1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/quic_client_session.h"
9 #include "base/base64.h"
10 #include "base/files/file_path.h"
11 #include "base/rand_util.h"
12 #include "net/base/test_completion_callback.h"
13 #include "net/base/test_data_directory.h"
14 #include "net/cert/cert_verify_result.h"
15 #include "net/http/transport_security_state.h"
16 #include "net/log/capturing_net_log.h"
17 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
18 #include "net/quic/crypto/crypto_protocol.h"
19 #include "net/quic/crypto/proof_verifier_chromium.h"
20 #include "net/quic/crypto/quic_decrypter.h"
21 #include "net/quic/crypto/quic_encrypter.h"
22 #include "net/quic/crypto/quic_server_info.h"
23 #include "net/quic/test_tools/crypto_test_utils.h"
24 #include "net/quic/test_tools/quic_client_session_peer.h"
25 #include "net/quic/test_tools/quic_test_utils.h"
26 #include "net/quic/test_tools/simple_quic_framer.h"
27 #include "net/socket/socket_test_util.h"
28 #include "net/spdy/spdy_test_utils.h"
29 #include "net/test/cert_test_util.h"
30 #include "net/udp/datagram_client_socket.h"
38 const char kServerHostname
[] = "www.example.org";
39 const uint16 kServerPort
= 80;
41 class QuicClientSessionTest
: public ::testing::TestWithParam
<QuicVersion
> {
43 QuicClientSessionTest()
44 : connection_(new PacketSavingConnection(Perspective::IS_CLIENT
,
45 SupportedVersions(GetParam()))),
49 &transport_security_state_
,
50 make_scoped_ptr((QuicServerInfo
*)nullptr),
53 base::TimeTicks::Now(),
54 base::MessageLoop::current()->message_loop_proxy().get(),
56 session_
.InitializeSession(QuicServerId(kServerHostname
, kServerPort
,
58 PRIVACY_MODE_DISABLED
),
59 &crypto_config_
, nullptr);
60 // Advance the time, because timers do not like uninitialized times.
61 connection_
->AdvanceTime(QuicTime::Delta::FromSeconds(1));
64 void TearDown() override
{
65 session_
.CloseSessionOnError(ERR_ABORTED
, QUIC_INTERNAL_ERROR
);
68 scoped_ptr
<DatagramClientSocket
> GetSocket() {
69 socket_factory_
.AddSocketDataProvider(&socket_data_
);
70 return socket_factory_
.CreateDatagramClientSocket(
71 DatagramSocket::DEFAULT_BIND
, base::Bind(&base::RandInt
),
72 &net_log_
, NetLog::Source());
75 void CompleteCryptoHandshake() {
76 ASSERT_EQ(ERR_IO_PENDING
,
77 session_
.CryptoConnect(false, callback_
.callback()));
78 CryptoTestUtils::HandshakeWithFakeServer(
79 connection_
, session_
.GetCryptoStream());
80 ASSERT_EQ(OK
, callback_
.WaitForResult());
83 PacketSavingConnection
* connection_
;
84 CapturingNetLog net_log_
;
85 MockClientSocketFactory socket_factory_
;
86 StaticSocketDataProvider socket_data_
;
87 TransportSecurityState transport_security_state_
;
88 QuicClientSession session_
;
91 QuicConnectionVisitorInterface
* visitor_
;
92 TestCompletionCallback callback_
;
93 QuicCryptoClientConfig crypto_config_
;
96 INSTANTIATE_TEST_CASE_P(Tests
, QuicClientSessionTest
,
97 ::testing::ValuesIn(QuicSupportedVersions()));
99 TEST_P(QuicClientSessionTest
, CryptoConnect
) {
100 CompleteCryptoHandshake();
103 TEST_P(QuicClientSessionTest
, MaxNumStreams
) {
104 CompleteCryptoHandshake();
106 std::vector
<QuicReliableClientStream
*> streams
;
107 for (size_t i
= 0; i
< kDefaultMaxStreamsPerConnection
; i
++) {
108 QuicReliableClientStream
* stream
= session_
.CreateOutgoingDataStream();
110 streams
.push_back(stream
);
112 EXPECT_FALSE(session_
.CreateOutgoingDataStream());
114 // Close a stream and ensure I can now open a new one.
115 session_
.CloseStream(streams
[0]->id());
116 EXPECT_TRUE(session_
.CreateOutgoingDataStream());
119 TEST_P(QuicClientSessionTest
, MaxNumStreamsViaRequest
) {
120 CompleteCryptoHandshake();
122 std::vector
<QuicReliableClientStream
*> streams
;
123 for (size_t i
= 0; i
< kDefaultMaxStreamsPerConnection
; i
++) {
124 QuicReliableClientStream
* stream
= session_
.CreateOutgoingDataStream();
126 streams
.push_back(stream
);
129 QuicReliableClientStream
* stream
;
130 QuicClientSession::StreamRequest stream_request
;
131 TestCompletionCallback callback
;
132 ASSERT_EQ(ERR_IO_PENDING
,
133 stream_request
.StartRequest(session_
.GetWeakPtr(), &stream
,
134 callback
.callback()));
136 // Close a stream and ensure I can now open a new one.
137 session_
.CloseStream(streams
[0]->id());
138 ASSERT_TRUE(callback
.have_result());
139 EXPECT_EQ(OK
, callback
.WaitForResult());
140 EXPECT_TRUE(stream
!= nullptr);
143 TEST_P(QuicClientSessionTest
, GoAwayReceived
) {
144 CompleteCryptoHandshake();
146 // After receiving a GoAway, I should no longer be able to create outgoing
148 session_
.OnGoAway(QuicGoAwayFrame(QUIC_PEER_GOING_AWAY
, 1u, "Going away."));
149 EXPECT_EQ(nullptr, session_
.CreateOutgoingDataStream());
152 TEST_P(QuicClientSessionTest
, CanPool
) {
153 // Load a cert that is valid for:
158 ProofVerifyDetailsChromium details
;
159 details
.cert_verify_result
.verified_cert
=
160 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
161 ASSERT_TRUE(details
.cert_verify_result
.verified_cert
.get());
163 session_
.OnProofVerifyDetailsAvailable(details
);
164 CompleteCryptoHandshake();
166 EXPECT_TRUE(session_
.CanPool("www.example.org", PRIVACY_MODE_DISABLED
));
167 EXPECT_FALSE(session_
.CanPool("www.example.org", PRIVACY_MODE_ENABLED
));
168 EXPECT_TRUE(session_
.CanPool("mail.example.org", PRIVACY_MODE_DISABLED
));
169 EXPECT_TRUE(session_
.CanPool("mail.example.com", PRIVACY_MODE_DISABLED
));
170 EXPECT_FALSE(session_
.CanPool("mail.google.com", PRIVACY_MODE_DISABLED
));
173 TEST_P(QuicClientSessionTest
, ConnectionPooledWithTlsChannelId
) {
174 // Load a cert that is valid for:
179 ProofVerifyDetailsChromium details
;
180 details
.cert_verify_result
.verified_cert
=
181 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
182 ASSERT_TRUE(details
.cert_verify_result
.verified_cert
.get());
184 session_
.OnProofVerifyDetailsAvailable(details
);
185 CompleteCryptoHandshake();
186 QuicClientSessionPeer::SetChannelIDSent(&session_
, true);
188 EXPECT_TRUE(session_
.CanPool("www.example.org", PRIVACY_MODE_DISABLED
));
189 EXPECT_TRUE(session_
.CanPool("mail.example.org", PRIVACY_MODE_DISABLED
));
190 EXPECT_FALSE(session_
.CanPool("mail.example.com", PRIVACY_MODE_DISABLED
));
191 EXPECT_FALSE(session_
.CanPool("mail.google.com", PRIVACY_MODE_DISABLED
));
194 TEST_P(QuicClientSessionTest
, ConnectionNotPooledWithDifferentPin
) {
195 uint8 primary_pin
= 1;
196 uint8 backup_pin
= 2;
198 AddPin(&transport_security_state_
, "mail.example.org", primary_pin
,
201 ProofVerifyDetailsChromium details
;
202 details
.cert_verify_result
.verified_cert
=
203 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
204 details
.cert_verify_result
.is_issued_by_known_root
= true;
205 details
.cert_verify_result
.public_key_hashes
.push_back(
206 GetTestHashValue(bad_pin
));
208 ASSERT_TRUE(details
.cert_verify_result
.verified_cert
.get());
210 session_
.OnProofVerifyDetailsAvailable(details
);
211 CompleteCryptoHandshake();
212 QuicClientSessionPeer::SetChannelIDSent(&session_
, true);
214 EXPECT_FALSE(session_
.CanPool("mail.example.org", PRIVACY_MODE_DISABLED
));
217 TEST_P(QuicClientSessionTest
, ConnectionPooledWithMatchingPin
) {
218 uint8 primary_pin
= 1;
219 uint8 backup_pin
= 2;
220 AddPin(&transport_security_state_
, "mail.example.org", primary_pin
,
223 ProofVerifyDetailsChromium details
;
224 details
.cert_verify_result
.verified_cert
=
225 ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem");
226 details
.cert_verify_result
.is_issued_by_known_root
= true;
227 details
.cert_verify_result
.public_key_hashes
.push_back(
228 GetTestHashValue(primary_pin
));
230 ASSERT_TRUE(details
.cert_verify_result
.verified_cert
.get());
232 session_
.OnProofVerifyDetailsAvailable(details
);
233 CompleteCryptoHandshake();
234 QuicClientSessionPeer::SetChannelIDSent(&session_
, true);
236 EXPECT_TRUE(session_
.CanPool("mail.example.org", PRIVACY_MODE_DISABLED
));