1 // Copyright 2024 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/tls_stream_attempt.h"
6
7 #include <memory>
8
9 #include "base/functional/bind.h"
10 #include "base/functional/callback.h"
11 #include "base/test/bind.h"
12 #include "base/types/expected.h"
13 #include "net/base/completion_once_callback.h"
14 #include "net/base/host_port_pair.h"
15 #include "net/base/ip_endpoint.h"
16 #include "net/base/net_errors.h"
17 #include "net/cert/mock_cert_verifier.h"
18 #include "net/http/http_network_session.h"
19 #include "net/http/transport_security_state.h"
20 #include "net/log/net_log.h"
21 #include "net/proxy_resolution/configured_proxy_resolution_service.h"
22 #include "net/proxy_resolution/proxy_resolution_service.h"
23 #include "net/quic/quic_context.h"
24 #include "net/socket/next_proto.h"
25 #include "net/socket/socket_test_util.h"
26 #include "net/socket/tcp_stream_attempt.h"
27 #include "net/ssl/ssl_cert_request_info.h"
28 #include "net/ssl/ssl_config.h"
29 #include "net/ssl/ssl_config_service.h"
30 #include "net/ssl/test_ssl_config_service.h"
31 #include "net/test/gtest_util.h"
32 #include "net/test/ssl_test_util.h"
33 #include "net/test/test_with_task_environment.h"
34
35 namespace net {
36
37 using test::IsError;
38 using test::IsOk;
39
40 namespace {
41
ValidateConnectTiming(const LoadTimingInfo::ConnectTiming & connect_timing)42 void ValidateConnectTiming(
43 const LoadTimingInfo::ConnectTiming& connect_timing) {
44 EXPECT_LE(connect_timing.domain_lookup_start,
45 connect_timing.domain_lookup_end);
46 EXPECT_LE(connect_timing.domain_lookup_end, connect_timing.connect_start);
47 EXPECT_LE(connect_timing.connect_start, connect_timing.ssl_start);
48 EXPECT_LE(connect_timing.ssl_start, connect_timing.ssl_end);
49 // connectEnd should cover TLS handshake.
50 EXPECT_LE(connect_timing.ssl_end, connect_timing.connect_end);
51 }
52
53 class TlsStreamAttemptHelper : public TlsStreamAttempt::SSLConfigProvider {
54 public:
55 // Pass std::nullopt to `ssl_config` to make SSLConfig not immediately
56 // available.
TlsStreamAttemptHelper(const StreamAttemptParams * params,std::optional<SSLConfig> ssl_config=SSLConfig ())57 explicit TlsStreamAttemptHelper(
58 const StreamAttemptParams* params,
59 std::optional<SSLConfig> ssl_config = SSLConfig())
60 : attempt_(std::make_unique<TlsStreamAttempt>(
61 params,
62 IPEndPoint(IPAddress(192, 0, 2, 1), 443),
63 HostPortPair("a.test", 443),
64 this)),
65 ssl_config_(std::move(ssl_config)) {}
66
67 ~TlsStreamAttemptHelper() override = default;
68
Start()69 int Start() {
70 return attempt_->Start(base::BindOnce(&TlsStreamAttemptHelper::OnComplete,
71 base::Unretained(this)));
72 }
73
WaitForCompletion()74 int WaitForCompletion() {
75 if (!result_.has_value()) {
76 base::RunLoop loop;
77 completion_closure_ = loop.QuitClosure();
78 loop.Run();
79 }
80
81 return *result_;
82 }
83
SetSSLConfig(SSLConfig ssl_config)84 void SetSSLConfig(SSLConfig ssl_config) {
85 CHECK(!ssl_config_.has_value());
86 ssl_config_ = std::move(ssl_config);
87
88 if (request_ssl_config_callback_) {
89 std::move(request_ssl_config_callback_).Run(OK);
90 }
91 }
92
SetGetSSLConfigError(TlsStreamAttempt::GetSSLConfigError error)93 void SetGetSSLConfigError(TlsStreamAttempt::GetSSLConfigError error) {
94 CHECK(!get_ssl_config_error_.has_value());
95 get_ssl_config_error_ = error;
96
97 if (request_ssl_config_callback_) {
98 std::move(request_ssl_config_callback_).Run(OK);
99 }
100 }
101
attempt()102 TlsStreamAttempt* attempt() { return attempt_.get(); }
103
result() const104 std::optional<int> result() const { return result_; }
105
106 // TlsStreamAttempt::SSLConfigProvider implementation:
WaitForSSLConfigReady(CompletionOnceCallback callback)107 int WaitForSSLConfigReady(CompletionOnceCallback callback) override {
108 if (ssl_config_.has_value()) {
109 return OK;
110 }
111
112 CHECK(request_ssl_config_callback_.is_null());
113 request_ssl_config_callback_ = std::move(callback);
114 return ERR_IO_PENDING;
115 }
116
GetSSLConfig()117 base::expected<SSLConfig, TlsStreamAttempt::GetSSLConfigError> GetSSLConfig()
118 override {
119 if (get_ssl_config_error_.has_value()) {
120 return base::unexpected(*get_ssl_config_error_);
121 }
122
123 return *ssl_config_;
124 }
125
126 private:
OnComplete(int rv)127 void OnComplete(int rv) {
128 result_ = rv;
129 if (completion_closure_) {
130 std::move(completion_closure_).Run();
131 }
132 }
133
134 std::unique_ptr<TlsStreamAttempt> attempt_;
135
136 CompletionOnceCallback request_ssl_config_callback_;
137 std::optional<SSLConfig> ssl_config_;
138 std::optional<TlsStreamAttempt::GetSSLConfigError> get_ssl_config_error_;
139
140 base::OnceClosure completion_closure_;
141 std::optional<int> result_;
142 };
143
144 } // namespace
145
146 class TlsStreamAttemptTest : public TestWithTaskEnvironment {
147 public:
TlsStreamAttemptTest()148 TlsStreamAttemptTest()
149 : TestWithTaskEnvironment(
150 base::test::TaskEnvironment::TimeSource::MOCK_TIME),
151 proxy_resolution_service_(
152 ConfiguredProxyResolutionService::CreateDirect()),
153 ssl_config_service_(
154 std::make_unique<TestSSLConfigService>(SSLContextConfig())),
155 http_network_session_(CreateHttpNetworkSession()),
156 params_(StreamAttemptParams::FromHttpNetworkSession(
157 http_network_session_.get())) {}
158
159 protected:
socket_factory()160 MockClientSocketFactory& socket_factory() { return socket_factory_; }
161
SetEchEnabled(bool ech_enabled)162 void SetEchEnabled(bool ech_enabled) {
163 SSLContextConfig config = ssl_config_service_->GetSSLContextConfig();
164 config.ech_enabled = ech_enabled;
165 ssl_config_service_->UpdateSSLConfigAndNotify(config);
166 }
167
params() const168 const StreamAttemptParams* params() const { return ¶ms_; }
169
170 private:
CreateHttpNetworkSession()171 std::unique_ptr<HttpNetworkSession> CreateHttpNetworkSession() {
172 HttpNetworkSessionContext session_context;
173 session_context.cert_verifier = &cert_verifier_;
174 session_context.transport_security_state = &transport_security_state_;
175 session_context.proxy_resolution_service = proxy_resolution_service_.get();
176 session_context.client_socket_factory = &socket_factory_;
177 session_context.ssl_config_service = ssl_config_service_.get();
178 session_context.http_server_properties = &http_server_properties_;
179 session_context.quic_context = &quic_context_;
180 return std::make_unique<HttpNetworkSession>(HttpNetworkSessionParams(),
181 session_context);
182 }
183
184 MockClientSocketFactory socket_factory_;
185 MockCertVerifier cert_verifier_;
186 TransportSecurityState transport_security_state_;
187 std::unique_ptr<ProxyResolutionService> proxy_resolution_service_;
188 std::unique_ptr<TestSSLConfigService> ssl_config_service_;
189 HttpServerProperties http_server_properties_;
190 QuicContext quic_context_;
191 std::unique_ptr<HttpNetworkSession> http_network_session_;
192 StreamAttemptParams params_;
193 };
194
TEST_F(TlsStreamAttemptTest,SuccessSync)195 TEST_F(TlsStreamAttemptTest, SuccessSync) {
196 StaticSocketDataProvider data;
197 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
198 socket_factory().AddSocketDataProvider(&data);
199 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
200 socket_factory().AddSSLSocketDataProvider(&ssl);
201
202 TlsStreamAttemptHelper helper(params());
203 int rv = helper.Start();
204 EXPECT_THAT(rv, IsOk());
205
206 std::unique_ptr<StreamSocket> stream_socket =
207 helper.attempt()->ReleaseStreamSocket();
208 ASSERT_TRUE(stream_socket);
209 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_IDLE);
210 ValidateConnectTiming(helper.attempt()->connect_timing());
211 }
212
TEST_F(TlsStreamAttemptTest,SuccessAsync)213 TEST_F(TlsStreamAttemptTest, SuccessAsync) {
214 StaticSocketDataProvider data;
215 data.set_connect_data(MockConnect(ASYNC, OK));
216 socket_factory().AddSocketDataProvider(&data);
217 SSLSocketDataProvider ssl(ASYNC, OK);
218 socket_factory().AddSSLSocketDataProvider(&ssl);
219
220 TlsStreamAttemptHelper helper(params());
221 int rv = helper.Start();
222 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
223
224 rv = helper.WaitForCompletion();
225 EXPECT_THAT(rv, IsOk());
226
227 std::unique_ptr<StreamSocket> stream_socket =
228 helper.attempt()->ReleaseStreamSocket();
229 ASSERT_TRUE(stream_socket);
230 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_IDLE);
231 ValidateConnectTiming(helper.attempt()->connect_timing());
232 }
233
TEST_F(TlsStreamAttemptTest,ConnectAndConfirmDelayed)234 TEST_F(TlsStreamAttemptTest, ConnectAndConfirmDelayed) {
235 constexpr base::TimeDelta kDelay = base::Milliseconds(10);
236
237 StaticSocketDataProvider data;
238 data.set_connect_data(MockConnect(ASYNC, OK));
239 socket_factory().AddSocketDataProvider(&data);
240 SSLSocketDataProvider ssl(ASYNC, OK);
241 ssl.connect_callback =
242 base::BindLambdaForTesting([&] { FastForwardBy(kDelay); });
243 ssl.confirm = MockConfirm(SYNCHRONOUS, OK);
244 ssl.confirm_callback =
245 base::BindLambdaForTesting([&] { FastForwardBy(kDelay); });
246 socket_factory().AddSSLSocketDataProvider(&ssl);
247
248 TlsStreamAttemptHelper helper(params());
249 int rv = helper.Start();
250 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
251
252 rv = helper.WaitForCompletion();
253 EXPECT_THAT(rv, IsOk());
254 ValidateConnectTiming(helper.attempt()->connect_timing());
255 }
256
TEST_F(TlsStreamAttemptTest,SSLConfigDelayed)257 TEST_F(TlsStreamAttemptTest, SSLConfigDelayed) {
258 StaticSocketDataProvider data;
259 data.set_connect_data(MockConnect(ASYNC, OK));
260 socket_factory().AddSocketDataProvider(&data);
261 SSLSocketDataProvider ssl(ASYNC, OK);
262 socket_factory().AddSSLSocketDataProvider(&ssl);
263
264 TlsStreamAttemptHelper helper(params(), /*ssl_config=*/std::nullopt);
265 int rv = helper.Start();
266 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
267 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_CONNECTING);
268
269 // We don't provide SSLConfig yet so the attempt should not complete.
270 RunUntilIdle();
271 ASSERT_FALSE(helper.result().has_value());
272 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_SSL_HANDSHAKE);
273
274 helper.SetSSLConfig(SSLConfig());
275 rv = helper.WaitForCompletion();
276 EXPECT_THAT(rv, IsOk());
277 ValidateConnectTiming(helper.attempt()->connect_timing());
278 }
279
TEST_F(TlsStreamAttemptTest,GetSSLConfigAborted)280 TEST_F(TlsStreamAttemptTest, GetSSLConfigAborted) {
281 StaticSocketDataProvider data;
282 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
283 socket_factory().AddSocketDataProvider(&data);
284 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
285 socket_factory().AddSSLSocketDataProvider(&ssl);
286
287 TlsStreamAttemptHelper helper(params(), /*ssl_config=*/std::nullopt);
288 int rv = helper.Start();
289 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
290 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_SSL_HANDSHAKE);
291
292 helper.SetGetSSLConfigError(TlsStreamAttempt::GetSSLConfigError::kAbort);
293 rv = helper.WaitForCompletion();
294 EXPECT_THAT(rv, IsError(ERR_ABORTED));
295 }
296
TEST_F(TlsStreamAttemptTest,TcpFail)297 TEST_F(TlsStreamAttemptTest, TcpFail) {
298 StaticSocketDataProvider data;
299 data.set_connect_data(MockConnect(SYNCHRONOUS, ERR_CONNECTION_FAILED));
300 socket_factory().AddSocketDataProvider(&data);
301
302 TlsStreamAttemptHelper helper(params());
303 int rv = helper.Start();
304 EXPECT_THAT(rv, IsError(ERR_CONNECTION_FAILED));
305
306 std::unique_ptr<StreamSocket> stream_socket =
307 helper.attempt()->ReleaseStreamSocket();
308 ASSERT_FALSE(stream_socket);
309
310 ASSERT_FALSE(helper.attempt()->IsTlsHandshakeStarted());
311 ASSERT_FALSE(helper.attempt()->connect_timing().connect_start.is_null());
312 ASSERT_FALSE(helper.attempt()->connect_timing().connect_end.is_null());
313 ASSERT_TRUE(helper.attempt()->connect_timing().ssl_start.is_null());
314 ASSERT_TRUE(helper.attempt()->connect_timing().ssl_end.is_null());
315 }
316
TEST_F(TlsStreamAttemptTest,TcpTimeout)317 TEST_F(TlsStreamAttemptTest, TcpTimeout) {
318 StaticSocketDataProvider data;
319 data.set_connect_data(MockConnect(SYNCHRONOUS, ERR_IO_PENDING));
320 socket_factory().AddSocketDataProvider(&data);
321
322 TlsStreamAttemptHelper helper(params());
323 int rv = helper.Start();
324 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
325 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_CONNECTING);
326
327 FastForwardBy(TcpStreamAttempt::kTcpHandshakeTimeout);
328
329 rv = helper.WaitForCompletion();
330 EXPECT_THAT(rv, IsError(ERR_TIMED_OUT));
331 std::unique_ptr<StreamSocket> stream_socket =
332 helper.attempt()->ReleaseStreamSocket();
333 ASSERT_FALSE(stream_socket);
334 ASSERT_FALSE(helper.attempt()->IsTlsHandshakeStarted());
335 }
336
TEST_F(TlsStreamAttemptTest,TlsTimeout)337 TEST_F(TlsStreamAttemptTest, TlsTimeout) {
338 StaticSocketDataProvider data;
339 data.set_connect_data(MockConnect(SYNCHRONOUS, OK));
340 socket_factory().AddSocketDataProvider(&data);
341 SSLSocketDataProvider ssl(SYNCHRONOUS, ERR_IO_PENDING);
342 socket_factory().AddSSLSocketDataProvider(&ssl);
343
344 TlsStreamAttemptHelper helper(params());
345 int rv = helper.Start();
346 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
347 ASSERT_EQ(helper.attempt()->GetLoadState(), LOAD_STATE_SSL_HANDSHAKE);
348
349 FastForwardBy(TlsStreamAttempt::kTlsHandshakeTimeout);
350
351 rv = helper.WaitForCompletion();
352 EXPECT_THAT(rv, IsError(ERR_TIMED_OUT));
353 std::unique_ptr<StreamSocket> stream_socket =
354 helper.attempt()->ReleaseStreamSocket();
355 ASSERT_FALSE(stream_socket);
356 ASSERT_TRUE(helper.attempt()->IsTlsHandshakeStarted());
357 ASSERT_FALSE(helper.attempt()->connect_timing().connect_start.is_null());
358 ASSERT_FALSE(helper.attempt()->connect_timing().connect_end.is_null());
359 ASSERT_FALSE(helper.attempt()->connect_timing().ssl_start.is_null());
360 ASSERT_FALSE(helper.attempt()->connect_timing().ssl_end.is_null());
361 }
362
TEST_F(TlsStreamAttemptTest,CertError)363 TEST_F(TlsStreamAttemptTest, CertError) {
364 StaticSocketDataProvider data;
365 socket_factory().AddSocketDataProvider(&data);
366 SSLSocketDataProvider ssl(ASYNC, ERR_CERT_COMMON_NAME_INVALID);
367 socket_factory().AddSSLSocketDataProvider(&ssl);
368
369 TlsStreamAttemptHelper helper(params());
370 int rv = helper.Start();
371 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
372
373 rv = helper.WaitForCompletion();
374 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
375 std::unique_ptr<StreamSocket> stream_socket =
376 helper.attempt()->ReleaseStreamSocket();
377 ASSERT_TRUE(stream_socket);
378 ASSERT_TRUE(helper.attempt()->IsTlsHandshakeStarted());
379 }
380
TEST_F(TlsStreamAttemptTest,IgnoreCertError)381 TEST_F(TlsStreamAttemptTest, IgnoreCertError) {
382 StaticSocketDataProvider data;
383 socket_factory().AddSocketDataProvider(&data);
384 SSLSocketDataProvider ssl(ASYNC, OK);
385 ssl.expected_ignore_certificate_errors = true;
386 socket_factory().AddSSLSocketDataProvider(&ssl);
387
388 SSLConfig ssl_config;
389 ssl_config.ignore_certificate_errors = true;
390 TlsStreamAttemptHelper helper(params(), std::move(ssl_config));
391 int rv = helper.Start();
392 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
393
394 rv = helper.WaitForCompletion();
395 EXPECT_THAT(rv, IsOk());
396 }
397
TEST_F(TlsStreamAttemptTest,HandshakeError)398 TEST_F(TlsStreamAttemptTest, HandshakeError) {
399 StaticSocketDataProvider data;
400 socket_factory().AddSocketDataProvider(&data);
401 SSLSocketDataProvider ssl(ASYNC, ERR_BAD_SSL_CLIENT_AUTH_CERT);
402 socket_factory().AddSSLSocketDataProvider(&ssl);
403
404 TlsStreamAttemptHelper helper(params());
405 int rv = helper.Start();
406 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
407
408 rv = helper.WaitForCompletion();
409 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
410 std::unique_ptr<StreamSocket> stream_socket =
411 helper.attempt()->ReleaseStreamSocket();
412 ASSERT_FALSE(stream_socket);
413 ASSERT_TRUE(helper.attempt()->IsTlsHandshakeStarted());
414 }
415
TEST_F(TlsStreamAttemptTest,NegotiatedHttp2)416 TEST_F(TlsStreamAttemptTest, NegotiatedHttp2) {
417 StaticSocketDataProvider data;
418 socket_factory().AddSocketDataProvider(&data);
419 SSLSocketDataProvider ssl(ASYNC, OK);
420 ssl.next_proto = kProtoHTTP2;
421 socket_factory().AddSSLSocketDataProvider(&ssl);
422
423 TlsStreamAttemptHelper helper(params());
424 int rv = helper.Start();
425 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
426
427 rv = helper.WaitForCompletion();
428 EXPECT_THAT(rv, IsOk());
429
430 std::unique_ptr<StreamSocket> stream_socket =
431 helper.attempt()->ReleaseStreamSocket();
432 ASSERT_TRUE(stream_socket);
433 EXPECT_EQ(stream_socket->GetNegotiatedProtocol(), kProtoHTTP2);
434 }
435
TEST_F(TlsStreamAttemptTest,ClientAuthCertNeeded)436 TEST_F(TlsStreamAttemptTest, ClientAuthCertNeeded) {
437 const HostPortPair kHostPortPair("a.test", 443);
438
439 StaticSocketDataProvider data;
440 socket_factory().AddSocketDataProvider(&data);
441 SSLSocketDataProvider ssl(ASYNC, ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
442 ssl.cert_request_info = base::MakeRefCounted<SSLCertRequestInfo>();
443 ssl.cert_request_info->host_and_port = kHostPortPair;
444 socket_factory().AddSSLSocketDataProvider(&ssl);
445
446 TlsStreamAttemptHelper helper(params());
447 int rv = helper.Start();
448 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
449
450 rv = helper.WaitForCompletion();
451 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
452
453 std::unique_ptr<StreamSocket> stream_socket =
454 helper.attempt()->ReleaseStreamSocket();
455 ASSERT_FALSE(stream_socket);
456 scoped_refptr<SSLCertRequestInfo> cert_request_info =
457 helper.attempt()->GetCertRequestInfo();
458 ASSERT_TRUE(cert_request_info);
459 EXPECT_EQ(cert_request_info->host_and_port, kHostPortPair);
460 }
461
TEST_F(TlsStreamAttemptTest,EchOk)462 TEST_F(TlsStreamAttemptTest, EchOk) {
463 SetEchEnabled(true);
464
465 std::vector<uint8_t> ech_config_list;
466 ASSERT_TRUE(MakeTestEchKeys("public.example", /*max_name_len=*/128,
467 &ech_config_list));
468
469 StaticSocketDataProvider data;
470 socket_factory().AddSocketDataProvider(&data);
471 SSLSocketDataProvider ssl(ASYNC, OK);
472 ssl.expected_ech_config_list = ech_config_list;
473 socket_factory().AddSSLSocketDataProvider(&ssl);
474
475 SSLConfig ssl_config;
476 ssl_config.ech_config_list = ech_config_list;
477
478 TlsStreamAttemptHelper helper(params(), std::move(ssl_config));
479 int rv = helper.Start();
480 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
481
482 rv = helper.WaitForCompletion();
483 EXPECT_THAT(rv, IsOk());
484 }
485
TEST_F(TlsStreamAttemptTest,EchRetryOk)486 TEST_F(TlsStreamAttemptTest, EchRetryOk) {
487 SetEchEnabled(true);
488
489 std::vector<uint8_t> ech_config_list;
490 ASSERT_TRUE(MakeTestEchKeys("public1.example", /*max_name_len=*/128,
491 &ech_config_list));
492
493 std::vector<uint8_t> ech_retry_config_list;
494 ASSERT_TRUE(MakeTestEchKeys("public2.example", /*max_name_len=*/128,
495 &ech_config_list));
496
497 StaticSocketDataProvider data;
498 socket_factory().AddSocketDataProvider(&data);
499 SSLSocketDataProvider ssl(ASYNC, ERR_ECH_NOT_NEGOTIATED);
500 ssl.expected_ech_config_list = ech_config_list;
501 ssl.ech_retry_configs = ech_retry_config_list;
502 socket_factory().AddSSLSocketDataProvider(&ssl);
503
504 StaticSocketDataProvider retry_data;
505 socket_factory().AddSocketDataProvider(&retry_data);
506 SSLSocketDataProvider retry_ssl(ASYNC, OK);
507 retry_ssl.expected_ech_config_list = ech_retry_config_list;
508 socket_factory().AddSSLSocketDataProvider(&retry_ssl);
509
510 SSLConfig ssl_config;
511 ssl_config.ech_config_list = ech_config_list;
512
513 TlsStreamAttemptHelper helper(params(), std::move(ssl_config));
514 int rv = helper.Start();
515 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
516
517 rv = helper.WaitForCompletion();
518 EXPECT_THAT(rv, IsOk());
519 }
520
TEST_F(TlsStreamAttemptTest,EchRetryFail)521 TEST_F(TlsStreamAttemptTest, EchRetryFail) {
522 SetEchEnabled(true);
523
524 std::vector<uint8_t> ech_config_list;
525 ASSERT_TRUE(MakeTestEchKeys("public1.example", /*max_name_len=*/128,
526 &ech_config_list));
527
528 std::vector<uint8_t> ech_retry_config_list;
529 ASSERT_TRUE(MakeTestEchKeys("public2.example", /*max_name_len=*/128,
530 &ech_config_list));
531
532 StaticSocketDataProvider data;
533 socket_factory().AddSocketDataProvider(&data);
534 SSLSocketDataProvider ssl(ASYNC, ERR_ECH_NOT_NEGOTIATED);
535 ssl.expected_ech_config_list = ech_config_list;
536 ssl.ech_retry_configs = ech_retry_config_list;
537 socket_factory().AddSSLSocketDataProvider(&ssl);
538
539 StaticSocketDataProvider retry_data;
540 socket_factory().AddSocketDataProvider(&retry_data);
541 SSLSocketDataProvider retry_ssl(ASYNC, ERR_ECH_NOT_NEGOTIATED);
542 retry_ssl.expected_ech_config_list = ech_retry_config_list;
543 socket_factory().AddSSLSocketDataProvider(&retry_ssl);
544
545 SSLConfig ssl_config;
546 ssl_config.ech_config_list = ech_config_list;
547
548 TlsStreamAttemptHelper helper(params(), std::move(ssl_config));
549 int rv = helper.Start();
550 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
551
552 rv = helper.WaitForCompletion();
553 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
554 }
555
556 } // namespace net
557