1 // Copyright 2021 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/connect_job_factory.h"
6
7 #include <memory>
8 #include <optional>
9 #include <vector>
10
11 #include "base/memory/raw_ptr.h"
12 #include "base/memory/scoped_refptr.h"
13 #include "net/base/host_port_pair.h"
14 #include "net/base/network_isolation_key.h"
15 #include "net/base/privacy_mode.h"
16 #include "net/base/proxy_chain.h"
17 #include "net/base/proxy_server.h"
18 #include "net/base/request_priority.h"
19 #include "net/dns/public/secure_dns_policy.h"
20 #include "net/http/http_proxy_connect_job.h"
21 #include "net/log/net_log_with_source.h"
22 #include "net/socket/connect_job.h"
23 #include "net/socket/connect_job_test_util.h"
24 #include "net/socket/next_proto.h"
25 #include "net/socket/socket_tag.h"
26 #include "net/socket/socks_connect_job.h"
27 #include "net/socket/ssl_connect_job.h"
28 #include "net/socket/transport_connect_job.h"
29 #include "net/socket/websocket_endpoint_lock_manager.h"
30 #include "net/ssl/ssl_config.h"
31 #include "net/test/test_with_task_environment.h"
32 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
33 #include "testing/gmock/include/gmock/gmock.h"
34 #include "testing/gtest/include/gtest/gtest.h"
35 #include "url/scheme_host_port.h"
36 #include "url/url_constants.h"
37
38 namespace net {
39 namespace {
40
41 // Mock HttpProxyConnectJob::Factory that records the `params` used and then
42 // passes on to a real factory.
43 class TestHttpProxyConnectJobFactory : public HttpProxyConnectJob::Factory {
44 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,scoped_refptr<HttpProxySocketParams> params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)45 std::unique_ptr<HttpProxyConnectJob> Create(
46 RequestPriority priority,
47 const SocketTag& socket_tag,
48 const CommonConnectJobParams* common_connect_job_params,
49 scoped_refptr<HttpProxySocketParams> params,
50 ConnectJob::Delegate* delegate,
51 const NetLogWithSource* net_log) override {
52 params_.push_back(params);
53 return HttpProxyConnectJob::Factory::Create(priority, socket_tag,
54 common_connect_job_params,
55 params, delegate, net_log);
56 }
57
params() const58 const std::vector<scoped_refptr<HttpProxySocketParams>>& params() const {
59 return params_;
60 }
61
62 private:
63 std::vector<scoped_refptr<HttpProxySocketParams>> params_;
64 };
65
66 // Mock SOCKSConnectJob::Factory that records the `params` used and then passes
67 // on to a real factory.
68 class TestSocksConnectJobFactory : public SOCKSConnectJob::Factory {
69 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,scoped_refptr<SOCKSSocketParams> socks_params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)70 std::unique_ptr<SOCKSConnectJob> Create(
71 RequestPriority priority,
72 const SocketTag& socket_tag,
73 const CommonConnectJobParams* common_connect_job_params,
74 scoped_refptr<SOCKSSocketParams> socks_params,
75 ConnectJob::Delegate* delegate,
76 const NetLogWithSource* net_log) override {
77 params_.push_back(socks_params);
78 return SOCKSConnectJob::Factory::Create(priority, socket_tag,
79 common_connect_job_params,
80 socks_params, delegate, net_log);
81 }
82
params() const83 const std::vector<scoped_refptr<SOCKSSocketParams>>& params() const {
84 return params_;
85 }
86
87 private:
88 std::vector<scoped_refptr<SOCKSSocketParams>> params_;
89 };
90
91 // Mock SSLConnectJob::Factory that records the `params` used and then passes on
92 // to a real factory.
93 class TestSslConnectJobFactory : public SSLConnectJob::Factory {
94 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,scoped_refptr<SSLSocketParams> params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)95 std::unique_ptr<SSLConnectJob> Create(
96 RequestPriority priority,
97 const SocketTag& socket_tag,
98 const CommonConnectJobParams* common_connect_job_params,
99 scoped_refptr<SSLSocketParams> params,
100 ConnectJob::Delegate* delegate,
101 const NetLogWithSource* net_log) override {
102 params_.push_back(params);
103 return SSLConnectJob::Factory::Create(priority, socket_tag,
104 common_connect_job_params, params,
105 delegate, net_log);
106 }
107
params() const108 const std::vector<scoped_refptr<SSLSocketParams>>& params() const {
109 return params_;
110 }
111
112 private:
113 std::vector<scoped_refptr<SSLSocketParams>> params_;
114 };
115
116 // Mock TransportConnectJob::Factory that records the `params` used and then
117 // passes on to a real factory.
118 class TestTransportConnectJobFactory : public TransportConnectJob::Factory {
119 public:
Create(RequestPriority priority,const SocketTag & socket_tag,const CommonConnectJobParams * common_connect_job_params,const scoped_refptr<TransportSocketParams> & params,ConnectJob::Delegate * delegate,const NetLogWithSource * net_log)120 std::unique_ptr<TransportConnectJob> Create(
121 RequestPriority priority,
122 const SocketTag& socket_tag,
123 const CommonConnectJobParams* common_connect_job_params,
124 const scoped_refptr<TransportSocketParams>& params,
125 ConnectJob::Delegate* delegate,
126 const NetLogWithSource* net_log) override {
127 params_.push_back(params);
128 return TransportConnectJob::Factory::Create(priority, socket_tag,
129 common_connect_job_params,
130 params, delegate, net_log);
131 }
132
params() const133 const std::vector<scoped_refptr<TransportSocketParams>>& params() const {
134 return params_;
135 }
136
137 private:
138 std::vector<scoped_refptr<TransportSocketParams>> params_;
139 };
140
141 class ConnectJobFactoryTest : public TestWithTaskEnvironment {
142 public:
ConnectJobFactoryTest()143 ConnectJobFactoryTest() {
144 auto http_proxy_job_factory =
145 std::make_unique<TestHttpProxyConnectJobFactory>();
146 http_proxy_job_factory_ = http_proxy_job_factory.get();
147
148 auto socks_job_factory = std::make_unique<TestSocksConnectJobFactory>();
149 socks_job_factory_ = socks_job_factory.get();
150
151 auto ssl_job_factory = std::make_unique<TestSslConnectJobFactory>();
152 ssl_job_factory_ = ssl_job_factory.get();
153
154 auto transport_job_factory =
155 std::make_unique<TestTransportConnectJobFactory>();
156 transport_job_factory_ = transport_job_factory.get();
157
158 factory_ = std::make_unique<ConnectJobFactory>(
159 std::move(http_proxy_job_factory), std::move(socks_job_factory),
160 std::move(ssl_job_factory), std::move(transport_job_factory));
161 }
162
163 protected:
164 // Gets the total number of ConnectJob creations across all types.
GetCreationCount() const165 size_t GetCreationCount() const {
166 return http_proxy_job_factory_->params().size() +
167 socks_job_factory_->params().size() +
168 ssl_job_factory_->params().size() +
169 transport_job_factory_->params().size();
170 }
171
172 const NextProtoVector alpn_protos_{kProtoHTTP2, kProtoHTTP11};
173 const SSLConfig::ApplicationSettings application_settings_{{kProtoHTTP2, {}}};
174 bool early_data_enabled_ = true;
175 const CommonConnectJobParams common_connect_job_params_{
176 /*client_socket_factory=*/nullptr,
177 /*host_resolver=*/nullptr,
178 /*http_auth_cache=*/nullptr,
179 /*http_auth_handler_factory=*/nullptr,
180 /*spdy_session_pool=*/nullptr,
181 /*quic_supported_versions=*/nullptr,
182 /*quic_session_pool=*/nullptr,
183 /*proxy_delegate=*/nullptr,
184 /*http_user_agent_settings=*/nullptr,
185 /*ssl_client_context=*/nullptr,
186 /*socket_performance_watcher_factory=*/nullptr,
187 /*network_quality_estimator=*/nullptr,
188 /*net_log=*/nullptr,
189 /*websocket_endpoint_lock_manager=*/nullptr,
190 /*http_server_properties=*/nullptr,
191 &alpn_protos_,
192 &application_settings_,
193 /*ignore_certificate_errors=*/nullptr,
194 &early_data_enabled_};
195 TestConnectJobDelegate delegate_;
196
197 std::unique_ptr<ConnectJobFactory> factory_;
198 raw_ptr<TestHttpProxyConnectJobFactory> http_proxy_job_factory_;
199 raw_ptr<TestSocksConnectJobFactory> socks_job_factory_;
200 raw_ptr<TestSslConnectJobFactory> ssl_job_factory_;
201 raw_ptr<TestTransportConnectJobFactory> transport_job_factory_;
202 };
203
TEST_F(ConnectJobFactoryTest,CreateConnectJob)204 TEST_F(ConnectJobFactoryTest, CreateConnectJob) {
205 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 82);
206
207 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
208 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
209 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
210 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
211 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
212 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
213 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
214 &delegate_);
215 EXPECT_EQ(GetCreationCount(), 1u);
216
217 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
218 const TransportSocketParams& params =
219 *transport_job_factory_->params().front();
220 EXPECT_THAT(params.destination(),
221 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
222 }
223
TEST_F(ConnectJobFactoryTest,CreateConnectJobWithoutScheme)224 TEST_F(ConnectJobFactoryTest, CreateConnectJobWithoutScheme) {
225 const HostPortPair kEndpoint("test", 82);
226
227 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
228 /*using_ssl=*/false, kEndpoint, ProxyChain::Direct(),
229 /*proxy_annotation_tag=*/std::nullopt,
230 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
231 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
232 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
233 &common_connect_job_params_, &delegate_);
234 EXPECT_EQ(GetCreationCount(), 1u);
235
236 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
237 const TransportSocketParams& params =
238 *transport_job_factory_->params().front();
239 EXPECT_THAT(params.destination(),
240 testing::VariantWith<HostPortPair>(kEndpoint));
241 }
242
TEST_F(ConnectJobFactoryTest,CreateHttpsConnectJob)243 TEST_F(ConnectJobFactoryTest, CreateHttpsConnectJob) {
244 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 84);
245
246 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
247 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
248 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
249 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
250 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
251 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
252 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
253 &delegate_);
254 EXPECT_EQ(GetCreationCount(), 1u);
255
256 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
257 const SSLSocketParams& params = *ssl_job_factory_->params().front();
258 EXPECT_EQ(params.host_and_port(),
259 HostPortPair::FromSchemeHostPort(kEndpoint));
260 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
261 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
262 EXPECT_THAT(params.ssl_config().alpn_protos,
263 testing::ElementsAreArray(alpn_protos_));
264 EXPECT_EQ(params.ssl_config().application_settings, application_settings_);
265 EXPECT_EQ(params.ssl_config().renego_allowed_default, true);
266 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
267 testing::ElementsAre(kProtoHTTP11));
268 EXPECT_TRUE(params.ssl_config().early_data_enabled);
269
270 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::DIRECT);
271 const TransportSocketParams& transport_params =
272 *params.GetDirectConnectionParams();
273 EXPECT_THAT(transport_params.destination(),
274 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
275 EXPECT_THAT(transport_params.supported_alpns(),
276 testing::UnorderedElementsAre("h2", "http/1.1"));
277 }
278
TEST_F(ConnectJobFactoryTest,CreateHttpsConnectJobForHttp11)279 TEST_F(ConnectJobFactoryTest, CreateHttpsConnectJobForHttp11) {
280 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 84);
281
282 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
283 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
284 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttp11Only,
285 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
286 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
287 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
288 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
289 &delegate_);
290 EXPECT_EQ(GetCreationCount(), 1u);
291
292 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
293 const SSLSocketParams& params = *ssl_job_factory_->params().front();
294 EXPECT_EQ(params.host_and_port(),
295 HostPortPair::FromSchemeHostPort(kEndpoint));
296 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
297 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
298 EXPECT_THAT(params.ssl_config().alpn_protos,
299 testing::ElementsAre(kProtoHTTP11));
300 EXPECT_EQ(params.ssl_config().application_settings, application_settings_);
301 EXPECT_EQ(params.ssl_config().renego_allowed_default, true);
302 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
303 testing::ElementsAre(kProtoHTTP11));
304 EXPECT_TRUE(params.ssl_config().early_data_enabled);
305
306 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::DIRECT);
307 const TransportSocketParams& transport_params =
308 *params.GetDirectConnectionParams();
309 EXPECT_THAT(transport_params.destination(),
310 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
311 EXPECT_THAT(transport_params.supported_alpns(),
312 testing::UnorderedElementsAre("http/1.1"));
313 }
314
TEST_F(ConnectJobFactoryTest,CreateHttpsConnectJobWithoutScheme)315 TEST_F(ConnectJobFactoryTest, CreateHttpsConnectJobWithoutScheme) {
316 const HostPortPair kEndpoint("test", 84);
317
318 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
319 /*using_ssl=*/true, kEndpoint, ProxyChain::Direct(),
320 /*proxy_annotation_tag=*/std::nullopt, /*force_tunnel=*/false,
321 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
322 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
323 SecureDnsPolicy::kAllow, &common_connect_job_params_, &delegate_);
324 EXPECT_EQ(GetCreationCount(), 1u);
325
326 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
327 const SSLSocketParams& params = *ssl_job_factory_->params().front();
328 EXPECT_EQ(params.host_and_port(), kEndpoint);
329 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
330 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
331 EXPECT_THAT(params.ssl_config().alpn_protos, testing::ElementsAre());
332 EXPECT_TRUE(params.ssl_config().application_settings.empty());
333 EXPECT_EQ(params.ssl_config().renego_allowed_default, false);
334 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
335 testing::ElementsAre());
336 EXPECT_TRUE(params.ssl_config().early_data_enabled);
337
338 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::DIRECT);
339 const TransportSocketParams& transport_params =
340 *params.GetDirectConnectionParams();
341 EXPECT_THAT(transport_params.destination(),
342 testing::VariantWith<HostPortPair>(kEndpoint));
343 }
344
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJob)345 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJob) {
346 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 85);
347 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
348 HostPortPair("proxy.test", 86));
349
350 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
351 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
352 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
353 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
354 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
355 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
356 &common_connect_job_params_, &delegate_);
357 EXPECT_EQ(GetCreationCount(), 1u);
358
359 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
360 const HttpProxySocketParams& params =
361 *http_proxy_job_factory_->params().front();
362 EXPECT_FALSE(params.proxy_server().is_quic());
363 EXPECT_EQ(params.endpoint(), HostPortPair::FromSchemeHostPort(kEndpoint));
364
365 ASSERT_TRUE(params.transport_params());
366 const TransportSocketParams& transport_params = *params.transport_params();
367 EXPECT_THAT(
368 transport_params.destination(),
369 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
370 }
371
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJobWithoutScheme)372 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJobWithoutScheme) {
373 const HostPortPair kEndpoint("test", 85);
374 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
375 HostPortPair("proxy.test", 86));
376
377 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
378 /*using_ssl=*/false, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
379 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
380 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
381 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
382 &common_connect_job_params_, &delegate_);
383 EXPECT_EQ(GetCreationCount(), 1u);
384 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
385 const HttpProxySocketParams& params =
386 *http_proxy_job_factory_->params().front();
387 EXPECT_FALSE(params.proxy_server().is_quic());
388 EXPECT_EQ(params.endpoint(), kEndpoint);
389
390 ASSERT_TRUE(params.transport_params());
391 const TransportSocketParams& transport_params = *params.transport_params();
392 EXPECT_THAT(
393 transport_params.destination(),
394 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
395 }
396
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJobForHttps)397 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJobForHttps) {
398 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 87);
399 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
400 HostPortPair("proxy.test", 88));
401 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
402 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
403 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
404 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
405 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
406 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
407 &common_connect_job_params_, &delegate_);
408 EXPECT_EQ(GetCreationCount(), 1u);
409
410 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
411 const SSLSocketParams& params = *ssl_job_factory_->params().front();
412 EXPECT_EQ(params.host_and_port(),
413 HostPortPair::FromSchemeHostPort(kEndpoint));
414 EXPECT_FALSE(params.ssl_config().disable_cert_verification_network_fetches);
415 EXPECT_EQ(0, params.ssl_config().GetCertVerifyFlags());
416 EXPECT_THAT(params.ssl_config().alpn_protos,
417 testing::ElementsAreArray(alpn_protos_));
418 EXPECT_EQ(params.ssl_config().application_settings, application_settings_);
419 EXPECT_EQ(params.ssl_config().renego_allowed_default, true);
420 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
421 testing::ElementsAre(kProtoHTTP11));
422 EXPECT_TRUE(params.ssl_config().early_data_enabled);
423
424 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::HTTP_PROXY);
425 const HttpProxySocketParams& proxy_params =
426 *params.GetHttpProxyConnectionParams();
427 EXPECT_FALSE(proxy_params.proxy_server().is_quic());
428 EXPECT_EQ(proxy_params.endpoint(),
429 HostPortPair::FromSchemeHostPort(kEndpoint));
430
431 ASSERT_TRUE(proxy_params.transport_params());
432 const TransportSocketParams& transport_params =
433 *proxy_params.transport_params();
434 EXPECT_THAT(
435 transport_params.destination(),
436 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
437 }
438
TEST_F(ConnectJobFactoryTest,CreateHttpProxyConnectJobForHttpsWithoutScheme)439 TEST_F(ConnectJobFactoryTest, CreateHttpProxyConnectJobForHttpsWithoutScheme) {
440 const HostPortPair kEndpoint("test", 87);
441 const ProxyChain kProxy(ProxyServer::SCHEME_HTTP,
442 HostPortPair("proxy.test", 88));
443
444 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
445 /*using_ssl=*/true, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
446 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
447 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
448 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
449 &common_connect_job_params_, &delegate_);
450 EXPECT_EQ(GetCreationCount(), 1u);
451
452 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
453 const SSLSocketParams& params = *ssl_job_factory_->params().front();
454 EXPECT_EQ(params.host_and_port(), kEndpoint);
455
456 ASSERT_EQ(params.GetConnectionType(), SSLSocketParams::HTTP_PROXY);
457 const HttpProxySocketParams& proxy_params =
458 *params.GetHttpProxyConnectionParams();
459 EXPECT_FALSE(proxy_params.proxy_server().is_quic());
460 EXPECT_EQ(proxy_params.endpoint(), kEndpoint);
461 EXPECT_THAT(params.ssl_config().alpn_protos, testing::ElementsAre());
462 EXPECT_TRUE(params.ssl_config().application_settings.empty());
463 EXPECT_EQ(params.ssl_config().renego_allowed_default, false);
464 EXPECT_THAT(params.ssl_config().renego_allowed_for_protos,
465 testing::ElementsAre());
466 // While the only production caller of this method disables SSL early data, it
467 // does so by configuring the HttpNetworkSession, rather than by relying on
468 // the ConnectJobFactory to disable early data when there's no scheme.
469 EXPECT_TRUE(params.ssl_config().early_data_enabled);
470
471 ASSERT_TRUE(proxy_params.transport_params());
472 const TransportSocketParams& transport_params =
473 *proxy_params.transport_params();
474 EXPECT_THAT(
475 transport_params.destination(),
476 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
477 }
478
TEST_F(ConnectJobFactoryTest,CreateHttpsProxyConnectJob)479 TEST_F(ConnectJobFactoryTest, CreateHttpsProxyConnectJob) {
480 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 89);
481 const ProxyChain kProxy(ProxyServer::SCHEME_HTTPS,
482 HostPortPair("proxy.test", 90));
483
484 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
485 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
486 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
487 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
488 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
489 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
490 &common_connect_job_params_, &delegate_);
491 EXPECT_EQ(GetCreationCount(), 1u);
492
493 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
494 const HttpProxySocketParams& params =
495 *http_proxy_job_factory_->params().front();
496 EXPECT_FALSE(params.proxy_server().is_quic());
497 EXPECT_EQ(params.endpoint(), HostPortPair::FromSchemeHostPort(kEndpoint));
498
499 ASSERT_TRUE(params.ssl_params());
500 const SSLSocketParams& ssl_params = *params.ssl_params();
501 EXPECT_EQ(ssl_params.host_and_port(), kProxy.First().host_port_pair());
502 EXPECT_TRUE(
503 ssl_params.ssl_config().disable_cert_verification_network_fetches);
504 EXPECT_EQ(CertVerifier::VERIFY_DISABLE_NETWORK_FETCHES,
505 ssl_params.ssl_config().GetCertVerifyFlags());
506 EXPECT_THAT(ssl_params.ssl_config().alpn_protos,
507 testing::ElementsAreArray(alpn_protos_));
508 EXPECT_EQ(ssl_params.ssl_config().application_settings,
509 application_settings_);
510 // Renegotiation is never allowed for proxies.
511 EXPECT_EQ(ssl_params.ssl_config().renego_allowed_default, false);
512 EXPECT_THAT(ssl_params.ssl_config().renego_allowed_for_protos,
513 testing::ElementsAre());
514 EXPECT_FALSE(ssl_params.ssl_config().early_data_enabled);
515
516 ASSERT_EQ(ssl_params.GetConnectionType(), SSLSocketParams::DIRECT);
517 const TransportSocketParams& transport_params =
518 *ssl_params.GetDirectConnectionParams();
519 EXPECT_THAT(
520 transport_params.destination(),
521 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
522 }
523
TEST_F(ConnectJobFactoryTest,CreateHttpsProxyConnectJobWithoutScheme)524 TEST_F(ConnectJobFactoryTest, CreateHttpsProxyConnectJobWithoutScheme) {
525 const HostPortPair kEndpoint("test", 89);
526 const ProxyChain kProxy(ProxyServer::SCHEME_HTTPS,
527 HostPortPair("proxy.test", 90));
528
529 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
530 /*using_ssl=*/false, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
531 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
532 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
533 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
534 &common_connect_job_params_, &delegate_);
535 EXPECT_EQ(GetCreationCount(), 1u);
536
537 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
538 const HttpProxySocketParams& params =
539 *http_proxy_job_factory_->params().front();
540 EXPECT_FALSE(params.proxy_server().is_quic());
541 EXPECT_EQ(params.endpoint(), kEndpoint);
542
543 ASSERT_TRUE(params.ssl_params());
544 const SSLSocketParams& ssl_params = *params.ssl_params();
545 EXPECT_EQ(ssl_params.host_and_port(), kProxy.First().host_port_pair());
546 EXPECT_TRUE(
547 ssl_params.ssl_config().disable_cert_verification_network_fetches);
548 EXPECT_EQ(CertVerifier::VERIFY_DISABLE_NETWORK_FETCHES,
549 ssl_params.ssl_config().GetCertVerifyFlags());
550 // Alpn should always be used for HTTPS proxies.
551 EXPECT_THAT(ssl_params.ssl_config().alpn_protos,
552 testing::ElementsAreArray(alpn_protos_));
553 EXPECT_EQ(ssl_params.ssl_config().application_settings,
554 application_settings_);
555 // Renegotiation is never allowed for proxies.
556 EXPECT_EQ(ssl_params.ssl_config().renego_allowed_default, false);
557 EXPECT_THAT(ssl_params.ssl_config().renego_allowed_for_protos,
558 testing::ElementsAre());
559 EXPECT_FALSE(ssl_params.ssl_config().early_data_enabled);
560
561 ASSERT_EQ(ssl_params.GetConnectionType(), SSLSocketParams::DIRECT);
562 const TransportSocketParams& transport_params =
563 *ssl_params.GetDirectConnectionParams();
564 EXPECT_THAT(
565 transport_params.destination(),
566 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
567 }
568
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJob)569 TEST_F(ConnectJobFactoryTest, CreateNestedHttpsProxyConnectJob) {
570 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 89);
571 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
572 HostPortPair("proxy1.test", 443)};
573 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
574 HostPortPair("proxy2.test", 443)};
575 const ProxyChain kNestedProxyChain{{kProxyServer1, kProxyServer2}};
576
577 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
578 kEndpoint, kNestedProxyChain, TRAFFIC_ANNOTATION_FOR_TESTS,
579 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
580 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
581 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
582 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
583 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
584 &delegate_);
585 EXPECT_EQ(GetCreationCount(), 1u);
586
587 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
588 // The corresponding HttpProxySocketParams and SSLSocketParams for each hop
589 // should be present in reverse order.
590 const HttpProxySocketParams& proxy_server2_http_params =
591 *http_proxy_job_factory_->params().front();
592 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
593 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
594 EXPECT_EQ(proxy_server2_http_params.endpoint(),
595 HostPortPair::FromSchemeHostPort(kEndpoint));
596 EXPECT_TRUE(proxy_server2_http_params.tunnel());
597
598 const SSLSocketParams& proxy_server2_ssl_params =
599 *proxy_server2_http_params.ssl_params();
600 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
601 kProxyServer2.host_port_pair());
602 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
603 testing::ElementsAreArray(alpn_protos_));
604 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
605 application_settings_);
606 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
607 false);
608 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
609 testing::ElementsAre());
610 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
611
612 const HttpProxySocketParams& proxy_server1_http_params =
613 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
614 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
615 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
616 EXPECT_EQ(proxy_server1_http_params.endpoint(),
617 kProxyServer2.host_port_pair());
618
619 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
620 const SSLSocketParams& proxy_server1_ssl_params =
621 *proxy_server1_http_params.ssl_params();
622 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
623 kProxyServer1.host_port_pair());
624 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
625 testing::ElementsAreArray(alpn_protos_));
626 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
627 application_settings_);
628 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
629 false);
630 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
631 testing::ElementsAre());
632 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
633
634 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
635 SSLSocketParams::DIRECT);
636 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
637 SSLSocketParams::HTTP_PROXY);
638
639 const TransportSocketParams& transport_params =
640 *proxy_server1_ssl_params.GetDirectConnectionParams();
641 EXPECT_THAT(
642 transport_params.destination(),
643 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
644 }
645
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJobWithoutScheme)646 TEST_F(ConnectJobFactoryTest, CreateNestedHttpsProxyConnectJobWithoutScheme) {
647 const HostPortPair kEndpoint("test", 89);
648 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
649 HostPortPair("proxy1.test", 443)};
650 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
651 HostPortPair("proxy2.test", 443)};
652 const ProxyChain kNestedProxyChain{{kProxyServer1, kProxyServer2}};
653
654 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
655 /*using_ssl=*/false, kEndpoint, kNestedProxyChain,
656 TRAFFIC_ANNOTATION_FOR_TESTS, /*force_tunnel=*/false,
657 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
658 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
659 SecureDnsPolicy::kAllow, &common_connect_job_params_, &delegate_);
660 EXPECT_EQ(GetCreationCount(), 1u);
661
662 ASSERT_THAT(http_proxy_job_factory_->params(), testing::SizeIs(1));
663 // The corresponding HttpProxySocketParams and SSLSocketParams for each hop
664 // should be present in reverse order.
665 const HttpProxySocketParams& proxy_server2_http_params =
666 *http_proxy_job_factory_->params().front();
667 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
668 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
669 EXPECT_EQ(proxy_server2_http_params.endpoint(), kEndpoint);
670
671 const SSLSocketParams& proxy_server2_ssl_params =
672 *proxy_server2_http_params.ssl_params();
673 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
674 kProxyServer2.host_port_pair());
675
676 const HttpProxySocketParams& proxy_server1_http_params =
677 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
678 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
679 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
680 EXPECT_EQ(proxy_server1_http_params.endpoint(),
681 kProxyServer2.host_port_pair());
682 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
683 testing::ElementsAreArray(alpn_protos_));
684 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
685 application_settings_);
686 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
687 false);
688 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
689 testing::ElementsAre());
690 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
691
692 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
693 const SSLSocketParams& proxy_server1_ssl_params =
694 *proxy_server1_http_params.ssl_params();
695 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
696 kProxyServer1.host_port_pair());
697 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
698 testing::ElementsAreArray(alpn_protos_));
699 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
700 application_settings_);
701 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
702 false);
703 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
704 testing::ElementsAre());
705 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
706
707 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
708 SSLSocketParams::DIRECT);
709 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
710 SSLSocketParams::HTTP_PROXY);
711
712 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
713 SSLSocketParams::DIRECT);
714 const TransportSocketParams& transport_params =
715 *proxy_server1_ssl_params.GetDirectConnectionParams();
716 EXPECT_THAT(
717 transport_params.destination(),
718 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
719 }
720
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJobForHttps)721 TEST_F(ConnectJobFactoryTest, CreateNestedHttpsProxyConnectJobForHttps) {
722 const url::SchemeHostPort kEndpoint(url::kHttpsScheme, "test", 443);
723
724 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
725 HostPortPair("proxy1.test", 443)};
726 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
727 HostPortPair("proxy2.test", 443)};
728
729 const ProxyChain kNestedProxyChain{{kProxyServer1, kProxyServer2}};
730
731 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
732 kEndpoint, kNestedProxyChain, TRAFFIC_ANNOTATION_FOR_TESTS,
733 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
734 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
735 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
736 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
737 /*disable_cert_network_fetches=*/false, &common_connect_job_params_,
738 &delegate_);
739 EXPECT_EQ(GetCreationCount(), 1u);
740
741 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
742 const SSLSocketParams& endpoint_ssl_params =
743 *ssl_job_factory_->params().at(0);
744 EXPECT_THAT(endpoint_ssl_params.ssl_config().alpn_protos,
745 testing::ElementsAreArray(alpn_protos_));
746 EXPECT_EQ(endpoint_ssl_params.ssl_config().application_settings,
747 application_settings_);
748 EXPECT_EQ(endpoint_ssl_params.ssl_config().renego_allowed_default, true);
749 EXPECT_THAT(endpoint_ssl_params.ssl_config().renego_allowed_for_protos,
750 testing::ElementsAre(kProtoHTTP11));
751 EXPECT_TRUE(endpoint_ssl_params.ssl_config().early_data_enabled);
752
753 // The SSLSocketParams for the destination should be configured to go through
754 // the chain of proxies, with the corresponding HttpProxySocketParams and
755 // SSLSocketParams for each hop present in reverse order.
756 const HttpProxySocketParams& proxy_server2_http_params =
757 *endpoint_ssl_params.GetHttpProxyConnectionParams();
758 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
759 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
760 EXPECT_EQ(proxy_server2_http_params.endpoint(),
761 HostPortPair::FromSchemeHostPort(kEndpoint));
762
763 const SSLSocketParams& proxy_server2_ssl_params =
764 *proxy_server2_http_params.ssl_params();
765 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
766 kProxyServer2.host_port_pair());
767 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
768 testing::ElementsAreArray(alpn_protos_));
769 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
770 application_settings_);
771 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
772 false);
773 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
774 testing::ElementsAre());
775 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
776
777 const HttpProxySocketParams& proxy_server1_http_params =
778 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
779 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
780 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
781 EXPECT_EQ(proxy_server1_http_params.endpoint(),
782 kProxyServer2.host_port_pair());
783
784 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
785 const SSLSocketParams& proxy_server1_ssl_params =
786 *proxy_server1_http_params.ssl_params();
787 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
788 kProxyServer1.host_port_pair());
789 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
790 testing::ElementsAreArray(alpn_protos_));
791 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
792 application_settings_);
793 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
794 false);
795 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
796 testing::ElementsAre());
797 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
798
799 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
800 SSLSocketParams::DIRECT);
801 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
802 SSLSocketParams::HTTP_PROXY);
803 ASSERT_EQ(endpoint_ssl_params.GetConnectionType(),
804 SSLSocketParams::HTTP_PROXY);
805
806 const TransportSocketParams& transport_params =
807 *proxy_server1_ssl_params.GetDirectConnectionParams();
808 // We should establish a physical socket / direct connection to
809 // `kProxyServer1` (and will tunnel all subsequent traffic through
810 // that).
811 EXPECT_THAT(
812 transport_params.destination(),
813 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
814 }
815
TEST_F(ConnectJobFactoryTest,CreateNestedHttpsProxyConnectJobForHttpsWithoutScheme)816 TEST_F(ConnectJobFactoryTest,
817 CreateNestedHttpsProxyConnectJobForHttpsWithoutScheme) {
818 const HostPortPair kEndpoint("test", 443);
819
820 const ProxyServer kProxyServer1{ProxyServer::SCHEME_HTTPS,
821 HostPortPair("proxy1.test", 443)};
822 const ProxyServer kProxyServer2{ProxyServer::SCHEME_HTTPS,
823 HostPortPair("proxy2.test", 443)};
824
825 const ProxyChain kNestedProxyChain{{kProxyServer1, kProxyServer2}};
826
827 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
828 /*using_ssl=*/true, kEndpoint, kNestedProxyChain,
829 TRAFFIC_ANNOTATION_FOR_TESTS, /*force_tunnel=*/false,
830 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
831 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
832 SecureDnsPolicy::kAllow, &common_connect_job_params_, &delegate_);
833 EXPECT_EQ(GetCreationCount(), 1u);
834
835 ASSERT_THAT(ssl_job_factory_->params(), testing::SizeIs(1));
836 const SSLSocketParams& endpoint_ssl_params =
837 *ssl_job_factory_->params().at(0);
838 EXPECT_THAT(endpoint_ssl_params.ssl_config().alpn_protos,
839 testing::ElementsAre());
840 EXPECT_TRUE(endpoint_ssl_params.ssl_config().application_settings.empty());
841 EXPECT_EQ(endpoint_ssl_params.ssl_config().renego_allowed_default, false);
842 EXPECT_THAT(endpoint_ssl_params.ssl_config().renego_allowed_for_protos,
843 testing::ElementsAre());
844 EXPECT_TRUE(endpoint_ssl_params.ssl_config().early_data_enabled);
845
846 // The SSLSocketParams for the destination should be configured to go through
847 // the chain of proxies, with the corresponding HttpProxySocketParams and
848 // SSLSocketParams for each hop present in reverse order.
849 const HttpProxySocketParams& proxy_server2_http_params =
850 *endpoint_ssl_params.GetHttpProxyConnectionParams();
851 EXPECT_FALSE(proxy_server2_http_params.proxy_server().is_quic());
852 // We should to send a CONNECT to `kProxyServer2` for `kEndpoint`.
853 EXPECT_EQ(proxy_server2_http_params.endpoint(), kEndpoint);
854
855 const SSLSocketParams& proxy_server2_ssl_params =
856 *proxy_server2_http_params.ssl_params();
857 EXPECT_EQ(proxy_server2_ssl_params.host_and_port(),
858 kProxyServer2.host_port_pair());
859
860 const HttpProxySocketParams& proxy_server1_http_params =
861 *proxy_server2_ssl_params.GetHttpProxyConnectionParams();
862 EXPECT_FALSE(proxy_server1_http_params.proxy_server().is_quic());
863 // We should to send a CONNECT to `kProxyServer1` for `kProxyServer2`.
864 EXPECT_EQ(proxy_server1_http_params.endpoint(),
865 kProxyServer2.host_port_pair());
866 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().alpn_protos,
867 testing::ElementsAreArray(alpn_protos_));
868 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().application_settings,
869 application_settings_);
870 EXPECT_EQ(proxy_server2_ssl_params.ssl_config().renego_allowed_default,
871 false);
872 EXPECT_THAT(proxy_server2_ssl_params.ssl_config().renego_allowed_for_protos,
873 testing::ElementsAre());
874 EXPECT_FALSE(proxy_server2_ssl_params.ssl_config().early_data_enabled);
875
876 ASSERT_TRUE(proxy_server1_http_params.ssl_params());
877 const SSLSocketParams& proxy_server1_ssl_params =
878 *proxy_server1_http_params.ssl_params();
879 EXPECT_EQ(proxy_server1_ssl_params.host_and_port(),
880 kProxyServer1.host_port_pair());
881 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().alpn_protos,
882 testing::ElementsAreArray(alpn_protos_));
883 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().application_settings,
884 application_settings_);
885 EXPECT_EQ(proxy_server1_ssl_params.ssl_config().renego_allowed_default,
886 false);
887 EXPECT_THAT(proxy_server1_ssl_params.ssl_config().renego_allowed_for_protos,
888 testing::ElementsAre());
889 EXPECT_FALSE(proxy_server1_ssl_params.ssl_config().early_data_enabled);
890
891 ASSERT_EQ(proxy_server1_ssl_params.GetConnectionType(),
892 SSLSocketParams::DIRECT);
893 ASSERT_EQ(proxy_server2_ssl_params.GetConnectionType(),
894 SSLSocketParams::HTTP_PROXY);
895 ASSERT_EQ(endpoint_ssl_params.GetConnectionType(),
896 SSLSocketParams::HTTP_PROXY);
897
898 const TransportSocketParams& transport_params =
899 *proxy_server1_ssl_params.GetDirectConnectionParams();
900 // We should establish a physical socket / direct connection to
901 // `kProxyServer1` (and will tunnel all subsequent traffic through
902 // that).
903 EXPECT_THAT(
904 transport_params.destination(),
905 testing::VariantWith<HostPortPair>(kProxyServer1.host_port_pair()));
906 }
907
TEST_F(ConnectJobFactoryTest,CreateSocksProxyConnectJob)908 TEST_F(ConnectJobFactoryTest, CreateSocksProxyConnectJob) {
909 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 91);
910 const ProxyChain kProxy(ProxyServer::SCHEME_SOCKS5,
911 HostPortPair("proxy.test", 92));
912
913 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
914 kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS, /*allowed_bad_certs=*/{},
915 ConnectJobFactory::AlpnMode::kHttpAll, /*force_tunnel=*/false,
916 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
917 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
918 SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false,
919 &common_connect_job_params_, &delegate_);
920 EXPECT_EQ(GetCreationCount(), 1u);
921
922 ASSERT_THAT(socks_job_factory_->params(), testing::SizeIs(1));
923 const SOCKSSocketParams& params = *socks_job_factory_->params().front();
924 EXPECT_EQ(params.destination(), HostPortPair::FromSchemeHostPort(kEndpoint));
925 EXPECT_TRUE(params.is_socks_v5());
926
927 const TransportSocketParams& transport_params = *params.transport_params();
928 EXPECT_THAT(
929 transport_params.destination(),
930 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
931 }
932
TEST_F(ConnectJobFactoryTest,CreateSocksProxyConnectJobWithoutScheme)933 TEST_F(ConnectJobFactoryTest, CreateSocksProxyConnectJobWithoutScheme) {
934 const HostPortPair kEndpoint("test", 91);
935 const ProxyChain kProxy(ProxyServer::SCHEME_SOCKS5,
936 HostPortPair("proxy.test", 92));
937
938 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
939 /*using_ssl=*/false, kEndpoint, kProxy, TRAFFIC_ANNOTATION_FOR_TESTS,
940 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
941 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
942 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
943 &common_connect_job_params_, &delegate_);
944 EXPECT_EQ(GetCreationCount(), 1u);
945
946 ASSERT_THAT(socks_job_factory_->params(), testing::SizeIs(1));
947 const SOCKSSocketParams& params = *socks_job_factory_->params().front();
948 EXPECT_EQ(params.destination(), kEndpoint);
949 EXPECT_TRUE(params.is_socks_v5());
950
951 const TransportSocketParams& transport_params = *params.transport_params();
952 EXPECT_THAT(
953 transport_params.destination(),
954 testing::VariantWith<HostPortPair>(kProxy.First().host_port_pair()));
955 }
956
TEST_F(ConnectJobFactoryTest,CreateWebsocketConnectJob)957 TEST_F(ConnectJobFactoryTest, CreateWebsocketConnectJob) {
958 const url::SchemeHostPort kEndpoint(url::kHttpScheme, "test", 93);
959
960 WebSocketEndpointLockManager websocket_endpoint_lock_manager;
961 CommonConnectJobParams common_connect_job_params = common_connect_job_params_;
962 common_connect_job_params.websocket_endpoint_lock_manager =
963 &websocket_endpoint_lock_manager;
964
965 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
966 kEndpoint, ProxyChain::Direct(), /*proxy_annotation_tag=*/std::nullopt,
967 /*allowed_bad_certs=*/{}, ConnectJobFactory::AlpnMode::kHttpAll,
968 /*force_tunnel=*/false, PrivacyMode::PRIVACY_MODE_DISABLED,
969 OnHostResolutionCallback(), DEFAULT_PRIORITY, SocketTag(),
970 NetworkAnonymizationKey(), SecureDnsPolicy::kAllow,
971 /*disable_cert_network_fetches=*/false, &common_connect_job_params,
972 &delegate_);
973 EXPECT_EQ(GetCreationCount(), 1u);
974
975 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
976 const TransportSocketParams& params =
977 *transport_job_factory_->params().front();
978 EXPECT_THAT(params.destination(),
979 testing::VariantWith<url::SchemeHostPort>(kEndpoint));
980 }
981
TEST_F(ConnectJobFactoryTest,CreateWebsocketConnectJobWithoutScheme)982 TEST_F(ConnectJobFactoryTest, CreateWebsocketConnectJobWithoutScheme) {
983 const HostPortPair kEndpoint("test", 93);
984
985 WebSocketEndpointLockManager websocket_endpoint_lock_manager;
986 CommonConnectJobParams common_connect_job_params = common_connect_job_params_;
987 common_connect_job_params.websocket_endpoint_lock_manager =
988 &websocket_endpoint_lock_manager;
989
990 std::unique_ptr<ConnectJob> job = factory_->CreateConnectJob(
991 /*using_ssl=*/false, kEndpoint, ProxyChain::Direct(),
992 /*proxy_annotation_tag=*/std::nullopt, /*force_tunnel=*/false,
993 PrivacyMode::PRIVACY_MODE_DISABLED, OnHostResolutionCallback(),
994 DEFAULT_PRIORITY, SocketTag(), NetworkAnonymizationKey(),
995 SecureDnsPolicy::kAllow, &common_connect_job_params, &delegate_);
996 EXPECT_EQ(GetCreationCount(), 1u);
997
998 ASSERT_THAT(transport_job_factory_->params(), testing::SizeIs(1));
999 const TransportSocketParams& params =
1000 *transport_job_factory_->params().front();
1001 EXPECT_THAT(params.destination(),
1002 testing::VariantWith<HostPortPair>(kEndpoint));
1003 }
1004
1005 } // namespace
1006 } // namespace net
1007