1 // Copyright 2021 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/connect_job_factory.h"
6
7 #include <memory>
8 #include <optional>
9 #include <vector>
10
11 #include "base/memory/raw_ptr.h"
12 #include "base/memory/scoped_refptr.h"
13 #include "net/base/host_port_pair.h"
14 #include "net/base/network_isolation_key.h"
15 #include "net/base/privacy_mode.h"
16 #include "net/base/proxy_chain.h"
17 #include "net/base/proxy_server.h"
18 #include "net/base/request_priority.h"
19 #include "net/dns/public/secure_dns_policy.h"
20 #include "net/http/http_proxy_connect_job.h"
21 #include "net/log/net_log_with_source.h"
22 #include "net/socket/connect_job.h"
23 #include "net/socket/connect_job_test_util.h"
24 #include "net/socket/next_proto.h"
25 #include "net/socket/socket_tag.h"
26 #include "net/socket/socks_connect_job.h"
27 #include "net/socket/ssl_connect_job.h"
28 #include "net/socket/transport_connect_job.h"
29 #include "net/socket/websocket_endpoint_lock_manager.h"
30 #include "net/ssl/ssl_config.h"
31 #include "net/test/test_with_task_environment.h"
32 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
33 #include "net/url_request/static_http_user_agent_settings.h"
34 #include "testing/gmock/include/gmock/gmock.h"
35 #include "testing/gtest/include/gtest/gtest.h"
36 #include "url/scheme_host_port.h"
37 #include "url/url_constants.h"
38
39 namespace net {
40 namespace {
41
42 // Mock HttpProxyConnectJob::Factory that records the `params` used and then
43 // passes on to a real factory.
44 class TestHttpProxyConnectJobFactory : public HttpProxyConnectJob::Factory {
45 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,scoped_refptr<HttpProxySocketParams> params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)46 std::unique_ptr<HttpProxyConnectJob> Create(
47 RequestPriority priority,
48 const SocketTag& socket_tag,
49 const CommonConnectJobParams* common_connect_job_params,
50 scoped_refptr<HttpProxySocketParams> params,
51 ConnectJob::Delegate* delegate,
52 const NetLogWithSource* net_log) override {
53 params_.push_back(params);
54 return HttpProxyConnectJob::Factory::Create(priority, socket_tag,
55 common_connect_job_params,
56 params, delegate, net_log);
57 }
58
params() const59 const std::vector<scoped_refptr<HttpProxySocketParams>>& params() const {
60 return params_;
61 }
62
63 private:
64 std::vector<scoped_refptr<HttpProxySocketParams>> params_;
65 };
66
67 // Mock SOCKSConnectJob::Factory that records the `params` used and then passes
68 // on to a real factory.
69 class TestSocksConnectJobFactory : public SOCKSConnectJob::Factory {
70 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,scoped_refptr<SOCKSSocketParams> socks_params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)71 std::unique_ptr<SOCKSConnectJob> Create(
72 RequestPriority priority,
73 const SocketTag& socket_tag,
74 const CommonConnectJobParams* common_connect_job_params,
75 scoped_refptr<SOCKSSocketParams> socks_params,
76 ConnectJob::Delegate* delegate,
77 const NetLogWithSource* net_log) override {
78 params_.push_back(socks_params);
79 return SOCKSConnectJob::Factory::Create(priority, socket_tag,
80 common_connect_job_params,
81 socks_params, delegate, net_log);
82 }
83
params() const84 const std::vector<scoped_refptr<SOCKSSocketParams>>& params() const {
85 return params_;
86 }
87
88 private:
89 std::vector<scoped_refptr<SOCKSSocketParams>> params_;
90 };
91
92 // Mock SSLConnectJob::Factory that records the `params` used and then passes on
93 // to a real factory.
94 class TestSslConnectJobFactory : public SSLConnectJob::Factory {
95 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,scoped_refptr<SSLSocketParams> params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)96 std::unique_ptr<SSLConnectJob> Create(
97 RequestPriority priority,
98 const SocketTag& socket_tag,
99 const CommonConnectJobParams* common_connect_job_params,
100 scoped_refptr<SSLSocketParams> params,
101 ConnectJob::Delegate* delegate,
102 const NetLogWithSource* net_log) override {
103 params_.push_back(params);
104 return SSLConnectJob::Factory::Create(priority, socket_tag,
105 common_connect_job_params, params,
106 delegate, net_log);
107 }
108
params() const109 const std::vector<scoped_refptr<SSLSocketParams>>& params() const {
110 return params_;
111 }
112
113 private:
114 std::vector<scoped_refptr<SSLSocketParams>> params_;
115 };
116
117 // Mock TransportConnectJob::Factory that records the `params` used and then
118 // passes on to a real factory.
119 class TestTransportConnectJobFactory : public TransportConnectJob::Factory {
120 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,const scoped_refptr<TransportSocketParams> & params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)121 std::unique_ptr<TransportConnectJob> Create(
122 RequestPriority priority,
123 const SocketTag& socket_tag,
124 const CommonConnectJobParams* common_connect_job_params,
125 const scoped_refptr<TransportSocketParams>& params,
126 ConnectJob::Delegate* delegate,
127 const NetLogWithSource* net_log) override {
128 params_.push_back(params);
129 return TransportConnectJob::Factory::Create(priority, socket_tag,
130 common_connect_job_params,
131 params, delegate, net_log);
132 }
133
params() const134 const std::vector<scoped_refptr<TransportSocketParams>>& params() const {
135 return params_;
136 }
137
138 private:
139 std::vector<scoped_refptr<TransportSocketParams>> params_;
140 };
141
142 // TODO(crbug.com/365771838): Add tests for non-ip protection nested proxy
143 // chains if support is enabled for all builds.
144 class ConnectJobFactoryTest : public TestWithTaskEnvironment {
145 public:
ConnectJobFactoryTest()146 ConnectJobFactoryTest() {
147 auto http_proxy_job_factory =
148 std::make_unique<TestHttpProxyConnectJobFactory>();
149 http_proxy_job_factory_ = http_proxy_job_factory.get();
150
151 auto socks_job_factory = std::make_unique<TestSocksConnectJobFactory>();
152 socks_job_factory_ = socks_job_factory.get();
153
154 auto ssl_job_factory = std::make_unique<TestSslConnectJobFactory>();
155 ssl_job_factory_ = ssl_job_factory.get();
156
157 auto transport_job_factory =
158 std::make_unique<TestTransportConnectJobFactory>();
159 transport_job_factory_ = transport_job_factory.get();
160
161 factory_ = std::make_unique<ConnectJobFactory>(
162 std::move(http_proxy_job_factory), std::move(socks_job_factory),
163 std::move(ssl_job_factory), std::move(transport_job_factory));
164 }
165
166 protected:
167 // Gets the total number of ConnectJob creations across all types.
GetCreationCount() const168 size_t GetCreationCount() const {
169 return http_proxy_job_factory_->params().size() +
170 socks_job_factory_->params().size() +
171 ssl_job_factory_->params().size() +
172 transport_job_factory_->params().size();
173 }
174
175 const NextProtoVector alpn_protos_{kProtoHTTP2, kProtoHTTP11};
176 const SSLConfig::ApplicationSettings application_settings_{{kProtoHTTP2, {}}};
177 bool early_data_enabled_ = true;
178 const StaticHttpUserAgentSettings http_user_agent_settings_ = {"*",
179 "test-ua"};
180 const CommonConnectJobParams common_connect_job_params_{
181 /*client_socket_factory=*/nullptr,
182 /*host_resolver=*/nullptr,
183 /*http_auth_cache=*/nullptr,
184 /*http_auth_handler_factory=*/nullptr,
185 /*spdy_session_pool=*/nullptr,
186 /*quic_supported_versions=*/nullptr,
187 /*quic_session_pool=*/nullptr,
188 /*proxy_delegate=*/nullptr,
189 &http_user_agent_settings_,
190 /*ssl_client_context=*/nullptr,
191 /*socket_performance_watcher_factory=*/nullptr,
192 /*network_quality_estimator=*/nullptr,
193 /*net_log=*/nullptr,
194 /*websocket_endpoint_lock_manager=*/nullptr,
195 /*http_server_properties=*/nullptr,
196 &alpn_protos_,
197 &application_settings_,
198 /*ignore_certificate_errors=*/nullptr,
199 &early_data_enabled_};
200 TestConnectJobDelegate delegate_;
201
202 std::unique_ptr<ConnectJobFactory> factory_;
203 raw_ptr<TestHttpProxyConnectJobFactory> http_proxy_job_factory_;
204 raw_ptr<TestSocksConnectJobFactory> socks_job_factory_;
205 raw_ptr<TestSslConnectJobFactory> ssl_job_factory_;
206 raw_ptr<TestTransportConnectJobFactory> transport_job_factory_;
207 };
208
TEST_F(ConnectJobFactoryTest,CreateConnectJob)209 TEST_F(ConnectJobFactoryTest, CreateConnectJob) {
210 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 82);
211
212 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
213 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
214 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
215 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
216 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
217 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
218 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
219 &delegate_);
220 EXPECT_EQ(GetCreationCount(), 1u);
221
222 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
223 const TransportSocketParams& params =
224 *transport_job_factory_->params().front();
225 EXPECT_THAT(params.destination(),
226 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
227 }
228
TEST_F(ConnectJobFactoryTest,CreateConnectJobWithoutScheme)229 TEST_F(ConnectJobFactoryTest, CreateConnectJobWithoutScheme) {
230 const HostPortPair kEndpoint("test", 82);
231
232 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
233 /*using_ssl=*/false, kEndpoint, ProxyChain::Direct(),
234 /*proxy_annotation_tag=*/std::nullopt,
235 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
236 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
237 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
238 &common_connect_job_params_, &delegate_);
239 EXPECT_EQ(GetCreationCount(), 1u);
240
241 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
242 const TransportSocketParams& params =
243 *transport_job_factory_->params().front();
244 EXPECT_THAT(params.destination(),
245 testing::VariantWith<HostPortPair>(kEndpoint));
246 }
247
TEST_F(ConnectJobFactoryTest,CreateHttpsConnectJob)248 TEST_F(ConnectJobFactoryTest, CreateHttpsConnectJob) {
249 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 84);
250
251 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
252 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
253 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
254 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
255 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
256 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
257 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
258 &delegate_);
259 EXPECT_EQ(GetCreationCount(), 1u);
260
261 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
262 const SSLSocketParams& params = *ssl_job_factory_->params().front();
263 EXPECT_EQ(params.host_and_port(),
264 HostPortPair::FromSchemeHostPort(kEndpoint));
265 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
266 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
267 EXPECT_THAT(params.ssl_config().alpn_protos,
268 testing::ElementsAreArray(alpn_protos_));
269 EXPECT_EQ(params.ssl_config().application_settings, application_settings_);
270 EXPECT_EQ(params.ssl_config().renego_allowed_default, true);
271 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
272 testing::ElementsAre(kProtoHTTP11));
273 EXPECT_TRUE(params.ssl_config().early_data_enabled);
274
275 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::DIRECT);
276 const TransportSocketParams& transport_params =
277 *params.GetDirectConnectionParams();
278 EXPECT_THAT(transport_params.destination(),
279 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
280 EXPECT_THAT(transport_params.supported_alpns(),
281 testing::UnorderedElementsAre("h2", "http/1.1"));
282 }
283
TEST_F(ConnectJobFactoryTest,CreateHttpsConnectJobForHttp11)284 TEST_F(ConnectJobFactoryTest, CreateHttpsConnectJobForHttp11) {
285 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 84);
286
287 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
288 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
289 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttp11Only,
290 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
291 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
292 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
293 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
294 &delegate_);
295 EXPECT_EQ(GetCreationCount(), 1u);
296
297 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
298 const SSLSocketParams& params = *ssl_job_factory_->params().front();
299 EXPECT_EQ(params.host_and_port(),
300 HostPortPair::FromSchemeHostPort(kEndpoint));
301 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
302 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
303 EXPECT_THAT(params.ssl_config().alpn_protos,
304 testing::ElementsAre(kProtoHTTP11));
305 EXPECT_EQ(params.ssl_config().application_settings, application_settings_);
306 EXPECT_EQ(params.ssl_config().renego_allowed_default, true);
307 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
308 testing::ElementsAre(kProtoHTTP11));
309 EXPECT_TRUE(params.ssl_config().early_data_enabled);
310
311 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::DIRECT);
312 const TransportSocketParams& transport_params =
313 *params.GetDirectConnectionParams();
314 EXPECT_THAT(transport_params.destination(),
315 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
316 EXPECT_THAT(transport_params.supported_alpns(),
317 testing::UnorderedElementsAre("http/1.1"));
318 }
319
TEST_F(ConnectJobFactoryTest,CreateHttpsConnectJobWithoutScheme)320 TEST_F(ConnectJobFactoryTest, CreateHttpsConnectJobWithoutScheme) {
321 const HostPortPair kEndpoint("test", 84);
322
323 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
324 /*using_ssl=*/true, kEndpoint, ProxyChain::Direct(),
325 /*proxy_annotation_tag=*/std::nullopt, /*force_tunnel=*/false,
326 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
327 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
328 SecureDnsPolicy::kAllow, &common_connect_job_params_, &delegate_);
329 EXPECT_EQ(GetCreationCount(), 1u);
330
331 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
332 const SSLSocketParams& params = *ssl_job_factory_->params().front();
333 EXPECT_EQ(params.host_and_port(), kEndpoint);
334 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
335 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
336 EXPECT_THAT(params.ssl_config().alpn_protos, testing::ElementsAre());
337 EXPECT_TRUE(params.ssl_config().application_settings.empty());
338 EXPECT_EQ(params.ssl_config().renego_allowed_default, false);
339 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
340 testing::ElementsAre());
341 EXPECT_TRUE(params.ssl_config().early_data_enabled);
342
343 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::DIRECT);
344 const TransportSocketParams& transport_params =
345 *params.GetDirectConnectionParams();
346 EXPECT_THAT(transport_params.destination(),
347 testing::VariantWith<HostPortPair>(kEndpoint));
348 }
349
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJob)350 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJob) {
351 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 85);
352 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
353 HostPortPair("proxy.test", 86));
354
355 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
356 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
357 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
358 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
359 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
360 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
361 &common_connect_job_params_, &delegate_);
362 EXPECT_EQ(GetCreationCount(), 1u);
363
364 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
365 const HttpProxySocketParams& params =
366 *http_proxy_job_factory_->params().front();
367 EXPECT_FALSE(params.proxy_server().is_quic());
368 EXPECT_EQ(params.endpoint(), HostPortPair::FromSchemeHostPort(kEndpoint));
369
370 ASSERT_TRUE(params.transport_params());
371 const TransportSocketParams& transport_params = *params.transport_params();
372 EXPECT_THAT(
373 transport_params.destination(),
374 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
375 }
376
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJobWithoutScheme)377 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJobWithoutScheme) {
378 const HostPortPair kEndpoint("test", 85);
379 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
380 HostPortPair("proxy.test", 86));
381
382 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
383 /*using_ssl=*/false, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
384 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
385 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
386 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
387 &common_connect_job_params_, &delegate_);
388 EXPECT_EQ(GetCreationCount(), 1u);
389 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
390 const HttpProxySocketParams& params =
391 *http_proxy_job_factory_->params().front();
392 EXPECT_FALSE(params.proxy_server().is_quic());
393 EXPECT_EQ(params.endpoint(), kEndpoint);
394
395 ASSERT_TRUE(params.transport_params());
396 const TransportSocketParams& transport_params = *params.transport_params();
397 EXPECT_THAT(
398 transport_params.destination(),
399 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
400 }
401
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJobForHttps)402 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJobForHttps) {
403 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 87);
404 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
405 HostPortPair("proxy.test", 88));
406 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
407 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
408 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
409 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
410 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
411 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
412 &common_connect_job_params_, &delegate_);
413 EXPECT_EQ(GetCreationCount(), 1u);
414
415 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
416 const SSLSocketParams& params = *ssl_job_factory_->params().front();
417 EXPECT_EQ(params.host_and_port(),
418 HostPortPair::FromSchemeHostPort(kEndpoint));
419 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
420 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
421 EXPECT_THAT(params.ssl_config().alpn_protos,
422 testing::ElementsAreArray(alpn_protos_));
423 EXPECT_EQ(params.ssl_config().application_settings, application_settings_);
424 EXPECT_EQ(params.ssl_config().renego_allowed_default, true);
425 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
426 testing::ElementsAre(kProtoHTTP11));
427 EXPECT_TRUE(params.ssl_config().early_data_enabled);
428
429 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::HTTP_PROXY);
430 const HttpProxySocketParams& proxy_params =
431 *params.GetHttpProxyConnectionParams();
432 EXPECT_FALSE(proxy_params.proxy_server().is_quic());
433 EXPECT_EQ(proxy_params.endpoint(),
434 HostPortPair::FromSchemeHostPort(kEndpoint));
435
436 ASSERT_TRUE(proxy_params.transport_params());
437 const TransportSocketParams& transport_params =
438 *proxy_params.transport_params();
439 EXPECT_THAT(
440 transport_params.destination(),
441 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
442 }
443
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJobForHttpsWithoutScheme)444 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJobForHttpsWithoutScheme) {
445 const HostPortPair kEndpoint("test", 87);
446 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
447 HostPortPair("proxy.test", 88));
448
449 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
450 /*using_ssl=*/true, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
451 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
452 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
453 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
454 &common_connect_job_params_, &delegate_);
455 EXPECT_EQ(GetCreationCount(), 1u);
456
457 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
458 const SSLSocketParams& params = *ssl_job_factory_->params().front();
459 EXPECT_EQ(params.host_and_port(), kEndpoint);
460
461 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::HTTP_PROXY);
462 const HttpProxySocketParams& proxy_params =
463 *params.GetHttpProxyConnectionParams();
464 EXPECT_FALSE(proxy_params.proxy_server().is_quic());
465 EXPECT_EQ(proxy_params.endpoint(), kEndpoint);
466 EXPECT_THAT(params.ssl_config().alpn_protos, testing::ElementsAre());
467 EXPECT_TRUE(params.ssl_config().application_settings.empty());
468 EXPECT_EQ(params.ssl_config().renego_allowed_default, false);
469 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
470 testing::ElementsAre());
471 // While the only production caller of this method disables SSL early data, it
472 // does so by configuring the HttpNetworkSession, rather than by relying on
473 // the ConnectJobFactory to disable early data when there's no scheme.
474 EXPECT_TRUE(params.ssl_config().early_data_enabled);
475
476 ASSERT_TRUE(proxy_params.transport_params());
477 const TransportSocketParams& transport_params =
478 *proxy_params.transport_params();
479 EXPECT_THAT(
480 transport_params.destination(),
481 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
482 }
483
TEST_F(ConnectJobFactoryTest,CreateHttpsProxyConnectJob)484 TEST_F(ConnectJobFactoryTest, CreateHttpsProxyConnectJob) {
485 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 89);
486 const ProxyChain kProxy(ProxyServer::SCHEME_HTTPS,
487 HostPortPair("proxy.test", 90));
488
489 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
490 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
491 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
492 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
493 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
494 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
495 &common_connect_job_params_, &delegate_);
496 EXPECT_EQ(GetCreationCount(), 1u);
497
498 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
499 const HttpProxySocketParams& params =
500 *http_proxy_job_factory_->params().front();
501 EXPECT_FALSE(params.proxy_server().is_quic());
502 EXPECT_EQ(params.endpoint(), HostPortPair::FromSchemeHostPort(kEndpoint));
503
504 ASSERT_TRUE(params.ssl_params());
505 const SSLSocketParams& ssl_params = *params.ssl_params();
506 EXPECT_EQ(ssl_params.host_and_port(), kProxy.First().host_port_pair());
507 EXPECT_TRUE(
508 ssl_params.ssl_config().disable_cert_verification_network_fetches);
509 EXPECT_EQ(CertVerifier::VERIFY_DISABLE_NETWORK_FETCHES,
510 ssl_params.ssl_config().GetCertVerifyFlags());
511 EXPECT_THAT(ssl_params.ssl_config().alpn_protos,
512 testing::ElementsAreArray(alpn_protos_));
513 EXPECT_EQ(ssl_params.ssl_config().application_settings,
514 application_settings_);
515 // Renegotiation is never allowed for proxies.
516 EXPECT_EQ(ssl_params.ssl_config().renego_allowed_default, false);
517 EXPECT_THAT(ssl_params.ssl_config().renego_allowed_for_protos,
518 testing::ElementsAre());
519 EXPECT_FALSE(ssl_params.ssl_config().early_data_enabled);
520
521 ASSERT_EQ(ssl_params.GetConnectionType(), SSLSocketParams::DIRECT);
522 const TransportSocketParams& transport_params =
523 *ssl_params.GetDirectConnectionParams();
524 EXPECT_THAT(
525 transport_params.destination(),
526 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
527 }
528
TEST_F(ConnectJobFactoryTest,CreateHttpsProxyConnectJobWithoutScheme)529 TEST_F(ConnectJobFactoryTest, CreateHttpsProxyConnectJobWithoutScheme) {
530 const HostPortPair kEndpoint("test", 89);
531 const ProxyChain kProxy(ProxyServer::SCHEME_HTTPS,
532 HostPortPair("proxy.test", 90));
533
534 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
535 /*using_ssl=*/false, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
536 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
537 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
538 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
539 &common_connect_job_params_, &delegate_);
540 EXPECT_EQ(GetCreationCount(), 1u);
541
542 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
543 const HttpProxySocketParams& params =
544 *http_proxy_job_factory_->params().front();
545 EXPECT_FALSE(params.proxy_server().is_quic());
546 EXPECT_EQ(params.endpoint(), kEndpoint);
547
548 ASSERT_TRUE(params.ssl_params());
549 const SSLSocketParams& ssl_params = *params.ssl_params();
550 EXPECT_EQ(ssl_params.host_and_port(), kProxy.First().host_port_pair());
551 EXPECT_TRUE(
552 ssl_params.ssl_config().disable_cert_verification_network_fetches);
553 EXPECT_EQ(CertVerifier::VERIFY_DISABLE_NETWORK_FETCHES,
554 ssl_params.ssl_config().GetCertVerifyFlags());
555 // Alpn should always be used for HTTPS proxies.
556 EXPECT_THAT(ssl_params.ssl_config().alpn_protos,
557 testing::ElementsAreArray(alpn_protos_));
558 EXPECT_EQ(ssl_params.ssl_config().application_settings,
559 application_settings_);
560 // Renegotiation is never allowed for proxies.
561 EXPECT_EQ(ssl_params.ssl_config().renego_allowed_default, false);
562 EXPECT_THAT(ssl_params.ssl_config().renego_allowed_for_protos,
563 testing::ElementsAre());
564 EXPECT_FALSE(ssl_params.ssl_config().early_data_enabled);
565
566 ASSERT_EQ(ssl_params.GetConnectionType(), SSLSocketParams::DIRECT);
567 const TransportSocketParams& transport_params =
568 *ssl_params.GetDirectConnectionParams();
569 EXPECT_THAT(
570 transport_params.destination(),
571 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
572 }
573
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJob)574 TEST_F(ConnectJobFactoryTest, CreateNestedHttpsProxyConnectJob) {
575 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 89);
576 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
577 HostPortPair("proxy1.test", 443)};
578 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
579 HostPortPair("proxy2.test", 443)};
580 const ProxyChain kNestedProxyChain =
581 ProxyChain::ForIpProtection({{kProxyServer1, kProxyServer2}});
582
583 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
584 kEndpoint, kNestedProxyChain, TRAFFIC_ANNOTATION_FOR_TESTS,
585 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
586 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
587 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
588 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
589 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
590 &delegate_);
591 EXPECT_EQ(GetCreationCount(), 1u);
592
593 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
594 // The corresponding HttpProxySocketParams and SSLSocketParams for each hop
595 // should be present in reverse order.
596 const HttpProxySocketParams& proxy_server2_http_params =
597 *http_proxy_job_factory_->params().front();
598 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
599 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
600 EXPECT_EQ(proxy_server2_http_params.endpoint(),
601 HostPortPair::FromSchemeHostPort(kEndpoint));
602 EXPECT_TRUE(proxy_server2_http_params.tunnel());
603
604 const SSLSocketParams& proxy_server2_ssl_params =
605 *proxy_server2_http_params.ssl_params();
606 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
607 kProxyServer2.host_port_pair());
608 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
609 testing::ElementsAreArray(alpn_protos_));
610 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
611 application_settings_);
612 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
613 false);
614 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
615 testing::ElementsAre());
616 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
617
618 const HttpProxySocketParams& proxy_server1_http_params =
619 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
620 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
621 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
622 EXPECT_EQ(proxy_server1_http_params.endpoint(),
623 kProxyServer2.host_port_pair());
624
625 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
626 const SSLSocketParams& proxy_server1_ssl_params =
627 *proxy_server1_http_params.ssl_params();
628 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
629 kProxyServer1.host_port_pair());
630 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
631 testing::ElementsAreArray(alpn_protos_));
632 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
633 application_settings_);
634 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
635 false);
636 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
637 testing::ElementsAre());
638 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
639
640 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
641 SSLSocketParams::DIRECT);
642 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
643 SSLSocketParams::HTTP_PROXY);
644
645 const TransportSocketParams& transport_params =
646 *proxy_server1_ssl_params.GetDirectConnectionParams();
647 EXPECT_THAT(
648 transport_params.destination(),
649 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
650 }
651
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJobWithoutScheme)652 TEST_F(ConnectJobFactoryTest, CreateNestedHttpsProxyConnectJobWithoutScheme) {
653 const HostPortPair kEndpoint("test", 89);
654 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
655 HostPortPair("proxy1.test", 443)};
656 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
657 HostPortPair("proxy2.test", 443)};
658 const ProxyChain kNestedProxyChain =
659 ProxyChain::ForIpProtection({{kProxyServer1, kProxyServer2}});
660
661 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
662 /*using_ssl=*/false, kEndpoint, kNestedProxyChain,
663 TRAFFIC_ANNOTATION_FOR_TESTS, /*force_tunnel=*/false,
664 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
665 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
666 SecureDnsPolicy::kAllow, &common_connect_job_params_, &delegate_);
667 EXPECT_EQ(GetCreationCount(), 1u);
668
669 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
670 // The corresponding HttpProxySocketParams and SSLSocketParams for each hop
671 // should be present in reverse order.
672 const HttpProxySocketParams& proxy_server2_http_params =
673 *http_proxy_job_factory_->params().front();
674 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
675 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
676 EXPECT_EQ(proxy_server2_http_params.endpoint(), kEndpoint);
677
678 const SSLSocketParams& proxy_server2_ssl_params =
679 *proxy_server2_http_params.ssl_params();
680 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
681 kProxyServer2.host_port_pair());
682
683 const HttpProxySocketParams& proxy_server1_http_params =
684 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
685 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
686 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
687 EXPECT_EQ(proxy_server1_http_params.endpoint(),
688 kProxyServer2.host_port_pair());
689 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
690 testing::ElementsAreArray(alpn_protos_));
691 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
692 application_settings_);
693 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
694 false);
695 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
696 testing::ElementsAre());
697 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
698
699 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
700 const SSLSocketParams& proxy_server1_ssl_params =
701 *proxy_server1_http_params.ssl_params();
702 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
703 kProxyServer1.host_port_pair());
704 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
705 testing::ElementsAreArray(alpn_protos_));
706 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
707 application_settings_);
708 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
709 false);
710 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
711 testing::ElementsAre());
712 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
713
714 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
715 SSLSocketParams::DIRECT);
716 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
717 SSLSocketParams::HTTP_PROXY);
718
719 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
720 SSLSocketParams::DIRECT);
721 const TransportSocketParams& transport_params =
722 *proxy_server1_ssl_params.GetDirectConnectionParams();
723 EXPECT_THAT(
724 transport_params.destination(),
725 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
726 }
727
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJobForHttps)728 TEST_F(ConnectJobFactoryTest, CreateNestedHttpsProxyConnectJobForHttps) {
729 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 443);
730
731 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
732 HostPortPair("proxy1.test", 443)};
733 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
734 HostPortPair("proxy2.test", 443)};
735
736 const ProxyChain kNestedProxyChain =
737 ProxyChain::ForIpProtection({{kProxyServer1, kProxyServer2}});
738
739 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
740 kEndpoint, kNestedProxyChain, TRAFFIC_ANNOTATION_FOR_TESTS,
741 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
742 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
743 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
744 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
745 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
746 &delegate_);
747 EXPECT_EQ(GetCreationCount(), 1u);
748
749 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
750 const SSLSocketParams& endpoint_ssl_params =
751 *ssl_job_factory_->params().at(0);
752 EXPECT_THAT(endpoint_ssl_params.ssl_config().alpn_protos,
753 testing::ElementsAreArray(alpn_protos_));
754 EXPECT_EQ(endpoint_ssl_params.ssl_config().application_settings,
755 application_settings_);
756 EXPECT_EQ(endpoint_ssl_params.ssl_config().renego_allowed_default, true);
757 EXPECT_THAT(endpoint_ssl_params.ssl_config().renego_allowed_for_protos,
758 testing::ElementsAre(kProtoHTTP11));
759 EXPECT_TRUE(endpoint_ssl_params.ssl_config().early_data_enabled);
760
761 // The SSLSocketParams for the destination should be configured to go through
762 // the chain of proxies, with the corresponding HttpProxySocketParams and
763 // SSLSocketParams for each hop present in reverse order.
764 const HttpProxySocketParams& proxy_server2_http_params =
765 *endpoint_ssl_params.GetHttpProxyConnectionParams();
766 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
767 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
768 EXPECT_EQ(proxy_server2_http_params.endpoint(),
769 HostPortPair::FromSchemeHostPort(kEndpoint));
770
771 const SSLSocketParams& proxy_server2_ssl_params =
772 *proxy_server2_http_params.ssl_params();
773 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
774 kProxyServer2.host_port_pair());
775 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
776 testing::ElementsAreArray(alpn_protos_));
777 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
778 application_settings_);
779 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
780 false);
781 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
782 testing::ElementsAre());
783 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
784
785 const HttpProxySocketParams& proxy_server1_http_params =
786 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
787 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
788 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
789 EXPECT_EQ(proxy_server1_http_params.endpoint(),
790 kProxyServer2.host_port_pair());
791
792 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
793 const SSLSocketParams& proxy_server1_ssl_params =
794 *proxy_server1_http_params.ssl_params();
795 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
796 kProxyServer1.host_port_pair());
797 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
798 testing::ElementsAreArray(alpn_protos_));
799 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
800 application_settings_);
801 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
802 false);
803 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
804 testing::ElementsAre());
805 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
806
807 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
808 SSLSocketParams::DIRECT);
809 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
810 SSLSocketParams::HTTP_PROXY);
811 ASSERT_EQ(endpoint_ssl_params.GetConnectionType(),
812 SSLSocketParams::HTTP_PROXY);
813
814 const TransportSocketParams& transport_params =
815 *proxy_server1_ssl_params.GetDirectConnectionParams();
816 // We should establish a physical socket / direct connection to
817 // `kProxyServer1` (and will tunnel all subsequent traffic through
818 // that).
819 EXPECT_THAT(
820 transport_params.destination(),
821 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
822 }
823
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJobForHttpsWithoutScheme)824 TEST_F(ConnectJobFactoryTest,
825 CreateNestedHttpsProxyConnectJobForHttpsWithoutScheme) {
826 const HostPortPair kEndpoint("test", 443);
827
828 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
829 HostPortPair("proxy1.test", 443)};
830 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
831 HostPortPair("proxy2.test", 443)};
832
833 const ProxyChain kNestedProxyChain =
834 ProxyChain::ForIpProtection({{kProxyServer1, kProxyServer2}});
835
836 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
837 /*using_ssl=*/true, kEndpoint, kNestedProxyChain,
838 TRAFFIC_ANNOTATION_FOR_TESTS, /*force_tunnel=*/false,
839 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
840 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
841 SecureDnsPolicy::kAllow, &common_connect_job_params_, &delegate_);
842 EXPECT_EQ(GetCreationCount(), 1u);
843
844 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
845 const SSLSocketParams& endpoint_ssl_params =
846 *ssl_job_factory_->params().at(0);
847 EXPECT_THAT(endpoint_ssl_params.ssl_config().alpn_protos,
848 testing::ElementsAre());
849 EXPECT_TRUE(endpoint_ssl_params.ssl_config().application_settings.empty());
850 EXPECT_EQ(endpoint_ssl_params.ssl_config().renego_allowed_default, false);
851 EXPECT_THAT(endpoint_ssl_params.ssl_config().renego_allowed_for_protos,
852 testing::ElementsAre());
853 EXPECT_TRUE(endpoint_ssl_params.ssl_config().early_data_enabled);
854
855 // The SSLSocketParams for the destination should be configured to go through
856 // the chain of proxies, with the corresponding HttpProxySocketParams and
857 // SSLSocketParams for each hop present in reverse order.
858 const HttpProxySocketParams& proxy_server2_http_params =
859 *endpoint_ssl_params.GetHttpProxyConnectionParams();
860 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
861 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
862 EXPECT_EQ(proxy_server2_http_params.endpoint(), kEndpoint);
863
864 const SSLSocketParams& proxy_server2_ssl_params =
865 *proxy_server2_http_params.ssl_params();
866 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
867 kProxyServer2.host_port_pair());
868
869 const HttpProxySocketParams& proxy_server1_http_params =
870 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
871 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
872 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
873 EXPECT_EQ(proxy_server1_http_params.endpoint(),
874 kProxyServer2.host_port_pair());
875 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
876 testing::ElementsAreArray(alpn_protos_));
877 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
878 application_settings_);
879 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
880 false);
881 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
882 testing::ElementsAre());
883 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
884
885 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
886 const SSLSocketParams& proxy_server1_ssl_params =
887 *proxy_server1_http_params.ssl_params();
888 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
889 kProxyServer1.host_port_pair());
890 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
891 testing::ElementsAreArray(alpn_protos_));
892 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
893 application_settings_);
894 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
895 false);
896 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
897 testing::ElementsAre());
898 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
899
900 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
901 SSLSocketParams::DIRECT);
902 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
903 SSLSocketParams::HTTP_PROXY);
904 ASSERT_EQ(endpoint_ssl_params.GetConnectionType(),
905 SSLSocketParams::HTTP_PROXY);
906
907 const TransportSocketParams& transport_params =
908 *proxy_server1_ssl_params.GetDirectConnectionParams();
909 // We should establish a physical socket / direct connection to
910 // `kProxyServer1` (and will tunnel all subsequent traffic through
911 // that).
912 EXPECT_THAT(
913 transport_params.destination(),
914 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
915 }
916
TEST_F(ConnectJobFactoryTest,CreateSocksProxyConnectJob)917 TEST_F(ConnectJobFactoryTest, CreateSocksProxyConnectJob) {
918 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 91);
919 const ProxyChain kProxy(ProxyServer::SCHEME_SOCKS5,
920 HostPortPair("proxy.test", 92));
921
922 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
923 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
924 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
925 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
926 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
927 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
928 &common_connect_job_params_, &delegate_);
929 EXPECT_EQ(GetCreationCount(), 1u);
930
931 ASSERT_THAT(socks_job_factory_->params(), testing::SizeIs(1));
932 const SOCKSSocketParams& params = *socks_job_factory_->params().front();
933 EXPECT_EQ(params.destination(), HostPortPair::FromSchemeHostPort(kEndpoint));
934 EXPECT_TRUE(params.is_socks_v5());
935
936 const TransportSocketParams& transport_params = *params.transport_params();
937 EXPECT_THAT(
938 transport_params.destination(),
939 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
940 }
941
TEST_F(ConnectJobFactoryTest,CreateSocksProxyConnectJobWithoutScheme)942 TEST_F(ConnectJobFactoryTest, CreateSocksProxyConnectJobWithoutScheme) {
943 const HostPortPair kEndpoint("test", 91);
944 const ProxyChain kProxy(ProxyServer::SCHEME_SOCKS5,
945 HostPortPair("proxy.test", 92));
946
947 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
948 /*using_ssl=*/false, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
949 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
950 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
951 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
952 &common_connect_job_params_, &delegate_);
953 EXPECT_EQ(GetCreationCount(), 1u);
954
955 ASSERT_THAT(socks_job_factory_->params(), testing::SizeIs(1));
956 const SOCKSSocketParams& params = *socks_job_factory_->params().front();
957 EXPECT_EQ(params.destination(), kEndpoint);
958 EXPECT_TRUE(params.is_socks_v5());
959
960 const TransportSocketParams& transport_params = *params.transport_params();
961 EXPECT_THAT(
962 transport_params.destination(),
963 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
964 }
965
TEST_F(ConnectJobFactoryTest,CreateWebsocketConnectJob)966 TEST_F(ConnectJobFactoryTest, CreateWebsocketConnectJob) {
967 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 93);
968
969 WebSocketEndpointLockManager websocket_endpoint_lock_manager;
970 CommonConnectJobParams common_connect_job_params = common_connect_job_params_;
971 common_connect_job_params.websocket_endpoint_lock_manager =
972 &websocket_endpoint_lock_manager;
973
974 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
975 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
976 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
977 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
978 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
979 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
980 /*disable_cert_network_fetches=*/false, &common_connect_job_params,
981 &delegate_);
982 EXPECT_EQ(GetCreationCount(), 1u);
983
984 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
985 const TransportSocketParams& params =
986 *transport_job_factory_->params().front();
987 EXPECT_THAT(params.destination(),
988 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
989 }
990
TEST_F(ConnectJobFactoryTest,CreateWebsocketConnectJobWithoutScheme)991 TEST_F(ConnectJobFactoryTest, CreateWebsocketConnectJobWithoutScheme) {
992 const HostPortPair kEndpoint("test", 93);
993
994 WebSocketEndpointLockManager websocket_endpoint_lock_manager;
995 CommonConnectJobParams common_connect_job_params = common_connect_job_params_;
996 common_connect_job_params.websocket_endpoint_lock_manager =
997 &websocket_endpoint_lock_manager;
998
999 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
1000 /*using_ssl=*/false, kEndpoint, ProxyChain::Direct(),
1001 /*proxy_annotation_tag=*/std::nullopt, /*force_tunnel=*/false,
1002 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
1003 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
1004 SecureDnsPolicy::kAllow, &common_connect_job_params, &delegate_);
1005 EXPECT_EQ(GetCreationCount(), 1u);
1006
1007 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
1008 const TransportSocketParams& params =
1009 *transport_job_factory_->params().front();
1010 EXPECT_THAT(params.destination(),
1011 testing::VariantWith<HostPortPair>(kEndpoint));
1012 }
1013
1014 } // namespace
1015 } // namespace net
1016