1*6777b538SAndroid Build Coastguard Worker // Copyright 2019 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker
5*6777b538SAndroid Build Coastguard Worker #include "net/dns/dns_client.h"
6*6777b538SAndroid Build Coastguard Worker
7*6777b538SAndroid Build Coastguard Worker #include <utility>
8*6777b538SAndroid Build Coastguard Worker
9*6777b538SAndroid Build Coastguard Worker #include "base/functional/bind.h"
10*6777b538SAndroid Build Coastguard Worker #include "base/rand_util.h"
11*6777b538SAndroid Build Coastguard Worker #include "base/test/task_environment.h"
12*6777b538SAndroid Build Coastguard Worker #include "net/base/ip_address.h"
13*6777b538SAndroid Build Coastguard Worker #include "net/base/ip_endpoint.h"
14*6777b538SAndroid Build Coastguard Worker #include "net/dns/dns_config.h"
15*6777b538SAndroid Build Coastguard Worker #include "net/dns/dns_session.h"
16*6777b538SAndroid Build Coastguard Worker #include "net/dns/dns_test_util.h"
17*6777b538SAndroid Build Coastguard Worker #include "net/dns/public/dns_over_https_config.h"
18*6777b538SAndroid Build Coastguard Worker #include "net/dns/resolve_context.h"
19*6777b538SAndroid Build Coastguard Worker #include "net/socket/socket_test_util.h"
20*6777b538SAndroid Build Coastguard Worker #include "net/test/test_with_task_environment.h"
21*6777b538SAndroid Build Coastguard Worker #include "net/url_request/url_request_context.h"
22*6777b538SAndroid Build Coastguard Worker #include "net/url_request/url_request_context_builder.h"
23*6777b538SAndroid Build Coastguard Worker #include "net/url_request/url_request_test_util.h"
24*6777b538SAndroid Build Coastguard Worker #include "testing/gmock/include/gmock/gmock.h"
25*6777b538SAndroid Build Coastguard Worker #include "testing/gtest/include/gtest/gtest.h"
26*6777b538SAndroid Build Coastguard Worker #include "url/scheme_host_port.h"
27*6777b538SAndroid Build Coastguard Worker
28*6777b538SAndroid Build Coastguard Worker namespace net {
29*6777b538SAndroid Build Coastguard Worker
30*6777b538SAndroid Build Coastguard Worker class ClientSocketFactory;
31*6777b538SAndroid Build Coastguard Worker
32*6777b538SAndroid Build Coastguard Worker namespace {
33*6777b538SAndroid Build Coastguard Worker
34*6777b538SAndroid Build Coastguard Worker class AlwaysFailSocketFactory : public MockClientSocketFactory {
35*6777b538SAndroid Build Coastguard Worker public:
CreateDatagramClientSocket(DatagramSocket::BindType bind_type,NetLog * net_log,const NetLogSource & source)36*6777b538SAndroid Build Coastguard Worker std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket(
37*6777b538SAndroid Build Coastguard Worker DatagramSocket::BindType bind_type,
38*6777b538SAndroid Build Coastguard Worker NetLog* net_log,
39*6777b538SAndroid Build Coastguard Worker const NetLogSource& source) override {
40*6777b538SAndroid Build Coastguard Worker return std::make_unique<MockUDPClientSocket>();
41*6777b538SAndroid Build Coastguard Worker }
42*6777b538SAndroid Build Coastguard Worker };
43*6777b538SAndroid Build Coastguard Worker
44*6777b538SAndroid Build Coastguard Worker class DnsClientTest : public TestWithTaskEnvironment {
45*6777b538SAndroid Build Coastguard Worker protected:
DnsClientTest()46*6777b538SAndroid Build Coastguard Worker DnsClientTest()
47*6777b538SAndroid Build Coastguard Worker : TestWithTaskEnvironment(
48*6777b538SAndroid Build Coastguard Worker base::test::TaskEnvironment::TimeSource::MOCK_TIME) {}
49*6777b538SAndroid Build Coastguard Worker
SetUp()50*6777b538SAndroid Build Coastguard Worker void SetUp() override {
51*6777b538SAndroid Build Coastguard Worker client_ = DnsClient::CreateClient(nullptr /* net_log */);
52*6777b538SAndroid Build Coastguard Worker auto context_builder = CreateTestURLRequestContextBuilder();
53*6777b538SAndroid Build Coastguard Worker context_builder->set_client_socket_factory_for_testing(&socket_factory_);
54*6777b538SAndroid Build Coastguard Worker request_context_ = context_builder->Build();
55*6777b538SAndroid Build Coastguard Worker resolve_context_ = std::make_unique<ResolveContext>(
56*6777b538SAndroid Build Coastguard Worker request_context_.get(), false /* enable_caching */);
57*6777b538SAndroid Build Coastguard Worker }
58*6777b538SAndroid Build Coastguard Worker
BasicValidConfig()59*6777b538SAndroid Build Coastguard Worker DnsConfig BasicValidConfig() {
60*6777b538SAndroid Build Coastguard Worker DnsConfig config;
61*6777b538SAndroid Build Coastguard Worker config.nameservers = {IPEndPoint(IPAddress(2, 3, 4, 5), 123)};
62*6777b538SAndroid Build Coastguard Worker return config;
63*6777b538SAndroid Build Coastguard Worker }
64*6777b538SAndroid Build Coastguard Worker
ValidConfigWithDoh(bool doh_only)65*6777b538SAndroid Build Coastguard Worker DnsConfig ValidConfigWithDoh(bool doh_only) {
66*6777b538SAndroid Build Coastguard Worker DnsConfig config;
67*6777b538SAndroid Build Coastguard Worker if (!doh_only) {
68*6777b538SAndroid Build Coastguard Worker config = BasicValidConfig();
69*6777b538SAndroid Build Coastguard Worker }
70*6777b538SAndroid Build Coastguard Worker config.doh_config =
71*6777b538SAndroid Build Coastguard Worker *net::DnsOverHttpsConfig::FromString("https://www.doh.com/");
72*6777b538SAndroid Build Coastguard Worker return config;
73*6777b538SAndroid Build Coastguard Worker }
74*6777b538SAndroid Build Coastguard Worker
BasicValidOverrides()75*6777b538SAndroid Build Coastguard Worker DnsConfigOverrides BasicValidOverrides() {
76*6777b538SAndroid Build Coastguard Worker DnsConfigOverrides config;
77*6777b538SAndroid Build Coastguard Worker config.nameservers.emplace({IPEndPoint(IPAddress(1, 2, 3, 4), 123)});
78*6777b538SAndroid Build Coastguard Worker return config;
79*6777b538SAndroid Build Coastguard Worker }
80*6777b538SAndroid Build Coastguard Worker
81*6777b538SAndroid Build Coastguard Worker std::unique_ptr<URLRequestContext> request_context_;
82*6777b538SAndroid Build Coastguard Worker std::unique_ptr<ResolveContext> resolve_context_;
83*6777b538SAndroid Build Coastguard Worker std::unique_ptr<DnsClient> client_;
84*6777b538SAndroid Build Coastguard Worker AlwaysFailSocketFactory socket_factory_;
85*6777b538SAndroid Build Coastguard Worker };
86*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,NoConfig)87*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, NoConfig) {
88*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
89*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
90*6777b538SAndroid Build Coastguard Worker
91*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseSecureDnsTransactions());
92*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
93*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
94*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseInsecureDnsTransactions());
95*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromInsecureTransactionPreferred());
96*6777b538SAndroid Build Coastguard Worker
97*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetEffectiveConfig());
98*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetHosts());
99*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetTransactionFactory());
100*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetCurrentSession());
101*6777b538SAndroid Build Coastguard Worker }
102*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,InvalidConfig)103*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, InvalidConfig) {
104*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
105*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
106*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(DnsConfig());
107*6777b538SAndroid Build Coastguard Worker
108*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseSecureDnsTransactions());
109*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
110*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
111*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseInsecureDnsTransactions());
112*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromInsecureTransactionPreferred());
113*6777b538SAndroid Build Coastguard Worker
114*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetEffectiveConfig());
115*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetHosts());
116*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetTransactionFactory());
117*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetCurrentSession());
118*6777b538SAndroid Build Coastguard Worker }
119*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,CanUseSecureDnsTransactions_NoDohServers)120*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, CanUseSecureDnsTransactions_NoDohServers) {
121*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
122*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
123*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(BasicValidConfig());
124*6777b538SAndroid Build Coastguard Worker
125*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseSecureDnsTransactions());
126*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
127*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
128*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseInsecureDnsTransactions());
129*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanQueryAdditionalTypesViaInsecureDns());
130*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->FallbackFromInsecureTransactionPreferred());
131*6777b538SAndroid Build Coastguard Worker
132*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
133*6777b538SAndroid Build Coastguard Worker testing::Pointee(BasicValidConfig()));
134*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetHosts());
135*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetTransactionFactory());
136*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(), BasicValidConfig());
137*6777b538SAndroid Build Coastguard Worker }
138*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,InsecureNotEnabled)139*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, InsecureNotEnabled) {
140*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/false,
141*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/false);
142*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(ValidConfigWithDoh(false /* doh_only */));
143*6777b538SAndroid Build Coastguard Worker
144*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
145*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
146*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
147*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseInsecureDnsTransactions());
148*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromInsecureTransactionPreferred());
149*6777b538SAndroid Build Coastguard Worker
150*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
151*6777b538SAndroid Build Coastguard Worker testing::Pointee(ValidConfigWithDoh(false /* doh_only */)));
152*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetHosts());
153*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetTransactionFactory());
154*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(),
155*6777b538SAndroid Build Coastguard Worker ValidConfigWithDoh(false /* doh_only */));
156*6777b538SAndroid Build Coastguard Worker }
157*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,RespectsAdditionalTypesDisabled)158*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, RespectsAdditionalTypesDisabled) {
159*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
160*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/false);
161*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(BasicValidConfig());
162*6777b538SAndroid Build Coastguard Worker
163*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseSecureDnsTransactions());
164*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
165*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
166*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseInsecureDnsTransactions());
167*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanQueryAdditionalTypesViaInsecureDns());
168*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->FallbackFromInsecureTransactionPreferred());
169*6777b538SAndroid Build Coastguard Worker }
170*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,UnhandledOptions)171*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, UnhandledOptions) {
172*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
173*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
174*6777b538SAndroid Build Coastguard Worker DnsConfig config = ValidConfigWithDoh(false /* doh_only */);
175*6777b538SAndroid Build Coastguard Worker config.unhandled_options = true;
176*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(config);
177*6777b538SAndroid Build Coastguard Worker
178*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
179*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
180*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
181*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseInsecureDnsTransactions());
182*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromInsecureTransactionPreferred());
183*6777b538SAndroid Build Coastguard Worker
184*6777b538SAndroid Build Coastguard Worker DnsConfig expected_config = config;
185*6777b538SAndroid Build Coastguard Worker expected_config.nameservers.clear();
186*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(), testing::Pointee(expected_config));
187*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetHosts());
188*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetTransactionFactory());
189*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(), expected_config);
190*6777b538SAndroid Build Coastguard Worker }
191*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,CanUseSecureDnsTransactions_ProbeSuccess)192*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, CanUseSecureDnsTransactions_ProbeSuccess) {
193*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(ValidConfigWithDoh(true /* doh_only */));
194*6777b538SAndroid Build Coastguard Worker resolve_context_->InvalidateCachesAndPerSessionData(
195*6777b538SAndroid Build Coastguard Worker client_->GetCurrentSession(), true /* network_change */);
196*6777b538SAndroid Build Coastguard Worker
197*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
198*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
199*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
200*6777b538SAndroid Build Coastguard Worker
201*6777b538SAndroid Build Coastguard Worker resolve_context_->RecordServerSuccess(0u /* server_index */,
202*6777b538SAndroid Build Coastguard Worker true /* is_doh_server */,
203*6777b538SAndroid Build Coastguard Worker client_->GetCurrentSession());
204*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
205*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
206*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
207*6777b538SAndroid Build Coastguard Worker }
208*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,DnsOverTlsActive)209*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, DnsOverTlsActive) {
210*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
211*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
212*6777b538SAndroid Build Coastguard Worker DnsConfig config = ValidConfigWithDoh(false /* doh_only */);
213*6777b538SAndroid Build Coastguard Worker config.dns_over_tls_active = true;
214*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(config);
215*6777b538SAndroid Build Coastguard Worker
216*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
217*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
218*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
219*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->CanUseInsecureDnsTransactions());
220*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromInsecureTransactionPreferred());
221*6777b538SAndroid Build Coastguard Worker
222*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(), testing::Pointee(config));
223*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetHosts());
224*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetTransactionFactory());
225*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(), config);
226*6777b538SAndroid Build Coastguard Worker }
227*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,AllAllowed)228*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, AllAllowed) {
229*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
230*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
231*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(ValidConfigWithDoh(false /* doh_only */));
232*6777b538SAndroid Build Coastguard Worker resolve_context_->InvalidateCachesAndPerSessionData(
233*6777b538SAndroid Build Coastguard Worker client_->GetCurrentSession(), false /* network_change */);
234*6777b538SAndroid Build Coastguard Worker resolve_context_->RecordServerSuccess(0u /* server_index */,
235*6777b538SAndroid Build Coastguard Worker true /* is_doh_server */,
236*6777b538SAndroid Build Coastguard Worker client_->GetCurrentSession());
237*6777b538SAndroid Build Coastguard Worker
238*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
239*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
240*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
241*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseInsecureDnsTransactions());
242*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanQueryAdditionalTypesViaInsecureDns());
243*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->FallbackFromInsecureTransactionPreferred());
244*6777b538SAndroid Build Coastguard Worker
245*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
246*6777b538SAndroid Build Coastguard Worker testing::Pointee(ValidConfigWithDoh(false /* doh_only */)));
247*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetHosts());
248*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetTransactionFactory());
249*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(),
250*6777b538SAndroid Build Coastguard Worker ValidConfigWithDoh(false /* doh_only */));
251*6777b538SAndroid Build Coastguard Worker }
252*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,FallbackFromInsecureTransactionPreferred_Failures)253*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, FallbackFromInsecureTransactionPreferred_Failures) {
254*6777b538SAndroid Build Coastguard Worker client_->SetInsecureEnabled(/*enabled=*/true,
255*6777b538SAndroid Build Coastguard Worker /*additional_types_enabled=*/true);
256*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(ValidConfigWithDoh(false /* doh_only */));
257*6777b538SAndroid Build Coastguard Worker
258*6777b538SAndroid Build Coastguard Worker for (int i = 0; i < DnsClient::kMaxInsecureFallbackFailures; ++i) {
259*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
260*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromSecureTransactionPreferred(
261*6777b538SAndroid Build Coastguard Worker resolve_context_.get()));
262*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseInsecureDnsTransactions());
263*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanQueryAdditionalTypesViaInsecureDns());
264*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->FallbackFromInsecureTransactionPreferred());
265*6777b538SAndroid Build Coastguard Worker
266*6777b538SAndroid Build Coastguard Worker client_->IncrementInsecureFallbackFailures();
267*6777b538SAndroid Build Coastguard Worker }
268*6777b538SAndroid Build Coastguard Worker
269*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
270*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
271*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
272*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseInsecureDnsTransactions());
273*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanQueryAdditionalTypesViaInsecureDns());
274*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->FallbackFromInsecureTransactionPreferred());
275*6777b538SAndroid Build Coastguard Worker
276*6777b538SAndroid Build Coastguard Worker client_->ClearInsecureFallbackFailures();
277*6777b538SAndroid Build Coastguard Worker
278*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseSecureDnsTransactions());
279*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(
280*6777b538SAndroid Build Coastguard Worker client_->FallbackFromSecureTransactionPreferred(resolve_context_.get()));
281*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanUseInsecureDnsTransactions());
282*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->CanQueryAdditionalTypesViaInsecureDns());
283*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->FallbackFromInsecureTransactionPreferred());
284*6777b538SAndroid Build Coastguard Worker }
285*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,GetPresetAddrs)286*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, GetPresetAddrs) {
287*6777b538SAndroid Build Coastguard Worker DnsConfig config;
288*6777b538SAndroid Build Coastguard Worker config.doh_config = *net::DnsOverHttpsConfig::FromString(R"(
289*6777b538SAndroid Build Coastguard Worker {
290*6777b538SAndroid Build Coastguard Worker "servers": [{
291*6777b538SAndroid Build Coastguard Worker "template": "https://www.doh.com/",
292*6777b538SAndroid Build Coastguard Worker "endpoints": [{
293*6777b538SAndroid Build Coastguard Worker "ips": ["4.3.2.1"]
294*6777b538SAndroid Build Coastguard Worker }, {
295*6777b538SAndroid Build Coastguard Worker "ips": ["4.3.2.2"]
296*6777b538SAndroid Build Coastguard Worker }]
297*6777b538SAndroid Build Coastguard Worker }]
298*6777b538SAndroid Build Coastguard Worker }
299*6777b538SAndroid Build Coastguard Worker )");
300*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(config);
301*6777b538SAndroid Build Coastguard Worker
302*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetPresetAddrs(
303*6777b538SAndroid Build Coastguard Worker url::SchemeHostPort("https", "otherdomain.com", 443)));
304*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(
305*6777b538SAndroid Build Coastguard Worker client_->GetPresetAddrs(url::SchemeHostPort("http", "www.doh.com", 443)));
306*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetPresetAddrs(
307*6777b538SAndroid Build Coastguard Worker url::SchemeHostPort("https", "www.doh.com", 9999)));
308*6777b538SAndroid Build Coastguard Worker
309*6777b538SAndroid Build Coastguard Worker std::vector<IPEndPoint> expected({{{4, 3, 2, 1}, 443}, {{4, 3, 2, 2}, 443}});
310*6777b538SAndroid Build Coastguard Worker
311*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(
312*6777b538SAndroid Build Coastguard Worker client_->GetPresetAddrs(url::SchemeHostPort("https", "www.doh.com", 443)),
313*6777b538SAndroid Build Coastguard Worker testing::Optional(expected));
314*6777b538SAndroid Build Coastguard Worker }
315*6777b538SAndroid Build Coastguard Worker
TEST_F(DnsClientTest,Override)316*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, Override) {
317*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(BasicValidConfig());
318*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
319*6777b538SAndroid Build Coastguard Worker testing::Pointee(BasicValidConfig()));
320*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(), BasicValidConfig());
321*6777b538SAndroid Build Coastguard Worker
322*6777b538SAndroid Build Coastguard Worker client_->SetConfigOverrides(BasicValidOverrides());
323*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
324*6777b538SAndroid Build Coastguard Worker testing::Pointee(
325*6777b538SAndroid Build Coastguard Worker BasicValidOverrides().ApplyOverrides(BasicValidConfig())));
326*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(),
327*6777b538SAndroid Build Coastguard Worker BasicValidOverrides().ApplyOverrides(BasicValidConfig()));
328*6777b538SAndroid Build Coastguard Worker
329*6777b538SAndroid Build Coastguard Worker client_->SetConfigOverrides(DnsConfigOverrides());
330*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
331*6777b538SAndroid Build Coastguard Worker testing::Pointee(BasicValidConfig()));
332*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(), BasicValidConfig());
333*6777b538SAndroid Build Coastguard Worker }
334*6777b538SAndroid Build Coastguard Worker
335*6777b538SAndroid Build Coastguard Worker // Cannot apply overrides without a system config unless everything is
336*6777b538SAndroid Build Coastguard Worker // overridden
337*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, OverrideNoConfig) {
338*6777b538SAndroid Build Coastguard Worker client_->SetConfigOverrides(BasicValidOverrides());
339*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetEffectiveConfig());
340*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetCurrentSession());
341*6777b538SAndroid Build Coastguard Worker
342*6777b538SAndroid Build Coastguard Worker auto override_everything =
343*6777b538SAndroid Build Coastguard Worker DnsConfigOverrides::CreateOverridingEverythingWithDefaults();
344*6777b538SAndroid Build Coastguard Worker override_everything.nameservers.emplace(
345*6777b538SAndroid Build Coastguard Worker {IPEndPoint(IPAddress(1, 2, 3, 4), 123)});
346*6777b538SAndroid Build Coastguard Worker client_->SetConfigOverrides(override_everything);
347*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(
348*6777b538SAndroid Build Coastguard Worker client_->GetEffectiveConfig(),
349*6777b538SAndroid Build Coastguard Worker testing::Pointee(override_everything.ApplyOverrides(DnsConfig())));
350*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(),
351*6777b538SAndroid Build Coastguard Worker override_everything.ApplyOverrides(DnsConfig()));
352*6777b538SAndroid Build Coastguard Worker }
353*6777b538SAndroid Build Coastguard Worker
354*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, OverrideInvalidConfig) {
355*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(DnsConfig());
356*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetEffectiveConfig());
357*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetCurrentSession());
358*6777b538SAndroid Build Coastguard Worker
359*6777b538SAndroid Build Coastguard Worker client_->SetConfigOverrides(BasicValidOverrides());
360*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
361*6777b538SAndroid Build Coastguard Worker testing::Pointee(
362*6777b538SAndroid Build Coastguard Worker BasicValidOverrides().ApplyOverrides(BasicValidConfig())));
363*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(),
364*6777b538SAndroid Build Coastguard Worker BasicValidOverrides().ApplyOverrides(DnsConfig()));
365*6777b538SAndroid Build Coastguard Worker }
366*6777b538SAndroid Build Coastguard Worker
367*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, OverrideToInvalid) {
368*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(BasicValidConfig());
369*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(client_->GetEffectiveConfig(),
370*6777b538SAndroid Build Coastguard Worker testing::Pointee(BasicValidConfig()));
371*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(client_->GetCurrentSession()->config(), BasicValidConfig());
372*6777b538SAndroid Build Coastguard Worker
373*6777b538SAndroid Build Coastguard Worker DnsConfigOverrides overrides;
374*6777b538SAndroid Build Coastguard Worker overrides.nameservers.emplace();
375*6777b538SAndroid Build Coastguard Worker client_->SetConfigOverrides(std::move(overrides));
376*6777b538SAndroid Build Coastguard Worker
377*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetEffectiveConfig());
378*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetCurrentSession());
379*6777b538SAndroid Build Coastguard Worker }
380*6777b538SAndroid Build Coastguard Worker
381*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, ReplaceCurrentSession) {
382*6777b538SAndroid Build Coastguard Worker client_->SetSystemConfig(BasicValidConfig());
383*6777b538SAndroid Build Coastguard Worker
384*6777b538SAndroid Build Coastguard Worker base::WeakPtr<DnsSession> session_before =
385*6777b538SAndroid Build Coastguard Worker client_->GetCurrentSession()->GetWeakPtr();
386*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(session_before);
387*6777b538SAndroid Build Coastguard Worker
388*6777b538SAndroid Build Coastguard Worker client_->ReplaceCurrentSession();
389*6777b538SAndroid Build Coastguard Worker
390*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(session_before);
391*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(client_->GetCurrentSession());
392*6777b538SAndroid Build Coastguard Worker }
393*6777b538SAndroid Build Coastguard Worker
394*6777b538SAndroid Build Coastguard Worker TEST_F(DnsClientTest, ReplaceCurrentSession_NoSession) {
395*6777b538SAndroid Build Coastguard Worker ASSERT_FALSE(client_->GetCurrentSession());
396*6777b538SAndroid Build Coastguard Worker
397*6777b538SAndroid Build Coastguard Worker client_->ReplaceCurrentSession();
398*6777b538SAndroid Build Coastguard Worker
399*6777b538SAndroid Build Coastguard Worker EXPECT_FALSE(client_->GetCurrentSession());
400*6777b538SAndroid Build Coastguard Worker }
401*6777b538SAndroid Build Coastguard Worker
402*6777b538SAndroid Build Coastguard Worker } // namespace
403*6777b538SAndroid Build Coastguard Worker
404*6777b538SAndroid Build Coastguard Worker } // namespace net
405