1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/memory/ref_counted.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/memory/scoped_vector.h"
10 #include "net/base/net_util.h"
11 #include "net/base/request_priority.h"
12 #include "net/dns/mock_host_resolver.h"
13 #include "net/http/http_auth_handler_mock.h"
14 #include "net/http/http_network_session.h"
15 #include "net/http/http_network_transaction.h"
16 #include "net/http/http_request_info.h"
17 #include "net/http/http_server_properties_impl.h"
18 #include "net/http/transport_security_state.h"
19 #include "net/proxy/proxy_service.h"
20 #include "net/socket/socket_test_util.h"
21 #include "testing/gtest/include/gtest/gtest.h"
27 class TLS10SSLConfigService
: public SSLConfigService
{
29 TLS10SSLConfigService() {
30 ssl_config_
.version_min
= SSL_PROTOCOL_VERSION_TLS1
;
31 ssl_config_
.version_max
= SSL_PROTOCOL_VERSION_TLS1
;
34 void GetSSLConfig(SSLConfig
* config
) override
{ *config
= ssl_config_
; }
37 ~TLS10SSLConfigService() override
{}
39 SSLConfig ssl_config_
;
42 class TLS12SSLConfigService
: public SSLConfigService
{
44 TLS12SSLConfigService() {
45 ssl_config_
.version_min
= SSL_PROTOCOL_VERSION_TLS1
;
46 ssl_config_
.version_max
= SSL_PROTOCOL_VERSION_TLS1_2
;
49 void GetSSLConfig(SSLConfig
* config
) override
{ *config
= ssl_config_
; }
52 ~TLS12SSLConfigService() override
{}
54 SSLConfig ssl_config_
;
59 class HttpNetworkTransactionSSLTest
: public testing::Test
{
61 void SetUp() override
{
62 ssl_config_service_
= new TLS10SSLConfigService
;
63 session_params_
.ssl_config_service
= ssl_config_service_
.get();
65 auth_handler_factory_
.reset(new HttpAuthHandlerMock::Factory());
66 session_params_
.http_auth_handler_factory
= auth_handler_factory_
.get();
68 proxy_service_
= ProxyService::CreateDirect();
69 session_params_
.proxy_service
= proxy_service_
.get();
71 session_params_
.client_socket_factory
= &mock_socket_factory_
;
72 session_params_
.host_resolver
= &mock_resolver_
;
73 session_params_
.http_server_properties
=
74 http_server_properties_
.GetWeakPtr();
75 session_params_
.transport_security_state
= &transport_security_state_
;
78 HttpRequestInfo
* GetRequestInfo(const std::string
& url
) {
79 HttpRequestInfo
* request_info
= new HttpRequestInfo
;
80 request_info
->url
= GURL(url
);
81 request_info
->method
= "GET";
82 request_info_vector_
.push_back(request_info
);
86 SSLConfig
& GetServerSSLConfig(HttpNetworkTransaction
* trans
) {
87 return trans
->server_ssl_config_
;
90 scoped_refptr
<SSLConfigService
> ssl_config_service_
;
91 scoped_ptr
<HttpAuthHandlerMock::Factory
> auth_handler_factory_
;
92 scoped_ptr
<ProxyService
> proxy_service_
;
94 MockClientSocketFactory mock_socket_factory_
;
95 MockHostResolver mock_resolver_
;
96 HttpServerPropertiesImpl http_server_properties_
;
97 TransportSecurityState transport_security_state_
;
98 HttpNetworkSession::Params session_params_
;
99 ScopedVector
<HttpRequestInfo
> request_info_vector_
;
102 // Tests that HttpNetworkTransaction attempts to fallback from
103 // TLS 1.2 to TLS 1.1, then from TLS 1.1 to TLS 1.0.
104 TEST_F(HttpNetworkTransactionSSLTest
, SSLFallback
) {
105 ssl_config_service_
= new TLS12SSLConfigService
;
106 session_params_
.ssl_config_service
= ssl_config_service_
.get();
107 // |ssl_data1| is for the first handshake (TLS 1.2), which will fail
108 // for protocol reasons (e.g., simulating a version rollback attack).
109 SSLSocketDataProvider
ssl_data1(ASYNC
, ERR_SSL_PROTOCOL_ERROR
);
110 mock_socket_factory_
.AddSSLSocketDataProvider(&ssl_data1
);
111 StaticSocketDataProvider
data1(NULL
, 0, NULL
, 0);
112 mock_socket_factory_
.AddSocketDataProvider(&data1
);
114 // |ssl_data2| contains the handshake result for a TLS 1.1
115 // handshake which will be attempted after the TLS 1.2
117 SSLSocketDataProvider
ssl_data2(ASYNC
, ERR_SSL_PROTOCOL_ERROR
);
118 mock_socket_factory_
.AddSSLSocketDataProvider(&ssl_data2
);
119 StaticSocketDataProvider
data2(NULL
, 0, NULL
, 0);
120 mock_socket_factory_
.AddSocketDataProvider(&data2
);
122 // |ssl_data3| contains the handshake result for a TLS 1.0
123 // handshake which will be attempted after the TLS 1.1
125 SSLSocketDataProvider
ssl_data3(ASYNC
, ERR_SSL_PROTOCOL_ERROR
);
126 mock_socket_factory_
.AddSSLSocketDataProvider(&ssl_data3
);
127 StaticSocketDataProvider
data3(NULL
, 0, NULL
, 0);
128 mock_socket_factory_
.AddSocketDataProvider(&data3
);
130 scoped_refptr
<HttpNetworkSession
> session(
131 new HttpNetworkSession(session_params_
));
132 scoped_ptr
<HttpNetworkTransaction
> trans(
133 new HttpNetworkTransaction(DEFAULT_PRIORITY
, session
.get()));
135 TestCompletionCallback callback
;
136 // This will consume |ssl_data1|, |ssl_data2| and |ssl_data3|.
137 int rv
= callback
.GetResult(
138 trans
->Start(GetRequestInfo("https://www.paypal.com/"),
139 callback
.callback(), BoundNetLog()));
140 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR
, rv
);
142 SocketDataProviderArray
<SocketDataProvider
>& mock_data
=
143 mock_socket_factory_
.mock_data();
144 // Confirms that |ssl_data1|, |ssl_data2| and |ssl_data3| are consumed.
145 EXPECT_EQ(3u, mock_data
.next_index());
147 SSLConfig
& ssl_config
= GetServerSSLConfig(trans
.get());
148 // |version_max| fallbacks to TLS 1.0.
149 EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1
, ssl_config
.version_max
);
150 EXPECT_TRUE(ssl_config
.version_fallback
);