1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/ssl_client_socket.h"
6
7 #include <errno.h>
8 #include <string.h>
9
10 #include <algorithm>
11 #include <memory>
12 #include <optional>
13 #include <string_view>
14 #include <tuple>
15 #include <utility>
16
17 #include "base/files/file_util.h"
18 #include "base/functional/bind.h"
19 #include "base/functional/callback_helpers.h"
20 #include "base/location.h"
21 #include "base/memory/raw_ptr.h"
22 #include "base/memory/ref_counted.h"
23 #include "base/run_loop.h"
24 #include "base/strings/string_number_conversions.h"
25 #include "base/strings/stringprintf.h"
26 #include "base/synchronization/lock.h"
27 #include "base/task/single_thread_task_runner.h"
28 #include "base/test/bind.h"
29 #include "base/test/metrics/histogram_tester.h"
30 #include "base/test/scoped_feature_list.h"
31 #include "base/time/time.h"
32 #include "base/values.h"
33 #include "build/build_config.h"
34 #include "crypto/rsa_private_key.h"
35 #include "net/base/address_list.h"
36 #include "net/base/completion_once_callback.h"
37 #include "net/base/features.h"
38 #include "net/base/host_port_pair.h"
39 #include "net/base/io_buffer.h"
40 #include "net/base/ip_address.h"
41 #include "net/base/ip_endpoint.h"
42 #include "net/base/net_errors.h"
43 #include "net/base/network_anonymization_key.h"
44 #include "net/base/schemeful_site.h"
45 #include "net/base/test_completion_callback.h"
46 #include "net/cert/asn1_util.h"
47 #include "net/cert/cert_database.h"
48 #include "net/cert/ct_policy_status.h"
49 #include "net/cert/mock_cert_verifier.h"
50 #include "net/cert/mock_client_cert_verifier.h"
51 #include "net/cert/sct_auditing_delegate.h"
52 #include "net/cert/signed_certificate_timestamp_and_status.h"
53 #include "net/cert/test_root_certs.h"
54 #include "net/cert/x509_util.h"
55 #include "net/dns/host_resolver.h"
56 #include "net/http/transport_security_state.h"
57 #include "net/http/transport_security_state_test_util.h"
58 #include "net/log/net_log_event_type.h"
59 #include "net/log/net_log_source.h"
60 #include "net/log/test_net_log.h"
61 #include "net/log/test_net_log_util.h"
62 #include "net/socket/client_socket_factory.h"
63 #include "net/socket/client_socket_handle.h"
64 #include "net/socket/read_buffering_stream_socket.h"
65 #include "net/socket/socket_test_util.h"
66 #include "net/socket/ssl_server_socket.h"
67 #include "net/socket/stream_socket.h"
68 #include "net/socket/tcp_client_socket.h"
69 #include "net/socket/tcp_server_socket.h"
70 #include "net/ssl/ssl_cert_request_info.h"
71 #include "net/ssl/ssl_client_session_cache.h"
72 #include "net/ssl/ssl_config.h"
73 #include "net/ssl/ssl_config_service.h"
74 #include "net/ssl/ssl_connection_status_flags.h"
75 #include "net/ssl/ssl_handshake_details.h"
76 #include "net/ssl/ssl_info.h"
77 #include "net/ssl/ssl_server_config.h"
78 #include "net/ssl/test_ssl_config_service.h"
79 #include "net/ssl/test_ssl_private_key.h"
80 #include "net/test/cert_test_util.h"
81 #include "net/test/embedded_test_server/embedded_test_server.h"
82 #include "net/test/embedded_test_server/http_request.h"
83 #include "net/test/embedded_test_server/http_response.h"
84 #include "net/test/gtest_util.h"
85 #include "net/test/key_util.h"
86 #include "net/test/ssl_test_util.h"
87 #include "net/test/test_data_directory.h"
88 #include "net/test/test_with_task_environment.h"
89 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
90 #include "testing/gmock/include/gmock/gmock.h"
91 #include "testing/gtest/include/gtest/gtest.h"
92 #include "testing/platform_test.h"
93 #include "third_party/boringssl/src/include/openssl/bio.h"
94 #include "third_party/boringssl/src/include/openssl/evp.h"
95 #include "third_party/boringssl/src/include/openssl/hpke.h"
96 #include "third_party/boringssl/src/include/openssl/pem.h"
97 #include "third_party/boringssl/src/include/openssl/ssl.h"
98 #include "url/gurl.h"
99
100 using net::test::IsError;
101 using net::test::IsOk;
102
103 using testing::_;
104 using testing::Bool;
105 using testing::Combine;
106 using testing::Return;
107 using testing::Values;
108 using testing::ValuesIn;
109
110 namespace net {
111
112 class NetLogWithSource;
113
114 namespace {
115
116 // When passed to |MakeHashValueVector|, this will generate a key pin that is
117 // sha256/AA...=, and hence will cause pin validation success with the TestSPKI
118 // pin from transport_security_state_static.pins. ("A" is the 0th element of the
119 // base-64 alphabet.)
120 const uint8_t kGoodHashValueVectorInput = 0;
121
122 // When passed to |MakeHashValueVector|, this will generate a key pin that is
123 // not sha256/AA...=, and hence will cause pin validation failure with the
124 // TestSPKI pin.
125 const uint8_t kBadHashValueVectorInput = 3;
126
127 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
128 constexpr uint16_t kModernTLS12Cipher = 0xc02f;
129 // TLS_RSA_WITH_AES_128_GCM_SHA256
130 constexpr uint16_t kRSACipher = 0x009c;
131 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
132 constexpr uint16_t kCBCCipher = 0xc013;
133 // TLS_RSA_WITH_3DES_EDE_CBC_SHA
134 constexpr uint16_t k3DESCipher = 0x000a;
135
136 // Simulates synchronously receiving an error during Read() or Write()
137 class SynchronousErrorStreamSocket : public WrappedStreamSocket {
138 public:
SynchronousErrorStreamSocket(std::unique_ptr<StreamSocket> transport)139 explicit SynchronousErrorStreamSocket(std::unique_ptr<StreamSocket> transport)
140 : WrappedStreamSocket(std::move(transport)) {}
141
142 SynchronousErrorStreamSocket(const SynchronousErrorStreamSocket&) = delete;
143 SynchronousErrorStreamSocket& operator=(const SynchronousErrorStreamSocket&) =
144 delete;
145
146 ~SynchronousErrorStreamSocket() override = default;
147
148 // Socket implementation:
149 int Read(IOBuffer* buf,
150 int buf_len,
151 CompletionOnceCallback callback) override;
152 int ReadIfReady(IOBuffer* buf,
153 int buf_len,
154 CompletionOnceCallback callback) override;
155 int Write(IOBuffer* buf,
156 int buf_len,
157 CompletionOnceCallback callback,
158 const NetworkTrafficAnnotationTag& traffic_annotation) override;
159
160 // Sets the next Read() call and all future calls to return |error|.
161 // If there is already a pending asynchronous read, the configured error
162 // will not be returned until that asynchronous read has completed and Read()
163 // is called again.
SetNextReadError(int error)164 void SetNextReadError(int error) {
165 DCHECK_GE(0, error);
166 have_read_error_ = true;
167 pending_read_error_ = error;
168 }
169
170 // Sets the next Write() call and all future calls to return |error|.
171 // If there is already a pending asynchronous write, the configured error
172 // will not be returned until that asynchronous write has completed and
173 // Write() is called again.
SetNextWriteError(int error)174 void SetNextWriteError(int error) {
175 DCHECK_GE(0, error);
176 have_write_error_ = true;
177 pending_write_error_ = error;
178 }
179
180 private:
181 bool have_read_error_ = false;
182 int pending_read_error_ = OK;
183
184 bool have_write_error_ = false;
185 int pending_write_error_ = OK;
186 };
187
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)188 int SynchronousErrorStreamSocket::Read(IOBuffer* buf,
189 int buf_len,
190 CompletionOnceCallback callback) {
191 if (have_read_error_)
192 return pending_read_error_;
193 return transport_->Read(buf, buf_len, std::move(callback));
194 }
195
ReadIfReady(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)196 int SynchronousErrorStreamSocket::ReadIfReady(IOBuffer* buf,
197 int buf_len,
198 CompletionOnceCallback callback) {
199 if (have_read_error_)
200 return pending_read_error_;
201 return transport_->ReadIfReady(buf, buf_len, std::move(callback));
202 }
203
Write(IOBuffer * buf,int buf_len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)204 int SynchronousErrorStreamSocket::Write(
205 IOBuffer* buf,
206 int buf_len,
207 CompletionOnceCallback callback,
208 const NetworkTrafficAnnotationTag& traffic_annotation) {
209 if (have_write_error_)
210 return pending_write_error_;
211 return transport_->Write(buf, buf_len, std::move(callback),
212 traffic_annotation);
213 }
214
215 // FakeBlockingStreamSocket wraps an existing StreamSocket and simulates the
216 // underlying transport needing to complete things asynchronously in a
217 // deterministic manner (e.g.: independent of the TestServer and the OS's
218 // semantics).
219 class FakeBlockingStreamSocket : public WrappedStreamSocket {
220 public:
FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport)221 explicit FakeBlockingStreamSocket(std::unique_ptr<StreamSocket> transport)
222 : WrappedStreamSocket(std::move(transport)) {}
223 ~FakeBlockingStreamSocket() override = default;
224
225 // Socket implementation:
226 int Read(IOBuffer* buf,
227 int buf_len,
228 CompletionOnceCallback callback) override;
229 int ReadIfReady(IOBuffer* buf,
230 int buf_len,
231 CompletionOnceCallback callback) override;
232 int CancelReadIfReady() override;
233 int Write(IOBuffer* buf,
234 int buf_len,
235 CompletionOnceCallback callback,
236 const NetworkTrafficAnnotationTag& traffic_annotation) override;
237
pending_read_result() const238 int pending_read_result() const { return pending_read_result_; }
pending_read_buf() const239 IOBuffer* pending_read_buf() const { return pending_read_buf_.get(); }
240
241 // Blocks read results on the socket. Reads will not complete until
242 // UnblockReadResult() has been called and a result is ready from the
243 // underlying transport. Note: if BlockReadResult() is called while there is a
244 // hanging asynchronous Read(), that Read is blocked.
245 void BlockReadResult();
246 void UnblockReadResult();
247
248 // Replaces the pending read with |data|. Returns true on success or false if
249 // the caller's reads were too small.
250 bool ReplaceReadResult(const std::string& data);
251
252 // Waits for the blocked Read() call to be complete at the underlying
253 // transport.
254 void WaitForReadResult();
255
256 // Causes the next call to Write() to return ERR_IO_PENDING, not beginning the
257 // underlying transport until UnblockWrite() has been called. Note: if there
258 // is a pending asynchronous write, it is NOT blocked. For purposes of
259 // blocking writes, data is considered to have reached the underlying
260 // transport as soon as Write() is called.
261 void BlockWrite();
262 void UnblockWrite();
263
264 // Waits for the blocked Write() call to be scheduled.
265 void WaitForWrite();
266
267 private:
268 // Handles completion from the underlying transport read.
269 void OnReadCompleted(int result);
270
271 // Handles async completion of ReadIfReady().
272 void CompleteReadIfReady(scoped_refptr<IOBuffer> buffer, int rv);
273
274 // Finishes the current read.
275 void ReturnReadResult();
276
277 // Callback for writes.
278 void CallPendingWriteCallback(int result);
279
280 // True if read callbacks are blocked.
281 bool should_block_read_ = false;
282
283 // Used to buffer result returned by a completed ReadIfReady().
284 std::string read_if_ready_buf_;
285
286 // Non-null if there is a pending ReadIfReady().
287 CompletionOnceCallback read_if_ready_callback_;
288
289 // The buffer for the pending read, or NULL if not consumed.
290 scoped_refptr<IOBuffer> pending_read_buf_;
291
292 // The size of the pending read buffer, or -1 if not set.
293 int pending_read_buf_len_ = -1;
294
295 // The user callback for the pending read call.
296 CompletionOnceCallback pending_read_callback_;
297
298 // The result for the blocked read callback, or ERR_IO_PENDING if not
299 // completed.
300 int pending_read_result_ = ERR_IO_PENDING;
301
302 // WaitForReadResult() wait loop.
303 std::unique_ptr<base::RunLoop> read_loop_;
304
305 // True if write calls are blocked.
306 bool should_block_write_ = false;
307
308 // The buffer for the pending write, or NULL if not scheduled.
309 scoped_refptr<IOBuffer> pending_write_buf_;
310
311 // The callback for the pending write call.
312 CompletionOnceCallback pending_write_callback_;
313
314 // The length for the pending write, or -1 if not scheduled.
315 int pending_write_len_ = -1;
316
317 // WaitForWrite() wait loop.
318 std::unique_ptr<base::RunLoop> write_loop_;
319 };
320
Read(IOBuffer * buf,int len,CompletionOnceCallback callback)321 int FakeBlockingStreamSocket::Read(IOBuffer* buf,
322 int len,
323 CompletionOnceCallback callback) {
324 DCHECK(!pending_read_buf_);
325 DCHECK(pending_read_callback_.is_null());
326 DCHECK_EQ(ERR_IO_PENDING, pending_read_result_);
327 DCHECK(!callback.is_null());
328
329 int rv = transport_->Read(
330 buf, len,
331 base::BindOnce(&FakeBlockingStreamSocket::OnReadCompleted,
332 base::Unretained(this)));
333 if (rv == ERR_IO_PENDING || should_block_read_) {
334 // Save the callback to be called later.
335 pending_read_buf_ = buf;
336 pending_read_buf_len_ = len;
337 pending_read_callback_ = std::move(callback);
338 // Save the read result.
339 if (rv != ERR_IO_PENDING) {
340 OnReadCompleted(rv);
341 rv = ERR_IO_PENDING;
342 }
343 }
344 return rv;
345 }
346
ReadIfReady(IOBuffer * buf,int len,CompletionOnceCallback callback)347 int FakeBlockingStreamSocket::ReadIfReady(IOBuffer* buf,
348 int len,
349 CompletionOnceCallback callback) {
350 if (!read_if_ready_buf_.empty()) {
351 // If ReadIfReady() is used, asynchronous reads with a large enough buffer
352 // and no BlockReadResult() are supported by this class. Explicitly check
353 // that |should_block_read_| doesn't apply and |len| is greater than the
354 // size of the buffered data.
355 CHECK(!should_block_read_);
356 CHECK_GE(len, static_cast<int>(read_if_ready_buf_.size()));
357 int rv = read_if_ready_buf_.size();
358 memcpy(buf->data(), read_if_ready_buf_.data(), rv);
359 read_if_ready_buf_.clear();
360 return rv;
361 }
362 auto buf_copy = base::MakeRefCounted<IOBufferWithSize>(len);
363 int rv = Read(buf_copy.get(), len,
364 base::BindOnce(&FakeBlockingStreamSocket::CompleteReadIfReady,
365 base::Unretained(this), buf_copy));
366 if (rv > 0)
367 memcpy(buf->data(), buf_copy->data(), rv);
368 if (rv == ERR_IO_PENDING)
369 read_if_ready_callback_ = std::move(callback);
370 return rv;
371 }
372
CancelReadIfReady()373 int FakeBlockingStreamSocket::CancelReadIfReady() {
374 DCHECK(!read_if_ready_callback_.is_null());
375 read_if_ready_callback_.Reset();
376 return OK;
377 }
378
Write(IOBuffer * buf,int len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)379 int FakeBlockingStreamSocket::Write(
380 IOBuffer* buf,
381 int len,
382 CompletionOnceCallback callback,
383 const NetworkTrafficAnnotationTag& traffic_annotation) {
384 DCHECK(buf);
385 DCHECK_LE(0, len);
386
387 if (!should_block_write_)
388 return transport_->Write(buf, len, std::move(callback), traffic_annotation);
389
390 // Schedule the write, but do nothing.
391 DCHECK(!pending_write_buf_.get());
392 DCHECK_EQ(-1, pending_write_len_);
393 DCHECK(pending_write_callback_.is_null());
394 DCHECK(!callback.is_null());
395 pending_write_buf_ = buf;
396 pending_write_len_ = len;
397 pending_write_callback_ = std::move(callback);
398
399 // Stop the write loop, if any.
400 if (write_loop_)
401 write_loop_->Quit();
402 return ERR_IO_PENDING;
403 }
404
BlockReadResult()405 void FakeBlockingStreamSocket::BlockReadResult() {
406 DCHECK(!should_block_read_);
407 should_block_read_ = true;
408 }
409
UnblockReadResult()410 void FakeBlockingStreamSocket::UnblockReadResult() {
411 DCHECK(should_block_read_);
412 should_block_read_ = false;
413
414 // If the operation has since completed, return the result to the caller.
415 if (pending_read_result_ != ERR_IO_PENDING)
416 ReturnReadResult();
417 }
418
ReplaceReadResult(const std::string & data)419 bool FakeBlockingStreamSocket::ReplaceReadResult(const std::string& data) {
420 DCHECK(should_block_read_);
421 DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
422 DCHECK(pending_read_buf_);
423 DCHECK_NE(-1, pending_read_buf_len_);
424
425 if (static_cast<size_t>(pending_read_buf_len_) < data.size())
426 return false;
427
428 memcpy(pending_read_buf_->data(), data.data(), data.size());
429 pending_read_result_ = data.size();
430 return true;
431 }
432
WaitForReadResult()433 void FakeBlockingStreamSocket::WaitForReadResult() {
434 DCHECK(should_block_read_);
435 DCHECK(!read_loop_);
436
437 if (pending_read_result_ != ERR_IO_PENDING)
438 return;
439 read_loop_ = std::make_unique<base::RunLoop>();
440 read_loop_->Run();
441 read_loop_.reset();
442 DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
443 }
444
BlockWrite()445 void FakeBlockingStreamSocket::BlockWrite() {
446 DCHECK(!should_block_write_);
447 should_block_write_ = true;
448 }
449
CallPendingWriteCallback(int rv)450 void FakeBlockingStreamSocket::CallPendingWriteCallback(int rv) {
451 std::move(pending_write_callback_).Run(rv);
452 }
453
UnblockWrite()454 void FakeBlockingStreamSocket::UnblockWrite() {
455 DCHECK(should_block_write_);
456 should_block_write_ = false;
457
458 // Do nothing if UnblockWrite() was called after BlockWrite(),
459 // without a Write() in between.
460 if (!pending_write_buf_.get())
461 return;
462
463 int rv = transport_->Write(
464 pending_write_buf_.get(), pending_write_len_,
465 base::BindOnce(&FakeBlockingStreamSocket::CallPendingWriteCallback,
466 base::Unretained(this)),
467 TRAFFIC_ANNOTATION_FOR_TESTS);
468
469 pending_write_buf_ = nullptr;
470 pending_write_len_ = -1;
471 if (rv != ERR_IO_PENDING) {
472 std::move(pending_write_callback_).Run(rv);
473 }
474 }
475
WaitForWrite()476 void FakeBlockingStreamSocket::WaitForWrite() {
477 DCHECK(should_block_write_);
478 DCHECK(!write_loop_);
479
480 if (pending_write_buf_.get())
481 return;
482 write_loop_ = std::make_unique<base::RunLoop>();
483 write_loop_->Run();
484 write_loop_.reset();
485 DCHECK(pending_write_buf_.get());
486 }
487
OnReadCompleted(int result)488 void FakeBlockingStreamSocket::OnReadCompleted(int result) {
489 DCHECK_EQ(ERR_IO_PENDING, pending_read_result_);
490 DCHECK(!pending_read_callback_.is_null());
491
492 pending_read_result_ = result;
493
494 if (should_block_read_) {
495 // Defer the result until UnblockReadResult is called.
496 if (read_loop_)
497 read_loop_->Quit();
498 return;
499 }
500
501 ReturnReadResult();
502 }
503
CompleteReadIfReady(scoped_refptr<IOBuffer> buf,int rv)504 void FakeBlockingStreamSocket::CompleteReadIfReady(scoped_refptr<IOBuffer> buf,
505 int rv) {
506 DCHECK(read_if_ready_buf_.empty());
507 DCHECK(!should_block_read_);
508 if (rv > 0)
509 read_if_ready_buf_ = std::string(buf->data(), buf->data() + rv);
510 // The callback may be null if CancelReadIfReady() was called.
511 if (!read_if_ready_callback_.is_null())
512 std::move(read_if_ready_callback_).Run(rv > 0 ? OK : rv);
513 }
514
ReturnReadResult()515 void FakeBlockingStreamSocket::ReturnReadResult() {
516 int result = pending_read_result_;
517 pending_read_result_ = ERR_IO_PENDING;
518 pending_read_buf_ = nullptr;
519 pending_read_buf_len_ = -1;
520 std::move(pending_read_callback_).Run(result);
521 }
522
523 // CountingStreamSocket wraps an existing StreamSocket and maintains a count of
524 // reads and writes on the socket.
525 class CountingStreamSocket : public WrappedStreamSocket {
526 public:
CountingStreamSocket(std::unique_ptr<StreamSocket> transport)527 explicit CountingStreamSocket(std::unique_ptr<StreamSocket> transport)
528 : WrappedStreamSocket(std::move(transport)) {}
529 ~CountingStreamSocket() override = default;
530
531 // Socket implementation:
Read(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)532 int Read(IOBuffer* buf,
533 int buf_len,
534 CompletionOnceCallback callback) override {
535 read_count_++;
536 return transport_->Read(buf, buf_len, std::move(callback));
537 }
Write(IOBuffer * buf,int buf_len,CompletionOnceCallback callback,const NetworkTrafficAnnotationTag & traffic_annotation)538 int Write(IOBuffer* buf,
539 int buf_len,
540 CompletionOnceCallback callback,
541 const NetworkTrafficAnnotationTag& traffic_annotation) override {
542 write_count_++;
543 return transport_->Write(buf, buf_len, std::move(callback),
544 traffic_annotation);
545 }
546
read_count() const547 int read_count() const { return read_count_; }
write_count() const548 int write_count() const { return write_count_; }
549
550 private:
551 int read_count_ = 0;
552 int write_count_ = 0;
553 };
554
555 // A helper class that will delete |socket| when the callback is invoked.
556 class DeleteSocketCallback : public TestCompletionCallbackBase {
557 public:
DeleteSocketCallback(StreamSocket * socket)558 explicit DeleteSocketCallback(StreamSocket* socket) : socket_(socket) {}
559
560 DeleteSocketCallback(const DeleteSocketCallback&) = delete;
561 DeleteSocketCallback& operator=(const DeleteSocketCallback&) = delete;
562
563 ~DeleteSocketCallback() override = default;
564
callback()565 CompletionOnceCallback callback() {
566 return base::BindOnce(&DeleteSocketCallback::OnComplete,
567 base::Unretained(this));
568 }
569
570 private:
OnComplete(int result)571 void OnComplete(int result) {
572 if (socket_) {
573 delete socket_;
574 socket_ = nullptr;
575 } else {
576 ADD_FAILURE() << "Deleting socket twice";
577 }
578 SetResult(result);
579 }
580
581 raw_ptr<StreamSocket, DanglingUntriaged> socket_;
582 };
583
584 class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
585 public:
586 MOCK_METHOD3(IsCTRequiredForHost,
587 CTRequirementLevel(const std::string& host,
588 const X509Certificate* chain,
589 const HashValueVector& hashes));
590 };
591
592 class MockSCTAuditingDelegate : public SCTAuditingDelegate {
593 public:
594 MOCK_METHOD(bool, IsSCTAuditingEnabled, ());
595 MOCK_METHOD(void,
596 MaybeEnqueueReport,
597 (const net::HostPortPair&,
598 const net::X509Certificate*,
599 const net::SignedCertificateTimestampAndStatusList&));
600 };
601
602 class ManySmallRecordsHttpResponse : public test_server::HttpResponse {
603 public:
HandleRequest(const test_server::HttpRequest & request)604 static std::unique_ptr<test_server::HttpResponse> HandleRequest(
605 const test_server::HttpRequest& request) {
606 if (request.relative_url != "/ssl-many-small-records") {
607 return nullptr;
608 }
609
610 // Write ~26K of data, in 1350 byte chunks
611 return std::make_unique<ManySmallRecordsHttpResponse>(/*chunk_size=*/1350,
612 /*chunk_count=*/20);
613 }
614
ManySmallRecordsHttpResponse(size_t chunk_size,size_t chunk_count)615 ManySmallRecordsHttpResponse(size_t chunk_size, size_t chunk_count)
616 : chunk_size_(chunk_size), chunk_count_(chunk_count) {}
617
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)618 void SendResponse(
619 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
620 base::StringPairs headers = {
621 {"Connection", "close"},
622 {"Content-Length", base::NumberToString(chunk_size_ * chunk_count_)},
623 {"Content-Type", "text/plain"}};
624 delegate->SendResponseHeaders(HTTP_OK, "OK", headers);
625 SendChunks(chunk_size_, chunk_count_, delegate);
626 }
627
628 private:
SendChunks(size_t chunk_size,size_t chunk_count,base::WeakPtr<test_server::HttpResponseDelegate> delegate)629 static void SendChunks(
630 size_t chunk_size,
631 size_t chunk_count,
632 base::WeakPtr<test_server::HttpResponseDelegate> delegate) {
633 if (!delegate)
634 return;
635
636 if (chunk_count == 0) {
637 delegate->FinishResponse();
638 return;
639 }
640
641 std::string chunk(chunk_size, '*');
642 // This assumes that splitting output into separate |send| calls will
643 // produce separate TLS records.
644 delegate->SendContents(chunk, base::BindOnce(&SendChunks, chunk_size,
645 chunk_count - 1, delegate));
646 }
647
648 size_t chunk_size_;
649 size_t chunk_count_;
650 };
651
652 class SSLClientSocketTest : public PlatformTest, public WithTaskEnvironment {
653 public:
SSLClientSocketTest()654 SSLClientSocketTest()
655 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
656 ssl_config_service_(
657 std::make_unique<TestSSLConfigService>(SSLContextConfig())),
658 cert_verifier_(std::make_unique<ParamRecordingMockCertVerifier>()),
659 transport_security_state_(std::make_unique<TransportSecurityState>()),
660 ssl_client_session_cache_(std::make_unique<SSLClientSessionCache>(
661 SSLClientSessionCache::Config())),
662 context_(
663 std::make_unique<SSLClientContext>(ssl_config_service_.get(),
664 cert_verifier_.get(),
665 transport_security_state_.get(),
666 ssl_client_session_cache_.get(),
667 nullptr)) {
668 cert_verifier_->set_default_result(OK);
669 cert_verifier_->set_async(true);
670 }
671
672 protected:
673 // The address of the test server, after calling StartEmbeddedTestServer().
addr() const674 const AddressList& addr() const { return addr_; }
675
676 // The hostname of the test server, after calling StartEmbeddedTestServer().
host_port_pair() const677 const HostPortPair& host_port_pair() const { return host_port_pair_; }
678
679 // The EmbeddedTestServer object, after calling StartEmbeddedTestServer().
embedded_test_server()680 EmbeddedTestServer* embedded_test_server() {
681 return embedded_test_server_.get();
682 }
683
684 // Starts the embedded test server with the specified parameters. Returns true
685 // on success.
StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert,const SSLServerConfig & server_config)686 bool StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert,
687 const SSLServerConfig& server_config) {
688 embedded_test_server_ =
689 std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS);
690 embedded_test_server_->SetSSLConfig(cert, server_config);
691 return FinishStartingEmbeddedTestServer();
692 }
693
694 // Starts the embedded test server with the specified parameters. Returns true
695 // on success.
StartEmbeddedTestServer(const EmbeddedTestServer::ServerCertificateConfig & cert_config,const SSLServerConfig & server_config)696 bool StartEmbeddedTestServer(
697 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
698 const SSLServerConfig& server_config) {
699 embedded_test_server_ =
700 std::make_unique<EmbeddedTestServer>(EmbeddedTestServer::TYPE_HTTPS);
701 embedded_test_server_->SetSSLConfig(cert_config, server_config);
702 return FinishStartingEmbeddedTestServer();
703 }
704
FinishStartingEmbeddedTestServer()705 bool FinishStartingEmbeddedTestServer() {
706 RegisterEmbeddedTestServerHandlers(embedded_test_server_.get());
707 if (!embedded_test_server_->Start()) {
708 LOG(ERROR) << "Could not start EmbeddedTestServer";
709 return false;
710 }
711
712 if (!embedded_test_server_->GetAddressList(&addr_)) {
713 LOG(ERROR) << "Could not get EmbeddedTestServer address list";
714 return false;
715 }
716 host_port_pair_ = embedded_test_server_->host_port_pair();
717 return true;
718 }
719
720 // May be overridden by the subclass to customize the EmbeddedTestServer.
RegisterEmbeddedTestServerHandlers(EmbeddedTestServer * server)721 virtual void RegisterEmbeddedTestServerHandlers(EmbeddedTestServer* server) {
722 server->AddDefaultHandlers(base::FilePath());
723 server->RegisterRequestHandler(
724 base::BindRepeating(&ManySmallRecordsHttpResponse::HandleRequest));
725 server->RegisterRequestHandler(
726 base::BindRepeating(&HandleSSLInfoRequest, base::Unretained(this)));
727 }
728
CreateSSLClientSocket(std::unique_ptr<StreamSocket> transport_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)729 std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
730 std::unique_ptr<StreamSocket> transport_socket,
731 const HostPortPair& host_and_port,
732 const SSLConfig& ssl_config) {
733 return socket_factory_->CreateSSLClientSocket(
734 context_.get(), std::move(transport_socket), host_and_port, ssl_config);
735 }
736
737 // Create an SSLClientSocket object and use it to connect to a test server,
738 // then wait for connection results. This must be called after a successful
739 // StartEmbeddedTestServer() call.
740 //
741 // |ssl_config| The SSL configuration to use.
742 // |host_port_pair| The hostname and port to use at the SSL layer. (The
743 // socket connection will still be made to |embedded_test_server_|.)
744 // |result| will retrieve the ::Connect() result value.
745 //
746 // Returns true on success, false otherwise. Success means that the SSL
747 // socket could be created and its Connect() was called, not that the
748 // connection itself was a success.
CreateAndConnectSSLClientSocketWithHost(const SSLConfig & ssl_config,const HostPortPair & host_port_pair,int * result)749 bool CreateAndConnectSSLClientSocketWithHost(
750 const SSLConfig& ssl_config,
751 const HostPortPair& host_port_pair,
752 int* result) {
753 auto transport = std::make_unique<TCPClientSocket>(
754 addr_, nullptr, nullptr, NetLog::Get(), NetLogSource());
755 int rv = callback_.GetResult(transport->Connect(callback_.callback()));
756 if (rv != OK) {
757 LOG(ERROR) << "Could not connect to test server";
758 return false;
759 }
760
761 sock_ =
762 CreateSSLClientSocket(std::move(transport), host_port_pair, ssl_config);
763 EXPECT_FALSE(sock_->IsConnected());
764
765 *result = callback_.GetResult(sock_->Connect(callback_.callback()));
766 return true;
767 }
768
CreateAndConnectSSLClientSocket(const SSLConfig & ssl_config,int * result)769 bool CreateAndConnectSSLClientSocket(const SSLConfig& ssl_config,
770 int* result) {
771 return CreateAndConnectSSLClientSocketWithHost(ssl_config, host_port_pair(),
772 result);
773 }
774
LastSSLInfoFromServer()775 std::optional<SSLInfo> LastSSLInfoFromServer() {
776 // EmbeddedTestServer callbacks run on another thread, so protect this
777 // with a lock.
778 base::AutoLock lock(server_ssl_info_lock_);
779 auto result = server_ssl_info_;
780 server_ssl_info_ = std::nullopt;
781 return result;
782 }
783
784 RecordingNetLogObserver log_observer_;
785 raw_ptr<ClientSocketFactory, DanglingUntriaged> socket_factory_;
786 std::unique_ptr<TestSSLConfigService> ssl_config_service_;
787 std::unique_ptr<ParamRecordingMockCertVerifier> cert_verifier_;
788 std::unique_ptr<TransportSecurityState> transport_security_state_;
789 std::unique_ptr<SSLClientSessionCache> ssl_client_session_cache_;
790 std::unique_ptr<SSLClientContext> context_;
791 std::unique_ptr<SSLClientSocket> sock_;
792
793 private:
HandleSSLInfoRequest(SSLClientSocketTest * test,const test_server::HttpRequest & request)794 static std::unique_ptr<test_server::HttpResponse> HandleSSLInfoRequest(
795 SSLClientSocketTest* test,
796 const test_server::HttpRequest& request) {
797 if (request.relative_url != "/ssl-info") {
798 return nullptr;
799 }
800 {
801 // EmbeddedTestServer callbacks run on another thread, so protect this
802 // with a lock.
803 base::AutoLock lock(test->server_ssl_info_lock_);
804 test->server_ssl_info_ = request.ssl_info;
805 }
806 return std::make_unique<test_server::BasicHttpResponse>();
807 }
808
809 std::unique_ptr<EmbeddedTestServer> embedded_test_server_;
810 base::Lock server_ssl_info_lock_;
811 std::optional<SSLInfo> server_ssl_info_ GUARDED_BY(server_ssl_info_lock_);
812 TestCompletionCallback callback_;
813 AddressList addr_;
814 HostPortPair host_port_pair_;
815 };
816
817 enum ReadIfReadyTransport {
818 // ReadIfReady() is implemented by the underlying transport.
819 READ_IF_READY_SUPPORTED,
820 // ReadIfReady() is not implemented by the underlying transport.
821 READ_IF_READY_NOT_SUPPORTED,
822 };
823
824 enum ReadIfReadySSL {
825 // Test reads by calling ReadIfReady() on the SSL socket.
826 TEST_SSL_READ_IF_READY,
827 // Test reads by calling Read() on the SSL socket.
828 TEST_SSL_READ,
829 };
830
831 class StreamSocketWithoutReadIfReady : public WrappedStreamSocket {
832 public:
StreamSocketWithoutReadIfReady(std::unique_ptr<StreamSocket> transport)833 explicit StreamSocketWithoutReadIfReady(
834 std::unique_ptr<StreamSocket> transport)
835 : WrappedStreamSocket(std::move(transport)) {}
836
ReadIfReady(IOBuffer * buf,int buf_len,CompletionOnceCallback callback)837 int ReadIfReady(IOBuffer* buf,
838 int buf_len,
839 CompletionOnceCallback callback) override {
840 return ERR_READ_IF_READY_NOT_IMPLEMENTED;
841 }
842
CancelReadIfReady()843 int CancelReadIfReady() override { return ERR_READ_IF_READY_NOT_IMPLEMENTED; }
844 };
845
846 class ClientSocketFactoryWithoutReadIfReady : public ClientSocketFactory {
847 public:
ClientSocketFactoryWithoutReadIfReady(ClientSocketFactory * factory)848 explicit ClientSocketFactoryWithoutReadIfReady(ClientSocketFactory* factory)
849 : factory_(factory) {}
850
CreateDatagramClientSocket(DatagramSocket::BindType bind_type,NetLog * net_log,const NetLogSource & source)851 std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
852 DatagramSocket::BindType bind_type,
853 NetLog* net_log,
854 const NetLogSource& source) override {
855 return factory_->CreateDatagramClientSocket(bind_type, net_log, source);
856 }
857
CreateTransportClientSocket(const AddressList & addresses,std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,NetworkQualityEstimator * network_quality_estimator,NetLog * net_log,const NetLogSource & source)858 std::unique_ptr<TransportClientSocket> CreateTransportClientSocket(
859 const AddressList& addresses,
860 std::unique_ptr<SocketPerformanceWatcher> socket_performance_watcher,
861 NetworkQualityEstimator* network_quality_estimator,
862 NetLog* net_log,
863 const NetLogSource& source) override {
864 return factory_->CreateTransportClientSocket(
865 addresses, std::move(socket_performance_watcher),
866 network_quality_estimator, net_log, source);
867 }
868
CreateSSLClientSocket(SSLClientContext * context,std::unique_ptr<StreamSocket> stream_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config)869 std::unique_ptr<SSLClientSocket> CreateSSLClientSocket(
870 SSLClientContext* context,
871 std::unique_ptr<StreamSocket> stream_socket,
872 const HostPortPair& host_and_port,
873 const SSLConfig& ssl_config) override {
874 stream_socket = std::make_unique<StreamSocketWithoutReadIfReady>(
875 std::move(stream_socket));
876 return factory_->CreateSSLClientSocket(context, std::move(stream_socket),
877 host_and_port, ssl_config);
878 }
879
880 private:
881 const raw_ptr<ClientSocketFactory> factory_;
882 };
883
GetTLSVersions()884 std::vector<uint16_t> GetTLSVersions() {
885 return {SSL_PROTOCOL_VERSION_TLS1_2, SSL_PROTOCOL_VERSION_TLS1_3};
886 }
887
888 class SSLClientSocketVersionTest
889 : public SSLClientSocketTest,
890 public ::testing::WithParamInterface<uint16_t> {
891 protected:
892 SSLClientSocketVersionTest() = default;
893
version() const894 uint16_t version() const { return GetParam(); }
895
GetServerConfig()896 SSLServerConfig GetServerConfig() {
897 SSLServerConfig config;
898 config.version_max = version();
899 config.version_min = version();
900 return config;
901 }
902 };
903
904 // If GetParam(), try ReadIfReady() and fall back to Read() if needed.
905 class SSLClientSocketReadTest
906 : public SSLClientSocketTest,
907 public ::testing::WithParamInterface<
908 std::tuple<ReadIfReadyTransport, ReadIfReadySSL, uint16_t>> {
909 protected:
SSLClientSocketReadTest()910 SSLClientSocketReadTest() : SSLClientSocketTest() {
911 if (!read_if_ready_supported()) {
912 wrapped_socket_factory_ =
913 std::make_unique<ClientSocketFactoryWithoutReadIfReady>(
914 socket_factory_);
915 socket_factory_ = wrapped_socket_factory_.get();
916 }
917 }
918
919 // Convienient wrapper to call Read()/ReadIfReady() depending on whether
920 // ReadyIfReady() is enabled.
Read(StreamSocket * socket,IOBuffer * buf,int buf_len,CompletionOnceCallback callback)921 int Read(StreamSocket* socket,
922 IOBuffer* buf,
923 int buf_len,
924 CompletionOnceCallback callback) {
925 if (test_ssl_read_if_ready())
926 return socket->ReadIfReady(buf, buf_len, std::move(callback));
927 return socket->Read(buf, buf_len, std::move(callback));
928 }
929
930 // Wait for Read()/ReadIfReady() to complete.
WaitForReadCompletion(StreamSocket * socket,IOBuffer * buf,int buf_len,TestCompletionCallback * callback,int rv)931 int WaitForReadCompletion(StreamSocket* socket,
932 IOBuffer* buf,
933 int buf_len,
934 TestCompletionCallback* callback,
935 int rv) {
936 if (!test_ssl_read_if_ready())
937 return callback->GetResult(rv);
938 while (rv == ERR_IO_PENDING) {
939 rv = callback->GetResult(rv);
940 if (rv != OK)
941 return rv;
942 rv = socket->ReadIfReady(buf, buf_len, callback->callback());
943 }
944 return rv;
945 }
946
947 // Calls Read()/ReadIfReady() and waits for it to return data.
ReadAndWaitForCompletion(StreamSocket * socket,IOBuffer * buf,int buf_len)948 int ReadAndWaitForCompletion(StreamSocket* socket,
949 IOBuffer* buf,
950 int buf_len) {
951 TestCompletionCallback callback;
952 int rv = Read(socket, buf, buf_len, callback.callback());
953 return WaitForReadCompletion(socket, buf, buf_len, &callback, rv);
954 }
955
GetServerConfig()956 SSLServerConfig GetServerConfig() {
957 SSLServerConfig config;
958 config.version_max = version();
959 config.version_min = version();
960 return config;
961 }
962
test_ssl_read_if_ready() const963 bool test_ssl_read_if_ready() const {
964 return std::get<1>(GetParam()) == TEST_SSL_READ_IF_READY;
965 }
966
read_if_ready_supported() const967 bool read_if_ready_supported() const {
968 return std::get<0>(GetParam()) == READ_IF_READY_SUPPORTED;
969 }
970
version() const971 uint16_t version() const { return std::get<2>(GetParam()); }
972
973 private:
974 std::unique_ptr<ClientSocketFactory> wrapped_socket_factory_;
975 };
976
977 INSTANTIATE_TEST_SUITE_P(All,
978 SSLClientSocketReadTest,
979 Combine(Values(READ_IF_READY_SUPPORTED,
980 READ_IF_READY_NOT_SUPPORTED),
981 Values(TEST_SSL_READ_IF_READY, TEST_SSL_READ),
982 ValuesIn(GetTLSVersions())));
983
984 // Verifies the correctness of GetSSLCertRequestInfo.
985 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketVersionTest {
986 protected:
987 // Connects to the test server and returns the SSLCertRequestInfo reported by
988 // the socket.
GetCertRequest()989 scoped_refptr<SSLCertRequestInfo> GetCertRequest() {
990 int rv;
991 if (!CreateAndConnectSSLClientSocket(SSLConfig(), &rv)) {
992 return nullptr;
993 }
994 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
995
996 auto request_info = base::MakeRefCounted<SSLCertRequestInfo>();
997 sock_->GetSSLCertRequestInfo(request_info.get());
998 sock_->Disconnect();
999 EXPECT_FALSE(sock_->IsConnected());
1000 EXPECT_TRUE(host_port_pair().Equals(request_info->host_and_port));
1001
1002 return request_info;
1003 }
1004 };
1005
1006 class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
1007 protected:
1008 // Creates an SSLClientSocket with |client_config| attached to a
1009 // FakeBlockingStreamSocket, returning both in |*out_raw_transport| and
1010 // |*out_sock|. The FakeBlockingStreamSocket is owned by the SSLClientSocket,
1011 // so |*out_raw_transport| is a raw pointer.
1012 //
1013 // The client socket will begin a connect using |callback| but stop before the
1014 // server's finished message is received. The finished message will be blocked
1015 // in |*out_raw_transport|. To complete the handshake and successfully read
1016 // data, the caller must unblock reads on |*out_raw_transport|. (Note that, if
1017 // the client successfully false started, |callback.WaitForResult()| will
1018 // return OK without unblocking transport reads. But Read() will still block.)
1019 //
1020 // Must be called after StartEmbeddedTestServer is called.
CreateAndConnectUntilServerFinishedReceived(const SSLConfig & client_config,TestCompletionCallback * callback,FakeBlockingStreamSocket ** out_raw_transport,std::unique_ptr<SSLClientSocket> * out_sock)1021 void CreateAndConnectUntilServerFinishedReceived(
1022 const SSLConfig& client_config,
1023 TestCompletionCallback* callback,
1024 FakeBlockingStreamSocket** out_raw_transport,
1025 std::unique_ptr<SSLClientSocket>* out_sock) {
1026 CHECK(embedded_test_server());
1027
1028 auto real_transport = std::make_unique<TCPClientSocket>(
1029 addr(), nullptr, nullptr, nullptr, NetLogSource());
1030 auto transport =
1031 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
1032 int rv = callback->GetResult(transport->Connect(callback->callback()));
1033 EXPECT_THAT(rv, IsOk());
1034
1035 FakeBlockingStreamSocket* raw_transport = transport.get();
1036 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1037 std::move(transport), host_port_pair(), client_config);
1038
1039 // Connect. Stop before the client processes the first server leg
1040 // (ServerHello, etc.)
1041 raw_transport->BlockReadResult();
1042 rv = sock->Connect(callback->callback());
1043 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1044 raw_transport->WaitForReadResult();
1045
1046 // Release the ServerHello and wait for the client to write
1047 // ClientKeyExchange, etc. (A proxy for waiting for the entirety of the
1048 // server's leg to complete, since it may span multiple reads.)
1049 EXPECT_FALSE(callback->have_result());
1050 raw_transport->BlockWrite();
1051 raw_transport->UnblockReadResult();
1052 raw_transport->WaitForWrite();
1053
1054 // And, finally, release that and block the next server leg
1055 // (ChangeCipherSpec, Finished).
1056 raw_transport->BlockReadResult();
1057 raw_transport->UnblockWrite();
1058
1059 *out_raw_transport = raw_transport;
1060 *out_sock = std::move(sock);
1061 }
1062
TestFalseStart(const SSLServerConfig & server_config,const SSLConfig & client_config,bool expect_false_start)1063 void TestFalseStart(const SSLServerConfig& server_config,
1064 const SSLConfig& client_config,
1065 bool expect_false_start) {
1066 ASSERT_TRUE(
1067 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1068
1069 TestCompletionCallback callback;
1070 FakeBlockingStreamSocket* raw_transport = nullptr;
1071 std::unique_ptr<SSLClientSocket> sock;
1072 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
1073 client_config, &callback, &raw_transport, &sock));
1074
1075 if (expect_false_start) {
1076 // When False Starting, the handshake should complete before receiving the
1077 // Change Cipher Spec and Finished messages.
1078 //
1079 // Note: callback.have_result() may not be true without waiting. The NSS
1080 // state machine sometimes lives on a separate thread, so this thread may
1081 // not yet have processed the signal that the handshake has completed.
1082 int rv = callback.WaitForResult();
1083 EXPECT_THAT(rv, IsOk());
1084 EXPECT_TRUE(sock->IsConnected());
1085
1086 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1087 static const int kRequestTextSize =
1088 static_cast<int>(std::size(request_text) - 1);
1089 auto request_buffer =
1090 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1091 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1092
1093 // Write the request.
1094 rv = callback.GetResult(sock->Write(request_buffer.get(),
1095 kRequestTextSize, callback.callback(),
1096 TRAFFIC_ANNOTATION_FOR_TESTS));
1097 EXPECT_EQ(kRequestTextSize, rv);
1098
1099 // The read will hang; it's waiting for the peer to complete the
1100 // handshake, and the handshake is still blocked.
1101 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1102 rv = sock->Read(buf.get(), 4096, callback.callback());
1103
1104 // After releasing reads, the connection proceeds.
1105 raw_transport->UnblockReadResult();
1106 rv = callback.GetResult(rv);
1107 EXPECT_LT(0, rv);
1108 } else {
1109 // False Start is not enabled, so the handshake will not complete because
1110 // the server second leg is blocked.
1111 base::RunLoop().RunUntilIdle();
1112 EXPECT_FALSE(callback.have_result());
1113 }
1114 }
1115 };
1116
1117 // Sends an HTTP request on the socket and reads the response. This may be used
1118 // to ensure some data has been consumed from the server.
MakeHTTPRequest(StreamSocket * socket,const char * path="/")1119 int MakeHTTPRequest(StreamSocket* socket, const char* path = "/") {
1120 std::string request = base::StringPrintf("GET %s HTTP/1.0\r\n\r\n", path);
1121 TestCompletionCallback callback;
1122 while (!request.empty()) {
1123 auto request_buffer =
1124 base::MakeRefCounted<StringIOBuffer>(std::string(request));
1125 int rv = callback.GetResult(
1126 socket->Write(request_buffer.get(), request_buffer->size(),
1127 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1128 if (rv < 0) {
1129 return rv;
1130 }
1131 request = request.substr(rv);
1132 }
1133
1134 auto response_buffer = base::MakeRefCounted<IOBufferWithSize>(1024);
1135 int rv = callback.GetResult(
1136 socket->Read(response_buffer.get(), 1024, callback.callback()));
1137 if (rv < 0) {
1138 return rv;
1139 }
1140 return OK;
1141 }
1142
1143 // Provides a response to the 0RTT request indicating whether it was received
1144 // as early data.
1145 class ZeroRTTResponse : public test_server::HttpResponse {
1146 public:
ZeroRTTResponse(bool zero_rtt)1147 explicit ZeroRTTResponse(bool zero_rtt) : zero_rtt_(zero_rtt) {}
1148
1149 ZeroRTTResponse(const ZeroRTTResponse&) = delete;
1150 ZeroRTTResponse& operator=(const ZeroRTTResponse&) = delete;
1151
1152 ~ZeroRTTResponse() override = default;
1153
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)1154 void SendResponse(
1155 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
1156 std::string response;
1157 if (zero_rtt_) {
1158 response = "1";
1159 } else {
1160 response = "0";
1161 }
1162
1163 // Since the EmbeddedTestServer doesn't keep the socket open by default, it
1164 // is explicitly kept alive to allow the remaining leg of the 0RTT handshake
1165 // to be received after the early data.
1166 delegate->SendContents(response);
1167 }
1168
1169 private:
1170 bool zero_rtt_;
1171 };
1172
HandleZeroRTTRequest(const test_server::HttpRequest & request)1173 std::unique_ptr<test_server::HttpResponse> HandleZeroRTTRequest(
1174 const test_server::HttpRequest& request) {
1175 if (request.GetURL().path() != "/zerortt" || !request.ssl_info)
1176 return nullptr;
1177
1178 return std::make_unique<ZeroRTTResponse>(
1179 request.ssl_info->early_data_received);
1180 }
1181
1182 class SSLClientSocketZeroRTTTest : public SSLClientSocketTest {
1183 protected:
SSLClientSocketZeroRTTTest()1184 SSLClientSocketZeroRTTTest() : SSLClientSocketTest() {
1185 SSLContextConfig config;
1186 config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
1187 ssl_config_service_->UpdateSSLConfigAndNotify(config);
1188 }
1189
StartServer()1190 bool StartServer() {
1191 SSLServerConfig server_config;
1192 server_config.early_data_enabled = true;
1193 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
1194 return StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config);
1195 }
1196
RegisterEmbeddedTestServerHandlers(EmbeddedTestServer * server)1197 void RegisterEmbeddedTestServerHandlers(EmbeddedTestServer* server) override {
1198 SSLClientSocketTest::RegisterEmbeddedTestServerHandlers(server);
1199 server->RegisterRequestHandler(base::BindRepeating(&HandleZeroRTTRequest));
1200 }
1201
SetServerConfig(SSLServerConfig server_config)1202 void SetServerConfig(SSLServerConfig server_config) {
1203 embedded_test_server()->ResetSSLConfig(net::EmbeddedTestServer::CERT_OK,
1204 server_config);
1205 }
1206
1207 // Makes a new connection to the test server and returns a
1208 // FakeBlockingStreamSocket which may be used to block transport I/O.
1209 //
1210 // Most tests should call BlockReadResult() before calling Connect(). This
1211 // avoid race conditions by controlling the order of events. 0-RTT typically
1212 // races the ServerHello from the server with early data from the client. If
1213 // the ServerHello arrives before client calls Write(), the data may be sent
1214 // with 1-RTT keys rather than 0-RTT keys.
MakeClient(bool early_data_enabled)1215 FakeBlockingStreamSocket* MakeClient(bool early_data_enabled) {
1216 SSLConfig ssl_config;
1217 ssl_config.early_data_enabled = early_data_enabled;
1218
1219 real_transport_ = std::make_unique<TCPClientSocket>(
1220 addr(), nullptr, nullptr, nullptr, NetLogSource());
1221 auto transport =
1222 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport_));
1223 FakeBlockingStreamSocket* raw_transport = transport.get();
1224
1225 int rv = callback_.GetResult(transport->Connect(callback_.callback()));
1226 EXPECT_THAT(rv, IsOk());
1227
1228 ssl_socket_ = CreateSSLClientSocket(std::move(transport), host_port_pair(),
1229 ssl_config);
1230 EXPECT_FALSE(ssl_socket_->IsConnected());
1231
1232 return raw_transport;
1233 }
1234
Connect()1235 int Connect() {
1236 return callback_.GetResult(ssl_socket_->Connect(callback_.callback()));
1237 }
1238
WriteAndWait(std::string_view request)1239 int WriteAndWait(std::string_view request) {
1240 auto request_buffer =
1241 base::MakeRefCounted<IOBufferWithSize>(request.size());
1242 memcpy(request_buffer->data(), request.data(), request.size());
1243 return callback_.GetResult(
1244 ssl_socket_->Write(request_buffer.get(), request.size(),
1245 callback_.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1246 }
1247
ReadAndWait(IOBuffer * buf,size_t len)1248 int ReadAndWait(IOBuffer* buf, size_t len) {
1249 return callback_.GetResult(
1250 ssl_socket_->Read(buf, len, callback_.callback()));
1251 }
1252
GetSSLInfo(SSLInfo * ssl_info)1253 bool GetSSLInfo(SSLInfo* ssl_info) {
1254 return ssl_socket_->GetSSLInfo(ssl_info);
1255 }
1256
RunInitialConnection()1257 bool RunInitialConnection() {
1258 if (MakeClient(true) == nullptr)
1259 return false;
1260
1261 EXPECT_THAT(Connect(), IsOk());
1262
1263 // Use the socket for an HTTP request to ensure we've processed the
1264 // post-handshake TLS 1.3 ticket.
1265 EXPECT_THAT(MakeHTTPRequest(ssl_socket_.get()), IsOk());
1266
1267 SSLInfo ssl_info;
1268 EXPECT_TRUE(GetSSLInfo(&ssl_info));
1269
1270 // Make sure all asynchronous histogram logging is complete.
1271 base::RunLoop().RunUntilIdle();
1272
1273 return SSLInfo::HANDSHAKE_FULL == ssl_info.handshake_type;
1274 }
1275
ssl_socket()1276 SSLClientSocket* ssl_socket() { return ssl_socket_.get(); }
1277
1278 private:
1279 TestCompletionCallback callback_;
1280 std::unique_ptr<StreamSocket> real_transport_;
1281 std::unique_ptr<SSLClientSocket> ssl_socket_;
1282 };
1283
1284 // Returns a serialized unencrypted TLS 1.2 alert record for the given alert
1285 // value.
FormatTLS12Alert(uint8_t alert)1286 std::string FormatTLS12Alert(uint8_t alert) {
1287 std::string ret;
1288 // ContentType.alert
1289 ret.push_back(21);
1290 // Record-layer version. Assume TLS 1.2.
1291 ret.push_back(0x03);
1292 ret.push_back(0x03);
1293 // Record length.
1294 ret.push_back(0);
1295 ret.push_back(2);
1296 // AlertLevel.fatal.
1297 ret.push_back(2);
1298 // The alert itself.
1299 ret.push_back(alert);
1300 return ret;
1301 }
1302
1303 // A CertVerifier that never returns on any requests.
1304 class HangingCertVerifier : public CertVerifier {
1305 public:
num_active_requests() const1306 int num_active_requests() const { return num_active_requests_; }
1307
WaitForRequest()1308 void WaitForRequest() {
1309 if (!num_active_requests_) {
1310 run_loop_.Run();
1311 }
1312 }
1313
Verify(const RequestParams & params,CertVerifyResult * verify_result,CompletionOnceCallback callback,std::unique_ptr<Request> * out_req,const NetLogWithSource & net_log)1314 int Verify(const RequestParams& params,
1315 CertVerifyResult* verify_result,
1316 CompletionOnceCallback callback,
1317 std::unique_ptr<Request>* out_req,
1318 const NetLogWithSource& net_log) override {
1319 *out_req = std::make_unique<HangingRequest>(this);
1320 return ERR_IO_PENDING;
1321 }
1322
SetConfig(const Config & config)1323 void SetConfig(const Config& config) override {}
AddObserver(Observer * observer)1324 void AddObserver(Observer* observer) override {}
RemoveObserver(Observer * observer)1325 void RemoveObserver(Observer* observer) override {}
1326
1327 private:
1328 class HangingRequest : public Request {
1329 public:
HangingRequest(HangingCertVerifier * verifier)1330 explicit HangingRequest(HangingCertVerifier* verifier)
1331 : verifier_(verifier) {
1332 verifier_->num_active_requests_++;
1333 verifier_->run_loop_.Quit();
1334 }
1335
~HangingRequest()1336 ~HangingRequest() override { verifier_->num_active_requests_--; }
1337
1338 private:
1339 raw_ptr<HangingCertVerifier> verifier_;
1340 };
1341
1342 base::RunLoop run_loop_;
1343 int num_active_requests_ = 0;
1344 };
1345
1346 class MockSSLClientContextObserver : public SSLClientContext::Observer {
1347 public:
1348 MOCK_METHOD1(OnSSLConfigChanged, void(SSLClientContext::SSLConfigChangeType));
1349 MOCK_METHOD1(OnSSLConfigForServersChanged,
1350 void(const base::flat_set<HostPortPair>&));
1351 };
1352
1353 } // namespace
1354
1355 INSTANTIATE_TEST_SUITE_P(TLSVersion,
1356 SSLClientSocketVersionTest,
1357 ValuesIn(GetTLSVersions()));
1358
TEST_P(SSLClientSocketVersionTest,Connect)1359 TEST_P(SSLClientSocketVersionTest, Connect) {
1360 ASSERT_TRUE(
1361 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1362
1363 TestCompletionCallback callback;
1364 auto transport = std::make_unique<TCPClientSocket>(
1365 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
1366 int rv = callback.GetResult(transport->Connect(callback.callback()));
1367 EXPECT_THAT(rv, IsOk());
1368
1369 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1370 std::move(transport), host_port_pair(), SSLConfig()));
1371
1372 EXPECT_FALSE(sock->IsConnected());
1373
1374 rv = sock->Connect(callback.callback());
1375
1376 auto entries = log_observer_.GetEntries();
1377 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLogEventType::SSL_CONNECT));
1378 if (rv == ERR_IO_PENDING)
1379 rv = callback.WaitForResult();
1380 EXPECT_THAT(rv, IsOk());
1381 EXPECT_TRUE(sock->IsConnected());
1382 entries = log_observer_.GetEntries();
1383 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1384
1385 sock->Disconnect();
1386 EXPECT_FALSE(sock->IsConnected());
1387 }
1388
TEST_P(SSLClientSocketVersionTest,ConnectSyncVerify)1389 TEST_P(SSLClientSocketVersionTest, ConnectSyncVerify) {
1390 ASSERT_TRUE(
1391 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1392
1393 cert_verifier_->set_async(false);
1394 int rv;
1395 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1396 EXPECT_THAT(rv, IsError(OK));
1397 }
1398
TEST_P(SSLClientSocketVersionTest,ConnectExpired)1399 TEST_P(SSLClientSocketVersionTest, ConnectExpired) {
1400 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED,
1401 GetServerConfig()));
1402
1403 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1404
1405 int rv;
1406 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1407 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1408
1409 // Rather than testing whether or not the underlying socket is connected,
1410 // test that the handshake has finished. This is because it may be
1411 // desirable to disconnect the socket before showing a user prompt, since
1412 // the user may take indefinitely long to respond.
1413 auto entries = log_observer_.GetEntries();
1414 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1415 }
1416
TEST_P(SSLClientSocketVersionTest,ConnectExpiredSyncVerify)1417 TEST_P(SSLClientSocketVersionTest, ConnectExpiredSyncVerify) {
1418 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED,
1419 GetServerConfig()));
1420
1421 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1422 cert_verifier_->set_async(false);
1423
1424 int rv;
1425 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1426 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1427 }
1428
1429 // Test that SSLClientSockets may be destroyed while waiting on a certificate
1430 // verification.
TEST_P(SSLClientSocketVersionTest,SocketDestroyedDuringVerify)1431 TEST_P(SSLClientSocketVersionTest, SocketDestroyedDuringVerify) {
1432 ASSERT_TRUE(
1433 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1434
1435 HangingCertVerifier verifier;
1436 context_ = std::make_unique<SSLClientContext>(
1437 ssl_config_service_.get(), &verifier, transport_security_state_.get(),
1438 ssl_client_session_cache_.get(), nullptr);
1439
1440 TestCompletionCallback callback;
1441 auto transport = std::make_unique<TCPClientSocket>(
1442 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
1443 int rv = callback.GetResult(transport->Connect(callback.callback()));
1444 ASSERT_THAT(rv, IsOk());
1445
1446 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
1447 std::move(transport), host_port_pair(), SSLConfig());
1448 rv = sock->Connect(callback.callback());
1449 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1450
1451 // The socket should attempt a certificate verification.
1452 verifier.WaitForRequest();
1453 EXPECT_EQ(1, verifier.num_active_requests());
1454
1455 // Destroying the socket should cancel it.
1456 sock = nullptr;
1457 EXPECT_EQ(0, verifier.num_active_requests());
1458
1459 context_ = nullptr;
1460 }
1461
TEST_P(SSLClientSocketVersionTest,ConnectMismatched)1462 TEST_P(SSLClientSocketVersionTest, ConnectMismatched) {
1463 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_MISMATCHED_NAME,
1464 GetServerConfig()));
1465
1466 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
1467
1468 int rv;
1469 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1470 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
1471
1472 // Rather than testing whether or not the underlying socket is connected,
1473 // test that the handshake has finished. This is because it may be
1474 // desirable to disconnect the socket before showing a user prompt, since
1475 // the user may take indefinitely long to respond.
1476 auto entries = log_observer_.GetEntries();
1477 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1478 }
1479
1480 // Tests that certificates parsable by SSLClientSocket's internal SSL
1481 // implementation, but not X509Certificate are treated as fatal connection
1482 // errors. This is a regression test for https://crbug.com/91341.
TEST_P(SSLClientSocketVersionTest,ConnectBadValidity)1483 TEST_P(SSLClientSocketVersionTest, ConnectBadValidity) {
1484 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_BAD_VALIDITY,
1485 GetServerConfig()));
1486 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1487
1488 SSLConfig ssl_config;
1489 int rv;
1490 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
1491 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
1492 }
1493
1494 // Ignoring the certificate error from an invalid certificate should
1495 // allow a complete connection.
TEST_P(SSLClientSocketVersionTest,ConnectBadValidityIgnoreCertErrors)1496 TEST_P(SSLClientSocketVersionTest, ConnectBadValidityIgnoreCertErrors) {
1497 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_BAD_VALIDITY,
1498 GetServerConfig()));
1499 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
1500
1501 SSLConfig ssl_config;
1502 ssl_config.ignore_certificate_errors = true;
1503 int rv;
1504 CreateAndConnectSSLClientSocket(ssl_config, &rv);
1505 EXPECT_THAT(rv, IsOk());
1506 EXPECT_TRUE(sock_->IsConnected());
1507 }
1508
1509 // Client certificates are disabled on iOS.
1510 #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
1511 // Attempt to connect to a page which requests a client certificate. It should
1512 // return an error code on connect.
TEST_P(SSLClientSocketVersionTest,ConnectClientAuthCertRequested)1513 TEST_P(SSLClientSocketVersionTest, ConnectClientAuthCertRequested) {
1514 SSLServerConfig server_config = GetServerConfig();
1515 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
1516 ASSERT_TRUE(
1517 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1518
1519 int rv;
1520 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1521 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
1522
1523 auto entries = log_observer_.GetEntries();
1524 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
1525 EXPECT_FALSE(sock_->IsConnected());
1526 }
1527
1528 // Connect to a server requesting optional client authentication. Send it a
1529 // null certificate. It should allow the connection.
TEST_P(SSLClientSocketVersionTest,ConnectClientAuthSendNullCert)1530 TEST_P(SSLClientSocketVersionTest, ConnectClientAuthSendNullCert) {
1531 SSLServerConfig server_config = GetServerConfig();
1532 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
1533 ASSERT_TRUE(
1534 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
1535
1536 // Our test server accepts certificate-less connections.
1537 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
1538
1539 int rv;
1540 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1541 EXPECT_THAT(rv, IsOk());
1542
1543 // We responded to the server's certificate request with a Certificate
1544 // message with no client certificate in it. ssl_info.client_cert_sent
1545 // should be false in this case.
1546 SSLInfo ssl_info;
1547 sock_->GetSSLInfo(&ssl_info);
1548 EXPECT_FALSE(ssl_info.client_cert_sent);
1549
1550 sock_->Disconnect();
1551 EXPECT_FALSE(sock_->IsConnected());
1552 }
1553 #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
1554
1555 // TODO(wtc): Add unit tests for IsConnectedAndIdle:
1556 // - Server closes an SSL connection (with a close_notify alert message).
1557 // - Server closes the underlying TCP connection directly.
1558 // - Server sends data unexpectedly.
1559
1560 // Tests that the socket can be read from successfully. Also test that a peer's
1561 // close_notify alert is successfully processed without error.
TEST_P(SSLClientSocketReadTest,Read)1562 TEST_P(SSLClientSocketReadTest, Read) {
1563 ASSERT_TRUE(
1564 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1565
1566 TestCompletionCallback callback;
1567 auto transport = std::make_unique<TCPClientSocket>(addr(), nullptr, nullptr,
1568 nullptr, NetLogSource());
1569 EXPECT_EQ(0, transport->GetTotalReceivedBytes());
1570
1571 int rv = callback.GetResult(transport->Connect(callback.callback()));
1572 EXPECT_THAT(rv, IsOk());
1573
1574 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1575 std::move(transport), host_port_pair(), SSLConfig()));
1576 EXPECT_EQ(0, sock->GetTotalReceivedBytes());
1577
1578 rv = callback.GetResult(sock->Connect(callback.callback()));
1579 EXPECT_THAT(rv, IsOk());
1580
1581 // Number of network bytes received should increase because of SSL socket
1582 // establishment.
1583 EXPECT_GT(sock->GetTotalReceivedBytes(), 0);
1584
1585 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1586 auto request_buffer =
1587 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
1588 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
1589
1590 rv = callback.GetResult(
1591 sock->Write(request_buffer.get(), std::size(request_text) - 1,
1592 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1593 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
1594
1595 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1596 int64_t unencrypted_bytes_read = 0;
1597 int64_t network_bytes_read_during_handshake = sock->GetTotalReceivedBytes();
1598 do {
1599 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
1600 EXPECT_GE(rv, 0);
1601 if (rv >= 0) {
1602 unencrypted_bytes_read += rv;
1603 }
1604 } while (rv > 0);
1605 EXPECT_GT(unencrypted_bytes_read, 0);
1606 // Reading the payload should increase the number of bytes on network layer.
1607 EXPECT_GT(sock->GetTotalReceivedBytes(), network_bytes_read_during_handshake);
1608 // Number of bytes received on the network after the handshake should be
1609 // higher than the number of encrypted bytes read.
1610 EXPECT_GE(sock->GetTotalReceivedBytes() - network_bytes_read_during_handshake,
1611 unencrypted_bytes_read);
1612
1613 // The peer should have cleanly closed the connection with a close_notify.
1614 EXPECT_EQ(0, rv);
1615 }
1616
1617 // Tests that SSLClientSocket properly handles when the underlying transport
1618 // synchronously fails a transport write in during the handshake.
TEST_F(SSLClientSocketTest,Connect_WithSynchronousError)1619 TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
1620 ASSERT_TRUE(
1621 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
1622
1623 TestCompletionCallback callback;
1624 auto real_transport = std::make_unique<TCPClientSocket>(
1625 addr(), nullptr, nullptr, nullptr, NetLogSource());
1626 auto transport =
1627 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1628 int rv = callback.GetResult(transport->Connect(callback.callback()));
1629 EXPECT_THAT(rv, IsOk());
1630
1631 SynchronousErrorStreamSocket* raw_transport = transport.get();
1632 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1633 std::move(transport), host_port_pair(), SSLConfig()));
1634
1635 raw_transport->SetNextWriteError(ERR_CONNECTION_RESET);
1636
1637 rv = callback.GetResult(sock->Connect(callback.callback()));
1638 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1639 EXPECT_FALSE(sock->IsConnected());
1640 }
1641
1642 // Tests that the SSLClientSocket properly handles when the underlying transport
1643 // synchronously returns an error code - such as if an intermediary terminates
1644 // the socket connection uncleanly.
1645 // This is a regression test for http://crbug.com/238536
TEST_P(SSLClientSocketReadTest,Read_WithSynchronousError)1646 TEST_P(SSLClientSocketReadTest, Read_WithSynchronousError) {
1647 ASSERT_TRUE(
1648 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1649
1650 TestCompletionCallback callback;
1651 auto real_transport = std::make_unique<TCPClientSocket>(
1652 addr(), nullptr, nullptr, nullptr, NetLogSource());
1653 auto transport =
1654 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1655 int rv = callback.GetResult(transport->Connect(callback.callback()));
1656 EXPECT_THAT(rv, IsOk());
1657
1658 SSLConfig config;
1659 config.disable_post_handshake_peek_for_testing = true;
1660 SynchronousErrorStreamSocket* raw_transport = transport.get();
1661 std::unique_ptr<SSLClientSocket> sock(
1662 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
1663
1664 rv = callback.GetResult(sock->Connect(callback.callback()));
1665 EXPECT_THAT(rv, IsOk());
1666 EXPECT_TRUE(sock->IsConnected());
1667
1668 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1669 static const int kRequestTextSize =
1670 static_cast<int>(std::size(request_text) - 1);
1671 auto request_buffer =
1672 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1673 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1674
1675 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1676 callback.callback(),
1677 TRAFFIC_ANNOTATION_FOR_TESTS));
1678 EXPECT_EQ(kRequestTextSize, rv);
1679
1680 // Simulate an unclean/forcible shutdown.
1681 raw_transport->SetNextReadError(ERR_CONNECTION_RESET);
1682
1683 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1684
1685 // Note: This test will hang if this bug has regressed. Simply checking that
1686 // rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING is a legitimate
1687 // result when using a dedicated task runner for NSS.
1688 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
1689 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1690 }
1691
1692 // Tests that the SSLClientSocket properly handles when the underlying transport
1693 // asynchronously returns an error code while writing data - such as if an
1694 // intermediary terminates the socket connection uncleanly.
1695 // This is a regression test for http://crbug.com/249848
TEST_P(SSLClientSocketVersionTest,Write_WithSynchronousError)1696 TEST_P(SSLClientSocketVersionTest, Write_WithSynchronousError) {
1697 ASSERT_TRUE(
1698 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1699
1700 TestCompletionCallback callback;
1701 auto real_transport = std::make_unique<TCPClientSocket>(
1702 addr(), nullptr, nullptr, nullptr, NetLogSource());
1703 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1704 // is retained in order to configure additional errors.
1705 auto error_socket =
1706 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1707 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1708 auto transport =
1709 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1710 FakeBlockingStreamSocket* raw_transport = transport.get();
1711 int rv = callback.GetResult(transport->Connect(callback.callback()));
1712 EXPECT_THAT(rv, IsOk());
1713
1714 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1715 std::move(transport), host_port_pair(), SSLConfig()));
1716
1717 rv = callback.GetResult(sock->Connect(callback.callback()));
1718 EXPECT_THAT(rv, IsOk());
1719 EXPECT_TRUE(sock->IsConnected());
1720
1721 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1722 static const int kRequestTextSize =
1723 static_cast<int>(std::size(request_text) - 1);
1724 auto request_buffer =
1725 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1726 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1727
1728 // Simulate an unclean/forcible shutdown on the underlying socket.
1729 // However, simulate this error asynchronously.
1730 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1731 raw_transport->BlockWrite();
1732
1733 // This write should complete synchronously, because the TLS ciphertext
1734 // can be created and placed into the outgoing buffers independent of the
1735 // underlying transport.
1736 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1737 callback.callback(),
1738 TRAFFIC_ANNOTATION_FOR_TESTS));
1739 EXPECT_EQ(kRequestTextSize, rv);
1740
1741 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1742
1743 rv = sock->Read(buf.get(), 4096, callback.callback());
1744 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1745
1746 // Now unblock the outgoing request, having it fail with the connection
1747 // being reset.
1748 raw_transport->UnblockWrite();
1749
1750 // Note: This will cause an inifite loop if this bug has regressed. Simply
1751 // checking that rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING
1752 // is a legitimate result when using a dedicated task runner for NSS.
1753 rv = callback.GetResult(rv);
1754 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1755 }
1756
1757 // If there is a Write failure at the transport with no follow-up Read, although
1758 // the write error will not be returned to the client until a future Read or
1759 // Write operation, SSLClientSocket should not spin attempting to re-write on
1760 // the socket. This is a regression test for part of https://crbug.com/381160.
TEST_P(SSLClientSocketVersionTest,Write_WithSynchronousErrorNoRead)1761 TEST_P(SSLClientSocketVersionTest, Write_WithSynchronousErrorNoRead) {
1762 ASSERT_TRUE(
1763 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
1764
1765 TestCompletionCallback callback;
1766 auto real_transport = std::make_unique<TCPClientSocket>(
1767 addr(), nullptr, nullptr, nullptr, NetLogSource());
1768 // Note: intermediate sockets' ownership are handed to |sock|, but a pointer
1769 // is retained in order to query them.
1770 auto error_socket =
1771 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1772 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1773 auto counting_socket =
1774 std::make_unique<CountingStreamSocket>(std::move(error_socket));
1775 CountingStreamSocket* raw_counting_socket = counting_socket.get();
1776 int rv = callback.GetResult(counting_socket->Connect(callback.callback()));
1777 ASSERT_THAT(rv, IsOk());
1778
1779 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1780 std::move(counting_socket), host_port_pair(), SSLConfig()));
1781
1782 rv = callback.GetResult(sock->Connect(callback.callback()));
1783 ASSERT_THAT(rv, IsOk());
1784 ASSERT_TRUE(sock->IsConnected());
1785
1786 // Simulate an unclean/forcible shutdown on the underlying socket.
1787 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1788
1789 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1790 static const int kRequestTextSize =
1791 static_cast<int>(std::size(request_text) - 1);
1792 auto request_buffer =
1793 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1794 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1795
1796 // This write should complete synchronously, because the TLS ciphertext
1797 // can be created and placed into the outgoing buffers independent of the
1798 // underlying transport.
1799 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1800 callback.callback(),
1801 TRAFFIC_ANNOTATION_FOR_TESTS));
1802 ASSERT_EQ(kRequestTextSize, rv);
1803
1804 // Let the event loop spin for a little bit of time. Even on platforms where
1805 // pumping the state machine involve thread hops, there should be no further
1806 // writes on the transport socket.
1807 //
1808 // TODO(davidben): Avoid the arbitrary timeout?
1809 int old_write_count = raw_counting_socket->write_count();
1810 base::RunLoop loop;
1811 base::SingleThreadTaskRunner::GetCurrentDefault()->PostDelayedTask(
1812 FROM_HERE, loop.QuitClosure(), base::Milliseconds(100));
1813 loop.Run();
1814 EXPECT_EQ(old_write_count, raw_counting_socket->write_count());
1815 }
1816
1817 // Test the full duplex mode, with Read and Write pending at the same time.
1818 // This test also serves as a regression test for http://crbug.com/29815.
TEST_P(SSLClientSocketReadTest,Read_FullDuplex)1819 TEST_P(SSLClientSocketReadTest, Read_FullDuplex) {
1820 ASSERT_TRUE(
1821 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1822
1823 int rv;
1824 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
1825 EXPECT_THAT(rv, IsOk());
1826
1827 // Issue a "hanging" Read first.
1828 TestCompletionCallback callback;
1829 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1830 int read_rv = Read(sock_.get(), buf.get(), 4096, callback.callback());
1831 // We haven't written the request, so there should be no response yet.
1832 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
1833
1834 // Write the request.
1835 // The request is padded with a User-Agent header to a size that causes the
1836 // memio circular buffer (4k bytes) in SSLClientSocketNSS to wrap around.
1837 // This tests the fix for http://crbug.com/29815.
1838 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1839 for (int i = 0; i < 3770; ++i)
1840 request_text.push_back('*');
1841 request_text.append("\r\n\r\n");
1842 auto request_buffer = base::MakeRefCounted<StringIOBuffer>(request_text);
1843
1844 TestCompletionCallback callback2; // Used for Write only.
1845 rv = callback2.GetResult(
1846 sock_->Write(request_buffer.get(), request_text.size(),
1847 callback2.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
1848 EXPECT_EQ(static_cast<int>(request_text.size()), rv);
1849
1850 // Now get the Read result.
1851 read_rv =
1852 WaitForReadCompletion(sock_.get(), buf.get(), 4096, &callback, read_rv);
1853 EXPECT_GT(read_rv, 0);
1854 }
1855
1856 // Attempts to Read() and Write() from an SSLClientSocketNSS in full duplex
1857 // mode when the underlying transport is blocked on sending data. When the
1858 // underlying transport completes due to an error, it should invoke both the
1859 // Read() and Write() callbacks. If the socket is deleted by the Read()
1860 // callback, the Write() callback should not be invoked.
1861 // Regression test for http://crbug.com/232633
TEST_P(SSLClientSocketReadTest,Read_DeleteWhilePendingFullDuplex)1862 TEST_P(SSLClientSocketReadTest, Read_DeleteWhilePendingFullDuplex) {
1863 ASSERT_TRUE(
1864 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1865
1866 TestCompletionCallback callback;
1867 auto real_transport = std::make_unique<TCPClientSocket>(
1868 addr(), nullptr, nullptr, nullptr, NetLogSource());
1869 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1870 // is retained in order to configure additional errors.
1871 auto error_socket =
1872 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1873 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1874 auto transport =
1875 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1876 FakeBlockingStreamSocket* raw_transport = transport.get();
1877
1878 int rv = callback.GetResult(transport->Connect(callback.callback()));
1879 EXPECT_THAT(rv, IsOk());
1880
1881 SSLConfig config;
1882 config.disable_post_handshake_peek_for_testing = true;
1883 std::unique_ptr<SSLClientSocket> sock =
1884 CreateSSLClientSocket(std::move(transport), host_port_pair(), config);
1885
1886 rv = callback.GetResult(sock->Connect(callback.callback()));
1887 EXPECT_THAT(rv, IsOk());
1888 EXPECT_TRUE(sock->IsConnected());
1889
1890 std::string request_text = "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1891 request_text.append(20 * 1024, '*');
1892 request_text.append("\r\n\r\n");
1893 scoped_refptr<DrainableIOBuffer> request_buffer =
1894 base::MakeRefCounted<DrainableIOBuffer>(
1895 base::MakeRefCounted<StringIOBuffer>(request_text),
1896 request_text.size());
1897
1898 // Simulate errors being returned from the underlying Read() and Write() ...
1899 raw_error_socket->SetNextReadError(ERR_CONNECTION_RESET);
1900 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
1901 // ... but have those errors returned asynchronously. Because the Write() will
1902 // return first, this will trigger the error.
1903 raw_transport->BlockReadResult();
1904 raw_transport->BlockWrite();
1905
1906 // Enqueue a Read() before calling Write(), which should "hang" due to
1907 // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return.
1908 SSLClientSocket* raw_sock = sock.get();
1909 DeleteSocketCallback read_callback(sock.release());
1910 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1911 rv = Read(raw_sock, read_buf.get(), 4096, read_callback.callback());
1912
1913 // Ensure things didn't complete synchronously, otherwise |sock| is invalid.
1914 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1915 ASSERT_FALSE(read_callback.have_result());
1916
1917 // Attempt to write the remaining data. OpenSSL will return that its blocked
1918 // because the underlying transport is blocked.
1919 rv = raw_sock->Write(request_buffer.get(), request_buffer->BytesRemaining(),
1920 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS);
1921 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
1922 ASSERT_FALSE(callback.have_result());
1923
1924 // Now unblock Write(), which will invoke OnSendComplete and (eventually)
1925 // call the Read() callback, deleting the socket and thus aborting calling
1926 // the Write() callback.
1927 raw_transport->UnblockWrite();
1928
1929 // |read_callback| deletes |sock| so if ReadIfReady() is used, we will get OK
1930 // asynchronously but can't continue reading because the socket is gone.
1931 rv = read_callback.WaitForResult();
1932 if (test_ssl_read_if_ready()) {
1933 EXPECT_THAT(rv, IsOk());
1934 } else {
1935 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
1936 }
1937
1938 // The Write callback should not have been called.
1939 EXPECT_FALSE(callback.have_result());
1940 }
1941
1942 // Tests that the SSLClientSocket does not crash if data is received on the
1943 // transport socket after a failing write. This can occur if we have a Write
1944 // error in a SPDY socket.
1945 // Regression test for http://crbug.com/335557
TEST_P(SSLClientSocketReadTest,Read_WithWriteError)1946 TEST_P(SSLClientSocketReadTest, Read_WithWriteError) {
1947 ASSERT_TRUE(
1948 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
1949
1950 TestCompletionCallback callback;
1951 auto real_transport = std::make_unique<TCPClientSocket>(
1952 addr(), nullptr, nullptr, nullptr, NetLogSource());
1953 // Note: |error_socket|'s ownership is handed to |transport|, but a pointer
1954 // is retained in order to configure additional errors.
1955 auto error_socket =
1956 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
1957 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
1958 auto transport =
1959 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
1960 FakeBlockingStreamSocket* raw_transport = transport.get();
1961
1962 int rv = callback.GetResult(transport->Connect(callback.callback()));
1963 EXPECT_THAT(rv, IsOk());
1964
1965 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
1966 std::move(transport), host_port_pair(), SSLConfig()));
1967
1968 rv = callback.GetResult(sock->Connect(callback.callback()));
1969 EXPECT_THAT(rv, IsOk());
1970 EXPECT_TRUE(sock->IsConnected());
1971
1972 // Send a request so there is something to read from the socket.
1973 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
1974 static const int kRequestTextSize =
1975 static_cast<int>(std::size(request_text) - 1);
1976 auto request_buffer =
1977 base::MakeRefCounted<IOBufferWithSize>(kRequestTextSize);
1978 memcpy(request_buffer->data(), request_text, kRequestTextSize);
1979
1980 rv = callback.GetResult(sock->Write(request_buffer.get(), kRequestTextSize,
1981 callback.callback(),
1982 TRAFFIC_ANNOTATION_FOR_TESTS));
1983 EXPECT_EQ(kRequestTextSize, rv);
1984
1985 // Start a hanging read.
1986 TestCompletionCallback read_callback;
1987 raw_transport->BlockReadResult();
1988 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
1989 rv = Read(sock.get(), buf.get(), 4096, read_callback.callback());
1990 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
1991
1992 // Perform another write, but have it fail. Write a request larger than the
1993 // internal socket buffers so that the request hits the underlying transport
1994 // socket and detects the error.
1995 std::string long_request_text =
1996 "GET / HTTP/1.1\r\nUser-Agent: long browser name ";
1997 long_request_text.append(20 * 1024, '*');
1998 long_request_text.append("\r\n\r\n");
1999 scoped_refptr<DrainableIOBuffer> long_request_buffer =
2000 base::MakeRefCounted<DrainableIOBuffer>(
2001 base::MakeRefCounted<StringIOBuffer>(long_request_text),
2002 long_request_text.size());
2003
2004 raw_error_socket->SetNextWriteError(ERR_CONNECTION_RESET);
2005
2006 // Write as much data as possible until hitting an error.
2007 do {
2008 rv = callback.GetResult(sock->Write(
2009 long_request_buffer.get(), long_request_buffer->BytesRemaining(),
2010 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2011 if (rv > 0) {
2012 long_request_buffer->DidConsume(rv);
2013 // Abort if the entire input is ever consumed. The input is larger than
2014 // the SSLClientSocket's write buffers.
2015 ASSERT_LT(0, long_request_buffer->BytesRemaining());
2016 }
2017 } while (rv > 0);
2018
2019 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
2020
2021 // At this point the Read result is available. Transport write errors are
2022 // surfaced through Writes. See https://crbug.com/249848.
2023 rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv);
2024 EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET));
2025
2026 // Release the read. This does not cause a crash.
2027 raw_transport->UnblockReadResult();
2028 base::RunLoop().RunUntilIdle();
2029 }
2030
2031 // Tests that SSLClientSocket fails the handshake if the underlying
2032 // transport is cleanly closed.
TEST_F(SSLClientSocketTest,Connect_WithZeroReturn)2033 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) {
2034 // There is no need to vary by TLS version because this test never reads a
2035 // response from the server.
2036 ASSERT_TRUE(
2037 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2038
2039 TestCompletionCallback callback;
2040 auto real_transport = std::make_unique<TCPClientSocket>(
2041 addr(), nullptr, nullptr, nullptr, NetLogSource());
2042 auto transport =
2043 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2044 int rv = callback.GetResult(transport->Connect(callback.callback()));
2045 EXPECT_THAT(rv, IsOk());
2046
2047 SynchronousErrorStreamSocket* raw_transport = transport.get();
2048 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2049 std::move(transport), host_port_pair(), SSLConfig()));
2050
2051 raw_transport->SetNextReadError(0);
2052
2053 rv = callback.GetResult(sock->Connect(callback.callback()));
2054 EXPECT_THAT(rv, IsError(ERR_CONNECTION_CLOSED));
2055 EXPECT_FALSE(sock->IsConnected());
2056 }
2057
2058 // Tests that SSLClientSocket returns a Read of size 0 if the underlying socket
2059 // is cleanly closed, but the peer does not send close_notify.
2060 // This is a regression test for https://crbug.com/422246
TEST_P(SSLClientSocketReadTest,Read_WithZeroReturn)2061 TEST_P(SSLClientSocketReadTest, Read_WithZeroReturn) {
2062 ASSERT_TRUE(
2063 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2064
2065 TestCompletionCallback callback;
2066 auto real_transport = std::make_unique<TCPClientSocket>(
2067 addr(), nullptr, nullptr, nullptr, NetLogSource());
2068 auto transport =
2069 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2070 int rv = callback.GetResult(transport->Connect(callback.callback()));
2071 EXPECT_THAT(rv, IsOk());
2072
2073 SSLConfig config;
2074 config.disable_post_handshake_peek_for_testing = true;
2075 SynchronousErrorStreamSocket* raw_transport = transport.get();
2076 std::unique_ptr<SSLClientSocket> sock(
2077 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2078
2079 rv = callback.GetResult(sock->Connect(callback.callback()));
2080 EXPECT_THAT(rv, IsOk());
2081 EXPECT_TRUE(sock->IsConnected());
2082
2083 raw_transport->SetNextReadError(0);
2084 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2085 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
2086 EXPECT_EQ(0, rv);
2087 }
2088
2089 // Tests that SSLClientSocket cleanly returns a Read of size 0 if the
2090 // underlying socket is cleanly closed asynchronously.
2091 // This is a regression test for https://crbug.com/422246
TEST_P(SSLClientSocketReadTest,Read_WithAsyncZeroReturn)2092 TEST_P(SSLClientSocketReadTest, Read_WithAsyncZeroReturn) {
2093 ASSERT_TRUE(
2094 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2095
2096 TestCompletionCallback callback;
2097 auto real_transport = std::make_unique<TCPClientSocket>(
2098 addr(), nullptr, nullptr, nullptr, NetLogSource());
2099 auto error_socket =
2100 std::make_unique<SynchronousErrorStreamSocket>(std::move(real_transport));
2101 SynchronousErrorStreamSocket* raw_error_socket = error_socket.get();
2102 auto transport =
2103 std::make_unique<FakeBlockingStreamSocket>(std::move(error_socket));
2104 FakeBlockingStreamSocket* raw_transport = transport.get();
2105 int rv = callback.GetResult(transport->Connect(callback.callback()));
2106 EXPECT_THAT(rv, IsOk());
2107
2108 SSLConfig config;
2109 config.disable_post_handshake_peek_for_testing = true;
2110 std::unique_ptr<SSLClientSocket> sock(
2111 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2112
2113 rv = callback.GetResult(sock->Connect(callback.callback()));
2114 EXPECT_THAT(rv, IsOk());
2115 EXPECT_TRUE(sock->IsConnected());
2116
2117 raw_error_socket->SetNextReadError(0);
2118 raw_transport->BlockReadResult();
2119 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2120 TestCompletionCallback read_callback;
2121 rv = Read(sock.get(), buf.get(), 4096, read_callback.callback());
2122 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
2123
2124 raw_transport->UnblockReadResult();
2125 rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv);
2126 EXPECT_EQ(0, rv);
2127 }
2128
2129 // Tests that fatal alerts from the peer are processed. This is a regression
2130 // test for https://crbug.com/466303.
TEST_P(SSLClientSocketReadTest,Read_WithFatalAlert)2131 TEST_P(SSLClientSocketReadTest, Read_WithFatalAlert) {
2132 SSLServerConfig server_config = GetServerConfig();
2133 server_config.alert_after_handshake_for_testing = SSL_AD_INTERNAL_ERROR;
2134 ASSERT_TRUE(
2135 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2136
2137 int rv;
2138 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2139 EXPECT_THAT(rv, IsOk());
2140
2141 // Receive the fatal alert.
2142 TestCompletionCallback callback;
2143 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2144 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR,
2145 ReadAndWaitForCompletion(sock_.get(), buf.get(), 4096));
2146 }
2147
TEST_P(SSLClientSocketReadTest,Read_SmallChunks)2148 TEST_P(SSLClientSocketReadTest, Read_SmallChunks) {
2149 ASSERT_TRUE(
2150 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2151
2152 int rv;
2153 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2154 EXPECT_THAT(rv, IsOk());
2155
2156 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2157 auto request_buffer =
2158 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2159 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2160
2161 TestCompletionCallback callback;
2162 rv = callback.GetResult(
2163 sock_->Write(request_buffer.get(), std::size(request_text) - 1,
2164 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2165 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2166
2167 auto buf = base::MakeRefCounted<IOBufferWithSize>(1);
2168 do {
2169 rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 1);
2170 EXPECT_GE(rv, 0);
2171 } while (rv > 0);
2172 }
2173
TEST_P(SSLClientSocketReadTest,Read_ManySmallRecords)2174 TEST_P(SSLClientSocketReadTest, Read_ManySmallRecords) {
2175 ASSERT_TRUE(
2176 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2177
2178 TestCompletionCallback callback;
2179
2180 auto real_transport = std::make_unique<TCPClientSocket>(
2181 addr(), nullptr, nullptr, nullptr, NetLogSource());
2182 auto transport =
2183 std::make_unique<ReadBufferingStreamSocket>(std::move(real_transport));
2184 ReadBufferingStreamSocket* raw_transport = transport.get();
2185 int rv = callback.GetResult(transport->Connect(callback.callback()));
2186 ASSERT_THAT(rv, IsOk());
2187
2188 SSLConfig config;
2189 config.disable_post_handshake_peek_for_testing = true;
2190 std::unique_ptr<SSLClientSocket> sock(
2191 CreateSSLClientSocket(std::move(transport), host_port_pair(), config));
2192
2193 rv = callback.GetResult(sock->Connect(callback.callback()));
2194 ASSERT_THAT(rv, IsOk());
2195 ASSERT_TRUE(sock->IsConnected());
2196
2197 const char request_text[] = "GET /ssl-many-small-records HTTP/1.0\r\n\r\n";
2198 auto request_buffer =
2199 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2200 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2201
2202 rv = callback.GetResult(
2203 sock->Write(request_buffer.get(), std::size(request_text) - 1,
2204 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2205 ASSERT_GT(rv, 0);
2206 ASSERT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2207
2208 // Note: This relies on SSLClientSocketNSS attempting to read up to 17K of
2209 // data (the max SSL record size) at a time. Ensure that at least 15K worth
2210 // of SSL data is buffered first. The 15K of buffered data is made up of
2211 // many smaller SSL records (the TestServer writes along 1350 byte
2212 // plaintext boundaries), although there may also be a few records that are
2213 // smaller or larger, due to timing and SSL False Start.
2214 // 15K was chosen because 15K is smaller than the 17K (max) read issued by
2215 // the SSLClientSocket implementation, and larger than the minimum amount
2216 // of ciphertext necessary to contain the 8K of plaintext requested below.
2217 raw_transport->BufferNextRead(15000);
2218
2219 auto buffer = base::MakeRefCounted<IOBufferWithSize>(8192);
2220 rv = ReadAndWaitForCompletion(sock.get(), buffer.get(), 8192);
2221 ASSERT_EQ(rv, 8192);
2222 }
2223
TEST_P(SSLClientSocketReadTest,Read_Interrupted)2224 TEST_P(SSLClientSocketReadTest, Read_Interrupted) {
2225 ASSERT_TRUE(
2226 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2227
2228 int rv;
2229 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2230 EXPECT_THAT(rv, IsOk());
2231
2232 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2233 auto request_buffer =
2234 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2235 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2236
2237 TestCompletionCallback callback;
2238 rv = callback.GetResult(
2239 sock_->Write(request_buffer.get(), std::size(request_text) - 1,
2240 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2241 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2242
2243 // Do a partial read and then exit. This test should not crash!
2244 auto buf = base::MakeRefCounted<IOBufferWithSize>(512);
2245 rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 512);
2246 EXPECT_GT(rv, 0);
2247 }
2248
TEST_P(SSLClientSocketReadTest,Read_FullLogging)2249 TEST_P(SSLClientSocketReadTest, Read_FullLogging) {
2250 ASSERT_TRUE(
2251 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2252
2253 TestCompletionCallback callback;
2254 log_observer_.SetObserverCaptureMode(NetLogCaptureMode::kEverything);
2255 auto transport = std::make_unique<TCPClientSocket>(
2256 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2257 int rv = callback.GetResult(transport->Connect(callback.callback()));
2258 EXPECT_THAT(rv, IsOk());
2259
2260 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2261 std::move(transport), host_port_pair(), SSLConfig()));
2262
2263 rv = callback.GetResult(sock->Connect(callback.callback()));
2264 EXPECT_THAT(rv, IsOk());
2265 EXPECT_TRUE(sock->IsConnected());
2266
2267 const char request_text[] = "GET / HTTP/1.0\r\n\r\n";
2268 auto request_buffer =
2269 base::MakeRefCounted<IOBufferWithSize>(std::size(request_text) - 1);
2270 memcpy(request_buffer->data(), request_text, std::size(request_text) - 1);
2271
2272 rv = callback.GetResult(
2273 sock->Write(request_buffer.get(), std::size(request_text) - 1,
2274 callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS));
2275 EXPECT_EQ(static_cast<int>(std::size(request_text) - 1), rv);
2276
2277 auto entries = log_observer_.GetEntries();
2278 size_t last_index = ExpectLogContainsSomewhereAfter(
2279 entries, 5, NetLogEventType::SSL_SOCKET_BYTES_SENT,
2280 NetLogEventPhase::NONE);
2281
2282 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
2283 for (;;) {
2284 rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096);
2285 EXPECT_GE(rv, 0);
2286 if (rv <= 0)
2287 break;
2288
2289 entries = log_observer_.GetEntries();
2290 last_index = ExpectLogContainsSomewhereAfter(
2291 entries, last_index + 1, NetLogEventType::SSL_SOCKET_BYTES_RECEIVED,
2292 NetLogEventPhase::NONE);
2293 }
2294 }
2295
2296 // Regression test for http://crbug.com/42538
TEST_F(SSLClientSocketTest,PrematureApplicationData)2297 TEST_F(SSLClientSocketTest, PrematureApplicationData) {
2298 ASSERT_TRUE(
2299 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2300
2301 static const unsigned char application_data[] = {
2302 0x17, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00, 0x46, 0x03, 0x01, 0x4b,
2303 0xc2, 0xf8, 0xb2, 0xc1, 0x56, 0x42, 0xb9, 0x57, 0x7f, 0xde, 0x87, 0x46,
2304 0xf7, 0xa3, 0x52, 0x42, 0x21, 0xf0, 0x13, 0x1c, 0x9c, 0x83, 0x88, 0xd6,
2305 0x93, 0x0c, 0xf6, 0x36, 0x30, 0x05, 0x7e, 0x20, 0xb5, 0xb5, 0x73, 0x36,
2306 0x53, 0x83, 0x0a, 0xfc, 0x17, 0x63, 0xbf, 0xa0, 0xe4, 0x42, 0x90, 0x0d,
2307 0x2f, 0x18, 0x6d, 0x20, 0xd8, 0x36, 0x3f, 0xfc, 0xe6, 0x01, 0xfa, 0x0f,
2308 0xa5, 0x75, 0x7f, 0x09, 0x00, 0x04, 0x00, 0x16, 0x03, 0x01, 0x11, 0x57,
2309 0x0b, 0x00, 0x11, 0x53, 0x00, 0x11, 0x50, 0x00, 0x06, 0x22, 0x30, 0x82,
2310 0x06, 0x1e, 0x30, 0x82, 0x05, 0x06, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
2311 0x0a};
2312
2313 // All reads and writes complete synchronously (async=false).
2314 MockRead data_reads[] = {
2315 MockRead(SYNCHRONOUS, reinterpret_cast<const char*>(application_data),
2316 std::size(application_data)),
2317 MockRead(SYNCHRONOUS, OK),
2318 };
2319
2320 StaticSocketDataProvider data(data_reads, base::span<MockWrite>());
2321
2322 TestCompletionCallback callback;
2323 std::unique_ptr<StreamSocket> transport(
2324 std::make_unique<MockTCPClientSocket>(addr(), nullptr, &data));
2325 int rv = callback.GetResult(transport->Connect(callback.callback()));
2326 EXPECT_THAT(rv, IsOk());
2327
2328 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2329 std::move(transport), host_port_pair(), SSLConfig()));
2330
2331 rv = callback.GetResult(sock->Connect(callback.callback()));
2332 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
2333 }
2334
TEST_F(SSLClientSocketTest,CipherSuiteDisables)2335 TEST_F(SSLClientSocketTest, CipherSuiteDisables) {
2336 SSLServerConfig server_config;
2337 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
2338 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
2339 ASSERT_TRUE(
2340 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2341
2342 SSLContextConfig ssl_context_config;
2343 ssl_context_config.disabled_cipher_suites.push_back(kModernTLS12Cipher);
2344 ssl_config_service_->UpdateSSLConfigAndNotify(ssl_context_config);
2345
2346 int rv;
2347 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2348 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
2349 }
2350
2351 // Test that TLS versions prior to TLS 1.2 cannot be configured in
2352 // SSLClientSocket.
TEST_F(SSLClientSocketTest,LegacyTLSVersions)2353 TEST_F(SSLClientSocketTest, LegacyTLSVersions) {
2354 // Start a server, just so the underlying socket can connect somewhere, but it
2355 // will fail before talking to the server, so it is fine that the server does
2356 // not speak these versions.
2357 ASSERT_TRUE(
2358 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2359
2360 // Although we don't have `SSL_PROTOCOL_VERSION_*` constants for SSL 3.0
2361 // through TLS 1.1, these values are just passed through to the BoringSSL API,
2362 // which means the underlying protocol version numbers can be used here.
2363 //
2364 // TODO(https://crbug.com/1416295): Ideally SSLConfig would just take an enum,
2365 // at which point this test can be removed.
2366 for (uint16_t version : {SSL3_VERSION, TLS1_VERSION, TLS1_1_VERSION}) {
2367 SCOPED_TRACE(version);
2368
2369 SSLConfig config;
2370 config.version_min_override = version;
2371 int rv;
2372 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2373 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
2374
2375 config.version_min_override = std::nullopt;
2376 config.version_max_override = version;
2377 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
2378 EXPECT_THAT(rv, IsError(ERR_UNEXPECTED));
2379 }
2380 }
2381
2382 // When creating an SSLClientSocket, it is allowed to pass in a
2383 // ClientSocketHandle that is not obtained from a client socket pool.
2384 // Here we verify that such a simple ClientSocketHandle, not associated with any
2385 // client socket pool, can be destroyed safely.
TEST_F(SSLClientSocketTest,ClientSocketHandleNotFromPool)2386 TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
2387 ASSERT_TRUE(
2388 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
2389
2390 TestCompletionCallback callback;
2391 auto transport = std::make_unique<TCPClientSocket>(addr(), nullptr, nullptr,
2392 nullptr, NetLogSource());
2393 int rv = callback.GetResult(transport->Connect(callback.callback()));
2394 EXPECT_THAT(rv, IsOk());
2395
2396 std::unique_ptr<SSLClientSocket> sock(socket_factory_->CreateSSLClientSocket(
2397 context_.get(), std::move(transport), host_port_pair(), SSLConfig()));
2398
2399 EXPECT_FALSE(sock->IsConnected());
2400 rv = callback.GetResult(sock->Connect(callback.callback()));
2401 EXPECT_THAT(rv, IsOk());
2402 }
2403
2404 // Verifies that SSLClientSocket::ExportKeyingMaterial return a success
2405 // code and different keying label results in different keying material.
TEST_P(SSLClientSocketVersionTest,ExportKeyingMaterial)2406 TEST_P(SSLClientSocketVersionTest, ExportKeyingMaterial) {
2407 ASSERT_TRUE(
2408 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2409
2410 int rv;
2411 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2412 EXPECT_THAT(rv, IsOk());
2413 EXPECT_TRUE(sock_->IsConnected());
2414
2415 const int kKeyingMaterialSize = 32;
2416 const char kKeyingLabel1[] = "client-socket-test-1";
2417 const char kKeyingContext1[] = "";
2418 unsigned char client_out1[kKeyingMaterialSize];
2419 memset(client_out1, 0, sizeof(client_out1));
2420 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, false, kKeyingContext1,
2421 client_out1, sizeof(client_out1));
2422 EXPECT_EQ(rv, OK);
2423
2424 const char kKeyingLabel2[] = "client-socket-test-2";
2425 unsigned char client_out2[kKeyingMaterialSize];
2426 memset(client_out2, 0, sizeof(client_out2));
2427 rv = sock_->ExportKeyingMaterial(kKeyingLabel2, false, kKeyingContext1,
2428 client_out2, sizeof(client_out2));
2429 EXPECT_EQ(rv, OK);
2430 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2431
2432 const char kKeyingContext2[] = "context";
2433 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, true, kKeyingContext2,
2434 client_out2, sizeof(client_out2));
2435 EXPECT_EQ(rv, OK);
2436 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2437
2438 // Prior to TLS 1.3, using an empty context should give different key material
2439 // from not using a context at all. In TLS 1.3, the distinction is deprecated
2440 // and they are the same.
2441 memset(client_out2, 0, sizeof(client_out2));
2442 rv = sock_->ExportKeyingMaterial(kKeyingLabel1, true, kKeyingContext1,
2443 client_out2, sizeof(client_out2));
2444 EXPECT_EQ(rv, OK);
2445 if (version() >= SSL_PROTOCOL_VERSION_TLS1_3) {
2446 EXPECT_EQ(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2447 } else {
2448 EXPECT_NE(memcmp(client_out1, client_out2, kKeyingMaterialSize), 0);
2449 }
2450 }
2451
TEST(SSLClientSocket,SerializeNextProtos)2452 TEST(SSLClientSocket, SerializeNextProtos) {
2453 NextProtoVector next_protos;
2454 next_protos.push_back(kProtoHTTP11);
2455 next_protos.push_back(kProtoHTTP2);
2456 static std::vector<uint8_t> serialized =
2457 SSLClientSocket::SerializeNextProtos(next_protos);
2458 ASSERT_EQ(12u, serialized.size());
2459 EXPECT_EQ(8, serialized[0]); // length("http/1.1")
2460 EXPECT_EQ('h', serialized[1]);
2461 EXPECT_EQ('t', serialized[2]);
2462 EXPECT_EQ('t', serialized[3]);
2463 EXPECT_EQ('p', serialized[4]);
2464 EXPECT_EQ('/', serialized[5]);
2465 EXPECT_EQ('1', serialized[6]);
2466 EXPECT_EQ('.', serialized[7]);
2467 EXPECT_EQ('1', serialized[8]);
2468 EXPECT_EQ(2, serialized[9]); // length("h2")
2469 EXPECT_EQ('h', serialized[10]);
2470 EXPECT_EQ('2', serialized[11]);
2471 }
2472
2473 // Test that the server certificates are properly retrieved from the underlying
2474 // SSL stack.
TEST_P(SSLClientSocketVersionTest,VerifyServerChainProperlyOrdered)2475 TEST_P(SSLClientSocketVersionTest, VerifyServerChainProperlyOrdered) {
2476 // The connection does not have to be successful.
2477 cert_verifier_->set_default_result(ERR_CERT_INVALID);
2478
2479 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2480 // This makes the server present redundant-server-chain.pem, which contains
2481 // intermediate certificates.
2482 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2483 GetServerConfig()));
2484
2485 int rv;
2486 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2487 EXPECT_THAT(rv, IsError(ERR_CERT_INVALID));
2488 EXPECT_FALSE(sock_->IsConnected());
2489
2490 // When given option CERT_CHAIN_WRONG_ROOT, EmbeddedTestServer will present
2491 // certs from redundant-server-chain.pem.
2492 CertificateList server_certs =
2493 CreateCertificateListFromFile(GetTestCertsDirectory(),
2494 "redundant-server-chain.pem",
2495 X509Certificate::FORMAT_AUTO);
2496
2497 // Get the server certificate as received client side.
2498 SSLInfo ssl_info;
2499 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2500 scoped_refptr<X509Certificate> server_certificate = ssl_info.unverified_cert;
2501
2502 // Get the intermediates as received client side.
2503 const auto& server_intermediates = server_certificate->intermediate_buffers();
2504
2505 // Check that the unverified server certificate chain is properly retrieved
2506 // from the underlying ssl stack.
2507 ASSERT_EQ(4U, server_certs.size());
2508
2509 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_certificate->cert_buffer(),
2510 server_certs[0]->cert_buffer()));
2511
2512 ASSERT_EQ(3U, server_intermediates.size());
2513
2514 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[0].get(),
2515 server_certs[1]->cert_buffer()));
2516 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[1].get(),
2517 server_certs[2]->cert_buffer()));
2518 EXPECT_TRUE(x509_util::CryptoBufferEqual(server_intermediates[2].get(),
2519 server_certs[3]->cert_buffer()));
2520
2521 sock_->Disconnect();
2522 EXPECT_FALSE(sock_->IsConnected());
2523 }
2524
2525 // This tests that SSLInfo contains a properly re-constructed certificate
2526 // chain. That, in turn, verifies that GetSSLInfo is giving us the chain as
2527 // verified, not the chain as served by the server. (They may be different.)
2528 //
2529 // CERT_CHAIN_WRONG_ROOT is redundant-server-chain.pem. It contains A
2530 // (end-entity) -> B -> C, and C is signed by D. redundant-validated-chain.pem
2531 // contains a chain of A -> B -> C2, where C2 is the same public key as C, but
2532 // a self-signed root. Such a situation can occur when a new root (C2) is
2533 // cross-certified by an old root (D) and has two different versions of its
2534 // floating around. Servers may supply C2 as an intermediate, but the
2535 // SSLClientSocket should return the chain that was verified, from
2536 // verify_result, instead.
TEST_P(SSLClientSocketVersionTest,VerifyReturnChainProperlyOrdered)2537 TEST_P(SSLClientSocketVersionTest, VerifyReturnChainProperlyOrdered) {
2538 // By default, cause the CertVerifier to treat all certificates as
2539 // expired.
2540 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2541
2542 CertificateList unverified_certs = CreateCertificateListFromFile(
2543 GetTestCertsDirectory(), "redundant-server-chain.pem",
2544 X509Certificate::FORMAT_AUTO);
2545 ASSERT_EQ(4u, unverified_certs.size());
2546
2547 // We will expect SSLInfo to ultimately contain this chain.
2548 CertificateList certs =
2549 CreateCertificateListFromFile(GetTestCertsDirectory(),
2550 "redundant-validated-chain.pem",
2551 X509Certificate::FORMAT_AUTO);
2552 ASSERT_EQ(3U, certs.size());
2553
2554 ASSERT_TRUE(certs[0]->EqualsExcludingChain(unverified_certs[0].get()));
2555
2556 std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> temp_intermediates;
2557 temp_intermediates.push_back(bssl::UpRef(certs[1]->cert_buffer()));
2558 temp_intermediates.push_back(bssl::UpRef(certs[2]->cert_buffer()));
2559
2560 CertVerifyResult verify_result;
2561 verify_result.verified_cert = X509Certificate::CreateFromBuffer(
2562 bssl::UpRef(certs[0]->cert_buffer()), std::move(temp_intermediates));
2563 ASSERT_TRUE(verify_result.verified_cert);
2564
2565 // Add a rule that maps the server cert (A) to the chain of A->B->C2
2566 // rather than A->B->C.
2567 cert_verifier_->AddResultForCert(certs[0].get(), verify_result, OK);
2568
2569 // Load and install the root for the validated chain.
2570 scoped_refptr<X509Certificate> root_cert = ImportCertFromFile(
2571 GetTestCertsDirectory(), "redundant-validated-chain-root.pem");
2572 ASSERT_NE(static_cast<X509Certificate*>(nullptr), root_cert.get());
2573 ScopedTestRoot scoped_root(root_cert);
2574
2575 // Set up a test server with CERT_CHAIN_WRONG_ROOT.
2576 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2577 GetServerConfig()));
2578
2579 int rv;
2580 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2581 EXPECT_THAT(rv, IsOk());
2582 EXPECT_TRUE(sock_->IsConnected());
2583
2584 auto entries = log_observer_.GetEntries();
2585 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT));
2586
2587 SSLInfo ssl_info;
2588 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2589
2590 // Verify that SSLInfo contains the corrected re-constructed chain A -> B
2591 // -> C2.
2592 ASSERT_TRUE(ssl_info.cert);
2593 const auto& intermediates = ssl_info.cert->intermediate_buffers();
2594 ASSERT_EQ(2U, intermediates.size());
2595 EXPECT_TRUE(x509_util::CryptoBufferEqual(ssl_info.cert->cert_buffer(),
2596 certs[0]->cert_buffer()));
2597 EXPECT_TRUE(x509_util::CryptoBufferEqual(intermediates[0].get(),
2598 certs[1]->cert_buffer()));
2599 EXPECT_TRUE(x509_util::CryptoBufferEqual(intermediates[1].get(),
2600 certs[2]->cert_buffer()));
2601
2602 // Verify that SSLInfo also contains the chain as received from the server.
2603 ASSERT_TRUE(ssl_info.unverified_cert);
2604 const auto& served_intermediates =
2605 ssl_info.unverified_cert->intermediate_buffers();
2606 ASSERT_EQ(3U, served_intermediates.size());
2607 EXPECT_TRUE(x509_util::CryptoBufferEqual(ssl_info.cert->cert_buffer(),
2608 unverified_certs[0]->cert_buffer()));
2609 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[0].get(),
2610 unverified_certs[1]->cert_buffer()));
2611 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[1].get(),
2612 unverified_certs[2]->cert_buffer()));
2613 EXPECT_TRUE(x509_util::CryptoBufferEqual(served_intermediates[2].get(),
2614 unverified_certs[3]->cert_buffer()));
2615
2616 sock_->Disconnect();
2617 EXPECT_FALSE(sock_->IsConnected());
2618 }
2619
2620 // Client certificates are disabled on iOS.
2621 #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
2622 INSTANTIATE_TEST_SUITE_P(TLSVersion,
2623 SSLClientSocketCertRequestInfoTest,
2624 ValuesIn(GetTLSVersions()));
2625
TEST_P(SSLClientSocketCertRequestInfoTest,DontRequestClientCertsIfServerCertInvalid)2626 TEST_P(SSLClientSocketCertRequestInfoTest,
2627 DontRequestClientCertsIfServerCertInvalid) {
2628 SSLServerConfig config = GetServerConfig();
2629 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2630 ASSERT_TRUE(
2631 StartEmbeddedTestServer(EmbeddedTestServer::CERT_EXPIRED, config));
2632
2633 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2634 int rv;
2635 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2636 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID));
2637 }
2638
TEST_P(SSLClientSocketCertRequestInfoTest,NoAuthorities)2639 TEST_P(SSLClientSocketCertRequestInfoTest, NoAuthorities) {
2640 SSLServerConfig config = GetServerConfig();
2641 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2642 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2643 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2644 ASSERT_TRUE(request_info.get());
2645 EXPECT_EQ(0u, request_info->cert_authorities.size());
2646 }
2647
TEST_P(SSLClientSocketCertRequestInfoTest,TwoAuthorities)2648 TEST_P(SSLClientSocketCertRequestInfoTest, TwoAuthorities) {
2649 const unsigned char kThawteDN[] = {
2650 0x30, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
2651 0x02, 0x5a, 0x41, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0a,
2652 0x13, 0x1c, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x43, 0x6f, 0x6e,
2653 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x28, 0x50, 0x74, 0x79,
2654 0x29, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03,
2655 0x55, 0x04, 0x03, 0x13, 0x0d, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20,
2656 0x53, 0x47, 0x43, 0x20, 0x43, 0x41};
2657
2658 const unsigned char kDiginotarDN[] = {
2659 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
2660 0x02, 0x4e, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
2661 0x13, 0x09, 0x44, 0x69, 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x31,
2662 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x11, 0x44, 0x69,
2663 0x67, 0x69, 0x4e, 0x6f, 0x74, 0x61, 0x72, 0x20, 0x52, 0x6f, 0x6f, 0x74,
2664 0x20, 0x43, 0x41, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x09, 0x2a, 0x86, 0x48,
2665 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x11, 0x69, 0x6e, 0x66, 0x6f,
2666 0x40, 0x64, 0x69, 0x67, 0x69, 0x6e, 0x6f, 0x74, 0x61, 0x72, 0x2e, 0x6e,
2667 0x6c};
2668
2669 SSLServerConfig config = GetServerConfig();
2670 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2671 config.cert_authorities.emplace_back(std::begin(kThawteDN),
2672 std::end(kThawteDN));
2673 config.cert_authorities.emplace_back(std::begin(kDiginotarDN),
2674 std::end(kDiginotarDN));
2675 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2676 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2677 ASSERT_TRUE(request_info.get());
2678 EXPECT_EQ(config.cert_authorities, request_info->cert_authorities);
2679 }
2680
TEST_P(SSLClientSocketCertRequestInfoTest,CertKeyTypes)2681 TEST_P(SSLClientSocketCertRequestInfoTest, CertKeyTypes) {
2682 SSLServerConfig config = GetServerConfig();
2683 config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
2684 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, config));
2685 scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest();
2686 ASSERT_TRUE(request_info);
2687 // Look for some values we expect BoringSSL to always send.
2688 EXPECT_THAT(request_info->signature_algorithms,
2689 testing::Contains(SSL_SIGN_ECDSA_SECP256R1_SHA256));
2690 EXPECT_THAT(request_info->signature_algorithms,
2691 testing::Contains(SSL_SIGN_RSA_PSS_RSAE_SHA256));
2692 }
2693 #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
2694
2695 // Tests that the Certificate Transparency (RFC 6962) TLS extension is
2696 // supported.
TEST_P(SSLClientSocketVersionTest,ConnectSignedCertTimestampsTLSExtension)2697 TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsTLSExtension) {
2698 // Encoding of SCT List containing 'test'.
2699 std::string_view sct_ext("\x00\x06\x00\x04test", 8);
2700
2701 SSLServerConfig server_config = GetServerConfig();
2702 server_config.signed_cert_timestamp_list =
2703 std::vector<uint8_t>(sct_ext.begin(), sct_ext.end());
2704 ASSERT_TRUE(
2705 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2706
2707 int rv;
2708 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2709 EXPECT_THAT(rv, IsOk());
2710
2711 EXPECT_TRUE(sock_->signed_cert_timestamps_received_);
2712
2713 ASSERT_EQ(cert_verifier_->GetVerifyParams().size(), 1u);
2714 const auto& params = cert_verifier_->GetVerifyParams().front();
2715 EXPECT_TRUE(params.certificate()->EqualsIncludingChain(
2716 embedded_test_server()->GetCertificate().get()));
2717 EXPECT_EQ(params.hostname(), embedded_test_server()->host_port_pair().host());
2718 EXPECT_EQ(params.ocsp_response(), "");
2719 EXPECT_EQ(params.sct_list(), sct_ext);
2720
2721 sock_ = nullptr;
2722 context_ = nullptr;
2723 }
2724
2725 // Tests that OCSP stapling is requested, as per Certificate Transparency (RFC
2726 // 6962).
TEST_P(SSLClientSocketVersionTest,ConnectSignedCertTimestampsEnablesOCSP)2727 TEST_P(SSLClientSocketVersionTest, ConnectSignedCertTimestampsEnablesOCSP) {
2728 // The test server currently only knows how to generate OCSP responses
2729 // for a freshly minted certificate.
2730 EmbeddedTestServer::ServerCertificateConfig cert_config;
2731 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
2732 {{bssl::OCSPRevocationStatus::GOOD,
2733 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
2734
2735 ASSERT_TRUE(StartEmbeddedTestServer(cert_config, GetServerConfig()));
2736
2737 SSLConfig ssl_config;
2738
2739 int rv;
2740 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2741 EXPECT_THAT(rv, IsOk());
2742
2743 EXPECT_TRUE(sock_->stapled_ocsp_response_received_);
2744 }
2745
2746 // Tests that IsConnectedAndIdle and WasEverUsed behave as expected.
TEST_P(SSLClientSocketVersionTest,ReuseStates)2747 TEST_P(SSLClientSocketVersionTest, ReuseStates) {
2748 ASSERT_TRUE(
2749 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2750
2751 int rv;
2752 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2753
2754 // The socket was just connected. It should be idle because it is speaking
2755 // HTTP. Although the transport has been used for the handshake, WasEverUsed()
2756 // returns false.
2757 EXPECT_TRUE(sock_->IsConnected());
2758 EXPECT_TRUE(sock_->IsConnectedAndIdle());
2759 EXPECT_FALSE(sock_->WasEverUsed());
2760
2761 const char kRequestText[] = "GET / HTTP/1.0\r\n\r\n";
2762 const size_t kRequestLen = std::size(kRequestText) - 1;
2763 auto request_buffer = base::MakeRefCounted<IOBufferWithSize>(kRequestLen);
2764 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2765
2766 TestCompletionCallback callback;
2767 rv = callback.GetResult(sock_->Write(request_buffer.get(), kRequestLen,
2768 callback.callback(),
2769 TRAFFIC_ANNOTATION_FOR_TESTS));
2770 EXPECT_EQ(static_cast<int>(kRequestLen), rv);
2771
2772 // The socket has now been used.
2773 EXPECT_TRUE(sock_->WasEverUsed());
2774
2775 // TODO(davidben): Read one byte to ensure the test server has responded and
2776 // then assert IsConnectedAndIdle is false. This currently doesn't work
2777 // because SSLClientSocketImpl doesn't check the implementation's internal
2778 // buffer. Call SSL_pending.
2779 }
2780
2781 // Tests that |is_fatal_cert_error| does not get set for a certificate error,
2782 // on a non-HSTS host.
TEST_P(SSLClientSocketVersionTest,IsFatalErrorNotSetOnNonFatalError)2783 TEST_P(SSLClientSocketVersionTest, IsFatalErrorNotSetOnNonFatalError) {
2784 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2785 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2786 GetServerConfig()));
2787 int rv;
2788 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2789 SSLInfo ssl_info;
2790 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2791 EXPECT_FALSE(ssl_info.is_fatal_cert_error);
2792 }
2793
2794 // Tests that |is_fatal_cert_error| gets set for a certificate error on an
2795 // HSTS host.
TEST_P(SSLClientSocketVersionTest,IsFatalErrorSetOnFatalError)2796 TEST_P(SSLClientSocketVersionTest, IsFatalErrorSetOnFatalError) {
2797 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID);
2798 ASSERT_TRUE(StartEmbeddedTestServer(EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT,
2799 GetServerConfig()));
2800 int rv;
2801 const base::Time expiry = base::Time::Now() + base::Seconds(1000);
2802 transport_security_state_->AddHSTS(host_port_pair().host(), expiry, true);
2803 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
2804 SSLInfo ssl_info;
2805 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2806 EXPECT_TRUE(ssl_info.is_fatal_cert_error);
2807 }
2808
2809 // Tests that IsConnectedAndIdle treats a socket as idle even if a Write hasn't
2810 // been flushed completely out of SSLClientSocket's internal buffers. This is a
2811 // regression test for https://crbug.com/466147.
TEST_P(SSLClientSocketVersionTest,ReusableAfterWrite)2812 TEST_P(SSLClientSocketVersionTest, ReusableAfterWrite) {
2813 ASSERT_TRUE(
2814 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2815
2816 TestCompletionCallback callback;
2817 auto real_transport = std::make_unique<TCPClientSocket>(
2818 addr(), nullptr, nullptr, nullptr, NetLogSource());
2819 auto transport =
2820 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
2821 FakeBlockingStreamSocket* raw_transport = transport.get();
2822 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2823 IsOk());
2824
2825 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2826 std::move(transport), host_port_pair(), SSLConfig()));
2827 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2828
2829 // Block any application data from reaching the network.
2830 raw_transport->BlockWrite();
2831
2832 // Write a partial HTTP request.
2833 const char kRequestText[] = "GET / HTTP/1.0";
2834 const size_t kRequestLen = std::size(kRequestText) - 1;
2835 auto request_buffer = base::MakeRefCounted<IOBufferWithSize>(kRequestLen);
2836 memcpy(request_buffer->data(), kRequestText, kRequestLen);
2837
2838 // Although transport writes are blocked, SSLClientSocketImpl completes the
2839 // outer Write operation.
2840 EXPECT_EQ(static_cast<int>(kRequestLen),
2841 callback.GetResult(sock->Write(request_buffer.get(), kRequestLen,
2842 callback.callback(),
2843 TRAFFIC_ANNOTATION_FOR_TESTS)));
2844
2845 // The Write operation is complete, so the socket should be treated as
2846 // reusable, in case the server returns an HTTP response before completely
2847 // consuming the request body. In this case, we assume the server will
2848 // properly drain the request body before trying to read the next request.
2849 EXPECT_TRUE(sock->IsConnectedAndIdle());
2850 }
2851
2852 // Tests that basic session resumption works.
TEST_P(SSLClientSocketVersionTest,SessionResumption)2853 TEST_P(SSLClientSocketVersionTest, SessionResumption) {
2854 ASSERT_TRUE(
2855 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
2856
2857 // First, perform a full handshake.
2858 SSLConfig ssl_config;
2859 int rv;
2860 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2861 ASSERT_THAT(rv, IsOk());
2862 SSLInfo ssl_info;
2863 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2864 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2865
2866 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
2867 // use the socket to ensure the session ticket has been picked up.
2868 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
2869
2870 // The next connection should resume.
2871 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2872 ASSERT_THAT(rv, IsOk());
2873 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2874 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2875 sock_.reset();
2876
2877 // Using a different HostPortPair uses a different session cache key.
2878 auto transport = std::make_unique<TCPClientSocket>(
2879 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2880 TestCompletionCallback callback;
2881 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2882 IsOk());
2883 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
2884 std::move(transport), HostPortPair("example.com", 443), ssl_config);
2885 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
2886 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
2887 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2888 sock.reset();
2889
2890 ssl_client_session_cache_->Flush();
2891
2892 // After clearing the session cache, the next handshake doesn't resume.
2893 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2894 ASSERT_THAT(rv, IsOk());
2895 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2896 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2897
2898 // Pick up the ticket again and confirm resumption works.
2899 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
2900 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2901 ASSERT_THAT(rv, IsOk());
2902 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2903 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2904 sock_.reset();
2905
2906 // Updating the context-wide configuration should flush the session cache.
2907 SSLContextConfig config;
2908 config.disabled_cipher_suites = {1234};
2909 ssl_config_service_->UpdateSSLConfigAndNotify(config);
2910 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2911 ASSERT_THAT(rv, IsOk());
2912 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
2913 }
2914
2915 namespace {
2916
2917 // FakePeerAddressSocket wraps a |StreamSocket|, forwarding all calls except
2918 // that it provides a given answer for |GetPeerAddress|.
2919 class FakePeerAddressSocket : public WrappedStreamSocket {
2920 public:
FakePeerAddressSocket(std::unique_ptr<StreamSocket> socket,const IPEndPoint & address)2921 FakePeerAddressSocket(std::unique_ptr<StreamSocket> socket,
2922 const IPEndPoint& address)
2923 : WrappedStreamSocket(std::move(socket)), address_(address) {}
2924 ~FakePeerAddressSocket() override = default;
2925
GetPeerAddress(IPEndPoint * address) const2926 int GetPeerAddress(IPEndPoint* address) const override {
2927 *address = address_;
2928 return OK;
2929 }
2930
2931 private:
2932 const IPEndPoint address_;
2933 };
2934
2935 } // namespace
2936
TEST_F(SSLClientSocketTest,SessionResumption_RSA)2937 TEST_F(SSLClientSocketTest, SessionResumption_RSA) {
2938 for (bool use_rsa : {false, true}) {
2939 SCOPED_TRACE(use_rsa);
2940
2941 SSLServerConfig server_config;
2942 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
2943 server_config.cipher_suite_for_testing =
2944 use_rsa ? kRSACipher : kModernTLS12Cipher;
2945 ASSERT_TRUE(
2946 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2947 SSLConfig ssl_config;
2948 ssl_client_session_cache_->Flush();
2949
2950 for (int i = 0; i < 3; i++) {
2951 SCOPED_TRACE(i);
2952
2953 auto transport = std::make_unique<TCPClientSocket>(
2954 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
2955 TestCompletionCallback callback;
2956 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
2957 IsOk());
2958 // The third handshake sees a different destination IP address.
2959 IPEndPoint fake_peer_address(IPAddress(1, 1, 1, i == 2 ? 2 : 1), 443);
2960 auto socket = std::make_unique<FakePeerAddressSocket>(
2961 std::move(transport), fake_peer_address);
2962 std::unique_ptr<SSLClientSocket> sock = CreateSSLClientSocket(
2963 std::move(socket), HostPortPair("example.com", 443), ssl_config);
2964 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())),
2965 IsOk());
2966 SSLInfo ssl_info;
2967 ASSERT_TRUE(sock->GetSSLInfo(&ssl_info));
2968 sock.reset();
2969
2970 switch (i) {
2971 case 0:
2972 // Initial handshake should be a full handshake.
2973 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2974 break;
2975 case 1:
2976 // Second handshake should resume.
2977 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2978 break;
2979 case 2:
2980 // Third handshake gets a different IP address and, if the
2981 // session used RSA key exchange, it should not resume.
2982 EXPECT_EQ(
2983 use_rsa ? SSLInfo::HANDSHAKE_FULL : SSLInfo::HANDSHAKE_RESUME,
2984 ssl_info.handshake_type);
2985 break;
2986 default:
2987 NOTREACHED();
2988 }
2989 }
2990 }
2991 }
2992
2993 // Tests that ALPN works with session resumption.
TEST_F(SSLClientSocketTest,SessionResumptionAlpn)2994 TEST_F(SSLClientSocketTest, SessionResumptionAlpn) {
2995 SSLServerConfig server_config;
2996 server_config.alpn_protos = {NextProto::kProtoHTTP2, NextProto::kProtoHTTP11};
2997 ASSERT_TRUE(
2998 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
2999
3000 // First, perform a full handshake.
3001 SSLConfig ssl_config;
3002 ssl_config.alpn_protos.push_back(kProtoHTTP2);
3003 int rv;
3004 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3005 ASSERT_THAT(rv, IsOk());
3006 SSLInfo ssl_info;
3007 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3008 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3009 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
3010
3011 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3012 // use the socket to ensure the session ticket has been picked up.
3013 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3014
3015 // The next connection should resume; ALPN should be renegotiated.
3016 ssl_config.alpn_protos.clear();
3017 ssl_config.alpn_protos.push_back(kProtoHTTP11);
3018 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3019 ASSERT_THAT(rv, IsOk());
3020 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3021 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3022 EXPECT_EQ(kProtoHTTP11, sock_->GetNegotiatedProtocol());
3023 }
3024
3025 // Tests that the session cache is not sharded by NetworkAnonymizationKey if the
3026 // feature is disabled.
TEST_P(SSLClientSocketVersionTest,SessionResumptionNetworkIsolationKeyDisabled)3027 TEST_P(SSLClientSocketVersionTest,
3028 SessionResumptionNetworkIsolationKeyDisabled) {
3029 base::test::ScopedFeatureList feature_list;
3030 feature_list.InitAndDisableFeature(
3031 features::kPartitionSSLSessionsByNetworkIsolationKey);
3032
3033 ASSERT_TRUE(
3034 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3035
3036 // First, perform a full handshake.
3037 SSLConfig ssl_config;
3038 int rv;
3039 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3040 ASSERT_THAT(rv, IsOk());
3041 SSLInfo ssl_info;
3042 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3043 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3044
3045 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3046 // use the socket to ensure the session ticket has been picked up. Do this for
3047 // every connection to avoid problems with TLS 1.3 single-use tickets.
3048 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3049
3050 // The next connection should resume.
3051 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3052 ASSERT_THAT(rv, IsOk());
3053 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3054 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3055 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3056 sock_.reset();
3057
3058 // Using a different NetworkAnonymizationKey shares session cache key because
3059 // sharding is disabled.
3060 const SchemefulSite kSiteA(GURL("https://a.test"));
3061 ssl_config.network_anonymization_key =
3062 NetworkAnonymizationKey::CreateSameSite(kSiteA);
3063 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3064 ASSERT_THAT(rv, IsOk());
3065 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3066 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3067 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3068 sock_.reset();
3069
3070 const SchemefulSite kSiteB(GURL("https://a.test"));
3071 ssl_config.network_anonymization_key =
3072 NetworkAnonymizationKey::CreateSameSite(kSiteB);
3073 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3074 ASSERT_THAT(rv, IsOk());
3075 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3076 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3077 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3078 sock_.reset();
3079 }
3080
3081 // Tests that the session cache is sharded by NetworkAnonymizationKey if the
3082 // feature is enabled.
TEST_P(SSLClientSocketVersionTest,SessionResumptionNetworkIsolationKeyEnabled)3083 TEST_P(SSLClientSocketVersionTest,
3084 SessionResumptionNetworkIsolationKeyEnabled) {
3085 base::test::ScopedFeatureList feature_list;
3086 feature_list.InitAndEnableFeature(
3087 features::kPartitionSSLSessionsByNetworkIsolationKey);
3088
3089 const SchemefulSite kSiteA(GURL("https://a.test"));
3090 const SchemefulSite kSiteB(GURL("https://b.test"));
3091 const auto kNetworkAnonymizationKeyA =
3092 NetworkAnonymizationKey::CreateSameSite(kSiteA);
3093 const auto kNetworkAnonymizationKeyB =
3094 NetworkAnonymizationKey::CreateSameSite(kSiteB);
3095
3096 ASSERT_TRUE(
3097 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3098
3099 // First, perform a full handshake.
3100 SSLConfig ssl_config;
3101 int rv;
3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3103 ASSERT_THAT(rv, IsOk());
3104 SSLInfo ssl_info;
3105 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3106 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3107
3108 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
3109 // use the socket to ensure the session ticket has been picked up. Do this for
3110 // every connection to avoid problems with TLS 1.3 single-use tickets.
3111 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3112
3113 // The next connection should resume.
3114 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3115 ASSERT_THAT(rv, IsOk());
3116 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3117 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3118 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3119 sock_.reset();
3120
3121 // Using a different NetworkAnonymizationKey uses a different session cache
3122 // key.
3123 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyA;
3124 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3125 ASSERT_THAT(rv, IsOk());
3126 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3127 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3128 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3129 sock_.reset();
3130
3131 // We, however, can resume under that newly-established session.
3132 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3133 ASSERT_THAT(rv, IsOk());
3134 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3135 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3136 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3137 sock_.reset();
3138
3139 // Repeat with another non-null key.
3140 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyB;
3141 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3142 ASSERT_THAT(rv, IsOk());
3143 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3144 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3145 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3146 sock_.reset();
3147
3148 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3149 ASSERT_THAT(rv, IsOk());
3150 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3151 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3152 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3153 sock_.reset();
3154
3155 // b.test does not evict a.test's session.
3156 ssl_config.network_anonymization_key = kNetworkAnonymizationKeyA;
3157 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3158 ASSERT_THAT(rv, IsOk());
3159 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3160 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3161 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
3162 sock_.reset();
3163 }
3164
3165 // Tests that connections with certificate errors do not add entries to the
3166 // session cache.
TEST_P(SSLClientSocketVersionTest,CertificateErrorNoResume)3167 TEST_P(SSLClientSocketVersionTest, CertificateErrorNoResume) {
3168 ASSERT_TRUE(
3169 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
3170
3171 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID);
3172
3173 SSLConfig ssl_config;
3174 int rv;
3175 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3176 ASSERT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID));
3177
3178 cert_verifier_->set_default_result(OK);
3179
3180 // The next connection should perform a full handshake.
3181 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3182 ASSERT_THAT(rv, IsOk());
3183 SSLInfo ssl_info;
3184 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3185 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3186 }
3187
TEST_F(SSLClientSocketTest,RequireECDHE)3188 TEST_F(SSLClientSocketTest, RequireECDHE) {
3189 // Run test server without ECDHE.
3190 SSLServerConfig server_config;
3191 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3192 server_config.cipher_suite_for_testing = kRSACipher;
3193 ASSERT_TRUE(
3194 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3195
3196 SSLConfig config;
3197 config.require_ecdhe = true;
3198 int rv;
3199 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
3200 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3201 }
3202
3203 TEST_F(SSLClientSocketTest, 3DES) {
3204 SSLServerConfig server_config;
3205 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3206 server_config.cipher_suite_for_testing = k3DESCipher;
3207 ASSERT_TRUE(
3208 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3209
3210 // 3DES is always disabled.
3211 int rv;
3212 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3213 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3214 }
3215
TEST_F(SSLClientSocketTest,SHA1)3216 TEST_F(SSLClientSocketTest, SHA1) {
3217 SSLServerConfig server_config;
3218 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3219 // Disable RSA key exchange, to ensure the server does not pick a non-signing
3220 // cipher.
3221 server_config.require_ecdhe = true;
3222 server_config.signature_algorithm_for_testing = SSL_SIGN_RSA_PKCS1_SHA1;
3223 ASSERT_TRUE(
3224 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3225
3226 // SHA-1 server signatures are always disabled.
3227 int rv;
3228 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3229 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
3230 }
3231
TEST_F(SSLClientSocketFalseStartTest,FalseStartEnabled)3232 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
3233 // False Start requires ALPN, ECDHE, and an AEAD.
3234 SSLServerConfig server_config;
3235 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3236 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3237 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3238 SSLConfig client_config;
3239 client_config.alpn_protos.push_back(kProtoHTTP11);
3240 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, true));
3241 }
3242
3243 // Test that False Start is disabled without ALPN.
TEST_F(SSLClientSocketFalseStartTest,NoAlpn)3244 TEST_F(SSLClientSocketFalseStartTest, NoAlpn) {
3245 SSLServerConfig server_config;
3246 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3247 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3248 SSLConfig client_config;
3249 client_config.alpn_protos.clear();
3250 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3251 }
3252
3253 // Test that False Start is disabled with plain RSA ciphers.
TEST_F(SSLClientSocketFalseStartTest,RSA)3254 TEST_F(SSLClientSocketFalseStartTest, RSA) {
3255 SSLServerConfig server_config;
3256 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3257 server_config.cipher_suite_for_testing = kRSACipher;
3258 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3259 SSLConfig client_config;
3260 client_config.alpn_protos.push_back(kProtoHTTP11);
3261 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3262 }
3263
3264 // Test that False Start is disabled without an AEAD.
TEST_F(SSLClientSocketFalseStartTest,NoAEAD)3265 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
3266 SSLServerConfig server_config;
3267 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3268 server_config.cipher_suite_for_testing = kCBCCipher;
3269 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3270 SSLConfig client_config;
3271 client_config.alpn_protos.push_back(kProtoHTTP11);
3272 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, false));
3273 }
3274
3275 // Test that sessions are resumable after receiving the server Finished message.
TEST_F(SSLClientSocketFalseStartTest,SessionResumption)3276 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
3277 // Start a server.
3278 SSLServerConfig server_config;
3279 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3280 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3281 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3282 SSLConfig client_config;
3283 client_config.alpn_protos.push_back(kProtoHTTP11);
3284
3285 // Let a full handshake complete with False Start.
3286 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_config, client_config, true));
3287
3288 // Make a second connection.
3289 int rv;
3290 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3291 EXPECT_THAT(rv, IsOk());
3292
3293 // It should resume the session.
3294 SSLInfo ssl_info;
3295 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3296 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3297 }
3298
3299 // Test that the client completes the handshake in the background and installs
3300 // new sessions, even if the socket isn't used. This also avoids a theoretical
3301 // deadlock if NewSessionTicket is sufficiently large that neither it nor the
3302 // client's HTTP/1.1 POST fit in transport windows.
TEST_F(SSLClientSocketFalseStartTest,CompleteHandshakeWithoutRequest)3303 TEST_F(SSLClientSocketFalseStartTest, CompleteHandshakeWithoutRequest) {
3304 // Start a server.
3305 SSLServerConfig server_config;
3306 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3307 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3308 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3309 ASSERT_TRUE(
3310 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3311
3312 SSLConfig client_config;
3313 client_config.alpn_protos.push_back(kProtoHTTP11);
3314
3315 // Start a handshake up to the server Finished message.
3316 TestCompletionCallback callback;
3317 FakeBlockingStreamSocket* raw_transport = nullptr;
3318 std::unique_ptr<SSLClientSocket> sock;
3319 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3320 client_config, &callback, &raw_transport, &sock));
3321
3322 // Wait for the server Finished to arrive, release it, and allow
3323 // SSLClientSocket to process it. This should install a session. It make take
3324 // a few iterations to complete if the server writes in small chunks
3325 while (ssl_client_session_cache_->size() == 0) {
3326 raw_transport->WaitForReadResult();
3327 raw_transport->UnblockReadResult();
3328 base::RunLoop().RunUntilIdle();
3329 raw_transport->BlockReadResult();
3330 }
3331
3332 // Drop the old socket. This is needed because the Python test server can't
3333 // service two sockets in parallel.
3334 sock.reset();
3335
3336 // Make a second connection.
3337 int rv;
3338 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3339 EXPECT_THAT(rv, IsOk());
3340
3341 // It should resume the session.
3342 SSLInfo ssl_info;
3343 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3344 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
3345 }
3346
3347 // Test that False Started sessions are not resumable before receiving the
3348 // server Finished message.
TEST_F(SSLClientSocketFalseStartTest,NoSessionResumptionBeforeFinished)3349 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinished) {
3350 // Start a server.
3351 SSLServerConfig server_config;
3352 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3353 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3354 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3355 ASSERT_TRUE(
3356 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3357
3358 SSLConfig client_config;
3359 client_config.alpn_protos.push_back(kProtoHTTP11);
3360
3361 // Start a handshake up to the server Finished message.
3362 TestCompletionCallback callback;
3363 FakeBlockingStreamSocket* raw_transport1 = nullptr;
3364 std::unique_ptr<SSLClientSocket> sock1;
3365 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3366 client_config, &callback, &raw_transport1, &sock1));
3367 // Although raw_transport1 has the server Finished blocked, the handshake
3368 // still completes.
3369 EXPECT_THAT(callback.WaitForResult(), IsOk());
3370
3371 // Continue to block the client (|sock1|) from processing the Finished
3372 // message, but allow it to arrive on the socket. This ensures that, from the
3373 // server's point of view, it has completed the handshake and added the
3374 // session to its session cache.
3375 //
3376 // The actual read on |sock1| will not complete until the Finished message is
3377 // processed; however, pump the underlying transport so that it is read from
3378 // the socket. NOTE: This may flakily pass if the server's final flight
3379 // doesn't come in one Read.
3380 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
3381 int rv = sock1->Read(buf.get(), 4096, callback.callback());
3382 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
3383 raw_transport1->WaitForReadResult();
3384
3385 // Drop the old socket. This is needed because the Python test server can't
3386 // service two sockets in parallel.
3387 sock1.reset();
3388
3389 // Start a second connection.
3390 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3391 EXPECT_THAT(rv, IsOk());
3392
3393 // No session resumption because the first connection never received a server
3394 // Finished message.
3395 SSLInfo ssl_info;
3396 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3397 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3398 }
3399
3400 // Test that False Started sessions are not resumable if the server Finished
3401 // message was bad.
TEST_F(SSLClientSocketFalseStartTest,NoSessionResumptionBadFinished)3402 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBadFinished) {
3403 // Start a server.
3404 SSLServerConfig server_config;
3405 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3406 server_config.cipher_suite_for_testing = kModernTLS12Cipher;
3407 server_config.alpn_protos = {NextProto::kProtoHTTP11};
3408 ASSERT_TRUE(
3409 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3410
3411 SSLConfig client_config;
3412 client_config.alpn_protos.push_back(kProtoHTTP11);
3413
3414 // Start a handshake up to the server Finished message.
3415 TestCompletionCallback callback;
3416 FakeBlockingStreamSocket* raw_transport1 = nullptr;
3417 std::unique_ptr<SSLClientSocket> sock1;
3418 ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
3419 client_config, &callback, &raw_transport1, &sock1));
3420 // Although raw_transport1 has the server Finished blocked, the handshake
3421 // still completes.
3422 EXPECT_THAT(callback.WaitForResult(), IsOk());
3423
3424 // Continue to block the client (|sock1|) from processing the Finished
3425 // message, but allow it to arrive on the socket. This ensures that, from the
3426 // server's point of view, it has completed the handshake and added the
3427 // session to its session cache.
3428 //
3429 // The actual read on |sock1| will not complete until the Finished message is
3430 // processed; however, pump the underlying transport so that it is read from
3431 // the socket.
3432 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
3433 int rv = sock1->Read(buf.get(), 4096, callback.callback());
3434 EXPECT_THAT(rv, IsError(ERR_IO_PENDING));
3435 raw_transport1->WaitForReadResult();
3436
3437 // The server's second leg, or part of it, is now received but not yet sent to
3438 // |sock1|. Before doing so, break the server's second leg.
3439 int bytes_read = raw_transport1->pending_read_result();
3440 ASSERT_LT(0, bytes_read);
3441 raw_transport1->pending_read_buf()->data()[bytes_read - 1]++;
3442
3443 // Unblock the Finished message. |sock1->Read| should now fail.
3444 raw_transport1->UnblockReadResult();
3445 EXPECT_THAT(callback.GetResult(rv), IsError(ERR_SSL_PROTOCOL_ERROR));
3446
3447 // Drop the old socket. This is needed because the Python test server can't
3448 // service two sockets in parallel.
3449 sock1.reset();
3450
3451 // Start a second connection.
3452 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3453 EXPECT_THAT(rv, IsOk());
3454
3455 // No session resumption because the first connection never received a server
3456 // Finished message.
3457 SSLInfo ssl_info;
3458 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
3459 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
3460 }
3461
3462 // Server preference should win in ALPN.
TEST_F(SSLClientSocketTest,Alpn)3463 TEST_F(SSLClientSocketTest, Alpn) {
3464 SSLServerConfig server_config;
3465 server_config.alpn_protos = {NextProto::kProtoHTTP2, NextProto::kProtoHTTP11};
3466 ASSERT_TRUE(
3467 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3468
3469 SSLConfig client_config;
3470 client_config.alpn_protos.push_back(kProtoHTTP11);
3471 client_config.alpn_protos.push_back(kProtoHTTP2);
3472
3473 int rv;
3474 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3475 EXPECT_THAT(rv, IsOk());
3476
3477 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
3478 }
3479
3480 // If the server supports ALPN but the client does not, then ALPN is not used.
TEST_F(SSLClientSocketTest,AlpnClientDisabled)3481 TEST_F(SSLClientSocketTest, AlpnClientDisabled) {
3482 SSLServerConfig server_config;
3483 server_config.alpn_protos = {NextProto::kProtoHTTP2};
3484 ASSERT_TRUE(
3485 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3486
3487 SSLConfig client_config;
3488
3489 int rv;
3490 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3491 EXPECT_THAT(rv, IsOk());
3492
3493 EXPECT_EQ(kProtoUnknown, sock_->GetNegotiatedProtocol());
3494 }
3495
3496 // Client certificates are disabled on iOS.
3497 #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
3498 // Connect to a server requesting client authentication, do not send
3499 // any client certificates. It should refuse the connection.
TEST_P(SSLClientSocketVersionTest,NoCert)3500 TEST_P(SSLClientSocketVersionTest, NoCert) {
3501 SSLServerConfig server_config = GetServerConfig();
3502 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3503 ASSERT_TRUE(
3504 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3505
3506 int rv;
3507 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3508
3509 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3510 EXPECT_FALSE(sock_->IsConnected());
3511 }
3512
3513 // Connect to a server requesting client authentication, and send it
3514 // an empty certificate.
TEST_P(SSLClientSocketVersionTest,SendEmptyCert)3515 TEST_P(SSLClientSocketVersionTest, SendEmptyCert) {
3516 SSLServerConfig server_config = GetServerConfig();
3517 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3518 ASSERT_TRUE(
3519 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3520
3521 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3522
3523 int rv;
3524 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3525
3526 EXPECT_THAT(rv, IsOk());
3527 EXPECT_TRUE(sock_->IsConnected());
3528
3529 SSLInfo ssl_info;
3530 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3531 EXPECT_FALSE(ssl_info.client_cert_sent);
3532 }
3533
3534 // Connect to a server requesting client authentication and send a certificate.
TEST_P(SSLClientSocketVersionTest,SendGoodCert)3535 TEST_P(SSLClientSocketVersionTest, SendGoodCert) {
3536 base::FilePath certs_dir = GetTestCertsDirectory();
3537 scoped_refptr<X509Certificate> client_cert =
3538 ImportCertFromFile(certs_dir, "client_1.pem");
3539 ASSERT_TRUE(client_cert);
3540
3541 // Configure the server to only accept |client_cert|.
3542 MockClientCertVerifier verifier;
3543 verifier.set_default_result(ERR_CERT_INVALID);
3544 verifier.AddResultForCert(client_cert.get(), OK);
3545
3546 SSLServerConfig server_config = GetServerConfig();
3547 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3548 server_config.client_cert_verifier = &verifier;
3549 ASSERT_TRUE(
3550 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3551
3552 context_->SetClientCertificate(
3553 host_port_pair(), client_cert,
3554 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3555
3556 int rv;
3557 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3558
3559 EXPECT_THAT(rv, IsOk());
3560 EXPECT_TRUE(sock_->IsConnected());
3561
3562 SSLInfo ssl_info;
3563 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3564 EXPECT_TRUE(ssl_info.client_cert_sent);
3565
3566 sock_->Disconnect();
3567 EXPECT_FALSE(sock_->IsConnected());
3568
3569 // Shut down the test server before |verifier| goes out of scope.
3570 ASSERT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete());
3571 }
3572
3573 // When client certificate preferences change, the session cache should be
3574 // cleared so the client certificate preferences are applied.
TEST_F(SSLClientSocketTest,ClearSessionCacheOnClientCertChange)3575 TEST_F(SSLClientSocketTest, ClearSessionCacheOnClientCertChange) {
3576 SSLServerConfig server_config;
3577 // TLS 1.3 reports client certificate errors after the handshake, so test at
3578 // TLS 1.2 for simplicity.
3579 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3580 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3581 ASSERT_TRUE(
3582 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3583
3584 // Connecting without a client certificate will fail with
3585 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
3586 int rv;
3587 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3588 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3589
3590 // Configure a client certificate.
3591 base::FilePath certs_dir = GetTestCertsDirectory();
3592 context_->SetClientCertificate(
3593 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3594 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3595
3596 // Now the connection succeeds.
3597 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3598 EXPECT_THAT(rv, IsOk());
3599 EXPECT_TRUE(sock_->IsConnected());
3600
3601 SSLInfo ssl_info;
3602 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3603 EXPECT_TRUE(ssl_info.client_cert_sent);
3604 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
3605
3606 // Make a second connection. This should resume the session from the previous
3607 // connection.
3608 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3609 EXPECT_THAT(rv, IsOk());
3610 EXPECT_TRUE(sock_->IsConnected());
3611
3612 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3613 EXPECT_TRUE(ssl_info.client_cert_sent);
3614 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_RESUME);
3615
3616 // Clear the client certificate preference.
3617 context_->ClearClientCertificate(host_port_pair());
3618
3619 // Connections return to failing, rather than resume the previous session.
3620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3621 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED));
3622
3623 // Establish a new session with the correct client certificate.
3624 context_->SetClientCertificate(
3625 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3626 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3627 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3628 EXPECT_THAT(rv, IsOk());
3629 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3630 EXPECT_TRUE(ssl_info.client_cert_sent);
3631 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
3632
3633 // Switch to continuing without a client certificate.
3634 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3635
3636 // This also clears the session cache and the new preference is applied.
3637 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3638 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
3639 }
3640
TEST_F(SSLClientSocketTest,ClearSessionCacheOnClientCertDatabaseChange)3641 TEST_F(SSLClientSocketTest, ClearSessionCacheOnClientCertDatabaseChange) {
3642 SSLServerConfig server_config;
3643 // TLS 1.3 reports client certificate errors after the handshake, so test at
3644 // TLS 1.2 for simplicity.
3645 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3646 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3647 ASSERT_TRUE(
3648 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3649
3650 HostPortPair host_port_pair2("example.com", 42);
3651 testing::StrictMock<MockSSLClientContextObserver> observer;
3652 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3653 base::flat_set<HostPortPair>({host_port_pair()})));
3654 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3655 base::flat_set<HostPortPair>({host_port_pair2})));
3656 EXPECT_CALL(observer,
3657 OnSSLConfigForServersChanged(base::flat_set<HostPortPair>(
3658 {host_port_pair(), host_port_pair2})));
3659
3660 context_->AddObserver(&observer);
3661
3662 base::FilePath certs_dir = GetTestCertsDirectory();
3663 context_->SetClientCertificate(
3664 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
3665 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
3666
3667 context_->SetClientCertificate(
3668 host_port_pair2, ImportCertFromFile(certs_dir, "client_2.pem"),
3669 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_2.key")));
3670
3671 EXPECT_EQ(2U, context_->GetClientCertificateCachedServersForTesting().size());
3672
3673 // Connect to `host_port_pair()` using the client cert.
3674 int rv;
3675 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3676 EXPECT_THAT(rv, IsOk());
3677 EXPECT_TRUE(sock_->IsConnected());
3678
3679 EXPECT_EQ(1U, context_->ssl_client_session_cache()->size());
3680
3681 CertDatabase::GetInstance()->NotifyObserversClientCertStoreChanged();
3682 base::RunLoop().RunUntilIdle();
3683
3684 EXPECT_EQ(0U, context_->GetClientCertificateCachedServersForTesting().size());
3685 EXPECT_EQ(0U, context_->ssl_client_session_cache()->size());
3686
3687 context_->RemoveObserver(&observer);
3688 }
3689
TEST_F(SSLClientSocketTest,DontClearEmptyClientCertCache)3690 TEST_F(SSLClientSocketTest, DontClearEmptyClientCertCache) {
3691 SSLServerConfig server_config;
3692 // TLS 1.3 reports client certificate errors after the handshake, so test at
3693 // TLS 1.2 for simplicity.
3694 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3695 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3696 ASSERT_TRUE(
3697 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3698
3699 testing::StrictMock<MockSSLClientContextObserver> observer;
3700 context_->AddObserver(&observer);
3701
3702 // No cached client certs and no open session.
3703 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3704 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3705
3706 base::FilePath certs_dir = GetTestCertsDirectory();
3707 scoped_refptr<net::X509Certificate> certificate1 =
3708 ImportCertFromFile(certs_dir, "client_1.pem");
3709 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate1);
3710 base::RunLoop().RunUntilIdle();
3711
3712 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3713 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3714
3715 context_->RemoveObserver(&observer);
3716
3717 auto entries = log_observer_.GetEntriesWithType(
3718 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3719 ASSERT_EQ(1u, entries.size());
3720 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3721 host_port_pair().ToString());
3722 EXPECT_FALSE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3723 }
3724
TEST_F(SSLClientSocketTest,DontClearMatchingClientCertificates)3725 TEST_F(SSLClientSocketTest, DontClearMatchingClientCertificates) {
3726 SSLServerConfig server_config;
3727 // TLS 1.3 reports client certificate errors after the handshake, so test at
3728 // TLS 1.2 for simplicity.
3729 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3730 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3731 ASSERT_TRUE(
3732 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3733
3734 testing::StrictMock<MockSSLClientContextObserver> observer;
3735 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3736 base::flat_set<HostPortPair>({host_port_pair()})));
3737 context_->AddObserver(&observer);
3738
3739 base::FilePath certs_dir = GetTestCertsDirectory();
3740 scoped_refptr<net::X509Certificate> certificate1 =
3741 ImportCertFromFile(certs_dir, "client_1.pem");
3742 scoped_refptr<net::SSLPrivateKey> private_key1 =
3743 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3744
3745 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
3746 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3747
3748 // Connect to `host_port_pair()` using the client cert.
3749 int rv;
3750 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3751 EXPECT_THAT(rv, IsOk());
3752 EXPECT_TRUE(sock_->IsConnected());
3753 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3754
3755 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate1);
3756 base::RunLoop().RunUntilIdle();
3757
3758 // Cached certificate and session should not have been cleared since the
3759 // certificates were identical.
3760 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3761 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().contains(
3762 host_port_pair()));
3763 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3764
3765 context_->RemoveObserver(&observer);
3766
3767 auto entries = log_observer_.GetEntriesWithType(
3768 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3769 ASSERT_EQ(1u, entries.size());
3770 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3771 host_port_pair().ToString());
3772 EXPECT_FALSE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3773 }
3774
TEST_F(SSLClientSocketTest,ClearMismatchingClientCertificates)3775 TEST_F(SSLClientSocketTest, ClearMismatchingClientCertificates) {
3776 SSLServerConfig server_config;
3777 // TLS 1.3 reports client certificate errors after the handshake, so test at
3778 // TLS 1.2 for simplicity.
3779 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3780 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3781 ASSERT_TRUE(
3782 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3783
3784 testing::StrictMock<MockSSLClientContextObserver> observer;
3785 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3786 base::flat_set<HostPortPair>({host_port_pair()})))
3787 .Times(2);
3788 context_->AddObserver(&observer);
3789
3790 base::FilePath certs_dir = GetTestCertsDirectory();
3791 scoped_refptr<net::X509Certificate> certificate1 =
3792 ImportCertFromFile(certs_dir, "client_1.pem");
3793 scoped_refptr<net::SSLPrivateKey> private_key1 =
3794 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3795
3796 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
3797 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3798
3799 // Connect to `host_port_pair()` using the client cert.
3800 int rv;
3801 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3802 EXPECT_THAT(rv, IsOk());
3803 EXPECT_TRUE(sock_->IsConnected());
3804 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3805
3806 scoped_refptr<net::X509Certificate> certificate2 =
3807 ImportCertFromFile(certs_dir, "client_2.pem");
3808 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate2);
3809 base::RunLoop().RunUntilIdle();
3810
3811 // Cached certificate and session should have been cleared since the
3812 // certificates were different.
3813 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3814 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3815
3816 context_->RemoveObserver(&observer);
3817
3818 auto entries = log_observer_.GetEntriesWithType(
3819 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3820 ASSERT_EQ(1u, entries.size());
3821 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3822 host_port_pair().ToString());
3823 EXPECT_TRUE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3824 }
3825
TEST_F(SSLClientSocketTest,ClearMismatchingClientCertificatesWithNullParameter)3826 TEST_F(SSLClientSocketTest,
3827 ClearMismatchingClientCertificatesWithNullParameter) {
3828 SSLServerConfig server_config;
3829 // TLS 1.3 reports client certificate errors after the handshake, so test at
3830 // TLS 1.2 for simplicity.
3831 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3832 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3833 ASSERT_TRUE(
3834 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3835
3836 testing::StrictMock<MockSSLClientContextObserver> observer;
3837 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3838 base::flat_set<HostPortPair>({host_port_pair()})))
3839 .Times(2);
3840 context_->AddObserver(&observer);
3841
3842 base::FilePath certs_dir = GetTestCertsDirectory();
3843 scoped_refptr<net::X509Certificate> certificate1 =
3844 ImportCertFromFile(certs_dir, "client_1.pem");
3845 scoped_refptr<net::SSLPrivateKey> private_key1 =
3846 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
3847
3848 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
3849 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3850
3851 // Connect to `host_port_pair()` using the client cert.
3852 int rv;
3853 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3854 EXPECT_THAT(rv, IsOk());
3855 EXPECT_TRUE(sock_->IsConnected());
3856 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3857
3858 context_->ClearClientCertificateIfNeeded(host_port_pair(), nullptr);
3859 base::RunLoop().RunUntilIdle();
3860
3861 // Cached certificate and session should have been cleared since the
3862 // certificates were different.
3863 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3864 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3865
3866 context_->RemoveObserver(&observer);
3867
3868 auto entries = log_observer_.GetEntriesWithType(
3869 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3870 ASSERT_EQ(1u, entries.size());
3871 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3872 host_port_pair().ToString());
3873 EXPECT_TRUE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3874 }
3875
TEST_F(SSLClientSocketTest,ClearMismatchingClientCertificatesWithNullCachedCert)3876 TEST_F(SSLClientSocketTest,
3877 ClearMismatchingClientCertificatesWithNullCachedCert) {
3878 SSLServerConfig server_config;
3879 // TLS 1.3 reports client certificate errors after the handshake, so test at
3880 // TLS 1.2 for simplicity.
3881 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3882 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3883 ASSERT_TRUE(
3884 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3885
3886 testing::StrictMock<MockSSLClientContextObserver> observer;
3887 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3888 base::flat_set<HostPortPair>({host_port_pair()})))
3889 .Times(2);
3890 context_->AddObserver(&observer);
3891
3892 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3893 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3894
3895 // Connect to `host_port_pair()` using the client cert.
3896 int rv;
3897 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3898 EXPECT_THAT(rv, IsOk());
3899 EXPECT_TRUE(sock_->IsConnected());
3900 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3901
3902 base::FilePath certs_dir = GetTestCertsDirectory();
3903 scoped_refptr<net::X509Certificate> certificate2 =
3904 ImportCertFromFile(certs_dir, "client_2.pem");
3905 context_->ClearClientCertificateIfNeeded(host_port_pair(), certificate2);
3906 base::RunLoop().RunUntilIdle();
3907
3908 // Cached certificate and session should have been cleared since the
3909 // certificates were different.
3910 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3911 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3912
3913 context_->RemoveObserver(&observer);
3914
3915 auto entries = log_observer_.GetEntriesWithType(
3916 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3917 ASSERT_EQ(1u, entries.size());
3918 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3919 host_port_pair().ToString());
3920 EXPECT_TRUE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3921 }
3922
TEST_F(SSLClientSocketTest,DontClearClientCertificatesWithNullCerts)3923 TEST_F(SSLClientSocketTest, DontClearClientCertificatesWithNullCerts) {
3924 SSLServerConfig server_config;
3925 // TLS 1.3 reports client certificate errors after the handshake, so test at
3926 // TLS 1.2 for simplicity.
3927 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
3928 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
3929 ASSERT_TRUE(
3930 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3931
3932 testing::StrictMock<MockSSLClientContextObserver> observer;
3933 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
3934 base::flat_set<HostPortPair>({host_port_pair()})));
3935 context_->AddObserver(&observer);
3936
3937 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
3938 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3939
3940 // Connect to `host_port_pair()` using the client cert.
3941 int rv;
3942 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
3943 EXPECT_THAT(rv, IsOk());
3944 EXPECT_TRUE(sock_->IsConnected());
3945 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3946
3947 context_->ClearClientCertificateIfNeeded(host_port_pair(), nullptr);
3948 base::RunLoop().RunUntilIdle();
3949
3950 // Cached certificate and session should not have been cleared since the
3951 // certificates were identical.
3952 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
3953 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().contains(
3954 host_port_pair()));
3955 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
3956
3957 context_->RemoveObserver(&observer);
3958
3959 auto entries = log_observer_.GetEntriesWithType(
3960 NetLogEventType::CLEAR_CACHED_CLIENT_CERT);
3961 ASSERT_EQ(1u, entries.size());
3962 EXPECT_EQ(GetStringValueFromParams(entries[0], "host"),
3963 host_port_pair().ToString());
3964 EXPECT_FALSE(GetBooleanValueFromParams(entries[0], "is_cleared"));
3965 }
3966
TEST_F(SSLClientSocketTest,ClearMatchingCertDontClearEmptyClientCertCache)3967 TEST_F(SSLClientSocketTest, ClearMatchingCertDontClearEmptyClientCertCache) {
3968 SSLServerConfig server_config;
3969 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
3970 ASSERT_TRUE(
3971 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
3972
3973 // No cached client certs and no open session.
3974 ASSERT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3975 ASSERT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3976
3977 base::FilePath certs_dir = GetTestCertsDirectory();
3978 scoped_refptr<net::X509Certificate> certificate1 =
3979 ImportCertFromFile(certs_dir, "client_1.pem");
3980 context_->ClearMatchingClientCertificate(certificate1);
3981 base::RunLoop().RunUntilIdle();
3982
3983 EXPECT_TRUE(context_->GetClientCertificateCachedServersForTesting().empty());
3984 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
3985
3986 auto entries = log_observer_.GetEntriesWithType(
3987 NetLogEventType::CLEAR_MATCHING_CACHED_CLIENT_CERT);
3988 ASSERT_EQ(1u, entries.size());
3989
3990 const auto& log_entry = entries[0];
3991 ASSERT_FALSE(log_entry.params.empty());
3992
3993 const base::Value::List* hosts_values =
3994 log_entry.params.FindListByDottedPath("hosts");
3995 ASSERT_TRUE(hosts_values);
3996 ASSERT_TRUE(hosts_values->empty());
3997
3998 const base::Value::List* certificates_values =
3999 log_entry.params.FindListByDottedPath("certificates");
4000 ASSERT_TRUE(certificates_values);
4001 EXPECT_FALSE(certificates_values->empty());
4002 }
4003
TEST_F(SSLClientSocketTest,ClearMatchingCertSingleNotMatching)4004 TEST_F(SSLClientSocketTest, ClearMatchingCertSingleNotMatching) {
4005 SSLServerConfig server_config;
4006 // TLS 1.3 reports client certificate errors after the handshake, so test at
4007 // TLS 1.2 for simplicity.
4008 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4009 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
4010 ASSERT_TRUE(
4011 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4012
4013 // Add a client cert decision to the cache.
4014 base::FilePath certs_dir = GetTestCertsDirectory();
4015 scoped_refptr<net::X509Certificate> certificate1 =
4016 ImportCertFromFile(certs_dir, "client_1.pem");
4017 scoped_refptr<net::SSLPrivateKey> private_key1 =
4018 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
4019 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
4020 ASSERT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
4021
4022 // Create a connection to `host_port_pair()`.
4023 int rv;
4024 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
4025 EXPECT_THAT(rv, IsOk());
4026 EXPECT_TRUE(sock_->IsConnected());
4027 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
4028
4029 scoped_refptr<net::X509Certificate> certificate2 =
4030 ImportCertFromFile(certs_dir, "client_2.pem");
4031 context_->ClearMatchingClientCertificate(certificate2);
4032 base::RunLoop().RunUntilIdle();
4033
4034 // Verify that calling with an unused certificate should not invalidate the
4035 // cache, but will still log an event with no hosts.
4036 EXPECT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 1U);
4037 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
4038
4039 auto entries = log_observer_.GetEntriesWithType(
4040 NetLogEventType::CLEAR_MATCHING_CACHED_CLIENT_CERT);
4041 ASSERT_EQ(1u, entries.size());
4042
4043 const auto& log_entry = entries[0];
4044 ASSERT_FALSE(log_entry.params.empty());
4045
4046 const base::Value::List* hosts_values =
4047 log_entry.params.FindListByDottedPath("hosts");
4048 ASSERT_TRUE(hosts_values);
4049 ASSERT_TRUE(hosts_values->empty());
4050
4051 const base::Value::List* certificates_values =
4052 log_entry.params.FindListByDottedPath("certificates");
4053 ASSERT_TRUE(certificates_values);
4054 EXPECT_FALSE(certificates_values->empty());
4055 }
4056
TEST_F(SSLClientSocketTest,ClearMatchingCertSingleMatching)4057 TEST_F(SSLClientSocketTest, ClearMatchingCertSingleMatching) {
4058 SSLServerConfig server_config;
4059 // TLS 1.3 reports client certificate errors after the handshake, so test at
4060 // TLS 1.2 for simplicity.
4061 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4062 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
4063 ASSERT_TRUE(
4064 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4065
4066 // Add a couple of client cert decision to the cache.
4067 base::FilePath certs_dir = GetTestCertsDirectory();
4068 scoped_refptr<net::X509Certificate> certificate1 =
4069 ImportCertFromFile(certs_dir, "client_1.pem");
4070 scoped_refptr<net::SSLPrivateKey> private_key1 =
4071 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"));
4072 context_->SetClientCertificate(host_port_pair(), certificate1, private_key1);
4073
4074 HostPortPair host_port_pair2("example.com", 42);
4075 scoped_refptr<net::X509Certificate> certificate2 =
4076 ImportCertFromFile(certs_dir, "client_2.pem");
4077 scoped_refptr<net::SSLPrivateKey> private_key2 =
4078 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_2.key"));
4079 context_->SetClientCertificate(host_port_pair2, certificate2, private_key2);
4080 ASSERT_EQ(context_->GetClientCertificateCachedServersForTesting().size(), 2U);
4081
4082 // Create a connection to `host_port_pair()`.
4083 int rv;
4084 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
4085 EXPECT_THAT(rv, IsOk());
4086 EXPECT_TRUE(sock_->IsConnected());
4087 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 1U);
4088
4089 testing::StrictMock<MockSSLClientContextObserver> observer;
4090 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
4091 base::flat_set<HostPortPair>({host_port_pair()})));
4092 context_->AddObserver(&observer);
4093
4094 context_->ClearMatchingClientCertificate(certificate1);
4095 base::RunLoop().RunUntilIdle();
4096
4097 context_->RemoveObserver(&observer);
4098 auto cached_servers_with_decision =
4099 context_->GetClientCertificateCachedServersForTesting();
4100 EXPECT_EQ(cached_servers_with_decision.size(), 1U);
4101 EXPECT_TRUE(cached_servers_with_decision.contains(host_port_pair2));
4102
4103 EXPECT_EQ(context_->ssl_client_session_cache()->size(), 0U);
4104
4105 auto entries = log_observer_.GetEntriesWithType(
4106 NetLogEventType::CLEAR_MATCHING_CACHED_CLIENT_CERT);
4107 ASSERT_EQ(1u, entries.size());
4108
4109 const auto& log_entry = entries[0];
4110 ASSERT_FALSE(log_entry.params.empty());
4111
4112 const base::Value::List* hosts_values =
4113 log_entry.params.FindListByDottedPath("hosts");
4114 ASSERT_TRUE(hosts_values);
4115 ASSERT_EQ(hosts_values->size(), 1U);
4116 EXPECT_EQ(hosts_values->front().GetString(), host_port_pair().ToString());
4117
4118 const base::Value::List* certificates_values =
4119 log_entry.params.FindListByDottedPath("certificates");
4120 ASSERT_TRUE(certificates_values);
4121 EXPECT_FALSE(certificates_values->empty());
4122 }
4123
TEST_F(SSLClientSocketTest,DontClearSessionCacheOnServerCertDatabaseChange)4124 TEST_F(SSLClientSocketTest, DontClearSessionCacheOnServerCertDatabaseChange) {
4125 SSLServerConfig server_config;
4126 // TLS 1.3 reports client certificate errors after the handshake, so test at
4127 // TLS 1.2 for simplicity.
4128 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4129 server_config.client_cert_type = SSLServerConfig::REQUIRE_CLIENT_CERT;
4130 ASSERT_TRUE(
4131 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4132
4133 HostPortPair host_port_pair2("example.com", 42);
4134 testing::StrictMock<MockSSLClientContextObserver> observer;
4135 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
4136 base::flat_set<HostPortPair>({host_port_pair()})));
4137 EXPECT_CALL(observer, OnSSLConfigForServersChanged(
4138 base::flat_set<HostPortPair>({host_port_pair2})));
4139 EXPECT_CALL(observer,
4140 OnSSLConfigChanged(
4141 SSLClientContext::SSLConfigChangeType::kCertDatabaseChanged));
4142
4143 context_->AddObserver(&observer);
4144
4145 base::FilePath certs_dir = GetTestCertsDirectory();
4146 context_->SetClientCertificate(
4147 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4148 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4149
4150 context_->SetClientCertificate(
4151 host_port_pair2, ImportCertFromFile(certs_dir, "client_2.pem"),
4152 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_2.key")));
4153
4154 EXPECT_EQ(2U, context_->GetClientCertificateCachedServersForTesting().size());
4155
4156 // Connect to `host_port_pair()` using the client cert.
4157 int rv;
4158 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
4159 EXPECT_THAT(rv, IsOk());
4160 EXPECT_TRUE(sock_->IsConnected());
4161
4162 EXPECT_EQ(1U, context_->ssl_client_session_cache()->size());
4163
4164 CertDatabase::GetInstance()->NotifyObserversTrustStoreChanged();
4165 base::RunLoop().RunUntilIdle();
4166
4167 // The `OnSSLConfigChanged` observer call should be verified by the
4168 // mock observer, but the client auth and client session cache should be
4169 // untouched.
4170
4171 EXPECT_EQ(2U, context_->GetClientCertificateCachedServersForTesting().size());
4172 EXPECT_EQ(1U, context_->ssl_client_session_cache()->size());
4173
4174 context_->RemoveObserver(&observer);
4175 }
4176 #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES)
4177
MakeHashValueVector(uint8_t value)4178 HashValueVector MakeHashValueVector(uint8_t value) {
4179 HashValueVector out;
4180 HashValue hash(HASH_VALUE_SHA256);
4181 memset(hash.data(), value, hash.size());
4182 out.push_back(hash);
4183 return out;
4184 }
4185
4186 // Test that |ssl_info.pkp_bypassed| is set when a local trust anchor causes
4187 // pinning to be bypassed.
TEST_P(SSLClientSocketVersionTest,PKPBypassedSet)4188 TEST_P(SSLClientSocketVersionTest, PKPBypassedSet) {
4189 base::test::ScopedFeatureList scoped_feature_list_;
4190 scoped_feature_list_.InitAndEnableFeature(
4191 net::features::kStaticKeyPinningEnforcement);
4192 ASSERT_TRUE(
4193 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4194 scoped_refptr<X509Certificate> server_cert =
4195 embedded_test_server()->GetCertificate();
4196
4197 // The certificate needs to be trusted, but chain to a local root with
4198 // different public key hashes than specified in the pin.
4199 CertVerifyResult verify_result;
4200 verify_result.is_issued_by_known_root = false;
4201 verify_result.verified_cert = server_cert;
4202 verify_result.public_key_hashes =
4203 MakeHashValueVector(kBadHashValueVectorInput);
4204 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4205
4206 transport_security_state_->EnableStaticPinsForTesting();
4207 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4208 ScopedTransportSecurityStateSource scoped_security_state_source;
4209
4210 SSLConfig ssl_config;
4211 int rv;
4212 HostPortPair new_host_port_pair("example.test", host_port_pair().port());
4213 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4214 new_host_port_pair, &rv));
4215 SSLInfo ssl_info;
4216 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4217
4218 EXPECT_THAT(rv, IsOk());
4219 EXPECT_TRUE(sock_->IsConnected());
4220
4221 EXPECT_TRUE(ssl_info.pkp_bypassed);
4222 EXPECT_FALSE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4223 }
4224
TEST_P(SSLClientSocketVersionTest,PKPEnforced)4225 TEST_P(SSLClientSocketVersionTest, PKPEnforced) {
4226 base::test::ScopedFeatureList scoped_feature_list_;
4227 scoped_feature_list_.InitAndEnableFeature(
4228 net::features::kStaticKeyPinningEnforcement);
4229 ASSERT_TRUE(
4230 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4231 scoped_refptr<X509Certificate> server_cert =
4232 embedded_test_server()->GetCertificate();
4233
4234 // Certificate is trusted, but chains to a public root that doesn't match the
4235 // pin hashes.
4236 CertVerifyResult verify_result;
4237 verify_result.is_issued_by_known_root = true;
4238 verify_result.verified_cert = server_cert;
4239 verify_result.public_key_hashes =
4240 MakeHashValueVector(kBadHashValueVectorInput);
4241 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4242
4243 transport_security_state_->EnableStaticPinsForTesting();
4244 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4245 ScopedTransportSecurityStateSource scoped_security_state_source;
4246
4247 SSLConfig ssl_config;
4248 int rv;
4249 HostPortPair new_host_port_pair("example.test", host_port_pair().port());
4250 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4251 new_host_port_pair, &rv));
4252 SSLInfo ssl_info;
4253 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4254
4255 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
4256 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4257 EXPECT_FALSE(sock_->IsConnected());
4258
4259 EXPECT_FALSE(ssl_info.pkp_bypassed);
4260 }
4261
4262 namespace {
4263 // TLS_RSA_WITH_AES_128_GCM_SHA256's key exchange involves encrypting to the
4264 // server long-term key.
4265 const uint16_t kEncryptingCipher = kRSACipher;
4266 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256's key exchange involves a signature by
4267 // the server long-term key.
4268 const uint16_t kSigningCipher = kModernTLS12Cipher;
4269 } // namespace
4270
4271 struct KeyUsageTest {
4272 EmbeddedTestServer::ServerCertificate server_cert;
4273 uint16_t cipher_suite;
4274 bool match;
4275 };
4276
4277 class SSLClientSocketKeyUsageTest
4278 : public SSLClientSocketTest,
4279 public ::testing::WithParamInterface<
4280 std::tuple<KeyUsageTest, bool /*known_root*/>> {};
4281
4282 const KeyUsageTest kKeyUsageTests[] = {
4283 // keyUsage matches cipher suite.
4284 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE, kSigningCipher,
4285 true},
4286 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kEncryptingCipher,
4287 true},
4288 // keyUsage does not match cipher suite.
4289 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_ENCIPHERMENT, kSigningCipher,
4290 false},
4291 {EmbeddedTestServer::CERT_KEY_USAGE_RSA_DIGITAL_SIGNATURE,
4292 kEncryptingCipher, false},
4293 };
4294
TEST_P(SSLClientSocketKeyUsageTest,RSAKeyUsage)4295 TEST_P(SSLClientSocketKeyUsageTest, RSAKeyUsage) {
4296 const auto& [test, known_root] = GetParam();
4297 SSLServerConfig server_config;
4298 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4299 server_config.cipher_suite_for_testing = test.cipher_suite;
4300 ASSERT_TRUE(StartEmbeddedTestServer(test.server_cert, server_config));
4301 scoped_refptr<X509Certificate> server_cert =
4302 embedded_test_server()->GetCertificate();
4303
4304 // Certificate is trusted.
4305 CertVerifyResult verify_result;
4306 verify_result.is_issued_by_known_root = known_root;
4307 verify_result.verified_cert = server_cert;
4308 verify_result.public_key_hashes =
4309 MakeHashValueVector(kGoodHashValueVectorInput);
4310 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4311
4312 SSLConfig ssl_config;
4313 int rv;
4314 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4315 SSLInfo ssl_info;
4316 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4317
4318 if (test.match) {
4319 EXPECT_THAT(rv, IsOk());
4320 EXPECT_TRUE(sock_->IsConnected());
4321 } else {
4322 EXPECT_THAT(rv, IsError(ERR_SSL_KEY_USAGE_INCOMPATIBLE));
4323 EXPECT_FALSE(sock_->IsConnected());
4324 }
4325 }
4326
4327 INSTANTIATE_TEST_SUITE_P(RSAKeyUsageInstantiation,
4328 SSLClientSocketKeyUsageTest,
4329 Combine(ValuesIn(kKeyUsageTests), Bool()));
4330
4331 // Test that when CT is required (in this case, by the delegate), the
4332 // absence of CT information is a socket error.
TEST_P(SSLClientSocketVersionTest,CTIsRequired)4333 TEST_P(SSLClientSocketVersionTest, CTIsRequired) {
4334 ASSERT_TRUE(
4335 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4336 scoped_refptr<X509Certificate> server_cert =
4337 embedded_test_server()->GetCertificate();
4338
4339 // Certificate is trusted and chains to a public root.
4340 CertVerifyResult verify_result;
4341 verify_result.is_issued_by_known_root = true;
4342 verify_result.verified_cert = server_cert;
4343 verify_result.public_key_hashes =
4344 MakeHashValueVector(kGoodHashValueVectorInput);
4345 verify_result.policy_compliance =
4346 ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS;
4347 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4348
4349 // Set up CT
4350 MockRequireCTDelegate require_ct_delegate;
4351 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4352 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4353 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4354 CTRequirementLevel::NOT_REQUIRED));
4355 EXPECT_CALL(require_ct_delegate,
4356 IsCTRequiredForHost(host_port_pair().host(), _, _))
4357 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4358 CTRequirementLevel::REQUIRED));
4359
4360 SSLConfig ssl_config;
4361 int rv;
4362 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4363 SSLInfo ssl_info;
4364 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4365
4366 EXPECT_THAT(rv, IsError(ERR_CERTIFICATE_TRANSPARENCY_REQUIRED));
4367 EXPECT_TRUE(ssl_info.cert_status &
4368 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4369 EXPECT_FALSE(sock_->IsConnected());
4370 }
4371
4372 // Test that when CT is required, setting ignore_certificate_errors
4373 // ignores errors in CT.
TEST_P(SSLClientSocketVersionTest,IgnoreCertificateErrorsBypassesRequiredCT)4374 TEST_P(SSLClientSocketVersionTest, IgnoreCertificateErrorsBypassesRequiredCT) {
4375 ASSERT_TRUE(
4376 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4377 scoped_refptr<X509Certificate> server_cert =
4378 embedded_test_server()->GetCertificate();
4379
4380 // Certificate is trusted and chains to a public root.
4381 CertVerifyResult verify_result;
4382 verify_result.is_issued_by_known_root = true;
4383 verify_result.verified_cert = server_cert;
4384 verify_result.public_key_hashes =
4385 MakeHashValueVector(kGoodHashValueVectorInput);
4386 verify_result.policy_compliance =
4387 ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS;
4388 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4389
4390 // Set up CT
4391 MockRequireCTDelegate require_ct_delegate;
4392 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4393 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4394 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4395 CTRequirementLevel::NOT_REQUIRED));
4396 EXPECT_CALL(require_ct_delegate,
4397 IsCTRequiredForHost(host_port_pair().host(), _, _))
4398 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4399 CTRequirementLevel::REQUIRED));
4400
4401 SSLConfig ssl_config;
4402 ssl_config.ignore_certificate_errors = true;
4403 int rv;
4404 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4405 SSLInfo ssl_info;
4406 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4407
4408 EXPECT_THAT(rv, IsOk());
4409 EXPECT_TRUE(ssl_info.cert_status &
4410 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4411 EXPECT_TRUE(sock_->IsConnected());
4412 }
4413
4414 // When both PKP and CT are required for a host, and both fail, the more
4415 // serious error is that the pin validation failed.
TEST_P(SSLClientSocketVersionTest,PKPMoreImportantThanCT)4416 TEST_P(SSLClientSocketVersionTest, PKPMoreImportantThanCT) {
4417 base::test::ScopedFeatureList scoped_feature_list_;
4418 scoped_feature_list_.InitAndEnableFeature(
4419 net::features::kStaticKeyPinningEnforcement);
4420 ASSERT_TRUE(
4421 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4422 scoped_refptr<X509Certificate> server_cert =
4423 embedded_test_server()->GetCertificate();
4424
4425 // Certificate is trusted, but chains to a public root that doesn't match the
4426 // pin hashes.
4427 CertVerifyResult verify_result;
4428 verify_result.is_issued_by_known_root = true;
4429 verify_result.verified_cert = server_cert;
4430 verify_result.public_key_hashes =
4431 MakeHashValueVector(kBadHashValueVectorInput);
4432 verify_result.policy_compliance =
4433 ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS;
4434 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4435
4436 transport_security_state_->EnableStaticPinsForTesting();
4437 transport_security_state_->SetPinningListAlwaysTimelyForTesting(true);
4438 ScopedTransportSecurityStateSource scoped_security_state_source;
4439
4440 const char kCTHost[] = "hsts-hpkp-preloaded.test";
4441
4442 // Set up CT.
4443 MockRequireCTDelegate require_ct_delegate;
4444 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4445 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4446 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4447 CTRequirementLevel::NOT_REQUIRED));
4448 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(kCTHost, _, _))
4449 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4450 CTRequirementLevel::REQUIRED));
4451
4452 SSLConfig ssl_config;
4453 int rv;
4454 HostPortPair ct_host_port_pair(kCTHost, host_port_pair().port());
4455 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(ssl_config,
4456 ct_host_port_pair, &rv));
4457 SSLInfo ssl_info;
4458 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
4459
4460 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
4461 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
4462 EXPECT_TRUE(ssl_info.cert_status &
4463 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
4464 EXPECT_FALSE(sock_->IsConnected());
4465 }
4466
4467 // Tests that the SCTAuditingDelegate is called to enqueue SCT reports.
TEST_P(SSLClientSocketVersionTest,SCTAuditingReportCollected)4468 TEST_P(SSLClientSocketVersionTest, SCTAuditingReportCollected) {
4469 ASSERT_TRUE(
4470 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, GetServerConfig()));
4471 scoped_refptr<X509Certificate> server_cert =
4472 embedded_test_server()->GetCertificate();
4473
4474 // Certificate is trusted and chains to a public root.
4475 CertVerifyResult verify_result;
4476 verify_result.is_issued_by_known_root = true;
4477 verify_result.verified_cert = server_cert;
4478 verify_result.public_key_hashes =
4479 MakeHashValueVector(kGoodHashValueVectorInput);
4480 verify_result.policy_compliance =
4481 ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
4482 cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK);
4483
4484 // Set up CT and auditing delegate.
4485 MockRequireCTDelegate require_ct_delegate;
4486 transport_security_state_->SetRequireCTDelegate(&require_ct_delegate);
4487 EXPECT_CALL(require_ct_delegate, IsCTRequiredForHost(_, _, _))
4488 .WillRepeatedly(Return(TransportSecurityState::RequireCTDelegate::
4489 CTRequirementLevel::REQUIRED));
4490
4491 MockSCTAuditingDelegate sct_auditing_delegate;
4492 context_ = std::make_unique<SSLClientContext>(
4493 ssl_config_service_.get(), cert_verifier_.get(),
4494 transport_security_state_.get(), ssl_client_session_cache_.get(),
4495 &sct_auditing_delegate);
4496
4497 EXPECT_CALL(sct_auditing_delegate, IsSCTAuditingEnabled())
4498 .WillRepeatedly(Return(true));
4499 EXPECT_CALL(sct_auditing_delegate,
4500 MaybeEnqueueReport(host_port_pair(), server_cert.get(), _))
4501 .Times(1);
4502
4503 SSLConfig ssl_config;
4504 int rv;
4505 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
4506 EXPECT_THAT(rv, 0);
4507 EXPECT_TRUE(sock_->IsConnected());
4508 }
4509
4510 // Test that handshake_failure alerts at the ServerHello are mapped to
4511 // ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
TEST_F(SSLClientSocketTest,HandshakeFailureServerHello)4512 TEST_F(SSLClientSocketTest, HandshakeFailureServerHello) {
4513 ASSERT_TRUE(
4514 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
4515
4516 TestCompletionCallback callback;
4517 auto real_transport = std::make_unique<TCPClientSocket>(
4518 addr(), nullptr, nullptr, nullptr, NetLogSource());
4519 auto transport =
4520 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4521 FakeBlockingStreamSocket* raw_transport = transport.get();
4522 int rv = callback.GetResult(transport->Connect(callback.callback()));
4523 ASSERT_THAT(rv, IsOk());
4524
4525 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4526 std::move(transport), host_port_pair(), SSLConfig()));
4527
4528 // Connect. Stop before the client processes ServerHello.
4529 raw_transport->BlockReadResult();
4530 rv = sock->Connect(callback.callback());
4531 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4532 raw_transport->WaitForReadResult();
4533
4534 // Replace it with an alert.
4535 raw_transport->ReplaceReadResult(
4536 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4537 raw_transport->UnblockReadResult();
4538
4539 rv = callback.GetResult(rv);
4540 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
4541 }
4542
4543 // Test that handshake_failure alerts after the ServerHello but without a
4544 // CertificateRequest are mapped to ERR_SSL_PROTOCOL_ERROR.
TEST_F(SSLClientSocketTest,HandshakeFailureNoClientCerts)4545 TEST_F(SSLClientSocketTest, HandshakeFailureNoClientCerts) {
4546 SSLServerConfig server_config;
4547 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4548 ASSERT_TRUE(
4549 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4550
4551 TestCompletionCallback callback;
4552 auto real_transport = std::make_unique<TCPClientSocket>(
4553 addr(), nullptr, nullptr, nullptr, NetLogSource());
4554 auto transport =
4555 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4556 FakeBlockingStreamSocket* raw_transport = transport.get();
4557 int rv = callback.GetResult(transport->Connect(callback.callback()));
4558 ASSERT_THAT(rv, IsOk());
4559
4560 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4561 std::move(transport), host_port_pair(), SSLConfig()));
4562
4563 // Connect. Stop before the client processes ServerHello.
4564 raw_transport->BlockReadResult();
4565 rv = sock->Connect(callback.callback());
4566 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4567 raw_transport->WaitForReadResult();
4568
4569 // Release the ServerHello and wait for the client to write its second flight.
4570 raw_transport->BlockWrite();
4571 raw_transport->UnblockReadResult();
4572 raw_transport->WaitForWrite();
4573
4574 // Wait for the server's final flight.
4575 raw_transport->BlockReadResult();
4576 raw_transport->UnblockWrite();
4577 raw_transport->WaitForReadResult();
4578
4579 // Replace it with an alert.
4580 raw_transport->ReplaceReadResult(
4581 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4582 raw_transport->UnblockReadResult();
4583
4584 rv = callback.GetResult(rv);
4585 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4586 }
4587
4588 // Test that handshake_failure alerts after the ServerHello map to
4589 // ERR_BAD_SSL_CLIENT_AUTH_CERT if a client certificate was requested but not
4590 // supplied. TLS does not have an alert for this case, so handshake_failure is
4591 // common. See https://crbug.com/646567.
TEST_F(SSLClientSocketTest,LateHandshakeFailureMissingClientCerts)4592 TEST_F(SSLClientSocketTest, LateHandshakeFailureMissingClientCerts) {
4593 // Request a client certificate.
4594 SSLServerConfig server_config;
4595 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4596 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4597 ASSERT_TRUE(
4598 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4599
4600 TestCompletionCallback callback;
4601 auto real_transport = std::make_unique<TCPClientSocket>(
4602 addr(), nullptr, nullptr, nullptr, NetLogSource());
4603 auto transport =
4604 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4605 FakeBlockingStreamSocket* raw_transport = transport.get();
4606 int rv = callback.GetResult(transport->Connect(callback.callback()));
4607 ASSERT_THAT(rv, IsOk());
4608
4609 // Send no client certificate.
4610 context_->SetClientCertificate(host_port_pair(), nullptr, nullptr);
4611 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4612 std::move(transport), host_port_pair(), SSLConfig()));
4613
4614 // Connect. Stop before the client processes ServerHello.
4615 raw_transport->BlockReadResult();
4616 rv = sock->Connect(callback.callback());
4617 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4618 raw_transport->WaitForReadResult();
4619
4620 // Release the ServerHello and wait for the client to write its second flight.
4621 raw_transport->BlockWrite();
4622 raw_transport->UnblockReadResult();
4623 raw_transport->WaitForWrite();
4624
4625 // Wait for the server's final flight.
4626 raw_transport->BlockReadResult();
4627 raw_transport->UnblockWrite();
4628 raw_transport->WaitForReadResult();
4629
4630 // Replace it with an alert.
4631 raw_transport->ReplaceReadResult(
4632 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4633 raw_transport->UnblockReadResult();
4634
4635 rv = callback.GetResult(rv);
4636 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4637 }
4638
4639 // Test that handshake_failure alerts after the ServerHello map to
4640 // ERR_SSL_PROTOCOL_ERROR if received after sending a client certificate. It is
4641 // assumed servers will send a more appropriate alert in this case.
TEST_F(SSLClientSocketTest,LateHandshakeFailureSendClientCerts)4642 TEST_F(SSLClientSocketTest, LateHandshakeFailureSendClientCerts) {
4643 // Request a client certificate.
4644 SSLServerConfig server_config;
4645 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4646 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4647 ASSERT_TRUE(
4648 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4649
4650 TestCompletionCallback callback;
4651 auto real_transport = std::make_unique<TCPClientSocket>(
4652 addr(), nullptr, nullptr, nullptr, NetLogSource());
4653 auto transport =
4654 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4655 FakeBlockingStreamSocket* raw_transport = transport.get();
4656 int rv = callback.GetResult(transport->Connect(callback.callback()));
4657 ASSERT_THAT(rv, IsOk());
4658
4659 // Send a client certificate.
4660 base::FilePath certs_dir = GetTestCertsDirectory();
4661 context_->SetClientCertificate(
4662 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4663 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4664 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4665 std::move(transport), host_port_pair(), SSLConfig()));
4666
4667 // Connect. Stop before the client processes ServerHello.
4668 raw_transport->BlockReadResult();
4669 rv = sock->Connect(callback.callback());
4670 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4671 raw_transport->WaitForReadResult();
4672
4673 // Release the ServerHello and wait for the client to write its second flight.
4674 raw_transport->BlockWrite();
4675 raw_transport->UnblockReadResult();
4676 raw_transport->WaitForWrite();
4677
4678 // Wait for the server's final flight.
4679 raw_transport->BlockReadResult();
4680 raw_transport->UnblockWrite();
4681 raw_transport->WaitForReadResult();
4682
4683 // Replace it with an alert.
4684 raw_transport->ReplaceReadResult(
4685 FormatTLS12Alert(40 /* AlertDescription.handshake_failure */));
4686 raw_transport->UnblockReadResult();
4687
4688 rv = callback.GetResult(rv);
4689 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4690 }
4691
4692 // Test that access_denied alerts are mapped to ERR_SSL_PROTOCOL_ERROR if
4693 // received on a connection not requesting client certificates. This is an
4694 // incorrect use of the alert but is common. See https://crbug.com/630883.
TEST_F(SSLClientSocketTest,AccessDeniedNoClientCerts)4695 TEST_F(SSLClientSocketTest, AccessDeniedNoClientCerts) {
4696 // Request a client certificate.
4697 SSLServerConfig server_config;
4698 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4699 ASSERT_TRUE(
4700 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4701
4702 TestCompletionCallback callback;
4703 auto real_transport = std::make_unique<TCPClientSocket>(
4704 addr(), nullptr, nullptr, nullptr, NetLogSource());
4705 auto transport =
4706 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4707 FakeBlockingStreamSocket* raw_transport = transport.get();
4708 int rv = callback.GetResult(transport->Connect(callback.callback()));
4709 ASSERT_THAT(rv, IsOk());
4710
4711 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4712 std::move(transport), host_port_pair(), SSLConfig()));
4713
4714 // Connect. Stop before the client processes ServerHello.
4715 raw_transport->BlockReadResult();
4716 rv = sock->Connect(callback.callback());
4717 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4718 raw_transport->WaitForReadResult();
4719
4720 // Release the ServerHello and wait for the client to write its second flight.
4721 raw_transport->BlockWrite();
4722 raw_transport->UnblockReadResult();
4723 raw_transport->WaitForWrite();
4724
4725 // Wait for the server's final flight.
4726 raw_transport->BlockReadResult();
4727 raw_transport->UnblockWrite();
4728 raw_transport->WaitForReadResult();
4729
4730 // Replace it with an alert.
4731 raw_transport->ReplaceReadResult(
4732 FormatTLS12Alert(49 /* AlertDescription.access_denied */));
4733 raw_transport->UnblockReadResult();
4734
4735 rv = callback.GetResult(rv);
4736 EXPECT_THAT(rv, IsError(ERR_SSL_PROTOCOL_ERROR));
4737 }
4738
4739 // Test that access_denied alerts are mapped to ERR_BAD_SSL_CLIENT_AUTH_CERT if
4740 // received on a connection requesting client certificates.
TEST_F(SSLClientSocketTest,AccessDeniedClientCerts)4741 TEST_F(SSLClientSocketTest, AccessDeniedClientCerts) {
4742 // Request a client certificate.
4743 SSLServerConfig server_config;
4744 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
4745 server_config.client_cert_type = SSLServerConfig::OPTIONAL_CLIENT_CERT;
4746 ASSERT_TRUE(
4747 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
4748
4749 TestCompletionCallback callback;
4750 auto real_transport = std::make_unique<TCPClientSocket>(
4751 addr(), nullptr, nullptr, nullptr, NetLogSource());
4752 auto transport =
4753 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
4754 FakeBlockingStreamSocket* raw_transport = transport.get();
4755 int rv = callback.GetResult(transport->Connect(callback.callback()));
4756 ASSERT_THAT(rv, IsOk());
4757
4758 // Send a client certificate.
4759 base::FilePath certs_dir = GetTestCertsDirectory();
4760 context_->SetClientCertificate(
4761 host_port_pair(), ImportCertFromFile(certs_dir, "client_1.pem"),
4762 key_util::LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key")));
4763 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
4764 std::move(transport), host_port_pair(), SSLConfig()));
4765
4766 // Connect. Stop before the client processes ServerHello.
4767 raw_transport->BlockReadResult();
4768 rv = sock->Connect(callback.callback());
4769 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
4770 raw_transport->WaitForReadResult();
4771
4772 // Release the ServerHello and wait for the client to write its second flight.
4773 raw_transport->BlockWrite();
4774 raw_transport->UnblockReadResult();
4775 raw_transport->WaitForWrite();
4776
4777 // Wait for the server's final flight.
4778 raw_transport->BlockReadResult();
4779 raw_transport->UnblockWrite();
4780 raw_transport->WaitForReadResult();
4781
4782 // Replace it with an alert.
4783 raw_transport->ReplaceReadResult(
4784 FormatTLS12Alert(49 /* AlertDescription.access_denied */));
4785 raw_transport->UnblockReadResult();
4786
4787 rv = callback.GetResult(rv);
4788 EXPECT_THAT(rv, IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
4789 }
4790
4791 // Test the client can send application data before the ServerHello comes in.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataBeforeServerHello)4792 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataBeforeServerHello) {
4793 ASSERT_TRUE(StartServer());
4794 ASSERT_TRUE(RunInitialConnection());
4795
4796 // Make a 0-RTT Connection. Connect() and Write() complete even though the
4797 // ServerHello is blocked.
4798 FakeBlockingStreamSocket* socket = MakeClient(true);
4799 socket->BlockReadResult();
4800 ASSERT_THAT(Connect(), IsOk());
4801 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4802 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4803
4804 // Release the ServerHello. Now reads complete.
4805 socket->UnblockReadResult();
4806 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4807 int size = ReadAndWait(buf.get(), 4096);
4808 EXPECT_GT(size, 0);
4809 EXPECT_EQ('1', buf->data()[size - 1]);
4810
4811 SSLInfo ssl_info;
4812 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4813 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4814 }
4815
4816 // Test that the client sends 1-RTT data if the ServerHello happens to come in
4817 // before Write() is called. See https://crbug.com/950706.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataAfterServerHello)4818 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataAfterServerHello) {
4819 ASSERT_TRUE(StartServer());
4820 ASSERT_TRUE(RunInitialConnection());
4821
4822 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4823 // blocked.
4824 FakeBlockingStreamSocket* socket = MakeClient(true);
4825 socket->BlockReadResult();
4826 ASSERT_THAT(Connect(), IsOk());
4827
4828 // Wait for the ServerHello to come in and for SSLClientSocket to process it.
4829 socket->WaitForReadResult();
4830 socket->UnblockReadResult();
4831 base::RunLoop().RunUntilIdle();
4832
4833 // Now write to the socket.
4834 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4835 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4836
4837 // Although the socket was created in early data state and the client never
4838 // explicitly called ReaD() or ConfirmHandshake(), SSLClientSocketImpl
4839 // internally consumed the ServerHello and switch keys. The server then
4840 // responds with '0'.
4841 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4842 int size = ReadAndWait(buf.get(), 4096);
4843 EXPECT_GT(size, 0);
4844 EXPECT_EQ('0', buf->data()[size - 1]);
4845
4846 SSLInfo ssl_info;
4847 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4848 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4849 }
4850
4851 // Check that 0RTT is confirmed after a Write and Read.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTConfirmedAfterRead)4852 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTConfirmedAfterRead) {
4853 ASSERT_TRUE(StartServer());
4854 ASSERT_TRUE(RunInitialConnection());
4855
4856 // Make a 0-RTT Connection. Connect() and Write() complete even though the
4857 // ServerHello is blocked.
4858 FakeBlockingStreamSocket* socket = MakeClient(true);
4859 socket->BlockReadResult();
4860 ASSERT_THAT(Connect(), IsOk());
4861 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
4862 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
4863
4864 socket->UnblockReadResult();
4865 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4866 int size = ReadAndWait(buf.get(), 4096);
4867 EXPECT_GT(size, 0);
4868 EXPECT_EQ('1', buf->data()[size - 1]);
4869
4870 // After the handshake is confirmed, ConfirmHandshake should return
4871 // synchronously.
4872 TestCompletionCallback callback;
4873 ASSERT_THAT(ssl_socket()->ConfirmHandshake(callback.callback()), IsOk());
4874
4875 SSLInfo ssl_info;
4876 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4877 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4878 }
4879
4880 // Test that writes wait for the ServerHello once it has reached the early data
4881 // limit.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataLimit)4882 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimit) {
4883 ASSERT_TRUE(StartServer());
4884 ASSERT_TRUE(RunInitialConnection());
4885
4886 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4887 // blocked.
4888 FakeBlockingStreamSocket* socket = MakeClient(true);
4889 socket->BlockReadResult();
4890 ASSERT_THAT(Connect(), IsOk());
4891
4892 // EmbeddedTestServer uses BoringSSL's hard-coded early data limit, which is
4893 // below 16k.
4894 constexpr size_t kRequestSize = 16 * 1024;
4895 std::string request = "GET /zerortt HTTP/1.0\r\n";
4896 while (request.size() < kRequestSize) {
4897 request += "The-Answer-To-Life-The-Universe-And-Everything: 42\r\n";
4898 }
4899 request += "\r\n";
4900
4901 // Writing the large input should not succeed. It is blocked on the
4902 // ServerHello.
4903 TestCompletionCallback write_callback;
4904 auto write_buf = base::MakeRefCounted<StringIOBuffer>(request);
4905 int write_rv = ssl_socket()->Write(write_buf.get(), request.size(),
4906 write_callback.callback(),
4907 TRAFFIC_ANNOTATION_FOR_TESTS);
4908 ASSERT_THAT(write_rv, IsError(ERR_IO_PENDING));
4909
4910 // The Write should have issued a read for the ServerHello, so
4911 // WaitForReadResult has something to wait for.
4912 socket->WaitForReadResult();
4913 EXPECT_TRUE(socket->pending_read_result());
4914
4915 // Queue a read. It should be blocked on the ServerHello.
4916 TestCompletionCallback read_callback;
4917 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4918 int read_rv =
4919 ssl_socket()->Read(read_buf.get(), 4096, read_callback.callback());
4920 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
4921
4922 // Also queue a ConfirmHandshake. It should also be blocked on ServerHello.
4923 TestCompletionCallback confirm_callback;
4924 int confirm_rv = ssl_socket()->ConfirmHandshake(confirm_callback.callback());
4925 ASSERT_THAT(confirm_rv, IsError(ERR_IO_PENDING));
4926
4927 // Double-check the write was not accidentally blocked on the network.
4928 base::RunLoop().RunUntilIdle();
4929 EXPECT_FALSE(write_callback.have_result());
4930
4931 // At this point, the maximum possible number of events are all blocked on the
4932 // same thing. Release the ServerHello. All three should complete.
4933 socket->UnblockReadResult();
4934 EXPECT_EQ(static_cast<int>(request.size()),
4935 write_callback.GetResult(write_rv));
4936 EXPECT_THAT(confirm_callback.GetResult(confirm_rv), IsOk());
4937 int size = read_callback.GetResult(read_rv);
4938 ASSERT_GT(size, 0);
4939 EXPECT_EQ('1', read_buf->data()[size - 1]);
4940
4941 SSLInfo ssl_info;
4942 ASSERT_TRUE(GetSSLInfo(&ssl_info));
4943 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
4944 }
4945
4946 // When a client socket reaches the 0-RTT early data limit, both Write() and
4947 // ConfirmHandshake() become blocked on a transport read. Test that
4948 // CancelReadIfReady() does not interrupt those.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTEarlyDataLimitCancelReadIfReady)4949 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTEarlyDataLimitCancelReadIfReady) {
4950 ASSERT_TRUE(StartServer());
4951 ASSERT_TRUE(RunInitialConnection());
4952
4953 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
4954 // blocked.
4955 FakeBlockingStreamSocket* socket = MakeClient(true);
4956 socket->BlockReadResult();
4957 ASSERT_THAT(Connect(), IsOk());
4958
4959 // EmbeddedTestServer uses BoringSSL's hard-coded early data limit, which is
4960 // below 16k.
4961 constexpr size_t kRequestSize = 16 * 1024;
4962 std::string request = "GET /zerortt HTTP/1.0\r\n";
4963 while (request.size() < kRequestSize) {
4964 request += "The-Answer-To-Life-The-Universe-And-Everything: 42\r\n";
4965 }
4966 request += "\r\n";
4967
4968 // Writing the large input should not succeed. It is blocked on the
4969 // ServerHello.
4970 TestCompletionCallback write_callback;
4971 auto write_buf = base::MakeRefCounted<StringIOBuffer>(request);
4972 int write_rv = ssl_socket()->Write(write_buf.get(), request.size(),
4973 write_callback.callback(),
4974 TRAFFIC_ANNOTATION_FOR_TESTS);
4975 ASSERT_THAT(write_rv, IsError(ERR_IO_PENDING));
4976
4977 // The Write should have issued a read for the ServerHello, so
4978 // WaitForReadResult has something to wait for.
4979 socket->WaitForReadResult();
4980 EXPECT_TRUE(socket->pending_read_result());
4981
4982 // Attempt a ReadIfReady(). It should be blocked on the ServerHello.
4983 TestCompletionCallback read_callback;
4984 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(4096);
4985 int read_rv =
4986 ssl_socket()->ReadIfReady(read_buf.get(), 4096, read_callback.callback());
4987 ASSERT_THAT(read_rv, IsError(ERR_IO_PENDING));
4988
4989 // Also queue a ConfirmHandshake. It should also be blocked on ServerHello.
4990 TestCompletionCallback confirm_callback;
4991 int confirm_rv = ssl_socket()->ConfirmHandshake(confirm_callback.callback());
4992 ASSERT_THAT(confirm_rv, IsError(ERR_IO_PENDING));
4993
4994 // Cancel the ReadIfReady() and release the ServerHello. The remaining
4995 // operations should complete.
4996 ASSERT_THAT(ssl_socket()->CancelReadIfReady(), IsOk());
4997 socket->UnblockReadResult();
4998 EXPECT_EQ(static_cast<int>(request.size()),
4999 write_callback.GetResult(write_rv));
5000 EXPECT_THAT(confirm_callback.GetResult(confirm_rv), IsOk());
5001
5002 // ReadIfReady() should not complete.
5003 base::RunLoop().RunUntilIdle();
5004 EXPECT_FALSE(read_callback.have_result());
5005
5006 SSLInfo ssl_info;
5007 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5008 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5009
5010 // After a canceled read, future reads are still possible.
5011 TestCompletionCallback read_callback2;
5012 read_rv = read_callback2.GetResult(
5013 ssl_socket()->Read(read_buf.get(), 4096, read_callback2.callback()));
5014 ASSERT_GT(read_rv, 0);
5015 }
5016
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTReject)5017 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReject) {
5018 ASSERT_TRUE(StartServer());
5019 ASSERT_TRUE(RunInitialConnection());
5020
5021 SSLServerConfig server_config;
5022 server_config.early_data_enabled = false;
5023 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5024 SetServerConfig(server_config);
5025
5026 // 0-RTT Connection
5027 FakeBlockingStreamSocket* socket = MakeClient(true);
5028 socket->BlockReadResult();
5029 ASSERT_THAT(Connect(), IsOk());
5030 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5031 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5032 socket->UnblockReadResult();
5033
5034 // Expect early data to be rejected.
5035 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5036 int rv = ReadAndWait(buf.get(), 4096);
5037 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
5038 rv = WriteAndWait(kRequest);
5039 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
5040
5041 // Run the event loop so the rejection has reached the TLS session cache.
5042 base::RunLoop().RunUntilIdle();
5043
5044 // Now that the session cache has been updated, retrying the connection
5045 // should succeed.
5046 socket = MakeClient(true);
5047 ASSERT_THAT(Connect(), IsOk());
5048 ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk());
5049 SSLInfo ssl_info;
5050 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5051 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5052 }
5053
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTWrongVersion)5054 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTWrongVersion) {
5055 ASSERT_TRUE(StartServer());
5056 ASSERT_TRUE(RunInitialConnection());
5057
5058 SSLServerConfig server_config;
5059 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5060 SetServerConfig(server_config);
5061
5062 // 0-RTT Connection
5063 FakeBlockingStreamSocket* socket = MakeClient(true);
5064 socket->BlockReadResult();
5065 ASSERT_THAT(Connect(), IsOk());
5066 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5067 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5068 socket->UnblockReadResult();
5069
5070 // Expect early data to be rejected because the TLS version was incorrect.
5071 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5072 int rv = ReadAndWait(buf.get(), 4096);
5073 EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv);
5074 rv = WriteAndWait(kRequest);
5075 EXPECT_EQ(ERR_WRONG_VERSION_ON_EARLY_DATA, rv);
5076
5077 // Run the event loop so the rejection has reached the TLS session cache.
5078 base::RunLoop().RunUntilIdle();
5079
5080 // Now that the session cache has been updated, retrying the connection
5081 // should succeed.
5082 socket = MakeClient(true);
5083 ASSERT_THAT(Connect(), IsOk());
5084 ASSERT_THAT(MakeHTTPRequest(ssl_socket()), IsOk());
5085 SSLInfo ssl_info;
5086 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5087 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5088 }
5089
5090 // Test that the ConfirmHandshake successfully completes the handshake and that
5091 // it blocks until the server's leg has been received.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTConfirmHandshake)5092 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTConfirmHandshake) {
5093 ASSERT_TRUE(StartServer());
5094 ASSERT_TRUE(RunInitialConnection());
5095
5096 // 0-RTT Connection
5097 FakeBlockingStreamSocket* socket = MakeClient(true);
5098 socket->BlockReadResult();
5099 ASSERT_THAT(Connect(), IsOk());
5100
5101 // The ServerHello is blocked, so ConfirmHandshake should not complete.
5102 TestCompletionCallback callback;
5103 ASSERT_EQ(ERR_IO_PENDING,
5104 ssl_socket()->ConfirmHandshake(callback.callback()));
5105 base::RunLoop().RunUntilIdle();
5106 EXPECT_FALSE(callback.have_result());
5107
5108 // Release the ServerHello. ConfirmHandshake now completes.
5109 socket->UnblockReadResult();
5110 ASSERT_THAT(callback.GetResult(ERR_IO_PENDING), IsOk());
5111
5112 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5113 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5114
5115 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5116 int size = ReadAndWait(buf.get(), 4096);
5117 EXPECT_GT(size, 0);
5118 EXPECT_EQ('0', buf->data()[size - 1]);
5119
5120 SSLInfo ssl_info;
5121 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5122 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5123 }
5124
5125 // Test that an early read does not break during zero RTT.
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTReadBeforeWrite)5126 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTReadBeforeWrite) {
5127 ASSERT_TRUE(StartServer());
5128 ASSERT_TRUE(RunInitialConnection());
5129
5130 // Make a 0-RTT Connection. Connect() completes even though the ServerHello is
5131 // blocked.
5132 FakeBlockingStreamSocket* socket = MakeClient(true);
5133 socket->BlockReadResult();
5134 ASSERT_THAT(Connect(), IsOk());
5135
5136 // Read() does not make progress.
5137 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5138 TestCompletionCallback read_callback;
5139 ASSERT_EQ(ERR_IO_PENDING,
5140 ssl_socket()->Read(buf.get(), 4096, read_callback.callback()));
5141
5142 // Write() completes, even though reads are blocked.
5143 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5144 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5145
5146 // Release the ServerHello, etc. The Read() now completes.
5147 socket->UnblockReadResult();
5148 int size = read_callback.GetResult(ERR_IO_PENDING);
5149 EXPECT_GT(size, 0);
5150 EXPECT_EQ('1', buf->data()[size - 1]);
5151
5152 SSLInfo ssl_info;
5153 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5154 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5155 }
5156
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTDoubleConfirmHandshake)5157 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTDoubleConfirmHandshake) {
5158 ASSERT_TRUE(StartServer());
5159 ASSERT_TRUE(RunInitialConnection());
5160
5161 // 0-RTT Connection
5162 MakeClient(true);
5163 ASSERT_THAT(Connect(), IsOk());
5164 TestCompletionCallback callback;
5165 ASSERT_THAT(
5166 callback.GetResult(ssl_socket()->ConfirmHandshake(callback.callback())),
5167 IsOk());
5168 // After the handshake is confirmed, ConfirmHandshake should return
5169 // synchronously.
5170 ASSERT_THAT(ssl_socket()->ConfirmHandshake(callback.callback()), IsOk());
5171 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5172 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5173
5174 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5175 int size = ReadAndWait(buf.get(), 4096);
5176 EXPECT_GT(size, 0);
5177 EXPECT_EQ('0', buf->data()[size - 1]);
5178
5179 SSLInfo ssl_info;
5180 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5181 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5182 }
5183
TEST_F(SSLClientSocketZeroRTTTest,ZeroRTTParallelReadConfirm)5184 TEST_F(SSLClientSocketZeroRTTTest, ZeroRTTParallelReadConfirm) {
5185 ASSERT_TRUE(StartServer());
5186 ASSERT_TRUE(RunInitialConnection());
5187
5188 // 0-RTT Connection
5189 FakeBlockingStreamSocket* socket = MakeClient(true);
5190 socket->BlockReadResult();
5191 ASSERT_THAT(Connect(), IsOk());
5192
5193 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5194 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5195
5196 // The ServerHello is blocked, so ConfirmHandshake should not complete.
5197 TestCompletionCallback callback;
5198 ASSERT_EQ(ERR_IO_PENDING,
5199 ssl_socket()->ConfirmHandshake(callback.callback()));
5200 base::RunLoop().RunUntilIdle();
5201 EXPECT_FALSE(callback.have_result());
5202
5203 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5204 TestCompletionCallback read_callback;
5205 ASSERT_EQ(ERR_IO_PENDING,
5206 ssl_socket()->Read(buf.get(), 4096, read_callback.callback()));
5207 base::RunLoop().RunUntilIdle();
5208 EXPECT_FALSE(read_callback.have_result());
5209
5210 // Release the ServerHello. ConfirmHandshake now completes.
5211 socket->UnblockReadResult();
5212 ASSERT_THAT(callback.WaitForResult(), IsOk());
5213
5214 int result = read_callback.WaitForResult();
5215 EXPECT_GT(result, 0);
5216 EXPECT_EQ('1', buf->data()[result - 1]);
5217
5218 SSLInfo ssl_info;
5219 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5220 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5221 }
5222
TEST_P(SSLClientSocketReadTest,IdleAfterRead)5223 TEST_P(SSLClientSocketReadTest, IdleAfterRead) {
5224 // Set up a TCP server.
5225 TCPServerSocket server_listener(nullptr, NetLogSource());
5226 ASSERT_THAT(server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0),
5227 1, /*ipv6_only=*/std::nullopt),
5228 IsOk());
5229 IPEndPoint server_address;
5230 ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk());
5231
5232 // Connect a TCP client and server socket.
5233 TestCompletionCallback server_callback;
5234 std::unique_ptr<StreamSocket> server_transport;
5235 int server_rv =
5236 server_listener.Accept(&server_transport, server_callback.callback());
5237
5238 TestCompletionCallback client_callback;
5239 auto client_transport = std::make_unique<TCPClientSocket>(
5240 AddressList(server_address), nullptr, nullptr, nullptr, NetLogSource());
5241 int client_rv = client_transport->Connect(client_callback.callback());
5242
5243 EXPECT_THAT(server_callback.GetResult(server_rv), IsOk());
5244 EXPECT_THAT(client_callback.GetResult(client_rv), IsOk());
5245
5246 // Set up an SSL server.
5247 base::FilePath certs_dir = GetTestCertsDirectory();
5248 scoped_refptr<net::X509Certificate> cert =
5249 ImportCertFromFile(certs_dir, "ok_cert.pem");
5250 ASSERT_TRUE(cert);
5251 bssl::UniquePtr<EVP_PKEY> pkey =
5252 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("ok_cert.pem"));
5253 ASSERT_TRUE(pkey);
5254 std::unique_ptr<crypto::RSAPrivateKey> key =
5255 crypto::RSAPrivateKey::CreateFromKey(pkey.get());
5256 ASSERT_TRUE(key);
5257 std::unique_ptr<SSLServerContext> server_context =
5258 CreateSSLServerContext(cert.get(), *key.get(), GetServerConfig());
5259
5260 // Complete the SSL handshake on both sides.
5261 std::unique_ptr<SSLClientSocket> client(CreateSSLClientSocket(
5262 std::move(client_transport), HostPortPair::FromIPEndPoint(server_address),
5263 SSLConfig()));
5264 std::unique_ptr<SSLServerSocket> server(
5265 server_context->CreateSSLServerSocket(std::move(server_transport)));
5266
5267 server_rv = server->Handshake(server_callback.callback());
5268 client_rv = client->Connect(client_callback.callback());
5269
5270 EXPECT_THAT(server_callback.GetResult(server_rv), IsOk());
5271 EXPECT_THAT(client_callback.GetResult(client_rv), IsOk());
5272
5273 // Write a single record on the server.
5274 auto write_buf = base::MakeRefCounted<StringIOBuffer>("a");
5275 server_rv = server->Write(write_buf.get(), 1, server_callback.callback(),
5276 TRAFFIC_ANNOTATION_FOR_TESTS);
5277
5278 // Read that record on the server, but with a much larger buffer than
5279 // necessary.
5280 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(1024);
5281 client_rv =
5282 Read(client.get(), read_buf.get(), 1024, client_callback.callback());
5283
5284 EXPECT_EQ(1, server_callback.GetResult(server_rv));
5285 EXPECT_EQ(1, WaitForReadCompletion(client.get(), read_buf.get(), 1024,
5286 &client_callback, client_rv));
5287
5288 // At this point the client socket should be idle.
5289 EXPECT_TRUE(client->IsConnectedAndIdle());
5290 }
5291
5292 // Test that certificate errors are properly reported when the underlying
5293 // transport is itself a TLS connection, such as when tunneling over an HTTPS
5294 // proxy. See https://crbug.com/959305.
TEST_F(SSLClientSocketTest,SSLOverSSLBadCertificate)5295 TEST_F(SSLClientSocketTest, SSLOverSSLBadCertificate) {
5296 // Load a pair of certificates.
5297 base::FilePath certs_dir = GetTestCertsDirectory();
5298 scoped_refptr<net::X509Certificate> ok_cert =
5299 ImportCertFromFile(certs_dir, "ok_cert.pem");
5300 ASSERT_TRUE(ok_cert);
5301 bssl::UniquePtr<EVP_PKEY> ok_pkey =
5302 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("ok_cert.pem"));
5303 ASSERT_TRUE(ok_pkey);
5304
5305 scoped_refptr<net::X509Certificate> expired_cert =
5306 ImportCertFromFile(certs_dir, "expired_cert.pem");
5307 ASSERT_TRUE(expired_cert);
5308 bssl::UniquePtr<EVP_PKEY> expired_pkey =
5309 key_util::LoadEVP_PKEYFromPEM(certs_dir.AppendASCII("expired_cert.pem"));
5310 ASSERT_TRUE(expired_pkey);
5311
5312 CertVerifyResult expired_result;
5313 expired_result.verified_cert = expired_cert;
5314 expired_result.cert_status = CERT_STATUS_DATE_INVALID;
5315 cert_verifier_->AddResultForCert(expired_cert, expired_result,
5316 ERR_CERT_DATE_INVALID);
5317
5318 // Set up a TCP server.
5319 TCPServerSocket server_listener(nullptr, NetLogSource());
5320 ASSERT_THAT(server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0),
5321 1, /*ipv6_only=*/std::nullopt),
5322 IsOk());
5323 IPEndPoint server_address;
5324 ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk());
5325
5326 // Connect a TCP client and server socket.
5327 TestCompletionCallback server_callback;
5328 std::unique_ptr<StreamSocket> server_transport;
5329 int server_rv =
5330 server_listener.Accept(&server_transport, server_callback.callback());
5331
5332 TestCompletionCallback client_callback;
5333 auto client_transport = std::make_unique<TCPClientSocket>(
5334 AddressList(server_address), nullptr, nullptr, nullptr, NetLogSource());
5335 int client_rv = client_transport->Connect(client_callback.callback());
5336
5337 ASSERT_THAT(server_callback.GetResult(server_rv), IsOk());
5338 ASSERT_THAT(client_callback.GetResult(client_rv), IsOk());
5339
5340 // Set up a pair of SSL servers.
5341 std::unique_ptr<crypto::RSAPrivateKey> ok_key =
5342 crypto::RSAPrivateKey::CreateFromKey(ok_pkey.get());
5343 ASSERT_TRUE(ok_key);
5344 std::unique_ptr<SSLServerContext> ok_server_context =
5345 CreateSSLServerContext(ok_cert.get(), *ok_key.get(), SSLServerConfig());
5346
5347 std::unique_ptr<crypto::RSAPrivateKey> expired_key =
5348 crypto::RSAPrivateKey::CreateFromKey(expired_pkey.get());
5349 ASSERT_TRUE(expired_key);
5350 std::unique_ptr<SSLServerContext> expired_server_context =
5351 CreateSSLServerContext(expired_cert.get(), *expired_key.get(),
5352 SSLServerConfig());
5353
5354 // Complete the proxy SSL handshake with ok_cert.pem. This should succeed.
5355 std::unique_ptr<SSLClientSocket> client =
5356 CreateSSLClientSocket(std::move(client_transport),
5357 HostPortPair("proxy.test", 443), SSLConfig());
5358 std::unique_ptr<SSLServerSocket> server =
5359 ok_server_context->CreateSSLServerSocket(std::move(server_transport));
5360
5361 client_rv = client->Connect(client_callback.callback());
5362 server_rv = server->Handshake(server_callback.callback());
5363 ASSERT_THAT(client_callback.GetResult(client_rv), IsOk());
5364 ASSERT_THAT(server_callback.GetResult(server_rv), IsOk());
5365
5366 // Run the tunneled SSL handshake on with expired_cert.pem. This should fail.
5367 client = CreateSSLClientSocket(std::move(client),
5368 HostPortPair("server.test", 443), SSLConfig());
5369 server = expired_server_context->CreateSSLServerSocket(std::move(server));
5370
5371 client_rv = client->Connect(client_callback.callback());
5372 server_rv = server->Handshake(server_callback.callback());
5373
5374 // The client should observe the bad certificate error.
5375 EXPECT_THAT(client_callback.GetResult(client_rv),
5376 IsError(ERR_CERT_DATE_INVALID));
5377 SSLInfo ssl_info;
5378 ASSERT_TRUE(client->GetSSLInfo(&ssl_info));
5379 EXPECT_EQ(ssl_info.cert_status, expired_result.cert_status);
5380
5381 // TODO(https://crbug.com/912383): The server sees
5382 // ERR_BAD_SSL_CLIENT_AUTH_CERT because its peer (the client) alerts it with
5383 // bad_certificate. The alert-mapping code assumes it is running on a client,
5384 // so it translates bad_certificate to ERR_BAD_SSL_CLIENT_AUTH_CERT, which
5385 // shouldn't be the error for a bad server certificate.
5386 EXPECT_THAT(server_callback.GetResult(server_rv),
5387 IsError(ERR_BAD_SSL_CLIENT_AUTH_CERT));
5388 }
5389
TEST_F(SSLClientSocketTest,Tag)5390 TEST_F(SSLClientSocketTest, Tag) {
5391 ASSERT_TRUE(
5392 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5393
5394 auto transport = std::make_unique<TCPClientSocket>(
5395 addr(), nullptr, nullptr, NetLog::Get(), NetLogSource());
5396
5397 auto tagging_sock =
5398 std::make_unique<MockTaggingStreamSocket>(std::move(transport));
5399 auto* tagging_sock_ptr = tagging_sock.get();
5400
5401 // |sock| takes ownership of |tagging_sock|, but keep a
5402 // non-owning pointer to it.
5403 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
5404 std::move(tagging_sock), host_port_pair(), SSLConfig()));
5405
5406 EXPECT_EQ(tagging_sock_ptr->tag(), SocketTag());
5407 #if BUILDFLAG(IS_ANDROID)
5408 SocketTag tag(0x12345678, 0x87654321);
5409 sock->ApplySocketTag(tag);
5410 EXPECT_EQ(tagging_sock_ptr->tag(), tag);
5411 #endif // BUILDFLAG(IS_ANDROID)
5412 }
5413
TEST_F(SSLClientSocketTest,ECH)5414 TEST_F(SSLClientSocketTest, ECH) {
5415 SSLServerConfig server_config;
5416 SSLConfig client_config;
5417 server_config.ech_keys = MakeTestEchKeys(
5418 "public.example", /*max_name_len=*/64, &client_config.ech_config_list);
5419 ASSERT_TRUE(server_config.ech_keys);
5420
5421 ASSERT_TRUE(
5422 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5423
5424 // Connecting with the client should use ECH.
5425 int rv;
5426 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5427 EXPECT_THAT(rv, IsOk());
5428 SSLInfo ssl_info;
5429 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5430 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
5431 EXPECT_TRUE(ssl_info.encrypted_client_hello);
5432
5433 // TLS 1.3 causes the ticket to arrive later. Use the socket to ensure we have
5434 // a ticket. This also populates the SSLInfo from the server.
5435 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5436 std::optional<SSLInfo> server_ssl_info = LastSSLInfoFromServer();
5437 ASSERT_TRUE(server_ssl_info);
5438 EXPECT_TRUE(server_ssl_info->encrypted_client_hello);
5439
5440 // Reconnect. ECH should not interfere with resumption.
5441 sock_.reset();
5442 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5443 EXPECT_THAT(rv, IsOk());
5444 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5445 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5446 EXPECT_TRUE(ssl_info.encrypted_client_hello);
5447
5448 // Check SSLInfo from the server.
5449 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5450 server_ssl_info = LastSSLInfoFromServer();
5451 ASSERT_TRUE(server_ssl_info);
5452 EXPECT_TRUE(server_ssl_info->encrypted_client_hello);
5453
5454 // Connecting without ECH should not report ECH was used.
5455 client_config.ech_config_list.clear();
5456 sock_.reset();
5457 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5458 EXPECT_THAT(rv, IsOk());
5459 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
5460 EXPECT_FALSE(ssl_info.encrypted_client_hello);
5461
5462 // Check SSLInfo from the server.
5463 EXPECT_THAT(MakeHTTPRequest(sock_.get(), "/ssl-info"), IsOk());
5464 server_ssl_info = LastSSLInfoFromServer();
5465 ASSERT_TRUE(server_ssl_info);
5466 EXPECT_FALSE(server_ssl_info->encrypted_client_hello);
5467 }
5468
5469 // Test that, on key mismatch, the public name can be used to authenticate
5470 // replacement keys.
TEST_F(SSLClientSocketTest,ECHWrongKeys)5471 TEST_F(SSLClientSocketTest, ECHWrongKeys) {
5472 static const char kPublicName[] = "public.example";
5473 std::vector<uint8_t> ech_config_list1, ech_config_list2;
5474 bssl::UniquePtr<SSL_ECH_KEYS> keys1 =
5475 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list1);
5476 ASSERT_TRUE(keys1);
5477 bssl::UniquePtr<SSL_ECH_KEYS> keys2 =
5478 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list2);
5479 ASSERT_TRUE(keys2);
5480
5481 // Configure the client and server with different keys.
5482 SSLServerConfig server_config;
5483 server_config.ech_keys = std::move(keys1);
5484 SSLConfig client_config;
5485 client_config.ech_config_list = std::move(ech_config_list2);
5486
5487 ASSERT_TRUE(
5488 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5489
5490 // Verify the fallback handshake verifies the certificate against the public
5491 // name.
5492 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5493 scoped_refptr<X509Certificate> server_cert =
5494 embedded_test_server()->GetCertificate();
5495 CertVerifyResult verify_result;
5496 verify_result.verified_cert = server_cert;
5497 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5498 verify_result, OK);
5499
5500 // Connecting with the client should report ECH was not negotiated.
5501 int rv;
5502 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5503 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5504
5505 // The server's keys are available as retry keys.
5506 EXPECT_EQ(ech_config_list1, sock_->GetECHRetryConfigs());
5507 }
5508
5509 // Test that, if the server does not support ECH, it can securely report this
5510 // via the public name. This allows recovery if the server needed to
5511 // rollback ECH support.
TEST_F(SSLClientSocketTest,ECHSecurelyDisabled)5512 TEST_F(SSLClientSocketTest, ECHSecurelyDisabled) {
5513 static const char kPublicName[] = "public.example";
5514 std::vector<uint8_t> ech_config_list;
5515 bssl::UniquePtr<SSL_ECH_KEYS> keys =
5516 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list);
5517 ASSERT_TRUE(keys);
5518
5519 // The server does not have keys configured.
5520 ASSERT_TRUE(
5521 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5522
5523 // However it can authenticate for kPublicName.
5524 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5525 scoped_refptr<X509Certificate> server_cert =
5526 embedded_test_server()->GetCertificate();
5527 CertVerifyResult verify_result;
5528 verify_result.verified_cert = server_cert;
5529 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5530 verify_result, OK);
5531
5532 // Connecting with the client should report ECH was not negotiated.
5533 SSLConfig client_config;
5534 client_config.ech_config_list = std::move(ech_config_list);
5535 int rv;
5536 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5537 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5538
5539 // The retry config is empty, meaning the server has securely reported that
5540 // ECH is disabled
5541 EXPECT_TRUE(sock_->GetECHRetryConfigs().empty());
5542 }
5543
5544 // The same as the above, but testing that it also works in TLS 1.2, which
5545 // otherwise does not support ECH.
TEST_F(SSLClientSocketTest,ECHSecurelyDisabledTLS12)5546 TEST_F(SSLClientSocketTest, ECHSecurelyDisabledTLS12) {
5547 static const char kPublicName[] = "public.example";
5548 std::vector<uint8_t> ech_config_list;
5549 bssl::UniquePtr<SSL_ECH_KEYS> keys =
5550 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list);
5551 ASSERT_TRUE(keys);
5552
5553 // The server does not have keys configured.
5554 SSLServerConfig server_config;
5555 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5556 ASSERT_TRUE(
5557 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5558
5559 // However it can authenticate for kPublicName.
5560 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5561 scoped_refptr<X509Certificate> server_cert =
5562 embedded_test_server()->GetCertificate();
5563 CertVerifyResult verify_result;
5564 verify_result.verified_cert = server_cert;
5565 cert_verifier_->AddResultForCertAndHost(server_cert, kPublicName,
5566 verify_result, OK);
5567
5568 // Connecting with the client should report ECH was not negotiated.
5569 SSLConfig client_config;
5570 client_config.ech_config_list = std::move(ech_config_list);
5571 int rv;
5572 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5573 EXPECT_THAT(rv, IsError(ERR_ECH_NOT_NEGOTIATED));
5574
5575 // The retry config is empty, meaning the server has securely reported that
5576 // ECH is disabled
5577 EXPECT_TRUE(sock_->GetECHRetryConfigs().empty());
5578 }
5579
5580 // Test that the ECH fallback handshake rejects bad certificates.
TEST_F(SSLClientSocketTest,ECHFallbackBadCert)5581 TEST_F(SSLClientSocketTest, ECHFallbackBadCert) {
5582 static const char kPublicName[] = "public.example";
5583 std::vector<uint8_t> ech_config_list1, ech_config_list2;
5584 bssl::UniquePtr<SSL_ECH_KEYS> keys1 =
5585 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list1);
5586 ASSERT_TRUE(keys1);
5587 bssl::UniquePtr<SSL_ECH_KEYS> keys2 =
5588 MakeTestEchKeys(kPublicName, /*max_name_len=*/64, &ech_config_list2);
5589 ASSERT_TRUE(keys2);
5590
5591 // Configure the client and server with different keys.
5592 SSLServerConfig server_config;
5593 server_config.ech_keys = std::move(keys1);
5594 SSLConfig client_config;
5595 client_config.ech_config_list = std::move(ech_config_list2);
5596
5597 ASSERT_TRUE(
5598 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5599
5600 // Configure the client to reject the certificate for the public name (or any
5601 // other name).
5602 cert_verifier_->set_default_result(ERR_CERT_INVALID);
5603
5604 // Connecting with the client will fail with a fatal error.
5605 int rv;
5606 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5607 EXPECT_THAT(rv, IsError(ERR_ECH_FALLBACK_CERTIFICATE_INVALID));
5608 }
5609
TEST_F(SSLClientSocketTest,InvalidECHConfigList)5610 TEST_F(SSLClientSocketTest, InvalidECHConfigList) {
5611 ASSERT_TRUE(
5612 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5613
5614 // If the ECHConfigList cannot be parsed at all, report an error to the
5615 // caller.
5616 SSLConfig client_config;
5617 client_config.ech_config_list = {0x00};
5618 int rv;
5619 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5620 EXPECT_THAT(rv, IsError(ERR_INVALID_ECH_CONFIG_LIST));
5621 }
5622
5623 // Test that, if no ECHConfigList is available, the client sends ECH GREASE.
TEST_F(SSLClientSocketTest,ECHGreaseEnabled)5624 TEST_F(SSLClientSocketTest, ECHGreaseEnabled) {
5625 // Configure the server to expect an ECH extension.
5626 bool ran_callback = false;
5627 SSLServerConfig server_config;
5628 server_config.client_hello_callback_for_testing =
5629 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5630 const uint8_t* data;
5631 size_t len;
5632 EXPECT_TRUE(SSL_early_callback_ctx_extension_get(
5633 client_hello, TLSEXT_TYPE_encrypted_client_hello, &data, &len));
5634 ran_callback = true;
5635 return true;
5636 });
5637 ASSERT_TRUE(
5638 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5639 int rv;
5640 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
5641 EXPECT_THAT(rv, IsOk());
5642 EXPECT_TRUE(ran_callback);
5643 }
5644
5645 // Test that, if ECH is disabled, the client does not send ECH GREASE.
TEST_F(SSLClientSocketTest,ECHGreaseDisabled)5646 TEST_F(SSLClientSocketTest, ECHGreaseDisabled) {
5647 SSLContextConfig context_config;
5648 context_config.ech_enabled = false;
5649 ssl_config_service_->UpdateSSLConfigAndNotify(context_config);
5650
5651 // Configure the server not to expect an ECH extension.
5652 bool ran_callback = false;
5653 SSLServerConfig server_config;
5654 server_config.client_hello_callback_for_testing =
5655 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5656 const uint8_t* data;
5657 size_t len;
5658 EXPECT_FALSE(SSL_early_callback_ctx_extension_get(
5659 client_hello, TLSEXT_TYPE_encrypted_client_hello, &data, &len));
5660 ran_callback = true;
5661 return true;
5662 });
5663 ASSERT_TRUE(
5664 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5665 int rv;
5666 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv));
5667 EXPECT_THAT(rv, IsOk());
5668 EXPECT_TRUE(ran_callback);
5669 }
5670
5671 struct SSLHandshakeDetailsParams {
5672 bool alpn;
5673 bool early_data;
5674 uint16_t version;
5675 SSLHandshakeDetails expected_initial;
5676 SSLHandshakeDetails expected_resume;
5677 };
5678
5679 const SSLHandshakeDetailsParams kSSLHandshakeDetailsParams[] = {
5680 // TLS 1.2 does False Start if ALPN is enabled.
5681 {false /* no ALPN */, false /* no early data */,
5682 SSL_PROTOCOL_VERSION_TLS1_2, SSLHandshakeDetails::kTLS12Full,
5683 SSLHandshakeDetails::kTLS12Resume},
5684 {true /* ALPN */, false /* no early data */, SSL_PROTOCOL_VERSION_TLS1_2,
5685 SSLHandshakeDetails::kTLS12FalseStart, SSLHandshakeDetails::kTLS12Resume},
5686
5687 // TLS 1.3 supports full handshakes, resumption, and 0-RTT.
5688 {false /* no ALPN */, false /* no early data */,
5689 SSL_PROTOCOL_VERSION_TLS1_3, SSLHandshakeDetails::kTLS13Full,
5690 SSLHandshakeDetails::kTLS13Resume},
5691 {false /* no ALPN */, true /* early data */, SSL_PROTOCOL_VERSION_TLS1_3,
5692 SSLHandshakeDetails::kTLS13Full, SSLHandshakeDetails::kTLS13Early},
5693 };
5694
5695 class SSLHandshakeDetailsTest
5696 : public SSLClientSocketTest,
5697 public ::testing::WithParamInterface<SSLHandshakeDetailsParams> {};
5698
5699 INSTANTIATE_TEST_SUITE_P(All,
5700 SSLHandshakeDetailsTest,
5701 ValuesIn(kSSLHandshakeDetailsParams));
5702
TEST_P(SSLHandshakeDetailsTest,Metrics)5703 TEST_P(SSLHandshakeDetailsTest, Metrics) {
5704 // Enable all test features in the server.
5705 SSLServerConfig server_config;
5706 server_config.early_data_enabled = true;
5707 server_config.alpn_protos = {kProtoHTTP11};
5708 ASSERT_TRUE(
5709 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5710
5711 SSLContextConfig client_context_config;
5712 client_context_config.version_min = GetParam().version;
5713 client_context_config.version_max = GetParam().version;
5714 ssl_config_service_->UpdateSSLConfigAndNotify(client_context_config);
5715
5716 SSLConfig client_config;
5717 client_config.version_min_override = GetParam().version;
5718 client_config.version_max_override = GetParam().version;
5719 client_config.early_data_enabled = GetParam().early_data;
5720 if (GetParam().alpn) {
5721 client_config.alpn_protos = {kProtoHTTP11};
5722 }
5723
5724 SSLVersion version;
5725 switch (GetParam().version) {
5726 case SSL_PROTOCOL_VERSION_TLS1_2:
5727 version = SSL_CONNECTION_VERSION_TLS1_2;
5728 break;
5729 case SSL_PROTOCOL_VERSION_TLS1_3:
5730 version = SSL_CONNECTION_VERSION_TLS1_3;
5731 break;
5732 default:
5733 FAIL() << GetParam().version;
5734 }
5735
5736 // Make the initial connection.
5737 {
5738 base::HistogramTester histograms;
5739 int rv;
5740 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5741 EXPECT_THAT(rv, IsOk());
5742
5743 // Sanity-check the socket matches the test parameters.
5744 SSLInfo info;
5745 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5746 EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status));
5747 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
5748
5749 histograms.ExpectUniqueSample("Net.SSLHandshakeDetails",
5750 GetParam().expected_initial, 1);
5751
5752 // TLS 1.2 with False Start and TLS 1.3 cause the ticket to arrive later, so
5753 // use the socket to ensure the session ticket has been picked up.
5754 EXPECT_THAT(MakeHTTPRequest(sock_.get()), IsOk());
5755 }
5756
5757 // Make a resumption connection.
5758 {
5759 base::HistogramTester histograms;
5760 int rv;
5761 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
5762 EXPECT_THAT(rv, IsOk());
5763
5764 // Sanity-check the socket matches the test parameters.
5765 SSLInfo info;
5766 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5767 EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status));
5768 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, info.handshake_type);
5769
5770 histograms.ExpectUniqueSample("Net.SSLHandshakeDetails",
5771 GetParam().expected_resume, 1);
5772 }
5773 }
5774
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonNewSession)5775 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonNewSession) {
5776 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5777
5778 ASSERT_TRUE(StartServer());
5779 base::HistogramTester histograms;
5780 ASSERT_TRUE(RunInitialConnection());
5781 histograms.ExpectUniqueSample(kReasonHistogram,
5782 ssl_early_data_no_session_offered, 1);
5783 }
5784
5785 // Test 0-RTT logging when the server declines to resume a connection.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonNoResume)5786 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonNoResume) {
5787 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5788
5789 ASSERT_TRUE(StartServer());
5790 ASSERT_TRUE(RunInitialConnection());
5791
5792 SSLServerConfig server_config;
5793 server_config.early_data_enabled = false;
5794 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5795
5796 SetServerConfig(server_config);
5797
5798 base::HistogramTester histograms;
5799
5800 // 0-RTT Connection
5801 FakeBlockingStreamSocket* socket = MakeClient(true);
5802 socket->BlockReadResult();
5803 ASSERT_THAT(Connect(), IsOk());
5804 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5805 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5806 socket->UnblockReadResult();
5807
5808 // Expect early data to be rejected.
5809 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5810 int rv = ReadAndWait(buf.get(), 4096);
5811 EXPECT_EQ(ERR_EARLY_DATA_REJECTED, rv);
5812
5813 // The histogram may be record asynchronously.
5814 base::RunLoop().RunUntilIdle();
5815 histograms.ExpectUniqueSample(kReasonHistogram,
5816 ssl_early_data_session_not_resumed, 1);
5817 }
5818
5819 // Test 0-RTT logging in the standard ConfirmHandshake-after-acceptance case.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonZeroRTT)5820 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonZeroRTT) {
5821 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5822
5823 ASSERT_TRUE(StartServer());
5824 ASSERT_TRUE(RunInitialConnection());
5825
5826 // 0-RTT Connection
5827 base::HistogramTester histograms;
5828 MakeClient(true);
5829 ASSERT_THAT(Connect(), IsOk());
5830 TestCompletionCallback callback;
5831 ASSERT_THAT(
5832 callback.GetResult(ssl_socket()->ConfirmHandshake(callback.callback())),
5833 IsOk());
5834
5835 base::RunLoop().RunUntilIdle();
5836
5837 histograms.ExpectUniqueSample(kReasonHistogram, ssl_early_data_accepted, 1);
5838 }
5839
5840 // Check that we're correctly logging 0-rtt success when the handshake
5841 // concludes during a Read.
TEST_F(SSLClientSocketZeroRTTTest,EarlyDataReasonReadServerHello)5842 TEST_F(SSLClientSocketZeroRTTTest, EarlyDataReasonReadServerHello) {
5843 const char kReasonHistogram[] = "Net.SSLHandshakeEarlyDataReason";
5844 ASSERT_TRUE(StartServer());
5845 ASSERT_TRUE(RunInitialConnection());
5846
5847 // 0-RTT Connection
5848 base::HistogramTester histograms;
5849 MakeClient(true);
5850 ASSERT_THAT(Connect(), IsOk());
5851 constexpr std::string_view kRequest = "GET /zerortt HTTP/1.0\r\n\r\n";
5852 EXPECT_EQ(static_cast<int>(kRequest.size()), WriteAndWait(kRequest));
5853
5854 auto buf = base::MakeRefCounted<IOBufferWithSize>(4096);
5855 int size = ReadAndWait(buf.get(), 4096);
5856 EXPECT_GT(size, 0);
5857 EXPECT_EQ('1', buf->data()[size - 1]);
5858
5859 // 0-RTT metrics are logged on a PostTask, so if Read returns synchronously,
5860 // it is possible the metrics haven't been picked up yet.
5861 base::RunLoop().RunUntilIdle();
5862
5863 SSLInfo ssl_info;
5864 ASSERT_TRUE(GetSSLInfo(&ssl_info));
5865 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
5866
5867 histograms.ExpectUniqueSample(kReasonHistogram, ssl_early_data_accepted, 1);
5868 }
5869
TEST_F(SSLClientSocketTest,VersionMaxOverride)5870 TEST_F(SSLClientSocketTest, VersionMaxOverride) {
5871 SSLServerConfig server_config;
5872 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
5873 ASSERT_TRUE(
5874 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5875
5876 // Connecting normally uses the global configuration.
5877 SSLConfig config;
5878 int rv;
5879 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5880 EXPECT_THAT(rv, IsOk());
5881 SSLInfo info;
5882 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5883 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
5884 SSLConnectionStatusToVersion(info.connection_status));
5885
5886 // Individual sockets may override the maximum version.
5887 config.version_max_override = SSL_PROTOCOL_VERSION_TLS1_2;
5888 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5889 EXPECT_THAT(rv, IsOk());
5890 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5891 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
5892 SSLConnectionStatusToVersion(info.connection_status));
5893 }
5894
TEST_F(SSLClientSocketTest,VersionMinOverride)5895 TEST_F(SSLClientSocketTest, VersionMinOverride) {
5896 SSLServerConfig server_config;
5897 server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
5898 ASSERT_TRUE(
5899 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
5900
5901 // Connecting normally uses the global configuration.
5902 SSLConfig config;
5903 int rv;
5904 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5905 EXPECT_THAT(rv, IsOk());
5906 SSLInfo info;
5907 ASSERT_TRUE(sock_->GetSSLInfo(&info));
5908 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
5909 SSLConnectionStatusToVersion(info.connection_status));
5910
5911 // Individual sockets may also override the minimum version.
5912 config.version_min_override = SSL_PROTOCOL_VERSION_TLS1_3;
5913 config.version_max_override = SSL_PROTOCOL_VERSION_TLS1_3;
5914 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv));
5915 EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
5916 }
5917
5918 // Basic test of CancelReadIfReady works.
TEST_F(SSLClientSocketTest,CancelReadIfReady)5919 TEST_F(SSLClientSocketTest, CancelReadIfReady) {
5920 ASSERT_TRUE(
5921 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, SSLServerConfig()));
5922
5923 // Connect with a FakeBlockingStreamSocket.
5924 auto real_transport = std::make_unique<TCPClientSocket>(
5925 addr(), nullptr, nullptr, nullptr, NetLogSource());
5926 auto transport =
5927 std::make_unique<FakeBlockingStreamSocket>(std::move(real_transport));
5928 FakeBlockingStreamSocket* raw_transport = transport.get();
5929 TestCompletionCallback callback;
5930 ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())),
5931 IsOk());
5932
5933 // Complete the handshake. Disable the post-handshake peek so that, after the
5934 // handshake, there are no pending reads on the transport.
5935 SSLConfig config;
5936 config.disable_post_handshake_peek_for_testing = true;
5937 auto sock =
5938 CreateSSLClientSocket(std::move(transport), host_port_pair(), config);
5939 ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), IsOk());
5940
5941 // Block the socket and wait for some data to arrive from the server.
5942 raw_transport->BlockReadResult();
5943 auto write_buf =
5944 base::MakeRefCounted<StringIOBuffer>("GET / HTTP/1.0\r\n\r\n");
5945 ASSERT_EQ(callback.GetResult(sock->Write(write_buf.get(), write_buf->size(),
5946 callback.callback(),
5947 TRAFFIC_ANNOTATION_FOR_TESTS)),
5948 write_buf->size());
5949
5950 // ReadIfReady() should not read anything because the socket is blocked.
5951 bool callback_called = false;
5952 auto read_buf = base::MakeRefCounted<IOBufferWithSize>(100);
5953 int rv = sock->ReadIfReady(
5954 read_buf.get(), 100,
5955 base::BindLambdaForTesting([&](int rv) { callback_called = true; }));
5956 ASSERT_THAT(rv, IsError(ERR_IO_PENDING));
5957
5958 // Cancel ReadIfReady() and unblock the socket.
5959 ASSERT_THAT(sock->CancelReadIfReady(), IsOk());
5960 raw_transport->WaitForReadResult();
5961 raw_transport->UnblockReadResult();
5962 base::RunLoop().RunUntilIdle();
5963
5964 // Although data is now available, the callback should not have been called.
5965 EXPECT_FALSE(callback_called);
5966
5967 // Future reads on the socket should still work. The data should be
5968 // synchronously available.
5969 EXPECT_GT(
5970 callback.GetResult(sock->Read(read_buf.get(), 100, callback.callback())),
5971 0);
5972 }
5973
5974 // Test that the server_name extension (SNI) is sent on DNS names, and not IP
5975 // literals.
TEST_F(SSLClientSocketTest,ServerName)5976 TEST_F(SSLClientSocketTest, ServerName) {
5977 std::optional<std::string> got_server_name;
5978 bool ran_callback = false;
5979 auto reset_callback_state = [&] {
5980 got_server_name = std::nullopt;
5981 ran_callback = false;
5982 };
5983
5984 // Start a server which records the server name.
5985 SSLServerConfig server_config;
5986 server_config.client_hello_callback_for_testing =
5987 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
5988 const char* server_name =
5989 SSL_get_servername(client_hello->ssl, TLSEXT_NAMETYPE_host_name);
5990 if (server_name) {
5991 got_server_name = server_name;
5992 } else {
5993 got_server_name = std::nullopt;
5994 }
5995 ran_callback = true;
5996 return true;
5997 });
5998 ASSERT_TRUE(
5999 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
6000
6001 // The client should send the server_name extension for DNS names.
6002 uint16_t port = host_port_pair().port();
6003 int rv;
6004 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
6005 SSLConfig(), HostPortPair("example.com", port), &rv));
6006 ASSERT_THAT(rv, IsOk());
6007 EXPECT_TRUE(ran_callback);
6008 EXPECT_EQ(got_server_name, "example.com");
6009
6010 // The client should not send the server_name extension for IPv4 and IPv6
6011 // literals. See https://crbug.com/500981.
6012 reset_callback_state();
6013 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
6014 SSLConfig(), HostPortPair("1.2.3.4", port), &rv));
6015 ASSERT_THAT(rv, IsOk());
6016 EXPECT_TRUE(ran_callback);
6017 EXPECT_EQ(got_server_name, std::nullopt);
6018
6019 reset_callback_state();
6020 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
6021 SSLConfig(), HostPortPair("::1", port), &rv));
6022 ASSERT_THAT(rv, IsOk());
6023 EXPECT_TRUE(ran_callback);
6024 EXPECT_EQ(got_server_name, std::nullopt);
6025
6026 reset_callback_state();
6027 ASSERT_TRUE(CreateAndConnectSSLClientSocketWithHost(
6028 SSLConfig(), HostPortPair("2001:db8::42", port), &rv));
6029 ASSERT_THAT(rv, IsOk());
6030 EXPECT_TRUE(ran_callback);
6031 EXPECT_EQ(got_server_name, std::nullopt);
6032 }
6033
6034 class SSLClientSocketAlpsTest
6035 : public SSLClientSocketTest,
6036 public ::testing::WithParamInterface<std::tuple<bool, bool, bool>> {
6037 public:
SSLClientSocketAlpsTest()6038 SSLClientSocketAlpsTest() {
6039 if (client_use_new_alps()) {
6040 feature_list_.InitAndEnableFeature(features::kUseNewAlpsCodepointHttp2);
6041 } else {
6042 feature_list_.InitAndDisableFeature(features::kUseNewAlpsCodepointHttp2);
6043 }
6044 }
6045
client_alps_enabled() const6046 bool client_alps_enabled() const { return std::get<0>(GetParam()); }
server_alps_enabled() const6047 bool server_alps_enabled() const { return std::get<1>(GetParam()); }
client_use_new_alps() const6048 bool client_use_new_alps() const { return std::get<2>(GetParam()); }
6049
6050 private:
6051 base::test::ScopedFeatureList feature_list_;
6052 };
6053
6054 INSTANTIATE_TEST_SUITE_P(All,
6055 SSLClientSocketAlpsTest,
6056 Combine(Bool(), Bool(), Bool()));
6057
TEST_P(SSLClientSocketAlpsTest,Alps)6058 TEST_P(SSLClientSocketAlpsTest, Alps) {
6059 const std::string server_data = "server sends some test data";
6060 const std::string client_data = "client also sends some data";
6061
6062 SSLServerConfig server_config;
6063 server_config.alpn_protos = {kProtoHTTP2};
6064 if (server_alps_enabled()) {
6065 server_config.application_settings[kProtoHTTP2] =
6066 std::vector<uint8_t>(server_data.begin(), server_data.end());
6067 }
6068 // Configure the server to support whichever ALPS codepoint the client sent.
6069 server_config.client_hello_callback_for_testing =
6070 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
6071 const uint8_t* unused_extension_bytes;
6072 size_t unused_extension_len;
6073 int use_alps_new_codepoint = SSL_early_callback_ctx_extension_get(
6074 client_hello, TLSEXT_TYPE_application_settings,
6075 &unused_extension_bytes, &unused_extension_len);
6076 SSL_set_alps_use_new_codepoint(client_hello->ssl,
6077 use_alps_new_codepoint);
6078 return true;
6079 });
6080
6081 ASSERT_TRUE(
6082 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
6083
6084 SSLConfig client_config;
6085 client_config.alpn_protos = {kProtoHTTP2};
6086 if (client_alps_enabled()) {
6087 client_config.application_settings[kProtoHTTP2] =
6088 std::vector<uint8_t>(client_data.begin(), client_data.end());
6089 }
6090
6091 int rv;
6092 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
6093 EXPECT_THAT(rv, IsOk());
6094
6095 SSLInfo info;
6096 ASSERT_TRUE(sock_->GetSSLInfo(&info));
6097 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
6098 SSLConnectionStatusToVersion(info.connection_status));
6099 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type);
6100
6101 EXPECT_EQ(kProtoHTTP2, sock_->GetNegotiatedProtocol());
6102
6103 // ALPS is negotiated only if ALPS is enabled both on client and server.
6104 const auto alps_data_received_by_client = sock_->GetPeerApplicationSettings();
6105
6106 if (client_alps_enabled() && server_alps_enabled()) {
6107 ASSERT_TRUE(alps_data_received_by_client.has_value());
6108 EXPECT_EQ(server_data, alps_data_received_by_client.value());
6109 } else {
6110 EXPECT_FALSE(alps_data_received_by_client.has_value());
6111 }
6112 }
6113
6114 // Test that unused protocols in `application_settings` are ignored.
TEST_P(SSLClientSocketAlpsTest,UnusedProtocols)6115 TEST_P(SSLClientSocketAlpsTest, UnusedProtocols) {
6116 if (!client_alps_enabled() || !server_alps_enabled()) {
6117 return;
6118 }
6119
6120 SSLConfig client_config;
6121 client_config.alpn_protos = {kProtoHTTP2};
6122 client_config.application_settings[kProtoHTTP2] = {};
6123 client_config.application_settings[kProtoHTTP11] = {};
6124
6125 // Configure the server to check the ClientHello is as we expected.
6126 SSLServerConfig server_config;
6127 server_config.client_hello_callback_for_testing =
6128 base::BindLambdaForTesting([&](const SSL_CLIENT_HELLO* client_hello) {
6129 const uint8_t* data;
6130 size_t len;
6131 if (!SSL_early_callback_ctx_extension_get(
6132 client_hello,
6133 client_use_new_alps() ? TLSEXT_TYPE_application_settings
6134 : TLSEXT_TYPE_application_settings_old,
6135 &data, &len)) {
6136 return false;
6137 }
6138 // The client should only have sent "h2" in the extension. Note there
6139 // are two length prefixes. A two-byte length prefix (0x0003) followed
6140 // by a one-byte length prefix (0x02). See
6141 // https://www.ietf.org/archive/id/draft-vvv-tls-alps-01.html#section-4
6142 EXPECT_EQ(std::vector<uint8_t>(data, data + len),
6143 std::vector<uint8_t>({0x00, 0x03, 0x02, 'h', '2'}));
6144 return true;
6145 });
6146 ASSERT_TRUE(
6147 StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config));
6148
6149 int rv;
6150 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
6151 EXPECT_THAT(rv, IsOk());
6152 }
6153
6154 } // namespace net
6155