Add a new disable_insecure_quic finch parameter to disable insecure QUIC.

Review URL: https://codereview.chromium.org/1137073003 Cr-Commit-Position: refs/heads/master@{#329306}

Add a new disable_insecure_quic finch parameter to disable insecure QUIC.
Review URL: https://codereview.chromium.org/1137073003 Cr-Commit-Position: refs/heads/master@{#329306}
405ed7a8 · rch · Commit bot · 293783ba · 405ed7a8 · 405ed7a8
Commit 405ed7a8 authored May 11, 2015 by rch Committed by Commit bot May 12, 2015
7 changed files
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -1182,6 +1182,7 @@ void IOThread::InitializeNetworkSessionParamsFromGlobals(
      &params->alternative_service_probability_threshold);
  globals.enable_quic.CopyToIfSet(&params->enable_quic);
+  globals.disable_insecure_quic.CopyToIfSet(&params->disable_insecure_quic);
  globals.enable_quic_for_proxies.CopyToIfSet(&params->enable_quic_for_proxies);
  globals.quic_always_require_handshake_confirmation.CopyToIfSet(
      &params->quic_always_require_handshake_confirmation);
@@ -1318,6 +1319,8 @@ void IOThread::ConfigureQuicGlobals(
      command_line, quic_trial_group, quic_allowed_by_policy);
  globals->enable_quic_for_proxies.set(enable_quic_for_proxies);
  if (enable_quic) {
+    globals->disable_insecure_quic.set(
+        ShouldDisableInsecureQuic(quic_trial_params));
    globals->quic_always_require_handshake_confirmation.set(
        ShouldQuicAlwaysRequireHandshakeConfirmation(quic_trial_params));
    globals->quic_disable_connection_pooling.set(
@@ -1429,6 +1432,14 @@ bool IOThread::ShouldEnableQuicForDataReductionProxy() {
      IsIncludedInQuicFieldTrial();
 }
+// static
+bool IOThread::ShouldDisableInsecureQuic(
+    const VariationParameters& quic_trial_params) {
+  return LowerCaseEqualsASCII(
+      GetVariationParam(quic_trial_params, "disable_insecure_quic"),
+      "true");
+}
 bool IOThread::ShouldEnableQuicPortSelection(
    const base::CommandLine& command_line) {
  if (command_line.HasSwitch(switches::kDisableQuicPortSelection))

--- a/chrome/browser/io_thread.h
+++ b/chrome/browser/io_thread.h
@@ -178,6 +178,7 @@ class IOThread : public content::BrowserThreadDelegate {
    Optional<double> alternative_service_probability_threshold;
    Optional<bool> enable_quic;
+    Optional<bool> disable_insecure_quic;
    Optional<bool> enable_quic_for_proxies;
    Optional<bool> enable_quic_port_selection;
    Optional<bool> quic_always_require_handshake_confirmation;
@@ -333,6 +334,11 @@ class IOThread : public content::BrowserThreadDelegate {
      base::StringPiece quic_trial_group,
      bool quic_allowed_by_policy);
+  // Returns true if QUIC should be disabled for http:// URLs, as a result
+  // of a field trial.
+  static bool ShouldDisableInsecureQuic(
+      const VariationParameters& quic_trial_params);
  // Returns true if the selection of the ephemeral port in bind() should be
  // performed by Chromium, and false if the OS should select the port.  The OS
  // option is used to prevent Windows from posting a security security warning

--- a/chrome/browser/io_thread_unittest.cc
+++ b/chrome/browser/io_thread_unittest.cc
@@ -200,6 +200,7 @@ TEST_F(IOThreadTest, EnableQuicFromFieldTrialGroup) {
  net::HttpNetworkSession::Params params;
  InitializeNetworkSessionParams(&params);
  EXPECT_TRUE(params.enable_quic);
+  EXPECT_FALSE(params.disable_insecure_quic);
  EXPECT_TRUE(params.enable_quic_for_proxies);
  EXPECT_EQ(1350u, params.quic_max_packet_length);
  EXPECT_EQ(1.0, params.alternative_service_probability_threshold);
@@ -254,6 +255,15 @@ TEST_F(IOThreadTest, EnablePacingFromCommandLine) {
  options.push_back(net::kPACE);
  EXPECT_EQ(options, params.quic_connection_options);
 }
+TEST_F(IOThreadTest, DisableInsecureQuicFromFieldTrialParams) {
+  field_trial_group_ = "Enabled";
+  field_trial_params_["disable_insecure_quic"] = "true";
+  ConfigureQuicGlobals();
+  net::HttpNetworkSession::Params params;
+  InitializeNetworkSessionParams(&params);
+  EXPECT_TRUE(params.disable_insecure_quic);
+}
 TEST_F(IOThreadTest, EnablePacingFromFieldTrialParams) {
  field_trial_group_ = "Enabled";

--- a/net/http/http_network_session.cc
+++ b/net/http/http_network_session.cc
@@ -89,6 +89,7 @@ HttpNetworkSession::Params::Params()
      use_alternate_protocols(false),
      alternative_service_probability_threshold(1),
      enable_quic(false),
+      disable_insecure_quic(false),
      enable_quic_for_proxies(false),
      enable_quic_port_selection(true),
      quic_always_require_handshake_confirmation(false),

--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -106,6 +106,7 @@ class NET_EXPORT HttpNetworkSession
    double alternative_service_probability_threshold;
    bool enable_quic;
+    bool disable_insecure_quic;
    bool enable_quic_for_proxies;
    bool enable_quic_port_selection;
    bool quic_always_require_handshake_confirmation;

--- a/net/http/http_stream_factory_impl.cc
+++ b/net/http/http_stream_factory_impl.cc
@@ -197,12 +197,18 @@ AlternativeService HttpStreamFactoryImpl::GetAlternativeServiceFor(
  // QUIC, then remove the following two lines.
  if (alternative_service.host != origin.host())
    return kNoAlternativeService;
  if (!session_->params().enable_quic)
    return kNoAlternativeService;
  if (session_->quic_stream_factory()->IsQuicDisabled(origin.port()))
    return kNoAlternativeService;
+  if (session_->params().disable_insecure_quic &&
+      !original_url.SchemeIs("https")) {
+    return kNoAlternativeService;
+  }
  return alternative_service;
 }

--- a/net/quic/quic_network_transaction_unittest.cc
+++ b/net/quic/quic_network_transaction_unittest.cc
@@ -691,6 +691,29 @@ TEST_P(QuicNetworkTransactionTest, DontUseAlternateProtocolProbabilityForQuic) {
  SendRequestAndExpectHttpResponse("hello world");
 }
+TEST_P(QuicNetworkTransactionTest, DontUseAlternateProtocolForInsecureQuic) {
+  MockRead http_reads[] = {MockRead("HTTP/1.1 200 OK\r\n"),
+                           MockRead("Content-length: 11\r\n"),
+                           MockRead("Alternate-Protocol: 443:quic\r\n\r\n"),
+                           MockRead("hello world"),
+                           MockRead("HTTP/1.1 200 OK\r\n"),
+                           MockRead("Content-length: 11\r\n"),
+                           MockRead("Alternate-Protocol: 443:quic\r\n\r\n"),
+                           MockRead("hello world"),
+                           MockRead(ASYNC, OK)};
+  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
+                                     0);
+  socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSocketDataProvider(&http_data);
+  params_.disable_insecure_quic = true;
+  CreateSessionWithNextProtos();
+  SendRequestAndExpectHttpResponse("hello world");
+  SendRequestAndExpectHttpResponse("hello world");
+}
 TEST_P(QuicNetworkTransactionTest,
       DontUseAlternateProtocolWithBadProbabilityForQuic) {
  MockRead http_reads[] = {