diff options
| author | tbansal <tbansal@chromium.org> | 2016-02-03 18:56:15 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-02-04 02:57:26 +0000 |
| commit | 28e68f81ac373c44d7aa9f12dc8fe91178a6040e (patch) | |
| tree | 540b031da494e4120ad570f99c25b57527ca9aa7 | |
| parent | 32f0a4367fcc56560c61fce5936b2c33f35ebf7d (diff) | |
| download | chromium_src-28e68f81ac373c44d7aa9f12dc8fe91178a6040e.zip chromium_src-28e68f81ac373c44d7aa9f12dc8fe91178a6040e.tar.gz chromium_src-28e68f81ac373c44d7aa9f12dc8fe91178a6040e.tar.bz2 | |
Set trusted SPDY proxy dynamically on per-profile basis
Set trusted SPDY proxy on per-profile basis if the profile
has DRP enabled, and if Chrome is part of the field trial.
Prior to this CL, it was possible to set the trusted SPDY
proxy only from command line switch.
Setting it on per-profile ensures that it is set only if
DRP is enabled (which is per-profile).
Setting it dynamically ensures that if there is a change in
DataReductionProxy config (e.g., the API tells Chrome to
connect to a different DRP server), then the SPDY session
to the different server has the trusted SPDY proxy set
correctly to the new server. Prior to this CL, trusted
SPDY proxy was set once at the time of Chrome start, and it
was not possible to change it.
Link to design doc: https://code.google.com/p/chromium/issues/detail?id=558682#c11
BUG=558682
Review URL: https://codereview.chromium.org/1547273003
Cr-Commit-Position: refs/heads/master@{#373442}
32 files changed, 460 insertions, 150 deletions
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc index 8c30fb1..94cf6dc 100644 --- a/chrome/browser/io_thread.cc +++ b/chrome/browser/io_thread.cc @@ -983,10 +983,6 @@ void IOThread::ConfigureSpdyGlobals( base::StringPiece spdy_trial_group, const VariationParameters& spdy_trial_params, IOThread::Globals* globals) { - if (command_line.HasSwitch(switches::kTrustedSpdyProxy)) { - globals->trusted_spdy_proxy.set( - command_line.GetSwitchValueASCII(switches::kTrustedSpdyProxy)); - } if (command_line.HasSwitch(switches::kIgnoreUrlFetcherCertRequests)) net::URLFetcher::SetIgnoreCertificateRequests(true); @@ -1169,7 +1165,6 @@ void IOThread::InitializeNetworkSessionParamsFromGlobals( ¶ms->spdy_default_protocol); globals.enable_spdy31.CopyToIfSet(¶ms->enable_spdy31); globals.enable_http2.CopyToIfSet(¶ms->enable_http2); - globals.trusted_spdy_proxy.CopyToIfSet(¶ms->trusted_spdy_proxy); params->forced_spdy_exclusions = globals.forced_spdy_exclusions; globals.parse_alternative_services.CopyToIfSet( ¶ms->parse_alternative_services); diff --git a/chrome/browser/io_thread.h b/chrome/browser/io_thread.h index 2e49e55..ad40720 100644 --- a/chrome/browser/io_thread.h +++ b/chrome/browser/io_thread.h @@ -209,7 +209,6 @@ class IOThread : public content::BrowserThreadDelegate { Optional<net::NextProto> spdy_default_protocol; Optional<bool> enable_spdy31; Optional<bool> enable_http2; - Optional<std::string> trusted_spdy_proxy; std::set<net::HostPortPair> forced_spdy_exclusions; Optional<bool> parse_alternative_services; Optional<bool> enable_alternative_service_with_different_host; diff --git a/chrome/browser/ui/startup/bad_flags_prompt.cc b/chrome/browser/ui/startup/bad_flags_prompt.cc index 1588029..52eb2f5 100644 --- a/chrome/browser/ui/startup/bad_flags_prompt.cc +++ b/chrome/browser/ui/startup/bad_flags_prompt.cc @@ -54,7 +54,6 @@ void ShowBadFlagsPrompt(Browser* browser) { switches::kSingleProcess, // These flags disable or undermine the Same Origin Policy. - switches::kTrustedSpdyProxy, translate::switches::kTranslateSecurityOrigin, // These flags undermine HTTPS / connection security. diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 7070b18..78e1669 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -1038,10 +1038,6 @@ const char kSystemLogUploadFrequency[] = "system-log-upload-frequency"; // Passes the name of the current running automated test to Chrome. const char kTestName[] = "test-name"; -// Disables same-origin check on HTTP resources pushed via a SPDY proxy. -// The value is the host:port of the trusted proxy. -const char kTrustedSpdyProxy[] = "trusted-spdy-proxy"; - // Experimental. Shows a dialog asking the user to try chrome. This flag is to // be used only by the upgrade process. const char kTryChromeAgain[] = "try-chrome-again"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 3ff3b38..582ac04 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -277,7 +277,6 @@ extern const char kSupervisedUserSafeSites[]; extern const char kSupervisedUserSyncToken[]; extern const char kSystemLogUploadFrequency[]; extern const char kTestName[]; -extern const char kTrustedSpdyProxy[]; extern const char kTryChromeAgain[]; extern const char kUnlimitedStorage[]; extern const char kUnsafelyTreatInsecureOriginAsSecure[]; diff --git a/components/components_tests.gyp b/components/components_tests.gyp index 91cd693..2bf8940 100644 --- a/components/components_tests.gyp +++ b/components/components_tests.gyp @@ -144,6 +144,7 @@ 'data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_config_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_configurator_unittest.cc', + 'data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_experiments_stats_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_interceptor_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_io_data_unittest.cc', diff --git a/components/data_reduction_proxy/core/browser/BUILD.gn b/components/data_reduction_proxy/core/browser/BUILD.gn index 77ef2a4..989afd8 100644 --- a/components/data_reduction_proxy/core/browser/BUILD.gn +++ b/components/data_reduction_proxy/core/browser/BUILD.gn @@ -137,6 +137,7 @@ source_set("unit_tests") { "data_reduction_proxy_config_service_client_unittest.cc", "data_reduction_proxy_config_unittest.cc", "data_reduction_proxy_configurator_unittest.cc", + "data_reduction_proxy_delegate_unittest.cc", "data_reduction_proxy_experiments_stats_unittest.cc", "data_reduction_proxy_interceptor_unittest.cc", "data_reduction_proxy_io_data_unittest.cc", diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc index d0b03d7..3fe09d6 100644 --- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc @@ -127,6 +127,9 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { test_context_->test_config_client()->SetConfigServiceURL( GURL("http://configservice.com")); + delegate_.reset( + new DataReductionProxyDelegate(request_options(), config())); + // Set up the various test ClientConfigs. ClientConfig config = CreateConfig(kSuccessSessionKey, kConfingRefreshDurationSeconds, 0, @@ -219,6 +222,8 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { return test_context_->test_configurator(); } + TestDataReductionProxyConfig* config() { return test_context_->config(); } + MockDataReductionProxyRequestOptions* request_options() { return test_context_->mock_request_options(); } @@ -273,6 +278,10 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { test_context_->test_params()->EnableQuic(enable); } + bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) const { + return delegate_->IsTrustedSpdyProxy(proxy_server); + } + const std::string& loaded_config() const { return loaded_config_; } private: @@ -284,6 +293,8 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { scoped_ptr<DataReductionProxyRequestOptions> request_options_; std::vector<net::ProxyServer> enabled_proxies_for_http_; + scoped_ptr<DataReductionProxyDelegate> delegate_; + // A configuration from the current remote request. The encoded version is // also stored. std::string config_; @@ -311,18 +322,21 @@ TEST_F(DataReductionProxyConfigServiceClientTest, DevRolloutAndQuic) { const struct { bool enable_dev; bool enable_quic; + bool enable_trusted_spdy_proxy_field_trial; std::string expected_primary_proxy; std::string expected_fallback_proxy; net::ProxyServer::Scheme expected_primary_proxy_scheme; } tests[] = { - {false, false, kSuccessOrigin, kSuccessFallback, + {false, false, false, kSuccessOrigin, kSuccessFallback, + net::ProxyServer::SCHEME_HTTPS}, + {false, false, true, kSuccessOrigin, kSuccessFallback, net::ProxyServer::SCHEME_HTTPS}, - {false, true, kSuccessOrigin, kSuccessFallback, + {false, true, true, kSuccessOrigin, kSuccessFallback, net::ProxyServer::SCHEME_QUIC}, - {true, false, TestDataReductionProxyParams::DefaultDevOrigin(), + {true, false, true, TestDataReductionProxyParams::DefaultDevOrigin(), TestDataReductionProxyParams::DefaultDevFallbackOrigin(), net::ProxyServer::SCHEME_HTTPS}, - {true, true, TestDataReductionProxyParams::DefaultDevOrigin(), + {true, true, true, TestDataReductionProxyParams::DefaultDevOrigin(), TestDataReductionProxyParams::DefaultDevFallbackOrigin(), net::ProxyServer::SCHEME_QUIC}, }; @@ -335,6 +349,9 @@ TEST_F(DataReductionProxyConfigServiceClientTest, DevRolloutAndQuic) { } base::FieldTrialList field_trial_list(new base::MockEntropyProvider()); + base::FieldTrialList::CreateFieldTrial( + params::GetTrustedSpdyProxyFieldTrialName(), + tests[i].enable_trusted_spdy_proxy_field_trial ? "Enabled" : "Control"); if (tests[i].enable_quic) { base::FieldTrialList::CreateFieldTrial(params::GetQuicFieldTrialName(), "Enabled"); @@ -372,6 +389,24 @@ TEST_F(DataReductionProxyConfigServiceClientTest, DevRolloutAndQuic) { proxies_for_http[1]) << i; EXPECT_TRUE(configurator()->proxies_for_https().empty()) << i; + + // Test that the trusted SPDY proxy is updated correctly after each config + // retrieval. + bool expect_proxy_is_trusted = + tests[i].expected_primary_proxy_scheme == + net::ProxyServer::SCHEME_HTTPS && + tests[i].enable_trusted_spdy_proxy_field_trial; + + // Apply the specified proxy scheme. + const net::ProxyServer proxy_server( + tests[i].expected_primary_proxy_scheme, + net::ProxyServer::FromURI(tests[i].expected_primary_proxy, + net::ProxyServer::SCHEME_HTTP) + .host_port_pair()); + + ASSERT_EQ(tests[i].expected_primary_proxy_scheme, proxy_server.scheme()) + << i; + EXPECT_EQ(expect_proxy_is_trusted, IsTrustedSpdyProxy(proxy_server)) << i; } } diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc index b137580..462571b 100644 --- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc @@ -9,9 +9,11 @@ #include "base/metrics/sparse_histogram.h" #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_config.h" #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_request_options.h" +#include "components/data_reduction_proxy/core/common/data_reduction_proxy_params.h" #include "net/base/host_port_pair.h" #include "net/http/http_request_headers.h" #include "net/http/http_response_headers.h" +#include "net/proxy/proxy_server.h" namespace data_reduction_proxy { @@ -61,6 +63,17 @@ void DataReductionProxyDelegate::OnBeforeTunnelRequest( proxy_server, extra_headers); } +bool DataReductionProxyDelegate::IsTrustedSpdyProxy( + const net::ProxyServer& proxy_server) { + if (!proxy_server.is_https() || + !params::IsIncludedInTrustedSpdyProxyFieldTrial() || + !proxy_server.is_valid()) { + return false; + } + return config_ && + config_->IsDataReductionProxy(proxy_server.host_port_pair(), nullptr); +} + void DataReductionProxyDelegate::OnTunnelHeadersReceived( const net::HostPortPair& origin, const net::HostPortPair& proxy_server, diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h index ffdc3f4..a9da5b9 100644 --- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h @@ -34,24 +34,21 @@ class DataReductionProxyDelegate : public net::ProxyDelegate { ~DataReductionProxyDelegate() override; + // net::ProxyDelegate implementation: void OnResolveProxy(const GURL& url, int load_flags, const net::ProxyService& proxy_service, net::ProxyInfo* result) override; - void OnFallback(const net::ProxyServer& bad_proxy, int net_error) override; - void OnBeforeSendHeaders(net::URLRequest* request, const net::ProxyInfo& proxy_info, net::HttpRequestHeaders* headers) override; - void OnBeforeTunnelRequest(const net::HostPortPair& proxy_server, net::HttpRequestHeaders* extra_headers) override; - void OnTunnelConnectCompleted(const net::HostPortPair& endpoint, const net::HostPortPair& proxy_server, int net_error) override; - + bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) override; void OnTunnelHeadersReceived( const net::HostPortPair& origin, const net::HostPortPair& proxy_server, diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc new file mode 100644 index 0000000..8bc9147 --- /dev/null +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc @@ -0,0 +1,135 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h" + +#include <vector> + +#include "base/macros.h" +#include "base/message_loop/message_loop.h" +#include "base/metrics/field_trial.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_config_test_utils.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_configurator_test_utils.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_mutable_config_values.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_test_utils.h" +#include "components/data_reduction_proxy/core/common/data_reduction_proxy_params_test_utils.h" +#include "net/proxy/proxy_server.h" +#include "testing/gtest/include/gtest/gtest.h" + +using testing::_; + +namespace data_reduction_proxy { + +namespace { + +// Constructs and returns a proxy with the specified scheme. +net::ProxyServer GetProxyWithScheme(net::ProxyServer::Scheme scheme) { + switch (scheme) { + case net::ProxyServer::SCHEME_HTTP: + return net::ProxyServer::FromURI("origin.net:443", + net::ProxyServer::SCHEME_HTTP); + case net::ProxyServer::SCHEME_HTTPS: + return net::ProxyServer::FromURI("https://origin.net:443", + net::ProxyServer::SCHEME_HTTP); + case net::ProxyServer::SCHEME_QUIC: + return net::ProxyServer::FromURI("quic://origin.net:443", + net::ProxyServer::SCHEME_QUIC); + default: + NOTREACHED(); + return net::ProxyServer::FromURI("", net::ProxyServer::SCHEME_INVALID); + } +} + +// Tests that the trusted SPDY proxy is verified correctly. +TEST(DataReductionProxyDelegate, IsTrustedSpdyProxy) { + base::MessageLoopForIO message_loop_; + scoped_ptr<DataReductionProxyTestContext> test_context = + DataReductionProxyTestContext::Builder() + .WithConfigClient() + .WithTestConfigurator() + .WithMockDataReductionProxyService() + .Build(); + + const struct { + bool is_in_trusted_spdy_proxy_field_trial; + net::ProxyServer::Scheme first_proxy_scheme; + net::ProxyServer::Scheme second_proxy_scheme; + bool expect_proxy_is_trusted; + } tests[] = { + {false, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_HTTP, + false}, + {true, net::ProxyServer::SCHEME_INVALID, net::ProxyServer::SCHEME_INVALID, + false}, + // First proxy is HTTPS, and second is invalid. + {true, net::ProxyServer::SCHEME_HTTPS, net::ProxyServer::SCHEME_INVALID, + true}, + // First proxy is invalid, and second proxy is HTTPS. + {true, net::ProxyServer::SCHEME_INVALID, net::ProxyServer::SCHEME_HTTPS, + true}, + // First proxy is HTTPS, and second is HTTP. + {true, net::ProxyServer::SCHEME_HTTPS, net::ProxyServer::SCHEME_HTTPS, + true}, + // Second proxy is HTTPS, and first is HTTP. + {true, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_HTTPS, + true}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_HTTP, + false}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_HTTPS, + true}, + }; + for (size_t i = 0; i < arraysize(tests); ++i) { + ASSERT_EQ( + tests[i].expect_proxy_is_trusted, + tests[i].is_in_trusted_spdy_proxy_field_trial && + (tests[i].first_proxy_scheme == net::ProxyServer::SCHEME_HTTPS || + tests[i].second_proxy_scheme == net::ProxyServer::SCHEME_HTTPS)) + << i; + + std::vector<net::ProxyServer> proxies_for_http; + net::ProxyServer first_proxy; + net::ProxyServer second_proxy; + if (tests[i].first_proxy_scheme != net::ProxyServer::SCHEME_INVALID) { + first_proxy = GetProxyWithScheme(tests[i].first_proxy_scheme); + proxies_for_http.push_back(first_proxy); + } + if (tests[i].second_proxy_scheme != net::ProxyServer::SCHEME_INVALID) { + second_proxy = GetProxyWithScheme(tests[i].second_proxy_scheme); + proxies_for_http.push_back(second_proxy); + } + + scoped_ptr<DataReductionProxyMutableConfigValues> config_values = + DataReductionProxyMutableConfigValues::CreateFromParams( + test_context->test_params()); + config_values->UpdateValues(proxies_for_http); + + scoped_ptr<DataReductionProxyConfig> config(new DataReductionProxyConfig( + test_context->net_log(), std::move(config_values), + test_context->configurator(), test_context->event_creator())); + + DataReductionProxyDelegate delegate( + test_context->io_data()->request_options(), config.get()); + + base::FieldTrialList field_trial_list(nullptr); + base::FieldTrialList::CreateFieldTrial( + params::GetTrustedSpdyProxyFieldTrialName(), + tests[i].is_in_trusted_spdy_proxy_field_trial ? "Enabled" : "Control"); + + EXPECT_EQ(tests[i].expect_proxy_is_trusted, + delegate.IsTrustedSpdyProxy(first_proxy) || + delegate.IsTrustedSpdyProxy(second_proxy)) + << i; + } +} + +} // namespace + +} // namespace data_reduction_proxy
\ No newline at end of file diff --git a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc index fe62c2f..13157cb 100644 --- a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc +++ b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc @@ -50,6 +50,8 @@ const char kLoFiFlagFieldTrial[] = "DataCompressionProxyLoFiFlag"; const char kConfigServiceFieldTrial[] = "DataReductionProxyConfigService"; const char kConfigServiceURLParam[] = "url"; +const char kTrustedSpdyProxyFieldTrialName[] = "DataReductionTrustedSpdyProxy"; + // Default URL for retrieving the Data Reduction Proxy configuration. const char kClientConfigURL[] = "https://datasaver.googleapis.com/v1/clientConfigs"; @@ -78,6 +80,15 @@ bool IsIncludedInAndroidOnePromoFieldTrial(const char* build_fingerprint) { return (fingerprint.find(kAndroidOneIdentifier) != std::string::npos); } +std::string GetTrustedSpdyProxyFieldTrialName() { + return kTrustedSpdyProxyFieldTrialName; +} + +bool IsIncludedInTrustedSpdyProxyFieldTrial() { + return base::FieldTrialList::FindFullName(GetTrustedSpdyProxyFieldTrialName()) + .find(kEnabled) == 0; +} + std::string GetLoFiFieldTrialName() { return kLoFiFieldTrial; } diff --git a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h index de5c528..05102d6 100644 --- a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h +++ b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h @@ -40,6 +40,13 @@ bool IsIncludedInPromoFieldTrial(); // is in effect. bool IsIncludedInHoldbackFieldTrial(); +// Returns the name of the trusted SPDY/HTTP2 proxy field trial. +std::string GetTrustedSpdyProxyFieldTrialName(); + +// Returns true if this client is part of the enabled group of the trusted +// SPDY/HTTP2 proxy field trial. +bool IsIncludedInTrustedSpdyProxyFieldTrial(); + // Returns true if this client is part of the field trial that should display // a promotion for the data reduction proxy on Android One devices. bool IsIncludedInAndroidOnePromoFieldTrial(const char* build_fingerprint); diff --git a/jingle/glue/proxy_resolving_client_socket.cc b/jingle/glue/proxy_resolving_client_socket.cc index 9443085..a932399 100644 --- a/jingle/glue/proxy_resolving_client_socket.cc +++ b/jingle/glue/proxy_resolving_client_socket.cc @@ -85,7 +85,6 @@ ProxyResolvingClientSocket::ProxyResolvingClientSocket( reference_params->testing_fixed_https_port; session_params.enable_spdy31 = reference_params->enable_spdy31; session_params.enable_http2 = reference_params->enable_http2; - session_params.trusted_spdy_proxy = reference_params->trusted_spdy_proxy; session_params.forced_spdy_exclusions = reference_params->forced_spdy_exclusions; session_params.parse_alternative_services = diff --git a/net/base/proxy_delegate.h b/net/base/proxy_delegate.h index 7e00d0c..8ff6a7e 100644 --- a/net/base/proxy_delegate.h +++ b/net/base/proxy_delegate.h @@ -67,6 +67,10 @@ class NET_EXPORT ProxyDelegate { const HostPortPair& proxy_server, const HttpResponseHeaders& response_headers) = 0; + // Returns true if |proxy_server| is a trusted SPDY/HTTP2 proxy that is + // allowed to push cross-origin resources. + virtual bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) = 0; + private: DISALLOW_COPY_AND_ASSIGN(ProxyDelegate); }; diff --git a/net/base/test_proxy_delegate.cc b/net/base/test_proxy_delegate.cc new file mode 100644 index 0000000..d4a3c61 --- /dev/null +++ b/net/base/test_proxy_delegate.cc @@ -0,0 +1,86 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/test_proxy_delegate.h" + +#include "net/http/http_request_headers.h" +#include "net/http/http_response_headers.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +TestProxyDelegate::TestProxyDelegate() + : on_before_tunnel_request_called_(false), + on_tunnel_request_completed_called_(false), + on_tunnel_headers_received_called_(false) {} + +TestProxyDelegate::~TestProxyDelegate() {} + +void TestProxyDelegate::VerifyOnTunnelRequestCompleted( + const std::string& endpoint, + const std::string& proxy_server) const { + EXPECT_TRUE(on_tunnel_request_completed_called_); + EXPECT_TRUE(HostPortPair::FromString(endpoint).Equals( + on_tunnel_request_completed_endpoint_)); + EXPECT_TRUE(HostPortPair::FromString(proxy_server) + .Equals(on_tunnel_request_completed_proxy_server_)); +} + +void TestProxyDelegate::VerifyOnTunnelHeadersReceived( + const std::string& origin, + const std::string& proxy_server, + const std::string& status_line) const { + EXPECT_TRUE(on_tunnel_headers_received_called_); + EXPECT_TRUE(HostPortPair::FromString(origin).Equals( + on_tunnel_headers_received_origin_)); + EXPECT_TRUE(HostPortPair::FromString(proxy_server) + .Equals(on_tunnel_headers_received_proxy_server_)); + EXPECT_EQ(status_line, on_tunnel_headers_received_status_line_); +} + +void TestProxyDelegate::OnResolveProxy(const GURL& url, + int load_flags, + const ProxyService& proxy_service, + ProxyInfo* result) {} + +void TestProxyDelegate::OnTunnelConnectCompleted( + const HostPortPair& endpoint, + const HostPortPair& proxy_server, + int net_error) { + on_tunnel_request_completed_called_ = true; + on_tunnel_request_completed_endpoint_ = endpoint; + on_tunnel_request_completed_proxy_server_ = proxy_server; +} + +void TestProxyDelegate::OnFallback(const ProxyServer& bad_proxy, + int net_error) {} + +void TestProxyDelegate::OnBeforeSendHeaders(URLRequest* request, + const ProxyInfo& proxy_info, + HttpRequestHeaders* headers) {} + +void TestProxyDelegate::OnBeforeTunnelRequest( + const HostPortPair& proxy_server, + HttpRequestHeaders* extra_headers) { + on_before_tunnel_request_called_ = true; + if (extra_headers) + extra_headers->SetHeader("Foo", proxy_server.ToString()); +} + +void TestProxyDelegate::OnTunnelHeadersReceived( + const HostPortPair& origin, + const HostPortPair& proxy_server, + const HttpResponseHeaders& response_headers) { + on_tunnel_headers_received_called_ = true; + on_tunnel_headers_received_origin_ = origin; + on_tunnel_headers_received_proxy_server_ = proxy_server; + on_tunnel_headers_received_status_line_ = response_headers.GetStatusLine(); +} + +bool TestProxyDelegate::IsTrustedSpdyProxy( + const net::ProxyServer& proxy_server) { + return proxy_server.is_valid() && trusted_spdy_proxy_ == proxy_server; +} + +} // namespace net
\ No newline at end of file diff --git a/net/base/test_proxy_delegate.h b/net/base/test_proxy_delegate.h new file mode 100644 index 0000000..a6698c6 --- /dev/null +++ b/net/base/test_proxy_delegate.h @@ -0,0 +1,86 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_TEST_PROXY_DELEGATE_H_ +#define NET_BASE_TEST_PROXY_DELEGATE_H_ + +#include <string> + +#include "net/base/host_port_pair.h" +#include "net/base/proxy_delegate.h" +#include "net/proxy/proxy_server.h" + +class GURL; + +namespace net { + +class HttpRequestHeaders; +class HttpResponseHeaders; +class ProxyInfo; +class ProxyService; +class URLRequest; + +class TestProxyDelegate : public ProxyDelegate { + public: + TestProxyDelegate(); + ~TestProxyDelegate() override; + + bool on_before_tunnel_request_called() const { + return on_before_tunnel_request_called_; + } + + bool on_tunnel_request_completed_called() const { + return on_tunnel_request_completed_called_; + } + + bool on_tunnel_headers_received_called() const { + return on_tunnel_headers_received_called_; + } + + void set_trusted_spdy_proxy(const net::ProxyServer& proxy_server) { + trusted_spdy_proxy_ = proxy_server; + } + + void VerifyOnTunnelRequestCompleted(const std::string& endpoint, + const std::string& proxy_server) const; + + void VerifyOnTunnelHeadersReceived(const std::string& origin, + const std::string& proxy_server, + const std::string& status_line) const; + + // ProxyDelegate implementation: + void OnResolveProxy(const GURL& url, + int load_flags, + const ProxyService& proxy_service, + ProxyInfo* result) override; + void OnTunnelConnectCompleted(const HostPortPair& endpoint, + const HostPortPair& proxy_server, + int net_error) override; + void OnFallback(const ProxyServer& bad_proxy, int net_error) override; + void OnBeforeSendHeaders(URLRequest* request, + const ProxyInfo& proxy_info, + HttpRequestHeaders* headers) override; + void OnBeforeTunnelRequest(const HostPortPair& proxy_server, + HttpRequestHeaders* extra_headers) override; + void OnTunnelHeadersReceived( + const HostPortPair& origin, + const HostPortPair& proxy_server, + const HttpResponseHeaders& response_headers) override; + bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) override; + + private: + bool on_before_tunnel_request_called_; + bool on_tunnel_request_completed_called_; + bool on_tunnel_headers_received_called_; + net::ProxyServer trusted_spdy_proxy_; + HostPortPair on_tunnel_request_completed_endpoint_; + HostPortPair on_tunnel_request_completed_proxy_server_; + HostPortPair on_tunnel_headers_received_origin_; + HostPortPair on_tunnel_headers_received_proxy_server_; + std::string on_tunnel_headers_received_status_line_; +}; + +} // namespace net + +#endif // NET_BASE_TEST_PROXY_DELEGATE_H_
\ No newline at end of file diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index f50e7dd..1180dee 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -198,7 +198,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params) params.spdy_stream_max_recv_window_size, params.spdy_initial_max_concurrent_streams, params.time_func, - params.trusted_spdy_proxy), + params.proxy_delegate), http_stream_factory_(new HttpStreamFactoryImpl(this, false)), http_stream_factory_for_websocket_(new HttpStreamFactoryImpl(this, true)), params_(params) { diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index b22f3d4..9be727a 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -98,9 +98,6 @@ class NET_EXPORT HttpNetworkSession size_t spdy_initial_max_concurrent_streams; // Source of time for SPDY connections. SpdySessionPool::TimeFunc time_func; - // This SPDY proxy is allowed to push resources from origins that are - // different from those of their associated streams. - std::string trusted_spdy_proxy; // URLs to exclude from forced SPDY. std::set<HostPortPair> forced_spdy_exclusions; // Whether to parse Alt-Svc headers. diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc index 46af04c..704e553 100644 --- a/net/http/http_network_transaction_unittest.cc +++ b/net/http/http_network_transaction_unittest.cc @@ -32,9 +32,11 @@ #include "net/base/load_timing_info.h" #include "net/base/load_timing_info_test_util.h" #include "net/base/net_errors.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_completion_callback.h" #include "net/base/test_data_directory.h" +#include "net/base/test_proxy_delegate.h" #include "net/base/upload_bytes_element_reader.h" #include "net/base/upload_file_element_reader.h" #include "net/cert/mock_cert_verifier.h" @@ -63,6 +65,7 @@ #include "net/proxy/proxy_config_service_fixed.h" #include "net/proxy/proxy_info.h" #include "net/proxy/proxy_resolver.h" +#include "net/proxy/proxy_server.h" #include "net/proxy/proxy_service.h" #include "net/socket/client_socket_factory.h" #include "net/socket/client_socket_pool.h" @@ -7689,7 +7692,11 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) { // Test that an explicitly trusted SPDY proxy can push a resource from an // origin that is different from that of its associated resource. -TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPush) { +TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) { + // Configure the proxy delegate to allow cross-origin SPDY pushes. + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI( + "https://myproxy:443", net::ProxyServer::SCHEME_HTTP)); HttpRequestInfo request; HttpRequestInfo push_request; @@ -7698,14 +7705,13 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPush) { push_request.method = "GET"; push_request.url = GURL("http://www.another-origin.com/foo.dat"); - // Configure against https proxy server "myproxy:70". + // Configure against https proxy server "myproxy:443". session_deps_.proxy_service = - ProxyService::CreateFixedFromPacResult("HTTPS myproxy:70"); + ProxyService::CreateFixedFromPacResult("HTTPS myproxy:443"); BoundTestNetLog log; session_deps_.net_log = log.bound().net_log(); - // Enable cross-origin push. - session_deps_.trusted_spdy_proxy = "myproxy:70"; + session_deps_.proxy_delegate.reset(proxy_delegate.release()); scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -7807,18 +7813,22 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPush) { // Test that an explicitly trusted SPDY proxy cannot push HTTPS content. TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) { + // Configure the proxy delegate to allow cross-origin SPDY pushes. + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI( + "https://myproxy:443", net::ProxyServer::SCHEME_HTTP)); HttpRequestInfo request; request.method = "GET"; request.url = GURL("http://www.example.org/"); - // Configure against https proxy server "myproxy:70". - session_deps_.proxy_service = ProxyService::CreateFixed("https://myproxy:70"); + session_deps_.proxy_service = + ProxyService::CreateFixed("https://myproxy:443"); BoundTestNetLog log; session_deps_.net_log = log.bound().net_log(); // Enable cross-origin push. - session_deps_.trusted_spdy_proxy = "myproxy:70"; + session_deps_.proxy_delegate.reset(proxy_delegate.release()); scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -7888,6 +7898,11 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) { // Test that an explicitly trusted SPDY proxy can push same-origin HTTPS // resources. TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) { + // Configure the proxy delegate to allow cross-origin SPDY pushes. + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy( + net::ProxyServer::FromURI("myproxy:70", net::ProxyServer::SCHEME_HTTP)); + HttpRequestInfo request; request.method = "GET"; @@ -7899,7 +7914,7 @@ TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) { session_deps_.net_log = log.bound().net_log(); // Enable cross-origin push. - session_deps_.trusted_spdy_proxy = "myproxy:70"; + session_deps_.proxy_delegate.reset(proxy_delegate.release()); scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc index cc3069d..29c10d0 100644 --- a/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_unittest.cc @@ -11,6 +11,7 @@ #include "net/base/net_errors.h" #include "net/base/proxy_delegate.h" #include "net/base/test_completion_callback.h" +#include "net/base/test_proxy_delegate.h" #include "net/http/http_network_session.h" #include "net/http/http_proxy_client_socket.h" #include "net/http/http_response_headers.h" @@ -61,97 +62,6 @@ typedef ::testing::TestWithParam<HttpProxyType> TestWithHttpParam; const char kHttpProxyHost[] = "httpproxy.example.com"; const char kHttpsProxyHost[] = "httpsproxy.example.com"; -class TestProxyDelegate : public ProxyDelegate { - public: - TestProxyDelegate() - : on_before_tunnel_request_called_(false), - on_tunnel_request_completed_called_(false), - on_tunnel_headers_received_called_(false) { - } - - ~TestProxyDelegate() override {} - - bool on_before_tunnel_request_called() const { - return on_before_tunnel_request_called_; - } - - bool on_tunnel_request_completed_called() const { - return on_tunnel_request_completed_called_; - } - - bool on_tunnel_headers_received_called() const { - return on_tunnel_headers_received_called_; - } - - void VerifyOnTunnelRequestCompleted(const std::string& endpoint, - const std::string& proxy_server) const { - EXPECT_TRUE(on_tunnel_request_completed_called_); - EXPECT_TRUE(HostPortPair::FromString(endpoint).Equals( - on_tunnel_request_completed_endpoint_)); - EXPECT_TRUE(HostPortPair::FromString(proxy_server).Equals( - on_tunnel_request_completed_proxy_server_)); - } - - void VerifyOnTunnelHeadersReceived(const std::string& origin, - const std::string& proxy_server, - const std::string& status_line) const { - EXPECT_TRUE(on_tunnel_headers_received_called_); - EXPECT_TRUE(HostPortPair::FromString(origin).Equals( - on_tunnel_headers_received_origin_)); - EXPECT_TRUE(HostPortPair::FromString(proxy_server).Equals( - on_tunnel_headers_received_proxy_server_)); - EXPECT_EQ(status_line, on_tunnel_headers_received_status_line_); - } - - // ProxyDelegate: - void OnResolveProxy(const GURL& url, - int load_flags, - const ProxyService& proxy_service, - ProxyInfo* result) override {} - - void OnTunnelConnectCompleted(const HostPortPair& endpoint, - const HostPortPair& proxy_server, - int net_error) override { - on_tunnel_request_completed_called_ = true; - on_tunnel_request_completed_endpoint_ = endpoint; - on_tunnel_request_completed_proxy_server_ = proxy_server; - } - - void OnFallback(const ProxyServer& bad_proxy, int net_error) override {} - - void OnBeforeSendHeaders(URLRequest* request, - const ProxyInfo& proxy_info, - HttpRequestHeaders* headers) override {} - - void OnBeforeTunnelRequest(const HostPortPair& proxy_server, - HttpRequestHeaders* extra_headers) override { - on_before_tunnel_request_called_ = true; - if (extra_headers) { - extra_headers->SetHeader("Foo", proxy_server.ToString()); - } - } - - void OnTunnelHeadersReceived( - const HostPortPair& origin, - const HostPortPair& proxy_server, - const HttpResponseHeaders& response_headers) override { - on_tunnel_headers_received_called_ = true; - on_tunnel_headers_received_origin_ = origin; - on_tunnel_headers_received_proxy_server_ = proxy_server; - on_tunnel_headers_received_status_line_ = response_headers.GetStatusLine(); - } - - private: - bool on_before_tunnel_request_called_; - bool on_tunnel_request_completed_called_; - bool on_tunnel_headers_received_called_; - HostPortPair on_tunnel_request_completed_endpoint_; - HostPortPair on_tunnel_request_completed_proxy_server_; - HostPortPair on_tunnel_headers_received_origin_; - HostPortPair on_tunnel_headers_received_proxy_server_; - std::string on_tunnel_headers_received_status_line_; -}; - } // namespace class HttpProxyClientSocketPoolTest diff --git a/net/net.gypi b/net/net.gypi index 1ac720d..87eeb0b9 100644 --- a/net/net.gypi +++ b/net/net.gypi @@ -1339,6 +1339,8 @@ 'base/stale_while_revalidate_experiment_domains_unittest.cc', 'base/static_cookie_policy_unittest.cc', 'base/test_completion_callback_unittest.cc', + 'base/test_proxy_delegate.cc', + 'base/test_proxy_delegate.h', 'base/upload_bytes_element_reader_unittest.cc', 'base/upload_file_element_reader_unittest.cc', 'base/url_util_unittest.cc', diff --git a/net/spdy/spdy_network_transaction_unittest.cc b/net/spdy/spdy_network_transaction_unittest.cc index a1e060c..a71e75c 100644 --- a/net/spdy/spdy_network_transaction_unittest.cc +++ b/net/spdy/spdy_network_transaction_unittest.cc @@ -18,8 +18,10 @@ #include "net/base/auth.h" #include "net/base/chunked_upload_data_stream.h" #include "net/base/elements_upload_data_stream.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_data_directory.h" +#include "net/base/test_proxy_delegate.h" #include "net/base/upload_bytes_element_reader.h" #include "net/base/upload_file_element_reader.h" #include "net/http/http_auth_scheme.h" @@ -30,6 +32,7 @@ #include "net/log/test_net_log.h" #include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" +#include "net/proxy/proxy_server.h" #include "net/socket/client_socket_pool_base.h" #include "net/socket/next_proto.h" #include "net/spdy/buffered_spdy_framer.h" @@ -5474,7 +5477,10 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushCrossOriginCorrectness) { // not actually enable cross-origin SPDY push. scoped_ptr<SpdySessionDependencies> session_deps( CreateSpdySessionDependencies(GetParam())); - session_deps->trusted_spdy_proxy = "123.45.67.89:8080"; + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI( + "https://123.45.67.89:443", net::ProxyServer::SCHEME_HTTP)); + session_deps->proxy_delegate.reset(proxy_delegate.release()); NormalSpdyTransactionHelper helper(request, DEFAULT_PRIORITY, BoundNetLog(), GetParam(), std::move(session_deps)); helper.RunPreTestSetup(); diff --git a/net/spdy/spdy_session.cc b/net/spdy/spdy_session.cc index ba056d6..4eb8b42 100644 --- a/net/spdy/spdy_session.cc +++ b/net/spdy/spdy_session.cc @@ -30,6 +30,7 @@ #include "crypto/ec_signature_creator.h" #include "net/base/connection_type_histograms.h" #include "net/base/net_util.h" +#include "net/base/proxy_delegate.h" #include "net/cert/asn1_util.h" #include "net/cert/cert_verify_result.h" #include "net/http/http_log_util.h" @@ -38,6 +39,7 @@ #include "net/http/http_util.h" #include "net/http/transport_security_state.h" #include "net/log/net_log.h" +#include "net/proxy/proxy_server.h" #include "net/socket/ssl_client_socket.h" #include "net/spdy/spdy_buffer_producer.h" #include "net/spdy/spdy_frame_builder.h" @@ -658,7 +660,7 @@ SpdySession::SpdySession( size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, TimeFunc time_func, - const HostPortPair& trusted_spdy_proxy, + ProxyDelegate* proxy_delegate, NetLog* net_log) : in_io_loop_(false), spdy_session_key_(spdy_session_key), @@ -713,7 +715,7 @@ SpdySession::SpdySession( connection_at_risk_of_loss_time_( base::TimeDelta::FromSeconds(kDefaultConnectionAtRiskOfLossSeconds)), hung_interval_(base::TimeDelta::FromSeconds(kHungIntervalSeconds)), - trusted_spdy_proxy_(trusted_spdy_proxy), + proxy_delegate_(proxy_delegate), time_func_(time_func), send_priority_dependency_(priority_dependency_enabled_default), weak_factory_(this) { @@ -2703,10 +2705,12 @@ bool SpdySession::TryCreatePushStream(SpdyStreamId stream_id, // Check that the pushed stream advertises the same origin as its associated // stream. Bypass this check if and only if this session is with a SPDY proxy - // that is trusted explicitly via the --trusted-spdy-proxy switch or if the + // that is trusted explicitly as determined by the |proxy_delegate_| or if the // proxy is pushing same-origin resources. if (!HostPortPair::FromURL(gurl).Equals(host_port_pair())) { - if (trusted_spdy_proxy_.Equals(host_port_pair())) { + if (proxy_delegate_ && + proxy_delegate_->IsTrustedSpdyProxy( + ProxyServer(ProxyServer::SCHEME_HTTPS, host_port_pair()))) { // Disallow pushing of HTTPS content. if (gurl.SchemeIs("https")) { EnqueueResetStreamFrame( diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h index 491766e..ece02bc 100644 --- a/net/spdy/spdy_session.h +++ b/net/spdy/spdy_session.h @@ -19,6 +19,7 @@ #include "base/memory/scoped_ptr.h" #include "base/memory/weak_ptr.h" #include "base/time/time.h" +#include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/load_states.h" #include "net/base/net_errors.h" @@ -73,6 +74,7 @@ const SpdyStreamId kLastStreamId = 0x7fffffff; class BoundNetLog; struct LoadTimingInfo; +class ProxyDelegate; class SpdyStream; class SSLInfo; class TransportSecurityState; @@ -245,7 +247,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, TimeFunc time_func, - const HostPortPair& trusted_spdy_proxy, + ProxyDelegate* proxy_delegate, NetLog* net_log); ~SpdySession() override; @@ -1186,9 +1188,10 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // get a PING response (http://crbug.com/127812). base::TimeDelta hung_interval_; - // This SPDY proxy is allowed to push resources from origins that are - // different from those of their associated streams. - HostPortPair trusted_spdy_proxy_; + // The |proxy_delegate_| verifies that a given proxy is a trusted SPDY proxy, + // which is allowed to push resources from origins that are different from + // those of their associated streams. May be nullptr. + ProxyDelegate* proxy_delegate_; TimeFunc time_func_; diff --git a/net/spdy/spdy_session_pool.cc b/net/spdy/spdy_session_pool.cc index 1208878..7e98ded 100644 --- a/net/spdy/spdy_session_pool.cc +++ b/net/spdy/spdy_session_pool.cc @@ -41,7 +41,7 @@ SpdySessionPool::SpdySessionPool( size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, SpdySessionPool::TimeFunc time_func, - const std::string& trusted_spdy_proxy) + ProxyDelegate* proxy_delegate) : http_server_properties_(http_server_properties), transport_security_state_(transport_security_state), ssl_config_service_(ssl_config_service), @@ -59,7 +59,7 @@ SpdySessionPool::SpdySessionPool( stream_max_recv_window_size_(stream_max_recv_window_size), initial_max_concurrent_streams_(initial_max_concurrent_streams), time_func_(time_func), - trusted_spdy_proxy_(HostPortPair::FromString(trusted_spdy_proxy)) { + proxy_delegate_(proxy_delegate) { DCHECK(default_protocol_ >= kProtoSPDYMinimumVersion && default_protocol_ <= kProtoSPDYMaximumVersion); NetworkChangeNotifier::AddIPAddressObserver(this); @@ -101,7 +101,7 @@ base::WeakPtr<SpdySession> SpdySessionPool::CreateAvailableSessionFromSocket( enable_compression_, enable_ping_based_connection_checking_, default_protocol_, session_max_recv_window_size_, stream_max_recv_window_size_, initial_max_concurrent_streams_, time_func_, - trusted_spdy_proxy_, net_log.net_log())); + proxy_delegate_, net_log.net_log())); new_session->InitializeWithSocket(std::move(connection), this, is_secure, certificate_error_code); diff --git a/net/spdy/spdy_session_pool.h b/net/spdy/spdy_session_pool.h index 0b0f97e..092567f 100644 --- a/net/spdy/spdy_session_pool.h +++ b/net/spdy/spdy_session_pool.h @@ -34,6 +34,7 @@ class BoundNetLog; class ClientSocketHandle; class HostResolver; class HttpServerProperties; +class ProxyDelegate; class SpdySession; class TransportSecurityState; @@ -60,7 +61,7 @@ class NET_EXPORT SpdySessionPool size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, SpdySessionPool::TimeFunc time_func, - const std::string& trusted_spdy_proxy); + ProxyDelegate* proxy_delegate); ~SpdySessionPool() override; // In the functions below, a session is "available" if this pool has @@ -217,9 +218,10 @@ class NET_EXPORT SpdySessionPool size_t initial_max_concurrent_streams_; TimeFunc time_func_; - // This SPDY proxy is allowed to push resources from origins that are - // different from those of their associated streams. - HostPortPair trusted_spdy_proxy_; + // Determines if a proxy is a trusted SPDY proxy, which is allowed to push + // resources from origins that are different from those of their associated + // streams. May be nullptr. + ProxyDelegate* proxy_delegate_; DISALLOW_COPY_AND_ASSIGN(SpdySessionPool); }; diff --git a/net/spdy/spdy_session_unittest.cc b/net/spdy/spdy_session_unittest.cc index 10901fa..0cc9a66 100644 --- a/net/spdy/spdy_session_unittest.cc +++ b/net/spdy/spdy_session_unittest.cc @@ -12,14 +12,18 @@ #include "base/memory/scoped_ptr.h" #include "base/run_loop.h" #include "base/test/histogram_tester.h" +#include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/ip_endpoint.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_data_directory.h" #include "net/base/test_data_stream.h" +#include "net/base/test_proxy_delegate.h" #include "net/log/test_net_log.h" #include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" +#include "net/proxy/proxy_server.h" #include "net/socket/client_socket_pool_manager.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" @@ -4957,8 +4961,12 @@ TEST_P(SpdySessionTest, TrustedSpdyProxy) { SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); session_deps_.socket_factory->AddSocketDataProvider(&data); - session_deps_.trusted_spdy_proxy = - HostPortPair::FromURL(GURL(kDefaultURL)).ToString(); + + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy( + net::ProxyServer(net::ProxyServer::SCHEME_HTTPS, + HostPortPair(GURL(kDefaultURL).host(), 80))); + session_deps_.proxy_delegate.reset(proxy_delegate.release()); CreateNetworkSession(); CreateInsecureSpdySession(); diff --git a/net/spdy/spdy_test_util_common.cc b/net/spdy/spdy_test_util_common.cc index a166565..b919dd1 100644 --- a/net/spdy/spdy_test_util_common.cc +++ b/net/spdy/spdy_test_util_common.cc @@ -13,6 +13,7 @@ #include "base/memory/scoped_ptr.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" +#include "net/base/host_port_pair.h" #include "net/cert/mock_cert_verifier.h" #include "net/http/http_cache.h" #include "net/http/http_network_session.h" @@ -437,7 +438,7 @@ HttpNetworkSession::Params SpdySessionDependencies::CreateSessionParams( params.time_func = session_deps->time_func; params.enable_spdy31 = session_deps->enable_spdy31; params.enable_http2 = session_deps->enable_http2; - params.trusted_spdy_proxy = session_deps->trusted_spdy_proxy; + params.proxy_delegate = session_deps->proxy_delegate.get(); params.parse_alternative_services = session_deps->parse_alternative_services; params.enable_alternative_service_with_different_host = session_deps->enable_alternative_service_with_different_host; diff --git a/net/spdy/spdy_test_util_common.h b/net/spdy/spdy_test_util_common.h index 6746d85..b19793f 100644 --- a/net/spdy/spdy_test_util_common.h +++ b/net/spdy/spdy_test_util_common.h @@ -17,6 +17,7 @@ #include "crypto/ec_private_key.h" #include "crypto/ec_signature_creator.h" #include "net/base/completion_callback.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_completion_callback.h" #include "net/cert/cert_verifier.h" @@ -26,6 +27,7 @@ #include "net/http/http_response_info.h" #include "net/http/http_server_properties_impl.h" #include "net/http/transport_security_state.h" +#include "net/proxy/proxy_server.h" #include "net/proxy/proxy_service.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" @@ -40,6 +42,7 @@ class GURL; namespace net { class BoundNetLog; +class HostPortPair; class SpdySession; class SpdySessionKey; class SpdySessionPool; @@ -202,7 +205,7 @@ struct SpdySessionDependencies { SpdySession::TimeFunc time_func; bool enable_spdy31; bool enable_http2; - std::string trusted_spdy_proxy; + scoped_ptr<ProxyDelegate> proxy_delegate; bool parse_alternative_services; bool enable_alternative_service_with_different_host; NetLog* net_log; diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc index 44109d7..a9ee6a4 100644 --- a/net/url_request/url_request_context_builder.cc +++ b/net/url_request/url_request_context_builder.cc @@ -11,7 +11,6 @@ #include "base/compiler_specific.h" #include "base/logging.h" #include "base/macros.h" -#include "base/memory/scoped_ptr.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_util.h" #include "base/thread_task_runner_handle.h" @@ -391,8 +390,6 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() { http_network_session_params_.enable_spdy31; network_session_params.enable_http2 = http_network_session_params_.enable_http2; - network_session_params.trusted_spdy_proxy = - http_network_session_params_.trusted_spdy_proxy; network_session_params.parse_alternative_services = http_network_session_params_.parse_alternative_services; network_session_params.enable_alternative_service_with_different_host = diff --git a/net/url_request/url_request_context_builder.h b/net/url_request/url_request_context_builder.h index 83193d1..739c77a 100644 --- a/net/url_request/url_request_context_builder.h +++ b/net/url_request/url_request_context_builder.h @@ -86,7 +86,6 @@ class NET_EXPORT URLRequestContextBuilder { uint16_t testing_fixed_https_port; bool enable_spdy31; bool enable_http2; - std::string trusted_spdy_proxy; bool parse_alternative_services; bool enable_alternative_service_with_different_host; bool enable_quic; |