;
4791 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4792 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4793 }
4794
TEST_P(SSLClientSocketReadTest,IdleAfterRead)4795 TEST_P(SSLClientSocketReadTest, IdleAfterRead) {
4796 // Set up a TCP server.
4797 TCPServerSocket server_listener(nullptr, NetLogSource());
4798 ASSERT_THAT(server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0),
4799 1, /*ipv6_only=*/absl::nullopt),
4800 IsOk());
4801 IPEndPoint server_address;
4802 ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk());
4803
4804 // Connect a TCP client and server socket.
4805 TestCompletionCallback server_callback;
4806 std::unique_ptr<StreamSocket> server_transport;
4807 int server_rv =
4808 server_listener.Accept(&server_transport, server_callback.callback());
4809
4810 TestCompletionCallback client_callback;
4811 auto client_transport = std::make_unique<TCPClientSocket>(
4812 AddressList(server_address), nullptr, nullptr, nullptr, NetLogSource());
4813 int client_rv = client_transport->Connect(client_callback.callback());
4814
4815 EXPECT_THAT(server_callback.GetResult(server_rv), IsOk());
4816 EXPECT_THAT(client_callback.GetResult(client_rv), IsOk());
4817
4818 // Set up an SSL server.
4819 base::FilePath certs_dir = GetTestCertsDirectory();
4820 scoped_refptr<net::X509Certificate> cert =
4821 ImportCertFromFile(certs_dir, "ok_cert.pem");
4822 ASSERT_TRUE(cert);
4823 bssl::UniquePtr<EVP_PKEY> pkey =
4824 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("ok_cert.pem"));
4825 ASSERT_TRUE(pkey);
4826 std::unique_ptr<crypto::RSAPrivateKey> key =
4827 crypto::RSAPrivateKey::CreateFromKey(pkey.get());
4828 ASSERT_TRUE(key);
4829 std::unique_ptr<SSLServerContext> server_context =
4830 CreateSSLServerContext(cert.get(), *key.get(), GetServerConfig());
4831
4832 // Complete the SSL handshake on both sides.
4833 std::unique_ptr<SSLClientSocket> client(CreateSSLClientSocket(
4834 std::move(client_transport), HostPortPair::FromIPEndPoint(server_address),
4835 SSLConfig()));
4836 std::unique_ptr<SSLServerSocket> server(
4837 server_context->CreateSSLServerSocket(std::move(server_transport)));
4838
4839 server_rv = server->Handshake(server_callback.callback());
4840 client_rv = client->Connect(client_callback.callback());
4841
4842 EXPECT_THAT(server_callback.GetResult(server_rv), IsOk());
4843 EXPECT_THAT(client_callback.GetResult(client_rv), IsOk());
4844
4845 // Write a single record on the server.
4846 scoped_refptr<IOBuffer> write_buf = base::MakeRefCounted<StringIOBuffer>("a");
4847 server_rv = server->Write(write_buf.get(), 1, server_callback.callback(),
4848 TRAFFIC_ANNOTATION_FOR_TESTS);
4849
4850 // Read that record on the server, but with a much larger buffer than
4851 // necessary.
4852 scoped_refptr<IOBuffer> read_buf = base::MakeRefCounted<IOBuffer>(1024);
4853 client_rv =
4854 Read(client.get(), read_buf.get(), 1024, client_callback.callback());
4855
4856 EXPECT_EQ(1, server_callback.GetResult(server_rv));
4857 EXPECT_EQ(1, WaitForReadCompletion(client.get(), read_buf.get(), 1024,
4858 &client_callback, client_rv));
4859
4860 // At this point the client socket should be idle.
4861 EXPECT_TRUE(client->IsConnectedAndIdle());
4862 }
4863
4864 // Test that certificate errors are properly reported when the underlying
4865 // transport is itself a TLS connection, such as when tunneling over an HTTPS
4866 // proxy. See https://crbug.com/959305.
TEST_F(SSLClientSocketTest,SSLOverSSLBadCertificate)4867 TEST_F(SSLClientSocketTest, SSLOverSSLBadCertificate) {
4868 // Load a pair of certificates.
4869 base::FilePath certs_dir = GetTestCertsDirectory();
4870 scoped_refptr<net::X509Certificate> ok_cert =
4871 ImportCertFromFile(certs_dir, "ok_cert.pem");
4872 ASSERT_TRUE(ok_cert);
4873 bssl::UniquePtr<EVP_PKEY> ok_pkey =
4874 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("ok_cert.pem"));
4875 ASSERT_TRUE(ok_pkey);
4876
4877 scoped_refptr<net::X509Certificate> expired_cert =
4878 ImportCertFromFile(certs_dir, "expired_cert.pem");
4879 ASSERT_TRUE(expired_cert);
4880 bssl::UniquePtr<EVP_PKEY> expired_pkey =
4881 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("expired_cert.pem"));
4882 ASSERT_TRUE(expired_pkey);
4883
4884 CertVerifyResult expired_result;
4885 expired_result.verified_cert = expired_cert;
4886 expired_result.cert_status = CERT_STATUS_DATE_INVALID;
4887 cert_verifier_->AddResultForCert(expired_cert, expired_result,
4888 ERR_CERT_DATE_INVALID);
4889
4890 // Set up a TCP server.
4891 TCPServerSocket server_listener(nullptr, NetLogSource());
4892 ASSERT_THAT(server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0),
4893 1, /*ipv6_only=*/absl::nullopt),
4894 IsOk());
4895 IPEndPoint server_address;
4896 ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk());
4897
4898 // Connect a TCP client and server socket.
4899 TestCompletionCallback server_callback;
4900 std::unique_ptr<StreamSocket> server_transport;
4901 int server_rv =
4902 server_listener.Accept(&server_transport, server_callback.callback());
4903
4904 TestCompletionCallback client_callback;
4905 auto client_transport = std::make_unique<TCPClientSocket>(
4906 AddressList(server_address), nullptr, nullptr, nullptr, NetLogSource());
4907 int client_rv = client_transport->Connect(client_callback.callback());
4908
4909 ASSERT_THAT(server_callback.GetResult(server_rv), IsOk());
4910 ASSERT_THAT(client_callback.GetResult(client_rv), IsOk());
4911
4912 // Set up a pair of SSL servers.
4913 std::unique_ptr<crypto::RSAPrivateKey> ok_key =
4914 crypto::RSAPrivateKey::CreateFromKey(ok_pkey.get());
4915 ASSERT_TRUE(ok_key);
4916 std::unique_ptr<SSLServerContext> ok_server_context =
4917 CreateSSLServerContext(ok_cert.get(), *ok_key.get(), SSLServerConfig());
4918
4919 std::unique_ptr<crypto::RSAPrivateKey> expired_key =
4920 crypto::RSAPrivateKey::CreateFromKey(expired_pkey.get());
4921 ASSERT_TRUE(expired_key);
4922 std::unique_ptr<SSLServerContext> expired_server_context =
4923 CreateSSLServerContext(expired_cert.get(), *expired_key.get(),
4924 SSLServerConfig());
4925
4926 // Complete the proxy SSL handshake with ok_cert.pem. This should succeed.
4927 std::unique_ptr<SSLClientSocket> client =
4928 CreateSSLClientSocket(std::move(client_transport),
4929 HostPortPair("proxy.test", 443), SSLConfig());
4930 std::unique_ptr<SSLServerSocket> server =
4931 ok_server_context->CreateSSLServerSocket(std::move(server_transport));
4932
4933 client_rv = client->Connect(client_callback.callback());
4934 server_rv = server->Handshake(server_callback.callback());
4935 ASSERT_THAT(client_callback.GetResult(client_rv), IsOk());
4936 ASSERT_THAT(server_callback.GetResult(server_rv), IsOk());
4937
4938 // Run the tunneled SSL handshake on with expired_cert.pem. This should fail.
4939 client = CreateSSLClientSocket(std::move(client),
4940 HostPortPair("server.test", 443), SSLConfig());
4941 server = expired_server_context->CreateSSLServerSocket(std::move(server));
4942
4943 client_rv = client->Connect(client_callback.callback());
4944 server_rv = server->Handshake(server_callback.callback());
4945
4946 // The client should observe the bad certificate error.
4947 EXPECT_THAT(client_callback.GetResult(client_rv),
4948 IsError(ERR_CERT_DATE_INVALID));
4949 SSLInfo ssl_info;
4950 ASSERT_TRUE(client->GetSSLInfo(&ssl_info));
4951 EXPECT_EQ(ssl_info.cert_status, expired_result.cert_status);
4952
4953 // TODO(https://crbug.com/912383): The server sees
4954 // ERR_BAD_SSL_CLIENT_AUTH_CERT because its peer (the client) alerts it with
4955 // bad_certificate. The alert-mapping code assumes it is running on a client,
4956 // so it translates bad_certificate to ERR_BAD_SSL_CLIENT_AUTH_CERT, which
4957 // shouldn't be the error for a bad server certificate.
4958 EXPECT_THAT(server_callback.GetResult(server_rv),
4959 IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4960 }
4961
TEST_F(SSLClientSocketTest,Tag)4962 TEST_F(SSLClientSocketTest, Tag) {
4963 ASSERT_TRUE(
4964 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
4965
4966 auto transport = std::make_unique<TCPClientSocket>(
4967 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
4968
4969 auto tagging_sock =
4970 std::make_unique<MockTaggingStreamSocket>(std::move(transport));
4971 auto* tagging_sock_ptr = tagging_sock.get();
4972
4973 // |sock| takes ownership of |tagging_sock|, but keep a
4974 // non-owning pointer to it.
4975 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4976 std::move(tagging_sock), host_port_pair(), SSLConfig()));
4977
4978 EXPECT_EQ(tagging_sock_ptr->tag(), SocketTag());
4979 #if BUILDFLAG(IS_ANDROID)
4980 SocketTag tag(0x12345678, 0x87654321);
4981 sock->ApplySocketTag(tag);
4982 EXPECT_EQ(tagging_sock_ptr->tag(), tag);
4983 #endif // BUILDFLAG(IS_ANDROID)
4984 }
4985
TEST_F(SSLClientSocketTest,ECH)4986 TEST_F(SSLClientSocketTest, ECH) {
4987 base::test::ScopedFeatureList feature_list;
4988 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
4989
4990 SSLServerConfig server_config;
4991 SSLConfig client_config;
4992 server_config.ech_keys = MakeTestEchKeys(
4993 "public.example", /*max_name_len=*/64, &client_config.ech_config_list);
4994 ASSERT_TRUE(server_config.ech_keys);
4995
4996 ASSERT_TRUE(
4997 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4998
4999 // Connecting with the client should use ECH.
5000 int rv;
5001 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5002 EXPECT_THAT(rv, IsOk());
5003 SSLInfo ssl_info;
5004 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5005 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5006 EXPECT_TRUE(ssl_info.encrypted_client_hello);
5007
5008 // TLS 1.3 causes the ticket to arrive later. Use the socket to ensure we have
5009 // a ticket. This also populates the SSLInfo from the server.
5010 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5011 absl::optional<SSLInfo> server_ssl_info = LastSSLInfoFromServer();
5012 ASSERT_TRUE(server_ssl_info);
5013 EXPECT_TRUE(server_ssl_info->encrypted_client_hello);
5014
5015 // Reconnect. ECH should not interfere with resumption.
5016 sock_.reset();
5017 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5018 EXPECT_THAT(rv, IsOk());
5019 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5020 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5021 EXPECT_TRUE(ssl_info.encrypted_client_hello);
5022
5023 // Check SSLInfo from the server.
5024 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5025 server_ssl_info = LastSSLInfoFromServer();
5026 ASSERT_TRUE(server_ssl_info);
5027 EXPECT_TRUE(server_ssl_info->encrypted_client_hello);
5028
5029 // Connecting without ECH should not report ECH was used.
5030 client_config.ech_config_list.clear();
5031 sock_.reset();
5032 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5033 EXPECT_THAT(rv, IsOk());
5034 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5035 EXPECT_FALSE(ssl_info.encrypted_client_hello);
5036
5037 // Check SSLInfo from the server.
5038 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5039 server_ssl_info = LastSSLInfoFromServer();
5040 ASSERT_TRUE(server_ssl_info);
5041 EXPECT_FALSE(server_ssl_info->encrypted_client_hello);
5042 }
5043
5044 // Test that, on key mismatch, the public name can be used to authenticate
5045 // replacement keys.
TEST_F(SSLClientSocketTest,ECHWrongKeys)5046 TEST_F(SSLClientSocketTest, ECHWrongKeys) {
5047 base::test::ScopedFeatureList feature_list;
5048 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5049
5050 static const char kPublicName[] = "public.example";
5051 std::vector<uint8_t> ech_config_list1, ech_config_list2;
5052 bssl::UniquePtr<SSL_ECH_KEYS> keys1 =
5053 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list1);
5054 ASSERT_TRUE(keys1);
5055 bssl::UniquePtr<SSL_ECH_KEYS> keys2 =
5056 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list2);
5057 ASSERT_TRUE(keys2);
5058
5059 // Configure the client and server with different keys.
5060 SSLServerConfig server_config;
5061 server_config.ech_keys = std::move(keys1);
5062 SSLConfig client_config;
5063 client_config.ech_config_list = std::move(ech_config_list2);
5064
5065 ASSERT_TRUE(
5066 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5067
5068 // Verify the fallback handshake verifies the certificate against the public
5069 // name.
5070 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5071 scoped_refptr<X509Certificate> server_cert =
5072 embedded_test_server()->GetCertificate();
5073 CertVerifyResult verify_result;
5074 verify_result.verified_cert = server_cert;
5075 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5076 verify_result, OK);
5077
5078 // Connecting with the client should report ECH was not negotiated.
5079 int rv;
5080 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5081 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5082
5083 // The server's keys are available as retry keys.
5084 EXPECT_EQ(ech_config_list1, sock_->GetECHRetryConfigs());
5085 }
5086
5087 // Test that, if the server does not support ECH, it can securely report this
5088 // via the public name. This allows recovery if the server needed to
5089 // rollback ECH support.
TEST_F(SSLClientSocketTest,ECHSecurelyDisabled)5090 TEST_F(SSLClientSocketTest, ECHSecurelyDisabled) {
5091 base::test::ScopedFeatureList feature_list;
5092 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5093
5094 static const char kPublicName[] = "public.example";
5095 std::vector<uint8_t> ech_config_list;
5096 bssl::UniquePtr<SSL_ECH_KEYS> keys =
5097 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list);
5098 ASSERT_TRUE(keys);
5099
5100 // The server does not have keys configured.
5101 ASSERT_TRUE(
5102 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5103
5104 // However it can authenticate for kPublicName.
5105 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5106 scoped_refptr<X509Certificate> server_cert =
5107 embedded_test_server()->GetCertificate();
5108 CertVerifyResult verify_result;
5109 verify_result.verified_cert = server_cert;
5110 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5111 verify_result, OK);
5112
5113 // Connecting with the client should report ECH was not negotiated.
5114 SSLConfig client_config;
5115 client_config.ech_config_list = std::move(ech_config_list);
5116 int rv;
5117 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5118 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5119
5120 // The retry config is empty, meaning the server has securely reported that
5121 // ECH is disabled
5122 EXPECT_TRUE(sock_->GetECHRetryConfigs().empty());
5123 }
5124
5125 // The same as the above, but testing that it also works in TLS 1.2, which
5126 // otherwise does not support ECH.
TEST_F(SSLClientSocketTest,ECHSecurelyDisabledTLS12)5127 TEST_F(SSLClientSocketTest, ECHSecurelyDisabledTLS12) {
5128 base::test::ScopedFeatureList feature_list;
5129 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5130
5131 static const char kPublicName[] = "public.example";
5132 std::vector<uint8_t> ech_config_list;
5133 bssl::UniquePtr<SSL_ECH_KEYS> keys =
5134 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list);
5135 ASSERT_TRUE(keys);
5136
5137 // The server does not have keys configured.
5138 SSLServerConfig server_config;
5139 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5140 ASSERT_TRUE(
5141 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5142
5143 // However it can authenticate for kPublicName.
5144 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5145 scoped_refptr<X509Certificate> server_cert =
5146 embedded_test_server()->GetCertificate();
5147 CertVerifyResult verify_result;
5148 verify_result.verified_cert = server_cert;
5149 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5150 verify_result, OK);
5151
5152 // Connecting with the client should report ECH was not negotiated.
5153 SSLConfig client_config;
5154 client_config.ech_config_list = std::move(ech_config_list);
5155 int rv;
5156 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5157 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5158
5159 // The retry config is empty, meaning the server has securely reported that
5160 // ECH is disabled
5161 EXPECT_TRUE(sock_->GetECHRetryConfigs().empty());
5162 }
5163
5164 // Test that the ECH fallback handshake rejects bad certificates.
TEST_F(SSLClientSocketTest,ECHFallbackBadCert)5165 TEST_F(SSLClientSocketTest, ECHFallbackBadCert) {
5166 base::test::ScopedFeatureList feature_list;
5167 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5168
5169 static const char kPublicName[] = "public.example";
5170 std::vector<uint8_t> ech_config_list1, ech_config_list2;
5171 bssl::UniquePtr<SSL_ECH_KEYS> keys1 =
5172 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list1);
5173 ASSERT_TRUE(keys1);
5174 bssl::UniquePtr<SSL_ECH_KEYS> keys2 =
5175 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list2);
5176 ASSERT_TRUE(keys2);
5177
5178 // Configure the client and server with different keys.
5179 SSLServerConfig server_config;
5180 server_config.ech_keys = std::move(keys1);
5181 SSLConfig client_config;
5182 client_config.ech_config_list = std::move(ech_config_list2);
5183
5184 ASSERT_TRUE(
5185 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5186
5187 // Configure the client to reject the certificate for the public name (or any
5188 // other name).
5189 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5190
5191 // Connecting with the client will fail with a fatal error.
5192 int rv;
5193 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5194 EXPECT_THAT(rv, IsError(ERR_ECH_FALLBACK_CERTIFICATE_INVALID));
5195 }
5196
TEST_F(SSLClientSocketTest,InvalidECHConfigList)5197 TEST_F(SSLClientSocketTest, InvalidECHConfigList) {
5198 base::test::ScopedFeatureList feature_list;
5199 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5200
5201 ASSERT_TRUE(
5202 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5203
5204 // If the ECHConfigList cannot be parsed at all, report an error to the
5205 // caller.
5206 SSLConfig client_config;
5207 client_config.ech_config_list = {0x00};
5208 int rv;
5209 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5210 EXPECT_THAT(rv, IsError(ERR_INVALID_ECH_CONFIG_LIST));
5211 }
5212
5213 // Test that, if no ECHConfigList is available, the client sends ECH GREASE.
TEST_F(SSLClientSocketTest,ECHGreaseEnabled)5214 TEST_F(SSLClientSocketTest, ECHGreaseEnabled) {
5215 base::test::ScopedFeatureList feature_list;
5216 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5217
5218 // Configure the server to expect an ECH extension.
5219 bool ran_callback = false;
5220 SSLServerConfig server_config;
5221 server_config.client_hello_callback_for_testing =
5222 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5223 const uint8_t* data;
5224 size_t len;
5225 EXPECT_TRUE(SSL_early_callback_ctx_extension_get(
5226 client_hello, TLSEXT_TYPE_encrypted_client_hello, &data, &len));
5227 ran_callback = true;
5228 return true;
5229 });
5230 ASSERT_TRUE(
5231 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5232 int rv;
5233 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
5234 EXPECT_THAT(rv, IsOk());
5235 EXPECT_TRUE(ran_callback);
5236 }
5237
5238 // Test that, if the feature flag is disabled, the client does not send ECH
5239 // GREASE.
TEST_F(SSLClientSocketTest,ECHGreaseDisabled)5240 TEST_F(SSLClientSocketTest, ECHGreaseDisabled) {
5241 base::test::ScopedFeatureList feature_list;
5242 feature_list.InitAndDisableFeature(features::kEncryptedClientHello);
5243
5244 // Configure the server not to expect an ECH extension.
5245 bool ran_callback = false;
5246 SSLServerConfig server_config;
5247 server_config.client_hello_callback_for_testing =
5248 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5249 const uint8_t* data;
5250 size_t len;
5251 EXPECT_FALSE(SSL_early_callback_ctx_extension_get(
5252 client_hello, TLSEXT_TYPE_encrypted_client_hello, &data, &len));
5253 ran_callback = true;
5254 return true;
5255 });
5256 ASSERT_TRUE(
5257 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5258 int rv;
5259 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
5260 EXPECT_THAT(rv, IsOk());
5261 EXPECT_TRUE(ran_callback);
5262 }
5263
5264 struct SSLHandshakeDetailsParams {
5265 bool alpn;
5266 bool early_data;
5267 uint16_t version;
5268 SSLHandshakeDetails expected_initial;
5269 SSLHandshakeDetails expected_resume;
5270 };
5271
5272 const SSLHandshakeDetailsParams kSSLHandshakeDetailsParams[] = {
5273 // TLS 1.2 does False Start if ALPN is enabled.
5274 {false /* no ALPN */, false /* no early data */,
5275 SSL_PROTOCOL_VERSION_TLS1_2, SSLHandshakeDetails::kTLS12Full,
5276 SSLHandshakeDetails::kTLS12Resume},
5277 {true /* ALPN */, false /* no early data */, SSL_PROTOCOL_VERSION_TLS1_2,
5278 SSLHandshakeDetails::kTLS12FalseStart, SSLHandshakeDetails::kTLS12Resume},
5279
5280 // TLS 1.3 supports full handshakes, resumption, and 0-RTT.
5281 {false /* no ALPN */, false /* no early data */,
5282 SSL_PROTOCOL_VERSION_TLS1_3, SSLHandshakeDetails::kTLS13Full,
5283 SSLHandshakeDetails::kTLS13Resume},
5284 {false /* no ALPN */, true /* early data */, SSL_PROTOCOL_VERSION_TLS1_3,
5285 SSLHandshakeDetails::kTLS13Full, SSLHandshakeDetails::kTLS13Early},
5286 };
5287
5288 class SSLHandshakeDetailsTest
5289 : public SSLClientSocketTest,
5290 public ::testing::WithParamInterface<SSLHandshakeDetailsParams> {};
5291
5292 INSTANTIATE_TEST_SUITE_P(All,
5293 SSLHandshakeDetailsTest,
5294 ValuesIn(kSSLHandshakeDetailsParams));
5295
TEST_P(SSLHandshakeDetailsTest,Metrics)5296 TEST_P(SSLHandshakeDetailsTest, Metrics) {
5297 // Enable all test features in the server.
5298 SSLServerConfig server_config;
5299 server_config.early_data_enabled = true;
5300 server_config.alpn_protos = {kProtoHTTP11};
5301 ASSERT_TRUE(
5302 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5303
5304 SSLContextConfig client_context_config;
5305 client_context_config.version_min = GetParam().version;
5306 client_context_config.version_max = GetParam().version;
5307 ssl_config_service_->UpdateSSLConfigAndNotify(client_context_config);
5308
5309 SSLConfig client_config;
5310 client_config.version_min_override = GetParam().version;
5311 client_config.version_max_override = GetParam().version;
5312 client_config.early_data_enabled = GetParam().early_data;
5313 if (GetParam().alpn) {
5314 client_config.alpn_protos = {kProtoHTTP11};
5315 }
5316
5317 SSLVersion version;
5318 switch (GetParam().version) {
5319 case SSL_PROTOCOL_VERSION_TLS1_2:
5320 version = SSL_CONNECTION_VERSION_TLS1_2;
5321 break;
5322 case SSL_PROTOCOL_VERSION_TLS1_3:
5323 version = SSL_CONNECTION_VERSION_TLS1_3;
5324 break;
5325 default:
5326 FAIL() << GetParam().version;
5327 }
5328
5329 // Make the initial connection.
5330 {
5331 base::HistogramTester histograms;
5332 int rv;
5333 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5334 EXPECT_THAT(rv, IsOk());
5335
5336 // Sanity-check the socket matches the test parameters.
5337 SSLInfo info;
5338 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5339 EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status));
5340 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
5341 EXPECT_EQ(GetParam().alpn, sock_->WasAlpnNegotiated());
5342
5343 histograms.ExpectUniqueSample("Net.SSLHandshakeDetails",
5344 GetParam().expected_initial, 1);
5345
5346 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
5347 // use the socket to ensure the session ticket has been picked up.
5348 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
5349 }
5350
5351 // Make a resumption connection.
5352 {
5353 base::HistogramTester histograms;
5354 int rv;
5355 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5356 EXPECT_THAT(rv, IsOk());
5357
5358 // Sanity-check the socket matches the test parameters.
5359 SSLInfo info;
5360 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5361 EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status));
5362 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, info.handshake_type);
5363 EXPECT_EQ(GetParam().alpn, sock_->WasAlpnNegotiated());
5364
5365 histograms.ExpectUniqueSample("Net.SSLHandshakeDetails",
5366 GetParam().expected_resume, 1);
5367 }
5368 }
5369
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonNewSession)5370 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonNewSession) {
5371 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5372
5373 ASSERT_TRUE(StartServer());
5374 base::HistogramTester histograms;
5375 ASSERT_TRUE(RunInitialConnection());
5376 histograms.ExpectUniqueSample(kReasonHistogram,
5377 ssl_early_data_no_session_offered, 1);
5378 }
5379
5380 // Test 0-RTT logging when the server declines to resume a connection.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonNoResume)5381 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonNoResume) {
5382 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5383
5384 ASSERT_TRUE(StartServer());
5385 ASSERT_TRUE(RunInitialConnection());
5386
5387 SSLServerConfig server_config;
5388 server_config.early_data_enabled = false;
5389 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5390
5391 SetServerConfig(server_config);
5392
5393 base::HistogramTester histograms;
5394
5395 // 0-RTT Connection
5396 FakeBlockingStreamSocket* socket = MakeClient(true);
5397 socket->BlockReadResult();
5398 ASSERT_THAT(Connect(), IsOk());
5399 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5400 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5401 socket->UnblockReadResult();
5402
5403 // Expect early data to be rejected.
5404 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
5405 int rv = ReadAndWait(buf.get(), 4096);
5406 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
5407
5408 // The histogram may be record asynchronously.
5409 base::RunLoop().RunUntilIdle();
5410 histograms.ExpectUniqueSample(kReasonHistogram,
5411 ssl_early_data_session_not_resumed, 1);
5412 }
5413
5414 // Test 0-RTT logging in the standard ConfirmHandshake-after-acceptance case.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonZeroRTT)5415 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonZeroRTT) {
5416 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5417
5418 ASSERT_TRUE(StartServer());
5419 ASSERT_TRUE(RunInitialConnection());
5420
5421 // 0-RTT Connection
5422 base::HistogramTester histograms;
5423 MakeClient(true);
5424 ASSERT_THAT(Connect(), IsOk());
5425 TestCompletionCallback callback;
5426 ASSERT_THAT(
5427 callback.GetResult(ssl_socket()->ConfirmHandshake(callback.callback())),
5428 IsOk());
5429
5430 base::RunLoop().RunUntilIdle();
5431
5432 histograms.ExpectUniqueSample(kReasonHistogram, ssl_early_data_accepted, 1);
5433 }
5434
5435 // Check that we're correctly logging 0-rtt success when the handshake
5436 // concludes during a Read.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonReadServerHello)5437 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonReadServerHello) {
5438 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5439 ASSERT_TRUE(StartServer());
5440 ASSERT_TRUE(RunInitialConnection());
5441
5442 // 0-RTT Connection
5443 base::HistogramTester histograms;
5444 MakeClient(true);
5445 ASSERT_THAT(Connect(), IsOk());
5446 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5447 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5448
5449 scoped_refptr<IOBuffer> buf = base::MakeRefCounted<IOBuffer>(4096);
5450 int size = ReadAndWait(buf.get(), 4096);
5451 EXPECT_GT(size, 0);
5452 EXPECT_EQ('1', buf->data()[size - 1]);
5453
5454 // 0-RTT metrics are logged on a PostTask, so if Read returns synchronously,
5455 // it is possible the metrics haven't been picked up yet.
5456 base::RunLoop().RunUntilIdle();
5457
5458 SSLInfo ssl_info;
5459 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5460 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5461
5462 histograms.ExpectUniqueSample(kReasonHistogram, ssl_early_data_accepted, 1);
5463 }
5464
TEST_F(SSLClientSocketTest,VersionMaxOverride)5465 TEST_F(SSLClientSocketTest, VersionMaxOverride) {
5466 SSLServerConfig server_config;
5467 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5468 ASSERT_TRUE(
5469 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5470
5471 // Connecting normally uses the global configuration.
5472 SSLConfig config;
5473 int rv;
5474 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5475 EXPECT_THAT(rv, IsOk());
5476 SSLInfo info;
5477 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5478 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
5479 SSLConnectionStatusToVersion(info.connection_status));
5480
5481 // Individual sockets may override the maximum version.
5482 config.version_max_override = SSL_PROTOCOL_VERSION_TLS1_2;
5483 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5484 EXPECT_THAT(rv, IsOk());
5485 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5486 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
5487 SSLConnectionStatusToVersion(info.connection_status));
5488 }
5489
TEST_F(SSLClientSocketTest,VersionMinOverride)5490 TEST_F(SSLClientSocketTest, VersionMinOverride) {
5491 SSLServerConfig server_config;
5492 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5493 ASSERT_TRUE(
5494 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5495
5496 // Connecting normally uses the global configuration.
5497 SSLConfig config;
5498 int rv;
5499 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5500 EXPECT_THAT(rv, IsOk());
5501 SSLInfo info;
5502 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5503 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
5504 SSLConnectionStatusToVersion(info.connection_status));
5505
5506 // Individual sockets may also override the minimum version.
5507 config.version_min_override = SSL_PROTOCOL_VERSION_TLS1_3;
5508 config.version_max_override = SSL_PROTOCOL_VERSION_TLS1_3;
5509 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5510 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
5511 }
5512
5513 // Basic test of CancelReadIfReady works.
TEST_F(SSLClientSocketTest,CancelReadIfReady)5514 TEST_F(SSLClientSocketTest, CancelReadIfReady) {
5515 ASSERT_TRUE(
5516 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5517
5518 // Connect with a FakeBlockingStreamSocket.
5519 auto real_transport = std::make_unique<TCPClientSocket>(
5520 addr(), nullptr, nullptr, nullptr, NetLogSource());
5521 auto transport =
5522 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
5523 FakeBlockingStreamSocket* raw_transport = transport.get();
5524 TestCompletionCallback callback;
5525 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
5526 IsOk());
5527
5528 // Complete the handshake. Disable the post-handshake peek so that, after the
5529 // handshake, there are no pending reads on the transport.
5530 SSLConfig config;
5531 config.disable_post_handshake_peek_for_testing = true;
5532 auto sock =
5533 CreateSSLClientSocket(std::move(transport), host_port_pair(), config);
5534 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
5535
5536 // Block the socket and wait for some data to arrive from the server.
5537 raw_transport->BlockReadResult();
5538 auto write_buf =
5539 base::MakeRefCounted<StringIOBuffer>("GET / HTTP/1.0\r\n\r\n");
5540 ASSERT_EQ(callback.GetResult(sock->Write(write_buf.get(), write_buf->size(),
5541 callback.callback(),
5542 TRAFFIC_ANNOTATION_FOR_TESTS)),
5543 write_buf->size());
5544
5545 // ReadIfReady() should not read anything because the socket is blocked.
5546 bool callback_called = false;
5547 auto read_buf = base::MakeRefCounted<IOBuffer>(100);
5548 int rv = sock->ReadIfReady(
5549 read_buf.get(), 100,
5550 base::BindLambdaForTesting([&](int rv) { callback_called = true; }));
5551 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
5552
5553 // Cancel ReadIfReady() and unblock the socket.
5554 ASSERT_THAT(sock->CancelReadIfReady(), IsOk());
5555 raw_transport->WaitForReadResult();
5556 raw_transport->UnblockReadResult();
5557 base::RunLoop().RunUntilIdle();
5558
5559 // Although data is now available, the callback should not have been called.
5560 EXPECT_FALSE(callback_called);
5561
5562 // Future reads on the socket should still work. The data should be
5563 // synchronously available.
5564 EXPECT_GT(
5565 callback.GetResult(sock->Read(read_buf.get(), 100, callback.callback())),
5566 0);
5567 }
5568
5569 // Test that the server_name extension (SNI) is sent on DNS names, and not IP
5570 // literals.
TEST_F(SSLClientSocketTest,ServerName)5571 TEST_F(SSLClientSocketTest, ServerName) {
5572 absl::optional<std::string> got_server_name;
5573 bool ran_callback = false;
5574 auto reset_callback_state = [&] {
5575 got_server_name = absl::nullopt;
5576 ran_callback = false;
5577 };
5578
5579 // Start a server which records the server name.
5580 SSLServerConfig server_config;
5581 server_config.client_hello_callback_for_testing =
5582 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5583 const char* server_name =
5584 SSL_get_servername(client_hello->ssl, TLSEXT_NAMETYPE_host_name);
5585 if (server_name) {
5586 got_server_name = server_name;
5587 } else {
5588 got_server_name = absl::nullopt;
5589 }
5590 ran_callback = true;
5591 return true;
5592 });
5593 ASSERT_TRUE(
5594 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5595
5596 // The client should send the server_name extension for DNS names.
5597 uint16_t port = host_port_pair().port();
5598 int rv;
5599 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
5600 SSLConfig(), HostPortPair("example.com", port), &rv));
5601 ASSERT_THAT(rv, IsOk());
5602 EXPECT_TRUE(ran_callback);
5603 EXPECT_EQ(got_server_name, "example.com");
5604
5605 // The client should not send the server_name extension for IPv4 and IPv6
5606 // literals. See https://crbug.com/500981.
5607 reset_callback_state();
5608 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
5609 SSLConfig(), HostPortPair("1.2.3.4", port), &rv));
5610 ASSERT_THAT(rv, IsOk());
5611 EXPECT_TRUE(ran_callback);
5612 EXPECT_EQ(got_server_name, absl::nullopt);
5613
5614 reset_callback_state();
5615 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
5616 SSLConfig(), HostPortPair("::1", port), &rv));
5617 ASSERT_THAT(rv, IsOk());
5618 EXPECT_TRUE(ran_callback);
5619 EXPECT_EQ(got_server_name, absl::nullopt);
5620
5621 reset_callback_state();
5622 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
5623 SSLConfig(), HostPortPair("2001:db8::42", port), &rv));
5624 ASSERT_THAT(rv, IsOk());
5625 EXPECT_TRUE(ran_callback);
5626 EXPECT_EQ(got_server_name, absl::nullopt);
5627 }
5628
5629 class SSLClientSocketAlpsTest
5630 : public SSLClientSocketTest,
5631 public ::testing::WithParamInterface<std::tuple<bool, bool>> {
5632 public:
SSLClientSocketAlpsTest()5633 SSLClientSocketAlpsTest()
5634 : client_alps_enabled_(std::get<0>(GetParam())),
5635 server_alps_enabled_(std::get<1>(GetParam())) {}
5636 ~SSLClientSocketAlpsTest() override = default;
5637 const bool client_alps_enabled_;
5638 const bool server_alps_enabled_;
5639 };
5640
5641 INSTANTIATE_TEST_SUITE_P(All, SSLClientSocketAlpsTest, Combine(Bool(), Bool()));
5642
TEST_P(SSLClientSocketAlpsTest,Alps)5643 TEST_P(SSLClientSocketAlpsTest, Alps) {
5644 const std::string server_data = "server sends some test data";
5645 const std::string client_data = "client also sends some data";
5646
5647 SSLServerConfig server_config;
5648 server_config.alpn_protos = {kProtoHTTP2};
5649 if (server_alps_enabled_) {
5650 server_config.application_settings[kProtoHTTP2] =
5651 std::vector<uint8_t>(server_data.begin(), server_data.end());
5652 }
5653 ASSERT_TRUE(
5654 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5655
5656 SSLConfig client_config;
5657 client_config.alpn_protos = {kProtoHTTP2};
5658 if (client_alps_enabled_) {
5659 client_config.application_settings[kProtoHTTP2] =
5660 std::vector<uint8_t>(client_data.begin(), client_data.end());
5661 }
5662
5663 int rv;
5664 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5665 EXPECT_THAT(rv, IsOk());
5666
5667 SSLInfo info;
5668 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5669 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
5670 SSLConnectionStatusToVersion(info.connection_status));
5671 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
5672
5673 EXPECT_EQ(true, sock_->WasAlpnNegotiated());
5674 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
5675
5676 // ALPS is negotiated only if ALPS is enabled both on client and server.
5677 const auto alps_data_received_by_client = sock_->GetPeerApplicationSettings();
5678
5679 if (client_alps_enabled_ && server_alps_enabled_) {
5680 ASSERT_TRUE(alps_data_received_by_client.has_value());
5681 EXPECT_EQ(server_data, alps_data_received_by_client.value());
5682 } else {
5683 EXPECT_FALSE(alps_data_received_by_client.has_value());
5684 }
5685 }
5686
5687 } // namespace net
5688