1 // Copyright 2024 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/quic_session_key.h"
6
7 #include "net/base/network_anonymization_key.h"
8 #include "net/base/privacy_mode.h"
9 #include "net/base/proxy_chain.h"
10 #include "net/base/proxy_server.h"
11 #include "net/base/schemeful_site.h"
12 #include "net/base/session_usage.h"
13 #include "net/dns/public/secure_dns_policy.h"
14 #include "net/socket/socket_tag.h"
15 #include "net/third_party/quiche/src/quiche/quic/core/quic_server_id.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17 #include "url/gurl.h"
18
19 namespace net {
20
21 namespace {
22
23 // Check for equality of session keys, and inequality when various pieces of the
24 // key differ. The SocketTag is only used on Android, and the NAK is only used
25 // when network partitioning is enabled.
TEST(QuicSessionKeyTest,Equality)26 TEST(QuicSessionKeyTest, Equality) {
27 QuicSessionKey key(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
28 ProxyChain::Direct(), SessionUsage::kDestination,
29 SocketTag(), NetworkAnonymizationKey(),
30 SecureDnsPolicy::kAllow,
31 /*require_dns_https_alpn=*/false);
32 EXPECT_EQ(key,
33 QuicSessionKey("www.example.org", 80, PRIVACY_MODE_DISABLED,
34 ProxyChain::Direct(), SessionUsage::kDestination,
35 SocketTag(), NetworkAnonymizationKey(),
36 SecureDnsPolicy::kAllow,
37 /*require_dns_https_alpn=*/false));
38 EXPECT_EQ(key,
39 QuicSessionKey(quic::QuicServerId("www.example.org", 80),
40 PRIVACY_MODE_DISABLED, ProxyChain::Direct(),
41 SessionUsage::kDestination, SocketTag(),
42 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
43 /*require_dns_https_alpn=*/false));
44 EXPECT_NE(
45 key, QuicSessionKey(HostPortPair("otherproxy", 80), PRIVACY_MODE_DISABLED,
46 ProxyChain::Direct(), SessionUsage::kDestination,
47 SocketTag(), NetworkAnonymizationKey(),
48 SecureDnsPolicy::kAllow,
49 /*require_dns_https_alpn=*/false));
50 EXPECT_NE(key,
51 QuicSessionKey(HostPortPair("www.example.org", 80),
52 PRIVACY_MODE_ENABLED, ProxyChain::Direct(),
53 SessionUsage::kDestination, SocketTag(),
54 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
55 /*require_dns_https_alpn=*/false));
56 EXPECT_NE(key, QuicSessionKey(
57 HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
58 ProxyChain::FromSchemeHostAndPort(
59 ProxyServer::Scheme::SCHEME_HTTPS, "otherproxy", 443),
60 SessionUsage::kDestination, SocketTag(),
61 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
62 /*require_dns_https_alpn=*/false));
63 EXPECT_NE(key, QuicSessionKey(
64 HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
65 ProxyChain::Direct(), SessionUsage::kProxy, SocketTag(),
66 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
67 /*require_dns_https_alpn=*/false));
68 #if BUILDFLAG(IS_ANDROID)
69 EXPECT_NE(key,
70 QuicSessionKey(HostPortPair("www.example.org", 80),
71 PRIVACY_MODE_DISABLED, ProxyChain::Direct(),
72 SessionUsage::kDestination, SocketTag(999, 999),
73 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
74 /*require_dns_https_alpn=*/false));
75 #endif // BUILDFLAG(IS_ANDROID)
76 if (NetworkAnonymizationKey::IsPartitioningEnabled()) {
77 EXPECT_NE(key, QuicSessionKey(HostPortPair("www.example.org", 80),
78 PRIVACY_MODE_DISABLED, ProxyChain::Direct(),
79 SessionUsage::kDestination, SocketTag(),
80 NetworkAnonymizationKey::CreateSameSite(
81 SchemefulSite(GURL("http://a.test/"))),
82 SecureDnsPolicy::kAllow,
83 /*require_dns_https_alpn=*/false));
84 }
85 EXPECT_NE(key,
86 QuicSessionKey(HostPortPair("www.example.org", 80),
87 PRIVACY_MODE_DISABLED, ProxyChain::Direct(),
88 SessionUsage::kDestination, SocketTag(),
89 NetworkAnonymizationKey(), SecureDnsPolicy::kDisable,
90 /*require_dns_https_alpn=*/false));
91 EXPECT_NE(key,
92 QuicSessionKey("www.example.org", 80, PRIVACY_MODE_DISABLED,
93 ProxyChain::Direct(), SessionUsage::kDestination,
94 SocketTag(), NetworkAnonymizationKey(),
95 SecureDnsPolicy::kAllow,
96 /*require_dns_https_alpn=*/true));
97 }
98
99 // The operator< implementation is suitable for storing distinct keys in a set.
TEST(QuicSessionKeyTest,Set)100 TEST(QuicSessionKeyTest, Set) {
101 std::vector<QuicSessionKey> session_keys = {
102 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
103 ProxyChain::Direct(), SessionUsage::kDestination,
104 SocketTag(), NetworkAnonymizationKey(),
105 SecureDnsPolicy::kAllow,
106 /*require_dns_https_alpn=*/false),
107 QuicSessionKey(HostPortPair("otherproxy", 80), PRIVACY_MODE_DISABLED,
108 ProxyChain::Direct(), SessionUsage::kDestination,
109 SocketTag(), NetworkAnonymizationKey(),
110 SecureDnsPolicy::kAllow,
111 /*require_dns_https_alpn=*/false),
112 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_ENABLED,
113 ProxyChain::Direct(), SessionUsage::kDestination,
114 SocketTag(), NetworkAnonymizationKey(),
115 SecureDnsPolicy::kAllow,
116 /*require_dns_https_alpn=*/false),
117 QuicSessionKey(HostPortPair("www.example.org", 80),
118 PRIVACY_MODE_ENABLED_WITHOUT_CLIENT_CERTS,
119 ProxyChain::Direct(), SessionUsage::kDestination,
120 SocketTag(), NetworkAnonymizationKey(),
121 SecureDnsPolicy::kAllow,
122 /*require_dns_https_alpn=*/false),
123 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
124 ProxyChain::FromSchemeHostAndPort(
125 ProxyServer::Scheme::SCHEME_HTTPS, "otherproxy", 443),
126 SessionUsage::kDestination, SocketTag(),
127 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
128 /*require_dns_https_alpn=*/false),
129 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
130 ProxyChain({
131 ProxyServer::FromSchemeHostAndPort(
132 ProxyServer::Scheme::SCHEME_HTTPS, "proxy1", 443),
133 ProxyServer::FromSchemeHostAndPort(
134 ProxyServer::Scheme::SCHEME_HTTPS, "proxy2", 443),
135 }),
136 SessionUsage::kDestination, SocketTag(),
137 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
138 /*require_dns_https_alpn=*/false),
139 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
140 ProxyChain::Direct(), SessionUsage::kProxy, SocketTag(),
141 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
142 /*require_dns_https_alpn=*/false),
143 #if BUILDFLAG(IS_ANDROID)
144 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
145 ProxyChain::Direct(), SessionUsage::kDestination,
146 SocketTag(999, 999), NetworkAnonymizationKey(),
147 SecureDnsPolicy::kAllow,
148 /*require_dns_https_alpn=*/false),
149 #endif // BUILDFLAG(IS_ANDROID)
150 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
151 ProxyChain::Direct(), SessionUsage::kDestination,
152 SocketTag(), NetworkAnonymizationKey(),
153 SecureDnsPolicy::kDisable,
154 /*require_dns_https_alpn=*/false),
155 QuicSessionKey(HostPortPair("www.example.org", 80), PRIVACY_MODE_DISABLED,
156 ProxyChain::Direct(), SessionUsage::kDestination,
157 SocketTag(), NetworkAnonymizationKey(),
158 SecureDnsPolicy::kAllow,
159 /*require_dns_https_alpn=*/true),
160 };
161 if (NetworkAnonymizationKey::IsPartitioningEnabled()) {
162 session_keys.emplace_back(HostPortPair("www.example.org", 80),
163 PRIVACY_MODE_DISABLED, ProxyChain::Direct(),
164 SessionUsage::kDestination, SocketTag(),
165 NetworkAnonymizationKey::CreateSameSite(
166 SchemefulSite(GURL("http://a.test/"))),
167 SecureDnsPolicy::kAllow,
168 /*require_dns_https_alpn=*/false);
169 }
170 std::set<QuicSessionKey> key_set(session_keys.begin(), session_keys.end());
171 ASSERT_EQ(session_keys.size(), key_set.size());
172 }
173
174 } // namespace
175
176 } // namespace net
177