1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/ssl_client_socket.h"
6
7 #include <errno.h>
8 #include <string.h>
9
10 #include <algorithm>
11 #include <memory>
12 #include <tuple>
13 #include <utility>
14
15 #include "base/files/file_util.h"
16 #include "base/functional/bind.h"
17 #include "base/functional/callback_helpers.h"
18 #include "base/location.h"
19 #include "base/memory/raw_ptr.h"
20 #include "base/memory/ref_counted.h"
21 #include "base/run_loop.h"
22 #include "base/strings/string_number_conversions.h"
23 #include "base/strings/string_piece.h"
24 #include "base/strings/stringprintf.h"
25 #include "base/synchronization/lock.h"
26 #include "base/task/single_thread_task_runner.h"
27 #include "base/test/bind.h"
28 #include "base/test/metrics/histogram_tester.h"
29 #include "base/test/scoped_feature_list.h"
30 #include "base/time/time.h"
31 #include "base/values.h"
32 #include "build/build_config.h"
33 #include "crypto/rsa_private_key.h"
34 #include "net/base/address_list.h"
35 #include "net/base/completion_once_callback.h"
36 #include "net/base/features.h"
37 #include "net/base/host_port_pair.h"
38 #include "net/base/io_buffer.h"
39 #include "net/base/ip_address.h"
40 #include "net/base/ip_endpoint.h"
41 #include "net/base/net_errors.h"
42 #include "net/base/network_anonymization_key.h"
43 #include "net/base/schemeful_site.h"
44 #include "net/base/test_completion_callback.h"
45 #include "net/cert/asn1_util.h"
46 #include "net/cert/cert_and_ct_verifier.h"
47 #include "net/cert/cert_database.h"
48 #include "net/cert/ct_policy_enforcer.h"
49 #include "net/cert/ct_policy_status.h"
50 #include "net/cert/ct_verifier.h"
51 #include "net/cert/do_nothing_ct_verifier.h"
52 #include "net/cert/mock_cert_verifier.h"
53 #include "net/cert/mock_client_cert_verifier.h"
54 #include "net/cert/sct_auditing_delegate.h"
55 #include "net/cert/signed_certificate_timestamp_and_status.h"
56 #include "net/cert/test_root_certs.h"
57 #include "net/cert/x509_util.h"
58 #include "net/dns/host_resolver.h"
59 #include "net/http/transport_security_state.h"
60 #include "net/http/transport_security_state_test_util.h"
61 #include "net/log/net_log_event_type.h"
62 #include "net/log/net_log_source.h"
63 #include "net/log/test_net_log.h"
64 #include "net/log/test_net_log_util.h"
65 #include "net/socket/client_socket_factory.h"
66 #include "net/socket/client_socket_handle.h"
67 #include "net/socket/read_buffering_stream_socket.h"
68 #include "net/socket/socket_test_util.h"
69 #include "net/socket/ssl_server_socket.h"
70 #include "net/socket/stream_socket.h"
71 #include "net/socket/tcp_client_socket.h"
72 #include "net/socket/tcp_server_socket.h"
73 #include "net/ssl/ssl_cert_request_info.h"
74 #include "net/ssl/ssl_client_session_cache.h"
75 #include "net/ssl/ssl_config.h"
76 #include "net/ssl/ssl_config_service.h"
77 #include "net/ssl/ssl_connection_status_flags.h"
78 #include "net/ssl/ssl_handshake_details.h"
79 #include "net/ssl/ssl_info.h"
80 #include "net/ssl/ssl_server_config.h"
81 #include "net/ssl/test_ssl_config_service.h"
82 #include "net/ssl/test_ssl_private_key.h"
83 #include "net/test/cert_test_util.h"
84 #include "net/test/embedded_test_server/embedded_test_server.h"
85 #include "net/test/embedded_test_server/http_request.h"
86 #include "net/test/embedded_test_server/http_response.h"
87 #include "net/test/gtest_util.h"
88 #include "net/test/key_util.h"
89 #include "net/test/ssl_test_util.h"
90 #include "net/test/test_data_directory.h"
91 #include "net/test/test_with_task_environment.h"
92 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
93 #include "testing/gmock/include/gmock/gmock.h"
94 #include "testing/gtest/include/gtest/gtest.h"
95 #include "testing/platform_test.h"
96 #include "third_party/abseil-cpp/absl/types/optional.h"
97 #include "third_party/boringssl/src/include/openssl/bio.h"
98 #include "third_party/boringssl/src/include/openssl/evp.h"
99 #include "third_party/boringssl/src/include/openssl/hpke.h"
100 #include "third_party/boringssl/src/include/openssl/pem.h"
101 #include "third_party/boringssl/src/include/openssl/ssl.h"
102 #include "url/gurl.h"
103
104 using net::test::IsError;
105 using net::test::IsOk;
106
107 using testing::_;
108 using testing::Bool;
109 using testing::Combine;
110 using testing::Return;
111 using testing::Values;
112 using testing::ValuesIn;
113
114 namespace net {
115
116 class NetLogWithSource;
117
118 namespace {
119
120 // When passed to |MakeHashValueVector|, this will generate a key pin that is
121 // sha256/AA...=, and hence will cause pin validation success with the TestSPKI
122 // pin from transport_security_state_static.pins. ("A" is the 0th element of the
123 // base-64 alphabet.)
124 const uint8_t kGoodHashValueVectorInput = 0;
125
126 // When passed to |MakeHashValueVector|, this will generate a key pin that is
127 // not sha256/AA...=, and hence will cause pin validation failure with the
128 // TestSPKI pin.
129 const uint8_t kBadHashValueVectorInput = 3;
130
131 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
132 constexpr uint16_t kModernTLS12Cipher = 0xc02f;
133 // TLS_RSA_WITH_AES_128_GCM_SHA256
134 constexpr uint16_t kRSACipher = 0x009c;
135 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
136 constexpr uint16_t kCBCCipher = 0xc013;
137 // TLS_RSA_WITH_3DES_EDE_CBC_SHA
138 constexpr uint16_t k3DESCipher = 0x000a;
139
140 // Simulates synchronously receiving an error during Read() or Write()
141 class SynchronousErrorStreamSocket : public WrappedStreamSocket {
142 public:
SynchronousErrorStreamSocket(std::unique_ptr<StreamSocket> transport)143 explicit SynchronousErrorStreamSocket(std::unique_ptr<StreamSocket> transport)
144 : WrappedStreamSocket(std::move(transport)) {}
145
146 SynchronousErrorStreamSocket(const SynchronousErrorStreamSocket&) = delete;
147 SynchronousErrorStreamSocket& operator=(const SynchronousErrorStreamSocket&) =
148 delete;
149
150 ~SynchronousErrorStreamSocket() override = default;
151
152 // Socket implementation:
153 int Read(IOBuffer* buf,
154 int buf_len,
155 CompletionOnceCallback callback) override;
156 int ReadIfReady(IOBuffer* buf,
157 int buf_len,
158 CompletionOnceCallback callback) override;
159 int Write(IOBuffer* buf,
160 int buf_len,
161 CompletionOnceCallback callback,
162 const NetworkTrafficAnnotationTag& traffic_annotation) override;
163
164 // Sets the next Read() call and all future calls to return |error|.
165 // If there is already a pending asynchronous read, the configured error
166 // will not be returned until that asynchronous read has completed and Read()
167 // is called again.
SetNextReadError(int error)168 void SetNextReadError(int error) {
169 DCHECK_GE(0, error);
170 have_read_error_ = true;
171 pending_read_error_ = error;
172 }
173
174 // Sets the next Write() call and all future calls to return |error|.
175 // If there is already a pending asynchronous write, the configured error
176 // will not be returned until that asynchronous write has completed and
177 // Write() is called again.
SetNextWriteError(int error)178 void SetNextWriteError(int error) {
179 DCHECK_GE(0, error);
180 have_write_error_ = true;
181 pending_write_error_ = error;
182 }
183
184 private:
185 bool have_read_error_ = false;
186 int pending_read_error_ = OK;
187
188 bool have_write_error_ = false;
189 int pending_write_error_ = OK;
190 };
191
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)192 int SynchronousErrorStreamSocket::Read(IOBuffer* buf,
193 int buf_len,
194 CompletionOnceCallback callback) {
195 if (have_read_error_)
196 return pending_read_error_;
197 return transport_->Read(buf, buf_len, std::move(callback));
198 }
199
ReadIfReady(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)200 int SynchronousErrorStreamSocket::ReadIfReady(IOBuffer* buf,
201 int buf_len,
202 CompletionOnceCallback callback) {
203 if (have_read_error_)
204 return pending_read_error_;
205 return transport_->ReadIfReady(buf, buf_len, std::move(callback));
206 }
207
Write(IOBuffer * buf,int buf_len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)208 int SynchronousErrorStreamSocket::Write(
209 IOBuffer* buf,
210 int buf_len,
211 CompletionOnceCallback callback,
212 const NetworkTrafficAnnotationTag& traffic_annotation) {
213 if (have_write_error_)
214 return pending_write_error_;
215 return transport_->Write(buf, buf_len, std::move(callback),
216 traffic_annotation);
217 }
218
219 // FakeBlockingStreamSocket wraps an existing StreamSocket and simulates the
220 // underlying transport needing to complete things asynchronously in a
221 // deterministic manner (e.g.: independent of the TestServer and the OS's
222 // semantics).
223 class FakeBlockingStreamSocket : public WrappedStreamSocket {
224 public:
FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport)225 explicit FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport)
226 : WrappedStreamSocket(std::move(transport)) {}
227 ~FakeBlockingStreamSocket() override = default;
228
229 // Socket implementation:
230 int Read(IOBuffer* buf,
231 int buf_len,
232 CompletionOnceCallback callback) override;
233 int ReadIfReady(IOBuffer* buf,
234 int buf_len,
235 CompletionOnceCallback callback) override;
236 int CancelReadIfReady() override;
237 int Write(IOBuffer* buf,
238 int buf_len,
239 CompletionOnceCallback callback,
240 const NetworkTrafficAnnotationTag& traffic_annotation) override;
241
pending_read_result() const242 int pending_read_result() const { return pending_read_result_; }
pending_read_buf() const243 IOBuffer* pending_read_buf() const { return pending_read_buf_.get(); }
244
245 // Blocks read results on the socket. Reads will not complete until
246 // UnblockReadResult() has been called and a result is ready from the
247 // underlying transport. Note: if BlockReadResult() is called while there is a
248 // hanging asynchronous Read(), that Read is blocked.
249 void BlockReadResult();
250 void UnblockReadResult();
251
252 // Replaces the pending read with |data|. Returns true on success or false if
253 // the caller's reads were too small.
254 bool ReplaceReadResult(const std::string& data);
255
256 // Waits for the blocked Read() call to be complete at the underlying
257 // transport.
258 void WaitForReadResult();
259
260 // Causes the next call to Write() to return ERR_IO_PENDING, not beginning the
261 // underlying transport until UnblockWrite() has been called. Note: if there
262 // is a pending asynchronous write, it is NOT blocked. For purposes of
263 // blocking writes, data is considered to have reached the underlying
264 // transport as soon as Write() is called.
265 void BlockWrite();
266 void UnblockWrite();
267
268 // Waits for the blocked Write() call to be scheduled.
269 void WaitForWrite();
270
271 private:
272 // Handles completion from the underlying transport read.
273 void OnReadCompleted(int result);
274
275 // Handles async completion of ReadIfReady().
276 void CompleteReadIfReady(scoped_refptr<IOBuffer> buffer, int rv);
277
278 // Finishes the current read.
279 void ReturnReadResult();
280
281 // Callback for writes.
282 void CallPendingWriteCallback(int result);
283
284 // True if read callbacks are blocked.
285 bool should_block_read_ = false;
286
287 // Used to buffer result returned by a completed ReadIfReady().
288 std::string read_if_ready_buf_;
289
290 // Non-null if there is a pending ReadIfReady().
291 CompletionOnceCallback read_if_ready_callback_;
292
293 // The buffer for the pending read, or NULL if not consumed.
294 scoped_refptr<IOBuffer> pending_read_buf_;
295
296 // The size of the pending read buffer, or -1 if not set.
297 int pending_read_buf_len_ = -1;
298
299 // The user callback for the pending read call.
300 CompletionOnceCallback pending_read_callback_;
301
302 // The result for the blocked read callback, or ERR_IO_PENDING if not
303 // completed.
304 int pending_read_result_ = ERR_IO_PENDING;
305
306 // WaitForReadResult() wait loop.
307 std::unique_ptr<base::RunLoop> read_loop_;
308
309 // True if write calls are blocked.
310 bool should_block_write_ = false;
311
312 // The buffer for the pending write, or NULL if not scheduled.
313 scoped_refptr<IOBuffer> pending_write_buf_;
314
315 // The callback for the pending write call.
316 CompletionOnceCallback pending_write_callback_;
317
318 // The length for the pending write, or -1 if not scheduled.
319 int pending_write_len_ = -1;
320
321 // WaitForWrite() wait loop.
322 std::unique_ptr<base::RunLoop> write_loop_;
323 };
324
Read(IOBuffer * buf,int len,CompletionOnceCallback callback)325 int FakeBlockingStreamSocket::Read(IOBuffer* buf,
326 int len,
327 CompletionOnceCallback callback) {
328 DCHECK(!pending_read_buf_);
329 DCHECK(pending_read_callback_.is_null());
330 DCHECK_EQ(ERR_IO_PENDING, pending_read_result_);
331 DCHECK(!callback.is_null());
332
333 int rv = transport_->Read(
334 buf, len,
335 base::BindOnce(&FakeBlockingStreamSocket::OnReadCompleted,
336 base::Unretained(this)));
337 if (rv == ERR_IO_PENDING || should_block_read_) {
338 // Save the callback to be called later.
339 pending_read_buf_ = buf;
340 pending_read_buf_len_ = len;
341 pending_read_callback_ = std::move(callback);
342 // Save the read result.
343 if (rv != ERR_IO_PENDING) {
344 OnReadCompleted(rv);
345 rv = ERR_IO_PENDING;
346 }
347 }
348 return rv;
349 }
350
ReadIfReady(IOBuffer * buf,int len,CompletionOnceCallback callback)351 int FakeBlockingStreamSocket::ReadIfReady(IOBuffer* buf,
352 int len,
353 CompletionOnceCallback callback) {
354 if (!read_if_ready_buf_.empty()) {
355 // If ReadIfReady() is used, asynchronous reads with a large enough buffer
356 // and no BlockReadResult() are supported by this class. Explicitly check
357 // that |should_block_read_| doesn't apply and |len| is greater than the
358 // size of the buffered data.
359 CHECK(!should_block_read_);
360 CHECK_GE(len, static_cast<int>(read_if_ready_buf_.size()));
361 int rv = read_if_ready_buf_.size();
362 memcpy(buf->data(), read_if_ready_buf_.data(), rv);
363 read_if_ready_buf_.clear();
364 return rv;
365 }
366 auto buf_copy = base::MakeRefCounted<IOBufferWithSize>(len);
367 int rv = Read(buf_copy.get(), len,
368 base::BindOnce(&FakeBlockingStreamSocket::CompleteReadIfReady,
369 base::Unretained(this), buf_copy));
370 if (rv > 0)
371 memcpy(buf->data(), buf_copy->data(), rv);
372 if (rv == ERR_IO_PENDING)
373 read_if_ready_callback_ = std::move(callback);
374 return rv;
375 }
376
CancelReadIfReady()377 int FakeBlockingStreamSocket::CancelReadIfReady() {
378 DCHECK(!read_if_ready_callback_.is_null());
379 read_if_ready_callback_.Reset();
380 return OK;
381 }
382
Write(IOBuffer * buf,int len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)383 int FakeBlockingStreamSocket::Write(
384 IOBuffer* buf,
385 int len,
386 CompletionOnceCallback callback,
387 const NetworkTrafficAnnotationTag& traffic_annotation) {
388 DCHECK(buf);
389 DCHECK_LE(0, len);
390
391 if (!should_block_write_)
392 return transport_->Write(buf, len, std::move(callback), traffic_annotation);
393
394 // Schedule the write, but do nothing.
395 DCHECK(!pending_write_buf_.get());
396 DCHECK_EQ(-1, pending_write_len_);
397 DCHECK(pending_write_callback_.is_null());
398 DCHECK(!callback.is_null());
399 pending_write_buf_ = buf;
400 pending_write_len_ = len;
401 pending_write_callback_ = std::move(callback);
402
403 // Stop the write loop, if any.
404 if (write_loop_)
405 write_loop_->Quit();
406 return ERR_IO_PENDING;
407 }
408
BlockReadResult()409 void FakeBlockingStreamSocket::BlockReadResult() {
410 DCHECK(!should_block_read_);
411 should_block_read_ = true;
412 }
413
UnblockReadResult()414 void FakeBlockingStreamSocket::UnblockReadResult() {
415 DCHECK(should_block_read_);
416 should_block_read_ = false;
417
418 // If the operation has since completed, return the result to the caller.
419 if (pending_read_result_ != ERR_IO_PENDING)
420 ReturnReadResult();
421 }
422
ReplaceReadResult(const std::string & data)423 bool FakeBlockingStreamSocket::ReplaceReadResult(const std::string& data) {
424 DCHECK(should_block_read_);
425 DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
426 DCHECK(pending_read_buf_);
427 DCHECK_NE(-1, pending_read_buf_len_);
428
429 if (static_cast<size_t>(pending_read_buf_len_) < data.size())
430 return false;
431
432 memcpy(pending_read_buf_->data(), data.data(), data.size());
433 pending_read_result_ = data.size();
434 return true;
435 }
436
WaitForReadResult()437 void FakeBlockingStreamSocket::WaitForReadResult() {
438 DCHECK(should_block_read_);
439 DCHECK(!read_loop_);
440
441 if (pending_read_result_ != ERR_IO_PENDING)
442 return;
443 read_loop_ = std::make_unique<base::RunLoop>();
444 read_loop_->Run();
445 read_loop_.reset();
446 DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
447 }
448
BlockWrite()449 void FakeBlockingStreamSocket::BlockWrite() {
450 DCHECK(!should_block_write_);
451 should_block_write_ = true;
452 }
453
CallPendingWriteCallback(int rv)454 void FakeBlockingStreamSocket::CallPendingWriteCallback(int rv) {
455 std::move(pending_write_callback_).Run(rv);
456 }
457
UnblockWrite()458 void FakeBlockingStreamSocket::UnblockWrite() {
459 DCHECK(should_block_write_);
460 should_block_write_ = false;
461
462 // Do nothing if UnblockWrite() was called after BlockWrite(),
463 // without a Write() in between.
464 if (!pending_write_buf_.get())
465 return;
466
467 int rv = transport_->Write(
468 pending_write_buf_.get(), pending_write_len_,
469 base::BindOnce(&FakeBlockingStreamSocket::CallPendingWriteCallback,
470 base::Unretained(this)),
471 TRAFFIC_ANNOTATION_FOR_TESTS);
472
473 pending_write_buf_ = nullptr;
474 pending_write_len_ = -1;
475 if (rv != ERR_IO_PENDING) {
476 std::move(pending_write_callback_).Run(rv);
477 }
478 }
479
WaitForWrite()480 void FakeBlockingStreamSocket::WaitForWrite() {
481 DCHECK(should_block_write_);
482 DCHECK(!write_loop_);
483
484 if (pending_write_buf_.get())
485 return;
486 write_loop_ = std::make_unique<base::RunLoop>();
487 write_loop_->Run();
488 write_loop_.reset();
489 DCHECK(pending_write_buf_.get());
490 }
491
OnReadCompleted(int result)492 void FakeBlockingStreamSocket::OnReadCompleted(int result) {
493 DCHECK_EQ(ERR_IO_PENDING, pending_read_result_);
494 DCHECK(!pending_read_callback_.is_null());
495
496 pending_read_result_ = result;
497
498 if (should_block_read_) {
499 // Defer the result until UnblockReadResult is called.
500 if (read_loop_)
501 read_loop_->Quit();
502 return;
503 }
504
505 ReturnReadResult();
506 }
507
CompleteReadIfReady(scoped_refptr<IOBuffer> buf,int rv)508 void FakeBlockingStreamSocket::CompleteReadIfReady(scoped_refptr<IOBuffer> buf,
509 int rv) {
510 DCHECK(read_if_ready_buf_.empty());
511 DCHECK(!should_block_read_);
512 if (rv > 0)
513 read_if_ready_buf_ = std::string(buf->data(), buf->data() + rv);
514 // The callback may be null if CancelReadIfReady() was called.
515 if (!read_if_ready_callback_.is_null())
516 std::move(read_if_ready_callback_).Run(rv > 0 ? OK : rv);
517 }
518
ReturnReadResult()519 void FakeBlockingStreamSocket::ReturnReadResult() {
520 int result = pending_read_result_;
521 pending_read_result_ = ERR_IO_PENDING;
522 pending_read_buf_ = nullptr;
523 pending_read_buf_len_ = -1;
524 std::move(pending_read_callback_).Run(result);
525 }
526
527 // CountingStreamSocket wraps an existing StreamSocket and maintains a count of
528 // reads and writes on the socket.
529 class CountingStreamSocket : public WrappedStreamSocket {
530 public:
CountingStreamSocket(std::unique_ptr<StreamSocket> transport)531 explicit CountingStreamSocket(std::unique_ptr<StreamSocket> transport)
532 : WrappedStreamSocket(std::move(transport)) {}
533 ~CountingStreamSocket() override = default;
534
535 // Socket implementation:
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)536 int Read(IOBuffer* buf,
537 int buf_len,
538 CompletionOnceCallback callback) override {
539 read_count_++;
540 return transport_->Read(buf, buf_len, std::move(callback));
541 }
Write(IOBuffer * buf,int buf_len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)542 int Write(IOBuffer* buf,
543 int buf_len,
544 CompletionOnceCallback callback,
545 const NetworkTrafficAnnotationTag& traffic_annotation) override {
546 write_count_++;
547 return transport_->Write(buf, buf_len, std::move(callback),
548 traffic_annotation);
549 }
550
read_count() const551 int read_count() const { return read_count_; }
write_count() const552 int write_count() const { return write_count_; }
553
554 private:
555 int read_count_ = 0;
556 int write_count_ = 0;
557 };
558
559 // A helper class that will delete |socket| when the callback is invoked.
560 class DeleteSocketCallback : public TestCompletionCallbackBase {
561 public:
DeleteSocketCallback(StreamSocket * socket)562 explicit DeleteSocketCallback(StreamSocket* socket) : socket_(socket) {}
563
564 DeleteSocketCallback(const DeleteSocketCallback&) = delete;
565 DeleteSocketCallback& operator=(const DeleteSocketCallback&) = delete;
566
567 ~DeleteSocketCallback() override = default;
568
callback()569 CompletionOnceCallback callback() {
570 return base::BindOnce(&DeleteSocketCallback::OnComplete,
571 base::Unretained(this));
572 }
573
574 private:
OnComplete(int result)575 void OnComplete(int result) {
576 if (socket_) {
577 delete socket_;
578 socket_ = nullptr;
579 } else {
580 ADD_FAILURE() << "Deleting socket twice";
581 }
582 SetResult(result);
583 }
584
585 raw_ptr<StreamSocket, DanglingUntriaged> socket_;
586 };
587
588 // A mock CTVerifier that records every call to Verify but doesn't verify
589 // anything.
590 class MockCTVerifier : public CTVerifier {
591 public:
592 MOCK_METHOD5(Verify,
593 void(X509Certificate*,
594 base::StringPiece,
595 base::StringPiece,
596 SignedCertificateTimestampAndStatusList*,
597 const NetLogWithSource&));
598 };
599
600 // A mock CTPolicyEnforcer that returns a custom verification result.
601 class MockCTPolicyEnforcer : public CTPolicyEnforcer {
602 public:
603 MOCK_METHOD3(CheckCompliance,
604 ct::CTPolicyCompliance(X509Certificate* cert,
605 const ct::SCTList&,
606 const NetLogWithSource&));
607 };
608
609 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
610 public:
611 MOCK_METHOD3(IsCTRequiredForHost,
612 CTRequirementLevel(const std::string& host,
613 const X509Certificate* chain,
614 const HashValueVector& hashes));
615 };
616
617 class MockSCTAuditingDelegate : public SCTAuditingDelegate {
618 public:
619 MOCK_METHOD(bool, IsSCTAuditingEnabled, ());
620 MOCK_METHOD(void,
621 MaybeEnqueueReport,
622 (const net::HostPortPair&,
623 const net::X509Certificate*,
624 const net::SignedCertificateTimestampAndStatusList&));
625 };
626
627 class ManySmallRecordsHttpResponse : public test_server::HttpResponse {
628 public:
HandleRequest(const test_server::HttpRequest & request)629 static std::unique_ptr<test_server::HttpResponse> HandleRequest(
630 const test_server::HttpRequest& request) {
631 if (request.relative_url != "/ssl-many-small-records") {
632 return nullptr;
633 }
634
635 // Write ~26K of data, in 1350 byte chunks
636 return std::make_unique<ManySmallRecordsHttpResponse>(/*chunk_size=*/1350,
637 /*chunk_count=*/20);
638 }
639
ManySmallRecordsHttpResponse(size_t chunk_size,size_t chunk_count)640 ManySmallRecordsHttpResponse(size_t chunk_size, size_t chunk_count)
641 : chunk_size_(chunk_size), chunk_count_(chunk_count) {}
642
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)643 void SendResponse(
644 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
645 base::StringPairs headers = {
646 {"Connection", "close"},
647 {"Content-Length", base::NumberToString(chunk_size_ * chunk_count_)},
648 {"Content-Type", "text/plain"}};
649 delegate->SendResponseHeaders(HTTP_OK, "OK", headers);
650 SendChunks(chunk_size_, chunk_count_, delegate);
651 }
652
653 private:
SendChunks(size_t chunk_size,size_t chunk_count,base::WeakPtr<test_server::HttpResponseDelegate> delegate)654 static void SendChunks(
655 size_t chunk_size,
656 size_t chunk_count,
657 base::WeakPtr<test_server::HttpResponseDelegate> delegate) {
658 if (!delegate)
659 return;
660
661 if (chunk_count == 0) {
662 delegate->FinishResponse();
663 return;
664 }
665
666 std::string chunk(chunk_size, '*');
667 // This assumes that splitting output into separate |send| calls will
668 // produce separate TLS records.
669 delegate->SendContents(chunk, base::BindOnce(&SendChunks, chunk_size,
670 chunk_count - 1, delegate));
671 }
672
673 size_t chunk_size_;
674 size_t chunk_count_;
675 };
676
677 class SSLClientSocketTest : public PlatformTest, public WithTaskEnvironment {
678 public:
SSLClientSocketTest()679 SSLClientSocketTest()
680 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
681 ssl_config_service_(
682 std::make_unique<TestSSLConfigService>(SSLContextConfig())),
683 cert_verifier_(std::make_unique<MockCertVerifier>()),
684 transport_security_state_(std::make_unique<TransportSecurityState>()),
685 ct_policy_enforcer_(std::make_unique<MockCTPolicyEnforcer>()),
686 ssl_client_session_cache_(std::make_unique<SSLClientSessionCache>(
687 SSLClientSessionCache::Config())),
688 context_(
689 std::make_unique<SSLClientContext>(ssl_config_service_.get(),
690 cert_verifier_.get(),
691 transport_security_state_.get(),
692 ct_policy_enforcer_.get(),
693 ssl_client_session_cache_.get(),
694 nullptr)) {
695 cert_verifier_->set_default_result(OK);
696 cert_verifier_->set_async(true);
697
698 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _))
699 .WillRepeatedly(
700 Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
701 }
702
703 protected:
704 // The address of the test server, after calling StartEmbeddedTestServer().
addr() const705 const AddressList& addr() const { return addr_; }
706
707 // The hostname of the test server, after calling StartEmbeddedTestServer().
host_port_pair() const708 const HostPortPair& host_port_pair() const { return host_port_pair_; }
709
710 // The EmbeddedTestServer object, after calling StartEmbeddedTestServer().
embedded_test_server()711 EmbeddedTestServer* embedded_test_server() {
712 return embedded_test_server_.get();
713 }
714
715 // Starts the embedded test server with the specified parameters. Returns true
716 // on success.
StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert,const SSLServerConfig & server_config)717 bool StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert,
718 const SSLServerConfig& server_config) {
719 embedded_test_server_ =
720 std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS);
721 embedded_test_server_->SetSSLConfig(cert, server_config);
722 return FinishStartingEmbeddedTestServer();
723 }
724
725 // Starts the embedded test server with the specified parameters. Returns true
726 // on success.
StartEmbeddedTestServer(const EmbeddedTestServer::ServerCertificateConfig & cert_config,const SSLServerConfig & server_config)727 bool StartEmbeddedTestServer(
728 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
729 const SSLServerConfig& server_config) {
730 embedded_test_server_ =
731 std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS);
732 embedded_test_server_->SetSSLConfig(cert_config, server_config);
733 return FinishStartingEmbeddedTestServer();
734 }
735
FinishStartingEmbeddedTestServer()736 bool FinishStartingEmbeddedTestServer() {
737 RegisterEmbeddedTestServerHandlers(embedded_test_server_.get());
738 if (!embedded_test_server_->Start()) {
739 LOG(ERROR) << "Could not start EmbeddedTestServer";
740 return false;
741 }
742
743 if (!embedded_test_server_->GetAddressList(&addr_)) {
744 LOG(ERROR) << "Could not get EmbeddedTestServer address list";
745 return false;
746 }
747 host_port_pair_ = embedded_test_server_->host_port_pair();
748 return true;
749 }
750
751 // May be overridden by the subclass to customize the EmbeddedTestServer.
RegisterEmbeddedTestServerHandlers(EmbeddedTestServer * server)752 virtual void RegisterEmbeddedTestServerHandlers(EmbeddedTestServer* server) {
753 server->AddDefaultHandlers(base::FilePath());
754 server->RegisterRequestHandler(
755 base::BindRepeating(&ManySmallRecordsHttpResponse::HandleRequest));
756 server->RegisterRequestHandler(
757 base::BindRepeating(&HandleSSLInfoRequest, base::Unretained(this)));
758 }
759
CreateSSLClientSocket(std::unique_ptr<StreamSocket> transport_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)760 std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
761 std::unique_ptr<StreamSocket> transport_socket,
762 const HostPortPair& host_and_port,
763 const SSLConfig& ssl_config) {
764 return socket_factory_->CreateSSLClientSocket(
765 context_.get(), std::move(transport_socket), host_and_port, ssl_config);
766 }
767
768 // Create an SSLClientSocket object and use it to connect to a test server,
769 // then wait for connection results. This must be called after a successful
770 // StartEmbeddedTestServer() call.
771 //
772 // |ssl_config| The SSL configuration to use.
773 // |host_port_pair| The hostname and port to use at the SSL layer. (The
774 // socket connection will still be made to |embedded_test_server_|.)
775 // |result| will retrieve the ::Connect() result value.
776 //
777 // Returns true on success, false otherwise. Success means that the SSL
778 // socket could be created and its Connect() was called, not that the
779 // connection itself was a success.
CreateAndConnectSSLClientSocketWithHost(const SSLConfig & ssl_config,const HostPortPair & host_port_pair,int * result)780 bool CreateAndConnectSSLClientSocketWithHost(
781 const SSLConfig& ssl_config,
782 const HostPortPair& host_port_pair,
783 int* result) {
784 auto transport = std::make_unique<TCPClientSocket>(
785 addr_, nullptr, nullptr, NetLog::Get(), NetLogSource());
786 int rv = callback_.GetResult(transport->Connect(callback_.callback()));
787 if (rv != OK) {
788 LOG(ERROR) << "Could not connect to test server";
789 return false;
790 }
791
792 sock_ =
793 CreateSSLClientSocket(std::move(transport), host_port_pair, ssl_config);
794 EXPECT_FALSE(sock_->IsConnected());
795
796 *result = callback_.GetResult(sock_->Connect(callback_.callback()));
797 return true;
798 }
799
CreateAndConnectSSLClientSocket(const SSLConfig & ssl_config,int * result)800 bool CreateAndConnectSSLClientSocket(const SSLConfig& ssl_config,
801 int* result) {
802 return CreateAndConnectSSLClientSocketWithHost(ssl_config, host_port_pair(),
803 result);
804 }
805
806 // Adds the server certificate with provided cert status.
807 // Must be called after StartEmbeddedTestServer has been called.
AddServerCertStatusToSSLConfig(CertStatus status,SSLConfig * ssl_config)808 void AddServerCertStatusToSSLConfig(CertStatus status,
809 SSLConfig* ssl_config) {
810 ASSERT_TRUE(embedded_test_server());
811 scoped_refptr<X509Certificate> server_cert =
812 embedded_test_server()->GetCertificate();
813 CertVerifyResult verify_result;
814 verify_result.cert_status = status;
815 verify_result.verified_cert = server_cert;
816 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
817 }
818
LastSSLInfoFromServer()819 absl::optional<SSLInfo> LastSSLInfoFromServer() {
820 // EmbeddedTestServer callbacks run on another thread, so protect this
821 // with a lock.
822 base::AutoLock lock(server_ssl_info_lock_);
823 auto result = server_ssl_info_;
824 server_ssl_info_ = absl::nullopt;
825 return result;
826 }
827
828 RecordingNetLogObserver log_observer_;
829 raw_ptr<ClientSocketFactory, DanglingUntriaged> socket_factory_;
830 std::unique_ptr<TestSSLConfigService> ssl_config_service_;
831 std::unique_ptr<MockCertVerifier> cert_verifier_;
832 std::unique_ptr<TransportSecurityState> transport_security_state_;
833 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
834 std::unique_ptr<SSLClientSessionCache> ssl_client_session_cache_;
835 std::unique_ptr<SSLClientContext> context_;
836 std::unique_ptr<SSLClientSocket> sock_;
837
838 private:
HandleSSLInfoRequest(SSLClientSocketTest * test,const test_server::HttpRequest & request)839 static std::unique_ptr<test_server::HttpResponse> HandleSSLInfoRequest(
840 SSLClientSocketTest* test,
841 const test_server::HttpRequest& request) {
842 if (request.relative_url != "/ssl-info") {
843 return nullptr;
844 }
845 {
846 // EmbeddedTestServer callbacks run on another thread, so protect this
847 // with a lock.
848 base::AutoLock lock(test->server_ssl_info_lock_);
849 test->server_ssl_info_ = request.ssl_info;
850 }
851 return std::make_unique<test_server::BasicHttpResponse>();
852 }
853
854 std::unique_ptr<EmbeddedTestServer> embedded_test_server_;
855 base::Lock server_ssl_info_lock_;
856 absl::optional<SSLInfo> server_ssl_info_ GUARDED_BY(server_ssl_info_lock_);
857 TestCompletionCallback callback_;
858 AddressList addr_;
859 HostPortPair host_port_pair_;
860 };
861
862 enum ReadIfReadyTransport {
863 // ReadIfReady() is implemented by the underlying transport.
864 READ_IF_READY_SUPPORTED,
865 // ReadIfReady() is not implemented by the underlying transport.
866 READ_IF_READY_NOT_SUPPORTED,
867 };
868
869 enum ReadIfReadySSL {
870 // Test reads by calling ReadIfReady() on the SSL socket.
871 TEST_SSL_READ_IF_READY,
872 // Test reads by calling Read() on the SSL socket.
873 TEST_SSL_READ,
874 };
875
876 class StreamSocketWithoutReadIfReady : public WrappedStreamSocket {
877 public:
StreamSocketWithoutReadIfReady(std::unique_ptr<StreamSocket> transport)878 explicit StreamSocketWithoutReadIfReady(
879 std::unique_ptr<StreamSocket> transport)
880 : WrappedStreamSocket(std::move(transport)) {}
881
ReadIfReady(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)882 int ReadIfReady(IOBuffer* buf,
883 int buf_len,
884 CompletionOnceCallback callback) override {
885 return ERR_READ_IF_READY_NOT_IMPLEMENTED;
886 }
887
CancelReadIfReady()888 int CancelReadIfReady() override { return ERR_READ_IF_READY_NOT_IMPLEMENTED; }
889 };
890
891 class ClientSocketFactoryWithoutReadIfReady : public ClientSocketFactory {
892 public:
ClientSocketFactoryWithoutReadIfReady(ClientSocketFactory * factory)893 explicit ClientSocketFactoryWithoutReadIfReady(ClientSocketFactory* factory)
894 : factory_(factory) {}
895
CreateDatagramClientSocket(DatagramSocket::BindType bind_type,NetLog * net_log,const NetLogSource & source)896 std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
897 DatagramSocket::BindType bind_type,
898 NetLog* net_log,
899 const NetLogSource& source) override {
900 return factory_->CreateDatagramClientSocket(bind_type, net_log, source);
901 }
902
CreateTransportClientSocket(const AddressList & addresses,std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,NetworkQualityEstimator * network_quality_estimator,NetLog * net_log,const NetLogSource & source)903 std::unique_ptr<TransportClientSocket> CreateTransportClientSocket(
904 const AddressList& addresses,
905 std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
906 NetworkQualityEstimator* network_quality_estimator,
907 NetLog* net_log,
908 const NetLogSource& source) override {
909 return factory_->CreateTransportClientSocket(
910 addresses, std::move(socket_performance_watcher),
911 network_quality_estimator, net_log, source);
912 }
913
CreateSSLClientSocket(SSLClientContext * context,std::unique_ptr<StreamSocket> stream_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)914 std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
915 SSLClientContext* context,
916 std::unique_ptr<StreamSocket> stream_socket,
917 const HostPortPair& host_and_port,
918 const SSLConfig& ssl_config) override {
919 stream_socket = std::make_unique<StreamSocketWithoutReadIfReady>(
920 std::move(stream_socket));
921 return factory_->CreateSSLClientSocket(context, std::move(stream_socket),
922 host_and_port, ssl_config);
923 }
924
925 private:
926 const raw_ptr<ClientSocketFactory> factory_;
927 };
928
GetTLSVersions()929 std::vector<uint16_t> GetTLSVersions() {
930 return {SSL_PROTOCOL_VERSION_TLS1_2, SSL_PROTOCOL_VERSION_TLS1_3};
931 }
932
933 class SSLClientSocketVersionTest
934 : public SSLClientSocketTest,
935 public ::testing::WithParamInterface<uint16_t> {
936 protected:
937 SSLClientSocketVersionTest() = default;
938
version() const939 uint16_t version() const { return GetParam(); }
940
GetServerConfig()941 SSLServerConfig GetServerConfig() {
942 SSLServerConfig config;
943 config.version_max = version();
944 config.version_min = version();
945 return config;
946 }
947 };
948
949 // If GetParam(), try ReadIfReady() and fall back to Read() if needed.
950 class SSLClientSocketReadTest
951 : public SSLClientSocketTest,
952 public ::testing::WithParamInterface<
953 std::tuple<ReadIfReadyTransport, ReadIfReadySSL, uint16_t>> {
954 protected:
SSLClientSocketReadTest()955 SSLClientSocketReadTest() : SSLClientSocketTest() {
956 if (!read_if_ready_supported()) {
957 wrapped_socket_factory_ =
958 std::make_unique<ClientSocketFactoryWithoutReadIfReady>(
959 socket_factory_);
960 socket_factory_ = wrapped_socket_factory_.get();
961 }
962 }
963
964 // Convienient wrapper to call Read()/ReadIfReady() depending on whether
965 // ReadyIfReady() is enabled.
Read(StreamSocket * socket,IOBuffer * buf,int buf_len,CompletionOnceCallback callback)966 int Read(StreamSocket* socket,
967 IOBuffer* buf,
968 int buf_len,
969 CompletionOnceCallback callback) {
970 if (test_ssl_read_if_ready())
971 return socket->ReadIfReady(buf, buf_len, std::move(callback));
972 return socket->Read(buf, buf_len, std::move(callback));
973 }
974
975 // Wait for Read()/ReadIfReady() to complete.
WaitForReadCompletion(StreamSocket * socket,IOBuffer * buf,int buf_len,TestCompletionCallback * callback,int rv)976 int WaitForReadCompletion(StreamSocket* socket,
977 IOBuffer* buf,
978 int buf_len,
979 TestCompletionCallback* callback,
980 int rv) {
981 if (!test_ssl_read_if_ready())
982 return callback->GetResult(rv);
983 while (rv == ERR_IO_PENDING) {
984 rv = callback->GetResult(rv);
985 if (rv != OK)
986 return rv;
987 rv = socket->ReadIfReady(buf, buf_len, callback->callback());
988 }
989 return rv;
990 }
991
992 // Calls Read()/ReadIfReady() and waits for it to return data.
ReadAndWaitForCompletion(StreamSocket * socket,IOBuffer * buf,int buf_len)993 int ReadAndWaitForCompletion(StreamSocket* socket,
994 IOBuffer* buf,
995 int buf_len) {
996 TestCompletionCallback callback;
997 int rv = Read(socket, buf, buf_len, callback.callback());
998 return WaitForReadCompletion(socket, buf, buf_len, &callback, rv);
999 }
1000
GetServerConfig()1001 SSLServerConfig GetServerConfig() {
1002 SSLServerConfig config;
1003 config.version_max = version();
1004 config.version_min = version();
1005 return config;
1006 }
1007
test_ssl_read_if_ready() const1008 bool test_ssl_read_if_ready() const {
1009 return std::get<1>(GetParam()) == TEST_SSL_READ_IF_READY;
1010 }
1011
read_if_ready_supported() const1012 bool read_if_ready_supported() const {
1013 return std::get<0>(GetParam()) == READ_IF_READY_SUPPORTED;
1014 }
1015
version() const1016 uint16_t version() const { return std::get<2>(GetParam()); }
1017
1018 private:
1019 std::unique_ptr<ClientSocketFactory> wrapped_socket_factory_;
1020 };
1021
1022 INSTANTIATE_TEST_SUITE_P(All,
1023 SSLClientSocketReadTest,
1024 Combine(Values(READ_IF_READY_SUPPORTED,
1025 READ_IF_READY_NOT_SUPPORTED),
1026 Values(TEST_SSL_READ_IF_READY, TEST_SSL_READ),
1027 ValuesIn(GetTLSVersions())));
1028
1029 // Verifies the correctness of GetSSLCertRequestInfo.
1030 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketVersionTest {
1031 protected:
1032 // Connects to the test server and returns the SSLCertRequestInfo reported by
1033 // the socket.
GetCertRequest()1034 scoped_refptr<SSLCertRequestInfo> GetCertRequest() {
1035 int rv;
1036 if (!CreateAndConnectSSLClientSocket(SSLConfig(), &rv)) {
1037 return nullptr;
1038 }
1039 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
1040
1041 auto request_info = base::MakeRefCounted<SSLCertRequestInfo>();
1042 sock_->GetSSLCertRequestInfo(request_info.get());
1043 sock_->Disconnect();
1044 EXPECT_FALSE(sock_->IsConnected());
1045 EXPECT_TRUE(host_port_pair().Equals(request_info->host_and_port));
1046
1047 return request_info;
1048 }
1049 };
1050
1051 class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
1052 protected:
1053 // Creates an SSLClientSocket with |client_config| attached to a
1054 // FakeBlockingStreamSocket, returning both in |*out_raw_transport| and
1055 // |*out_sock|. The FakeBlockingStreamSocket is owned by the SSLClientSocket,
1056 // so |*out_raw_transport| is a raw pointer.
1057 //
1058 // The client socket will begin a connect using |callback| but stop before the
1059 // server's finished message is received. The finished message will be blocked
1060 // in |*out_raw_transport|. To complete the handshake and successfully read
1061 // data, the caller must unblock reads on |*out_raw_transport|. (Note that, if
1062 // the client successfully false started, |callback.WaitForResult()| will
1063 // return OK without unblocking transport reads. But Read() will still block.)
1064 //
1065 // Must be called after StartEmbeddedTestServer is called.
CreateAndConnectUntilServerFinishedReceived(const SSLConfig & client_config,TestCompletionCallback * callback,FakeBlockingStreamSocket ** out_raw_transport,std::unique_ptr<SSLClientSocket> * out_sock)1066 void CreateAndConnectUntilServerFinishedReceived(
1067 const SSLConfig& client_config,
1068 TestCompletionCallback* callback,
1069 FakeBlockingStreamSocket** out_raw_transport,
1070 std::unique_ptr<SSLClientSocket>* out_sock) {
1071 CHECK(embedded_test_server());
1072
1073 auto real_transport = std::make_unique<TCPClientSocket>(
1074 addr(), nullptr, nullptr, nullptr, NetLogSource());
1075 auto transport =
1076 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
1077 int rv = callback->GetResult(transport->Connect(callback->callback()));
1078 EXPECT_THAT(rv, IsOk());
1079
1080 FakeBlockingStreamSocket* raw_transport = transport.get();
1081 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1082 std::move(transport), host_port_pair(), client_config);
1083
1084 // Connect. Stop before the client processes the first server leg
1085 // (ServerHello, etc.)
1086 raw_transport->BlockReadResult();
1087 rv = sock->Connect(callback->callback());
1088 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1089 raw_transport->WaitForReadResult();
1090
1091 // Release the ServerHello and wait for the client to write
1092 // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the
1093 // server's leg to complete, since it may span multiple reads.)
1094 EXPECT_FALSE(callback->have_result());
1095 raw_transport->BlockWrite();
1096 raw_transport->UnblockReadResult();
1097 raw_transport->WaitForWrite();
1098
1099 // And, finally, release that and block the next server leg
1100 // (ChangeCipherSpec, Finished).
1101 raw_transport->BlockReadResult();
1102 raw_transport->UnblockWrite();
1103
1104 *out_raw_transport = raw_transport;
1105 *out_sock = std::move(sock);
1106 }
1107
TestFalseStart(const SSLServerConfig & server_config,const SSLConfig & client_config,bool expect_false_start)1108 void TestFalseStart(const SSLServerConfig& server_config,
1109 const SSLConfig& client_config,
1110 bool expect_false_start) {
1111 ASSERT_TRUE(
1112 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1113
1114 TestCompletionCallback callback;
1115 FakeBlockingStreamSocket* raw_transport = nullptr;
1116 std::unique_ptr<SSLClientSocket> sock;
1117 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
1118 client_config, &callback, &raw_transport, &sock));
1119
1120 if (expect_false_start) {
1121 // When False Starting, the handshake should complete before receiving the
1122 // Change Cipher Spec and Finished messages.
1123 //
1124 // Note: callback.have_result() may not be true without waiting. The NSS
1125 // state machine sometimes lives on a separate thread, so this thread may
1126 // not yet have processed the signal that the handshake has completed.
1127 int rv = callback.WaitForResult();
1128 EXPECT_THAT(rv, IsOk());
1129 EXPECT_TRUE(sock->IsConnected());
1130
1131 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1132 static const int kRequestTextSize =
1133 static_cast<int>(std::size(request_text) - 1);
1134 auto request_buffer =
1135 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1136 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1137
1138 // Write the request.
1139 rv = callback.GetResult(sock->Write(request_buffer.get(),
1140 kRequestTextSize, callback.callback(),
1141 TRAFFIC_ANNOTATION_FOR_TESTS));
1142 EXPECT_EQ(kRequestTextSize, rv);
1143
1144 // The read will hang; it's waiting for the peer to complete the
1145 // handshake, and the handshake is still blocked.
1146 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1147 rv = sock->Read(buf.get(), 4096, callback.callback());
1148
1149 // After releasing reads, the connection proceeds.
1150 raw_transport->UnblockReadResult();
1151 rv = callback.GetResult(rv);
1152 EXPECT_LT(0, rv);
1153 } else {
1154 // False Start is not enabled, so the handshake will not complete because
1155 // the server second leg is blocked.
1156 base::RunLoop().RunUntilIdle();
1157 EXPECT_FALSE(callback.have_result());
1158 }
1159 }
1160 };
1161
1162 // Sends an HTTP request on the socket and reads the response. This may be used
1163 // to ensure some data has been consumed from the server.
MakeHTTPRequest(StreamSocket * socket,const char * path="/")1164 int MakeHTTPRequest(StreamSocket* socket, const char* path = "/") {
1165 std::string request = base::StringPrintf("GET %s HTTP/1.0\r\n\r\n", path);
1166 TestCompletionCallback callback;
1167 while (!request.empty()) {
1168 auto request_buffer =
1169 base::MakeRefCounted<StringIOBuffer>(std::string(request));
1170 int rv = callback.GetResult(
1171 socket->Write(request_buffer.get(), request_buffer->size(),
1172 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1173 if (rv < 0) {
1174 return rv;
1175 }
1176 request = request.substr(rv);
1177 }
1178
1179 auto response_buffer = base::MakeRefCounted<IOBufferWithSize>(1024);
1180 int rv = callback.GetResult(
1181 socket->Read(response_buffer.get(), 1024, callback.callback()));
1182 if (rv < 0) {
1183 return rv;
1184 }
1185 return OK;
1186 }
1187
1188 // Provides a response to the 0RTT request indicating whether it was received
1189 // as early data.
1190 class ZeroRTTResponse : public test_server::HttpResponse {
1191 public:
ZeroRTTResponse(bool zero_rtt)1192 explicit ZeroRTTResponse(bool zero_rtt) : zero_rtt_(zero_rtt) {}
1193
1194 ZeroRTTResponse(const ZeroRTTResponse&) = delete;
1195 ZeroRTTResponse& operator=(const ZeroRTTResponse&) = delete;
1196
1197 ~ZeroRTTResponse() override = default;
1198
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)1199 void SendResponse(
1200 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
1201 std::string response;
1202 if (zero_rtt_) {
1203 response = "1";
1204 } else {
1205 response = "0";
1206 }
1207
1208 // Since the EmbeddedTestServer doesn't keep the socket open by default, it
1209 // is explicitly kept alive to allow the remaining leg of the 0RTT handshake
1210 // to be received after the early data.
1211 delegate->SendContents(response);
1212 }
1213
1214 private:
1215 bool zero_rtt_;
1216 };
1217
HandleZeroRTTRequest(const test_server::HttpRequest & request)1218 std::unique_ptr<test_server::HttpResponse> HandleZeroRTTRequest(
1219 const test_server::HttpRequest& request) {
1220 if (request.GetURL().path() != "/zerortt" || !request.ssl_info)
1221 return nullptr;
1222
1223 return std::make_unique<ZeroRTTResponse>(
1224 request.ssl_info->early_data_received);
1225 }
1226
1227 class SSLClientSocketZeroRTTTest : public SSLClientSocketTest {
1228 protected:
SSLClientSocketZeroRTTTest()1229 SSLClientSocketZeroRTTTest() : SSLClientSocketTest() {
1230 SSLContextConfig config;
1231 config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
1232 ssl_config_service_->UpdateSSLConfigAndNotify(config);
1233 }
1234
StartServer()1235 bool StartServer() {
1236 SSLServerConfig server_config;
1237 server_config.early_data_enabled = true;
1238 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
1239 return StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config);
1240 }
1241
RegisterEmbeddedTestServerHandlers(EmbeddedTestServer * server)1242 void RegisterEmbeddedTestServerHandlers(EmbeddedTestServer* server) override {
1243 SSLClientSocketTest::RegisterEmbeddedTestServerHandlers(server);
1244 server->RegisterRequestHandler(base::BindRepeating(&HandleZeroRTTRequest));
1245 }
1246
SetServerConfig(SSLServerConfig server_config)1247 void SetServerConfig(SSLServerConfig server_config) {
1248 embedded_test_server()->ResetSSLConfig(net::EmbeddedTestServer::CERT_OK,
1249 server_config);
1250 }
1251
1252 // Makes a new connection to the test server and returns a
1253 // FakeBlockingStreamSocket which may be used to block transport I/O.
1254 //
1255 // Most tests should call BlockReadResult() before calling Connect(). This
1256 // avoid race conditions by controlling the order of events. 0-RTT typically
1257 // races the ServerHello from the server with early data from the client. If
1258 // the ServerHello arrives before client calls Write(), the data may be sent
1259 // with 1-RTT keys rather than 0-RTT keys.
MakeClient(bool early_data_enabled)1260 FakeBlockingStreamSocket* MakeClient(bool early_data_enabled) {
1261 SSLConfig ssl_config;
1262 ssl_config.early_data_enabled = early_data_enabled;
1263
1264 real_transport_ = std::make_unique<TCPClientSocket>(
1265 addr(), nullptr, nullptr, nullptr, NetLogSource());
1266 auto transport =
1267 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport_));
1268 FakeBlockingStreamSocket* raw_transport = transport.get();
1269
1270 int rv = callback_.GetResult(transport->Connect(callback_.callback()));
1271 EXPECT_THAT(rv, IsOk());
1272
1273 ssl_socket_ = CreateSSLClientSocket(std::move(transport), host_port_pair(),
1274 ssl_config);
1275 EXPECT_FALSE(ssl_socket_->IsConnected());
1276
1277 return raw_transport;
1278 }
1279
Connect()1280 int Connect() {
1281 return callback_.GetResult(ssl_socket_->Connect(callback_.callback()));
1282 }
1283
WriteAndWait(base::StringPiece request)1284 int WriteAndWait(base::StringPiece request) {
1285 auto request_buffer =
1286 base::MakeRefCounted<IOBufferWithSize>(request.size());
1287 memcpy(request_buffer->data(), request.data(), request.size());
1288 return callback_.GetResult(
1289 ssl_socket_->Write(request_buffer.get(), request.size(),
1290 callback_.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1291 }
1292
ReadAndWait(IOBuffer * buf,size_t len)1293 int ReadAndWait(IOBuffer* buf, size_t len) {
1294 return callback_.GetResult(
1295 ssl_socket_->Read(buf, len, callback_.callback()));
1296 }
1297
GetSSLInfo(SSLInfo * ssl_info)1298 bool GetSSLInfo(SSLInfo* ssl_info) {
1299 return ssl_socket_->GetSSLInfo(ssl_info);
1300 }
1301
RunInitialConnection()1302 bool RunInitialConnection() {
1303 if (MakeClient(true) == nullptr)
1304 return false;
1305
1306 EXPECT_THAT(Connect(), IsOk());
1307
1308 // Use the socket for an HTTP request to ensure we've processed the
1309 // post-handshake TLS 1.3 ticket.
1310 EXPECT_THAT(MakeHTTPRequest(ssl_socket_.get()), IsOk());
1311
1312 SSLInfo ssl_info;
1313 EXPECT_TRUE(GetSSLInfo(&ssl_info));
1314
1315 // Make sure all asynchronous histogram logging is complete.
1316 base::RunLoop().RunUntilIdle();
1317
1318 return SSLInfo::HANDSHAKE_FULL == ssl_info.handshake_type;
1319 }
1320
ssl_socket()1321 SSLClientSocket* ssl_socket() { return ssl_socket_.get(); }
1322
1323 private:
1324 TestCompletionCallback callback_;
1325 std::unique_ptr<StreamSocket> real_transport_;
1326 std::unique_ptr<SSLClientSocket> ssl_socket_;
1327 };
1328
1329 // Returns a serialized unencrypted TLS 1.2 alert record for the given alert
1330 // value.
FormatTLS12Alert(uint8_t alert)1331 std::string FormatTLS12Alert(uint8_t alert) {
1332 std::string ret;
1333 // ContentType.alert
1334 ret.push_back(21);
1335 // Record-layer version. Assume TLS 1.2.
1336 ret.push_back(0x03);
1337 ret.push_back(0x03);
1338 // Record length.
1339 ret.push_back(0);
1340 ret.push_back(2);
1341 // AlertLevel.fatal.
1342 ret.push_back(2);
1343 // The alert itself.
1344 ret.push_back(alert);
1345 return ret;
1346 }
1347
1348 // A CertVerifier that never returns on any requests.
1349 class HangingCertVerifier : public CertVerifier {
1350 public:
num_active_requests() const1351 int num_active_requests() const { return num_active_requests_; }
1352
WaitForRequest()1353 void WaitForRequest() {
1354 if (!num_active_requests_) {
1355 run_loop_.Run();
1356 }
1357 }
1358
Verify(const RequestParams & params,CertVerifyResult * verify_result,CompletionOnceCallback callback,std::unique_ptr<Request> * out_req,const NetLogWithSource & net_log)1359 int Verify(const RequestParams& params,
1360 CertVerifyResult* verify_result,
1361 CompletionOnceCallback callback,
1362 std::unique_ptr<Request>* out_req,
1363 const NetLogWithSource& net_log) override {
1364 *out_req = std::make_unique<HangingRequest>(this);
1365 return ERR_IO_PENDING;
1366 }
1367
SetConfig(const Config & config)1368 void SetConfig(const Config& config) override {}
AddObserver(Observer * observer)1369 void AddObserver(Observer* observer) override {}
RemoveObserver(Observer * observer)1370 void RemoveObserver(Observer* observer) override {}
1371
1372 private:
1373 class HangingRequest : public Request {
1374 public:
HangingRequest(HangingCertVerifier * verifier)1375 explicit HangingRequest(HangingCertVerifier* verifier)
1376 : verifier_(verifier) {
1377 verifier_->num_active_requests_++;
1378 verifier_->run_loop_.Quit();
1379 }
1380
~HangingRequest()1381 ~HangingRequest() override { verifier_->num_active_requests_--; }
1382
1383 private:
1384 raw_ptr<HangingCertVerifier> verifier_;
1385 };
1386
1387 base::RunLoop run_loop_;
1388 int num_active_requests_ = 0;
1389 };
1390
1391 class MockSSLClientContextObserver : public SSLClientContext::Observer {
1392 public:
1393 MOCK_METHOD1(OnSSLConfigChanged, void(SSLClientContext::SSLConfigChangeType));
1394 MOCK_METHOD1(OnSSLConfigForServersChanged,
1395 void(const base::flat_set<HostPortPair>&));
1396 };
1397
1398 } // namespace
1399
1400 INSTANTIATE_TEST_SUITE_P(TLSVersion,
1401 SSLClientSocketVersionTest,
1402 ValuesIn(GetTLSVersions()));
1403
TEST_P(SSLClientSocketVersionTest,Connect)1404 TEST_P(SSLClientSocketVersionTest, Connect) {
1405 ASSERT_TRUE(
1406 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1407
1408 TestCompletionCallback callback;
1409 auto transport = std::make_unique<TCPClientSocket>(
1410 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
1411 int rv = callback.GetResult(transport->Connect(callback.callback()));
1412 EXPECT_THAT(rv, IsOk());
1413
1414 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1415 std::move(transport), host_port_pair(), SSLConfig()));
1416
1417 EXPECT_FALSE(sock->IsConnected());
1418
1419 rv = sock->Connect(callback.callback());
1420
1421 auto entries = log_observer_.GetEntries();
1422 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLogEventType::SSL_CONNECT));
1423 if (rv == ERR_IO_PENDING)
1424 rv = callback.WaitForResult();
1425 EXPECT_THAT(rv, IsOk());
1426 EXPECT_TRUE(sock->IsConnected());
1427 entries = log_observer_.GetEntries();
1428 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1429
1430 sock->Disconnect();
1431 EXPECT_FALSE(sock->IsConnected());
1432 }
1433
TEST_P(SSLClientSocketVersionTest,ConnectSyncVerify)1434 TEST_P(SSLClientSocketVersionTest, ConnectSyncVerify) {
1435 ASSERT_TRUE(
1436 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1437
1438 cert_verifier_->set_async(false);
1439 int rv;
1440 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1441 EXPECT_THAT(rv, IsError(OK));
1442 }
1443
TEST_P(SSLClientSocketVersionTest,ConnectExpired)1444 TEST_P(SSLClientSocketVersionTest, ConnectExpired) {
1445 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED,
1446 GetServerConfig()));
1447
1448 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1449
1450 int rv;
1451 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1452 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1453
1454 // Rather than testing whether or not the underlying socket is connected,
1455 // test that the handshake has finished. This is because it may be
1456 // desirable to disconnect the socket before showing a user prompt, since
1457 // the user may take indefinitely long to respond.
1458 auto entries = log_observer_.GetEntries();
1459 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1460 }
1461
TEST_P(SSLClientSocketVersionTest,ConnectExpiredSyncVerify)1462 TEST_P(SSLClientSocketVersionTest, ConnectExpiredSyncVerify) {
1463 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED,
1464 GetServerConfig()));
1465
1466 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1467 cert_verifier_->set_async(false);
1468
1469 int rv;
1470 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1471 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1472 }
1473
1474 // Test that SSLClientSockets may be destroyed while waiting on a certificate
1475 // verification.
TEST_P(SSLClientSocketVersionTest,SocketDestroyedDuringVerify)1476 TEST_P(SSLClientSocketVersionTest, SocketDestroyedDuringVerify) {
1477 ASSERT_TRUE(
1478 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1479
1480 HangingCertVerifier verifier;
1481 context_ = std::make_unique<SSLClientContext>(
1482 ssl_config_service_.get(), &verifier, transport_security_state_.get(),
1483 ct_policy_enforcer_.get(), ssl_client_session_cache_.get(), nullptr);
1484
1485 TestCompletionCallback callback;
1486 auto transport = std::make_unique<TCPClientSocket>(
1487 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
1488 int rv = callback.GetResult(transport->Connect(callback.callback()));
1489 ASSERT_THAT(rv, IsOk());
1490
1491 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1492 std::move(transport), host_port_pair(), SSLConfig());
1493 rv = sock->Connect(callback.callback());
1494 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1495
1496 // The socket should attempt a certificate verification.
1497 verifier.WaitForRequest();
1498 EXPECT_EQ(1, verifier.num_active_requests());
1499
1500 // Destroying the socket should cancel it.
1501 sock = nullptr;
1502 EXPECT_EQ(0, verifier.num_active_requests());
1503
1504 context_ = nullptr;
1505 }
1506
TEST_P(SSLClientSocketVersionTest,ConnectMismatched)1507 TEST_P(SSLClientSocketVersionTest, ConnectMismatched) {
1508 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_MISMATCHED_NAME,
1509 GetServerConfig()));
1510
1511 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
1512
1513 int rv;
1514 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1515 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
1516
1517 // Rather than testing whether or not the underlying socket is connected,
1518 // test that the handshake has finished. This is because it may be
1519 // desirable to disconnect the socket before showing a user prompt, since
1520 // the user may take indefinitely long to respond.
1521 auto entries = log_observer_.GetEntries();
1522 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1523 }
1524
1525 // Tests that certificates parsable by SSLClientSocket's internal SSL
1526 // implementation, but not X509Certificate are treated as fatal connection
1527 // errors. This is a regression test for https://crbug.com/91341.
TEST_P(SSLClientSocketVersionTest,ConnectBadValidity)1528 TEST_P(SSLClientSocketVersionTest, ConnectBadValidity) {
1529 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_BAD_VALIDITY,
1530 GetServerConfig()));
1531 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1532
1533 SSLConfig ssl_config;
1534 int rv;
1535 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
1536 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1537 }
1538
1539 // Ignoring the certificate error from an invalid certificate should
1540 // allow a complete connection.
TEST_P(SSLClientSocketVersionTest,ConnectBadValidityIgnoreCertErrors)1541 TEST_P(SSLClientSocketVersionTest, ConnectBadValidityIgnoreCertErrors) {
1542 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_BAD_VALIDITY,
1543 GetServerConfig()));
1544 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1545
1546 SSLConfig ssl_config;
1547 ssl_config.ignore_certificate_errors = true;
1548 int rv;
1549 CreateAndConnectSSLClientSocket(ssl_config, &rv);
1550 EXPECT_THAT(rv, IsOk());
1551 EXPECT_TRUE(sock_->IsConnected());
1552 }
1553
1554 // Client certificates are disabled on iOS.
1555 #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
1556 // Attempt to connect to a page which requests a client certificate. It should
1557 // return an error code on connect.
TEST_P(SSLClientSocketVersionTest,ConnectClientAuthCertRequested)1558 TEST_P(SSLClientSocketVersionTest, ConnectClientAuthCertRequested) {
1559 SSLServerConfig server_config = GetServerConfig();
1560 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
1561 ASSERT_TRUE(
1562 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1563
1564 int rv;
1565 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1566 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
1567
1568 auto entries = log_observer_.GetEntries();
1569 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1570 EXPECT_FALSE(sock_->IsConnected());
1571 }
1572
1573 // Connect to a server requesting optional client authentication. Send it a
1574 // null certificate. It should allow the connection.
TEST_P(SSLClientSocketVersionTest,ConnectClientAuthSendNullCert)1575 TEST_P(SSLClientSocketVersionTest, ConnectClientAuthSendNullCert) {
1576 SSLServerConfig server_config = GetServerConfig();
1577 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
1578 ASSERT_TRUE(
1579 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1580
1581 // Our test server accepts certificate-less connections.
1582 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
1583
1584 int rv;
1585 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1586 EXPECT_THAT(rv, IsOk());
1587
1588 // We responded to the server's certificate request with a Certificate
1589 // message with no client certificate in it. ssl_info.client_cert_sent
1590 // should be false in this case.
1591 SSLInfo ssl_info;
1592 sock_->GetSSLInfo(&ssl_info);
1593 EXPECT_FALSE(ssl_info.client_cert_sent);
1594
1595 sock_->Disconnect();
1596 EXPECT_FALSE(sock_->IsConnected());
1597 }
1598 #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
1599
1600 // TODO(wtc): Add unit tests for IsConnectedAndIdle:
1601 // - Server closes an SSL connection (with a close_notify alert message).
1602 // - Server closes the underlying TCP connection directly.
1603 // - Server sends data unexpectedly.
1604
1605 // Tests that the socket can be read from successfully. Also test that a peer's
1606 // close_notify alert is successfully processed without error.
TEST_P(SSLClientSocketReadTest,Read)1607 TEST_P(SSLClientSocketReadTest, Read) {
1608 ASSERT_TRUE(
1609 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1610
1611 TestCompletionCallback callback;
1612 auto transport = std::make_unique<TCPClientSocket>(addr(), nullptr, nullptr,
1613 nullptr, NetLogSource());
1614 EXPECT_EQ(0, transport->GetTotalReceivedBytes());
1615
1616 int rv = callback.GetResult(transport->Connect(callback.callback()));
1617 EXPECT_THAT(rv, IsOk());
1618
1619 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1620 std::move(transport), host_port_pair(), SSLConfig()));
1621 EXPECT_EQ(0, sock->GetTotalReceivedBytes());
1622
1623 rv = callback.GetResult(sock->Connect(callback.callback()));
1624 EXPECT_THAT(rv, IsOk());
1625
1626 // Number of network bytes received should increase because of SSL socket
1627 // establishment.
1628 EXPECT_GT(sock->GetTotalReceivedBytes(), 0);
1629
1630 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1631 auto request_buffer =
1632 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
1633 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
1634
1635 rv = callback.GetResult(
1636 sock->Write(request_buffer.get(), std::size(request_text) - 1,
1637 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1638 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
1639
1640 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1641 int64_t unencrypted_bytes_read = 0;
1642 int64_t network_bytes_read_during_handshake = sock->GetTotalReceivedBytes();
1643 do {
1644 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
1645 EXPECT_GE(rv, 0);
1646 if (rv >= 0) {
1647 unencrypted_bytes_read += rv;
1648 }
1649 } while (rv > 0);
1650 EXPECT_GT(unencrypted_bytes_read, 0);
1651 // Reading the payload should increase the number of bytes on network layer.
1652 EXPECT_GT(sock->GetTotalReceivedBytes(), network_bytes_read_during_handshake);
1653 // Number of bytes received on the network after the handshake should be
1654 // higher than the number of encrypted bytes read.
1655 EXPECT_GE(sock->GetTotalReceivedBytes() - network_bytes_read_during_handshake,
1656 unencrypted_bytes_read);
1657
1658 // The peer should have cleanly closed the connection with a close_notify.
1659 EXPECT_EQ(0, rv);
1660 }
1661
1662 // Tests that SSLClientSocket properly handles when the underlying transport
1663 // synchronously fails a transport write in during the handshake.
TEST_F(SSLClientSocketTest,Connect_WithSynchronousError)1664 TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
1665 ASSERT_TRUE(
1666 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
1667
1668 TestCompletionCallback callback;
1669 auto real_transport = std::make_unique<TCPClientSocket>(
1670 addr(), nullptr, nullptr, nullptr, NetLogSource());
1671 auto transport =
1672 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1673 int rv = callback.GetResult(transport->Connect(callback.callback()));
1674 EXPECT_THAT(rv, IsOk());
1675
1676 SynchronousErrorStreamSocket* raw_transport = transport.get();
1677 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1678 std::move(transport), host_port_pair(), SSLConfig()));
1679
1680 raw_transport->SetNextWriteError(ERR_CONNECTION_RESET);
1681
1682 rv = callback.GetResult(sock->Connect(callback.callback()));
1683 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1684 EXPECT_FALSE(sock->IsConnected());
1685 }
1686
1687 // Tests that the SSLClientSocket properly handles when the underlying transport
1688 // synchronously returns an error code - such as if an intermediary terminates
1689 // the socket connection uncleanly.
1690 // This is a regression test for http://crbug.com/238536
TEST_P(SSLClientSocketReadTest,Read_WithSynchronousError)1691 TEST_P(SSLClientSocketReadTest, Read_WithSynchronousError) {
1692 ASSERT_TRUE(
1693 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1694
1695 TestCompletionCallback callback;
1696 auto real_transport = std::make_unique<TCPClientSocket>(
1697 addr(), nullptr, nullptr, nullptr, NetLogSource());
1698 auto transport =
1699 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1700 int rv = callback.GetResult(transport->Connect(callback.callback()));
1701 EXPECT_THAT(rv, IsOk());
1702
1703 SSLConfig config;
1704 config.disable_post_handshake_peek_for_testing = true;
1705 SynchronousErrorStreamSocket* raw_transport = transport.get();
1706 std::unique_ptr<SSLClientSocket> sock(
1707 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
1708
1709 rv = callback.GetResult(sock->Connect(callback.callback()));
1710 EXPECT_THAT(rv, IsOk());
1711 EXPECT_TRUE(sock->IsConnected());
1712
1713 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1714 static const int kRequestTextSize =
1715 static_cast<int>(std::size(request_text) - 1);
1716 auto request_buffer =
1717 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1718 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1719
1720 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1721 callback.callback(),
1722 TRAFFIC_ANNOTATION_FOR_TESTS));
1723 EXPECT_EQ(kRequestTextSize, rv);
1724
1725 // Simulate an unclean/forcible shutdown.
1726 raw_transport->SetNextReadError(ERR_CONNECTION_RESET);
1727
1728 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1729
1730 // Note: This test will hang if this bug has regressed. Simply checking that
1731 // rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING is a legitimate
1732 // result when using a dedicated task runner for NSS.
1733 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
1734 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1735 }
1736
1737 // Tests that the SSLClientSocket properly handles when the underlying transport
1738 // asynchronously returns an error code while writing data - such as if an
1739 // intermediary terminates the socket connection uncleanly.
1740 // This is a regression test for http://crbug.com/249848
TEST_P(SSLClientSocketVersionTest,Write_WithSynchronousError)1741 TEST_P(SSLClientSocketVersionTest, Write_WithSynchronousError) {
1742 ASSERT_TRUE(
1743 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1744
1745 TestCompletionCallback callback;
1746 auto real_transport = std::make_unique<TCPClientSocket>(
1747 addr(), nullptr, nullptr, nullptr, NetLogSource());
1748 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1749 // is retained in order to configure additional errors.
1750 auto error_socket =
1751 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1752 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1753 auto transport =
1754 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1755 FakeBlockingStreamSocket* raw_transport = transport.get();
1756 int rv = callback.GetResult(transport->Connect(callback.callback()));
1757 EXPECT_THAT(rv, IsOk());
1758
1759 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1760 std::move(transport), host_port_pair(), SSLConfig()));
1761
1762 rv = callback.GetResult(sock->Connect(callback.callback()));
1763 EXPECT_THAT(rv, IsOk());
1764 EXPECT_TRUE(sock->IsConnected());
1765
1766 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1767 static const int kRequestTextSize =
1768 static_cast<int>(std::size(request_text) - 1);
1769 auto request_buffer =
1770 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1771 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1772
1773 // Simulate an unclean/forcible shutdown on the underlying socket.
1774 // However, simulate this error asynchronously.
1775 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1776 raw_transport->BlockWrite();
1777
1778 // This write should complete synchronously, because the TLS ciphertext
1779 // can be created and placed into the outgoing buffers independent of the
1780 // underlying transport.
1781 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1782 callback.callback(),
1783 TRAFFIC_ANNOTATION_FOR_TESTS));
1784 EXPECT_EQ(kRequestTextSize, rv);
1785
1786 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1787
1788 rv = sock->Read(buf.get(), 4096, callback.callback());
1789 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1790
1791 // Now unblock the outgoing request, having it fail with the connection
1792 // being reset.
1793 raw_transport->UnblockWrite();
1794
1795 // Note: This will cause an inifite loop if this bug has regressed. Simply
1796 // checking that rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING
1797 // is a legitimate result when using a dedicated task runner for NSS.
1798 rv = callback.GetResult(rv);
1799 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1800 }
1801
1802 // If there is a Write failure at the transport with no follow-up Read, although
1803 // the write error will not be returned to the client until a future Read or
1804 // Write operation, SSLClientSocket should not spin attempting to re-write on
1805 // the socket. This is a regression test for part of https://crbug.com/381160.
TEST_P(SSLClientSocketVersionTest,Write_WithSynchronousErrorNoRead)1806 TEST_P(SSLClientSocketVersionTest, Write_WithSynchronousErrorNoRead) {
1807 ASSERT_TRUE(
1808 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
1809
1810 TestCompletionCallback callback;
1811 auto real_transport = std::make_unique<TCPClientSocket>(
1812 addr(), nullptr, nullptr, nullptr, NetLogSource());
1813 // Note: intermediate sockets' ownership are handed to |sock|, but a pointer
1814 // is retained in order to query them.
1815 auto error_socket =
1816 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1817 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1818 auto counting_socket =
1819 std::make_unique<CountingStreamSocket>(std::move(error_socket));
1820 CountingStreamSocket* raw_counting_socket = counting_socket.get();
1821 int rv = callback.GetResult(counting_socket->Connect(callback.callback()));
1822 ASSERT_THAT(rv, IsOk());
1823
1824 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1825 std::move(counting_socket), host_port_pair(), SSLConfig()));
1826
1827 rv = callback.GetResult(sock->Connect(callback.callback()));
1828 ASSERT_THAT(rv, IsOk());
1829 ASSERT_TRUE(sock->IsConnected());
1830
1831 // Simulate an unclean/forcible shutdown on the underlying socket.
1832 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1833
1834 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1835 static const int kRequestTextSize =
1836 static_cast<int>(std::size(request_text) - 1);
1837 auto request_buffer =
1838 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1839 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1840
1841 // This write should complete synchronously, because the TLS ciphertext
1842 // can be created and placed into the outgoing buffers independent of the
1843 // underlying transport.
1844 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1845 callback.callback(),
1846 TRAFFIC_ANNOTATION_FOR_TESTS));
1847 ASSERT_EQ(kRequestTextSize, rv);
1848
1849 // Let the event loop spin for a little bit of time. Even on platforms where
1850 // pumping the state machine involve thread hops, there should be no further
1851 // writes on the transport socket.
1852 //
1853 // TODO(davidben): Avoid the arbitrary timeout?
1854 int old_write_count = raw_counting_socket->write_count();
1855 base::RunLoop loop;
1856 base::SingleThreadTaskRunner::GetCurrentDefault()->PostDelayedTask(
1857 FROM_HERE, loop.QuitClosure(), base::Milliseconds(100));
1858 loop.Run();
1859 EXPECT_EQ(old_write_count, raw_counting_socket->write_count());
1860 }
1861
1862 // Test the full duplex mode, with Read and Write pending at the same time.
1863 // This test also serves as a regression test for http://crbug.com/29815.
TEST_P(SSLClientSocketReadTest,Read_FullDuplex)1864 TEST_P(SSLClientSocketReadTest, Read_FullDuplex) {
1865 ASSERT_TRUE(
1866 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1867
1868 int rv;
1869 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1870 EXPECT_THAT(rv, IsOk());
1871
1872 // Issue a "hanging" Read first.
1873 TestCompletionCallback callback;
1874 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1875 int read_rv = Read(sock_.get(), buf.get(), 4096, callback.callback());
1876 // We haven't written the request, so there should be no response yet.
1877 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
1878
1879 // Write the request.
1880 // The request is padded with a User-Agent header to a size that causes the
1881 // memio circular buffer (4k bytes) in SSLClientSocketNSS to wrap around.
1882 // This tests the fix for http://crbug.com/29815.
1883 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1884 for (int i = 0; i < 3770; ++i)
1885 request_text.push_back('*');
1886 request_text.append("\r\n\r\n");
1887 auto request_buffer = base::MakeRefCounted<StringIOBuffer>(request_text);
1888
1889 TestCompletionCallback callback2; // Used for Write only.
1890 rv = callback2.GetResult(
1891 sock_->Write(request_buffer.get(), request_text.size(),
1892 callback2.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1893 EXPECT_EQ(static_cast<int>(request_text.size()), rv);
1894
1895 // Now get the Read result.
1896 read_rv =
1897 WaitForReadCompletion(sock_.get(), buf.get(), 4096, &callback, read_rv);
1898 EXPECT_GT(read_rv, 0);
1899 }
1900
1901 // Attempts to Read() and Write() from an SSLClientSocketNSS in full duplex
1902 // mode when the underlying transport is blocked on sending data. When the
1903 // underlying transport completes due to an error, it should invoke both the
1904 // Read() and Write() callbacks. If the socket is deleted by the Read()
1905 // callback, the Write() callback should not be invoked.
1906 // Regression test for http://crbug.com/232633
TEST_P(SSLClientSocketReadTest,Read_DeleteWhilePendingFullDuplex)1907 TEST_P(SSLClientSocketReadTest, Read_DeleteWhilePendingFullDuplex) {
1908 ASSERT_TRUE(
1909 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1910
1911 TestCompletionCallback callback;
1912 auto real_transport = std::make_unique<TCPClientSocket>(
1913 addr(), nullptr, nullptr, nullptr, NetLogSource());
1914 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1915 // is retained in order to configure additional errors.
1916 auto error_socket =
1917 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1918 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1919 auto transport =
1920 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1921 FakeBlockingStreamSocket* raw_transport = transport.get();
1922
1923 int rv = callback.GetResult(transport->Connect(callback.callback()));
1924 EXPECT_THAT(rv, IsOk());
1925
1926 SSLConfig config;
1927 config.disable_post_handshake_peek_for_testing = true;
1928 std::unique_ptr<SSLClientSocket> sock =
1929 CreateSSLClientSocket(std::move(transport), host_port_pair(), config);
1930
1931 rv = callback.GetResult(sock->Connect(callback.callback()));
1932 EXPECT_THAT(rv, IsOk());
1933 EXPECT_TRUE(sock->IsConnected());
1934
1935 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1936 request_text.append(20 * 1024, '*');
1937 request_text.append("\r\n\r\n");
1938 scoped_refptr<DrainableIOBuffer> request_buffer =
1939 base::MakeRefCounted<DrainableIOBuffer>(
1940 base::MakeRefCounted<StringIOBuffer>(request_text),
1941 request_text.size());
1942
1943 // Simulate errors being returned from the underlying Read() and Write() ...
1944 raw_error_socket->SetNextReadError(ERR_CONNECTION_RESET);
1945 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1946 // ... but have those errors returned asynchronously. Because the Write() will
1947 // return first, this will trigger the error.
1948 raw_transport->BlockReadResult();
1949 raw_transport->BlockWrite();
1950
1951 // Enqueue a Read() before calling Write(), which should "hang" due to
1952 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return.
1953 SSLClientSocket* raw_sock = sock.get();
1954 DeleteSocketCallback read_callback(sock.release());
1955 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1956 rv = Read(raw_sock, read_buf.get(), 4096, read_callback.callback());
1957
1958 // Ensure things didn't complete synchronously, otherwise |sock| is invalid.
1959 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1960 ASSERT_FALSE(read_callback.have_result());
1961
1962 // Attempt to write the remaining data. OpenSSL will return that its blocked
1963 // because the underlying transport is blocked.
1964 rv = raw_sock->Write(request_buffer.get(), request_buffer->BytesRemaining(),
1965 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS);
1966 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1967 ASSERT_FALSE(callback.have_result());
1968
1969 // Now unblock Write(), which will invoke OnSendComplete and (eventually)
1970 // call the Read() callback, deleting the socket and thus aborting calling
1971 // the Write() callback.
1972 raw_transport->UnblockWrite();
1973
1974 // |read_callback| deletes |sock| so if ReadIfReady() is used, we will get OK
1975 // asynchronously but can't continue reading because the socket is gone.
1976 rv = read_callback.WaitForResult();
1977 if (test_ssl_read_if_ready()) {
1978 EXPECT_THAT(rv, IsOk());
1979 } else {
1980 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1981 }
1982
1983 // The Write callback should not have been called.
1984 EXPECT_FALSE(callback.have_result());
1985 }
1986
1987 // Tests that the SSLClientSocket does not crash if data is received on the
1988 // transport socket after a failing write. This can occur if we have a Write
1989 // error in a SPDY socket.
1990 // Regression test for http://crbug.com/335557
TEST_P(SSLClientSocketReadTest,Read_WithWriteError)1991 TEST_P(SSLClientSocketReadTest, Read_WithWriteError) {
1992 ASSERT_TRUE(
1993 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1994
1995 TestCompletionCallback callback;
1996 auto real_transport = std::make_unique<TCPClientSocket>(
1997 addr(), nullptr, nullptr, nullptr, NetLogSource());
1998 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1999 // is retained in order to configure additional errors.
2000 auto error_socket =
2001 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2002 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
2003 auto transport =
2004 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
2005 FakeBlockingStreamSocket* raw_transport = transport.get();
2006
2007 int rv = callback.GetResult(transport->Connect(callback.callback()));
2008 EXPECT_THAT(rv, IsOk());
2009
2010 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2011 std::move(transport), host_port_pair(), SSLConfig()));
2012
2013 rv = callback.GetResult(sock->Connect(callback.callback()));
2014 EXPECT_THAT(rv, IsOk());
2015 EXPECT_TRUE(sock->IsConnected());
2016
2017 // Send a request so there is something to read from the socket.
2018 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2019 static const int kRequestTextSize =
2020 static_cast<int>(std::size(request_text) - 1);
2021 auto request_buffer =
2022 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
2023 memcpy(request_buffer->data(), request_text, kRequestTextSize);
2024
2025 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
2026 callback.callback(),
2027 TRAFFIC_ANNOTATION_FOR_TESTS));
2028 EXPECT_EQ(kRequestTextSize, rv);
2029
2030 // Start a hanging read.
2031 TestCompletionCallback read_callback;
2032 raw_transport->BlockReadResult();
2033 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2034 rv = Read(sock.get(), buf.get(), 4096, read_callback.callback());
2035 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2036
2037 // Perform another write, but have it fail. Write a request larger than the
2038 // internal socket buffers so that the request hits the underlying transport
2039 // socket and detects the error.
2040 std::string long_request_text =
2041 "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
2042 long_request_text.append(20 * 1024, '*');
2043 long_request_text.append("\r\n\r\n");
2044 scoped_refptr<DrainableIOBuffer> long_request_buffer =
2045 base::MakeRefCounted<DrainableIOBuffer>(
2046 base::MakeRefCounted<StringIOBuffer>(long_request_text),
2047 long_request_text.size());
2048
2049 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
2050
2051 // Write as much data as possible until hitting an error.
2052 do {
2053 rv = callback.GetResult(sock->Write(
2054 long_request_buffer.get(), long_request_buffer->BytesRemaining(),
2055 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2056 if (rv > 0) {
2057 long_request_buffer->DidConsume(rv);
2058 // Abort if the entire input is ever consumed. The input is larger than
2059 // the SSLClientSocket's write buffers.
2060 ASSERT_LT(0, long_request_buffer->BytesRemaining());
2061 }
2062 } while (rv > 0);
2063
2064 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
2065
2066 // At this point the Read result is available. Transport write errors are
2067 // surfaced through Writes. See https://crbug.com/249848.
2068 rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv);
2069 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
2070
2071 // Release the read. This does not cause a crash.
2072 raw_transport->UnblockReadResult();
2073 base::RunLoop().RunUntilIdle();
2074 }
2075
2076 // Tests that SSLClientSocket fails the handshake if the underlying
2077 // transport is cleanly closed.
TEST_F(SSLClientSocketTest,Connect_WithZeroReturn)2078 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) {
2079 // There is no need to vary by TLS version because this test never reads a
2080 // response from the server.
2081 ASSERT_TRUE(
2082 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2083
2084 TestCompletionCallback callback;
2085 auto real_transport = std::make_unique<TCPClientSocket>(
2086 addr(), nullptr, nullptr, nullptr, NetLogSource());
2087 auto transport =
2088 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2089 int rv = callback.GetResult(transport->Connect(callback.callback()));
2090 EXPECT_THAT(rv, IsOk());
2091
2092 SynchronousErrorStreamSocket* raw_transport = transport.get();
2093 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2094 std::move(transport), host_port_pair(), SSLConfig()));
2095
2096 raw_transport->SetNextReadError(0);
2097
2098 rv = callback.GetResult(sock->Connect(callback.callback()));
2099 EXPECT_THAT(rv, IsError(ERR_CONNECTION_CLOSED));
2100 EXPECT_FALSE(sock->IsConnected());
2101 }
2102
2103 // Tests that SSLClientSocket returns a Read of size 0 if the underlying socket
2104 // is cleanly closed, but the peer does not send close_notify.
2105 // This is a regression test for https://crbug.com/422246
TEST_P(SSLClientSocketReadTest,Read_WithZeroReturn)2106 TEST_P(SSLClientSocketReadTest, Read_WithZeroReturn) {
2107 ASSERT_TRUE(
2108 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2109
2110 TestCompletionCallback callback;
2111 auto real_transport = std::make_unique<TCPClientSocket>(
2112 addr(), nullptr, nullptr, nullptr, NetLogSource());
2113 auto transport =
2114 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2115 int rv = callback.GetResult(transport->Connect(callback.callback()));
2116 EXPECT_THAT(rv, IsOk());
2117
2118 SSLConfig config;
2119 config.disable_post_handshake_peek_for_testing = true;
2120 SynchronousErrorStreamSocket* raw_transport = transport.get();
2121 std::unique_ptr<SSLClientSocket> sock(
2122 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2123
2124 rv = callback.GetResult(sock->Connect(callback.callback()));
2125 EXPECT_THAT(rv, IsOk());
2126 EXPECT_TRUE(sock->IsConnected());
2127
2128 raw_transport->SetNextReadError(0);
2129 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2130 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
2131 EXPECT_EQ(0, rv);
2132 }
2133
2134 // Tests that SSLClientSocket cleanly returns a Read of size 0 if the
2135 // underlying socket is cleanly closed asynchronously.
2136 // This is a regression test for https://crbug.com/422246
TEST_P(SSLClientSocketReadTest,Read_WithAsyncZeroReturn)2137 TEST_P(SSLClientSocketReadTest, Read_WithAsyncZeroReturn) {
2138 ASSERT_TRUE(
2139 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2140
2141 TestCompletionCallback callback;
2142 auto real_transport = std::make_unique<TCPClientSocket>(
2143 addr(), nullptr, nullptr, nullptr, NetLogSource());
2144 auto error_socket =
2145 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2146 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
2147 auto transport =
2148 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
2149 FakeBlockingStreamSocket* raw_transport = transport.get();
2150 int rv = callback.GetResult(transport->Connect(callback.callback()));
2151 EXPECT_THAT(rv, IsOk());
2152
2153 SSLConfig config;
2154 config.disable_post_handshake_peek_for_testing = true;
2155 std::unique_ptr<SSLClientSocket> sock(
2156 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2157
2158 rv = callback.GetResult(sock->Connect(callback.callback()));
2159 EXPECT_THAT(rv, IsOk());
2160 EXPECT_TRUE(sock->IsConnected());
2161
2162 raw_error_socket->SetNextReadError(0);
2163 raw_transport->BlockReadResult();
2164 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2165 TestCompletionCallback read_callback;
2166 rv = Read(sock.get(), buf.get(), 4096, read_callback.callback());
2167 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2168
2169 raw_transport->UnblockReadResult();
2170 rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv);
2171 EXPECT_EQ(0, rv);
2172 }
2173
2174 // Tests that fatal alerts from the peer are processed. This is a regression
2175 // test for https://crbug.com/466303.
TEST_P(SSLClientSocketReadTest,Read_WithFatalAlert)2176 TEST_P(SSLClientSocketReadTest, Read_WithFatalAlert) {
2177 SSLServerConfig server_config = GetServerConfig();
2178 server_config.alert_after_handshake_for_testing = SSL_AD_INTERNAL_ERROR;
2179 ASSERT_TRUE(
2180 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2181
2182 int rv;
2183 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2184 EXPECT_THAT(rv, IsOk());
2185
2186 // Receive the fatal alert.
2187 TestCompletionCallback callback;
2188 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2189 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR,
2190 ReadAndWaitForCompletion(sock_.get(), buf.get(), 4096));
2191 }
2192
TEST_P(SSLClientSocketReadTest,Read_SmallChunks)2193 TEST_P(SSLClientSocketReadTest, Read_SmallChunks) {
2194 ASSERT_TRUE(
2195 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2196
2197 int rv;
2198 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2199 EXPECT_THAT(rv, IsOk());
2200
2201 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2202 auto request_buffer =
2203 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2204 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2205
2206 TestCompletionCallback callback;
2207 rv = callback.GetResult(
2208 sock_->Write(request_buffer.get(), std::size(request_text) - 1,
2209 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2210 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2211
2212 auto buf = base::MakeRefCounted<IOBufferWithSize>(1);
2213 do {
2214 rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 1);
2215 EXPECT_GE(rv, 0);
2216 } while (rv > 0);
2217 }
2218
TEST_P(SSLClientSocketReadTest,Read_ManySmallRecords)2219 TEST_P(SSLClientSocketReadTest, Read_ManySmallRecords) {
2220 ASSERT_TRUE(
2221 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2222
2223 TestCompletionCallback callback;
2224
2225 auto real_transport = std::make_unique<TCPClientSocket>(
2226 addr(), nullptr, nullptr, nullptr, NetLogSource());
2227 auto transport =
2228 std::make_unique<ReadBufferingStreamSocket>(std::move(real_transport));
2229 ReadBufferingStreamSocket* raw_transport = transport.get();
2230 int rv = callback.GetResult(transport->Connect(callback.callback()));
2231 ASSERT_THAT(rv, IsOk());
2232
2233 SSLConfig config;
2234 config.disable_post_handshake_peek_for_testing = true;
2235 std::unique_ptr<SSLClientSocket> sock(
2236 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2237
2238 rv = callback.GetResult(sock->Connect(callback.callback()));
2239 ASSERT_THAT(rv, IsOk());
2240 ASSERT_TRUE(sock->IsConnected());
2241
2242 const char request_text[] = "GET /ssl-many-small-records HTTP/1.0\r\n\r\n";
2243 auto request_buffer =
2244 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2245 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2246
2247 rv = callback.GetResult(
2248 sock->Write(request_buffer.get(), std::size(request_text) - 1,
2249 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2250 ASSERT_GT(rv, 0);
2251 ASSERT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2252
2253 // Note: This relies on SSLClientSocketNSS attempting to read up to 17K of
2254 // data (the max SSL record size) at a time. Ensure that at least 15K worth
2255 // of SSL data is buffered first. The 15K of buffered data is made up of
2256 // many smaller SSL records (the TestServer writes along 1350 byte
2257 // plaintext boundaries), although there may also be a few records that are
2258 // smaller or larger, due to timing and SSL False Start.
2259 // 15K was chosen because 15K is smaller than the 17K (max) read issued by
2260 // the SSLClientSocket implementation, and larger than the minimum amount
2261 // of ciphertext necessary to contain the 8K of plaintext requested below.
2262 raw_transport->BufferNextRead(15000);
2263
2264 auto buffer = base::MakeRefCounted<IOBufferWithSize>(8192);
2265 rv = ReadAndWaitForCompletion(sock.get(), buffer.get(), 8192);
2266 ASSERT_EQ(rv, 8192);
2267 }
2268
TEST_P(SSLClientSocketReadTest,Read_Interrupted)2269 TEST_P(SSLClientSocketReadTest, Read_Interrupted) {
2270 ASSERT_TRUE(
2271 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2272
2273 int rv;
2274 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2275 EXPECT_THAT(rv, IsOk());
2276
2277 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2278 auto request_buffer =
2279 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2280 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2281
2282 TestCompletionCallback callback;
2283 rv = callback.GetResult(
2284 sock_->Write(request_buffer.get(), std::size(request_text) - 1,
2285 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2286 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2287
2288 // Do a partial read and then exit. This test should not crash!
2289 auto buf = base::MakeRefCounted<IOBufferWithSize>(512);
2290 rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 512);
2291 EXPECT_GT(rv, 0);
2292 }
2293
TEST_P(SSLClientSocketReadTest,Read_FullLogging)2294 TEST_P(SSLClientSocketReadTest, Read_FullLogging) {
2295 ASSERT_TRUE(
2296 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2297
2298 TestCompletionCallback callback;
2299 log_observer_.SetObserverCaptureMode(NetLogCaptureMode::kEverything);
2300 auto transport = std::make_unique<TCPClientSocket>(
2301 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2302 int rv = callback.GetResult(transport->Connect(callback.callback()));
2303 EXPECT_THAT(rv, IsOk());
2304
2305 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2306 std::move(transport), host_port_pair(), SSLConfig()));
2307
2308 rv = callback.GetResult(sock->Connect(callback.callback()));
2309 EXPECT_THAT(rv, IsOk());
2310 EXPECT_TRUE(sock->IsConnected());
2311
2312 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2313 auto request_buffer =
2314 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2315 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2316
2317 rv = callback.GetResult(
2318 sock->Write(request_buffer.get(), std::size(request_text) - 1,
2319 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2320 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2321
2322 auto entries = log_observer_.GetEntries();
2323 size_t last_index = ExpectLogContainsSomewhereAfter(
2324 entries, 5, NetLogEventType::SSL_SOCKET_BYTES_SENT,
2325 NetLogEventPhase::NONE);
2326
2327 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2328 for (;;) {
2329 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
2330 EXPECT_GE(rv, 0);
2331 if (rv <= 0)
2332 break;
2333
2334 entries = log_observer_.GetEntries();
2335 last_index = ExpectLogContainsSomewhereAfter(
2336 entries, last_index + 1, NetLogEventType::SSL_SOCKET_BYTES_RECEIVED,
2337 NetLogEventPhase::NONE);
2338 }
2339 }
2340
2341 // Regression test for http://crbug.com/42538
TEST_F(SSLClientSocketTest,PrematureApplicationData)2342 TEST_F(SSLClientSocketTest, PrematureApplicationData) {
2343 ASSERT_TRUE(
2344 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2345
2346 static const unsigned char application_data[] = {
2347 0x17, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00, 0x46, 0x03, 0x01, 0x4b,
2348 0xc2, 0xf8, 0xb2, 0xc1, 0x56, 0x42, 0xb9, 0x57, 0x7f, 0xde, 0x87, 0x46,
2349 0xf7, 0xa3, 0x52, 0x42, 0x21, 0xf0, 0x13, 0x1c, 0x9c, 0x83, 0x88, 0xd6,
2350 0x93, 0x0c, 0xf6, 0x36, 0x30, 0x05, 0x7e, 0x20, 0xb5, 0xb5, 0x73, 0x36,
2351 0x53, 0x83, 0x0a, 0xfc, 0x17, 0x63, 0xbf, 0xa0, 0xe4, 0x42, 0x90, 0x0d,
2352 0x2f, 0x18, 0x6d, 0x20, 0xd8, 0x36, 0x3f, 0xfc, 0xe6, 0x01, 0xfa, 0x0f,
2353 0xa5, 0x75, 0x7f, 0x09, 0x00, 0x04, 0x00, 0x16, 0x03, 0x01, 0x11, 0x57,
2354 0x0b, 0x00, 0x11, 0x53, 0x00, 0x11, 0x50, 0x00, 0x06, 0x22, 0x30, 0x82,
2355 0x06, 0x1e, 0x30, 0x82, 0x05, 0x06, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
2356 0x0a};
2357
2358 // All reads and writes complete synchronously (async=false).
2359 MockRead data_reads[] = {
2360 MockRead(SYNCHRONOUS, reinterpret_cast<const char*>(application_data),
2361 std::size(application_data)),
2362 MockRead(SYNCHRONOUS, OK),
2363 };
2364
2365 StaticSocketDataProvider data(data_reads, base::span<MockWrite>());
2366
2367 TestCompletionCallback callback;
2368 std::unique_ptr<StreamSocket> transport(
2369 std::make_unique<MockTCPClientSocket>(addr(), nullptr, &data));
2370 int rv = callback.GetResult(transport->Connect(callback.callback()));
2371 EXPECT_THAT(rv, IsOk());
2372
2373 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2374 std::move(transport), host_port_pair(), SSLConfig()));
2375
2376 rv = callback.GetResult(sock->Connect(callback.callback()));
2377 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
2378 }
2379
TEST_F(SSLClientSocketTest,CipherSuiteDisables)2380 TEST_F(SSLClientSocketTest, CipherSuiteDisables) {
2381 SSLServerConfig server_config;
2382 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
2383 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
2384 ASSERT_TRUE(
2385 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2386
2387 SSLContextConfig ssl_context_config;
2388 ssl_context_config.disabled_cipher_suites.push_back(kModernTLS12Cipher);
2389 ssl_config_service_->UpdateSSLConfigAndNotify(ssl_context_config);
2390
2391 int rv;
2392 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2393 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
2394 }
2395
2396 // Test that TLS versions prior to TLS 1.2 cannot be configured in
2397 // SSLClientSocket.
TEST_F(SSLClientSocketTest,LegacyTLSVersions)2398 TEST_F(SSLClientSocketTest, LegacyTLSVersions) {
2399 // Start a server, just so the underlying socket can connect somewhere, but it
2400 // will fail before talking to the server, so it is fine that the server does
2401 // not speak these versions.
2402 ASSERT_TRUE(
2403 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2404
2405 // Although we don't have `SSL_PROTOCOL_VERSION_*` constants for SSL 3.0
2406 // through TLS 1.1, these values are just passed through to the BoringSSL API,
2407 // which means the underlying protocol version numbers can be used here.
2408 //
2409 // TODO(https://crbug.com/1416295): Ideally SSLConfig would just take an enum,
2410 // at which point this test can be removed.
2411 for (uint16_t version : {SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION}) {
2412 SCOPED_TRACE(version);
2413
2414 SSLConfig config;
2415 config.version_min_override = version;
2416 int rv;
2417 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2418 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
2419
2420 config.version_min_override = absl::nullopt;
2421 config.version_max_override = version;
2422 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2423 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
2424 }
2425 }
2426
2427 // When creating an SSLClientSocket, it is allowed to pass in a
2428 // ClientSocketHandle that is not obtained from a client socket pool.
2429 // Here we verify that such a simple ClientSocketHandle, not associated with any
2430 // client socket pool, can be destroyed safely.
TEST_F(SSLClientSocketTest,ClientSocketHandleNotFromPool)2431 TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
2432 ASSERT_TRUE(
2433 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2434
2435 TestCompletionCallback callback;
2436 auto transport = std::make_unique<TCPClientSocket>(addr(), nullptr, nullptr,
2437 nullptr, NetLogSource());
2438 int rv = callback.GetResult(transport->Connect(callback.callback()));
2439 EXPECT_THAT(rv, IsOk());
2440
2441 std::unique_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket(
2442 context_.get(), std::move(transport), host_port_pair(), SSLConfig()));
2443
2444 EXPECT_FALSE(sock->IsConnected());
2445 rv = callback.GetResult(sock->Connect(callback.callback()));
2446 EXPECT_THAT(rv, IsOk());
2447 }
2448
2449 // Verifies that SSLClientSocket::ExportKeyingMaterial return a success
2450 // code and different keying label results in different keying material.
TEST_P(SSLClientSocketVersionTest,ExportKeyingMaterial)2451 TEST_P(SSLClientSocketVersionTest, ExportKeyingMaterial) {
2452 ASSERT_TRUE(
2453 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2454
2455 int rv;
2456 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2457 EXPECT_THAT(rv, IsOk());
2458 EXPECT_TRUE(sock_->IsConnected());
2459
2460 const int kKeyingMaterialSize = 32;
2461 const char kKeyingLabel1[] = "client-socket-test-1";
2462 const char kKeyingContext1[] = "";
2463 unsigned char client_out1[kKeyingMaterialSize];
2464 memset(client_out1, 0, sizeof(client_out1));
2465 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, false, kKeyingContext1,
2466 client_out1, sizeof(client_out1));
2467 EXPECT_EQ(rv, OK);
2468
2469 const char kKeyingLabel2[] = "client-socket-test-2";
2470 unsigned char client_out2[kKeyingMaterialSize];
2471 memset(client_out2, 0, sizeof(client_out2));
2472 rv = sock_->ExportKeyingMaterial(kKeyingLabel2, false, kKeyingContext1,
2473 client_out2, sizeof(client_out2));
2474 EXPECT_EQ(rv, OK);
2475 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2476
2477 const char kKeyingContext2[] = "context";
2478 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, true, kKeyingContext2,
2479 client_out2, sizeof(client_out2));
2480 EXPECT_EQ(rv, OK);
2481 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2482
2483 // Prior to TLS 1.3, using an empty context should give different key material
2484 // from not using a context at all. In TLS 1.3, the distinction is deprecated
2485 // and they are the same.
2486 memset(client_out2, 0, sizeof(client_out2));
2487 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, true, kKeyingContext1,
2488 client_out2, sizeof(client_out2));
2489 EXPECT_EQ(rv, OK);
2490 if (version() >= SSL_PROTOCOL_VERSION_TLS1_3) {
2491 EXPECT_EQ(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2492 } else {
2493 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2494 }
2495 }
2496
TEST(SSLClientSocket,SerializeNextProtos)2497 TEST(SSLClientSocket, SerializeNextProtos) {
2498 NextProtoVector next_protos;
2499 next_protos.push_back(kProtoHTTP11);
2500 next_protos.push_back(kProtoHTTP2);
2501 static std::vector<uint8_t> serialized =
2502 SSLClientSocket::SerializeNextProtos(next_protos);
2503 ASSERT_EQ(12u, serialized.size());
2504 EXPECT_EQ(8, serialized[0]); // length("http/1.1")
2505 EXPECT_EQ('h', serialized[1]);
2506 EXPECT_EQ('t', serialized[2]);
2507 EXPECT_EQ('t', serialized[3]);
2508 EXPECT_EQ('p', serialized[4]);
2509 EXPECT_EQ('/', serialized[5]);
2510 EXPECT_EQ('1', serialized[6]);
2511 EXPECT_EQ('.', serialized[7]);
2512 EXPECT_EQ('1', serialized[8]);
2513 EXPECT_EQ(2, serialized[9]); // length("h2")
2514 EXPECT_EQ('h', serialized[10]);
2515 EXPECT_EQ('2', serialized[11]);
2516 }
2517
2518 // Test that the server certificates are properly retrieved from the underlying
2519 // SSL stack.
TEST_P(SSLClientSocketVersionTest,VerifyServerChainProperlyOrdered)2520 TEST_P(SSLClientSocketVersionTest, VerifyServerChainProperlyOrdered) {
2521 // The connection does not have to be successful.
2522 cert_verifier_->set_default_result(ERR_CERT_INVALID);
2523
2524 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2525 // This makes the server present redundant-server-chain.pem, which contains
2526 // intermediate certificates.
2527 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2528 GetServerConfig()));
2529
2530 int rv;
2531 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2532 EXPECT_THAT(rv, IsError(ERR_CERT_INVALID));
2533 EXPECT_FALSE(sock_->IsConnected());
2534
2535 // When given option CERT_CHAIN_WRONG_ROOT, EmbeddedTestServer will present
2536 // certs from redundant-server-chain.pem.
2537 CertificateList server_certs =
2538 CreateCertificateListFromFile(GetTestCertsDirectory(),
2539 "redundant-server-chain.pem",
2540 X509Certificate::FORMAT_AUTO);
2541
2542 // Get the server certificate as received client side.
2543 SSLInfo ssl_info;
2544 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2545 scoped_refptr<X509Certificate> server_certificate = ssl_info.unverified_cert;
2546
2547 // Get the intermediates as received client side.
2548 const auto& server_intermediates = server_certificate->intermediate_buffers();
2549
2550 // Check that the unverified server certificate chain is properly retrieved
2551 // from the underlying ssl stack.
2552 ASSERT_EQ(4U, server_certs.size());
2553
2554 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_certificate->cert_buffer(),
2555 server_certs[0]->cert_buffer()));
2556
2557 ASSERT_EQ(3U, server_intermediates.size());
2558
2559 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[0].get(),
2560 server_certs[1]->cert_buffer()));
2561 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[1].get(),
2562 server_certs[2]->cert_buffer()));
2563 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[2].get(),
2564 server_certs[3]->cert_buffer()));
2565
2566 sock_->Disconnect();
2567 EXPECT_FALSE(sock_->IsConnected());
2568 }
2569
2570 // This tests that SSLInfo contains a properly re-constructed certificate
2571 // chain. That, in turn, verifies that GetSSLInfo is giving us the chain as
2572 // verified, not the chain as served by the server. (They may be different.)
2573 //
2574 // CERT_CHAIN_WRONG_ROOT is redundant-server-chain.pem. It contains A
2575 // (end-entity) -> B -> C, and C is signed by D. redundant-validated-chain.pem
2576 // contains a chain of A -> B -> C2, where C2 is the same public key as C, but
2577 // a self-signed root. Such a situation can occur when a new root (C2) is
2578 // cross-certified by an old root (D) and has two different versions of its
2579 // floating around. Servers may supply C2 as an intermediate, but the
2580 // SSLClientSocket should return the chain that was verified, from
2581 // verify_result, instead.
TEST_P(SSLClientSocketVersionTest,VerifyReturnChainProperlyOrdered)2582 TEST_P(SSLClientSocketVersionTest, VerifyReturnChainProperlyOrdered) {
2583 // By default, cause the CertVerifier to treat all certificates as
2584 // expired.
2585 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2586
2587 CertificateList unverified_certs = CreateCertificateListFromFile(
2588 GetTestCertsDirectory(), "redundant-server-chain.pem",
2589 X509Certificate::FORMAT_AUTO);
2590 ASSERT_EQ(4u, unverified_certs.size());
2591
2592 // We will expect SSLInfo to ultimately contain this chain.
2593 CertificateList certs =
2594 CreateCertificateListFromFile(GetTestCertsDirectory(),
2595 "redundant-validated-chain.pem",
2596 X509Certificate::FORMAT_AUTO);
2597 ASSERT_EQ(3U, certs.size());
2598
2599 ASSERT_TRUE(certs[0]->EqualsExcludingChain(unverified_certs[0].get()));
2600
2601 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> temp_intermediates;
2602 temp_intermediates.push_back(bssl::UpRef(certs[1]->cert_buffer()));
2603 temp_intermediates.push_back(bssl::UpRef(certs[2]->cert_buffer()));
2604
2605 CertVerifyResult verify_result;
2606 verify_result.verified_cert = X509Certificate::CreateFromBuffer(
2607 bssl::UpRef(certs[0]->cert_buffer()), std::move(temp_intermediates));
2608 ASSERT_TRUE(verify_result.verified_cert);
2609
2610 // Add a rule that maps the server cert (A) to the chain of A->B->C2
2611 // rather than A->B->C.
2612 cert_verifier_->AddResultForCert(certs[0].get(), verify_result, OK);
2613
2614 // Load and install the root for the validated chain.
2615 scoped_refptr<X509Certificate> root_cert = ImportCertFromFile(
2616 GetTestCertsDirectory(), "redundant-validated-chain-root.pem");
2617 ASSERT_NE(static_cast<X509Certificate*>(nullptr), root_cert.get());
2618 ScopedTestRoot scoped_root(root_cert);
2619
2620 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2621 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2622 GetServerConfig()));
2623
2624 int rv;
2625 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2626 EXPECT_THAT(rv, IsOk());
2627 EXPECT_TRUE(sock_->IsConnected());
2628
2629 auto entries = log_observer_.GetEntries();
2630 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
2631
2632 SSLInfo ssl_info;
2633 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2634
2635 // Verify that SSLInfo contains the corrected re-constructed chain A -> B
2636 // -> C2.
2637 ASSERT_TRUE(ssl_info.cert);
2638 const auto& intermediates = ssl_info.cert->intermediate_buffers();
2639 ASSERT_EQ(2U, intermediates.size());
2640 EXPECT_TRUE(x509_util::CryptoBufferEqual(ssl_info.cert->cert_buffer(),
2641 certs[0]->cert_buffer()));
2642 EXPECT_TRUE(x509_util::CryptoBufferEqual(intermediates[0].get(),
2643 certs[1]->cert_buffer()));
2644 EXPECT_TRUE(x509_util::CryptoBufferEqual(intermediates[1].get(),
2645 certs[2]->cert_buffer()));
2646
2647 // Verify that SSLInfo also contains the chain as received from the server.
2648 ASSERT_TRUE(ssl_info.unverified_cert);
2649 const auto& served_intermediates =
2650 ssl_info.unverified_cert->intermediate_buffers();
2651 ASSERT_EQ(3U, served_intermediates.size());
2652 EXPECT_TRUE(x509_util::CryptoBufferEqual(ssl_info.cert->cert_buffer(),
2653 unverified_certs[0]->cert_buffer()));
2654 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[0].get(),
2655 unverified_certs[1]->cert_buffer()));
2656 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[1].get(),
2657 unverified_certs[2]->cert_buffer()));
2658 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[2].get(),
2659 unverified_certs[3]->cert_buffer()));
2660
2661 sock_->Disconnect();
2662 EXPECT_FALSE(sock_->IsConnected());
2663 }
2664
2665 // Client certificates are disabled on iOS.
2666 #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
2667 INSTANTIATE_TEST_SUITE_P(TLSVersion,
2668 SSLClientSocketCertRequestInfoTest,
2669 ValuesIn(GetTLSVersions()));
2670
TEST_P(SSLClientSocketCertRequestInfoTest,DontRequestClientCertsIfServerCertInvalid)2671 TEST_P(SSLClientSocketCertRequestInfoTest,
2672 DontRequestClientCertsIfServerCertInvalid) {
2673 SSLServerConfig config = GetServerConfig();
2674 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2675 ASSERT_TRUE(
2676 StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED, config));
2677
2678 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2679 int rv;
2680 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2681 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
2682 }
2683
TEST_P(SSLClientSocketCertRequestInfoTest,NoAuthorities)2684 TEST_P(SSLClientSocketCertRequestInfoTest, NoAuthorities) {
2685 SSLServerConfig config = GetServerConfig();
2686 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2687 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2688 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2689 ASSERT_TRUE(request_info.get());
2690 EXPECT_EQ(0u, request_info->cert_authorities.size());
2691 }
2692
TEST_P(SSLClientSocketCertRequestInfoTest,TwoAuthorities)2693 TEST_P(SSLClientSocketCertRequestInfoTest, TwoAuthorities) {
2694 const unsigned char kThawteDN[] = {
2695 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
2696 0x02, 0x5a, 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a,
2697 0x13, 0x1c, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e,
2698 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79,
2699 0x29, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
2700 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20,
2701 0x53, 0x47, 0x43, 0x20, 0x43, 0x41};
2702
2703 const unsigned char kDiginotarDN[] = {
2704 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
2705 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
2706 0x13, 0x09, 0x44, 0x69, 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x31,
2707 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x44, 0x69,
2708 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x20, 0x52, 0x6f, 0x6f, 0x74,
2709 0x20, 0x43, 0x41, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86, 0x48,
2710 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x11, 0x69, 0x6e, 0x66, 0x6f,
2711 0x40, 0x64, 0x69, 0x67, 0x69, 0x6e, 0x6f, 0x74, 0x61, 0x72, 0x2e, 0x6e,
2712 0x6c};
2713
2714 SSLServerConfig config = GetServerConfig();
2715 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2716 config.cert_authorities.emplace_back(std::begin(kThawteDN),
2717 std::end(kThawteDN));
2718 config.cert_authorities.emplace_back(std::begin(kDiginotarDN),
2719 std::end(kDiginotarDN));
2720 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2721 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2722 ASSERT_TRUE(request_info.get());
2723 EXPECT_EQ(config.cert_authorities, request_info->cert_authorities);
2724 }
2725
TEST_P(SSLClientSocketCertRequestInfoTest,CertKeyTypes)2726 TEST_P(SSLClientSocketCertRequestInfoTest, CertKeyTypes) {
2727 SSLServerConfig config = GetServerConfig();
2728 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2729 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2730 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2731 ASSERT_TRUE(request_info);
2732 // Look for some values we expect BoringSSL to always send.
2733 EXPECT_THAT(request_info->signature_algorithms,
2734 testing::Contains(SSL_SIGN_ECDSA_SECP256R1_SHA256));
2735 EXPECT_THAT(request_info->signature_algorithms,
2736 testing::Contains(SSL_SIGN_RSA_PSS_RSAE_SHA256));
2737 }
2738 #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
2739
2740 // Tests that the Certificate Transparency (RFC 6962) TLS extension is
2741 // supported.
TEST_P(SSLClientSocketVersionTest,ConnectSignedCertTimestampsTLSExtension)2742 TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsTLSExtension) {
2743 // Encoding of SCT List containing 'test'.
2744 base::StringPiece sct_ext("\x00\x06\x00\x04test", 8);
2745
2746 SSLServerConfig server_config = GetServerConfig();
2747 server_config.signed_cert_timestamp_list =
2748 std::vector<uint8_t>(sct_ext.begin(), sct_ext.end());
2749 ASSERT_TRUE(
2750 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2751
2752 auto ct_verifier = std::make_unique<MockCTVerifier>();
2753
2754 // Check that the SCT list is extracted from the TLS extension as expected,
2755 // while also simulating that it was an unparsable response.
2756 SignedCertificateTimestampAndStatusList sct_list;
2757 EXPECT_CALL(*ct_verifier, Verify(_, _, sct_ext, _, _))
2758 .WillOnce(testing::SetArgPointee<3>(sct_list));
2759
2760 auto cert_and_ct_verifier = std::make_unique<CertAndCTVerifier>(
2761 std::move(cert_verifier_), std::move(ct_verifier));
2762
2763 context_ = std::make_unique<SSLClientContext>(
2764 ssl_config_service_.get(), cert_and_ct_verifier.get(),
2765 transport_security_state_.get(), ct_policy_enforcer_.get(),
2766 ssl_client_session_cache_.get(), nullptr);
2767
2768 int rv;
2769 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2770 EXPECT_THAT(rv, IsOk());
2771
2772 EXPECT_TRUE(sock_->signed_cert_timestamps_received_);
2773
2774 sock_ = nullptr;
2775 context_ = nullptr;
2776 }
2777
2778 // Test that when a CT verifier and a CTPolicyEnforcer are defined, and
2779 // the EV certificate used conforms to the CT/EV policy, its EV status
2780 // is maintained.
TEST_P(SSLClientSocketVersionTest,EVCertStatusMaintainedForCompliantCert)2781 TEST_P(SSLClientSocketVersionTest, EVCertStatusMaintainedForCompliantCert) {
2782 ASSERT_TRUE(
2783 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2784
2785 SSLConfig ssl_config;
2786 AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config);
2787
2788 // Emulate compliance of the certificate to the policy.
2789 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _))
2790 .WillRepeatedly(
2791 Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
2792
2793 int rv;
2794 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2795 EXPECT_THAT(rv, IsOk());
2796
2797 SSLInfo result;
2798 ASSERT_TRUE(sock_->GetSSLInfo(&result));
2799
2800 EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV);
2801 }
2802
2803 // Tests that OCSP stapling is requested, as per Certificate Transparency (RFC
2804 // 6962).
TEST_P(SSLClientSocketVersionTest,ConnectSignedCertTimestampsEnablesOCSP)2805 TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsEnablesOCSP) {
2806 // The test server currently only knows how to generate OCSP responses
2807 // for a freshly minted certificate.
2808 EmbeddedTestServer::ServerCertificateConfig cert_config;
2809 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
2810 {{bssl::OCSPRevocationStatus::GOOD,
2811 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
2812
2813 ASSERT_TRUE(StartEmbeddedTestServer(cert_config, GetServerConfig()));
2814
2815 SSLConfig ssl_config;
2816
2817 int rv;
2818 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2819 EXPECT_THAT(rv, IsOk());
2820
2821 EXPECT_TRUE(sock_->stapled_ocsp_response_received_);
2822 }
2823
2824 // Tests that IsConnectedAndIdle and WasEverUsed behave as expected.
TEST_P(SSLClientSocketVersionTest,ReuseStates)2825 TEST_P(SSLClientSocketVersionTest, ReuseStates) {
2826 ASSERT_TRUE(
2827 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2828
2829 int rv;
2830 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2831
2832 // The socket was just connected. It should be idle because it is speaking
2833 // HTTP. Although the transport has been used for the handshake, WasEverUsed()
2834 // returns false.
2835 EXPECT_TRUE(sock_->IsConnected());
2836 EXPECT_TRUE(sock_->IsConnectedAndIdle());
2837 EXPECT_FALSE(sock_->WasEverUsed());
2838
2839 const char kRequestText[] = "GET / HTTP/1.0\r\n\r\n";
2840 const size_t kRequestLen = std::size(kRequestText) - 1;
2841 auto request_buffer = base::MakeRefCounted<IOBufferWithSize>(kRequestLen);
2842 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2843
2844 TestCompletionCallback callback;
2845 rv = callback.GetResult(sock_->Write(request_buffer.get(), kRequestLen,
2846 callback.callback(),
2847 TRAFFIC_ANNOTATION_FOR_TESTS));
2848 EXPECT_EQ(static_cast<int>(kRequestLen), rv);
2849
2850 // The socket has now been used.
2851 EXPECT_TRUE(sock_->WasEverUsed());
2852
2853 // TODO(davidben): Read one byte to ensure the test server has responded and
2854 // then assert IsConnectedAndIdle is false. This currently doesn't work
2855 // because SSLClientSocketImpl doesn't check the implementation's internal
2856 // buffer. Call SSL_pending.
2857 }
2858
2859 // Tests that |is_fatal_cert_error| does not get set for a certificate error,
2860 // on a non-HSTS host.
TEST_P(SSLClientSocketVersionTest,IsFatalErrorNotSetOnNonFatalError)2861 TEST_P(SSLClientSocketVersionTest, IsFatalErrorNotSetOnNonFatalError) {
2862 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2863 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2864 GetServerConfig()));
2865 int rv;
2866 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2867 SSLInfo ssl_info;
2868 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2869 EXPECT_FALSE(ssl_info.is_fatal_cert_error);
2870 }
2871
2872 // Tests that |is_fatal_cert_error| gets set for a certificate error on an
2873 // HSTS host.
TEST_P(SSLClientSocketVersionTest,IsFatalErrorSetOnFatalError)2874 TEST_P(SSLClientSocketVersionTest, IsFatalErrorSetOnFatalError) {
2875 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2876 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2877 GetServerConfig()));
2878 int rv;
2879 const base::Time expiry = base::Time::Now() + base::Seconds(1000);
2880 transport_security_state_->AddHSTS(host_port_pair().host(), expiry, true);
2881 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2882 SSLInfo ssl_info;
2883 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2884 EXPECT_TRUE(ssl_info.is_fatal_cert_error);
2885 }
2886
2887 // Tests that IsConnectedAndIdle treats a socket as idle even if a Write hasn't
2888 // been flushed completely out of SSLClientSocket's internal buffers. This is a
2889 // regression test for https://crbug.com/466147.
TEST_P(SSLClientSocketVersionTest,ReusableAfterWrite)2890 TEST_P(SSLClientSocketVersionTest, ReusableAfterWrite) {
2891 ASSERT_TRUE(
2892 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2893
2894 TestCompletionCallback callback;
2895 auto real_transport = std::make_unique<TCPClientSocket>(
2896 addr(), nullptr, nullptr, nullptr, NetLogSource());
2897 auto transport =
2898 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
2899 FakeBlockingStreamSocket* raw_transport = transport.get();
2900 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2901 IsOk());
2902
2903 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2904 std::move(transport), host_port_pair(), SSLConfig()));
2905 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2906
2907 // Block any application data from reaching the network.
2908 raw_transport->BlockWrite();
2909
2910 // Write a partial HTTP request.
2911 const char kRequestText[] = "GET / HTTP/1.0";
2912 const size_t kRequestLen = std::size(kRequestText) - 1;
2913 auto request_buffer = base::MakeRefCounted<IOBufferWithSize>(kRequestLen);
2914 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2915
2916 // Although transport writes are blocked, SSLClientSocketImpl completes the
2917 // outer Write operation.
2918 EXPECT_EQ(static_cast<int>(kRequestLen),
2919 callback.GetResult(sock->Write(request_buffer.get(), kRequestLen,
2920 callback.callback(),
2921 TRAFFIC_ANNOTATION_FOR_TESTS)));
2922
2923 // The Write operation is complete, so the socket should be treated as
2924 // reusable, in case the server returns an HTTP response before completely
2925 // consuming the request body. In this case, we assume the server will
2926 // properly drain the request body before trying to read the next request.
2927 EXPECT_TRUE(sock->IsConnectedAndIdle());
2928 }
2929
2930 // Tests that basic session resumption works.
TEST_P(SSLClientSocketVersionTest,SessionResumption)2931 TEST_P(SSLClientSocketVersionTest, SessionResumption) {
2932 ASSERT_TRUE(
2933 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2934
2935 // First, perform a full handshake.
2936 SSLConfig ssl_config;
2937 int rv;
2938 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2939 ASSERT_THAT(rv, IsOk());
2940 SSLInfo ssl_info;
2941 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2942 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2943
2944 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
2945 // use the socket to ensure the session ticket has been picked up.
2946 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
2947
2948 // The next connection should resume.
2949 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2950 ASSERT_THAT(rv, IsOk());
2951 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2952 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2953 sock_.reset();
2954
2955 // Using a different HostPortPair uses a different session cache key.
2956 auto transport = std::make_unique<TCPClientSocket>(
2957 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2958 TestCompletionCallback callback;
2959 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2960 IsOk());
2961 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
2962 std::move(transport), HostPortPair("example.com", 443), ssl_config);
2963 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2964 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
2965 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2966 sock.reset();
2967
2968 ssl_client_session_cache_->Flush();
2969
2970 // After clearing the session cache, the next handshake doesn't resume.
2971 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2972 ASSERT_THAT(rv, IsOk());
2973 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2974 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2975
2976 // Pick up the ticket again and confirm resumption works.
2977 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
2978 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2979 ASSERT_THAT(rv, IsOk());
2980 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2981 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2982 sock_.reset();
2983
2984 // Updating the context-wide configuration should flush the session cache.
2985 SSLContextConfig config;
2986 config.disabled_cipher_suites = {1234};
2987 ssl_config_service_->UpdateSSLConfigAndNotify(config);
2988 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2989 ASSERT_THAT(rv, IsOk());
2990 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2991 }
2992
2993 namespace {
2994
2995 // FakePeerAddressSocket wraps a |StreamSocket|, forwarding all calls except
2996 // that it provides a given answer for |GetPeerAddress|.
2997 class FakePeerAddressSocket : public WrappedStreamSocket {
2998 public:
FakePeerAddressSocket(std::unique_ptr<StreamSocket> socket,const IPEndPoint & address)2999 FakePeerAddressSocket(std::unique_ptr<StreamSocket> socket,
3000 const IPEndPoint& address)
3001 : WrappedStreamSocket(std::move(socket)), address_(address) {}
3002 ~FakePeerAddressSocket() override = default;
3003
GetPeerAddress(IPEndPoint * address) const3004 int GetPeerAddress(IPEndPoint* address) const override {
3005 *address = address_;
3006 return OK;
3007 }
3008
3009 private:
3010 const IPEndPoint address_;
3011 };
3012
3013 } // namespace
3014
TEST_F(SSLClientSocketTest,SessionResumption_RSA)3015 TEST_F(SSLClientSocketTest, SessionResumption_RSA) {
3016 for (bool use_rsa : {false, true}) {
3017 SCOPED_TRACE(use_rsa);
3018
3019 SSLServerConfig server_config;
3020 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3021 server_config.cipher_suite_for_testing =
3022 use_rsa ? kRSACipher : kModernTLS12Cipher;
3023 ASSERT_TRUE(
3024 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3025 SSLConfig ssl_config;
3026 ssl_client_session_cache_->Flush();
3027
3028 for (int i = 0; i < 3; i++) {
3029 SCOPED_TRACE(i);
3030
3031 auto transport = std::make_unique<TCPClientSocket>(
3032 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
3033 TestCompletionCallback callback;
3034 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
3035 IsOk());
3036 // The third handshake sees a different destination IP address.
3037 IPEndPoint fake_peer_address(IPAddress(1, 1, 1, i == 2 ? 2 : 1), 443);
3038 auto socket = std::make_unique<FakePeerAddressSocket>(
3039 std::move(transport), fake_peer_address);
3040 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
3041 std::move(socket), HostPortPair("example.com", 443), ssl_config);
3042 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())),
3043 IsOk());
3044 SSLInfo ssl_info;
3045 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
3046 sock.reset();
3047
3048 switch (i) {
3049 case 0:
3050 // Initial handshake should be a full handshake.
3051 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3052 break;
3053 case 1:
3054 // Second handshake should resume.
3055 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3056 break;
3057 case 2:
3058 // Third handshake gets a different IP address and, if the
3059 // session used RSA key exchange, it should not resume.
3060 EXPECT_EQ(
3061 use_rsa ? SSLInfo::HANDSHAKE_FULL : SSLInfo::HANDSHAKE_RESUME,
3062 ssl_info.handshake_type);
3063 break;
3064 default:
3065 NOTREACHED();
3066 }
3067 }
3068 }
3069 }
3070
3071 // Tests that ALPN works with session resumption.
TEST_F(SSLClientSocketTest,SessionResumptionAlpn)3072 TEST_F(SSLClientSocketTest, SessionResumptionAlpn) {
3073 SSLServerConfig server_config;
3074 server_config.alpn_protos = {NextProto::kProtoHTTP2, NextProto::kProtoHTTP11};
3075 ASSERT_TRUE(
3076 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3077
3078 // First, perform a full handshake.
3079 SSLConfig ssl_config;
3080 ssl_config.alpn_protos.push_back(kProtoHTTP2);
3081 int rv;
3082 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3083 ASSERT_THAT(rv, IsOk());
3084 SSLInfo ssl_info;
3085 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3086 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3087 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
3088
3089 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3090 // use the socket to ensure the session ticket has been picked up.
3091 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3092
3093 // The next connection should resume; ALPN should be renegotiated.
3094 ssl_config.alpn_protos.clear();
3095 ssl_config.alpn_protos.push_back(kProtoHTTP11);
3096 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3097 ASSERT_THAT(rv, IsOk());
3098 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3099 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3100 EXPECT_EQ(kProtoHTTP11, sock_->GetNegotiatedProtocol());
3101 }
3102
3103 // Tests that the session cache is not sharded by NetworkAnonymizationKey if the
3104 // feature is disabled.
TEST_P(SSLClientSocketVersionTest,SessionResumptionNetworkIsolationKeyDisabled)3105 TEST_P(SSLClientSocketVersionTest,
3106 SessionResumptionNetworkIsolationKeyDisabled) {
3107 base::test::ScopedFeatureList feature_list;
3108 feature_list.InitAndDisableFeature(
3109 features::kPartitionSSLSessionsByNetworkIsolationKey);
3110
3111 ASSERT_TRUE(
3112 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3113
3114 // First, perform a full handshake.
3115 SSLConfig ssl_config;
3116 int rv;
3117 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3118 ASSERT_THAT(rv, IsOk());
3119 SSLInfo ssl_info;
3120 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3121 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3122
3123 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3124 // use the socket to ensure the session ticket has been picked up. Do this for
3125 // every connection to avoid problems with TLS 1.3 single-use tickets.
3126 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3127
3128 // The next connection should resume.
3129 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3130 ASSERT_THAT(rv, IsOk());
3131 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3132 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3133 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3134 sock_.reset();
3135
3136 // Using a different NetworkAnonymizationKey shares session cache key because
3137 // sharding is disabled.
3138 const SchemefulSite kSiteA(GURL("https://a.test"));
3139 ssl_config.network_anonymization_key =
3140 NetworkAnonymizationKey::CreateSameSite(kSiteA);
3141 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3142 ASSERT_THAT(rv, IsOk());
3143 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3144 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3145 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3146 sock_.reset();
3147
3148 const SchemefulSite kSiteB(GURL("https://a.test"));
3149 ssl_config.network_anonymization_key =
3150 NetworkAnonymizationKey::CreateSameSite(kSiteB);
3151 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3152 ASSERT_THAT(rv, IsOk());
3153 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3154 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3155 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3156 sock_.reset();
3157 }
3158
3159 // Tests that the session cache is sharded by NetworkAnonymizationKey if the
3160 // feature is enabled.
TEST_P(SSLClientSocketVersionTest,SessionResumptionNetworkIsolationKeyEnabled)3161 TEST_P(SSLClientSocketVersionTest,
3162 SessionResumptionNetworkIsolationKeyEnabled) {
3163 base::test::ScopedFeatureList feature_list;
3164 feature_list.InitAndEnableFeature(
3165 features::kPartitionSSLSessionsByNetworkIsolationKey);
3166
3167 const SchemefulSite kSiteA(GURL("https://a.test"));
3168 const SchemefulSite kSiteB(GURL("https://b.test"));
3169 const auto kNetworkAnonymizationKeyA =
3170 NetworkAnonymizationKey::CreateSameSite(kSiteA);
3171 const auto kNetworkAnonymizationKeyB =
3172 NetworkAnonymizationKey::CreateSameSite(kSiteB);
3173
3174 ASSERT_TRUE(
3175 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3176
3177 // First, perform a full handshake.
3178 SSLConfig ssl_config;
3179 int rv;
3180 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3181 ASSERT_THAT(rv, IsOk());
3182 SSLInfo ssl_info;
3183 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3184 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3185
3186 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3187 // use the socket to ensure the session ticket has been picked up. Do this for
3188 // every connection to avoid problems with TLS 1.3 single-use tickets.
3189 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3190
3191 // The next connection should resume.
3192 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3193 ASSERT_THAT(rv, IsOk());
3194 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3195 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3196 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3197 sock_.reset();
3198
3199 // Using a different NetworkAnonymizationKey uses a different session cache
3200 // key.
3201 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyA;
3202 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3203 ASSERT_THAT(rv, IsOk());
3204 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3205 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3206 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3207 sock_.reset();
3208
3209 // We, however, can resume under that newly-established session.
3210 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3211 ASSERT_THAT(rv, IsOk());
3212 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3213 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3214 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3215 sock_.reset();
3216
3217 // Repeat with another non-null key.
3218 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyB;
3219 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3220 ASSERT_THAT(rv, IsOk());
3221 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3222 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3223 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3224 sock_.reset();
3225
3226 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3227 ASSERT_THAT(rv, IsOk());
3228 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3229 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3230 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3231 sock_.reset();
3232
3233 // b.test does not evict a.test's session.
3234 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyA;
3235 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3236 ASSERT_THAT(rv, IsOk());
3237 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3238 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3239 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3240 sock_.reset();
3241 }
3242
3243 // Tests that connections with certificate errors do not add entries to the
3244 // session cache.
TEST_P(SSLClientSocketVersionTest,CertificateErrorNoResume)3245 TEST_P(SSLClientSocketVersionTest, CertificateErrorNoResume) {
3246 ASSERT_TRUE(
3247 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3248
3249 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
3250
3251 SSLConfig ssl_config;
3252 int rv;
3253 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3254 ASSERT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
3255
3256 cert_verifier_->set_default_result(OK);
3257
3258 // The next connection should perform a full handshake.
3259 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3260 ASSERT_THAT(rv, IsOk());
3261 SSLInfo ssl_info;
3262 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3263 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3264 }
3265
TEST_F(SSLClientSocketTest,RequireECDHE)3266 TEST_F(SSLClientSocketTest, RequireECDHE) {
3267 // Run test server without ECDHE.
3268 SSLServerConfig server_config;
3269 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3270 server_config.cipher_suite_for_testing = kRSACipher;
3271 ASSERT_TRUE(
3272 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3273
3274 SSLConfig config;
3275 config.require_ecdhe = true;
3276 int rv;
3277 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
3278 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3279 }
3280
3281 TEST_F(SSLClientSocketTest, 3DES) {
3282 SSLServerConfig server_config;
3283 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3284 server_config.cipher_suite_for_testing = k3DESCipher;
3285 ASSERT_TRUE(
3286 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3287
3288 // 3DES is always disabled.
3289 int rv;
3290 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3291 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3292 }
3293
TEST_F(SSLClientSocketTest,SHA1)3294 TEST_F(SSLClientSocketTest, SHA1) {
3295 SSLServerConfig server_config;
3296 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3297 // Disable RSA key exchange, to ensure the server does not pick a non-signing
3298 // cipher.
3299 server_config.require_ecdhe = true;
3300 server_config.signature_algorithm_for_testing = SSL_SIGN_RSA_PKCS1_SHA1;
3301 ASSERT_TRUE(
3302 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3303
3304 int rv;
3305 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3306 EXPECT_THAT(rv, IsOk());
3307
3308 SSLConfig config;
3309 config.disable_sha1_server_signatures = true;
3310 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
3311 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
3312 }
3313
TEST_F(SSLClientSocketFalseStartTest,FalseStartEnabled)3314 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
3315 // False Start requires ALPN, ECDHE, and an AEAD.
3316 SSLServerConfig server_config;
3317 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3318 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3319 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3320 SSLConfig client_config;
3321 client_config.alpn_protos.push_back(kProtoHTTP11);
3322 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, true));
3323 }
3324
3325 // Test that False Start is disabled without ALPN.
TEST_F(SSLClientSocketFalseStartTest,NoAlpn)3326 TEST_F(SSLClientSocketFalseStartTest, NoAlpn) {
3327 SSLServerConfig server_config;
3328 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3329 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3330 SSLConfig client_config;
3331 client_config.alpn_protos.clear();
3332 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3333 }
3334
3335 // Test that False Start is disabled with plain RSA ciphers.
TEST_F(SSLClientSocketFalseStartTest,RSA)3336 TEST_F(SSLClientSocketFalseStartTest, RSA) {
3337 SSLServerConfig server_config;
3338 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3339 server_config.cipher_suite_for_testing = kRSACipher;
3340 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3341 SSLConfig client_config;
3342 client_config.alpn_protos.push_back(kProtoHTTP11);
3343 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3344 }
3345
3346 // Test that False Start is disabled without an AEAD.
TEST_F(SSLClientSocketFalseStartTest,NoAEAD)3347 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
3348 SSLServerConfig server_config;
3349 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3350 server_config.cipher_suite_for_testing = kCBCCipher;
3351 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3352 SSLConfig client_config;
3353 client_config.alpn_protos.push_back(kProtoHTTP11);
3354 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3355 }
3356
3357 // Test that sessions are resumable after receiving the server Finished message.
TEST_F(SSLClientSocketFalseStartTest,SessionResumption)3358 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
3359 // Start a server.
3360 SSLServerConfig server_config;
3361 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3362 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3363 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3364 SSLConfig client_config;
3365 client_config.alpn_protos.push_back(kProtoHTTP11);
3366
3367 // Let a full handshake complete with False Start.
3368 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, true));
3369
3370 // Make a second connection.
3371 int rv;
3372 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3373 EXPECT_THAT(rv, IsOk());
3374
3375 // It should resume the session.
3376 SSLInfo ssl_info;
3377 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3378 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3379 }
3380
3381 // Test that the client completes the handshake in the background and installs
3382 // new sessions, even if the socket isn't used. This also avoids a theoretical
3383 // deadlock if NewSessionTicket is sufficiently large that neither it nor the
3384 // client's HTTP/1.1 POST fit in transport windows.
TEST_F(SSLClientSocketFalseStartTest,CompleteHandshakeWithoutRequest)3385 TEST_F(SSLClientSocketFalseStartTest, CompleteHandshakeWithoutRequest) {
3386 // Start a server.
3387 SSLServerConfig server_config;
3388 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3389 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3390 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3391 ASSERT_TRUE(
3392 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3393
3394 SSLConfig client_config;
3395 client_config.alpn_protos.push_back(kProtoHTTP11);
3396
3397 // Start a handshake up to the server Finished message.
3398 TestCompletionCallback callback;
3399 FakeBlockingStreamSocket* raw_transport = nullptr;
3400 std::unique_ptr<SSLClientSocket> sock;
3401 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3402 client_config, &callback, &raw_transport, &sock));
3403
3404 // Wait for the server Finished to arrive, release it, and allow
3405 // SSLClientSocket to process it. This should install a session. It make take
3406 // a few iterations to complete if the server writes in small chunks
3407 while (ssl_client_session_cache_->size() == 0) {
3408 raw_transport->WaitForReadResult();
3409 raw_transport->UnblockReadResult();
3410 base::RunLoop().RunUntilIdle();
3411 raw_transport->BlockReadResult();
3412 }
3413
3414 // Drop the old socket. This is needed because the Python test server can't
3415 // service two sockets in parallel.
3416 sock.reset();
3417
3418 // Make a second connection.
3419 int rv;
3420 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3421 EXPECT_THAT(rv, IsOk());
3422
3423 // It should resume the session.
3424 SSLInfo ssl_info;
3425 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3426 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3427 }
3428
3429 // Test that False Started sessions are not resumable before receiving the
3430 // server Finished message.
TEST_F(SSLClientSocketFalseStartTest,NoSessionResumptionBeforeFinished)3431 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) {
3432 // Start a server.
3433 SSLServerConfig server_config;
3434 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3435 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3436 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3437 ASSERT_TRUE(
3438 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3439
3440 SSLConfig client_config;
3441 client_config.alpn_protos.push_back(kProtoHTTP11);
3442
3443 // Start a handshake up to the server Finished message.
3444 TestCompletionCallback callback;
3445 FakeBlockingStreamSocket* raw_transport1 = nullptr;
3446 std::unique_ptr<SSLClientSocket> sock1;
3447 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3448 client_config, &callback, &raw_transport1, &sock1));
3449 // Although raw_transport1 has the server Finished blocked, the handshake
3450 // still completes.
3451 EXPECT_THAT(callback.WaitForResult(), IsOk());
3452
3453 // Continue to block the client (|sock1|) from processing the Finished
3454 // message, but allow it to arrive on the socket. This ensures that, from the
3455 // server's point of view, it has completed the handshake and added the
3456 // session to its session cache.
3457 //
3458 // The actual read on |sock1| will not complete until the Finished message is
3459 // processed; however, pump the underlying transport so that it is read from
3460 // the socket. NOTE: This may flakily pass if the server's final flight
3461 // doesn't come in one Read.
3462 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
3463 int rv = sock1->Read(buf.get(), 4096, callback.callback());
3464 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
3465 raw_transport1->WaitForReadResult();
3466
3467 // Drop the old socket. This is needed because the Python test server can't
3468 // service two sockets in parallel.
3469 sock1.reset();
3470
3471 // Start a second connection.
3472 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3473 EXPECT_THAT(rv, IsOk());
3474
3475 // No session resumption because the first connection never received a server
3476 // Finished message.
3477 SSLInfo ssl_info;
3478 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3479 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3480 }
3481
3482 // Test that False Started sessions are not resumable if the server Finished
3483 // message was bad.
TEST_F(SSLClientSocketFalseStartTest,NoSessionResumptionBadFinished)3484 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) {
3485 // Start a server.
3486 SSLServerConfig server_config;
3487 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3488 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3489 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3490 ASSERT_TRUE(
3491 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3492
3493 SSLConfig client_config;
3494 client_config.alpn_protos.push_back(kProtoHTTP11);
3495
3496 // Start a handshake up to the server Finished message.
3497 TestCompletionCallback callback;
3498 FakeBlockingStreamSocket* raw_transport1 = nullptr;
3499 std::unique_ptr<SSLClientSocket> sock1;
3500 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3501 client_config, &callback, &raw_transport1, &sock1));
3502 // Although raw_transport1 has the server Finished blocked, the handshake
3503 // still completes.
3504 EXPECT_THAT(callback.WaitForResult(), IsOk());
3505
3506 // Continue to block the client (|sock1|) from processing the Finished
3507 // message, but allow it to arrive on the socket. This ensures that, from the
3508 // server's point of view, it has completed the handshake and added the
3509 // session to its session cache.
3510 //
3511 // The actual read on |sock1| will not complete until the Finished message is
3512 // processed; however, pump the underlying transport so that it is read from
3513 // the socket.
3514 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
3515 int rv = sock1->Read(buf.get(), 4096, callback.callback());
3516 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
3517 raw_transport1->WaitForReadResult();
3518
3519 // The server's second leg, or part of it, is now received but not yet sent to
3520 // |sock1|. Before doing so, break the server's second leg.
3521 int bytes_read = raw_transport1->pending_read_result();
3522 ASSERT_LT(0, bytes_read);
3523 raw_transport1->pending_read_buf()->data()[bytes_read - 1]++;
3524
3525 // Unblock the Finished message. |sock1->Read| should now fail.
3526 raw_transport1->UnblockReadResult();
3527 EXPECT_THAT(callback.GetResult(rv), IsError(ERR_SSL_PROTOCOL_ERROR));
3528
3529 // Drop the old socket. This is needed because the Python test server can't
3530 // service two sockets in parallel.
3531 sock1.reset();
3532
3533 // Start a second connection.
3534 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3535 EXPECT_THAT(rv, IsOk());
3536
3537 // No session resumption because the first connection never received a server
3538 // Finished message.
3539 SSLInfo ssl_info;
3540 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3541 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3542 }
3543
3544 // Server preference should win in ALPN.
TEST_F(SSLClientSocketTest,Alpn)3545 TEST_F(SSLClientSocketTest, Alpn) {
3546 SSLServerConfig server_config;
3547 server_config.alpn_protos = {NextProto::kProtoHTTP2, NextProto::kProtoHTTP11};
3548 ASSERT_TRUE(
3549 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3550
3551 SSLConfig client_config;
3552 client_config.alpn_protos.push_back(kProtoHTTP11);
3553 client_config.alpn_protos.push_back(kProtoHTTP2);
3554
3555 int rv;
3556 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3557 EXPECT_THAT(rv, IsOk());
3558
3559 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
3560 }
3561
3562 // If the server supports ALPN but the client does not, then ALPN is not used.
TEST_F(SSLClientSocketTest,AlpnClientDisabled)3563 TEST_F(SSLClientSocketTest, AlpnClientDisabled) {
3564 SSLServerConfig server_config;
3565 server_config.alpn_protos = {NextProto::kProtoHTTP2};
3566 ASSERT_TRUE(
3567 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3568
3569 SSLConfig client_config;
3570
3571 int rv;
3572 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3573 EXPECT_THAT(rv, IsOk());
3574
3575 EXPECT_EQ(kProtoUnknown, sock_->GetNegotiatedProtocol());
3576 }
3577
3578 // Client certificates are disabled on iOS.
3579 #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
3580 // Connect to a server requesting client authentication, do not send
3581 // any client certificates. It should refuse the connection.
TEST_P(SSLClientSocketVersionTest,NoCert)3582 TEST_P(SSLClientSocketVersionTest, NoCert) {
3583 SSLServerConfig server_config = GetServerConfig();
3584 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3585 ASSERT_TRUE(
3586 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3587
3588 int rv;
3589 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3590
3591 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3592 EXPECT_FALSE(sock_->IsConnected());
3593 }
3594
3595 // Connect to a server requesting client authentication, and send it
3596 // an empty certificate.
TEST_P(SSLClientSocketVersionTest,SendEmptyCert)3597 TEST_P(SSLClientSocketVersionTest, SendEmptyCert) {
3598 SSLServerConfig server_config = GetServerConfig();
3599 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3600 ASSERT_TRUE(
3601 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3602
3603 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3604
3605 int rv;
3606 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3607
3608 EXPECT_THAT(rv, IsOk());
3609 EXPECT_TRUE(sock_->IsConnected());
3610
3611 SSLInfo ssl_info;
3612 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3613 EXPECT_FALSE(ssl_info.client_cert_sent);
3614 }
3615
3616 // Connect to a server requesting client authentication and send a certificate.
TEST_P(SSLClientSocketVersionTest,SendGoodCert)3617 TEST_P(SSLClientSocketVersionTest, SendGoodCert) {
3618 base::FilePath certs_dir = GetTestCertsDirectory();
3619 scoped_refptr<X509Certificate> client_cert =
3620 ImportCertFromFile(certs_dir, "client_1.pem");
3621 ASSERT_TRUE(client_cert);
3622
3623 // Configure the server to only accept |client_cert|.
3624 MockClientCertVerifier verifier;
3625 verifier.set_default_result(ERR_CERT_INVALID);
3626 verifier.AddResultForCert(client_cert.get(), OK);
3627
3628 SSLServerConfig server_config = GetServerConfig();
3629 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3630 server_config.client_cert_verifier = &verifier;
3631 ASSERT_TRUE(
3632 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3633
3634 context_->SetClientCertificate(
3635 host_port_pair(), client_cert,
3636 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3637
3638 int rv;
3639 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3640
3641 EXPECT_THAT(rv, IsOk());
3642 EXPECT_TRUE(sock_->IsConnected());
3643
3644 SSLInfo ssl_info;
3645 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3646 EXPECT_TRUE(ssl_info.client_cert_sent);
3647
3648 sock_->Disconnect();
3649 EXPECT_FALSE(sock_->IsConnected());
3650
3651 // Shut down the test server before |verifier| goes out of scope.
3652 ASSERT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete());
3653 }
3654
3655 // When client certificate preferences change, the session cache should be
3656 // cleared so the client certificate preferences are applied.
TEST_F(SSLClientSocketTest,ClearSessionCacheOnClientCertChange)3657 TEST_F(SSLClientSocketTest, ClearSessionCacheOnClientCertChange) {
3658 SSLServerConfig server_config;
3659 // TLS 1.3 reports client certificate errors after the handshake, so test at
3660 // TLS 1.2 for simplicity.
3661 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3662 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3663 ASSERT_TRUE(
3664 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3665
3666 // Connecting without a client certificate will fail with
3667 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
3668 int rv;
3669 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3670 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3671
3672 // Configure a client certificate.
3673 base::FilePath certs_dir = GetTestCertsDirectory();
3674 context_->SetClientCertificate(
3675 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3676 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3677
3678 // Now the connection succeeds.
3679 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3680 EXPECT_THAT(rv, IsOk());
3681 EXPECT_TRUE(sock_->IsConnected());
3682
3683 SSLInfo ssl_info;
3684 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3685 EXPECT_TRUE(ssl_info.client_cert_sent);
3686 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
3687
3688 // Make a second connection. This should resume the session from the previous
3689 // connection.
3690 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3691 EXPECT_THAT(rv, IsOk());
3692 EXPECT_TRUE(sock_->IsConnected());
3693
3694 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3695 EXPECT_TRUE(ssl_info.client_cert_sent);
3696 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_RESUME);
3697
3698 // Clear the client certificate preference.
3699 context_->ClearClientCertificate(host_port_pair());
3700
3701 // Connections return to failing, rather than resume the previous session.
3702 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3703 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3704
3705 // Establish a new session with the correct client certificate.
3706 context_->SetClientCertificate(
3707 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3708 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3709 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3710 EXPECT_THAT(rv, IsOk());
3711 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3712 EXPECT_TRUE(ssl_info.client_cert_sent);
3713 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
3714
3715 // Switch to continuing without a client certificate.
3716 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3717
3718 // This also clears the session cache and the new preference is applied.
3719 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3720 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
3721 }
3722
TEST_F(SSLClientSocketTest,ClearSessionCacheOnClientCertDatabaseChange)3723 TEST_F(SSLClientSocketTest, ClearSessionCacheOnClientCertDatabaseChange) {
3724 SSLServerConfig server_config;
3725 // TLS 1.3 reports client certificate errors after the handshake, so test at
3726 // TLS 1.2 for simplicity.
3727 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3728 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3729 ASSERT_TRUE(
3730 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3731
3732 HostPortPair host_port_pair2("example.com", 42);
3733 testing::StrictMock<MockSSLClientContextObserver> observer;
3734 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3735 base::flat_set<HostPortPair>({host_port_pair()})));
3736 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3737 base::flat_set<HostPortPair>({host_port_pair2})));
3738 EXPECT_CALL(observer,
3739 OnSSLConfigForServersChanged(base::flat_set<HostPortPair>(
3740 {host_port_pair(), host_port_pair2})));
3741
3742 context_->AddObserver(&observer);
3743
3744 base::FilePath certs_dir = GetTestCertsDirectory();
3745 context_->SetClientCertificate(
3746 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3747 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3748
3749 context_->SetClientCertificate(
3750 host_port_pair2, ImportCertFromFile(certs_dir, "client_2.pem"),
3751 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_2.key")));
3752
3753 EXPECT_EQ(2U, context_->GetClientCertificateCachedServersForTesting().size());
3754
3755 // Connect to `host_port_pair()` using the client cert.
3756 int rv;
3757 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3758 EXPECT_THAT(rv, IsOk());
3759 EXPECT_TRUE(sock_->IsConnected());
3760
3761 EXPECT_EQ(1U, context_->ssl_client_session_cache()->size());
3762
3763 CertDatabase::GetInstance()->NotifyObserversClientCertStoreChanged();
3764 base::RunLoop().RunUntilIdle();
3765
3766 EXPECT_EQ(0U, context_->GetClientCertificateCachedServersForTesting().size());
3767 EXPECT_EQ(0U, context_->ssl_client_session_cache()->size());
3768
3769 context_->RemoveObserver(&observer);
3770 }
3771
TEST_F(SSLClientSocketTest,DontClearEmptyClientCertCache)3772 TEST_F(SSLClientSocketTest, DontClearEmptyClientCertCache) {
3773 SSLServerConfig server_config;
3774 // TLS 1.3 reports client certificate errors after the handshake, so test at
3775 // TLS 1.2 for simplicity.
3776 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3777 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3778 ASSERT_TRUE(
3779 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3780
3781 testing::StrictMock<MockSSLClientContextObserver> observer;
3782 context_->AddObserver(&observer);
3783
3784 // No cached client certs and no open session.
3785 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3786 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3787
3788 base::FilePath certs_dir = GetTestCertsDirectory();
3789 scoped_refptr<net::X509Certificate> certificate1 =
3790 ImportCertFromFile(certs_dir, "client_1.pem");
3791 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate1);
3792 base::RunLoop().RunUntilIdle();
3793
3794 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3795 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3796
3797 context_->RemoveObserver(&observer);
3798
3799 auto entries = log_observer_.GetEntriesWithType(
3800 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3801 ASSERT_EQ(1u, entries.size());
3802 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3803 host_port_pair().ToString());
3804 EXPECT_FALSE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3805 }
3806
TEST_F(SSLClientSocketTest,DontClearMatchingClientCertificates)3807 TEST_F(SSLClientSocketTest, DontClearMatchingClientCertificates) {
3808 SSLServerConfig server_config;
3809 // TLS 1.3 reports client certificate errors after the handshake, so test at
3810 // TLS 1.2 for simplicity.
3811 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3812 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3813 ASSERT_TRUE(
3814 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3815
3816 testing::StrictMock<MockSSLClientContextObserver> observer;
3817 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3818 base::flat_set<HostPortPair>({host_port_pair()})));
3819 context_->AddObserver(&observer);
3820
3821 base::FilePath certs_dir = GetTestCertsDirectory();
3822 scoped_refptr<net::X509Certificate> certificate1 =
3823 ImportCertFromFile(certs_dir, "client_1.pem");
3824 scoped_refptr<net::SSLPrivateKey> private_key1 =
3825 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3826
3827 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
3828 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3829
3830 // Connect to `host_port_pair()` using the client cert.
3831 int rv;
3832 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3833 EXPECT_THAT(rv, IsOk());
3834 EXPECT_TRUE(sock_->IsConnected());
3835 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3836
3837 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate1);
3838 base::RunLoop().RunUntilIdle();
3839
3840 // Cached certificate and session should not have been cleared since the
3841 // certificates were identical.
3842 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3843 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().contains(
3844 host_port_pair()));
3845 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3846
3847 context_->RemoveObserver(&observer);
3848
3849 auto entries = log_observer_.GetEntriesWithType(
3850 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3851 ASSERT_EQ(1u, entries.size());
3852 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3853 host_port_pair().ToString());
3854 EXPECT_FALSE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3855 }
3856
TEST_F(SSLClientSocketTest,ClearMismatchingClientCertificates)3857 TEST_F(SSLClientSocketTest, ClearMismatchingClientCertificates) {
3858 SSLServerConfig server_config;
3859 // TLS 1.3 reports client certificate errors after the handshake, so test at
3860 // TLS 1.2 for simplicity.
3861 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3862 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3863 ASSERT_TRUE(
3864 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3865
3866 testing::StrictMock<MockSSLClientContextObserver> observer;
3867 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3868 base::flat_set<HostPortPair>({host_port_pair()})))
3869 .Times(2);
3870 context_->AddObserver(&observer);
3871
3872 base::FilePath certs_dir = GetTestCertsDirectory();
3873 scoped_refptr<net::X509Certificate> certificate1 =
3874 ImportCertFromFile(certs_dir, "client_1.pem");
3875 scoped_refptr<net::SSLPrivateKey> private_key1 =
3876 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3877
3878 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
3879 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3880
3881 // Connect to `host_port_pair()` using the client cert.
3882 int rv;
3883 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3884 EXPECT_THAT(rv, IsOk());
3885 EXPECT_TRUE(sock_->IsConnected());
3886 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3887
3888 scoped_refptr<net::X509Certificate> certificate2 =
3889 ImportCertFromFile(certs_dir, "client_2.pem");
3890 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate2);
3891 base::RunLoop().RunUntilIdle();
3892
3893 // Cached certificate and session should have been cleared since the
3894 // certificates were different.
3895 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3896 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3897
3898 context_->RemoveObserver(&observer);
3899
3900 auto entries = log_observer_.GetEntriesWithType(
3901 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3902 ASSERT_EQ(1u, entries.size());
3903 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3904 host_port_pair().ToString());
3905 EXPECT_TRUE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3906 }
3907
TEST_F(SSLClientSocketTest,ClearMismatchingClientCertificatesWithNullParameter)3908 TEST_F(SSLClientSocketTest,
3909 ClearMismatchingClientCertificatesWithNullParameter) {
3910 SSLServerConfig server_config;
3911 // TLS 1.3 reports client certificate errors after the handshake, so test at
3912 // TLS 1.2 for simplicity.
3913 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3914 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3915 ASSERT_TRUE(
3916 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3917
3918 testing::StrictMock<MockSSLClientContextObserver> observer;
3919 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3920 base::flat_set<HostPortPair>({host_port_pair()})))
3921 .Times(2);
3922 context_->AddObserver(&observer);
3923
3924 base::FilePath certs_dir = GetTestCertsDirectory();
3925 scoped_refptr<net::X509Certificate> certificate1 =
3926 ImportCertFromFile(certs_dir, "client_1.pem");
3927 scoped_refptr<net::SSLPrivateKey> private_key1 =
3928 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3929
3930 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
3931 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3932
3933 // Connect to `host_port_pair()` using the client cert.
3934 int rv;
3935 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3936 EXPECT_THAT(rv, IsOk());
3937 EXPECT_TRUE(sock_->IsConnected());
3938 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3939
3940 context_->ClearClientCertificateIfNeeded(host_port_pair(), nullptr);
3941 base::RunLoop().RunUntilIdle();
3942
3943 // Cached certificate and session should have been cleared since the
3944 // certificates were different.
3945 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3946 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3947
3948 context_->RemoveObserver(&observer);
3949
3950 auto entries = log_observer_.GetEntriesWithType(
3951 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3952 ASSERT_EQ(1u, entries.size());
3953 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3954 host_port_pair().ToString());
3955 EXPECT_TRUE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3956 }
3957
TEST_F(SSLClientSocketTest,ClearMismatchingClientCertificatesWithNullCachedCert)3958 TEST_F(SSLClientSocketTest,
3959 ClearMismatchingClientCertificatesWithNullCachedCert) {
3960 SSLServerConfig server_config;
3961 // TLS 1.3 reports client certificate errors after the handshake, so test at
3962 // TLS 1.2 for simplicity.
3963 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3964 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3965 ASSERT_TRUE(
3966 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3967
3968 testing::StrictMock<MockSSLClientContextObserver> observer;
3969 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3970 base::flat_set<HostPortPair>({host_port_pair()})))
3971 .Times(2);
3972 context_->AddObserver(&observer);
3973
3974 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3975 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3976
3977 // Connect to `host_port_pair()` using the client cert.
3978 int rv;
3979 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3980 EXPECT_THAT(rv, IsOk());
3981 EXPECT_TRUE(sock_->IsConnected());
3982 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3983
3984 base::FilePath certs_dir = GetTestCertsDirectory();
3985 scoped_refptr<net::X509Certificate> certificate2 =
3986 ImportCertFromFile(certs_dir, "client_2.pem");
3987 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate2);
3988 base::RunLoop().RunUntilIdle();
3989
3990 // Cached certificate and session should have been cleared since the
3991 // certificates were different.
3992 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3993 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3994
3995 context_->RemoveObserver(&observer);
3996
3997 auto entries = log_observer_.GetEntriesWithType(
3998 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3999 ASSERT_EQ(1u, entries.size());
4000 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
4001 host_port_pair().ToString());
4002 EXPECT_TRUE(GetBooleanValueFromParams(entries[0], "is_cleared"));
4003 }
4004
TEST_F(SSLClientSocketTest,DontClearClientCertificatesWithNullCerts)4005 TEST_F(SSLClientSocketTest, DontClearClientCertificatesWithNullCerts) {
4006 SSLServerConfig server_config;
4007 // TLS 1.3 reports client certificate errors after the handshake, so test at
4008 // TLS 1.2 for simplicity.
4009 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4010 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4011 ASSERT_TRUE(
4012 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4013
4014 testing::StrictMock<MockSSLClientContextObserver> observer;
4015 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
4016 base::flat_set<HostPortPair>({host_port_pair()})));
4017 context_->AddObserver(&observer);
4018
4019 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
4020 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
4021
4022 // Connect to `host_port_pair()` using the client cert.
4023 int rv;
4024 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
4025 EXPECT_THAT(rv, IsOk());
4026 EXPECT_TRUE(sock_->IsConnected());
4027 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
4028
4029 context_->ClearClientCertificateIfNeeded(host_port_pair(), nullptr);
4030 base::RunLoop().RunUntilIdle();
4031
4032 // Cached certificate and session should not have been cleared since the
4033 // certificates were identical.
4034 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
4035 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().contains(
4036 host_port_pair()));
4037 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
4038
4039 context_->RemoveObserver(&observer);
4040
4041 auto entries = log_observer_.GetEntriesWithType(
4042 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
4043 ASSERT_EQ(1u, entries.size());
4044 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
4045 host_port_pair().ToString());
4046 EXPECT_FALSE(GetBooleanValueFromParams(entries[0], "is_cleared"));
4047 }
4048
TEST_F(SSLClientSocketTest,DontClearSessionCacheOnServerCertDatabaseChange)4049 TEST_F(SSLClientSocketTest, DontClearSessionCacheOnServerCertDatabaseChange) {
4050 SSLServerConfig server_config;
4051 // TLS 1.3 reports client certificate errors after the handshake, so test at
4052 // TLS 1.2 for simplicity.
4053 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4054 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
4055 ASSERT_TRUE(
4056 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4057
4058 HostPortPair host_port_pair2("example.com", 42);
4059 testing::StrictMock<MockSSLClientContextObserver> observer;
4060 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
4061 base::flat_set<HostPortPair>({host_port_pair()})));
4062 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
4063 base::flat_set<HostPortPair>({host_port_pair2})));
4064 EXPECT_CALL(observer,
4065 OnSSLConfigChanged(
4066 SSLClientContext::SSLConfigChangeType::kCertDatabaseChanged));
4067
4068 context_->AddObserver(&observer);
4069
4070 base::FilePath certs_dir = GetTestCertsDirectory();
4071 context_->SetClientCertificate(
4072 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4073 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4074
4075 context_->SetClientCertificate(
4076 host_port_pair2, ImportCertFromFile(certs_dir, "client_2.pem"),
4077 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_2.key")));
4078
4079 EXPECT_EQ(2U, context_->GetClientCertificateCachedServersForTesting().size());
4080
4081 // Connect to `host_port_pair()` using the client cert.
4082 int rv;
4083 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
4084 EXPECT_THAT(rv, IsOk());
4085 EXPECT_TRUE(sock_->IsConnected());
4086
4087 EXPECT_EQ(1U, context_->ssl_client_session_cache()->size());
4088
4089 CertDatabase::GetInstance()->NotifyObserversTrustStoreChanged();
4090 base::RunLoop().RunUntilIdle();
4091
4092 // The `OnSSLConfigChanged` observer call should be verified by the
4093 // mock observer, but the client auth and client session cache should be
4094 // untouched.
4095
4096 EXPECT_EQ(2U, context_->GetClientCertificateCachedServersForTesting().size());
4097 EXPECT_EQ(1U, context_->ssl_client_session_cache()->size());
4098
4099 context_->RemoveObserver(&observer);
4100 }
4101 #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
4102
MakeHashValueVector(uint8_t value)4103 HashValueVector MakeHashValueVector(uint8_t value) {
4104 HashValueVector out;
4105 HashValue hash(HASH_VALUE_SHA256);
4106 memset(hash.data(), value, hash.size());
4107 out.push_back(hash);
4108 return out;
4109 }
4110
4111 // Test that |ssl_info.pkp_bypassed| is set when a local trust anchor causes
4112 // pinning to be bypassed.
TEST_P(SSLClientSocketVersionTest,PKPBypassedSet)4113 TEST_P(SSLClientSocketVersionTest, PKPBypassedSet) {
4114 base::test::ScopedFeatureList scoped_feature_list_;
4115 scoped_feature_list_.InitAndEnableFeature(
4116 net::features::kStaticKeyPinningEnforcement);
4117 ASSERT_TRUE(
4118 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4119 scoped_refptr<X509Certificate> server_cert =
4120 embedded_test_server()->GetCertificate();
4121
4122 // The certificate needs to be trusted, but chain to a local root with
4123 // different public key hashes than specified in the pin.
4124 CertVerifyResult verify_result;
4125 verify_result.is_issued_by_known_root = false;
4126 verify_result.verified_cert = server_cert;
4127 verify_result.public_key_hashes =
4128 MakeHashValueVector(kBadHashValueVectorInput);
4129 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4130
4131 transport_security_state_->EnableStaticPinsForTesting();
4132 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4133 ScopedTransportSecurityStateSource scoped_security_state_source;
4134
4135 SSLConfig ssl_config;
4136 int rv;
4137 HostPortPair new_host_port_pair("example.test", host_port_pair().port());
4138 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4139 new_host_port_pair, &rv));
4140 SSLInfo ssl_info;
4141 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4142
4143 EXPECT_THAT(rv, IsOk());
4144 EXPECT_TRUE(sock_->IsConnected());
4145
4146 EXPECT_TRUE(ssl_info.pkp_bypassed);
4147 EXPECT_FALSE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4148 }
4149
TEST_P(SSLClientSocketVersionTest,PKPEnforced)4150 TEST_P(SSLClientSocketVersionTest, PKPEnforced) {
4151 base::test::ScopedFeatureList scoped_feature_list_;
4152 scoped_feature_list_.InitAndEnableFeature(
4153 net::features::kStaticKeyPinningEnforcement);
4154 ASSERT_TRUE(
4155 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4156 scoped_refptr<X509Certificate> server_cert =
4157 embedded_test_server()->GetCertificate();
4158
4159 // Certificate is trusted, but chains to a public root that doesn't match the
4160 // pin hashes.
4161 CertVerifyResult verify_result;
4162 verify_result.is_issued_by_known_root = true;
4163 verify_result.verified_cert = server_cert;
4164 verify_result.public_key_hashes =
4165 MakeHashValueVector(kBadHashValueVectorInput);
4166 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4167
4168 transport_security_state_->EnableStaticPinsForTesting();
4169 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4170 ScopedTransportSecurityStateSource scoped_security_state_source;
4171
4172 SSLConfig ssl_config;
4173 int rv;
4174 HostPortPair new_host_port_pair("example.test", host_port_pair().port());
4175 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4176 new_host_port_pair, &rv));
4177 SSLInfo ssl_info;
4178 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4179
4180 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
4181 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4182 EXPECT_FALSE(sock_->IsConnected());
4183
4184 EXPECT_FALSE(ssl_info.pkp_bypassed);
4185 }
4186
4187 namespace {
4188 // TLS_RSA_WITH_AES_128_GCM_SHA256's key exchange involves encrypting to the
4189 // server long-term key.
4190 const uint16_t kEncryptingCipher = kRSACipher;
4191 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256's key exchange involves a signature by
4192 // the server long-term key.
4193 const uint16_t kSigningCipher = kModernTLS12Cipher;
4194 } // namespace
4195
4196 struct KeyUsageTest {
4197 EmbeddedTestServer::ServerCertificate server_cert;
4198 uint16_t cipher_suite;
4199 bool match;
4200 };
4201
4202 class SSLClientSocketKeyUsageTest
4203 : public SSLClientSocketTest,
4204 public ::testing::WithParamInterface<
4205 std::tuple<KeyUsageTest,
4206 bool /*known_root*/,
4207 bool /*rsa_key_usage_for_local_anchors_enabled*/,
4208 bool /*override_feature*/>> {};
4209
4210 const KeyUsageTest kKeyUsageTests[] = {
4211 // keyUsage matches cipher suite.
4212 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE, kSigningCipher,
4213 true},
4214 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kEncryptingCipher,
4215 true},
4216 // keyUsage does not match cipher suite.
4217 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kSigningCipher,
4218 false},
4219 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE,
4220 kEncryptingCipher, false},
4221 };
4222
TEST_P(SSLClientSocketKeyUsageTest,RSAKeyUsage)4223 TEST_P(SSLClientSocketKeyUsageTest, RSAKeyUsage) {
4224 const auto& [test, known_root, rsa_key_usage_for_local_anchors_enabled,
4225 override_feature] = GetParam();
4226 bool enable_feature;
4227 if (override_feature) {
4228 // Configure the feature in the opposite way that we intend, to test that
4229 // the configuration overrides it.
4230 enable_feature = !rsa_key_usage_for_local_anchors_enabled;
4231 } else {
4232 enable_feature = rsa_key_usage_for_local_anchors_enabled;
4233 }
4234 base::test::ScopedFeatureList scoped_feature_list;
4235 if (enable_feature) {
4236 scoped_feature_list.InitAndEnableFeature(
4237 features::kRSAKeyUsageForLocalAnchors);
4238 } else {
4239 scoped_feature_list.InitAndDisableFeature(
4240 features::kRSAKeyUsageForLocalAnchors);
4241 }
4242
4243 SSLServerConfig server_config;
4244 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4245 server_config.cipher_suite_for_testing = test.cipher_suite;
4246 ASSERT_TRUE(StartEmbeddedTestServer(test.server_cert, server_config));
4247 scoped_refptr<X509Certificate> server_cert =
4248 embedded_test_server()->GetCertificate();
4249
4250 SSLContextConfig context_config;
4251 if (override_feature) {
4252 context_config.rsa_key_usage_for_local_anchors_override =
4253 rsa_key_usage_for_local_anchors_enabled;
4254 }
4255 ssl_config_service_->UpdateSSLConfigAndNotify(context_config);
4256
4257 // Certificate is trusted.
4258 CertVerifyResult verify_result;
4259 verify_result.is_issued_by_known_root = known_root;
4260 verify_result.verified_cert = server_cert;
4261 verify_result.public_key_hashes =
4262 MakeHashValueVector(kGoodHashValueVectorInput);
4263 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4264
4265 SSLConfig ssl_config;
4266 int rv;
4267 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4268 SSLInfo ssl_info;
4269 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4270
4271 if (test.match || (!known_root && !rsa_key_usage_for_local_anchors_enabled)) {
4272 EXPECT_THAT(rv, IsOk());
4273 EXPECT_TRUE(sock_->IsConnected());
4274 } else {
4275 EXPECT_THAT(rv, IsError(ERR_SSL_KEY_USAGE_INCOMPATIBLE));
4276 EXPECT_FALSE(sock_->IsConnected());
4277 }
4278 }
4279
4280 INSTANTIATE_TEST_SUITE_P(
4281 RSAKeyUsageInstantiation,
4282 SSLClientSocketKeyUsageTest,
4283 Combine(ValuesIn(kKeyUsageTests), Bool(), Bool(), Bool()));
4284
4285 // Test that when CT is required (in this case, by the delegate), the
4286 // absence of CT information is a socket error.
TEST_P(SSLClientSocketVersionTest,CTIsRequired)4287 TEST_P(SSLClientSocketVersionTest, CTIsRequired) {
4288 ASSERT_TRUE(
4289 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4290 scoped_refptr<X509Certificate> server_cert =
4291 embedded_test_server()->GetCertificate();
4292
4293 // Certificate is trusted and chains to a public root.
4294 CertVerifyResult verify_result;
4295 verify_result.is_issued_by_known_root = true;
4296 verify_result.verified_cert = server_cert;
4297 verify_result.public_key_hashes =
4298 MakeHashValueVector(kGoodHashValueVectorInput);
4299 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4300
4301 // Set up CT
4302 MockRequireCTDelegate require_ct_delegate;
4303 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4304 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4305 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4306 CTRequirementLevel::NOT_REQUIRED));
4307 EXPECT_CALL(require_ct_delegate,
4308 IsCTRequiredForHost(host_port_pair().host(), _, _))
4309 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4310 CTRequirementLevel::REQUIRED));
4311 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
4312 .WillRepeatedly(
4313 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
4314
4315 SSLConfig ssl_config;
4316 int rv;
4317 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4318 SSLInfo ssl_info;
4319 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4320
4321 EXPECT_THAT(rv, IsError(ERR_CERTIFICATE_TRANSPARENCY_REQUIRED));
4322 EXPECT_TRUE(ssl_info.cert_status &
4323 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4324 EXPECT_FALSE(sock_->IsConnected());
4325 }
4326
4327 // Test that when CT is required, setting ignore_certificate_errors
4328 // ignores errors in CT.
TEST_P(SSLClientSocketVersionTest,IgnoreCertificateErrorsBypassesRequiredCT)4329 TEST_P(SSLClientSocketVersionTest, IgnoreCertificateErrorsBypassesRequiredCT) {
4330 ASSERT_TRUE(
4331 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4332 scoped_refptr<X509Certificate> server_cert =
4333 embedded_test_server()->GetCertificate();
4334
4335 // Certificate is trusted and chains to a public root.
4336 CertVerifyResult verify_result;
4337 verify_result.is_issued_by_known_root = true;
4338 verify_result.verified_cert = server_cert;
4339 verify_result.public_key_hashes =
4340 MakeHashValueVector(kGoodHashValueVectorInput);
4341 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4342
4343 // Set up CT
4344 MockRequireCTDelegate require_ct_delegate;
4345 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4346 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4347 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4348 CTRequirementLevel::NOT_REQUIRED));
4349 EXPECT_CALL(require_ct_delegate,
4350 IsCTRequiredForHost(host_port_pair().host(), _, _))
4351 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4352 CTRequirementLevel::REQUIRED));
4353 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
4354 .WillRepeatedly(
4355 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
4356
4357 SSLConfig ssl_config;
4358 ssl_config.ignore_certificate_errors = true;
4359 int rv;
4360 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4361 SSLInfo ssl_info;
4362 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4363
4364 EXPECT_THAT(rv, IsOk());
4365 EXPECT_TRUE(ssl_info.cert_status &
4366 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4367 EXPECT_TRUE(sock_->IsConnected());
4368 }
4369
4370 // When both PKP and CT are required for a host, and both fail, the more
4371 // serious error is that the pin validation failed.
TEST_P(SSLClientSocketVersionTest,PKPMoreImportantThanCT)4372 TEST_P(SSLClientSocketVersionTest, PKPMoreImportantThanCT) {
4373 base::test::ScopedFeatureList scoped_feature_list_;
4374 scoped_feature_list_.InitAndEnableFeature(
4375 net::features::kStaticKeyPinningEnforcement);
4376 ASSERT_TRUE(
4377 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4378 scoped_refptr<X509Certificate> server_cert =
4379 embedded_test_server()->GetCertificate();
4380
4381 // Certificate is trusted, but chains to a public root that doesn't match the
4382 // pin hashes.
4383 CertVerifyResult verify_result;
4384 verify_result.is_issued_by_known_root = true;
4385 verify_result.verified_cert = server_cert;
4386 verify_result.public_key_hashes =
4387 MakeHashValueVector(kBadHashValueVectorInput);
4388 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4389
4390 transport_security_state_->EnableStaticPinsForTesting();
4391 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4392 ScopedTransportSecurityStateSource scoped_security_state_source;
4393
4394 const char kCTHost[] = "hsts-hpkp-preloaded.test";
4395
4396 // Set up CT.
4397 MockRequireCTDelegate require_ct_delegate;
4398 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4399 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4400 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4401 CTRequirementLevel::NOT_REQUIRED));
4402 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(kCTHost, _, _))
4403 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4404 CTRequirementLevel::REQUIRED));
4405 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
4406 .WillRepeatedly(
4407 Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS));
4408
4409 SSLConfig ssl_config;
4410 int rv;
4411 HostPortPair ct_host_port_pair(kCTHost, host_port_pair().port());
4412 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4413 ct_host_port_pair, &rv));
4414 SSLInfo ssl_info;
4415 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4416
4417 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
4418 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4419 EXPECT_TRUE(ssl_info.cert_status &
4420 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4421 EXPECT_FALSE(sock_->IsConnected());
4422 }
4423
4424 // Tests that the SCTAuditingDelegate is called to enqueue SCT reports.
TEST_P(SSLClientSocketVersionTest,SCTAuditingReportCollected)4425 TEST_P(SSLClientSocketVersionTest, SCTAuditingReportCollected) {
4426 ASSERT_TRUE(
4427 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4428 scoped_refptr<X509Certificate> server_cert =
4429 embedded_test_server()->GetCertificate();
4430
4431 // Certificate is trusted and chains to a public root.
4432 CertVerifyResult verify_result;
4433 verify_result.is_issued_by_known_root = true;
4434 verify_result.verified_cert = server_cert;
4435 verify_result.public_key_hashes =
4436 MakeHashValueVector(kGoodHashValueVectorInput);
4437 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4438
4439 // Set up CT and auditing delegate.
4440 MockRequireCTDelegate require_ct_delegate;
4441 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4442 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4443 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4444 CTRequirementLevel::REQUIRED));
4445 EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(server_cert.get(), _, _))
4446 .WillRepeatedly(
4447 Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS));
4448
4449 MockSCTAuditingDelegate sct_auditing_delegate;
4450 context_ = std::make_unique<SSLClientContext>(
4451 ssl_config_service_.get(), cert_verifier_.get(),
4452 transport_security_state_.get(), ct_policy_enforcer_.get(),
4453 ssl_client_session_cache_.get(), &sct_auditing_delegate);
4454
4455 EXPECT_CALL(sct_auditing_delegate, IsSCTAuditingEnabled())
4456 .WillRepeatedly(Return(true));
4457 EXPECT_CALL(sct_auditing_delegate,
4458 MaybeEnqueueReport(host_port_pair(), server_cert.get(), _))
4459 .Times(1);
4460
4461 SSLConfig ssl_config;
4462 int rv;
4463 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4464 EXPECT_THAT(rv, 0);
4465 EXPECT_TRUE(sock_->IsConnected());
4466 }
4467
4468 // Test that handshake_failure alerts at the ServerHello are mapped to
4469 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
TEST_F(SSLClientSocketTest,HandshakeFailureServerHello)4470 TEST_F(SSLClientSocketTest, HandshakeFailureServerHello) {
4471 ASSERT_TRUE(
4472 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
4473
4474 TestCompletionCallback callback;
4475 auto real_transport = std::make_unique<TCPClientSocket>(
4476 addr(), nullptr, nullptr, nullptr, NetLogSource());
4477 auto transport =
4478 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4479 FakeBlockingStreamSocket* raw_transport = transport.get();
4480 int rv = callback.GetResult(transport->Connect(callback.callback()));
4481 ASSERT_THAT(rv, IsOk());
4482
4483 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4484 std::move(transport), host_port_pair(), SSLConfig()));
4485
4486 // Connect. Stop before the client processes ServerHello.
4487 raw_transport->BlockReadResult();
4488 rv = sock->Connect(callback.callback());
4489 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4490 raw_transport->WaitForReadResult();
4491
4492 // Replace it with an alert.
4493 raw_transport->ReplaceReadResult(
4494 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4495 raw_transport->UnblockReadResult();
4496
4497 rv = callback.GetResult(rv);
4498 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
4499 }
4500
4501 // Test that handshake_failure alerts after the ServerHello but without a
4502 // CertificateRequest are mapped to ERR_SSL_PROTOCOL_ERROR.
TEST_F(SSLClientSocketTest,HandshakeFailureNoClientCerts)4503 TEST_F(SSLClientSocketTest, HandshakeFailureNoClientCerts) {
4504 SSLServerConfig server_config;
4505 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4506 ASSERT_TRUE(
4507 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4508
4509 TestCompletionCallback callback;
4510 auto real_transport = std::make_unique<TCPClientSocket>(
4511 addr(), nullptr, nullptr, nullptr, NetLogSource());
4512 auto transport =
4513 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4514 FakeBlockingStreamSocket* raw_transport = transport.get();
4515 int rv = callback.GetResult(transport->Connect(callback.callback()));
4516 ASSERT_THAT(rv, IsOk());
4517
4518 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4519 std::move(transport), host_port_pair(), SSLConfig()));
4520
4521 // Connect. Stop before the client processes ServerHello.
4522 raw_transport->BlockReadResult();
4523 rv = sock->Connect(callback.callback());
4524 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4525 raw_transport->WaitForReadResult();
4526
4527 // Release the ServerHello and wait for the client to write its second flight.
4528 raw_transport->BlockWrite();
4529 raw_transport->UnblockReadResult();
4530 raw_transport->WaitForWrite();
4531
4532 // Wait for the server's final flight.
4533 raw_transport->BlockReadResult();
4534 raw_transport->UnblockWrite();
4535 raw_transport->WaitForReadResult();
4536
4537 // Replace it with an alert.
4538 raw_transport->ReplaceReadResult(
4539 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4540 raw_transport->UnblockReadResult();
4541
4542 rv = callback.GetResult(rv);
4543 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4544 }
4545
4546 // Test that handshake_failure alerts after the ServerHello map to
4547 // ERR_BAD_SSL_CLIENT_AUTH_CERT if a client certificate was requested but not
4548 // supplied. TLS does not have an alert for this case, so handshake_failure is
4549 // common. See https://crbug.com/646567.
TEST_F(SSLClientSocketTest,LateHandshakeFailureMissingClientCerts)4550 TEST_F(SSLClientSocketTest, LateHandshakeFailureMissingClientCerts) {
4551 // Request a client certificate.
4552 SSLServerConfig server_config;
4553 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4554 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4555 ASSERT_TRUE(
4556 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4557
4558 TestCompletionCallback callback;
4559 auto real_transport = std::make_unique<TCPClientSocket>(
4560 addr(), nullptr, nullptr, nullptr, NetLogSource());
4561 auto transport =
4562 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4563 FakeBlockingStreamSocket* raw_transport = transport.get();
4564 int rv = callback.GetResult(transport->Connect(callback.callback()));
4565 ASSERT_THAT(rv, IsOk());
4566
4567 // Send no client certificate.
4568 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
4569 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4570 std::move(transport), host_port_pair(), SSLConfig()));
4571
4572 // Connect. Stop before the client processes ServerHello.
4573 raw_transport->BlockReadResult();
4574 rv = sock->Connect(callback.callback());
4575 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4576 raw_transport->WaitForReadResult();
4577
4578 // Release the ServerHello and wait for the client to write its second flight.
4579 raw_transport->BlockWrite();
4580 raw_transport->UnblockReadResult();
4581 raw_transport->WaitForWrite();
4582
4583 // Wait for the server's final flight.
4584 raw_transport->BlockReadResult();
4585 raw_transport->UnblockWrite();
4586 raw_transport->WaitForReadResult();
4587
4588 // Replace it with an alert.
4589 raw_transport->ReplaceReadResult(
4590 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4591 raw_transport->UnblockReadResult();
4592
4593 rv = callback.GetResult(rv);
4594 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4595 }
4596
4597 // Test that handshake_failure alerts after the ServerHello map to
4598 // ERR_SSL_PROTOCOL_ERROR if received after sending a client certificate. It is
4599 // assumed servers will send a more appropriate alert in this case.
TEST_F(SSLClientSocketTest,LateHandshakeFailureSendClientCerts)4600 TEST_F(SSLClientSocketTest, LateHandshakeFailureSendClientCerts) {
4601 // Request a client certificate.
4602 SSLServerConfig server_config;
4603 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4604 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4605 ASSERT_TRUE(
4606 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4607
4608 TestCompletionCallback callback;
4609 auto real_transport = std::make_unique<TCPClientSocket>(
4610 addr(), nullptr, nullptr, nullptr, NetLogSource());
4611 auto transport =
4612 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4613 FakeBlockingStreamSocket* raw_transport = transport.get();
4614 int rv = callback.GetResult(transport->Connect(callback.callback()));
4615 ASSERT_THAT(rv, IsOk());
4616
4617 // Send a client certificate.
4618 base::FilePath certs_dir = GetTestCertsDirectory();
4619 context_->SetClientCertificate(
4620 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4621 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4622 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4623 std::move(transport), host_port_pair(), SSLConfig()));
4624
4625 // Connect. Stop before the client processes ServerHello.
4626 raw_transport->BlockReadResult();
4627 rv = sock->Connect(callback.callback());
4628 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4629 raw_transport->WaitForReadResult();
4630
4631 // Release the ServerHello and wait for the client to write its second flight.
4632 raw_transport->BlockWrite();
4633 raw_transport->UnblockReadResult();
4634 raw_transport->WaitForWrite();
4635
4636 // Wait for the server's final flight.
4637 raw_transport->BlockReadResult();
4638 raw_transport->UnblockWrite();
4639 raw_transport->WaitForReadResult();
4640
4641 // Replace it with an alert.
4642 raw_transport->ReplaceReadResult(
4643 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4644 raw_transport->UnblockReadResult();
4645
4646 rv = callback.GetResult(rv);
4647 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4648 }
4649
4650 // Test that access_denied alerts are mapped to ERR_SSL_PROTOCOL_ERROR if
4651 // received on a connection not requesting client certificates. This is an
4652 // incorrect use of the alert but is common. See https://crbug.com/630883.
TEST_F(SSLClientSocketTest,AccessDeniedNoClientCerts)4653 TEST_F(SSLClientSocketTest, AccessDeniedNoClientCerts) {
4654 // Request a client certificate.
4655 SSLServerConfig server_config;
4656 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4657 ASSERT_TRUE(
4658 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4659
4660 TestCompletionCallback callback;
4661 auto real_transport = std::make_unique<TCPClientSocket>(
4662 addr(), nullptr, nullptr, nullptr, NetLogSource());
4663 auto transport =
4664 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4665 FakeBlockingStreamSocket* raw_transport = transport.get();
4666 int rv = callback.GetResult(transport->Connect(callback.callback()));
4667 ASSERT_THAT(rv, IsOk());
4668
4669 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4670 std::move(transport), host_port_pair(), SSLConfig()));
4671
4672 // Connect. Stop before the client processes ServerHello.
4673 raw_transport->BlockReadResult();
4674 rv = sock->Connect(callback.callback());
4675 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4676 raw_transport->WaitForReadResult();
4677
4678 // Release the ServerHello and wait for the client to write its second flight.
4679 raw_transport->BlockWrite();
4680 raw_transport->UnblockReadResult();
4681 raw_transport->WaitForWrite();
4682
4683 // Wait for the server's final flight.
4684 raw_transport->BlockReadResult();
4685 raw_transport->UnblockWrite();
4686 raw_transport->WaitForReadResult();
4687
4688 // Replace it with an alert.
4689 raw_transport->ReplaceReadResult(
4690 FormatTLS12Alert(49 /* AlertDescription.access_denied */));
4691 raw_transport->UnblockReadResult();
4692
4693 rv = callback.GetResult(rv);
4694 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4695 }
4696
4697 // Test that access_denied alerts are mapped to ERR_BAD_SSL_CLIENT_AUTH_CERT if
4698 // received on a connection requesting client certificates.
TEST_F(SSLClientSocketTest,AccessDeniedClientCerts)4699 TEST_F(SSLClientSocketTest, AccessDeniedClientCerts) {
4700 // Request a client certificate.
4701 SSLServerConfig server_config;
4702 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4703 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4704 ASSERT_TRUE(
4705 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4706
4707 TestCompletionCallback callback;
4708 auto real_transport = std::make_unique<TCPClientSocket>(
4709 addr(), nullptr, nullptr, nullptr, NetLogSource());
4710 auto transport =
4711 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4712 FakeBlockingStreamSocket* raw_transport = transport.get();
4713 int rv = callback.GetResult(transport->Connect(callback.callback()));
4714 ASSERT_THAT(rv, IsOk());
4715
4716 // Send a client certificate.
4717 base::FilePath certs_dir = GetTestCertsDirectory();
4718 context_->SetClientCertificate(
4719 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4720 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4721 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4722 std::move(transport), host_port_pair(), SSLConfig()));
4723
4724 // Connect. Stop before the client processes ServerHello.
4725 raw_transport->BlockReadResult();
4726 rv = sock->Connect(callback.callback());
4727 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4728 raw_transport->WaitForReadResult();
4729
4730 // Release the ServerHello and wait for the client to write its second flight.
4731 raw_transport->BlockWrite();
4732 raw_transport->UnblockReadResult();
4733 raw_transport->WaitForWrite();
4734
4735 // Wait for the server's final flight.
4736 raw_transport->BlockReadResult();
4737 raw_transport->UnblockWrite();
4738 raw_transport->WaitForReadResult();
4739
4740 // Replace it with an alert.
4741 raw_transport->ReplaceReadResult(
4742 FormatTLS12Alert(49 /* AlertDescription.access_denied */));
4743 raw_transport->UnblockReadResult();
4744
4745 rv = callback.GetResult(rv);
4746 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4747 }
4748
4749 // Test the client can send application data before the ServerHello comes in.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataBeforeServerHello)4750 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataBeforeServerHello) {
4751 ASSERT_TRUE(StartServer());
4752 ASSERT_TRUE(RunInitialConnection());
4753
4754 // Make a 0-RTT Connection. Connect() and Write() complete even though the
4755 // ServerHello is blocked.
4756 FakeBlockingStreamSocket* socket = MakeClient(true);
4757 socket->BlockReadResult();
4758 ASSERT_THAT(Connect(), IsOk());
4759 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4760 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4761
4762 // Release the ServerHello. Now reads complete.
4763 socket->UnblockReadResult();
4764 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4765 int size = ReadAndWait(buf.get(), 4096);
4766 EXPECT_GT(size, 0);
4767 EXPECT_EQ('1', buf->data()[size - 1]);
4768
4769 SSLInfo ssl_info;
4770 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4771 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4772 }
4773
4774 // Test that the client sends 1-RTT data if the ServerHello happens to come in
4775 // before Write() is called. See https://crbug.com/950706.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataAfterServerHello)4776 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataAfterServerHello) {
4777 ASSERT_TRUE(StartServer());
4778 ASSERT_TRUE(RunInitialConnection());
4779
4780 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4781 // blocked.
4782 FakeBlockingStreamSocket* socket = MakeClient(true);
4783 socket->BlockReadResult();
4784 ASSERT_THAT(Connect(), IsOk());
4785
4786 // Wait for the ServerHello to come in and for SSLClientSocket to process it.
4787 socket->WaitForReadResult();
4788 socket->UnblockReadResult();
4789 base::RunLoop().RunUntilIdle();
4790
4791 // Now write to the socket.
4792 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4793 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4794
4795 // Although the socket was created in early data state and the client never
4796 // explicitly called ReaD() or ConfirmHandshake(), SSLClientSocketImpl
4797 // internally consumed the ServerHello and switch keys. The server then
4798 // responds with '0'.
4799 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4800 int size = ReadAndWait(buf.get(), 4096);
4801 EXPECT_GT(size, 0);
4802 EXPECT_EQ('0', buf->data()[size - 1]);
4803
4804 SSLInfo ssl_info;
4805 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4806 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4807 }
4808
4809 // Check that 0RTT is confirmed after a Write and Read.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTConfirmedAfterRead)4810 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTConfirmedAfterRead) {
4811 ASSERT_TRUE(StartServer());
4812 ASSERT_TRUE(RunInitialConnection());
4813
4814 // Make a 0-RTT Connection. Connect() and Write() complete even though the
4815 // ServerHello is blocked.
4816 FakeBlockingStreamSocket* socket = MakeClient(true);
4817 socket->BlockReadResult();
4818 ASSERT_THAT(Connect(), IsOk());
4819 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4820 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4821
4822 socket->UnblockReadResult();
4823 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4824 int size = ReadAndWait(buf.get(), 4096);
4825 EXPECT_GT(size, 0);
4826 EXPECT_EQ('1', buf->data()[size - 1]);
4827
4828 // After the handshake is confirmed, ConfirmHandshake should return
4829 // synchronously.
4830 TestCompletionCallback callback;
4831 ASSERT_THAT(ssl_socket()->ConfirmHandshake(callback.callback()), IsOk());
4832
4833 SSLInfo ssl_info;
4834 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4835 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4836 }
4837
4838 // Test that writes wait for the ServerHello once it has reached the early data
4839 // limit.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataLimit)4840 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimit) {
4841 ASSERT_TRUE(StartServer());
4842 ASSERT_TRUE(RunInitialConnection());
4843
4844 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4845 // blocked.
4846 FakeBlockingStreamSocket* socket = MakeClient(true);
4847 socket->BlockReadResult();
4848 ASSERT_THAT(Connect(), IsOk());
4849
4850 // EmbeddedTestServer uses BoringSSL's hard-coded early data limit, which is
4851 // below 16k.
4852 constexpr size_t kRequestSize = 16 * 1024;
4853 std::string request = "GET /zerortt HTTP/1.0\r\n";
4854 while (request.size() < kRequestSize) {
4855 request += "The-Answer-To-Life-The-Universe-And-Everything: 42\r\n";
4856 }
4857 request += "\r\n";
4858
4859 // Writing the large input should not succeed. It is blocked on the
4860 // ServerHello.
4861 TestCompletionCallback write_callback;
4862 auto write_buf = base::MakeRefCounted<StringIOBuffer>(request);
4863 int write_rv = ssl_socket()->Write(write_buf.get(), request.size(),
4864 write_callback.callback(),
4865 TRAFFIC_ANNOTATION_FOR_TESTS);
4866 ASSERT_THAT(write_rv, IsError(ERR_IO_PENDING));
4867
4868 // The Write should have issued a read for the ServerHello, so
4869 // WaitForReadResult has something to wait for.
4870 socket->WaitForReadResult();
4871 EXPECT_TRUE(socket->pending_read_result());
4872
4873 // Queue a read. It should be blocked on the ServerHello.
4874 TestCompletionCallback read_callback;
4875 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4876 int read_rv =
4877 ssl_socket()->Read(read_buf.get(), 4096, read_callback.callback());
4878 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
4879
4880 // Also queue a ConfirmHandshake. It should also be blocked on ServerHello.
4881 TestCompletionCallback confirm_callback;
4882 int confirm_rv = ssl_socket()->ConfirmHandshake(confirm_callback.callback());
4883 ASSERT_THAT(confirm_rv, IsError(ERR_IO_PENDING));
4884
4885 // Double-check the write was not accidentally blocked on the network.
4886 base::RunLoop().RunUntilIdle();
4887 EXPECT_FALSE(write_callback.have_result());
4888
4889 // At this point, the maximum possible number of events are all blocked on the
4890 // same thing. Release the ServerHello. All three should complete.
4891 socket->UnblockReadResult();
4892 EXPECT_EQ(static_cast<int>(request.size()),
4893 write_callback.GetResult(write_rv));
4894 EXPECT_THAT(confirm_callback.GetResult(confirm_rv), IsOk());
4895 int size = read_callback.GetResult(read_rv);
4896 ASSERT_GT(size, 0);
4897 EXPECT_EQ('1', read_buf->data()[size - 1]);
4898
4899 SSLInfo ssl_info;
4900 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4901 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4902 }
4903
4904 // When a client socket reaches the 0-RTT early data limit, both Write() and
4905 // ConfirmHandshake() become blocked on a transport read. Test that
4906 // CancelReadIfReady() does not interrupt those.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataLimitCancelReadIfReady)4907 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimitCancelReadIfReady) {
4908 ASSERT_TRUE(StartServer());
4909 ASSERT_TRUE(RunInitialConnection());
4910
4911 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4912 // blocked.
4913 FakeBlockingStreamSocket* socket = MakeClient(true);
4914 socket->BlockReadResult();
4915 ASSERT_THAT(Connect(), IsOk());
4916
4917 // EmbeddedTestServer uses BoringSSL's hard-coded early data limit, which is
4918 // below 16k.
4919 constexpr size_t kRequestSize = 16 * 1024;
4920 std::string request = "GET /zerortt HTTP/1.0\r\n";
4921 while (request.size() < kRequestSize) {
4922 request += "The-Answer-To-Life-The-Universe-And-Everything: 42\r\n";
4923 }
4924 request += "\r\n";
4925
4926 // Writing the large input should not succeed. It is blocked on the
4927 // ServerHello.
4928 TestCompletionCallback write_callback;
4929 auto write_buf = base::MakeRefCounted<StringIOBuffer>(request);
4930 int write_rv = ssl_socket()->Write(write_buf.get(), request.size(),
4931 write_callback.callback(),
4932 TRAFFIC_ANNOTATION_FOR_TESTS);
4933 ASSERT_THAT(write_rv, IsError(ERR_IO_PENDING));
4934
4935 // The Write should have issued a read for the ServerHello, so
4936 // WaitForReadResult has something to wait for.
4937 socket->WaitForReadResult();
4938 EXPECT_TRUE(socket->pending_read_result());
4939
4940 // Attempt a ReadIfReady(). It should be blocked on the ServerHello.
4941 TestCompletionCallback read_callback;
4942 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4943 int read_rv =
4944 ssl_socket()->ReadIfReady(read_buf.get(), 4096, read_callback.callback());
4945 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
4946
4947 // Also queue a ConfirmHandshake. It should also be blocked on ServerHello.
4948 TestCompletionCallback confirm_callback;
4949 int confirm_rv = ssl_socket()->ConfirmHandshake(confirm_callback.callback());
4950 ASSERT_THAT(confirm_rv, IsError(ERR_IO_PENDING));
4951
4952 // Cancel the ReadIfReady() and release the ServerHello. The remaining
4953 // operations should complete.
4954 ASSERT_THAT(ssl_socket()->CancelReadIfReady(), IsOk());
4955 socket->UnblockReadResult();
4956 EXPECT_EQ(static_cast<int>(request.size()),
4957 write_callback.GetResult(write_rv));
4958 EXPECT_THAT(confirm_callback.GetResult(confirm_rv), IsOk());
4959
4960 // ReadIfReady() should not complete.
4961 base::RunLoop().RunUntilIdle();
4962 EXPECT_FALSE(read_callback.have_result());
4963
4964 SSLInfo ssl_info;
4965 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4966 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4967
4968 // After a canceled read, future reads are still possible.
4969 TestCompletionCallback read_callback2;
4970 read_rv = read_callback2.GetResult(
4971 ssl_socket()->Read(read_buf.get(), 4096, read_callback2.callback()));
4972 ASSERT_GT(read_rv, 0);
4973 }
4974
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTReject)4975 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReject) {
4976 ASSERT_TRUE(StartServer());
4977 ASSERT_TRUE(RunInitialConnection());
4978
4979 SSLServerConfig server_config;
4980 server_config.early_data_enabled = false;
4981 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
4982 SetServerConfig(server_config);
4983
4984 // 0-RTT Connection
4985 FakeBlockingStreamSocket* socket = MakeClient(true);
4986 socket->BlockReadResult();
4987 ASSERT_THAT(Connect(), IsOk());
4988 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4989 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4990 socket->UnblockReadResult();
4991
4992 // Expect early data to be rejected.
4993 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4994 int rv = ReadAndWait(buf.get(), 4096);
4995 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
4996 rv = WriteAndWait(kRequest);
4997 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
4998
4999 // Run the event loop so the rejection has reached the TLS session cache.
5000 base::RunLoop().RunUntilIdle();
5001
5002 // Now that the session cache has been updated, retrying the connection
5003 // should succeed.
5004 socket = MakeClient(true);
5005 ASSERT_THAT(Connect(), IsOk());
5006 ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk());
5007 SSLInfo ssl_info;
5008 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5009 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5010 }
5011
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTWrongVersion)5012 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTWrongVersion) {
5013 ASSERT_TRUE(StartServer());
5014 ASSERT_TRUE(RunInitialConnection());
5015
5016 SSLServerConfig server_config;
5017 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5018 SetServerConfig(server_config);
5019
5020 // 0-RTT Connection
5021 FakeBlockingStreamSocket* socket = MakeClient(true);
5022 socket->BlockReadResult();
5023 ASSERT_THAT(Connect(), IsOk());
5024 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5025 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5026 socket->UnblockReadResult();
5027
5028 // Expect early data to be rejected because the TLS version was incorrect.
5029 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5030 int rv = ReadAndWait(buf.get(), 4096);
5031 EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv);
5032 rv = WriteAndWait(kRequest);
5033 EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv);
5034
5035 // Run the event loop so the rejection has reached the TLS session cache.
5036 base::RunLoop().RunUntilIdle();
5037
5038 // Now that the session cache has been updated, retrying the connection
5039 // should succeed.
5040 socket = MakeClient(true);
5041 ASSERT_THAT(Connect(), IsOk());
5042 ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk());
5043 SSLInfo ssl_info;
5044 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5045 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5046 }
5047
5048 // Test that the ConfirmHandshake successfully completes the handshake and that
5049 // it blocks until the server's leg has been received.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTConfirmHandshake)5050 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTConfirmHandshake) {
5051 ASSERT_TRUE(StartServer());
5052 ASSERT_TRUE(RunInitialConnection());
5053
5054 // 0-RTT Connection
5055 FakeBlockingStreamSocket* socket = MakeClient(true);
5056 socket->BlockReadResult();
5057 ASSERT_THAT(Connect(), IsOk());
5058
5059 // The ServerHello is blocked, so ConfirmHandshake should not complete.
5060 TestCompletionCallback callback;
5061 ASSERT_EQ(ERR_IO_PENDING,
5062 ssl_socket()->ConfirmHandshake(callback.callback()));
5063 base::RunLoop().RunUntilIdle();
5064 EXPECT_FALSE(callback.have_result());
5065
5066 // Release the ServerHello. ConfirmHandshake now completes.
5067 socket->UnblockReadResult();
5068 ASSERT_THAT(callback.GetResult(ERR_IO_PENDING), IsOk());
5069
5070 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5071 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5072
5073 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5074 int size = ReadAndWait(buf.get(), 4096);
5075 EXPECT_GT(size, 0);
5076 EXPECT_EQ('0', buf->data()[size - 1]);
5077
5078 SSLInfo ssl_info;
5079 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5080 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5081 }
5082
5083 // Test that an early read does not break during zero RTT.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTReadBeforeWrite)5084 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReadBeforeWrite) {
5085 ASSERT_TRUE(StartServer());
5086 ASSERT_TRUE(RunInitialConnection());
5087
5088 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
5089 // blocked.
5090 FakeBlockingStreamSocket* socket = MakeClient(true);
5091 socket->BlockReadResult();
5092 ASSERT_THAT(Connect(), IsOk());
5093
5094 // Read() does not make progress.
5095 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5096 TestCompletionCallback read_callback;
5097 ASSERT_EQ(ERR_IO_PENDING,
5098 ssl_socket()->Read(buf.get(), 4096, read_callback.callback()));
5099
5100 // Write() completes, even though reads are blocked.
5101 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5102 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5103
5104 // Release the ServerHello, etc. The Read() now completes.
5105 socket->UnblockReadResult();
5106 int size = read_callback.GetResult(ERR_IO_PENDING);
5107 EXPECT_GT(size, 0);
5108 EXPECT_EQ('1', buf->data()[size - 1]);
5109
5110 SSLInfo ssl_info;
5111 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5112 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5113 }
5114
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTDoubleConfirmHandshake)5115 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTDoubleConfirmHandshake) {
5116 ASSERT_TRUE(StartServer());
5117 ASSERT_TRUE(RunInitialConnection());
5118
5119 // 0-RTT Connection
5120 MakeClient(true);
5121 ASSERT_THAT(Connect(), IsOk());
5122 TestCompletionCallback callback;
5123 ASSERT_THAT(
5124 callback.GetResult(ssl_socket()->ConfirmHandshake(callback.callback())),
5125 IsOk());
5126 // After the handshake is confirmed, ConfirmHandshake should return
5127 // synchronously.
5128 ASSERT_THAT(ssl_socket()->ConfirmHandshake(callback.callback()), IsOk());
5129 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5130 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5131
5132 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5133 int size = ReadAndWait(buf.get(), 4096);
5134 EXPECT_GT(size, 0);
5135 EXPECT_EQ('0', buf->data()[size - 1]);
5136
5137 SSLInfo ssl_info;
5138 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5139 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5140 }
5141
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTParallelReadConfirm)5142 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTParallelReadConfirm) {
5143 ASSERT_TRUE(StartServer());
5144 ASSERT_TRUE(RunInitialConnection());
5145
5146 // 0-RTT Connection
5147 FakeBlockingStreamSocket* socket = MakeClient(true);
5148 socket->BlockReadResult();
5149 ASSERT_THAT(Connect(), IsOk());
5150
5151 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5152 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5153
5154 // The ServerHello is blocked, so ConfirmHandshake should not complete.
5155 TestCompletionCallback callback;
5156 ASSERT_EQ(ERR_IO_PENDING,
5157 ssl_socket()->ConfirmHandshake(callback.callback()));
5158 base::RunLoop().RunUntilIdle();
5159 EXPECT_FALSE(callback.have_result());
5160
5161 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5162 TestCompletionCallback read_callback;
5163 ASSERT_EQ(ERR_IO_PENDING,
5164 ssl_socket()->Read(buf.get(), 4096, read_callback.callback()));
5165 base::RunLoop().RunUntilIdle();
5166 EXPECT_FALSE(read_callback.have_result());
5167
5168 // Release the ServerHello. ConfirmHandshake now completes.
5169 socket->UnblockReadResult();
5170 ASSERT_THAT(callback.WaitForResult(), IsOk());
5171
5172 int result = read_callback.WaitForResult();
5173 EXPECT_GT(result, 0);
5174 EXPECT_EQ('1', buf->data()[result - 1]);
5175
5176 SSLInfo ssl_info;
5177 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5178 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5179 }
5180
TEST_P(SSLClientSocketReadTest,IdleAfterRead)5181 TEST_P(SSLClientSocketReadTest, IdleAfterRead) {
5182 // Set up a TCP server.
5183 TCPServerSocket server_listener(nullptr, NetLogSource());
5184 ASSERT_THAT(server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0),
5185 1, /*ipv6_only=*/absl::nullopt),
5186 IsOk());
5187 IPEndPoint server_address;
5188 ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk());
5189
5190 // Connect a TCP client and server socket.
5191 TestCompletionCallback server_callback;
5192 std::unique_ptr<StreamSocket> server_transport;
5193 int server_rv =
5194 server_listener.Accept(&server_transport, server_callback.callback());
5195
5196 TestCompletionCallback client_callback;
5197 auto client_transport = std::make_unique<TCPClientSocket>(
5198 AddressList(server_address), nullptr, nullptr, nullptr, NetLogSource());
5199 int client_rv = client_transport->Connect(client_callback.callback());
5200
5201 EXPECT_THAT(server_callback.GetResult(server_rv), IsOk());
5202 EXPECT_THAT(client_callback.GetResult(client_rv), IsOk());
5203
5204 // Set up an SSL server.
5205 base::FilePath certs_dir = GetTestCertsDirectory();
5206 scoped_refptr<net::X509Certificate> cert =
5207 ImportCertFromFile(certs_dir, "ok_cert.pem");
5208 ASSERT_TRUE(cert);
5209 bssl::UniquePtr<EVP_PKEY> pkey =
5210 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("ok_cert.pem"));
5211 ASSERT_TRUE(pkey);
5212 std::unique_ptr<crypto::RSAPrivateKey> key =
5213 crypto::RSAPrivateKey::CreateFromKey(pkey.get());
5214 ASSERT_TRUE(key);
5215 std::unique_ptr<SSLServerContext> server_context =
5216 CreateSSLServerContext(cert.get(), *key.get(), GetServerConfig());
5217
5218 // Complete the SSL handshake on both sides.
5219 std::unique_ptr<SSLClientSocket> client(CreateSSLClientSocket(
5220 std::move(client_transport), HostPortPair::FromIPEndPoint(server_address),
5221 SSLConfig()));
5222 std::unique_ptr<SSLServerSocket> server(
5223 server_context->CreateSSLServerSocket(std::move(server_transport)));
5224
5225 server_rv = server->Handshake(server_callback.callback());
5226 client_rv = client->Connect(client_callback.callback());
5227
5228 EXPECT_THAT(server_callback.GetResult(server_rv), IsOk());
5229 EXPECT_THAT(client_callback.GetResult(client_rv), IsOk());
5230
5231 // Write a single record on the server.
5232 auto write_buf = base::MakeRefCounted<StringIOBuffer>("a");
5233 server_rv = server->Write(write_buf.get(), 1, server_callback.callback(),
5234 TRAFFIC_ANNOTATION_FOR_TESTS);
5235
5236 // Read that record on the server, but with a much larger buffer than
5237 // necessary.
5238 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(1024);
5239 client_rv =
5240 Read(client.get(), read_buf.get(), 1024, client_callback.callback());
5241
5242 EXPECT_EQ(1, server_callback.GetResult(server_rv));
5243 EXPECT_EQ(1, WaitForReadCompletion(client.get(), read_buf.get(), 1024,
5244 &client_callback, client_rv));
5245
5246 // At this point the client socket should be idle.
5247 EXPECT_TRUE(client->IsConnectedAndIdle());
5248 }
5249
5250 // Test that certificate errors are properly reported when the underlying
5251 // transport is itself a TLS connection, such as when tunneling over an HTTPS
5252 // proxy. See https://crbug.com/959305.
TEST_F(SSLClientSocketTest,SSLOverSSLBadCertificate)5253 TEST_F(SSLClientSocketTest, SSLOverSSLBadCertificate) {
5254 // Load a pair of certificates.
5255 base::FilePath certs_dir = GetTestCertsDirectory();
5256 scoped_refptr<net::X509Certificate> ok_cert =
5257 ImportCertFromFile(certs_dir, "ok_cert.pem");
5258 ASSERT_TRUE(ok_cert);
5259 bssl::UniquePtr<EVP_PKEY> ok_pkey =
5260 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("ok_cert.pem"));
5261 ASSERT_TRUE(ok_pkey);
5262
5263 scoped_refptr<net::X509Certificate> expired_cert =
5264 ImportCertFromFile(certs_dir, "expired_cert.pem");
5265 ASSERT_TRUE(expired_cert);
5266 bssl::UniquePtr<EVP_PKEY> expired_pkey =
5267 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("expired_cert.pem"));
5268 ASSERT_TRUE(expired_pkey);
5269
5270 CertVerifyResult expired_result;
5271 expired_result.verified_cert = expired_cert;
5272 expired_result.cert_status = CERT_STATUS_DATE_INVALID;
5273 cert_verifier_->AddResultForCert(expired_cert, expired_result,
5274 ERR_CERT_DATE_INVALID);
5275
5276 // Set up a TCP server.
5277 TCPServerSocket server_listener(nullptr, NetLogSource());
5278 ASSERT_THAT(server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0),
5279 1, /*ipv6_only=*/absl::nullopt),
5280 IsOk());
5281 IPEndPoint server_address;
5282 ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk());
5283
5284 // Connect a TCP client and server socket.
5285 TestCompletionCallback server_callback;
5286 std::unique_ptr<StreamSocket> server_transport;
5287 int server_rv =
5288 server_listener.Accept(&server_transport, server_callback.callback());
5289
5290 TestCompletionCallback client_callback;
5291 auto client_transport = std::make_unique<TCPClientSocket>(
5292 AddressList(server_address), nullptr, nullptr, nullptr, NetLogSource());
5293 int client_rv = client_transport->Connect(client_callback.callback());
5294
5295 ASSERT_THAT(server_callback.GetResult(server_rv), IsOk());
5296 ASSERT_THAT(client_callback.GetResult(client_rv), IsOk());
5297
5298 // Set up a pair of SSL servers.
5299 std::unique_ptr<crypto::RSAPrivateKey> ok_key =
5300 crypto::RSAPrivateKey::CreateFromKey(ok_pkey.get());
5301 ASSERT_TRUE(ok_key);
5302 std::unique_ptr<SSLServerContext> ok_server_context =
5303 CreateSSLServerContext(ok_cert.get(), *ok_key.get(), SSLServerConfig());
5304
5305 std::unique_ptr<crypto::RSAPrivateKey> expired_key =
5306 crypto::RSAPrivateKey::CreateFromKey(expired_pkey.get());
5307 ASSERT_TRUE(expired_key);
5308 std::unique_ptr<SSLServerContext> expired_server_context =
5309 CreateSSLServerContext(expired_cert.get(), *expired_key.get(),
5310 SSLServerConfig());
5311
5312 // Complete the proxy SSL handshake with ok_cert.pem. This should succeed.
5313 std::unique_ptr<SSLClientSocket> client =
5314 CreateSSLClientSocket(std::move(client_transport),
5315 HostPortPair("proxy.test", 443), SSLConfig());
5316 std::unique_ptr<SSLServerSocket> server =
5317 ok_server_context->CreateSSLServerSocket(std::move(server_transport));
5318
5319 client_rv = client->Connect(client_callback.callback());
5320 server_rv = server->Handshake(server_callback.callback());
5321 ASSERT_THAT(client_callback.GetResult(client_rv), IsOk());
5322 ASSERT_THAT(server_callback.GetResult(server_rv), IsOk());
5323
5324 // Run the tunneled SSL handshake on with expired_cert.pem. This should fail.
5325 client = CreateSSLClientSocket(std::move(client),
5326 HostPortPair("server.test", 443), SSLConfig());
5327 server = expired_server_context->CreateSSLServerSocket(std::move(server));
5328
5329 client_rv = client->Connect(client_callback.callback());
5330 server_rv = server->Handshake(server_callback.callback());
5331
5332 // The client should observe the bad certificate error.
5333 EXPECT_THAT(client_callback.GetResult(client_rv),
5334 IsError(ERR_CERT_DATE_INVALID));
5335 SSLInfo ssl_info;
5336 ASSERT_TRUE(client->GetSSLInfo(&ssl_info));
5337 EXPECT_EQ(ssl_info.cert_status, expired_result.cert_status);
5338
5339 // TODO(https://crbug.com/912383): The server sees
5340 // ERR_BAD_SSL_CLIENT_AUTH_CERT because its peer (the client) alerts it with
5341 // bad_certificate. The alert-mapping code assumes it is running on a client,
5342 // so it translates bad_certificate to ERR_BAD_SSL_CLIENT_AUTH_CERT, which
5343 // shouldn't be the error for a bad server certificate.
5344 EXPECT_THAT(server_callback.GetResult(server_rv),
5345 IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
5346 }
5347
TEST_F(SSLClientSocketTest,Tag)5348 TEST_F(SSLClientSocketTest, Tag) {
5349 ASSERT_TRUE(
5350 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5351
5352 auto transport = std::make_unique<TCPClientSocket>(
5353 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
5354
5355 auto tagging_sock =
5356 std::make_unique<MockTaggingStreamSocket>(std::move(transport));
5357 auto* tagging_sock_ptr = tagging_sock.get();
5358
5359 // |sock| takes ownership of |tagging_sock|, but keep a
5360 // non-owning pointer to it.
5361 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
5362 std::move(tagging_sock), host_port_pair(), SSLConfig()));
5363
5364 EXPECT_EQ(tagging_sock_ptr->tag(), SocketTag());
5365 #if BUILDFLAG(IS_ANDROID)
5366 SocketTag tag(0x12345678, 0x87654321);
5367 sock->ApplySocketTag(tag);
5368 EXPECT_EQ(tagging_sock_ptr->tag(), tag);
5369 #endif // BUILDFLAG(IS_ANDROID)
5370 }
5371
TEST_F(SSLClientSocketTest,ECH)5372 TEST_F(SSLClientSocketTest, ECH) {
5373 base::test::ScopedFeatureList feature_list;
5374 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5375
5376 SSLServerConfig server_config;
5377 SSLConfig client_config;
5378 server_config.ech_keys = MakeTestEchKeys(
5379 "public.example", /*max_name_len=*/64, &client_config.ech_config_list);
5380 ASSERT_TRUE(server_config.ech_keys);
5381
5382 ASSERT_TRUE(
5383 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5384
5385 // Connecting with the client should use ECH.
5386 int rv;
5387 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5388 EXPECT_THAT(rv, IsOk());
5389 SSLInfo ssl_info;
5390 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5391 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5392 EXPECT_TRUE(ssl_info.encrypted_client_hello);
5393
5394 // TLS 1.3 causes the ticket to arrive later. Use the socket to ensure we have
5395 // a ticket. This also populates the SSLInfo from the server.
5396 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5397 absl::optional<SSLInfo> server_ssl_info = LastSSLInfoFromServer();
5398 ASSERT_TRUE(server_ssl_info);
5399 EXPECT_TRUE(server_ssl_info->encrypted_client_hello);
5400
5401 // Reconnect. ECH should not interfere with resumption.
5402 sock_.reset();
5403 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5404 EXPECT_THAT(rv, IsOk());
5405 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5406 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5407 EXPECT_TRUE(ssl_info.encrypted_client_hello);
5408
5409 // Check SSLInfo from the server.
5410 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5411 server_ssl_info = LastSSLInfoFromServer();
5412 ASSERT_TRUE(server_ssl_info);
5413 EXPECT_TRUE(server_ssl_info->encrypted_client_hello);
5414
5415 // Connecting without ECH should not report ECH was used.
5416 client_config.ech_config_list.clear();
5417 sock_.reset();
5418 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5419 EXPECT_THAT(rv, IsOk());
5420 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5421 EXPECT_FALSE(ssl_info.encrypted_client_hello);
5422
5423 // Check SSLInfo from the server.
5424 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5425 server_ssl_info = LastSSLInfoFromServer();
5426 ASSERT_TRUE(server_ssl_info);
5427 EXPECT_FALSE(server_ssl_info->encrypted_client_hello);
5428 }
5429
5430 // Test that, on key mismatch, the public name can be used to authenticate
5431 // replacement keys.
TEST_F(SSLClientSocketTest,ECHWrongKeys)5432 TEST_F(SSLClientSocketTest, ECHWrongKeys) {
5433 base::test::ScopedFeatureList feature_list;
5434 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5435
5436 static const char kPublicName[] = "public.example";
5437 std::vector<uint8_t> ech_config_list1, ech_config_list2;
5438 bssl::UniquePtr<SSL_ECH_KEYS> keys1 =
5439 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list1);
5440 ASSERT_TRUE(keys1);
5441 bssl::UniquePtr<SSL_ECH_KEYS> keys2 =
5442 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list2);
5443 ASSERT_TRUE(keys2);
5444
5445 // Configure the client and server with different keys.
5446 SSLServerConfig server_config;
5447 server_config.ech_keys = std::move(keys1);
5448 SSLConfig client_config;
5449 client_config.ech_config_list = std::move(ech_config_list2);
5450
5451 ASSERT_TRUE(
5452 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5453
5454 // Verify the fallback handshake verifies the certificate against the public
5455 // name.
5456 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5457 scoped_refptr<X509Certificate> server_cert =
5458 embedded_test_server()->GetCertificate();
5459 CertVerifyResult verify_result;
5460 verify_result.verified_cert = server_cert;
5461 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5462 verify_result, OK);
5463
5464 // Connecting with the client should report ECH was not negotiated.
5465 int rv;
5466 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5467 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5468
5469 // The server's keys are available as retry keys.
5470 EXPECT_EQ(ech_config_list1, sock_->GetECHRetryConfigs());
5471 }
5472
5473 // Test that, if the server does not support ECH, it can securely report this
5474 // via the public name. This allows recovery if the server needed to
5475 // rollback ECH support.
TEST_F(SSLClientSocketTest,ECHSecurelyDisabled)5476 TEST_F(SSLClientSocketTest, ECHSecurelyDisabled) {
5477 base::test::ScopedFeatureList feature_list;
5478 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5479
5480 static const char kPublicName[] = "public.example";
5481 std::vector<uint8_t> ech_config_list;
5482 bssl::UniquePtr<SSL_ECH_KEYS> keys =
5483 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list);
5484 ASSERT_TRUE(keys);
5485
5486 // The server does not have keys configured.
5487 ASSERT_TRUE(
5488 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5489
5490 // However it can authenticate for kPublicName.
5491 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5492 scoped_refptr<X509Certificate> server_cert =
5493 embedded_test_server()->GetCertificate();
5494 CertVerifyResult verify_result;
5495 verify_result.verified_cert = server_cert;
5496 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5497 verify_result, OK);
5498
5499 // Connecting with the client should report ECH was not negotiated.
5500 SSLConfig client_config;
5501 client_config.ech_config_list = std::move(ech_config_list);
5502 int rv;
5503 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5504 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5505
5506 // The retry config is empty, meaning the server has securely reported that
5507 // ECH is disabled
5508 EXPECT_TRUE(sock_->GetECHRetryConfigs().empty());
5509 }
5510
5511 // The same as the above, but testing that it also works in TLS 1.2, which
5512 // otherwise does not support ECH.
TEST_F(SSLClientSocketTest,ECHSecurelyDisabledTLS12)5513 TEST_F(SSLClientSocketTest, ECHSecurelyDisabledTLS12) {
5514 base::test::ScopedFeatureList feature_list;
5515 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5516
5517 static const char kPublicName[] = "public.example";
5518 std::vector<uint8_t> ech_config_list;
5519 bssl::UniquePtr<SSL_ECH_KEYS> keys =
5520 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list);
5521 ASSERT_TRUE(keys);
5522
5523 // The server does not have keys configured.
5524 SSLServerConfig server_config;
5525 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5526 ASSERT_TRUE(
5527 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5528
5529 // However it can authenticate for kPublicName.
5530 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5531 scoped_refptr<X509Certificate> server_cert =
5532 embedded_test_server()->GetCertificate();
5533 CertVerifyResult verify_result;
5534 verify_result.verified_cert = server_cert;
5535 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5536 verify_result, OK);
5537
5538 // Connecting with the client should report ECH was not negotiated.
5539 SSLConfig client_config;
5540 client_config.ech_config_list = std::move(ech_config_list);
5541 int rv;
5542 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5543 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5544
5545 // The retry config is empty, meaning the server has securely reported that
5546 // ECH is disabled
5547 EXPECT_TRUE(sock_->GetECHRetryConfigs().empty());
5548 }
5549
5550 // Test that the ECH fallback handshake rejects bad certificates.
TEST_F(SSLClientSocketTest,ECHFallbackBadCert)5551 TEST_F(SSLClientSocketTest, ECHFallbackBadCert) {
5552 base::test::ScopedFeatureList feature_list;
5553 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5554
5555 static const char kPublicName[] = "public.example";
5556 std::vector<uint8_t> ech_config_list1, ech_config_list2;
5557 bssl::UniquePtr<SSL_ECH_KEYS> keys1 =
5558 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list1);
5559 ASSERT_TRUE(keys1);
5560 bssl::UniquePtr<SSL_ECH_KEYS> keys2 =
5561 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list2);
5562 ASSERT_TRUE(keys2);
5563
5564 // Configure the client and server with different keys.
5565 SSLServerConfig server_config;
5566 server_config.ech_keys = std::move(keys1);
5567 SSLConfig client_config;
5568 client_config.ech_config_list = std::move(ech_config_list2);
5569
5570 ASSERT_TRUE(
5571 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5572
5573 // Configure the client to reject the certificate for the public name (or any
5574 // other name).
5575 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5576
5577 // Connecting with the client will fail with a fatal error.
5578 int rv;
5579 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5580 EXPECT_THAT(rv, IsError(ERR_ECH_FALLBACK_CERTIFICATE_INVALID));
5581 }
5582
TEST_F(SSLClientSocketTest,InvalidECHConfigList)5583 TEST_F(SSLClientSocketTest, InvalidECHConfigList) {
5584 base::test::ScopedFeatureList feature_list;
5585 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5586
5587 ASSERT_TRUE(
5588 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5589
5590 // If the ECHConfigList cannot be parsed at all, report an error to the
5591 // caller.
5592 SSLConfig client_config;
5593 client_config.ech_config_list = {0x00};
5594 int rv;
5595 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5596 EXPECT_THAT(rv, IsError(ERR_INVALID_ECH_CONFIG_LIST));
5597 }
5598
5599 // Test that, if no ECHConfigList is available, the client sends ECH GREASE.
TEST_F(SSLClientSocketTest,ECHGreaseEnabled)5600 TEST_F(SSLClientSocketTest, ECHGreaseEnabled) {
5601 base::test::ScopedFeatureList feature_list;
5602 feature_list.InitAndEnableFeature(features::kEncryptedClientHello);
5603
5604 // Configure the server to expect an ECH extension.
5605 bool ran_callback = false;
5606 SSLServerConfig server_config;
5607 server_config.client_hello_callback_for_testing =
5608 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5609 const uint8_t* data;
5610 size_t len;
5611 EXPECT_TRUE(SSL_early_callback_ctx_extension_get(
5612 client_hello, TLSEXT_TYPE_encrypted_client_hello, &data, &len));
5613 ran_callback = true;
5614 return true;
5615 });
5616 ASSERT_TRUE(
5617 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5618 int rv;
5619 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
5620 EXPECT_THAT(rv, IsOk());
5621 EXPECT_TRUE(ran_callback);
5622 }
5623
5624 // Test that, if the feature flag is disabled, the client does not send ECH
5625 // GREASE.
TEST_F(SSLClientSocketTest,ECHGreaseDisabled)5626 TEST_F(SSLClientSocketTest, ECHGreaseDisabled) {
5627 base::test::ScopedFeatureList feature_list;
5628 feature_list.InitAndDisableFeature(features::kEncryptedClientHello);
5629
5630 // Configure the server not to expect an ECH extension.
5631 bool ran_callback = false;
5632 SSLServerConfig server_config;
5633 server_config.client_hello_callback_for_testing =
5634 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5635 const uint8_t* data;
5636 size_t len;
5637 EXPECT_FALSE(SSL_early_callback_ctx_extension_get(
5638 client_hello, TLSEXT_TYPE_encrypted_client_hello, &data, &len));
5639 ran_callback = true;
5640 return true;
5641 });
5642 ASSERT_TRUE(
5643 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5644 int rv;
5645 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
5646 EXPECT_THAT(rv, IsOk());
5647 EXPECT_TRUE(ran_callback);
5648 }
5649
5650 struct SSLHandshakeDetailsParams {
5651 bool alpn;
5652 bool early_data;
5653 uint16_t version;
5654 SSLHandshakeDetails expected_initial;
5655 SSLHandshakeDetails expected_resume;
5656 };
5657
5658 const SSLHandshakeDetailsParams kSSLHandshakeDetailsParams[] = {
5659 // TLS 1.2 does False Start if ALPN is enabled.
5660 {false /* no ALPN */, false /* no early data */,
5661 SSL_PROTOCOL_VERSION_TLS1_2, SSLHandshakeDetails::kTLS12Full,
5662 SSLHandshakeDetails::kTLS12Resume},
5663 {true /* ALPN */, false /* no early data */, SSL_PROTOCOL_VERSION_TLS1_2,
5664 SSLHandshakeDetails::kTLS12FalseStart, SSLHandshakeDetails::kTLS12Resume},
5665
5666 // TLS 1.3 supports full handshakes, resumption, and 0-RTT.
5667 {false /* no ALPN */, false /* no early data */,
5668 SSL_PROTOCOL_VERSION_TLS1_3, SSLHandshakeDetails::kTLS13Full,
5669 SSLHandshakeDetails::kTLS13Resume},
5670 {false /* no ALPN */, true /* early data */, SSL_PROTOCOL_VERSION_TLS1_3,
5671 SSLHandshakeDetails::kTLS13Full, SSLHandshakeDetails::kTLS13Early},
5672 };
5673
5674 class SSLHandshakeDetailsTest
5675 : public SSLClientSocketTest,
5676 public ::testing::WithParamInterface<SSLHandshakeDetailsParams> {};
5677
5678 INSTANTIATE_TEST_SUITE_P(All,
5679 SSLHandshakeDetailsTest,
5680 ValuesIn(kSSLHandshakeDetailsParams));
5681
TEST_P(SSLHandshakeDetailsTest,Metrics)5682 TEST_P(SSLHandshakeDetailsTest, Metrics) {
5683 // Enable all test features in the server.
5684 SSLServerConfig server_config;
5685 server_config.early_data_enabled = true;
5686 server_config.alpn_protos = {kProtoHTTP11};
5687 ASSERT_TRUE(
5688 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5689
5690 SSLContextConfig client_context_config;
5691 client_context_config.version_min = GetParam().version;
5692 client_context_config.version_max = GetParam().version;
5693 ssl_config_service_->UpdateSSLConfigAndNotify(client_context_config);
5694
5695 SSLConfig client_config;
5696 client_config.version_min_override = GetParam().version;
5697 client_config.version_max_override = GetParam().version;
5698 client_config.early_data_enabled = GetParam().early_data;
5699 if (GetParam().alpn) {
5700 client_config.alpn_protos = {kProtoHTTP11};
5701 }
5702
5703 SSLVersion version;
5704 switch (GetParam().version) {
5705 case SSL_PROTOCOL_VERSION_TLS1_2:
5706 version = SSL_CONNECTION_VERSION_TLS1_2;
5707 break;
5708 case SSL_PROTOCOL_VERSION_TLS1_3:
5709 version = SSL_CONNECTION_VERSION_TLS1_3;
5710 break;
5711 default:
5712 FAIL() << GetParam().version;
5713 }
5714
5715 // Make the initial connection.
5716 {
5717 base::HistogramTester histograms;
5718 int rv;
5719 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5720 EXPECT_THAT(rv, IsOk());
5721
5722 // Sanity-check the socket matches the test parameters.
5723 SSLInfo info;
5724 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5725 EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status));
5726 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
5727
5728 histograms.ExpectUniqueSample("Net.SSLHandshakeDetails",
5729 GetParam().expected_initial, 1);
5730
5731 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
5732 // use the socket to ensure the session ticket has been picked up.
5733 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
5734 }
5735
5736 // Make a resumption connection.
5737 {
5738 base::HistogramTester histograms;
5739 int rv;
5740 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5741 EXPECT_THAT(rv, IsOk());
5742
5743 // Sanity-check the socket matches the test parameters.
5744 SSLInfo info;
5745 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5746 EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status));
5747 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, info.handshake_type);
5748
5749 histograms.ExpectUniqueSample("Net.SSLHandshakeDetails",
5750 GetParam().expected_resume, 1);
5751 }
5752 }
5753
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonNewSession)5754 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonNewSession) {
5755 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5756
5757 ASSERT_TRUE(StartServer());
5758 base::HistogramTester histograms;
5759 ASSERT_TRUE(RunInitialConnection());
5760 histograms.ExpectUniqueSample(kReasonHistogram,
5761 ssl_early_data_no_session_offered, 1);
5762 }
5763
5764 // Test 0-RTT logging when the server declines to resume a connection.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonNoResume)5765 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonNoResume) {
5766 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5767
5768 ASSERT_TRUE(StartServer());
5769 ASSERT_TRUE(RunInitialConnection());
5770
5771 SSLServerConfig server_config;
5772 server_config.early_data_enabled = false;
5773 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5774
5775 SetServerConfig(server_config);
5776
5777 base::HistogramTester histograms;
5778
5779 // 0-RTT Connection
5780 FakeBlockingStreamSocket* socket = MakeClient(true);
5781 socket->BlockReadResult();
5782 ASSERT_THAT(Connect(), IsOk());
5783 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5784 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5785 socket->UnblockReadResult();
5786
5787 // Expect early data to be rejected.
5788 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5789 int rv = ReadAndWait(buf.get(), 4096);
5790 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
5791
5792 // The histogram may be record asynchronously.
5793 base::RunLoop().RunUntilIdle();
5794 histograms.ExpectUniqueSample(kReasonHistogram,
5795 ssl_early_data_session_not_resumed, 1);
5796 }
5797
5798 // Test 0-RTT logging in the standard ConfirmHandshake-after-acceptance case.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonZeroRTT)5799 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonZeroRTT) {
5800 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5801
5802 ASSERT_TRUE(StartServer());
5803 ASSERT_TRUE(RunInitialConnection());
5804
5805 // 0-RTT Connection
5806 base::HistogramTester histograms;
5807 MakeClient(true);
5808 ASSERT_THAT(Connect(), IsOk());
5809 TestCompletionCallback callback;
5810 ASSERT_THAT(
5811 callback.GetResult(ssl_socket()->ConfirmHandshake(callback.callback())),
5812 IsOk());
5813
5814 base::RunLoop().RunUntilIdle();
5815
5816 histograms.ExpectUniqueSample(kReasonHistogram, ssl_early_data_accepted, 1);
5817 }
5818
5819 // Check that we're correctly logging 0-rtt success when the handshake
5820 // concludes during a Read.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonReadServerHello)5821 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonReadServerHello) {
5822 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5823 ASSERT_TRUE(StartServer());
5824 ASSERT_TRUE(RunInitialConnection());
5825
5826 // 0-RTT Connection
5827 base::HistogramTester histograms;
5828 MakeClient(true);
5829 ASSERT_THAT(Connect(), IsOk());
5830 constexpr base::StringPiece kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5831 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5832
5833 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5834 int size = ReadAndWait(buf.get(), 4096);
5835 EXPECT_GT(size, 0);
5836 EXPECT_EQ('1', buf->data()[size - 1]);
5837
5838 // 0-RTT metrics are logged on a PostTask, so if Read returns synchronously,
5839 // it is possible the metrics haven't been picked up yet.
5840 base::RunLoop().RunUntilIdle();
5841
5842 SSLInfo ssl_info;
5843 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5844 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5845
5846 histograms.ExpectUniqueSample(kReasonHistogram, ssl_early_data_accepted, 1);
5847 }
5848
TEST_F(SSLClientSocketTest,VersionMaxOverride)5849 TEST_F(SSLClientSocketTest, VersionMaxOverride) {
5850 SSLServerConfig server_config;
5851 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5852 ASSERT_TRUE(
5853 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5854
5855 // Connecting normally uses the global configuration.
5856 SSLConfig config;
5857 int rv;
5858 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5859 EXPECT_THAT(rv, IsOk());
5860 SSLInfo info;
5861 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5862 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
5863 SSLConnectionStatusToVersion(info.connection_status));
5864
5865 // Individual sockets may override the maximum version.
5866 config.version_max_override = SSL_PROTOCOL_VERSION_TLS1_2;
5867 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5868 EXPECT_THAT(rv, IsOk());
5869 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5870 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
5871 SSLConnectionStatusToVersion(info.connection_status));
5872 }
5873
TEST_F(SSLClientSocketTest,VersionMinOverride)5874 TEST_F(SSLClientSocketTest, VersionMinOverride) {
5875 SSLServerConfig server_config;
5876 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5877 ASSERT_TRUE(
5878 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5879
5880 // Connecting normally uses the global configuration.
5881 SSLConfig config;
5882 int rv;
5883 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5884 EXPECT_THAT(rv, IsOk());
5885 SSLInfo info;
5886 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5887 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
5888 SSLConnectionStatusToVersion(info.connection_status));
5889
5890 // Individual sockets may also override the minimum version.
5891 config.version_min_override = SSL_PROTOCOL_VERSION_TLS1_3;
5892 config.version_max_override = SSL_PROTOCOL_VERSION_TLS1_3;
5893 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5894 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
5895 }
5896
5897 // Basic test of CancelReadIfReady works.
TEST_F(SSLClientSocketTest,CancelReadIfReady)5898 TEST_F(SSLClientSocketTest, CancelReadIfReady) {
5899 ASSERT_TRUE(
5900 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5901
5902 // Connect with a FakeBlockingStreamSocket.
5903 auto real_transport = std::make_unique<TCPClientSocket>(
5904 addr(), nullptr, nullptr, nullptr, NetLogSource());
5905 auto transport =
5906 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
5907 FakeBlockingStreamSocket* raw_transport = transport.get();
5908 TestCompletionCallback callback;
5909 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
5910 IsOk());
5911
5912 // Complete the handshake. Disable the post-handshake peek so that, after the
5913 // handshake, there are no pending reads on the transport.
5914 SSLConfig config;
5915 config.disable_post_handshake_peek_for_testing = true;
5916 auto sock =
5917 CreateSSLClientSocket(std::move(transport), host_port_pair(), config);
5918 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
5919
5920 // Block the socket and wait for some data to arrive from the server.
5921 raw_transport->BlockReadResult();
5922 auto write_buf =
5923 base::MakeRefCounted<StringIOBuffer>("GET / HTTP/1.0\r\n\r\n");
5924 ASSERT_EQ(callback.GetResult(sock->Write(write_buf.get(), write_buf->size(),
5925 callback.callback(),
5926 TRAFFIC_ANNOTATION_FOR_TESTS)),
5927 write_buf->size());
5928
5929 // ReadIfReady() should not read anything because the socket is blocked.
5930 bool callback_called = false;
5931 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(100);
5932 int rv = sock->ReadIfReady(
5933 read_buf.get(), 100,
5934 base::BindLambdaForTesting([&](int rv) { callback_called = true; }));
5935 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
5936
5937 // Cancel ReadIfReady() and unblock the socket.
5938 ASSERT_THAT(sock->CancelReadIfReady(), IsOk());
5939 raw_transport->WaitForReadResult();
5940 raw_transport->UnblockReadResult();
5941 base::RunLoop().RunUntilIdle();
5942
5943 // Although data is now available, the callback should not have been called.
5944 EXPECT_FALSE(callback_called);
5945
5946 // Future reads on the socket should still work. The data should be
5947 // synchronously available.
5948 EXPECT_GT(
5949 callback.GetResult(sock->Read(read_buf.get(), 100, callback.callback())),
5950 0);
5951 }
5952
5953 // Test that the server_name extension (SNI) is sent on DNS names, and not IP
5954 // literals.
TEST_F(SSLClientSocketTest,ServerName)5955 TEST_F(SSLClientSocketTest, ServerName) {
5956 absl::optional<std::string> got_server_name;
5957 bool ran_callback = false;
5958 auto reset_callback_state = [&] {
5959 got_server_name = absl::nullopt;
5960 ran_callback = false;
5961 };
5962
5963 // Start a server which records the server name.
5964 SSLServerConfig server_config;
5965 server_config.client_hello_callback_for_testing =
5966 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5967 const char* server_name =
5968 SSL_get_servername(client_hello->ssl, TLSEXT_NAMETYPE_host_name);
5969 if (server_name) {
5970 got_server_name = server_name;
5971 } else {
5972 got_server_name = absl::nullopt;
5973 }
5974 ran_callback = true;
5975 return true;
5976 });
5977 ASSERT_TRUE(
5978 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5979
5980 // The client should send the server_name extension for DNS names.
5981 uint16_t port = host_port_pair().port();
5982 int rv;
5983 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
5984 SSLConfig(), HostPortPair("example.com", port), &rv));
5985 ASSERT_THAT(rv, IsOk());
5986 EXPECT_TRUE(ran_callback);
5987 EXPECT_EQ(got_server_name, "example.com");
5988
5989 // The client should not send the server_name extension for IPv4 and IPv6
5990 // literals. See https://crbug.com/500981.
5991 reset_callback_state();
5992 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
5993 SSLConfig(), HostPortPair("1.2.3.4", port), &rv));
5994 ASSERT_THAT(rv, IsOk());
5995 EXPECT_TRUE(ran_callback);
5996 EXPECT_EQ(got_server_name, absl::nullopt);
5997
5998 reset_callback_state();
5999 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
6000 SSLConfig(), HostPortPair("::1", port), &rv));
6001 ASSERT_THAT(rv, IsOk());
6002 EXPECT_TRUE(ran_callback);
6003 EXPECT_EQ(got_server_name, absl::nullopt);
6004
6005 reset_callback_state();
6006 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
6007 SSLConfig(), HostPortPair("2001:db8::42", port), &rv));
6008 ASSERT_THAT(rv, IsOk());
6009 EXPECT_TRUE(ran_callback);
6010 EXPECT_EQ(got_server_name, absl::nullopt);
6011 }
6012
6013 class SSLClientSocketAlpsTest
6014 : public SSLClientSocketTest,
6015 public ::testing::WithParamInterface<std::tuple<bool, bool, bool>> {
6016 public:
SSLClientSocketAlpsTest()6017 SSLClientSocketAlpsTest()
6018 : client_alps_enabled_(std::get<0>(GetParam())),
6019 server_alps_enabled_(std::get<1>(GetParam())),
6020 client_use_new_alps_(std::get<2>(GetParam())) {}
6021 ~SSLClientSocketAlpsTest() override = default;
6022 const bool client_alps_enabled_;
6023 const bool server_alps_enabled_;
6024 const bool client_use_new_alps_;
6025 };
6026
6027 INSTANTIATE_TEST_SUITE_P(All,
6028 SSLClientSocketAlpsTest,
6029 Combine(Bool(), Bool(), Bool()));
6030
TEST_P(SSLClientSocketAlpsTest,Alps)6031 TEST_P(SSLClientSocketAlpsTest, Alps) {
6032 const std::string server_data = "server sends some test data";
6033 const std::string client_data = "client also sends some data";
6034
6035 SSLServerConfig server_config;
6036 server_config.alpn_protos = {kProtoHTTP2};
6037 if (server_alps_enabled_) {
6038 server_config.application_settings[kProtoHTTP2] =
6039 std::vector<uint8_t>(server_data.begin(), server_data.end());
6040 }
6041 // Configure the server to support whichever ALPS codepoint the client sent.
6042 server_config.client_hello_callback_for_testing =
6043 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
6044 const uint8_t* unused_extension_bytes;
6045 size_t unused_extension_len;
6046 int use_alps_new_codepoint = SSL_early_callback_ctx_extension_get(
6047 client_hello, TLSEXT_TYPE_application_settings,
6048 &unused_extension_bytes, &unused_extension_len);
6049 SSL_set_alps_use_new_codepoint(client_hello->ssl,
6050 use_alps_new_codepoint);
6051 return true;
6052 });
6053
6054 ASSERT_TRUE(
6055 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
6056
6057 SSLConfig client_config;
6058 client_config.alpn_protos = {kProtoHTTP2};
6059
6060 base::test::ScopedFeatureList feature_list;
6061 if (client_use_new_alps_) {
6062 feature_list.InitAndEnableFeature(features::kUseAlpsNewCodepoint);
6063 } else {
6064 feature_list.InitAndDisableFeature(features::kUseAlpsNewCodepoint);
6065 }
6066
6067 if (client_alps_enabled_) {
6068 client_config.application_settings[kProtoHTTP2] =
6069 std::vector<uint8_t>(client_data.begin(), client_data.end());
6070 }
6071
6072 int rv;
6073 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
6074 EXPECT_THAT(rv, IsOk());
6075
6076 SSLInfo info;
6077 ASSERT_TRUE(sock_->GetSSLInfo(&info));
6078 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
6079 SSLConnectionStatusToVersion(info.connection_status));
6080 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
6081
6082 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
6083
6084 // ALPS is negotiated only if ALPS is enabled both on client and server.
6085 const auto alps_data_received_by_client = sock_->GetPeerApplicationSettings();
6086
6087 if (client_alps_enabled_ && server_alps_enabled_) {
6088 ASSERT_TRUE(alps_data_received_by_client.has_value());
6089 EXPECT_EQ(server_data, alps_data_received_by_client.value());
6090 } else {
6091 EXPECT_FALSE(alps_data_received_by_client.has_value());
6092 }
6093 }
6094
6095 } // namespace net
6096