net_unittests: hook up SecureDnsInterceptor in HTTPSCertNetFetchingTest.

SecureDnsInterceptor was added in 88b36dab to ensure that unittests of certificate network fetches had secure DNS disabled, but it was only added to HTTPSOCSPTest (which is the base class for SpawnedTestServer based tests), but not to HTTPSCertNetFetchingTest (which is the base class for EmbeddedTestServer based tests). Bug: 846909 Change-Id: I1ea0af37227ee5804f55a78478ad2354211bcb75 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2161938Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#761986}

net_unittests: hook up SecureDnsInterceptor in HTTPSCertNetFetchingTest.
SecureDnsInterceptor was added in 88b36dab to ensure that unittests of certificate network fetches had secure DNS disabled, but it was only added to HTTPSOCSPTest (which is the base class for SpawnedTestServer based tests), but not to HTTPSCertNetFetchingTest (which is the base class for EmbeddedTestServer based tests). Bug: 846909 Change-Id: I1ea0af37227ee5804f55a78478ad2354211bcb75 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2161938Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#761986}
526dec8a · Matt Mueller · Commit Bot · cc9e9d81 · 526dec8a
Commit 526dec8a authored Apr 23, 2020 by Matt Mueller Committed by Commit Bot Apr 23, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 16 deletions

net/url_request/url_request_unittest.cc net/url_request/url_request_unittest.cc +22 -16

No files found.
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -9542,6 +9542,24 @@ TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) {
  }
 }
+// Interceptor to check that secure DNS has been disabled. Secure DNS should be
+// disabled for any network fetch triggered during certificate verification as
+// it could cause a deadlock.
+class SecureDnsInterceptor : public net::URLRequestInterceptor {
+ public:
+  SecureDnsInterceptor() = default;
+  ~SecureDnsInterceptor() override = default;
+ private:
+  // URLRequestInterceptor implementation:
+  net::URLRequestJob* MaybeInterceptRequest(
+      net::URLRequest* request,
+      net::NetworkDelegate* network_delegate) const override {
+    EXPECT_TRUE(request->disable_secure_dns());
+    return nullptr;
+  }
+};
 class HTTPSCertNetFetchingTest : public HTTPSRequestTest {
 public:
  HTTPSCertNetFetchingTest() : context_(true) {}
@@ -9553,6 +9571,9 @@ class HTTPSCertNetFetchingTest : public HTTPSRequestTest {
    context_.SetCTPolicyEnforcer(std::make_unique<DefaultCTPolicyEnforcer>());
    context_.Init();
+    net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
+        "http", "127.0.0.1", std::make_unique<SecureDnsInterceptor>());
    cert_net_fetcher_->SetURLRequestContext(&context_);
    context_.cert_verifier()->SetConfig(GetCertVerifierConfig());
 #if defined(USE_NSS_CERTS)
@@ -9565,6 +9586,7 @@ class HTTPSCertNetFetchingTest : public HTTPSRequestTest {
 #if defined(USE_NSS_CERTS)
    SetURLRequestContextForNSSHttpIO(nullptr);
 #endif
+    net::URLRequestFilter::GetInstance()->ClearHandlers();
  }
 protected:
@@ -9601,22 +9623,6 @@ static const SHA256HashValue kOCSPTestCertSPKI = {{
 // generates.
 static const char kOCSPTestCertPolicy[] = "1.3.6.1.4.1.11129.2.4.1";
-// Interceptor to check that secure DNS has been disabled.
-class SecureDnsInterceptor : public net::URLRequestInterceptor {
- public:
-  SecureDnsInterceptor() = default;
-  ~SecureDnsInterceptor() override = default;
- private:
-  // URLRequestInterceptor implementation:
-  net::URLRequestJob* MaybeInterceptRequest(
-      net::URLRequest* request,
-      net::NetworkDelegate* network_delegate) const override {
-    EXPECT_TRUE(request->disable_secure_dns());
-    return nullptr;
-  }
-};
 class HTTPSOCSPTest : public HTTPSRequestTest {
 public:
  HTTPSOCSPTest()