summaryrefslogtreecommitdiff
path: root/chromium/net/ssl
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2020-01-20 13:40:20 +0100
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2020-01-22 12:41:23 +0000
commit7961cea6d1041e3e454dae6a1da660b453efd238 (patch)
treec0eeb4a9ff9ba32986289c1653d9608e53ccb444 /chromium/net/ssl
parentb7034d0803538058e5c9d904ef03cf5eab34f6ef (diff)
downloadqtwebengine-chromium-7961cea6d1041e3e454dae6a1da660b453efd238.tar.gz
BASELINE: Update Chromium to 78.0.3904.130
Change-Id: If185e0c0061b3437531c97c9c8c78f239352a68b Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/net/ssl')
-rw-r--r--chromium/net/ssl/client_cert_store_nss.cc10
-rw-r--r--chromium/net/ssl/client_cert_store_nss_unittest.cc6
-rw-r--r--chromium/net/ssl/client_cert_store_unittest-inl.h4
-rw-r--r--chromium/net/ssl/ssl_client_auth_cache.cc14
-rw-r--r--chromium/net/ssl/ssl_client_auth_cache.h22
-rw-r--r--chromium/net/ssl/ssl_client_auth_cache_unittest.cc6
-rw-r--r--chromium/net/ssl/ssl_client_session_cache.cc43
-rw-r--r--chromium/net/ssl/ssl_client_session_cache.h39
-rw-r--r--chromium/net/ssl/ssl_client_session_cache_unittest.cc306
-rw-r--r--chromium/net/ssl/ssl_config.cc6
-rw-r--r--chromium/net/ssl/ssl_config.h30
-rw-r--r--chromium/net/ssl/ssl_config_service.cc41
-rw-r--r--chromium/net/ssl/ssl_config_service.h63
-rw-r--r--chromium/net/ssl/ssl_config_service_defaults.cc4
-rw-r--r--chromium/net/ssl/ssl_config_service_defaults.h6
-rw-r--r--chromium/net/ssl/ssl_config_service_unittest.cc62
-rw-r--r--chromium/net/ssl/ssl_info.h5
-rw-r--r--chromium/net/ssl/ssl_key_logger_impl.cc21
-rw-r--r--chromium/net/ssl/ssl_key_logger_impl.h6
-rw-r--r--chromium/net/ssl/ssl_platform_key_android_unittest.cc4
-rw-r--r--chromium/net/ssl/ssl_platform_key_mac_unittest.cc4
-rw-r--r--chromium/net/ssl/ssl_platform_key_nss_unittest.cc4
-rw-r--r--chromium/net/ssl/ssl_platform_key_win_unittest.cc8
-rw-r--r--chromium/net/ssl/test_ssl_config_service.cc29
-rw-r--r--chromium/net/ssl/test_ssl_config_service.h29
25 files changed, 486 insertions, 286 deletions
diff --git a/chromium/net/ssl/client_cert_store_nss.cc b/chromium/net/ssl/client_cert_store_nss.cc
index 6bb552aff50..f4d3e893c23 100644
--- a/chromium/net/ssl/client_cert_store_nss.cc
+++ b/chromium/net/ssl/client_cert_store_nss.cc
@@ -49,9 +49,10 @@ class ClientCertIdentityNSS : public ClientCertIdentity {
private_key_callback) override {
// Caller is responsible for keeping the ClientCertIdentity alive until
// the |private_key_callback| is run, so it's safe to use Unretained here.
- base::PostTaskWithTraitsAndReplyWithResult(
+ base::PostTaskAndReplyWithResult(
FROM_HERE,
- {base::MayBlock(), base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
+ {base::ThreadPool(), base::MayBlock(),
+ base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
base::BindOnce(&FetchClientCertPrivateKey,
base::Unretained(certificate()), cert_certificate_.get(),
password_delegate_),
@@ -77,9 +78,10 @@ void ClientCertStoreNSS::GetClientCerts(const SSLCertRequestInfo& request,
scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate> password_delegate;
if (!password_delegate_factory_.is_null())
password_delegate = password_delegate_factory_.Run(request.host_and_port);
- base::PostTaskWithTraitsAndReplyWithResult(
+ base::PostTaskAndReplyWithResult(
FROM_HERE,
- {base::MayBlock(), base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
+ {base::ThreadPool(), base::MayBlock(),
+ base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
base::BindOnce(&ClientCertStoreNSS::GetAndFilterCertsOnWorkerThread,
// Caller is responsible for keeping the ClientCertStore
// alive until the callback is run.
diff --git a/chromium/net/ssl/client_cert_store_nss_unittest.cc b/chromium/net/ssl/client_cert_store_nss_unittest.cc
index cf3a2942ae4..964b9fbe809 100644
--- a/chromium/net/ssl/client_cert_store_nss_unittest.cc
+++ b/chromium/net/ssl/client_cert_store_nss_unittest.cc
@@ -15,7 +15,7 @@
#include "base/files/file_util.h"
#include "base/memory/ref_counted.h"
#include "base/run_loop.h"
-#include "base/test/scoped_task_environment.h"
+#include "base/test/task_environment.h"
#include "crypto/nss_util.h"
#include "crypto/scoped_test_nss_db.h"
#include "net/cert/pem_tokenizer.h"
@@ -76,7 +76,7 @@ INSTANTIATE_TYPED_TEST_SUITE_P(NSS,
// Tests that ClientCertStoreNSS attempts to build a certificate chain by
// querying NSS before return a certificate.
TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {
- base::test::ScopedTaskEnvironment scoped_task_environment;
+ base::test::TaskEnvironment task_environment;
// Set up a test DB and import client_1.pem and client_1_ca.pem.
crypto::ScopedTestNSSDB test_db;
@@ -169,7 +169,7 @@ TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {
}
TEST(ClientCertStoreNSSTest, SubjectPrintableStringContainingUTF8) {
- base::test::ScopedTaskEnvironment scoped_task_environment;
+ base::test::TaskEnvironment task_environment;
crypto::ScopedTestNSSDB test_db;
base::FilePath certs_dir =
diff --git a/chromium/net/ssl/client_cert_store_unittest-inl.h b/chromium/net/ssl/client_cert_store_unittest-inl.h
index 71318b519a9..ea2a7205755 100644
--- a/chromium/net/ssl/client_cert_store_unittest-inl.h
+++ b/chromium/net/ssl/client_cert_store_unittest-inl.h
@@ -17,7 +17,7 @@
#include "net/ssl/ssl_cert_request_info.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
-#include "net/test/test_with_scoped_task_environment.h"
+#include "net/test/test_with_task_environment.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace net {
@@ -58,7 +58,7 @@ const unsigned char kAuthorityRootDN[] = {
// const SSLCertRequestInfo& cert_request_info,
// ClientCertIdentityList* selected_identities);
template <typename T>
-class ClientCertStoreTest : public TestWithScopedTaskEnvironment {
+class ClientCertStoreTest : public TestWithTaskEnvironment {
public:
T delegate_;
};
diff --git a/chromium/net/ssl/ssl_client_auth_cache.cc b/chromium/net/ssl/ssl_client_auth_cache.cc
index 4cd6aef7030..e8c05fc9de9 100644
--- a/chromium/net/ssl/ssl_client_auth_cache.cc
+++ b/chromium/net/ssl/ssl_client_auth_cache.cc
@@ -10,13 +10,9 @@
namespace net {
-SSLClientAuthCache::SSLClientAuthCache() {
- CertDatabase::GetInstance()->AddObserver(this);
-}
+SSLClientAuthCache::SSLClientAuthCache() {}
-SSLClientAuthCache::~SSLClientAuthCache() {
- CertDatabase::GetInstance()->RemoveObserver(this);
-}
+SSLClientAuthCache::~SSLClientAuthCache() {}
bool SSLClientAuthCache::Lookup(const HostPortPair& server,
scoped_refptr<X509Certificate>* certificate,
@@ -41,11 +37,11 @@ void SSLClientAuthCache::Add(const HostPortPair& server,
// TODO(wtc): enforce a maximum number of entries.
}
-void SSLClientAuthCache::Remove(const HostPortPair& server) {
- cache_.erase(server);
+bool SSLClientAuthCache::Remove(const HostPortPair& server) {
+ return cache_.erase(server);
}
-void SSLClientAuthCache::OnCertDBChanged() {
+void SSLClientAuthCache::Clear() {
cache_.clear();
}
diff --git a/chromium/net/ssl/ssl_client_auth_cache.h b/chromium/net/ssl/ssl_client_auth_cache.h
index 6486967ec48..a380ea7d6f3 100644
--- a/chromium/net/ssl/ssl_client_auth_cache.h
+++ b/chromium/net/ssl/ssl_client_auth_cache.h
@@ -13,7 +13,6 @@
#include "base/memory/ref_counted.h"
#include "net/base/host_port_pair.h"
#include "net/base/net_export.h"
-#include "net/cert/cert_database.h"
#include "net/ssl/ssl_private_key.h"
namespace net {
@@ -21,16 +20,12 @@ namespace net {
class X509Certificate;
// The SSLClientAuthCache class is a simple cache structure to store SSL
-// client certificates. Provides lookup, insertion, and deletion of entries.
-// The parameter for doing lookups, insertions, and deletions is the server's
-// host and port.
-//
-// TODO(wtc): This class is based on FtpAuthCache. We can extract the common
-// code to a template class.
-class NET_EXPORT_PRIVATE SSLClientAuthCache : public CertDatabase::Observer {
+// client certificate decisions. Provides lookup, insertion, and deletion of
+// entries based on a server's host and port.
+class NET_EXPORT_PRIVATE SSLClientAuthCache {
public:
SSLClientAuthCache();
- ~SSLClientAuthCache() override;
+ ~SSLClientAuthCache();
// Checks for a client certificate preference for SSL server at |server|.
// Returns true if a preference is found, and sets |*certificate| to the
@@ -49,11 +44,12 @@ class NET_EXPORT_PRIVATE SSLClientAuthCache : public CertDatabase::Observer {
scoped_refptr<X509Certificate> client_cert,
scoped_refptr<SSLPrivateKey> private_key);
- // Remove the client certificate for |server| from the cache, if one exists.
- void Remove(const HostPortPair& server);
+ // Remove cached client certificate decisions for |server| from the cache.
+ // Returns true if one was removed and false otherwise.
+ bool Remove(const HostPortPair& server);
- // CertDatabase::Observer methods:
- void OnCertDBChanged() override;
+ // Removes all cached client certificate decisions.
+ void Clear();
private:
typedef HostPortPair AuthCacheKey;
diff --git a/chromium/net/ssl/ssl_client_auth_cache_unittest.cc b/chromium/net/ssl/ssl_client_auth_cache_unittest.cc
index ff1b01561f6..6d6bbf82352 100644
--- a/chromium/net/ssl/ssl_client_auth_cache_unittest.cc
+++ b/chromium/net/ssl/ssl_client_auth_cache_unittest.cc
@@ -154,8 +154,8 @@ TEST(SSLClientAuthCacheTest, LookupNullPreference) {
EXPECT_EQ(nullptr, cached_cert.get());
}
-// Check that the OnCertDBChanged() method removes all cache entries.
-TEST(SSLClientAuthCacheTest, OnCertDBChanged) {
+// Check that the Clear() method removes all cache entries.
+TEST(SSLClientAuthCacheTest, Clear) {
SSLClientAuthCache cache;
HostPortPair server1("foo", 443);
@@ -178,7 +178,7 @@ TEST(SSLClientAuthCacheTest, OnCertDBChanged) {
EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));
EXPECT_EQ(nullptr, cached_cert.get());
- cache.OnCertDBChanged();
+ cache.Clear();
// Check that we no longer have entries for either server.
EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey));
diff --git a/chromium/net/ssl/ssl_client_session_cache.cc b/chromium/net/ssl/ssl_client_session_cache.cc
index da21c11510b..40ef3c37cb9 100644
--- a/chromium/net/ssl/ssl_client_session_cache.cc
+++ b/chromium/net/ssl/ssl_client_session_cache.cc
@@ -4,6 +4,7 @@
#include "net/ssl/ssl_client_session_cache.h"
+#include <tuple>
#include <utility>
#include "base/containers/flat_set.h"
@@ -24,6 +25,27 @@ bool IsTLS13(const SSL_SESSION* session) {
} // namespace
+SSLClientSessionCache::Key::Key() = default;
+SSLClientSessionCache::Key::Key(const Key& other) = default;
+SSLClientSessionCache::Key::Key(Key&& other) = default;
+SSLClientSessionCache::Key::~Key() = default;
+SSLClientSessionCache::Key& SSLClientSessionCache::Key::operator=(
+ const Key& other) = default;
+SSLClientSessionCache::Key& SSLClientSessionCache::Key::operator=(Key&& other) =
+ default;
+
+bool SSLClientSessionCache::Key::operator==(const Key& other) const {
+ return std::tie(server, dest_ip_addr, network_isolation_key, privacy_mode) ==
+ std::tie(other.server, other.dest_ip_addr, other.network_isolation_key,
+ other.privacy_mode);
+}
+
+bool SSLClientSessionCache::Key::operator<(const Key& other) const {
+ return std::tie(server, dest_ip_addr, network_isolation_key, privacy_mode) <
+ std::tie(other.server, other.dest_ip_addr, other.network_isolation_key,
+ other.privacy_mode);
+}
+
SSLClientSessionCache::SSLClientSessionCache(const Config& config)
: clock_(base::DefaultClock::GetInstance()),
config_(config),
@@ -31,15 +53,9 @@ SSLClientSessionCache::SSLClientSessionCache(const Config& config)
lookups_since_flush_(0) {
memory_pressure_listener_.reset(new base::MemoryPressureListener(base::Bind(
&SSLClientSessionCache::OnMemoryPressure, base::Unretained(this))));
- CertDatabase::GetInstance()->AddObserver(this);
}
SSLClientSessionCache::~SSLClientSessionCache() {
- CertDatabase::GetInstance()->RemoveObserver(this);
- Flush();
-}
-
-void SSLClientSessionCache::OnCertDBChanged() {
Flush();
}
@@ -48,7 +64,7 @@ size_t SSLClientSessionCache::size() const {
}
bssl::UniquePtr<SSL_SESSION> SSLClientSessionCache::Lookup(
- const std::string& cache_key) {
+ const Key& cache_key) {
// Expire stale sessions.
lookups_since_flush_++;
if (lookups_since_flush_ >= config_.expiration_check_count) {
@@ -79,7 +95,7 @@ bssl::UniquePtr<SSL_SESSION> SSLClientSessionCache::Lookup(
return session;
}
-void SSLClientSessionCache::Insert(const std::string& cache_key,
+void SSLClientSessionCache::Insert(const Key& cache_key,
bssl::UniquePtr<SSL_SESSION> session) {
if (IsTLS13(session.get())) {
base::TimeDelta lifetime =
@@ -95,6 +111,17 @@ void SSLClientSessionCache::Insert(const std::string& cache_key,
iter->second.Push(std::move(session));
}
+void SSLClientSessionCache::FlushForServer(const HostPortPair& server) {
+ auto iter = cache_.begin();
+ while (iter != cache_.end()) {
+ if (iter->first.server == server) {
+ iter = cache_.Erase(iter);
+ } else {
+ ++iter;
+ }
+ }
+}
+
void SSLClientSessionCache::Flush() {
cache_.Clear();
}
diff --git a/chromium/net/ssl/ssl_client_session_cache.h b/chromium/net/ssl/ssl_client_session_cache.h
index 858dd61c7fd..c674837c568 100644
--- a/chromium/net/ssl/ssl_client_session_cache.h
+++ b/chromium/net/ssl/ssl_client_session_cache.h
@@ -15,10 +15,14 @@
#include "base/containers/mru_cache.h"
#include "base/macros.h"
#include "base/memory/memory_pressure_monitor.h"
+#include "base/optional.h"
#include "base/time/time.h"
#include "base/trace_event/memory_dump_provider.h"
+#include "net/base/host_port_pair.h"
+#include "net/base/ip_address.h"
#include "net/base/net_export.h"
-#include "net/cert/cert_database.h"
+#include "net/base/network_isolation_key.h"
+#include "net/base/privacy_mode.h"
#include "third_party/boringssl/src/include/openssl/base.h"
namespace base {
@@ -30,7 +34,7 @@ class ProcessMemoryDump;
namespace net {
-class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer {
+class NET_EXPORT SSLClientSessionCache {
public:
struct Config {
// The maximum number of entries in the cache.
@@ -39,10 +43,25 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer {
size_t expiration_check_count = 256;
};
- explicit SSLClientSessionCache(const Config& config);
- ~SSLClientSessionCache() override;
+ struct NET_EXPORT Key {
+ Key();
+ Key(const Key& other);
+ Key(Key&& other);
+ ~Key();
+ Key& operator=(const Key& other);
+ Key& operator=(Key&& other);
+
+ bool operator==(const Key& other) const;
+ bool operator<(const Key& other) const;
+
+ HostPortPair server;
+ base::Optional<IPAddress> dest_ip_addr;
+ NetworkIsolationKey network_isolation_key;
+ PrivacyMode privacy_mode = PRIVACY_MODE_DISABLED;
+ };
- void OnCertDBChanged() override;
+ explicit SSLClientSessionCache(const Config& config);
+ ~SSLClientSessionCache();
// Returns true if |entry| is expired as of |now|.
static bool IsExpired(SSL_SESSION* session, time_t now);
@@ -51,13 +70,15 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer {
// Returns the session associated with |cache_key| and moves it to the front
// of the MRU list. Returns nullptr if there is none.
- bssl::UniquePtr<SSL_SESSION> Lookup(const std::string& cache_key);
+ bssl::UniquePtr<SSL_SESSION> Lookup(const Key& cache_key);
// Inserts |session| into the cache at |cache_key|. If there is an existing
// one, it is released. Every |expiration_check_count| calls, the cache is
// checked for stale entries.
- void Insert(const std::string& cache_key,
- bssl::UniquePtr<SSL_SESSION> session);
+ void Insert(const Key& cache_key, bssl::UniquePtr<SSL_SESSION> session);
+
+ // Removes all entries associated with |server|.
+ void FlushForServer(const HostPortPair& server);
// Removes all entries from the cache.
void Flush();
@@ -99,7 +120,7 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer {
base::Clock* clock_;
Config config_;
- base::HashingMRUCache<std::string, Entry> cache_;
+ base::MRUCache<Key, Entry> cache_;
size_t lookups_since_flush_;
std::unique_ptr<base::MemoryPressureListener> memory_pressure_listener_;
diff --git a/chromium/net/ssl/ssl_client_session_cache_unittest.cc b/chromium/net/ssl/ssl_client_session_cache_unittest.cc
index 610c2f3ec92..e786e60a27f 100644
--- a/chromium/net/ssl/ssl_client_session_cache_unittest.cc
+++ b/chromium/net/ssl/ssl_client_session_cache_unittest.cc
@@ -6,20 +6,22 @@
#include "base/run_loop.h"
#include "base/strings/string_number_conversions.h"
-#include "base/test/scoped_task_environment.h"
#include "base/test/simple_test_clock.h"
+#include "base/test/task_environment.h"
#include "base/time/time.h"
#include "base/trace_event/memory_allocator_dump.h"
#include "base/trace_event/process_memory_dump.h"
#include "base/trace_event/traced_value.h"
+#include "net/base/network_isolation_key.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
+#include "url/gurl.h"
+using testing::ByRef;
using testing::Contains;
using testing::Eq;
using testing::Field;
-using testing::ByRef;
namespace net {
@@ -34,6 +36,12 @@ std::unique_ptr<base::SimpleTestClock> MakeTestClock() {
return clock;
}
+SSLClientSessionCache::Key MakeTestKey(const std::string& str) {
+ SSLClientSessionCache::Key key;
+ key.server = HostPortPair(str, 443);
+ return key;
+}
+
class SSLClientSessionCacheTest : public testing::Test {
public:
SSLClientSessionCacheTest() : ssl_ctx_(SSL_CTX_new(TLS_method())) {}
@@ -74,29 +82,29 @@ TEST_F(SSLClientSessionCacheTest, Basic) {
bssl::UniquePtr<SSL_SESSION> session2 = NewSSLSession();
bssl::UniquePtr<SSL_SESSION> session3 = NewSSLSession();
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key1", bssl::UpRef(session1));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(1u, cache.size());
- cache.Insert("key2", bssl::UpRef(session2));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(2u, cache.size());
- cache.Insert("key1", bssl::UpRef(session3));
- EXPECT_EQ(session3.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session3));
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(2u, cache.size());
cache.Flush();
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
- EXPECT_EQ(nullptr, cache.Lookup("key3").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key3")).get());
EXPECT_EQ(0u, cache.size());
}
@@ -109,48 +117,48 @@ TEST_F(SSLClientSessionCacheTest, BasicSingleUse) {
bssl::UniquePtr<SSL_SESSION> session2 = NewSSLSession(TLS1_3_VERSION);
bssl::UniquePtr<SSL_SESSION> session3 = NewSSLSession(TLS1_3_VERSION);
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key1", bssl::UpRef(session1));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
- cache.Insert("key1", bssl::UpRef(session1));
- cache.Insert("key1", bssl::UpRef(session1));
- cache.Insert("key2", bssl::UpRef(session2));
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(1u, cache.size());
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
- cache.Insert("key1", bssl::UpRef(session1));
- cache.Insert("key1", bssl::UpRef(session3));
- cache.Insert("key2", bssl::UpRef(session2));
- EXPECT_EQ(session3.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session3));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2));
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
cache.Flush();
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
- EXPECT_EQ(nullptr, cache.Lookup("key3").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key3")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key1", bssl::UpRef(session1));
- cache.Insert("key1", bssl::UpRef(session2));
- cache.Insert("key1", bssl::UpRef(session3));
- EXPECT_EQ(session3.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session2));
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session3));
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
}
// Test insertion and lookup operations with both single-use and reusable
@@ -162,34 +170,34 @@ TEST_F(SSLClientSessionCacheTest, MixedUse) {
bssl::UniquePtr<SSL_SESSION> session_single = NewSSLSession(TLS1_3_VERSION);
bssl::UniquePtr<SSL_SESSION> session_reuse = NewSSLSession(TLS1_2_VERSION);
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key1", bssl::UpRef(session_reuse));
- EXPECT_EQ(session_reuse.get(), cache.Lookup("key1").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session_reuse));
+ EXPECT_EQ(session_reuse.get(), cache.Lookup(MakeTestKey("key1")).get());
EXPECT_EQ(1u, cache.size());
- cache.Insert("key1", bssl::UpRef(session_single));
- EXPECT_EQ(session_single.get(), cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session_single));
+ EXPECT_EQ(session_single.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
EXPECT_EQ(0u, cache.size());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key2", bssl::UpRef(session_single));
- cache.Insert("key2", bssl::UpRef(session_single));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_single));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_single));
EXPECT_EQ(1u, cache.size());
- EXPECT_EQ(session_single.get(), cache.Lookup("key2").get());
- EXPECT_EQ(session_single.get(), cache.Lookup("key2").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(session_single.get(), cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(session_single.get(), cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key2", bssl::UpRef(session_single));
- cache.Insert("key2", bssl::UpRef(session_reuse));
- EXPECT_EQ(session_reuse.get(), cache.Lookup("key2").get());
- EXPECT_EQ(session_reuse.get(), cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_single));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session_reuse));
+ EXPECT_EQ(session_reuse.get(), cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(session_reuse.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(1u, cache.size());
}
@@ -201,23 +209,23 @@ TEST_F(SSLClientSessionCacheTest, DoubleInsert) {
bssl::UniquePtr<SSL_SESSION> session = NewSSLSession();
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
- cache.Insert("key1", bssl::UpRef(session));
- EXPECT_EQ(session.get(), cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session));
+ EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(1u, cache.size());
- cache.Insert("key2", bssl::UpRef(session));
- EXPECT_EQ(session.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session.get(), cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session));
+ EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(2u, cache.size());
cache.Flush();
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(nullptr, cache.Lookup("key2").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(0u, cache.size());
}
@@ -233,29 +241,29 @@ TEST_F(SSLClientSessionCacheTest, MaxEntries) {
bssl::UniquePtr<SSL_SESSION> session4 = NewSSLSession();
// Insert three entries.
- cache.Insert("key1", bssl::UpRef(session1));
- cache.Insert("key2", bssl::UpRef(session2));
- cache.Insert("key3", bssl::UpRef(session3));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
- EXPECT_EQ(session3.get(), cache.Lookup("key3").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2));
+ cache.Insert(MakeTestKey("key3"), bssl::UpRef(session3));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get());
EXPECT_EQ(3u, cache.size());
// On insertion of a fourth, the first is removed.
- cache.Insert("key4", bssl::UpRef(session4));
- EXPECT_EQ(nullptr, cache.Lookup("key1").get());
- EXPECT_EQ(session4.get(), cache.Lookup("key4").get());
- EXPECT_EQ(session3.get(), cache.Lookup("key3").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
+ cache.Insert(MakeTestKey("key4"), bssl::UpRef(session4));
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session4.get(), cache.Lookup(MakeTestKey("key4")).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
EXPECT_EQ(3u, cache.size());
// Despite being newest, the next to be removed is session4 as it was accessed
// least. recently.
- cache.Insert("key1", bssl::UpRef(session1));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
- EXPECT_EQ(session3.get(), cache.Lookup("key3").get());
- EXPECT_EQ(nullptr, cache.Lookup("key4").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key4")).get());
EXPECT_EQ(3u, cache.size());
}
@@ -275,7 +283,7 @@ TEST_F(SSLClientSessionCacheTest, Expiration) {
for (size_t i = 0; i < kNumEntries - 1; i++) {
bssl::UniquePtr<SSL_SESSION> session =
MakeTestSession(clock->Now(), kTimeout);
- cache.Insert(base::NumberToString(i), bssl::UpRef(session));
+ cache.Insert(MakeTestKey(base::NumberToString(i)), bssl::UpRef(session));
}
EXPECT_EQ(kNumEntries - 1, cache.size());
@@ -283,7 +291,7 @@ TEST_F(SSLClientSessionCacheTest, Expiration) {
clock->Advance(kTimeout * 2);
bssl::UniquePtr<SSL_SESSION> session =
MakeTestSession(clock->Now(), kTimeout);
- cache.Insert("key", bssl::UpRef(session));
+ cache.Insert(MakeTestKey("key"), bssl::UpRef(session));
// All entries are still in the cache.
EXPECT_EQ(kNumEntries, cache.size());
@@ -291,18 +299,18 @@ TEST_F(SSLClientSessionCacheTest, Expiration) {
// Perform one fewer lookup than needed to trigger the expiration check. This
// shall not expire any session.
for (size_t i = 0; i < kExpirationCheckCount - 1; i++)
- cache.Lookup("key");
+ cache.Lookup(MakeTestKey("key"));
// All entries are still in the cache.
EXPECT_EQ(kNumEntries, cache.size());
// Perform one more lookup. This will expire all sessions but the last one.
- cache.Lookup("key");
+ cache.Lookup(MakeTestKey("key"));
EXPECT_EQ(1u, cache.size());
- EXPECT_EQ(session.get(), cache.Lookup("key").get());
+ EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key")).get());
for (size_t i = 0; i < kNumEntries - 1; i++) {
SCOPED_TRACE(i);
- EXPECT_EQ(nullptr, cache.Lookup(base::NumberToString(i)));
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey(base::NumberToString(i))));
}
}
@@ -323,8 +331,8 @@ TEST_F(SSLClientSessionCacheTest, LookupExpirationCheck) {
// Insert an entry into the session cache.
bssl::UniquePtr<SSL_SESSION> session =
MakeTestSession(clock->Now(), kTimeout);
- cache.Insert("key", bssl::UpRef(session));
- EXPECT_EQ(session.get(), cache.Lookup("key").get());
+ cache.Insert(MakeTestKey("key"), bssl::UpRef(session));
+ EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key")).get());
EXPECT_EQ(1u, cache.size());
// Expire the session.
@@ -334,30 +342,30 @@ TEST_F(SSLClientSessionCacheTest, LookupExpirationCheck) {
EXPECT_EQ(1u, cache.size());
// But it will not be returned on lookup and gets pruned at that point.
- EXPECT_EQ(nullptr, cache.Lookup("key").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key")).get());
EXPECT_EQ(0u, cache.size());
// Re-inserting a session does not refresh the lifetime. The expiration
// information in the session is used.
- cache.Insert("key", bssl::UpRef(session));
- EXPECT_EQ(nullptr, cache.Lookup("key").get());
+ cache.Insert(MakeTestKey("key"), bssl::UpRef(session));
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key")).get());
EXPECT_EQ(0u, cache.size());
// Re-insert a fresh copy of the session.
session = MakeTestSession(clock->Now(), kTimeout);
- cache.Insert("key", bssl::UpRef(session));
- EXPECT_EQ(session.get(), cache.Lookup("key").get());
+ cache.Insert(MakeTestKey("key"), bssl::UpRef(session));
+ EXPECT_EQ(session.get(), cache.Lookup(MakeTestKey("key")).get());
EXPECT_EQ(1u, cache.size());
// Sessions also are treated as expired if the clock rewinds.
clock->Advance(base::TimeDelta::FromSeconds(-2));
- EXPECT_EQ(nullptr, cache.Lookup("key").get());
+ EXPECT_EQ(nullptr, cache.Lookup(MakeTestKey("key")).get());
EXPECT_EQ(0u, cache.size());
}
// Test that SSL cache is flushed on low memory notifications
TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) {
- base::test::ScopedTaskEnvironment scoped_task_environment;
+ base::test::TaskEnvironment task_environment;
// kExpirationCheckCount is set to a suitably large number so the automated
// pruning never triggers.
@@ -373,8 +381,8 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) {
// Insert an entry into the session cache.
bssl::UniquePtr<SSL_SESSION> session1 =
MakeTestSession(clock->Now(), kTimeout);
- cache.Insert("key1", bssl::UpRef(session1));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
EXPECT_EQ(1u, cache.size());
// Expire the session.
@@ -382,7 +390,7 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) {
// Add one more session.
bssl::UniquePtr<SSL_SESSION> session2 =
MakeTestSession(clock->Now(), kTimeout);
- cache.Insert("key2", bssl::UpRef(session2));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2));
EXPECT_EQ(2u, cache.size());
// Fire a notification that will flush expired sessions.
@@ -392,8 +400,8 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) {
// Expired session's cache should be flushed.
// Lookup returns nullptr, when cache entry not found.
- EXPECT_FALSE(cache.Lookup("key1"));
- EXPECT_TRUE(cache.Lookup("key2"));
+ EXPECT_FALSE(cache.Lookup(MakeTestKey("key1")));
+ EXPECT_TRUE(cache.Lookup(MakeTestKey("key2")));
EXPECT_EQ(1u, cache.size());
// Fire notification that will flush everything.
@@ -403,6 +411,80 @@ TEST_F(SSLClientSessionCacheTest, TestFlushOnMemoryNotifications) {
EXPECT_EQ(0u, cache.size());
}
+TEST_F(SSLClientSessionCacheTest, FlushForServer) {
+ SSLClientSessionCache::Config config;
+ SSLClientSessionCache cache(config);
+
+ const url::Origin kOriginA = url::Origin::Create(GURL("https://a.test"));
+ const url::Origin kOriginB = url::Origin::Create(GURL("https://b.test"));
+
+ // Insert a number of cache entries.
+ SSLClientSessionCache::Key key1;
+ key1.server = HostPortPair("a.test", 443);
+ auto session1 = NewSSLSession();
+ cache.Insert(key1, bssl::UpRef(session1));
+
+ SSLClientSessionCache::Key key2;
+ key2.server = HostPortPair("a.test", 443);
+ key2.dest_ip_addr = IPAddress::IPv4Localhost();
+ key2.network_isolation_key = NetworkIsolationKey(kOriginB, kOriginB);
+ key2.privacy_mode = PRIVACY_MODE_ENABLED;
+ auto session2 = NewSSLSession();
+ cache.Insert(key2, bssl::UpRef(session2));
+
+ SSLClientSessionCache::Key key3;
+ key3.server = HostPortPair("a.test", 444);
+ auto session3 = NewSSLSession();
+ cache.Insert(key3, bssl::UpRef(session3));
+
+ SSLClientSessionCache::Key key4;
+ key4.server = HostPortPair("b.test", 443);
+ auto session4 = NewSSLSession();
+ cache.Insert(key4, bssl::UpRef(session4));
+
+ SSLClientSessionCache::Key key5;
+ key5.server = HostPortPair("b.test", 443);
+ key5.network_isolation_key = NetworkIsolationKey(kOriginA, kOriginA);
+ auto session5 = NewSSLSession();
+ cache.Insert(key5, bssl::UpRef(session5));
+
+ // Flush an unrelated server. The cache should be unaffected.
+ cache.FlushForServer(HostPortPair("c.test", 443));
+ EXPECT_EQ(5u, cache.size());
+ EXPECT_EQ(session1.get(), cache.Lookup(key1).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(key2).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(key3).get());
+ EXPECT_EQ(session4.get(), cache.Lookup(key4).get());
+ EXPECT_EQ(session5.get(), cache.Lookup(key5).get());
+
+ // Flush a.test:443. |key1| and |key2| should match, but not the others.
+ cache.FlushForServer(HostPortPair("a.test", 443));
+ EXPECT_EQ(3u, cache.size());
+ EXPECT_EQ(nullptr, cache.Lookup(key1).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key2).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(key3).get());
+ EXPECT_EQ(session4.get(), cache.Lookup(key4).get());
+ EXPECT_EQ(session5.get(), cache.Lookup(key5).get());
+
+ // Flush b.test:443. |key4| and |key5| match, but not |key3|.
+ cache.FlushForServer(HostPortPair("b.test", 443));
+ EXPECT_EQ(1u, cache.size());
+ EXPECT_EQ(nullptr, cache.Lookup(key1).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key2).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(key3).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key4).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key5).get());
+
+ // Flush the last host, a.test:444.
+ cache.FlushForServer(HostPortPair("a.test", 444));
+ EXPECT_EQ(0u, cache.size());
+ EXPECT_EQ(nullptr, cache.Lookup(key1).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key2).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key3).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key4).get());
+ EXPECT_EQ(nullptr, cache.Lookup(key5).get());
+}
+
class SSLClientSessionCacheMemoryDumpTest
: public SSLClientSessionCacheTest,
public testing::WithParamInterface<
@@ -424,12 +506,12 @@ TEST_P(SSLClientSessionCacheMemoryDumpTest, TestDumpMemoryStats) {
bssl::UniquePtr<SSL_SESSION> session3 = NewSSLSession();
// Insert three entries.
- cache.Insert("key1", bssl::UpRef(session1));
- cache.Insert("key2", bssl::UpRef(session2));
- cache.Insert("key3", bssl::UpRef(session3));
- EXPECT_EQ(session1.get(), cache.Lookup("key1").get());
- EXPECT_EQ(session2.get(), cache.Lookup("key2").get());
- EXPECT_EQ(session3.get(), cache.Lookup("key3").get());
+ cache.Insert(MakeTestKey("key1"), bssl::UpRef(session1));
+ cache.Insert(MakeTestKey("key2"), bssl::UpRef(session2));
+ cache.Insert(MakeTestKey("key3"), bssl::UpRef(session3));
+ EXPECT_EQ(session1.get(), cache.Lookup(MakeTestKey("key1")).get());
+ EXPECT_EQ(session2.get(), cache.Lookup(MakeTestKey("key2")).get());
+ EXPECT_EQ(session3.get(), cache.Lookup(MakeTestKey("key3")).get());
EXPECT_EQ(3u, cache.size());
base::trace_event::MemoryDumpArgs dump_args = {GetParam()};
diff --git a/chromium/net/ssl/ssl_config.cc b/chromium/net/ssl/ssl_config.cc
index 4b1ce4c24ed..3178d017c39 100644
--- a/chromium/net/ssl/ssl_config.cc
+++ b/chromium/net/ssl/ssl_config.cc
@@ -22,14 +22,10 @@ SSLConfig::CertAndStatus::CertAndStatus(const CertAndStatus& other) = default;
SSLConfig::CertAndStatus::~CertAndStatus() = default;
SSLConfig::SSLConfig()
- : version_min(kDefaultSSLVersionMin),
- version_max(kDefaultSSLVersionMax),
- early_data_enabled(false),
- false_start_enabled(true),
+ : early_data_enabled(false),
require_ecdhe(false),
ignore_certificate_errors(false),
disable_cert_verification_network_fetches(false),
- send_client_cert(false),
renego_allowed_default(false),
privacy_mode(PRIVACY_MODE_DISABLED) {}
diff --git a/chromium/net/ssl/ssl_config.h b/chromium/net/ssl/ssl_config.h
index 44ea9fb18ad..11f360bc57c 100644
--- a/chromium/net/ssl/ssl_config.h
+++ b/chromium/net/ssl/ssl_config.h
@@ -8,6 +8,7 @@
#include <stdint.h>
#include "base/memory/ref_counted.h"
+#include "base/optional.h"
#include "net/base/net_export.h"
#include "net/base/network_isolation_key.h"
#include "net/base/privacy_mode.h"
@@ -54,12 +55,11 @@ struct NET_EXPORT SSLConfig {
// configuration.
int GetCertVerifyFlags() const;
- // The minimum and maximum protocol versions that are enabled.
- // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.)
- // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it
- // means no protocol versions are enabled.
- uint16_t version_min;
- uint16_t version_max;
+ // If specified, the minimum and maximum protocol versions that are enabled.
+ // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) If
+ // unspecified, values from the SSLConfigService are used.
+ base::Optional<uint16_t> version_min_override;
+ base::Optional<uint16_t> version_max_override;
// Whether early data is enabled on this connection. Note that early data has
// weaker security properties than normal data and changes the
@@ -75,18 +75,6 @@ struct NET_EXPORT SSLConfig {
// If unsure, do not enable this option.
bool early_data_enabled;
- // Presorted list of cipher suites which should be explicitly prevented from
- // being used in addition to those disabled by the net built-in policy.
- //
- // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
- // big-endian form, they should be declared in host byte order, with the
- // first uint8_t occupying the most significant byte.
- // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
- // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
- std::vector<uint16_t> disabled_cipher_suites;
-
- bool false_start_enabled; // True if we'll use TLS False Start.
-
// If true, causes only ECDHE cipher suites to be enabled.
bool require_ecdhe;
@@ -120,9 +108,6 @@ struct NET_EXPORT SSLConfig {
// deadlock.
bool disable_cert_verification_network_fetches;
- // True if we should send client_cert to the server.
- bool send_client_cert;
-
// The list of application level protocols supported with ALPN (Application
// Layer Protocol Negotiation), in decreasing order of preference. Protocols
// will be advertised in this order during TLS handshake.
@@ -135,9 +120,6 @@ struct NET_EXPORT SSLConfig {
// The list of application-level protocols to enable renegotiation for.
NextProtoVector renego_allowed_for_protos;
- scoped_refptr<X509Certificate> client_cert;
- scoped_refptr<SSLPrivateKey> client_private_key;
-
// If the PartitionSSLSessionsByNetworkIsolationKey feature is enabled, the
// session cache is partitioned by this value.
NetworkIsolationKey network_isolation_key;
diff --git a/chromium/net/ssl/ssl_config_service.cc b/chromium/net/ssl/ssl_config_service.cc
index 3abd32898ca..a35d6b0a0b8 100644
--- a/chromium/net/ssl/ssl_config_service.cc
+++ b/chromium/net/ssl/ssl_config_service.cc
@@ -12,19 +12,26 @@ namespace net {
namespace {
-// Checks if the config-service managed fields in two SSLConfigs are the same.
-bool SSLConfigsAreEqual(const net::SSLConfig& config1,
- const net::SSLConfig& config2) {
+// Checks if the config-service managed fields in two SSLContextConfigs are the
+// same.
+bool SSLContextConfigsAreEqual(const net::SSLContextConfig& config1,
+ const net::SSLContextConfig& config2) {
return std::tie(config1.version_min, config1.version_max,
- config1.disabled_cipher_suites, config1.false_start_enabled,
- config1.require_ecdhe) ==
+ config1.disabled_cipher_suites) ==
std::tie(config2.version_min, config2.version_max,
- config2.disabled_cipher_suites, config2.false_start_enabled,
- config2.require_ecdhe);
+ config2.disabled_cipher_suites);
}
} // namespace
+SSLContextConfig::SSLContextConfig() = default;
+SSLContextConfig::SSLContextConfig(const SSLContextConfig&) = default;
+SSLContextConfig::SSLContextConfig(SSLContextConfig&&) = default;
+SSLContextConfig::~SSLContextConfig() = default;
+SSLContextConfig& SSLContextConfig::operator=(const SSLContextConfig&) =
+ default;
+SSLContextConfig& SSLContextConfig::operator=(SSLContextConfig&&) = default;
+
SSLConfigService::SSLConfigService()
: observer_list_(base::ObserverListPolicy::EXISTING_ONLY) {}
@@ -38,23 +45,23 @@ void SSLConfigService::RemoveObserver(Observer* observer) {
observer_list_.RemoveObserver(observer);
}
-void SSLConfigService::NotifySSLConfigChange() {
+void SSLConfigService::NotifySSLContextConfigChange() {
for (auto& observer : observer_list_)
- observer.OnSSLConfigChanged();
+ observer.OnSSLContextConfigChanged();
}
-bool SSLConfigService::SSLConfigsAreEqualForTesting(
- const net::SSLConfig& config1,
- const net::SSLConfig& config2) {
- return SSLConfigsAreEqual(config1, config2);
+bool SSLConfigService::SSLContextConfigsAreEqualForTesting(
+ const SSLContextConfig& config1,
+ const SSLContextConfig& config2) {
+ return SSLContextConfigsAreEqual(config1, config2);
}
-void SSLConfigService::ProcessConfigUpdate(const SSLConfig& old_config,
- const SSLConfig& new_config,
+void SSLConfigService::ProcessConfigUpdate(const SSLContextConfig& old_config,
+ const SSLContextConfig& new_config,
bool force_notification) {
// Do nothing if the configuration hasn't changed.
- if (!SSLConfigsAreEqual(old_config, new_config) || force_notification)
- NotifySSLConfigChange();
+ if (!SSLContextConfigsAreEqual(old_config, new_config) || force_notification)
+ NotifySSLContextConfigChange();
}
} // namespace net
diff --git a/chromium/net/ssl/ssl_config_service.h b/chromium/net/ssl/ssl_config_service.h
index 9136a653c6f..73c7080bcd8 100644
--- a/chromium/net/ssl/ssl_config_service.h
+++ b/chromium/net/ssl/ssl_config_service.h
@@ -14,7 +14,33 @@
namespace net {
-// The interface for retrieving the SSL configuration. This interface
+struct NET_EXPORT SSLContextConfig {
+ SSLContextConfig();
+ SSLContextConfig(const SSLContextConfig&);
+ SSLContextConfig(SSLContextConfig&&);
+ ~SSLContextConfig();
+ SSLContextConfig& operator=(const SSLContextConfig&);
+ SSLContextConfig& operator=(SSLContextConfig&&);
+
+ // The minimum and maximum protocol versions that are enabled.
+ // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h.)
+ // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it
+ // means no protocol versions are enabled.
+ uint16_t version_min = kDefaultSSLVersionMin;
+ uint16_t version_max = kDefaultSSLVersionMax;
+
+ // Presorted list of cipher suites which should be explicitly prevented from
+ // being used in addition to those disabled by the net built-in policy.
+ //
+ // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
+ // big-endian form, they should be declared in host byte order, with the
+ // first uint8_t occupying the most significant byte.
+ // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
+ // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
+ std::vector<uint16_t> disabled_cipher_suites;
+};
+
+// The interface for retrieving global SSL configuration. This interface
// does not cover setting the SSL configuration, as on some systems, the
// SSLConfigService objects may not have direct access to the configuration, or
// live longer than the configuration preferences.
@@ -23,15 +49,8 @@ class NET_EXPORT SSLConfigService {
// Observer is notified when SSL config settings have changed.
class NET_EXPORT Observer {
public:
- // Notify observers if SSL settings have changed. We don't check all of the
- // data in SSLConfig, just those that qualify as a user config change.
- // The following settings are considered user changes:
- // version_min
- // version_max
- // disabled_cipher_suites
- // false_start_enabled
- // require_ecdhe
- virtual void OnSSLConfigChanged() = 0;
+ // Notify observers if SSL settings have changed.
+ virtual void OnSSLContextConfigChanged() = 0;
protected:
virtual ~Observer() {}
@@ -41,7 +60,7 @@ class NET_EXPORT SSLConfigService {
virtual ~SSLConfigService();
// May not be thread-safe, should only be called on the IO thread.
- virtual void GetSSLConfig(SSLConfig* config) = 0;
+ virtual SSLContextConfig GetSSLContextConfig() = 0;
// Returns true if connections to |hostname| can reuse, or are permitted to
// reuse, connections on which a client cert has been negotiated. Note that
@@ -75,20 +94,22 @@ class NET_EXPORT SSLConfigService {
// Remove an observer of this service.
void RemoveObserver(Observer* observer);
- // Calls the OnSSLConfigChanged method of registered observers. Should only be
- // called on the IO thread.
- void NotifySSLConfigChange();
+ // Calls the OnSSLContextConfigChanged method of registered observers. Should
+ // only be called on the IO thread.
+ void NotifySSLContextConfigChange();
- // Checks if the config-service managed fields in two SSLConfigs are the same.
- static bool SSLConfigsAreEqualForTesting(const net::SSLConfig& config1,
- const net::SSLConfig& config2);
+ // Checks if the config-service managed fields in two SSLContextConfigs are
+ // the same.
+ static bool SSLContextConfigsAreEqualForTesting(
+ const SSLContextConfig& config1,
+ const SSLContextConfig& config2);
protected:
// Process before/after config update. If |force_notification| is true,
- // NotifySSLConfigChange will be called regardless of whether |orig_config|
- // and |new_config| are equal.
- void ProcessConfigUpdate(const SSLConfig& orig_config,
- const SSLConfig& new_config,
+ // NotifySSLContextConfigChange will be called regardless of whether
+ // |orig_config| and |new_config| are equal.
+ void ProcessConfigUpdate(const SSLContextConfig& orig_config,
+ const SSLContextConfig& new_config,
bool force_notification);
private:
diff --git a/chromium/net/ssl/ssl_config_service_defaults.cc b/chromium/net/ssl/ssl_config_service_defaults.cc
index f594f71a00d..9348bb16489 100644
--- a/chromium/net/ssl/ssl_config_service_defaults.cc
+++ b/chromium/net/ssl/ssl_config_service_defaults.cc
@@ -9,8 +9,8 @@ namespace net {
SSLConfigServiceDefaults::SSLConfigServiceDefaults() = default;
SSLConfigServiceDefaults::~SSLConfigServiceDefaults() = default;
-void SSLConfigServiceDefaults::GetSSLConfig(SSLConfig* config) {
- *config = default_config_;
+SSLContextConfig SSLConfigServiceDefaults::GetSSLContextConfig() {
+ return default_config_;
}
bool SSLConfigServiceDefaults::CanShareConnectionWithClientCerts(
diff --git a/chromium/net/ssl/ssl_config_service_defaults.h b/chromium/net/ssl/ssl_config_service_defaults.h
index ae7c4776623..ab5bb4bc448 100644
--- a/chromium/net/ssl/ssl_config_service_defaults.h
+++ b/chromium/net/ssl/ssl_config_service_defaults.h
@@ -19,15 +19,15 @@ class NET_EXPORT SSLConfigServiceDefaults : public SSLConfigService {
SSLConfigServiceDefaults();
~SSLConfigServiceDefaults() override;
- // Store default SSL config settings in |config|.
- void GetSSLConfig(SSLConfig* config) override;
+ // Returns the default SSL config settings.
+ SSLContextConfig GetSSLContextConfig() override;
bool CanShareConnectionWithClientCerts(
const std::string& hostname) const override;
private:
// Default value of prefs.
- const SSLConfig default_config_;
+ const SSLContextConfig default_config_;
DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceDefaults);
};
diff --git a/chromium/net/ssl/ssl_config_service_unittest.cc b/chromium/net/ssl/ssl_config_service_unittest.cc
index 4763a7b6476..15d06cc5678 100644
--- a/chromium/net/ssl/ssl_config_service_unittest.cc
+++ b/chromium/net/ssl/ssl_config_service_unittest.cc
@@ -15,21 +15,22 @@ namespace {
class MockSSLConfigService : public SSLConfigService {
public:
- explicit MockSSLConfigService(const SSLConfig& config) : config_(config) {}
+ explicit MockSSLConfigService(const SSLContextConfig& config)
+ : config_(config) {}
~MockSSLConfigService() override = default;
// SSLConfigService implementation
- void GetSSLConfig(SSLConfig* config) override { *config = config_; }
+ SSLContextConfig GetSSLContextConfig() override { return config_; }
bool CanShareConnectionWithClientCerts(
const std::string& hostname) const override {
return false;
}
- // Sets the SSLConfig to be returned by GetSSLConfig and processes any
- // updates.
- void SetSSLConfig(const SSLConfig& config) {
- SSLConfig old_config = config_;
+ // Sets the SSLContextConfig to be returned by GetSSLContextConfig and
+ // processes any updates.
+ void SetSSLContextConfig(const SSLContextConfig& config) {
+ SSLContextConfig old_config = config_;
config_ = config;
ProcessConfigUpdate(old_config, config_, /*force_notification*/ false);
}
@@ -37,7 +38,7 @@ class MockSSLConfigService : public SSLConfigService {
using SSLConfigService::ProcessConfigUpdate;
private:
- SSLConfig config_;
+ SSLContextConfig config_;
};
class MockSSLConfigServiceObserver : public SSLConfigService::Observer {
@@ -45,14 +46,13 @@ class MockSSLConfigServiceObserver : public SSLConfigService::Observer {
MockSSLConfigServiceObserver() = default;
~MockSSLConfigServiceObserver() override = default;
- MOCK_METHOD0(OnSSLConfigChanged, void());
+ MOCK_METHOD0(OnSSLContextConfigChanged, void());
};
} // namespace
TEST(SSLConfigServiceTest, NoChangesWontNotifyObservers) {
- SSLConfig initial_config;
- initial_config.false_start_enabled = false;
+ SSLContextConfig initial_config;
initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1;
initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
@@ -60,15 +60,14 @@ TEST(SSLConfigServiceTest, NoChangesWontNotifyObservers) {
MockSSLConfigServiceObserver observer;
mock_service.AddObserver(&observer);
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(0);
- mock_service.SetSSLConfig(initial_config);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(0);
+ mock_service.SetSSLContextConfig(initial_config);
mock_service.RemoveObserver(&observer);
}
TEST(SSLConfigServiceTest, ForceNotificationNotifiesObservers) {
- SSLConfig initial_config;
- initial_config.false_start_enabled = false;
+ SSLContextConfig initial_config;
initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1;
initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
@@ -76,16 +75,14 @@ TEST(SSLConfigServiceTest, ForceNotificationNotifiesObservers) {
MockSSLConfigServiceObserver observer;
mock_service.AddObserver(&observer);
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1);
mock_service.ProcessConfigUpdate(initial_config, initial_config, true);
mock_service.RemoveObserver(&observer);
}
TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
- SSLConfig initial_config;
- initial_config.false_start_enabled = false;
- initial_config.require_ecdhe = false;
+ SSLContextConfig initial_config;
initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1;
initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
@@ -93,23 +90,14 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
MockSSLConfigServiceObserver observer;
mock_service.AddObserver(&observer);
- // Test that the basic boolean preferences trigger updates.
- initial_config.false_start_enabled = true;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
-
- initial_config.require_ecdhe = true;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
-
// Test that changing the SSL version range triggers updates.
initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1_1;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1);
+ mock_service.SetSSLContextConfig(initial_config);
initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1);
+ mock_service.SetSSLContextConfig(initial_config);
// Test that disabling certain cipher suites triggers an update.
std::vector<uint16_t> disabled_ciphers;
@@ -117,22 +105,22 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
disabled_ciphers.push_back(0xBEEFu);
disabled_ciphers.push_back(0xDEADu);
initial_config.disabled_cipher_suites = disabled_ciphers;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1);
+ mock_service.SetSSLContextConfig(initial_config);
// Ensure that changing a disabled cipher suite, while still maintaining
// sorted order, triggers an update.
disabled_ciphers[1] = 0xCAFEu;
initial_config.disabled_cipher_suites = disabled_ciphers;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1);
+ mock_service.SetSSLContextConfig(initial_config);
// Ensure that removing a disabled cipher suite, while still keeping some
// cipher suites disabled, triggers an update.
disabled_ciphers.pop_back();
initial_config.disabled_cipher_suites = disabled_ciphers;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service.SetSSLConfig(initial_config);
+ EXPECT_CALL(observer, OnSSLContextConfigChanged()).Times(1);
+ mock_service.SetSSLContextConfig(initial_config);
mock_service.RemoveObserver(&observer);
}
diff --git a/chromium/net/ssl/ssl_info.h b/chromium/net/ssl/ssl_info.h
index f68ece8d7f3..63376ad7c1b 100644
--- a/chromium/net/ssl/ssl_info.h
+++ b/chromium/net/ssl/ssl_info.h
@@ -133,6 +133,11 @@ class NET_EXPORT SSLInfo {
// True if there was a certificate error which should be treated as fatal,
// and false otherwise.
bool is_fatal_cert_error = false;
+
+ // Indicates if the server connected to signaled that it is part of a
+ // post-quantum experiment. I.e. it would have negotiated CECPQ2 or CECPQ2b
+ // key exchanges if they were requested.
+ bool server_in_post_quantum_experiment = false;
};
} // namespace net
diff --git a/chromium/net/ssl/ssl_key_logger_impl.cc b/chromium/net/ssl/ssl_key_logger_impl.cc
index a759feefcf0..8cc565be32a 100644
--- a/chromium/net/ssl/ssl_key_logger_impl.cc
+++ b/chromium/net/ssl/ssl_key_logger_impl.cc
@@ -7,6 +7,7 @@
#include <stdio.h>
#include <algorithm>
+#include <utility>
#include "base/bind.h"
#include "base/files/file_util.h"
@@ -42,8 +43,15 @@ class SSLKeyLoggerImpl::Core
// waiting to flush these to disk, but some buggy antiviruses point this at
// a pipe and hang, so we avoid blocking shutdown. If writing to a real
// file, writes should complete quickly enough that this does not matter.
- task_runner_ = base::CreateSequencedTaskRunnerWithTraits(
- {base::MayBlock(), base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN});
+ task_runner_ = base::CreateSequencedTaskRunner(
+ {base::ThreadPool(), base::MayBlock(),
+ base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN});
+ }
+
+ void SetFile(base::File file) {
+ file_.reset(base::FileToFILE(std::move(file), "a"));
+ if (!file_)
+ DVLOG(1) << "Could not adopt file";
}
void OpenFile(const base::FilePath& path) {
@@ -76,7 +84,7 @@ class SSLKeyLoggerImpl::Core
DCHECK(!file_);
file_.reset(base::OpenFile(path, "a"));
if (!file_)
- LOG(WARNING) << "Could not open " << path.value();
+ DVLOG(1) << "Could not open " << path.value();
}
void Flush() {
@@ -113,10 +121,15 @@ class SSLKeyLoggerImpl::Core
};
SSLKeyLoggerImpl::SSLKeyLoggerImpl(const base::FilePath& path)
- : core_(new Core) {
+ : core_(base::MakeRefCounted<Core>()) {
core_->OpenFile(path);
}
+SSLKeyLoggerImpl::SSLKeyLoggerImpl(base::File file)
+ : core_(base::MakeRefCounted<Core>()) {
+ core_->SetFile(std::move(file));
+}
+
SSLKeyLoggerImpl::~SSLKeyLoggerImpl() = default;
void SSLKeyLoggerImpl::WriteLine(const std::string& line) {
diff --git a/chromium/net/ssl/ssl_key_logger_impl.h b/chromium/net/ssl/ssl_key_logger_impl.h
index 61ae0d9170f..87f1a6be069 100644
--- a/chromium/net/ssl/ssl_key_logger_impl.h
+++ b/chromium/net/ssl/ssl_key_logger_impl.h
@@ -8,6 +8,7 @@
#include <memory>
#include <string>
+#include "base/files/file.h"
#include "base/macros.h"
#include "base/memory/scoped_refptr.h"
#include "net/base/net_export.h"
@@ -26,6 +27,11 @@ class NET_EXPORT SSLKeyLoggerImpl : public SSLKeyLogger {
// Creates a new SSLKeyLoggerImpl which writes to |path|, scheduling write
// operations in the background.
explicit SSLKeyLoggerImpl(const base::FilePath& path);
+
+ // Creates a new SSLKeyLoggerImpl which writes to |file|, scheduling write
+ // operations in the background.
+ explicit SSLKeyLoggerImpl(base::File file);
+
~SSLKeyLoggerImpl() override;
void WriteLine(const std::string& line) override;
diff --git a/chromium/net/ssl/ssl_platform_key_android_unittest.cc b/chromium/net/ssl/ssl_platform_key_android_unittest.cc
index a09ebc23c54..2991098a29d 100644
--- a/chromium/net/ssl/ssl_platform_key_android_unittest.cc
+++ b/chromium/net/ssl/ssl_platform_key_android_unittest.cc
@@ -18,7 +18,7 @@
#include "net/ssl/ssl_private_key_test_util.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
-#include "net/test/test_with_scoped_task_environment.h"
+#include "net/test/test_with_task_environment.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
@@ -75,7 +75,7 @@ std::string TestKeyToString(const testing::TestParamInfo<TestKey>& params) {
} // namespace
class SSLPlatformKeyAndroidTest : public testing::TestWithParam<TestKey>,
- public WithScopedTaskEnvironment {};
+ public WithTaskEnvironment {};
TEST_P(SSLPlatformKeyAndroidTest, Matches) {
const TestKey& test_key = GetParam();
diff --git a/chromium/net/ssl/ssl_platform_key_mac_unittest.cc b/chromium/net/ssl/ssl_platform_key_mac_unittest.cc
index dadc1463ef1..26c03d1bd93 100644
--- a/chromium/net/ssl/ssl_platform_key_mac_unittest.cc
+++ b/chromium/net/ssl/ssl_platform_key_mac_unittest.cc
@@ -12,7 +12,7 @@
#include "base/files/file_util.h"
#include "base/mac/scoped_cftyperef.h"
#include "base/memory/ref_counted.h"
-#include "base/test/scoped_task_environment.h"
+#include "base/test/task_environment.h"
#include "net/ssl/ssl_private_key.h"
#include "net/ssl/ssl_private_key_test_util.h"
#include "net/test/cert_test_util.h"
@@ -48,7 +48,7 @@ std::string TestKeyToString(const testing::TestParamInfo<TestKey>& params) {
class SSLPlatformKeyMacTest : public testing::TestWithParam<TestKey> {};
TEST_P(SSLPlatformKeyMacTest, KeyMatches) {
- base::test::ScopedTaskEnvironment scoped_task_environment;
+ base::test::TaskEnvironment task_environment;
const TestKey& test_key = GetParam();
diff --git a/chromium/net/ssl/ssl_platform_key_nss_unittest.cc b/chromium/net/ssl/ssl_platform_key_nss_unittest.cc
index d215c228b53..4198579ffd1 100644
--- a/chromium/net/ssl/ssl_platform_key_nss_unittest.cc
+++ b/chromium/net/ssl/ssl_platform_key_nss_unittest.cc
@@ -25,7 +25,7 @@
#include "net/ssl/ssl_private_key_test_util.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
-#include "net/test/test_with_scoped_task_environment.h"
+#include "net/test/test_with_task_environment.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/bytestring.h"
#include "third_party/boringssl/src/include/openssl/ec.h"
@@ -59,7 +59,7 @@ std::string TestKeyToString(const testing::TestParamInfo<TestKey>& params) {
} // namespace
class SSLPlatformKeyNSSTest : public testing::TestWithParam<TestKey>,
- public WithScopedTaskEnvironment {};
+ public WithTaskEnvironment {};
TEST_P(SSLPlatformKeyNSSTest, KeyMatches) {
const TestKey& test_key = GetParam();
diff --git a/chromium/net/ssl/ssl_platform_key_win_unittest.cc b/chromium/net/ssl/ssl_platform_key_win_unittest.cc
index 0abf9337a80..bcebd20e96e 100644
--- a/chromium/net/ssl/ssl_platform_key_win_unittest.cc
+++ b/chromium/net/ssl/ssl_platform_key_win_unittest.cc
@@ -9,14 +9,14 @@
#include "base/files/file_path.h"
#include "base/files/file_util.h"
-#include "base/test/scoped_task_environment.h"
+#include "base/test/task_environment.h"
#include "crypto/scoped_capi_types.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/ssl_private_key.h"
#include "net/ssl/ssl_private_key_test_util.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
-#include "net/test/test_with_scoped_task_environment.h"
+#include "net/test/test_with_task_environment.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/bn.h"
#include "third_party/boringssl/src/include/openssl/bytestring.h"
@@ -223,7 +223,7 @@ bool PKCS8ToBLOBForCNG(const std::string& pkcs8,
} // namespace
class SSLPlatformKeyCNGTest : public testing::TestWithParam<TestKey>,
- public WithScopedTaskEnvironment {};
+ public WithTaskEnvironment {};
TEST_P(SSLPlatformKeyCNGTest, KeyMatches) {
const TestKey& test_key = GetParam();
@@ -274,7 +274,7 @@ INSTANTIATE_TEST_SUITE_P(,
TestKeyToString);
TEST(SSLPlatformKeyCAPITest, KeyMatches) {
- base::test::ScopedTaskEnvironment scoped_task_environment;
+ base::test::TaskEnvironment task_environment;
// Load test data.
scoped_refptr<X509Certificate> cert =
diff --git a/chromium/net/ssl/test_ssl_config_service.cc b/chromium/net/ssl/test_ssl_config_service.cc
new file mode 100644
index 00000000000..1d11fe7c9ec
--- /dev/null
+++ b/chromium/net/ssl/test_ssl_config_service.cc
@@ -0,0 +1,29 @@
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/ssl/test_ssl_config_service.h"
+
+namespace net {
+
+TestSSLConfigService::TestSSLConfigService(const SSLContextConfig& config)
+ : config_(config) {}
+
+TestSSLConfigService::~TestSSLConfigService() = default;
+
+SSLContextConfig TestSSLConfigService::GetSSLContextConfig() {
+ return config_;
+}
+
+bool TestSSLConfigService::CanShareConnectionWithClientCerts(
+ const std::string& hostname) const {
+ return false;
+}
+
+void TestSSLConfigService::UpdateSSLConfigAndNotify(
+ const SSLContextConfig& config) {
+ config_ = config;
+ NotifySSLContextConfigChange();
+}
+
+} // namespace net
diff --git a/chromium/net/ssl/test_ssl_config_service.h b/chromium/net/ssl/test_ssl_config_service.h
new file mode 100644
index 00000000000..cd7b04e5d32
--- /dev/null
+++ b/chromium/net/ssl/test_ssl_config_service.h
@@ -0,0 +1,29 @@
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SSL_TEST_SSL_CONFIG_SERVICE_H_
+#define NET_SSL_TEST_SSL_CONFIG_SERVICE_H_
+
+#include "net/ssl/ssl_config_service.h"
+
+namespace net {
+
+class TestSSLConfigService : public SSLConfigService {
+ public:
+ explicit TestSSLConfigService(const SSLContextConfig& config);
+ ~TestSSLConfigService() override;
+
+ void UpdateSSLConfigAndNotify(const SSLContextConfig& config);
+
+ SSLContextConfig GetSSLContextConfig() override;
+ bool CanShareConnectionWithClientCerts(
+ const std::string& hostname) const override;
+
+ private:
+ SSLContextConfig config_;
+};
+
+} // namespace net
+
+#endif // NET_SSL_TEST_SSL_CONFIG_SERVICE_H_
View Lorry Controller Status