diff options
32 files changed, 460 insertions, 150 deletions
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc index 8c30fb1..94cf6dc 100644 --- a/chrome/browser/io_thread.cc +++ b/chrome/browser/io_thread.cc @@ -983,10 +983,6 @@ void IOThread::ConfigureSpdyGlobals( base::StringPiece spdy_trial_group, const VariationParameters& spdy_trial_params, IOThread::Globals* globals) { - if (command_line.HasSwitch(switches::kTrustedSpdyProxy)) { - globals->trusted_spdy_proxy.set( - command_line.GetSwitchValueASCII(switches::kTrustedSpdyProxy)); - } if (command_line.HasSwitch(switches::kIgnoreUrlFetcherCertRequests)) net::URLFetcher::SetIgnoreCertificateRequests(true); @@ -1169,7 +1165,6 @@ void IOThread::InitializeNetworkSessionParamsFromGlobals( ¶ms->spdy_default_protocol); globals.enable_spdy31.CopyToIfSet(¶ms->enable_spdy31); globals.enable_http2.CopyToIfSet(¶ms->enable_http2); - globals.trusted_spdy_proxy.CopyToIfSet(¶ms->trusted_spdy_proxy); params->forced_spdy_exclusions = globals.forced_spdy_exclusions; globals.parse_alternative_services.CopyToIfSet( ¶ms->parse_alternative_services); diff --git a/chrome/browser/io_thread.h b/chrome/browser/io_thread.h index 2e49e55..ad40720 100644 --- a/chrome/browser/io_thread.h +++ b/chrome/browser/io_thread.h @@ -209,7 +209,6 @@ class IOThread : public content::BrowserThreadDelegate { Optional<net::NextProto> spdy_default_protocol; Optional<bool> enable_spdy31; Optional<bool> enable_http2; - Optional<std::string> trusted_spdy_proxy; std::set<net::HostPortPair> forced_spdy_exclusions; Optional<bool> parse_alternative_services; Optional<bool> enable_alternative_service_with_different_host; diff --git a/chrome/browser/ui/startup/bad_flags_prompt.cc b/chrome/browser/ui/startup/bad_flags_prompt.cc index 1588029..52eb2f5 100644 --- a/chrome/browser/ui/startup/bad_flags_prompt.cc +++ b/chrome/browser/ui/startup/bad_flags_prompt.cc @@ -54,7 +54,6 @@ void ShowBadFlagsPrompt(Browser* browser) { switches::kSingleProcess, // These flags disable or undermine the Same Origin Policy. - switches::kTrustedSpdyProxy, translate::switches::kTranslateSecurityOrigin, // These flags undermine HTTPS / connection security. diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 7070b18..78e1669 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -1038,10 +1038,6 @@ const char kSystemLogUploadFrequency[] = "system-log-upload-frequency"; // Passes the name of the current running automated test to Chrome. const char kTestName[] = "test-name"; -// Disables same-origin check on HTTP resources pushed via a SPDY proxy. -// The value is the host:port of the trusted proxy. -const char kTrustedSpdyProxy[] = "trusted-spdy-proxy"; - // Experimental. Shows a dialog asking the user to try chrome. This flag is to // be used only by the upgrade process. const char kTryChromeAgain[] = "try-chrome-again"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 3ff3b38..582ac04 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -277,7 +277,6 @@ extern const char kSupervisedUserSafeSites[]; extern const char kSupervisedUserSyncToken[]; extern const char kSystemLogUploadFrequency[]; extern const char kTestName[]; -extern const char kTrustedSpdyProxy[]; extern const char kTryChromeAgain[]; extern const char kUnlimitedStorage[]; extern const char kUnsafelyTreatInsecureOriginAsSecure[]; diff --git a/components/components_tests.gyp b/components/components_tests.gyp index 91cd693..2bf8940 100644 --- a/components/components_tests.gyp +++ b/components/components_tests.gyp @@ -144,6 +144,7 @@ 'data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_config_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_configurator_unittest.cc', + 'data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_experiments_stats_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_interceptor_unittest.cc', 'data_reduction_proxy/core/browser/data_reduction_proxy_io_data_unittest.cc', diff --git a/components/data_reduction_proxy/core/browser/BUILD.gn b/components/data_reduction_proxy/core/browser/BUILD.gn index 77ef2a4..989afd8 100644 --- a/components/data_reduction_proxy/core/browser/BUILD.gn +++ b/components/data_reduction_proxy/core/browser/BUILD.gn @@ -137,6 +137,7 @@ source_set("unit_tests") { "data_reduction_proxy_config_service_client_unittest.cc", "data_reduction_proxy_config_unittest.cc", "data_reduction_proxy_configurator_unittest.cc", + "data_reduction_proxy_delegate_unittest.cc", "data_reduction_proxy_experiments_stats_unittest.cc", "data_reduction_proxy_interceptor_unittest.cc", "data_reduction_proxy_io_data_unittest.cc", diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc index d0b03d7..3fe09d6 100644 --- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_unittest.cc @@ -127,6 +127,9 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { test_context_->test_config_client()->SetConfigServiceURL( GURL("http://configservice.com")); + delegate_.reset( + new DataReductionProxyDelegate(request_options(), config())); + // Set up the various test ClientConfigs. ClientConfig config = CreateConfig(kSuccessSessionKey, kConfingRefreshDurationSeconds, 0, @@ -219,6 +222,8 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { return test_context_->test_configurator(); } + TestDataReductionProxyConfig* config() { return test_context_->config(); } + MockDataReductionProxyRequestOptions* request_options() { return test_context_->mock_request_options(); } @@ -273,6 +278,10 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { test_context_->test_params()->EnableQuic(enable); } + bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) const { + return delegate_->IsTrustedSpdyProxy(proxy_server); + } + const std::string& loaded_config() const { return loaded_config_; } private: @@ -284,6 +293,8 @@ class DataReductionProxyConfigServiceClientTest : public testing::Test { scoped_ptr<DataReductionProxyRequestOptions> request_options_; std::vector<net::ProxyServer> enabled_proxies_for_http_; + scoped_ptr<DataReductionProxyDelegate> delegate_; + // A configuration from the current remote request. The encoded version is // also stored. std::string config_; @@ -311,18 +322,21 @@ TEST_F(DataReductionProxyConfigServiceClientTest, DevRolloutAndQuic) { const struct { bool enable_dev; bool enable_quic; + bool enable_trusted_spdy_proxy_field_trial; std::string expected_primary_proxy; std::string expected_fallback_proxy; net::ProxyServer::Scheme expected_primary_proxy_scheme; } tests[] = { - {false, false, kSuccessOrigin, kSuccessFallback, + {false, false, false, kSuccessOrigin, kSuccessFallback, + net::ProxyServer::SCHEME_HTTPS}, + {false, false, true, kSuccessOrigin, kSuccessFallback, net::ProxyServer::SCHEME_HTTPS}, - {false, true, kSuccessOrigin, kSuccessFallback, + {false, true, true, kSuccessOrigin, kSuccessFallback, net::ProxyServer::SCHEME_QUIC}, - {true, false, TestDataReductionProxyParams::DefaultDevOrigin(), + {true, false, true, TestDataReductionProxyParams::DefaultDevOrigin(), TestDataReductionProxyParams::DefaultDevFallbackOrigin(), net::ProxyServer::SCHEME_HTTPS}, - {true, true, TestDataReductionProxyParams::DefaultDevOrigin(), + {true, true, true, TestDataReductionProxyParams::DefaultDevOrigin(), TestDataReductionProxyParams::DefaultDevFallbackOrigin(), net::ProxyServer::SCHEME_QUIC}, }; @@ -335,6 +349,9 @@ TEST_F(DataReductionProxyConfigServiceClientTest, DevRolloutAndQuic) { } base::FieldTrialList field_trial_list(new base::MockEntropyProvider()); + base::FieldTrialList::CreateFieldTrial( + params::GetTrustedSpdyProxyFieldTrialName(), + tests[i].enable_trusted_spdy_proxy_field_trial ? "Enabled" : "Control"); if (tests[i].enable_quic) { base::FieldTrialList::CreateFieldTrial(params::GetQuicFieldTrialName(), "Enabled"); @@ -372,6 +389,24 @@ TEST_F(DataReductionProxyConfigServiceClientTest, DevRolloutAndQuic) { proxies_for_http[1]) << i; EXPECT_TRUE(configurator()->proxies_for_https().empty()) << i; + + // Test that the trusted SPDY proxy is updated correctly after each config + // retrieval. + bool expect_proxy_is_trusted = + tests[i].expected_primary_proxy_scheme == + net::ProxyServer::SCHEME_HTTPS && + tests[i].enable_trusted_spdy_proxy_field_trial; + + // Apply the specified proxy scheme. + const net::ProxyServer proxy_server( + tests[i].expected_primary_proxy_scheme, + net::ProxyServer::FromURI(tests[i].expected_primary_proxy, + net::ProxyServer::SCHEME_HTTP) + .host_port_pair()); + + ASSERT_EQ(tests[i].expected_primary_proxy_scheme, proxy_server.scheme()) + << i; + EXPECT_EQ(expect_proxy_is_trusted, IsTrustedSpdyProxy(proxy_server)) << i; } } diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc index b137580..462571b 100644 --- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.cc @@ -9,9 +9,11 @@ #include "base/metrics/sparse_histogram.h" #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_config.h" #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_request_options.h" +#include "components/data_reduction_proxy/core/common/data_reduction_proxy_params.h" #include "net/base/host_port_pair.h" #include "net/http/http_request_headers.h" #include "net/http/http_response_headers.h" +#include "net/proxy/proxy_server.h" namespace data_reduction_proxy { @@ -61,6 +63,17 @@ void DataReductionProxyDelegate::OnBeforeTunnelRequest( proxy_server, extra_headers); } +bool DataReductionProxyDelegate::IsTrustedSpdyProxy( + const net::ProxyServer& proxy_server) { + if (!proxy_server.is_https() || + !params::IsIncludedInTrustedSpdyProxyFieldTrial() || + !proxy_server.is_valid()) { + return false; + } + return config_ && + config_->IsDataReductionProxy(proxy_server.host_port_pair(), nullptr); +} + void DataReductionProxyDelegate::OnTunnelHeadersReceived( const net::HostPortPair& origin, const net::HostPortPair& proxy_server, diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h index ffdc3f4..a9da5b9 100644 --- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h @@ -34,24 +34,21 @@ class DataReductionProxyDelegate : public net::ProxyDelegate { ~DataReductionProxyDelegate() override; + // net::ProxyDelegate implementation: void OnResolveProxy(const GURL& url, int load_flags, const net::ProxyService& proxy_service, net::ProxyInfo* result) override; - void OnFallback(const net::ProxyServer& bad_proxy, int net_error) override; - void OnBeforeSendHeaders(net::URLRequest* request, const net::ProxyInfo& proxy_info, net::HttpRequestHeaders* headers) override; - void OnBeforeTunnelRequest(const net::HostPortPair& proxy_server, net::HttpRequestHeaders* extra_headers) override; - void OnTunnelConnectCompleted(const net::HostPortPair& endpoint, const net::HostPortPair& proxy_server, int net_error) override; - + bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) override; void OnTunnelHeadersReceived( const net::HostPortPair& origin, const net::HostPortPair& proxy_server, diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc new file mode 100644 index 0000000..8bc9147 --- /dev/null +++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate_unittest.cc @@ -0,0 +1,135 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_delegate.h" + +#include <vector> + +#include "base/macros.h" +#include "base/message_loop/message_loop.h" +#include "base/metrics/field_trial.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_config_test_utils.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_configurator_test_utils.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_mutable_config_values.h" +#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_test_utils.h" +#include "components/data_reduction_proxy/core/common/data_reduction_proxy_params_test_utils.h" +#include "net/proxy/proxy_server.h" +#include "testing/gtest/include/gtest/gtest.h" + +using testing::_; + +namespace data_reduction_proxy { + +namespace { + +// Constructs and returns a proxy with the specified scheme. +net::ProxyServer GetProxyWithScheme(net::ProxyServer::Scheme scheme) { + switch (scheme) { + case net::ProxyServer::SCHEME_HTTP: + return net::ProxyServer::FromURI("origin.net:443", + net::ProxyServer::SCHEME_HTTP); + case net::ProxyServer::SCHEME_HTTPS: + return net::ProxyServer::FromURI("https://origin.net:443", + net::ProxyServer::SCHEME_HTTP); + case net::ProxyServer::SCHEME_QUIC: + return net::ProxyServer::FromURI("quic://origin.net:443", + net::ProxyServer::SCHEME_QUIC); + default: + NOTREACHED(); + return net::ProxyServer::FromURI("", net::ProxyServer::SCHEME_INVALID); + } +} + +// Tests that the trusted SPDY proxy is verified correctly. +TEST(DataReductionProxyDelegate, IsTrustedSpdyProxy) { + base::MessageLoopForIO message_loop_; + scoped_ptr<DataReductionProxyTestContext> test_context = + DataReductionProxyTestContext::Builder() + .WithConfigClient() + .WithTestConfigurator() + .WithMockDataReductionProxyService() + .Build(); + + const struct { + bool is_in_trusted_spdy_proxy_field_trial; + net::ProxyServer::Scheme first_proxy_scheme; + net::ProxyServer::Scheme second_proxy_scheme; + bool expect_proxy_is_trusted; + } tests[] = { + {false, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_HTTP, + false}, + {true, net::ProxyServer::SCHEME_INVALID, net::ProxyServer::SCHEME_INVALID, + false}, + // First proxy is HTTPS, and second is invalid. + {true, net::ProxyServer::SCHEME_HTTPS, net::ProxyServer::SCHEME_INVALID, + true}, + // First proxy is invalid, and second proxy is HTTPS. + {true, net::ProxyServer::SCHEME_INVALID, net::ProxyServer::SCHEME_HTTPS, + true}, + // First proxy is HTTPS, and second is HTTP. + {true, net::ProxyServer::SCHEME_HTTPS, net::ProxyServer::SCHEME_HTTPS, + true}, + // Second proxy is HTTPS, and first is HTTP. + {true, net::ProxyServer::SCHEME_HTTP, net::ProxyServer::SCHEME_HTTPS, + true}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_INVALID, + false}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_HTTP, + false}, + {true, net::ProxyServer::SCHEME_QUIC, net::ProxyServer::SCHEME_HTTPS, + true}, + }; + for (size_t i = 0; i < arraysize(tests); ++i) { + ASSERT_EQ( + tests[i].expect_proxy_is_trusted, + tests[i].is_in_trusted_spdy_proxy_field_trial && + (tests[i].first_proxy_scheme == net::ProxyServer::SCHEME_HTTPS || + tests[i].second_proxy_scheme == net::ProxyServer::SCHEME_HTTPS)) + << i; + + std::vector<net::ProxyServer> proxies_for_http; + net::ProxyServer first_proxy; + net::ProxyServer second_proxy; + if (tests[i].first_proxy_scheme != net::ProxyServer::SCHEME_INVALID) { + first_proxy = GetProxyWithScheme(tests[i].first_proxy_scheme); + proxies_for_http.push_back(first_proxy); + } + if (tests[i].second_proxy_scheme != net::ProxyServer::SCHEME_INVALID) { + second_proxy = GetProxyWithScheme(tests[i].second_proxy_scheme); + proxies_for_http.push_back(second_proxy); + } + + scoped_ptr<DataReductionProxyMutableConfigValues> config_values = + DataReductionProxyMutableConfigValues::CreateFromParams( + test_context->test_params()); + config_values->UpdateValues(proxies_for_http); + + scoped_ptr<DataReductionProxyConfig> config(new DataReductionProxyConfig( + test_context->net_log(), std::move(config_values), + test_context->configurator(), test_context->event_creator())); + + DataReductionProxyDelegate delegate( + test_context->io_data()->request_options(), config.get()); + + base::FieldTrialList field_trial_list(nullptr); + base::FieldTrialList::CreateFieldTrial( + params::GetTrustedSpdyProxyFieldTrialName(), + tests[i].is_in_trusted_spdy_proxy_field_trial ? "Enabled" : "Control"); + + EXPECT_EQ(tests[i].expect_proxy_is_trusted, + delegate.IsTrustedSpdyProxy(first_proxy) || + delegate.IsTrustedSpdyProxy(second_proxy)) + << i; + } +} + +} // namespace + +} // namespace data_reduction_proxy
\ No newline at end of file diff --git a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc index fe62c2f..13157cb 100644 --- a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc +++ b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.cc @@ -50,6 +50,8 @@ const char kLoFiFlagFieldTrial[] = "DataCompressionProxyLoFiFlag"; const char kConfigServiceFieldTrial[] = "DataReductionProxyConfigService"; const char kConfigServiceURLParam[] = "url"; +const char kTrustedSpdyProxyFieldTrialName[] = "DataReductionTrustedSpdyProxy"; + // Default URL for retrieving the Data Reduction Proxy configuration. const char kClientConfigURL[] = "https://datasaver.googleapis.com/v1/clientConfigs"; @@ -78,6 +80,15 @@ bool IsIncludedInAndroidOnePromoFieldTrial(const char* build_fingerprint) { return (fingerprint.find(kAndroidOneIdentifier) != std::string::npos); } +std::string GetTrustedSpdyProxyFieldTrialName() { + return kTrustedSpdyProxyFieldTrialName; +} + +bool IsIncludedInTrustedSpdyProxyFieldTrial() { + return base::FieldTrialList::FindFullName(GetTrustedSpdyProxyFieldTrialName()) + .find(kEnabled) == 0; +} + std::string GetLoFiFieldTrialName() { return kLoFiFieldTrial; } diff --git a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h index de5c528..05102d6 100644 --- a/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h +++ b/components/data_reduction_proxy/core/common/data_reduction_proxy_params.h @@ -40,6 +40,13 @@ bool IsIncludedInPromoFieldTrial(); // is in effect. bool IsIncludedInHoldbackFieldTrial(); +// Returns the name of the trusted SPDY/HTTP2 proxy field trial. +std::string GetTrustedSpdyProxyFieldTrialName(); + +// Returns true if this client is part of the enabled group of the trusted +// SPDY/HTTP2 proxy field trial. +bool IsIncludedInTrustedSpdyProxyFieldTrial(); + // Returns true if this client is part of the field trial that should display // a promotion for the data reduction proxy on Android One devices. bool IsIncludedInAndroidOnePromoFieldTrial(const char* build_fingerprint); diff --git a/jingle/glue/proxy_resolving_client_socket.cc b/jingle/glue/proxy_resolving_client_socket.cc index 9443085..a932399 100644 --- a/jingle/glue/proxy_resolving_client_socket.cc +++ b/jingle/glue/proxy_resolving_client_socket.cc @@ -85,7 +85,6 @@ ProxyResolvingClientSocket::ProxyResolvingClientSocket( reference_params->testing_fixed_https_port; session_params.enable_spdy31 = reference_params->enable_spdy31; session_params.enable_http2 = reference_params->enable_http2; - session_params.trusted_spdy_proxy = reference_params->trusted_spdy_proxy; session_params.forced_spdy_exclusions = reference_params->forced_spdy_exclusions; session_params.parse_alternative_services = diff --git a/net/base/proxy_delegate.h b/net/base/proxy_delegate.h index 7e00d0c..8ff6a7e 100644 --- a/net/base/proxy_delegate.h +++ b/net/base/proxy_delegate.h @@ -67,6 +67,10 @@ class NET_EXPORT ProxyDelegate { const HostPortPair& proxy_server, const HttpResponseHeaders& response_headers) = 0; + // Returns true if |proxy_server| is a trusted SPDY/HTTP2 proxy that is + // allowed to push cross-origin resources. + virtual bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) = 0; + private: DISALLOW_COPY_AND_ASSIGN(ProxyDelegate); }; diff --git a/net/base/test_proxy_delegate.cc b/net/base/test_proxy_delegate.cc new file mode 100644 index 0000000..d4a3c61 --- /dev/null +++ b/net/base/test_proxy_delegate.cc @@ -0,0 +1,86 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/test_proxy_delegate.h" + +#include "net/http/http_request_headers.h" +#include "net/http/http_response_headers.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +TestProxyDelegate::TestProxyDelegate() + : on_before_tunnel_request_called_(false), + on_tunnel_request_completed_called_(false), + on_tunnel_headers_received_called_(false) {} + +TestProxyDelegate::~TestProxyDelegate() {} + +void TestProxyDelegate::VerifyOnTunnelRequestCompleted( + const std::string& endpoint, + const std::string& proxy_server) const { + EXPECT_TRUE(on_tunnel_request_completed_called_); + EXPECT_TRUE(HostPortPair::FromString(endpoint).Equals( + on_tunnel_request_completed_endpoint_)); + EXPECT_TRUE(HostPortPair::FromString(proxy_server) + .Equals(on_tunnel_request_completed_proxy_server_)); +} + +void TestProxyDelegate::VerifyOnTunnelHeadersReceived( + const std::string& origin, + const std::string& proxy_server, + const std::string& status_line) const { + EXPECT_TRUE(on_tunnel_headers_received_called_); + EXPECT_TRUE(HostPortPair::FromString(origin).Equals( + on_tunnel_headers_received_origin_)); + EXPECT_TRUE(HostPortPair::FromString(proxy_server) + .Equals(on_tunnel_headers_received_proxy_server_)); + EXPECT_EQ(status_line, on_tunnel_headers_received_status_line_); +} + +void TestProxyDelegate::OnResolveProxy(const GURL& url, + int load_flags, + const ProxyService& proxy_service, + ProxyInfo* result) {} + +void TestProxyDelegate::OnTunnelConnectCompleted( + const HostPortPair& endpoint, + const HostPortPair& proxy_server, + int net_error) { + on_tunnel_request_completed_called_ = true; + on_tunnel_request_completed_endpoint_ = endpoint; + on_tunnel_request_completed_proxy_server_ = proxy_server; +} + +void TestProxyDelegate::OnFallback(const ProxyServer& bad_proxy, + int net_error) {} + +void TestProxyDelegate::OnBeforeSendHeaders(URLRequest* request, + const ProxyInfo& proxy_info, + HttpRequestHeaders* headers) {} + +void TestProxyDelegate::OnBeforeTunnelRequest( + const HostPortPair& proxy_server, + HttpRequestHeaders* extra_headers) { + on_before_tunnel_request_called_ = true; + if (extra_headers) + extra_headers->SetHeader("Foo", proxy_server.ToString()); +} + +void TestProxyDelegate::OnTunnelHeadersReceived( + const HostPortPair& origin, + const HostPortPair& proxy_server, + const HttpResponseHeaders& response_headers) { + on_tunnel_headers_received_called_ = true; + on_tunnel_headers_received_origin_ = origin; + on_tunnel_headers_received_proxy_server_ = proxy_server; + on_tunnel_headers_received_status_line_ = response_headers.GetStatusLine(); +} + +bool TestProxyDelegate::IsTrustedSpdyProxy( + const net::ProxyServer& proxy_server) { + return proxy_server.is_valid() && trusted_spdy_proxy_ == proxy_server; +} + +} // namespace net
\ No newline at end of file diff --git a/net/base/test_proxy_delegate.h b/net/base/test_proxy_delegate.h new file mode 100644 index 0000000..a6698c6 --- /dev/null +++ b/net/base/test_proxy_delegate.h @@ -0,0 +1,86 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_TEST_PROXY_DELEGATE_H_ +#define NET_BASE_TEST_PROXY_DELEGATE_H_ + +#include <string> + +#include "net/base/host_port_pair.h" +#include "net/base/proxy_delegate.h" +#include "net/proxy/proxy_server.h" + +class GURL; + +namespace net { + +class HttpRequestHeaders; +class HttpResponseHeaders; +class ProxyInfo; +class ProxyService; +class URLRequest; + +class TestProxyDelegate : public ProxyDelegate { + public: + TestProxyDelegate(); + ~TestProxyDelegate() override; + + bool on_before_tunnel_request_called() const { + return on_before_tunnel_request_called_; + } + + bool on_tunnel_request_completed_called() const { + return on_tunnel_request_completed_called_; + } + + bool on_tunnel_headers_received_called() const { + return on_tunnel_headers_received_called_; + } + + void set_trusted_spdy_proxy(const net::ProxyServer& proxy_server) { + trusted_spdy_proxy_ = proxy_server; + } + + void VerifyOnTunnelRequestCompleted(const std::string& endpoint, + const std::string& proxy_server) const; + + void VerifyOnTunnelHeadersReceived(const std::string& origin, + const std::string& proxy_server, + const std::string& status_line) const; + + // ProxyDelegate implementation: + void OnResolveProxy(const GURL& url, + int load_flags, + const ProxyService& proxy_service, + ProxyInfo* result) override; + void OnTunnelConnectCompleted(const HostPortPair& endpoint, + const HostPortPair& proxy_server, + int net_error) override; + void OnFallback(const ProxyServer& bad_proxy, int net_error) override; + void OnBeforeSendHeaders(URLRequest* request, + const ProxyInfo& proxy_info, + HttpRequestHeaders* headers) override; + void OnBeforeTunnelRequest(const HostPortPair& proxy_server, + HttpRequestHeaders* extra_headers) override; + void OnTunnelHeadersReceived( + const HostPortPair& origin, + const HostPortPair& proxy_server, + const HttpResponseHeaders& response_headers) override; + bool IsTrustedSpdyProxy(const net::ProxyServer& proxy_server) override; + + private: + bool on_before_tunnel_request_called_; + bool on_tunnel_request_completed_called_; + bool on_tunnel_headers_received_called_; + net::ProxyServer trusted_spdy_proxy_; + HostPortPair on_tunnel_request_completed_endpoint_; + HostPortPair on_tunnel_request_completed_proxy_server_; + HostPortPair on_tunnel_headers_received_origin_; + HostPortPair on_tunnel_headers_received_proxy_server_; + std::string on_tunnel_headers_received_status_line_; +}; + +} // namespace net + +#endif // NET_BASE_TEST_PROXY_DELEGATE_H_
\ No newline at end of file diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index f50e7dd..1180dee 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -198,7 +198,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params) params.spdy_stream_max_recv_window_size, params.spdy_initial_max_concurrent_streams, params.time_func, - params.trusted_spdy_proxy), + params.proxy_delegate), http_stream_factory_(new HttpStreamFactoryImpl(this, false)), http_stream_factory_for_websocket_(new HttpStreamFactoryImpl(this, true)), params_(params) { diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index b22f3d4..9be727a 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -98,9 +98,6 @@ class NET_EXPORT HttpNetworkSession size_t spdy_initial_max_concurrent_streams; // Source of time for SPDY connections. SpdySessionPool::TimeFunc time_func; - // This SPDY proxy is allowed to push resources from origins that are - // different from those of their associated streams. - std::string trusted_spdy_proxy; // URLs to exclude from forced SPDY. std::set<HostPortPair> forced_spdy_exclusions; // Whether to parse Alt-Svc headers. diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc index 46af04c..704e553 100644 --- a/net/http/http_network_transaction_unittest.cc +++ b/net/http/http_network_transaction_unittest.cc @@ -32,9 +32,11 @@ #include "net/base/load_timing_info.h" #include "net/base/load_timing_info_test_util.h" #include "net/base/net_errors.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_completion_callback.h" #include "net/base/test_data_directory.h" +#include "net/base/test_proxy_delegate.h" #include "net/base/upload_bytes_element_reader.h" #include "net/base/upload_file_element_reader.h" #include "net/cert/mock_cert_verifier.h" @@ -63,6 +65,7 @@ #include "net/proxy/proxy_config_service_fixed.h" #include "net/proxy/proxy_info.h" #include "net/proxy/proxy_resolver.h" +#include "net/proxy/proxy_server.h" #include "net/proxy/proxy_service.h" #include "net/socket/client_socket_factory.h" #include "net/socket/client_socket_pool.h" @@ -7689,7 +7692,11 @@ TEST_P(HttpNetworkTransactionTest, BasicAuthSpdyProxy) { // Test that an explicitly trusted SPDY proxy can push a resource from an // origin that is different from that of its associated resource. -TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPush) { +TEST_P(HttpNetworkTransactionTest, CrossOriginSPDYProxyPush) { + // Configure the proxy delegate to allow cross-origin SPDY pushes. + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI( + "https://myproxy:443", net::ProxyServer::SCHEME_HTTP)); HttpRequestInfo request; HttpRequestInfo push_request; @@ -7698,14 +7705,13 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPush) { push_request.method = "GET"; push_request.url = GURL("http://www.another-origin.com/foo.dat"); - // Configure against https proxy server "myproxy:70". + // Configure against https proxy server "myproxy:443". session_deps_.proxy_service = - ProxyService::CreateFixedFromPacResult("HTTPS myproxy:70"); + ProxyService::CreateFixedFromPacResult("HTTPS myproxy:443"); BoundTestNetLog log; session_deps_.net_log = log.bound().net_log(); - // Enable cross-origin push. - session_deps_.trusted_spdy_proxy = "myproxy:70"; + session_deps_.proxy_delegate.reset(proxy_delegate.release()); scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -7807,18 +7813,22 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPush) { // Test that an explicitly trusted SPDY proxy cannot push HTTPS content. TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) { + // Configure the proxy delegate to allow cross-origin SPDY pushes. + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI( + "https://myproxy:443", net::ProxyServer::SCHEME_HTTP)); HttpRequestInfo request; request.method = "GET"; request.url = GURL("http://www.example.org/"); - // Configure against https proxy server "myproxy:70". - session_deps_.proxy_service = ProxyService::CreateFixed("https://myproxy:70"); + session_deps_.proxy_service = + ProxyService::CreateFixed("https://myproxy:443"); BoundTestNetLog log; session_deps_.net_log = log.bound().net_log(); // Enable cross-origin push. - session_deps_.trusted_spdy_proxy = "myproxy:70"; + session_deps_.proxy_delegate.reset(proxy_delegate.release()); scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); @@ -7888,6 +7898,11 @@ TEST_P(HttpNetworkTransactionTest, CrossOriginProxyPushCorrectness) { // Test that an explicitly trusted SPDY proxy can push same-origin HTTPS // resources. TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) { + // Configure the proxy delegate to allow cross-origin SPDY pushes. + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy( + net::ProxyServer::FromURI("myproxy:70", net::ProxyServer::SCHEME_HTTP)); + HttpRequestInfo request; request.method = "GET"; @@ -7899,7 +7914,7 @@ TEST_P(HttpNetworkTransactionTest, SameOriginProxyPushCorrectness) { session_deps_.net_log = log.bound().net_log(); // Enable cross-origin push. - session_deps_.trusted_spdy_proxy = "myproxy:70"; + session_deps_.proxy_delegate.reset(proxy_delegate.release()); scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc index cc3069d..29c10d0 100644 --- a/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_unittest.cc @@ -11,6 +11,7 @@ #include "net/base/net_errors.h" #include "net/base/proxy_delegate.h" #include "net/base/test_completion_callback.h" +#include "net/base/test_proxy_delegate.h" #include "net/http/http_network_session.h" #include "net/http/http_proxy_client_socket.h" #include "net/http/http_response_headers.h" @@ -61,97 +62,6 @@ typedef ::testing::TestWithParam<HttpProxyType> TestWithHttpParam; const char kHttpProxyHost[] = "httpproxy.example.com"; const char kHttpsProxyHost[] = "httpsproxy.example.com"; -class TestProxyDelegate : public ProxyDelegate { - public: - TestProxyDelegate() - : on_before_tunnel_request_called_(false), - on_tunnel_request_completed_called_(false), - on_tunnel_headers_received_called_(false) { - } - - ~TestProxyDelegate() override {} - - bool on_before_tunnel_request_called() const { - return on_before_tunnel_request_called_; - } - - bool on_tunnel_request_completed_called() const { - return on_tunnel_request_completed_called_; - } - - bool on_tunnel_headers_received_called() const { - return on_tunnel_headers_received_called_; - } - - void VerifyOnTunnelRequestCompleted(const std::string& endpoint, - const std::string& proxy_server) const { - EXPECT_TRUE(on_tunnel_request_completed_called_); - EXPECT_TRUE(HostPortPair::FromString(endpoint).Equals( - on_tunnel_request_completed_endpoint_)); - EXPECT_TRUE(HostPortPair::FromString(proxy_server).Equals( - on_tunnel_request_completed_proxy_server_)); - } - - void VerifyOnTunnelHeadersReceived(const std::string& origin, - const std::string& proxy_server, - const std::string& status_line) const { - EXPECT_TRUE(on_tunnel_headers_received_called_); - EXPECT_TRUE(HostPortPair::FromString(origin).Equals( - on_tunnel_headers_received_origin_)); - EXPECT_TRUE(HostPortPair::FromString(proxy_server).Equals( - on_tunnel_headers_received_proxy_server_)); - EXPECT_EQ(status_line, on_tunnel_headers_received_status_line_); - } - - // ProxyDelegate: - void OnResolveProxy(const GURL& url, - int load_flags, - const ProxyService& proxy_service, - ProxyInfo* result) override {} - - void OnTunnelConnectCompleted(const HostPortPair& endpoint, - const HostPortPair& proxy_server, - int net_error) override { - on_tunnel_request_completed_called_ = true; - on_tunnel_request_completed_endpoint_ = endpoint; - on_tunnel_request_completed_proxy_server_ = proxy_server; - } - - void OnFallback(const ProxyServer& bad_proxy, int net_error) override {} - - void OnBeforeSendHeaders(URLRequest* request, - const ProxyInfo& proxy_info, - HttpRequestHeaders* headers) override {} - - void OnBeforeTunnelRequest(const HostPortPair& proxy_server, - HttpRequestHeaders* extra_headers) override { - on_before_tunnel_request_called_ = true; - if (extra_headers) { - extra_headers->SetHeader("Foo", proxy_server.ToString()); - } - } - - void OnTunnelHeadersReceived( - const HostPortPair& origin, - const HostPortPair& proxy_server, - const HttpResponseHeaders& response_headers) override { - on_tunnel_headers_received_called_ = true; - on_tunnel_headers_received_origin_ = origin; - on_tunnel_headers_received_proxy_server_ = proxy_server; - on_tunnel_headers_received_status_line_ = response_headers.GetStatusLine(); - } - - private: - bool on_before_tunnel_request_called_; - bool on_tunnel_request_completed_called_; - bool on_tunnel_headers_received_called_; - HostPortPair on_tunnel_request_completed_endpoint_; - HostPortPair on_tunnel_request_completed_proxy_server_; - HostPortPair on_tunnel_headers_received_origin_; - HostPortPair on_tunnel_headers_received_proxy_server_; - std::string on_tunnel_headers_received_status_line_; -}; - } // namespace class HttpProxyClientSocketPoolTest diff --git a/net/net.gypi b/net/net.gypi index 1ac720d..87eeb0b9 100644 --- a/net/net.gypi +++ b/net/net.gypi @@ -1339,6 +1339,8 @@ 'base/stale_while_revalidate_experiment_domains_unittest.cc', 'base/static_cookie_policy_unittest.cc', 'base/test_completion_callback_unittest.cc', + 'base/test_proxy_delegate.cc', + 'base/test_proxy_delegate.h', 'base/upload_bytes_element_reader_unittest.cc', 'base/upload_file_element_reader_unittest.cc', 'base/url_util_unittest.cc', diff --git a/net/spdy/spdy_network_transaction_unittest.cc b/net/spdy/spdy_network_transaction_unittest.cc index a1e060c..a71e75c 100644 --- a/net/spdy/spdy_network_transaction_unittest.cc +++ b/net/spdy/spdy_network_transaction_unittest.cc @@ -18,8 +18,10 @@ #include "net/base/auth.h" #include "net/base/chunked_upload_data_stream.h" #include "net/base/elements_upload_data_stream.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_data_directory.h" +#include "net/base/test_proxy_delegate.h" #include "net/base/upload_bytes_element_reader.h" #include "net/base/upload_file_element_reader.h" #include "net/http/http_auth_scheme.h" @@ -30,6 +32,7 @@ #include "net/log/test_net_log.h" #include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" +#include "net/proxy/proxy_server.h" #include "net/socket/client_socket_pool_base.h" #include "net/socket/next_proto.h" #include "net/spdy/buffered_spdy_framer.h" @@ -5474,7 +5477,10 @@ TEST_P(SpdyNetworkTransactionTest, ServerPushCrossOriginCorrectness) { // not actually enable cross-origin SPDY push. scoped_ptr<SpdySessionDependencies> session_deps( CreateSpdySessionDependencies(GetParam())); - session_deps->trusted_spdy_proxy = "123.45.67.89:8080"; + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy(net::ProxyServer::FromURI( + "https://123.45.67.89:443", net::ProxyServer::SCHEME_HTTP)); + session_deps->proxy_delegate.reset(proxy_delegate.release()); NormalSpdyTransactionHelper helper(request, DEFAULT_PRIORITY, BoundNetLog(), GetParam(), std::move(session_deps)); helper.RunPreTestSetup(); diff --git a/net/spdy/spdy_session.cc b/net/spdy/spdy_session.cc index ba056d6..4eb8b42 100644 --- a/net/spdy/spdy_session.cc +++ b/net/spdy/spdy_session.cc @@ -30,6 +30,7 @@ #include "crypto/ec_signature_creator.h" #include "net/base/connection_type_histograms.h" #include "net/base/net_util.h" +#include "net/base/proxy_delegate.h" #include "net/cert/asn1_util.h" #include "net/cert/cert_verify_result.h" #include "net/http/http_log_util.h" @@ -38,6 +39,7 @@ #include "net/http/http_util.h" #include "net/http/transport_security_state.h" #include "net/log/net_log.h" +#include "net/proxy/proxy_server.h" #include "net/socket/ssl_client_socket.h" #include "net/spdy/spdy_buffer_producer.h" #include "net/spdy/spdy_frame_builder.h" @@ -658,7 +660,7 @@ SpdySession::SpdySession( size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, TimeFunc time_func, - const HostPortPair& trusted_spdy_proxy, + ProxyDelegate* proxy_delegate, NetLog* net_log) : in_io_loop_(false), spdy_session_key_(spdy_session_key), @@ -713,7 +715,7 @@ SpdySession::SpdySession( connection_at_risk_of_loss_time_( base::TimeDelta::FromSeconds(kDefaultConnectionAtRiskOfLossSeconds)), hung_interval_(base::TimeDelta::FromSeconds(kHungIntervalSeconds)), - trusted_spdy_proxy_(trusted_spdy_proxy), + proxy_delegate_(proxy_delegate), time_func_(time_func), send_priority_dependency_(priority_dependency_enabled_default), weak_factory_(this) { @@ -2703,10 +2705,12 @@ bool SpdySession::TryCreatePushStream(SpdyStreamId stream_id, // Check that the pushed stream advertises the same origin as its associated // stream. Bypass this check if and only if this session is with a SPDY proxy - // that is trusted explicitly via the --trusted-spdy-proxy switch or if the + // that is trusted explicitly as determined by the |proxy_delegate_| or if the // proxy is pushing same-origin resources. if (!HostPortPair::FromURL(gurl).Equals(host_port_pair())) { - if (trusted_spdy_proxy_.Equals(host_port_pair())) { + if (proxy_delegate_ && + proxy_delegate_->IsTrustedSpdyProxy( + ProxyServer(ProxyServer::SCHEME_HTTPS, host_port_pair()))) { // Disallow pushing of HTTPS content. if (gurl.SchemeIs("https")) { EnqueueResetStreamFrame( diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h index 491766e..ece02bc 100644 --- a/net/spdy/spdy_session.h +++ b/net/spdy/spdy_session.h @@ -19,6 +19,7 @@ #include "base/memory/scoped_ptr.h" #include "base/memory/weak_ptr.h" #include "base/time/time.h" +#include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/load_states.h" #include "net/base/net_errors.h" @@ -73,6 +74,7 @@ const SpdyStreamId kLastStreamId = 0x7fffffff; class BoundNetLog; struct LoadTimingInfo; +class ProxyDelegate; class SpdyStream; class SSLInfo; class TransportSecurityState; @@ -245,7 +247,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, TimeFunc time_func, - const HostPortPair& trusted_spdy_proxy, + ProxyDelegate* proxy_delegate, NetLog* net_log); ~SpdySession() override; @@ -1186,9 +1188,10 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // get a PING response (http://crbug.com/127812). base::TimeDelta hung_interval_; - // This SPDY proxy is allowed to push resources from origins that are - // different from those of their associated streams. - HostPortPair trusted_spdy_proxy_; + // The |proxy_delegate_| verifies that a given proxy is a trusted SPDY proxy, + // which is allowed to push resources from origins that are different from + // those of their associated streams. May be nullptr. + ProxyDelegate* proxy_delegate_; TimeFunc time_func_; diff --git a/net/spdy/spdy_session_pool.cc b/net/spdy/spdy_session_pool.cc index 1208878..7e98ded 100644 --- a/net/spdy/spdy_session_pool.cc +++ b/net/spdy/spdy_session_pool.cc @@ -41,7 +41,7 @@ SpdySessionPool::SpdySessionPool( size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, SpdySessionPool::TimeFunc time_func, - const std::string& trusted_spdy_proxy) + ProxyDelegate* proxy_delegate) : http_server_properties_(http_server_properties), transport_security_state_(transport_security_state), ssl_config_service_(ssl_config_service), @@ -59,7 +59,7 @@ SpdySessionPool::SpdySessionPool( stream_max_recv_window_size_(stream_max_recv_window_size), initial_max_concurrent_streams_(initial_max_concurrent_streams), time_func_(time_func), - trusted_spdy_proxy_(HostPortPair::FromString(trusted_spdy_proxy)) { + proxy_delegate_(proxy_delegate) { DCHECK(default_protocol_ >= kProtoSPDYMinimumVersion && default_protocol_ <= kProtoSPDYMaximumVersion); NetworkChangeNotifier::AddIPAddressObserver(this); @@ -101,7 +101,7 @@ base::WeakPtr<SpdySession> SpdySessionPool::CreateAvailableSessionFromSocket( enable_compression_, enable_ping_based_connection_checking_, default_protocol_, session_max_recv_window_size_, stream_max_recv_window_size_, initial_max_concurrent_streams_, time_func_, - trusted_spdy_proxy_, net_log.net_log())); + proxy_delegate_, net_log.net_log())); new_session->InitializeWithSocket(std::move(connection), this, is_secure, certificate_error_code); diff --git a/net/spdy/spdy_session_pool.h b/net/spdy/spdy_session_pool.h index 0b0f97e..092567f 100644 --- a/net/spdy/spdy_session_pool.h +++ b/net/spdy/spdy_session_pool.h @@ -34,6 +34,7 @@ class BoundNetLog; class ClientSocketHandle; class HostResolver; class HttpServerProperties; +class ProxyDelegate; class SpdySession; class TransportSecurityState; @@ -60,7 +61,7 @@ class NET_EXPORT SpdySessionPool size_t stream_max_recv_window_size, size_t initial_max_concurrent_streams, SpdySessionPool::TimeFunc time_func, - const std::string& trusted_spdy_proxy); + ProxyDelegate* proxy_delegate); ~SpdySessionPool() override; // In the functions below, a session is "available" if this pool has @@ -217,9 +218,10 @@ class NET_EXPORT SpdySessionPool size_t initial_max_concurrent_streams_; TimeFunc time_func_; - // This SPDY proxy is allowed to push resources from origins that are - // different from those of their associated streams. - HostPortPair trusted_spdy_proxy_; + // Determines if a proxy is a trusted SPDY proxy, which is allowed to push + // resources from origins that are different from those of their associated + // streams. May be nullptr. + ProxyDelegate* proxy_delegate_; DISALLOW_COPY_AND_ASSIGN(SpdySessionPool); }; diff --git a/net/spdy/spdy_session_unittest.cc b/net/spdy/spdy_session_unittest.cc index 10901fa..0cc9a66 100644 --- a/net/spdy/spdy_session_unittest.cc +++ b/net/spdy/spdy_session_unittest.cc @@ -12,14 +12,18 @@ #include "base/memory/scoped_ptr.h" #include "base/run_loop.h" #include "base/test/histogram_tester.h" +#include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/ip_endpoint.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_data_directory.h" #include "net/base/test_data_stream.h" +#include "net/base/test_proxy_delegate.h" #include "net/log/test_net_log.h" #include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" +#include "net/proxy/proxy_server.h" #include "net/socket/client_socket_pool_manager.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" @@ -4957,8 +4961,12 @@ TEST_P(SpdySessionTest, TrustedSpdyProxy) { SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); session_deps_.socket_factory->AddSocketDataProvider(&data); - session_deps_.trusted_spdy_proxy = - HostPortPair::FromURL(GURL(kDefaultURL)).ToString(); + + scoped_ptr<TestProxyDelegate> proxy_delegate(new TestProxyDelegate()); + proxy_delegate->set_trusted_spdy_proxy( + net::ProxyServer(net::ProxyServer::SCHEME_HTTPS, + HostPortPair(GURL(kDefaultURL).host(), 80))); + session_deps_.proxy_delegate.reset(proxy_delegate.release()); CreateNetworkSession(); CreateInsecureSpdySession(); diff --git a/net/spdy/spdy_test_util_common.cc b/net/spdy/spdy_test_util_common.cc index a166565..b919dd1 100644 --- a/net/spdy/spdy_test_util_common.cc +++ b/net/spdy/spdy_test_util_common.cc @@ -13,6 +13,7 @@ #include "base/memory/scoped_ptr.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" +#include "net/base/host_port_pair.h" #include "net/cert/mock_cert_verifier.h" #include "net/http/http_cache.h" #include "net/http/http_network_session.h" @@ -437,7 +438,7 @@ HttpNetworkSession::Params SpdySessionDependencies::CreateSessionParams( params.time_func = session_deps->time_func; params.enable_spdy31 = session_deps->enable_spdy31; params.enable_http2 = session_deps->enable_http2; - params.trusted_spdy_proxy = session_deps->trusted_spdy_proxy; + params.proxy_delegate = session_deps->proxy_delegate.get(); params.parse_alternative_services = session_deps->parse_alternative_services; params.enable_alternative_service_with_different_host = session_deps->enable_alternative_service_with_different_host; diff --git a/net/spdy/spdy_test_util_common.h b/net/spdy/spdy_test_util_common.h index 6746d85..b19793f 100644 --- a/net/spdy/spdy_test_util_common.h +++ b/net/spdy/spdy_test_util_common.h @@ -17,6 +17,7 @@ #include "crypto/ec_private_key.h" #include "crypto/ec_signature_creator.h" #include "net/base/completion_callback.h" +#include "net/base/proxy_delegate.h" #include "net/base/request_priority.h" #include "net/base/test_completion_callback.h" #include "net/cert/cert_verifier.h" @@ -26,6 +27,7 @@ #include "net/http/http_response_info.h" #include "net/http/http_server_properties_impl.h" #include "net/http/transport_security_state.h" +#include "net/proxy/proxy_server.h" #include "net/proxy/proxy_service.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" @@ -40,6 +42,7 @@ class GURL; namespace net { class BoundNetLog; +class HostPortPair; class SpdySession; class SpdySessionKey; class SpdySessionPool; @@ -202,7 +205,7 @@ struct SpdySessionDependencies { SpdySession::TimeFunc time_func; bool enable_spdy31; bool enable_http2; - std::string trusted_spdy_proxy; + scoped_ptr<ProxyDelegate> proxy_delegate; bool parse_alternative_services; bool enable_alternative_service_with_different_host; NetLog* net_log; diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc index 44109d7..a9ee6a4 100644 --- a/net/url_request/url_request_context_builder.cc +++ b/net/url_request/url_request_context_builder.cc @@ -11,7 +11,6 @@ #include "base/compiler_specific.h" #include "base/logging.h" #include "base/macros.h" -#include "base/memory/scoped_ptr.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_util.h" #include "base/thread_task_runner_handle.h" @@ -391,8 +390,6 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() { http_network_session_params_.enable_spdy31; network_session_params.enable_http2 = http_network_session_params_.enable_http2; - network_session_params.trusted_spdy_proxy = - http_network_session_params_.trusted_spdy_proxy; network_session_params.parse_alternative_services = http_network_session_params_.parse_alternative_services; network_session_params.enable_alternative_service_with_different_host = diff --git a/net/url_request/url_request_context_builder.h b/net/url_request/url_request_context_builder.h index 83193d1..739c77a 100644 --- a/net/url_request/url_request_context_builder.h +++ b/net/url_request/url_request_context_builder.h @@ -86,7 +86,6 @@ class NET_EXPORT URLRequestContextBuilder { uint16_t testing_fixed_https_port; bool enable_spdy31; bool enable_http2; - std::string trusted_spdy_proxy; bool parse_alternative_services; bool enable_alternative_service_with_different_host; bool enable_quic; |