search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / net / quic / crypto / quic_crypto_server_config_test.cc
blob4b0aa5a572264a122aa8d27b37d2389104cfd5d5
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/quic_crypto_server_config.h"
6
7 #include <stdarg.h>
8
9 #include "base/stl_util.h"
10 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
11 #include "net/quic/crypto/crypto_handshake_message.h"
12 #include "net/quic/crypto/crypto_secret_boxer.h"
13 #include "net/quic/crypto/crypto_server_config_protobuf.h"
14 #include "net/quic/crypto/quic_random.h"
15 #include "net/quic/crypto/strike_register_client.h"
16 #include "net/quic/quic_flags.h"
17 #include "net/quic/quic_time.h"
18 #include "net/quic/test_tools/mock_clock.h"
19 #include "net/quic/test_tools/quic_test_utils.h"
20 #include "testing/gmock/include/gmock/gmock.h"
21 #include "testing/gtest/include/gtest/gtest.h"
22
23 using base::StringPiece;
24 using std::map;
25 using std::pair;
26 using std::string;
27 using std::vector;
28
29 namespace net {
30 namespace test {
31
32 class QuicCryptoServerConfigPeer {
33 public:
34 explicit QuicCryptoServerConfigPeer(QuicCryptoServerConfig* server_config)
35 : server_config_(server_config) {}
36
37 scoped_refptr<QuicCryptoServerConfig::Config> GetConfig(string config_id) {
38 base::AutoLock locked(server_config_->configs_lock_);
39 if (config_id == "<primary>") {
40 return scoped_refptr<QuicCryptoServerConfig::Config>(
41 server_config_->primary_config_);
42 } else {
43 return server_config_->GetConfigWithScid(config_id);
44 }
45 }
46
47 string NewSourceAddressToken(string config_id,
48 SourceAddressTokens previous_tokens,
49 const IPAddressNumber& ip,
50 QuicRandom* rand,
51 QuicWallTime now,
52 CachedNetworkParameters* cached_network_params) {
53 return server_config_->NewSourceAddressToken(*GetConfig(config_id),
54 previous_tokens, ip, rand, now,
55 cached_network_params);
56 }
57
58 HandshakeFailureReason ValidateSourceAddressTokens(
59 string config_id,
60 StringPiece srct,
61 const IPAddressNumber& ip,
62 QuicWallTime now,
63 CachedNetworkParameters* cached_network_params) {
64 SourceAddressTokens tokens;
65 HandshakeFailureReason reason = server_config_->ParseSourceAddressToken(
66 *GetConfig(config_id), srct, &tokens);
67 if (reason != HANDSHAKE_OK) {
68 return reason;
69 }
70
71 return server_config_->ValidateSourceAddressTokens(tokens, ip, now,
72 cached_network_params);
73 }
74
75 string NewServerNonce(QuicRandom* rand, QuicWallTime now) const {
76 return server_config_->NewServerNonce(rand, now);
77 }
78
79 HandshakeFailureReason ValidateServerNonce(StringPiece token,
80 QuicWallTime now) {
81 return server_config_->ValidateServerNonce(token, now);
82 }
83
84 base::Lock* GetStrikeRegisterClientLock() {
85 return &server_config_->strike_register_client_lock_;
86 }
87
88 // CheckConfigs compares the state of the Configs in |server_config_| to the
89 // description given as arguments. The arguments are given as
90 // nullptr-terminated pairs. The first of each pair is the server config ID of
91 // a Config. The second is a boolean describing whether the config is the
92 // primary. For example:
93 // CheckConfigs(nullptr); // checks that no Configs are loaded.
94 //
95 // // Checks that exactly three Configs are loaded with the given IDs and
96 // // status.
97 // CheckConfigs(
98 // "id1", false,
99 // "id2", true,
100 // "id3", false,
101 // nullptr);
102 void CheckConfigs(const char* server_config_id1, ...) {
103 va_list ap;
104 va_start(ap, server_config_id1);
105
106 vector<pair<ServerConfigID, bool>> expected;
107 bool first = true;
108 for (;;) {
109 const char* server_config_id;
110 if (first) {
111 server_config_id = server_config_id1;
112 first = false;
113 } else {
114 server_config_id = va_arg(ap, const char*);
115 }
116
117 if (!server_config_id) {
118 break;
119 }
120
121 // varargs will promote the value to an int so we have to read that from
122 // the stack and cast down.
123 const bool is_primary = static_cast<bool>(va_arg(ap, int));
124 expected.push_back(std::make_pair(server_config_id, is_primary));
125 }
126
127 va_end(ap);
128
129 base::AutoLock locked(server_config_->configs_lock_);
130
131 ASSERT_EQ(expected.size(), server_config_->configs_.size())
132 << ConfigsDebug();
133
134 for (const pair<const ServerConfigID,
135 scoped_refptr<QuicCryptoServerConfig::Config>>& i :
136 server_config_->configs_) {
137 bool found = false;
138 for (pair<ServerConfigID, bool>& j : expected) {
139 if (i.first == j.first && i.second->is_primary == j.second) {
140 found = true;
141 j.first.clear();
142 break;
143 }
144 }
145
146 ASSERT_TRUE(found) << "Failed to find match for " << i.first
147 << " in configs:\n" << ConfigsDebug();
148 }
149 }
150
151 // ConfigsDebug returns a string that contains debugging information about
152 // the set of Configs loaded in |server_config_| and their status.
153 // ConfigsDebug() should be called after acquiring
154 // server_config_->configs_lock_.
155 string ConfigsDebug() {
156 if (server_config_->configs_.empty()) {
157 return "No Configs in QuicCryptoServerConfig";
158 }
159
160 string s;
161
162 for (const auto& i : server_config_->configs_) {
163 const scoped_refptr<QuicCryptoServerConfig::Config> config = i.second;
164 if (config->is_primary) {
165 s += "(primary) ";
166 } else {
167 s += " ";
168 }
169 s += config->id;
170 s += "\n";
171 }
172
173 return s;
174 }
175
176 void SelectNewPrimaryConfig(int seconds) {
177 base::AutoLock locked(server_config_->configs_lock_);
178 server_config_->SelectNewPrimaryConfig(
179 QuicWallTime::FromUNIXSeconds(seconds));
180 }
181
182 private:
183 const QuicCryptoServerConfig* server_config_;
184 };
185
186 class TestStrikeRegisterClient : public StrikeRegisterClient {
187 public:
188 explicit TestStrikeRegisterClient(QuicCryptoServerConfig* config)
189 : config_(config),
190 is_known_orbit_called_(false) {
191 }
192
193 bool IsKnownOrbit(StringPiece orbit) const override {
194 // Ensure that the strike register client lock is not held.
195 QuicCryptoServerConfigPeer peer(config_);
196 base::Lock* m = peer.GetStrikeRegisterClientLock();
197 // In Chromium, we will dead lock if the lock is held by the current thread.
198 // Chromium doesn't have AssertNotHeld API call.
199 // m->AssertNotHeld();
200 base::AutoLock lock(*m);
201
202 is_known_orbit_called_ = true;
203 return true;
204 }
205
206 void VerifyNonceIsValidAndUnique(StringPiece nonce,
207 QuicWallTime now,
208 ResultCallback* cb) override {
209 LOG(FATAL) << "Not implemented";
210 }
211
212 bool is_known_orbit_called() { return is_known_orbit_called_; }
213
214 private:
215 QuicCryptoServerConfig* config_;
216 mutable bool is_known_orbit_called_;
217 };
218
219 TEST(QuicCryptoServerConfigTest, ServerConfig) {
220 QuicRandom* rand = QuicRandom::GetInstance();
221 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand);
222 MockClock clock;
223
224 scoped_ptr<CryptoHandshakeMessage>(
225 server.AddDefaultConfig(rand, &clock,
226 QuicCryptoServerConfig::ConfigOptions()));
227 }
228
229 TEST(QuicCryptoServerConfigTest, GetOrbitIsCalledWithoutTheStrikeRegisterLock) {
230 QuicRandom* rand = QuicRandom::GetInstance();
231 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand);
232 MockClock clock;
233
234 TestStrikeRegisterClient* strike_register =
235 new TestStrikeRegisterClient(&server);
236 server.SetStrikeRegisterClient(strike_register);
237
238 QuicCryptoServerConfig::ConfigOptions options;
239 scoped_ptr<CryptoHandshakeMessage> message(
240 server.AddDefaultConfig(rand, &clock, options));
241 EXPECT_TRUE(strike_register->is_known_orbit_called());
242 }
243
244 class SourceAddressTokenTest : public ::testing::Test {
245 public:
246 SourceAddressTokenTest()
247 : ip4_(Loopback4()),
248 ip4_dual_(ConvertIPv4NumberToIPv6Number(ip4_)),
249 ip6_(Loopback6()),
250 original_time_(QuicWallTime::Zero()),
251 rand_(QuicRandom::GetInstance()),
252 server_(QuicCryptoServerConfig::TESTING, rand_),
253 peer_(&server_) {
254 // Advance the clock to some non-zero time.
255 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1000000));
256 original_time_ = clock_.WallNow();
257
258 primary_config_.reset(server_.AddDefaultConfig(
259 rand_, &clock_, QuicCryptoServerConfig::ConfigOptions()));
260
261 // Add a config that overrides the default boxer.
262 QuicCryptoServerConfig::ConfigOptions options;
263 options.id = kOverride;
264 override_config_protobuf_.reset(
265 QuicCryptoServerConfig::GenerateConfig(rand_, &clock_, options));
266 override_config_protobuf_->set_source_address_token_secret_override(
267 "a secret key");
268 // Lower priority than the default config.
269 override_config_protobuf_->set_priority(1);
270 override_config_.reset(
271 server_.AddConfig(override_config_protobuf_.get(), original_time_));
272 }
273
274 string NewSourceAddressToken(string config_id, const IPAddressNumber& ip) {
275 return NewSourceAddressToken(config_id, ip, NULL);
276 }
277
278 string NewSourceAddressToken(string config_id,
279 const IPAddressNumber& ip,
280 const SourceAddressTokens& previous_tokens) {
281 return peer_.NewSourceAddressToken(config_id, previous_tokens, ip, rand_,
282 clock_.WallNow(), NULL);
283 }
284
285 string NewSourceAddressToken(string config_id,
286 const IPAddressNumber& ip,
287 CachedNetworkParameters* cached_network_params) {
288 SourceAddressTokens previous_tokens;
289 return peer_.NewSourceAddressToken(config_id, previous_tokens, ip, rand_,
290 clock_.WallNow(), cached_network_params);
291 }
292
293 HandshakeFailureReason ValidateSourceAddressTokens(
294 string config_id,
295 StringPiece srct,
296 const IPAddressNumber& ip) {
297 return ValidateSourceAddressTokens(config_id, srct, ip, NULL);
298 }
299
300 HandshakeFailureReason ValidateSourceAddressTokens(
301 string config_id,
302 StringPiece srct,
303 const IPAddressNumber& ip,
304 CachedNetworkParameters* cached_network_params) {
305 return peer_.ValidateSourceAddressTokens(
306 config_id, srct, ip, clock_.WallNow(), cached_network_params);
307 }
308
309 const string kPrimary = "<primary>";
310 const string kOverride = "Config with custom source address token key";
311
312 IPAddressNumber ip4_;
313 IPAddressNumber ip4_dual_;
314 IPAddressNumber ip6_;
315
316 MockClock clock_;
317 QuicWallTime original_time_;
318 QuicRandom* rand_ = QuicRandom::GetInstance();
319 QuicCryptoServerConfig server_;
320 QuicCryptoServerConfigPeer peer_;
321 // Stores the primary config.
322 scoped_ptr<CryptoHandshakeMessage> primary_config_;
323 scoped_ptr<QuicServerConfigProtobuf> override_config_protobuf_;
324 scoped_ptr<CryptoHandshakeMessage> override_config_;
325 };
326
327 // Test basic behavior of source address tokens including being specific
328 // to a single IP address and server config.
329 TEST_F(SourceAddressTokenTest, NewSourceAddressToken) {
330 // Primary config generates configs that validate successfully.
331 const string token4 = NewSourceAddressToken(kPrimary, ip4_);
332 const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_);
333 const string token6 = NewSourceAddressToken(kPrimary, ip6_);
334 EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4, ip4_));
335 ASSERT_EQ(HANDSHAKE_OK,
336 ValidateSourceAddressTokens(kPrimary, token4, ip4_dual_));
337 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
338 ValidateSourceAddressTokens(kPrimary, token4, ip6_));
339 ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4d, ip4_));
340 ASSERT_EQ(HANDSHAKE_OK,
341 ValidateSourceAddressTokens(kPrimary, token4d, ip4_dual_));
342 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
343 ValidateSourceAddressTokens(kPrimary, token4d, ip6_));
344 ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token6, ip6_));
345
346 // Override config generates configs that validate successfully.
347 const string override_token4 = NewSourceAddressToken(kOverride, ip4_);
348 const string override_token6 = NewSourceAddressToken(kOverride, ip6_);
349 ASSERT_EQ(HANDSHAKE_OK,
350 ValidateSourceAddressTokens(kOverride, override_token4, ip4_));
351 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
352 ValidateSourceAddressTokens(kOverride, override_token4, ip6_));
353 ASSERT_EQ(HANDSHAKE_OK,
354 ValidateSourceAddressTokens(kOverride, override_token6, ip6_));
355
356 // Tokens generated by the primary config do not validate
357 // successfully against the override config, and vice versa.
358 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
359 ValidateSourceAddressTokens(kOverride, token4, ip4_));
360 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
361 ValidateSourceAddressTokens(kOverride, token6, ip6_));
362 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
363 ValidateSourceAddressTokens(kPrimary, override_token4, ip4_));
364 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
365 ValidateSourceAddressTokens(kPrimary, override_token6, ip6_));
366 }
367
368 TEST_F(SourceAddressTokenTest, NewSourceAddressTokenExpiration) {
369 const string token = NewSourceAddressToken(kPrimary, ip4_);
370
371 // Validation fails if the token is from the future.
372 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2));
373 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
374 ValidateSourceAddressTokens(kPrimary, token, ip4_));
375
376 // Validation fails after tokens expire.
377 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7));
378 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
379 ValidateSourceAddressTokens(kPrimary, token, ip4_));
380 }
381
382 TEST_F(SourceAddressTokenTest, NewSourceAddressTokenWithNetworkParams) {
383 // Make sure that if the source address token contains CachedNetworkParameters
384 // that this gets written to ValidateSourceAddressToken output argument.
385 CachedNetworkParameters cached_network_params_input;
386 cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234);
387 const string token4_with_cached_network_params =
388 NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input);
389
390 CachedNetworkParameters cached_network_params_output;
391 EXPECT_NE(cached_network_params_output.SerializeAsString(),
392 cached_network_params_input.SerializeAsString());
393 ValidateSourceAddressTokens(kPrimary, token4_with_cached_network_params, ip4_,
394 &cached_network_params_output);
395 EXPECT_EQ(cached_network_params_output.SerializeAsString(),
396 cached_network_params_input.SerializeAsString());
397 }
398
399 // Test the ability for a source address token to be valid for multiple
400 // addresses.
401 TEST_F(SourceAddressTokenTest, SourceAddressTokenMultipleAddresses) {
402 QuicWallTime now = clock_.WallNow();
403
404 // Now create a token which is usable for both addresses.
405 SourceAddressToken previous_token;
406 IPAddressNumber ip_address = ip6_;
407 if (ip6_.size() == kIPv4AddressSize) {
408 ip_address = ConvertIPv4NumberToIPv6Number(ip_address);
409 }
410 previous_token.set_ip(IPAddressToPackedString(ip_address));
411 previous_token.set_timestamp(now.ToUNIXSeconds());
412 SourceAddressTokens previous_tokens;
413 (*previous_tokens.add_tokens()) = previous_token;
414 const string token4or6 =
415 NewSourceAddressToken(kPrimary, ip4_, previous_tokens);
416
417 EXPECT_EQ(HANDSHAKE_OK,
418 ValidateSourceAddressTokens(kPrimary, token4or6, ip4_));
419 ASSERT_EQ(HANDSHAKE_OK,
420 ValidateSourceAddressTokens(kPrimary, token4or6, ip6_));
421 }
422
423 TEST(QuicCryptoServerConfigTest, ValidateServerNonce) {
424 QuicRandom* rand = QuicRandom::GetInstance();
425 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand);
426 QuicCryptoServerConfigPeer peer(&server);
427
428 StringPiece message("hello world");
429 const size_t key_size = CryptoSecretBoxer::GetKeySize();
430 scoped_ptr<uint8[]> key(new uint8[key_size]);
431 memset(key.get(), 0x11, key_size);
432
433 CryptoSecretBoxer boxer;
434 boxer.SetKey(StringPiece(reinterpret_cast<char*>(key.get()), key_size));
435 const string box = boxer.Box(rand, message);
436 MockClock clock;
437 QuicWallTime now = clock.WallNow();
438 const QuicWallTime original_time = now;
439 EXPECT_EQ(SERVER_NONCE_DECRYPTION_FAILURE,
440 peer.ValidateServerNonce(box, now));
441
442 string server_nonce = peer.NewServerNonce(rand, now);
443 EXPECT_EQ(HANDSHAKE_OK, peer.ValidateServerNonce(server_nonce, now));
444 EXPECT_EQ(SERVER_NONCE_NOT_UNIQUE_FAILURE,
445 peer.ValidateServerNonce(server_nonce, now));
446
447 now = original_time.Add(QuicTime::Delta::FromSeconds(1000 * 7));
448 server_nonce = peer.NewServerNonce(rand, now);
449 EXPECT_EQ(HANDSHAKE_OK, peer.ValidateServerNonce(server_nonce, now));
450 }
451
452 class CryptoServerConfigsTest : public ::testing::Test {
453 public:
454 CryptoServerConfigsTest()
455 : rand_(QuicRandom::GetInstance()),
456 config_(QuicCryptoServerConfig::TESTING, rand_),
457 test_peer_(&config_) {}
458
459 void SetUp() override {
460 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1000));
461 }
462
463 // SetConfigs constructs suitable config protobufs and calls SetConfigs on
464 // |config_|. The arguments are given as nullptr-terminated pairs. The first
465 // of each pair is the server config ID of a Config. The second is the
466 // |primary_time| of that Config, given in epoch seconds. (Although note that,
467 // in these tests, time is set to 1000 seconds since the epoch.) For example:
468 // SetConfigs(nullptr); // calls |config_.SetConfigs| with no protobufs.
469 //
470 // // Calls |config_.SetConfigs| with two protobufs: one for a Config with
471 // // a |primary_time| of 900 and priority 1, and another with
472 // // a |primary_time| of 1000 and priority 2.
473
474 // CheckConfigs(
475 // "id1", 900, 1,
476 // "id2", 1000, 2,
477 // nullptr);
478 //
479 // If the server config id starts with "INVALID" then the generated protobuf
480 // will be invalid.
481 void SetConfigs(const char* server_config_id1, ...) {
482 const char kOrbit[] = "12345678";
483
484 va_list ap;
485 va_start(ap, server_config_id1);
486 bool has_invalid = false;
487 bool is_empty = true;
488
489 vector<QuicServerConfigProtobuf*> protobufs;
490 bool first = true;
491 for (;;) {
492 const char* server_config_id;
493 if (first) {
494 server_config_id = server_config_id1;
495 first = false;
496 } else {
497 server_config_id = va_arg(ap, const char*);
498 }
499
500 if (!server_config_id) {
501 break;
502 }
503
504 is_empty = false;
505 int primary_time = va_arg(ap, int);
506 int priority = va_arg(ap, int);
507
508 QuicCryptoServerConfig::ConfigOptions options;
509 options.id = server_config_id;
510 options.orbit = kOrbit;
511 QuicServerConfigProtobuf* protobuf(
512 QuicCryptoServerConfig::GenerateConfig(rand_, &clock_, options));
513 protobuf->set_primary_time(primary_time);
514 protobuf->set_priority(priority);
515 if (string(server_config_id).find("INVALID") == 0) {
516 protobuf->clear_key();
517 has_invalid = true;
518 }
519 protobufs.push_back(protobuf);
520 }
521
522 ASSERT_EQ(!has_invalid && !is_empty,
523 config_.SetConfigs(protobufs, clock_.WallNow()));
524 STLDeleteElements(&protobufs);
525 }
526
527 protected:
528 QuicRandom* const rand_;
529 MockClock clock_;
530 QuicCryptoServerConfig config_;
531 QuicCryptoServerConfigPeer test_peer_;
532 };
533
534 TEST_F(CryptoServerConfigsTest, NoConfigs) {
535 test_peer_.CheckConfigs(nullptr);
536 }
537
538 TEST_F(CryptoServerConfigsTest, MakePrimaryFirst) {
539 // Make sure that "b" is primary even though "a" comes first.
540 SetConfigs("a", 1100, 1,
541 "b", 900, 1,
542 nullptr);
543 test_peer_.CheckConfigs(
544 "a", false,
545 "b", true,
546 nullptr);
547 }
548
549 TEST_F(CryptoServerConfigsTest, MakePrimarySecond) {
550 // Make sure that a remains primary after b is added.
551 SetConfigs("a", 900, 1,
552 "b", 1100, 1,
553 nullptr);
554 test_peer_.CheckConfigs(
555 "a", true,
556 "b", false,
557 nullptr);
558 }
559
560 TEST_F(CryptoServerConfigsTest, Delete) {
561 // Ensure that configs get deleted when removed.
562 SetConfigs("a", 800, 1,
563 "b", 900, 1,
564 "c", 1100, 1,
565 nullptr);
566 test_peer_.CheckConfigs(
567 "a", false,
568 "b", true,
569 "c", false,
570 nullptr);
571 SetConfigs("b", 900, 1,
572 "c", 1100, 1,
573 nullptr);
574 test_peer_.CheckConfigs(
575 "b", true,
576 "c", false,
577 nullptr);
578 }
579
580 TEST_F(CryptoServerConfigsTest, DeletePrimary) {
581 // Ensure that deleting the primary config works.
582 SetConfigs("a", 800, 1,
583 "b", 900, 1,
584 "c", 1100, 1,
585 nullptr);
586 test_peer_.CheckConfigs(
587 "a", false,
588 "b", true,
589 "c", false,
590 nullptr);
591 SetConfigs("a", 800, 1,
592 "c", 1100, 1,
593 nullptr);
594 test_peer_.CheckConfigs(
595 "a", true,
596 "c", false,
597 nullptr);
598 }
599
600 TEST_F(CryptoServerConfigsTest, FailIfDeletingAllConfigs) {
601 // Ensure that configs get deleted when removed.
602 SetConfigs("a", 800, 1,
603 "b", 900, 1,
604 nullptr);
605 test_peer_.CheckConfigs(
606 "a", false,
607 "b", true,
608 nullptr);
609 SetConfigs(nullptr);
610 // Config change is rejected, still using old configs.
611 test_peer_.CheckConfigs(
612 "a", false,
613 "b", true,
614 nullptr);
615 }
616
617 TEST_F(CryptoServerConfigsTest, ChangePrimaryTime) {
618 // Check that updates to primary time get picked up.
619 SetConfigs("a", 400, 1,
620 "b", 800, 1,
621 "c", 1200, 1,
622 nullptr);
623 test_peer_.SelectNewPrimaryConfig(500);
624 test_peer_.CheckConfigs(
625 "a", true,
626 "b", false,
627 "c", false,
628 nullptr);
629 SetConfigs("a", 1200, 1,
630 "b", 800, 1,
631 "c", 400, 1,
632 nullptr);
633 test_peer_.SelectNewPrimaryConfig(500);
634 test_peer_.CheckConfigs(
635 "a", false,
636 "b", false,
637 "c", true,
638 nullptr);
639 }
640
641 TEST_F(CryptoServerConfigsTest, AllConfigsInThePast) {
642 // Check that the most recent config is selected.
643 SetConfigs("a", 400, 1,
644 "b", 800, 1,
645 "c", 1200, 1,
646 nullptr);
647 test_peer_.SelectNewPrimaryConfig(1500);
648 test_peer_.CheckConfigs(
649 "a", false,
650 "b", false,
651 "c", true,
652 nullptr);
653 }
654
655 TEST_F(CryptoServerConfigsTest, AllConfigsInTheFuture) {
656 // Check that the first config is selected.
657 SetConfigs("a", 400, 1,
658 "b", 800, 1,
659 "c", 1200, 1,
660 nullptr);
661 test_peer_.SelectNewPrimaryConfig(100);
662 test_peer_.CheckConfigs(
663 "a", true,
664 "b", false,
665 "c", false,
666 nullptr);
667 }
668
669 TEST_F(CryptoServerConfigsTest, SortByPriority) {
670 // Check that priority is used to decide on a primary config when
671 // configs have the same primary time.
672 SetConfigs("a", 900, 1,
673 "b", 900, 2,
674 "c", 900, 3,
675 nullptr);
676 test_peer_.CheckConfigs(
677 "a", true,
678 "b", false,
679 "c", false,
680 nullptr);
681 test_peer_.SelectNewPrimaryConfig(800);
682 test_peer_.CheckConfigs(
683 "a", true,
684 "b", false,
685 "c", false,
686 nullptr);
687 test_peer_.SelectNewPrimaryConfig(1000);
688 test_peer_.CheckConfigs(
689 "a", true,
690 "b", false,
691 "c", false,
692 nullptr);
693
694 // Change priorities and expect sort order to change.
695 SetConfigs("a", 900, 2,
696 "b", 900, 1,
697 "c", 900, 0,
698 nullptr);
699 test_peer_.CheckConfigs(
700 "a", false,
701 "b", false,
702 "c", true,
703 nullptr);
704 test_peer_.SelectNewPrimaryConfig(800);
705 test_peer_.CheckConfigs(
706 "a", false,
707 "b", false,
708 "c", true,
709 nullptr);
710 test_peer_.SelectNewPrimaryConfig(1000);
711 test_peer_.CheckConfigs(
712 "a", false,
713 "b", false,
714 "c", true,
715 nullptr);
716 }
717
718 TEST_F(CryptoServerConfigsTest, AdvancePrimary) {
719 // Check that a new primary config is enabled at the right time.
720 SetConfigs("a", 900, 1,
721 "b", 1100, 1,
722 nullptr);
723 test_peer_.SelectNewPrimaryConfig(1000);
724 test_peer_.CheckConfigs(
725 "a", true,
726 "b", false,
727 nullptr);
728 test_peer_.SelectNewPrimaryConfig(1101);
729 test_peer_.CheckConfigs(
730 "a", false,
731 "b", true,
732 nullptr);
733 }
734
735 TEST_F(CryptoServerConfigsTest, InvalidConfigs) {
736 // Ensure that invalid configs don't change anything.
737 SetConfigs("a", 800, 1,
738 "b", 900, 1,
739 "c", 1100, 1,
740 nullptr);
741 test_peer_.CheckConfigs(
742 "a", false,
743 "b", true,
744 "c", false,
745 nullptr);
746 SetConfigs("a", 800, 1,
747 "c", 1100, 1,
748 "INVALID1", 1000, 1,
749 nullptr);
750 test_peer_.CheckConfigs(
751 "a", false,
752 "b", true,
753 "c", false,
754 nullptr);
755 }
756
757 } // namespace test
758 } // namespace net