// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/socket/client_socket_pool.h" #include #include #include "base/test/scoped_feature_list.h" #include "net/base/features.h" #include "net/base/host_port_pair.h" #include "net/base/network_anonymization_key.h" #include "net/base/privacy_mode.h" #include "net/base/schemeful_site.h" #include "net/dns/public/secure_dns_policy.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" #include "url/scheme_host_port.h" #include "url/url_constants.h" namespace net { namespace { TEST(ClientSocketPool, GroupIdOperators) { base::test::ScopedFeatureList feature_list; feature_list.InitAndEnableFeature( features::kPartitionConnectionsByNetworkIsolationKey); // Each of these lists is in "<" order, as defined by Group::operator< on the // corresponding field. const uint16_t kPorts[] = { 80, 81, 443, }; const char* kSchemes[] = { url::kHttpScheme, url::kHttpsScheme, }; const char* kHosts[] = { "a", "b", "c", }; const PrivacyMode kPrivacyModes[] = { PrivacyMode::PRIVACY_MODE_DISABLED, PrivacyMode::PRIVACY_MODE_ENABLED, }; const SchemefulSite kSiteA(GURL("http://a.test/")); const SchemefulSite kSiteB(GURL("http://b.test/")); const NetworkAnonymizationKey kNetworkAnonymizationKeys[] = { NetworkAnonymizationKey::CreateSameSite(kSiteA), NetworkAnonymizationKey::CreateSameSite(kSiteB), }; const SecureDnsPolicy kDisableSecureDnsValues[] = {SecureDnsPolicy::kAllow, SecureDnsPolicy::kDisable}; // All previously created |group_ids|. They should all be less than the // current group under consideration. std::vector group_ids; // Iterate through all sets of group ids, from least to greatest. for (const auto& port : kPorts) { SCOPED_TRACE(port); for (const char* scheme : kSchemes) { SCOPED_TRACE(scheme); for (const char* host : kHosts) { SCOPED_TRACE(host); for (const auto& privacy_mode : kPrivacyModes) { SCOPED_TRACE(privacy_mode); for (const auto& network_anonymization_key : kNetworkAnonymizationKeys) { SCOPED_TRACE(network_anonymization_key.ToDebugString()); for (const auto& secure_dns_policy : kDisableSecureDnsValues) { ClientSocketPool::GroupId group_id( url::SchemeHostPort(scheme, host, port), privacy_mode, network_anonymization_key, secure_dns_policy, /*disable_cert_network_fetches=*/false); for (const auto& lower_group_id : group_ids) { EXPECT_FALSE(lower_group_id == group_id); EXPECT_TRUE(lower_group_id < group_id); EXPECT_FALSE(group_id < lower_group_id); } group_ids.push_back(group_id); // Compare |group_id| to itself. Use two different copies of // |group_id|'s value, since to protect against bugs where an // object only equals itself. EXPECT_TRUE(group_ids.back() == group_id); EXPECT_FALSE(group_ids.back() < group_id); EXPECT_FALSE(group_id < group_ids.back()); } } } } } } } TEST(ClientSocketPool, GroupIdToString) { base::test::ScopedFeatureList feature_list; feature_list.InitAndEnableFeature( features::kPartitionConnectionsByNetworkIsolationKey); EXPECT_EQ("http://foo ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpScheme, "foo", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("http://bar:443 ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpScheme, "bar", 443), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("pm/http://bar ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpScheme, "bar", 80), PrivacyMode::PRIVACY_MODE_ENABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("https://foo:80 ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpsScheme, "foo", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("https://bar ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpsScheme, "bar", 443), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("pm/https://bar:80 ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpsScheme, "bar", 80), PrivacyMode::PRIVACY_MODE_ENABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("https://foo ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpsScheme, "foo", 443), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey::CreateCrossSite( SchemefulSite(GURL("https://foo.test"))), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ( "dsd/pm/https://bar:80 ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpsScheme, "bar", 80), PrivacyMode::PRIVACY_MODE_ENABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kDisable, /*disable_cert_network_fetches=*/false) .ToString()); EXPECT_EQ("disable_cert_network_fetches/pm/https://bar:80 ", ClientSocketPool::GroupId( url::SchemeHostPort(url::kHttpsScheme, "bar", 80), PrivacyMode::PRIVACY_MODE_ENABLED, NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/true) .ToString()); } TEST(ClientSocketPool, PartitionConnectionsByNetworkIsolationKeyDisabled) { const SchemefulSite kSiteFoo(GURL("https://foo.com")); const SchemefulSite kSiteBar(GURL("https://bar.com")); base::test::ScopedFeatureList feature_list; feature_list.InitAndDisableFeature( features::kPartitionConnectionsByNetworkIsolationKey); ClientSocketPool::GroupId group_id1( url::SchemeHostPort(url::kHttpsScheme, "foo", 443), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey::CreateSameSite(kSiteFoo), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketPool::GroupId group_id2( url::SchemeHostPort(url::kHttpsScheme, "foo", 443), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey::CreateSameSite(kSiteBar), SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); EXPECT_FALSE(group_id1.network_anonymization_key().IsFullyPopulated()); EXPECT_FALSE(group_id2.network_anonymization_key().IsFullyPopulated()); EXPECT_EQ(group_id1.network_anonymization_key(), group_id2.network_anonymization_key()); EXPECT_EQ(group_id1, group_id2); EXPECT_EQ("https://foo", group_id1.ToString()); EXPECT_EQ("https://foo", group_id2.ToString()); } } // namespace } // namespace net