ProxyResolvingSocketFactory: support "fake SSL" mode for XMPP.

This is arguably way too weird to have at this level, but
jingle_glue::FakesSSLClientSocket is already pulled in via
services/network/p2p, and the alternative would require hundreds
of lines of new code to implement rather than basically a single
if statement.

Bug: 875032
Change-Id: I6fa2007b907378e43f1a619112f812e3d0bbfd50
Reviewed-on: https://chromium-review.googlesource.com/c/1310638Reviewed-by: Nicolas Zea <zea@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Maks Orlovich <morlovich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#605399}

google_apis/gcm/base/socket_stream_unittest.cc

@@ -222,8 +222,11 @@ void GCMSocketStreamTest::OpenConnection() {
   base::RunLoop run_loop;
   int net_error = net::ERR_FAILED;
   const GURL kDestination("https://example.com");
+  network::mojom::ProxyResolvingSocketOptionsPtr options =
+      network::mojom::ProxyResolvingSocketOptions::New();
+  options->use_tls = true;
   mojo_socket_factory_ptr_->CreateProxyResolvingSocket(
-      kDestination, true /* use_tls */,
+      kDestination, std::move(options),
       net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS),
       mojo::MakeRequest(&mojo_socket_ptr_), nullptr /* observer */,
       base::BindLambdaForTesting(

google_apis/gcm/engine/connection_factory_impl.cc

@@ -348,8 +348,11 @@ void ConnectionFactoryImpl::StartConnection() {
           "but does not have any effect on other Google Cloud messages."
         )");
 
+  network::mojom::ProxyResolvingSocketOptionsPtr options =
+      network::mojom::ProxyResolvingSocketOptions::New();
+  options->use_tls = true;
   socket_factory_->CreateProxyResolvingSocket(
-      current_endpoint, true /* use_tls */,
+      current_endpoint, std::move(options),
       net::MutableNetworkTrafficAnnotationTag(traffic_annotation),
       mojo::MakeRequest(&socket_), nullptr /* observer */,
       base::BindOnce(&ConnectionFactoryImpl::OnConnectDone,

google_apis/gcm/engine/connection_handler_impl_unittest.cc

@@ -236,8 +236,11 @@ void GCMConnectionHandlerImplTest::BuildSocket(const ReadList& read_list,
   base::RunLoop run_loop;
   int net_error = net::ERR_FAILED;
   const GURL kDestination("https://example.com");
+  network::mojom::ProxyResolvingSocketOptionsPtr options =
+      network::mojom::ProxyResolvingSocketOptions::New();
+  options->use_tls = true;
   mojo_socket_factory_ptr_->CreateProxyResolvingSocket(
-      kDestination, true /* use_tls */,
+      kDestination, std::move(options),
       net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS),
       mojo::MakeRequest(&mojo_socket_ptr_), nullptr /* observer */,
       base::BindLambdaForTesting(

jingle/glue/fake_ssl_client_socket.cc

@@ -102,6 +102,20 @@ int FakeSSLClientSocket::Read(net::IOBuffer* buf,
   return transport_socket_->Read(buf, buf_len, std::move(callback));
 }
 
+int FakeSSLClientSocket::ReadIfReady(net::IOBuffer* buf,
+                                     int buf_len,
+                                     net::CompletionOnceCallback callback) {
+  DCHECK_EQ(next_handshake_state_, STATE_NONE);
+  DCHECK(handshake_completed_);
+  return transport_socket_->ReadIfReady(buf, buf_len, std::move(callback));
+}
+
+int FakeSSLClientSocket::CancelReadIfReady() {
+  DCHECK_EQ(next_handshake_state_, STATE_NONE);
+  DCHECK(handshake_completed_);
+  return transport_socket_->CancelReadIfReady();
+}
+
 int FakeSSLClientSocket::Write(
     net::IOBuffer* buf,
     int buf_len,

jingle/glue/fake_ssl_client_socket.h

@@ -51,6 +51,10 @@ class FakeSSLClientSocket : public net::StreamSocket {
   int Read(net::IOBuffer* buf,
            int buf_len,
            net::CompletionOnceCallback callback) override;
+  int ReadIfReady(net::IOBuffer* buf,
+                  int buf_len,
+                  net::CompletionOnceCallback callback) override;
+  int CancelReadIfReady() override;
   int Write(
       net::IOBuffer* buf,
       int buf_len,

jingle/glue/network_service_async_socket.cc

@@ -22,11 +22,13 @@ namespace jingle_glue {
 
 NetworkServiceAsyncSocket::NetworkServiceAsyncSocket(
     GetProxyResolvingFactoryCallback get_socket_factory_callback,
+    bool use_fake_tls_handshake,
     size_t read_buf_size,
     size_t write_buf_size,
     const net::NetworkTrafficAnnotationTag& traffic_annotation)
     : get_socket_factory_callback_(get_socket_factory_callback),
       socket_observer_binding_(this),
+      use_fake_tls_handshake_(use_fake_tls_handshake),
       state_(STATE_CLOSED),
       error_(ERROR_NONE),
       net_error_(net::OK),
@@ -160,8 +162,12 @@ bool NetworkServiceAsyncSocket::Connect(const rtc::SocketAddress& address) {
   network::mojom::SocketObserverPtr socket_observer;
   network::mojom::SocketObserverRequest socket_observer_request =
       mojo::MakeRequest(&socket_observer);
+  network::mojom::ProxyResolvingSocketOptionsPtr options =
+      network::mojom::ProxyResolvingSocketOptions::New();
+  options->use_tls = false;
+  options->fake_tls_handshake = use_fake_tls_handshake_;
   socket_factory_->CreateProxyResolvingSocket(
-      GURL("https://" + dest_host_port_pair.ToString()), false /*use_tls*/,
+      GURL("https://" + dest_host_port_pair.ToString()), std::move(options),
       net::MutableNetworkTrafficAnnotationTag(traffic_annotation_),
       mojo::MakeRequest(&socket_), std::move(socket_observer),
       base::BindOnce(&NetworkServiceAsyncSocket::ProcessConnectDone,

jingle/glue/network_service_async_socket.h

@@ -34,6 +34,7 @@ class NetworkServiceAsyncSocket : public buzz::AsyncSocket,
  public:
   NetworkServiceAsyncSocket(
       GetProxyResolvingFactoryCallback get_socket_factory_callback,
+      bool use_fake_tls_handshake,
       size_t read_buf_size,
       size_t write_buf_size,
       const net::NetworkTrafficAnnotationTag& traffic_annotation);
@@ -212,6 +213,8 @@ class NetworkServiceAsyncSocket : public buzz::AsyncSocket,
   // Used to route error notifications here.
   mojo::Binding<network::mojom::SocketObserver> socket_observer_binding_;
 
+  bool use_fake_tls_handshake_;
+
   // buzz::AsyncSocket state.
   buzz::AsyncSocket::State state_;
   buzz::AsyncSocket::Error error_;

jingle/glue/network_service_async_socket_unittest.cc

@@ -187,7 +187,7 @@ class MockProxyResolvingSocketFactory
   // mojom::ProxyResolvingSocketFactory implementation.
   void CreateProxyResolvingSocket(
       const GURL& url,
-      bool use_tls,
+      network::mojom::ProxyResolvingSocketOptionsPtr options,
       const net::MutableNetworkTrafficAnnotationTag& traffic_annotation,
       network::mojom::ProxyResolvingSocketRequest request,
       network::mojom::SocketObserverPtr observer,
@@ -317,6 +317,7 @@ class NetworkServiceAsyncSocketTest : public testing::Test,
         base::BindRepeating(
             &NetworkServiceAsyncSocketTest::BindToProxyResolvingSocketFactory,
             base::Unretained(this)),
+        false, /* use_fake_tls_handshake */
         14, 20, TRAFFIC_ANNOTATION_FOR_TESTS));
 
     ns_async_socket_->SignalConnected.connect(

services/network/DEPS

@@ -10,6 +10,8 @@ include_rules = [
   "+components/prefs",
   "+crypto",
   "+ipc",
+  # FakeSSLClientSocket
+  "+jingle/glue",
   "+net",
   "+sandbox",
   "+services/proxy_resolver/public/mojom",

services/network/proxy_resolving_socket_factory_mojo.cc

@@ -6,6 +6,7 @@
 
 #include <utility>
 
+#include "jingle/glue/fake_ssl_client_socket.h"
 #include "net/url_request/url_request_context.h"
 #include "services/network/proxy_resolving_client_socket.h"
 #include "services/network/proxy_resolving_client_socket_factory.h"
@@ -24,13 +25,19 @@ ProxyResolvingSocketFactoryMojo::~ProxyResolvingSocketFactoryMojo() {}
 
 void ProxyResolvingSocketFactoryMojo::CreateProxyResolvingSocket(
     const GURL& url,
-    bool use_tls,
+    mojom::ProxyResolvingSocketOptionsPtr options,
     const net::MutableNetworkTrafficAnnotationTag& traffic_annotation,
     mojom::ProxyResolvingSocketRequest request,
     mojom::SocketObserverPtr observer,
     CreateProxyResolvingSocketCallback callback) {
+  std::unique_ptr<net::StreamSocket> net_socket =
+      factory_impl_.CreateSocket(url, options && options->use_tls);
+  if (options && options->fake_tls_handshake)
+    net_socket = std::make_unique<jingle_glue::FakeSSLClientSocket>(
+        std::move(net_socket));
+
   auto socket = std::make_unique<ProxyResolvingSocketMojo>(
-      factory_impl_.CreateSocket(url, use_tls),
+      std::move(net_socket),
       static_cast<net::NetworkTrafficAnnotationTag>(traffic_annotation),
       std::move(observer), &tls_socket_factory_);
   ProxyResolvingSocketMojo* socket_raw = socket.get();

services/network/proxy_resolving_socket_factory_mojo.h

@@ -31,7 +31,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) ProxyResolvingSocketFactoryMojo
   // mojom::ProxyResolvingSocketFactory implementation.
   void CreateProxyResolvingSocket(
       const GURL& url,
-      bool use_tls,
+      mojom::ProxyResolvingSocketOptionsPtr options,
       const net::MutableNetworkTrafficAnnotationTag& traffic_annotation,
       mojom::ProxyResolvingSocketRequest request,
       mojom::SocketObserverPtr observer,

services/network/proxy_resolving_socket_mojo.cc

@@ -14,7 +14,7 @@
 namespace network {
 
 ProxyResolvingSocketMojo::ProxyResolvingSocketMojo(
-    std::unique_ptr<ProxyResolvingClientSocket> socket,
+    std::unique_ptr<net::StreamSocket> socket,
     const net::NetworkTrafficAnnotationTag& traffic_annotation,
     mojom::SocketObserverPtr observer,
     TLSSocketFactory* tls_socket_factory)

services/network/proxy_resolving_socket_mojo.h

@@ -26,7 +26,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) ProxyResolvingSocketMojo
       public TLSSocketFactory::Delegate {
  public:
   ProxyResolvingSocketMojo(
-      std::unique_ptr<ProxyResolvingClientSocket> socket,
+      std::unique_ptr<net::StreamSocket> socket,
       const net::NetworkTrafficAnnotationTag& traffic_annotation,
       mojom::SocketObserverPtr observer,
       TLSSocketFactory* tls_socket_factory);
@@ -57,7 +57,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) ProxyResolvingSocketMojo
 
   mojom::SocketObserverPtr observer_;
   TLSSocketFactory* tls_socket_factory_;
-  std::unique_ptr<ProxyResolvingClientSocket> socket_;
+  std::unique_ptr<net::StreamSocket> socket_;
   const net::NetworkTrafficAnnotationTag traffic_annotation_;
   mojom::ProxyResolvingSocketFactory::CreateProxyResolvingSocketCallback
       connect_callback_;

services/network/proxy_resolving_socket_mojo_unittest.cc

@@ -12,6 +12,7 @@
 #include "base/run_loop.h"
 #include "base/test/bind_test_util.h"
 #include "base/test/scoped_task_environment.h"
+#include "jingle/glue/fake_ssl_client_socket.h"
 #include "mojo/public/cpp/bindings/strong_binding.h"
 #include "mojo/public/cpp/system/data_pipe_utils.h"
 #include "net/base/net_errors.h"
@@ -54,6 +55,7 @@ class ProxyResolvingSocketTestBase {
  public:
   ProxyResolvingSocketTestBase(bool use_tls)
       : use_tls_(use_tls),
+        fake_tls_handshake_(false),
         scoped_task_environment_(
             base::test::ScopedTaskEnvironment::MainThreadType::IO) {}
 
@@ -114,8 +116,12 @@ class ProxyResolvingSocketTestBase {
       mojo::ScopedDataPipeProducerHandle* send_pipe_handle_out) {
     base::RunLoop run_loop;
     int net_error = net::ERR_FAILED;
+    network::mojom::ProxyResolvingSocketOptionsPtr options =
+        network::mojom::ProxyResolvingSocketOptions::New();
+    options->use_tls = use_tls_;
+    options->fake_tls_handshake = fake_tls_handshake_;
     factory_ptr_->CreateProxyResolvingSocket(
-        url, use_tls_,
+        url, std::move(options),
         net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS),
         std::move(request), std::move(socket_observer),
         base::BindLambdaForTesting(
@@ -141,11 +147,13 @@ class ProxyResolvingSocketTestBase {
   }
 
   bool use_tls() const { return use_tls_; }
+  void set_fake_tls_handshake(bool val) { fake_tls_handshake_ = val; }
 
   mojom::ProxyResolvingSocketFactory* factory() { return factory_ptr_.get(); }
 
  private:
   const bool use_tls_;
+  bool fake_tls_handshake_;
   base::test::ScopedTaskEnvironment scoped_task_environment_;
   std::unique_ptr<net::MockClientSocketFactory> mock_client_socket_factory_;
   std::unique_ptr<TestURLRequestContextWithProxy> context_with_proxy_;
@@ -334,6 +342,45 @@ class ProxyResolvingSocketMojoTest : public ProxyResolvingSocketTestBase,
   DISALLOW_COPY_AND_ASSIGN(ProxyResolvingSocketMojoTest);
 };
 
+TEST_F(ProxyResolvingSocketMojoTest, ConnectWithFakeTLSHandshake) {
+  const GURL kDestination("https://example.com:443");
+  const char kTestMsg[] = "abcdefghij";
+  const size_t kMsgSize = strlen(kTestMsg);
+
+  Init("DIRECT");
+  set_fake_tls_handshake(true);
+
+  base::StringPiece client_hello =
+      jingle_glue::FakeSSLClientSocket::GetSslClientHello();
+  base::StringPiece server_hello =
+      jingle_glue::FakeSSLClientSocket::GetSslServerHello();
+  std::vector<net::MockRead> reads = {
+      net::MockRead(net::ASYNC, server_hello.data(), server_hello.length(), 1),
+      net::MockRead(net::ASYNC, 2, kTestMsg),
+      net::MockRead(net::ASYNC, net::OK, 3)};
+
+  std::vector<net::MockWrite> writes = {net::MockWrite(
+      net::ASYNC, client_hello.data(), client_hello.length(), 0)};
+
+  net::StaticSocketDataProvider data_provider(reads, writes);
+  data_provider.set_connect_data(net::MockConnect(net::ASYNC, net::OK));
+  mock_client_socket_factory()->AddSocketDataProvider(&data_provider);
+
+  mojom::ProxyResolvingSocketPtr socket;
+  mojo::ScopedDataPipeConsumerHandle client_socket_receive_handle;
+  mojo::ScopedDataPipeProducerHandle client_socket_send_handle;
+  net::IPEndPoint actual_remote_addr;
+  EXPECT_EQ(net::OK,
+            CreateSocketSync(mojo::MakeRequest(&socket),
+                             nullptr /* socket_observer*/, &actual_remote_addr,
+                             kDestination, &client_socket_receive_handle,
+                             &client_socket_send_handle));
+
+  EXPECT_EQ(kTestMsg, Read(&client_socket_receive_handle, kMsgSize));
+  EXPECT_TRUE(data_provider.AllReadDataConsumed());
+  EXPECT_TRUE(data_provider.AllWriteDataConsumed());
+}
+
 // Tests that when ProxyResolvingSocketPtr is destroyed but not the
 // ProxyResolvingSocketFactory, the connect callback is not dropped.
 // Regression test for https://crbug.com/862608.
@@ -350,7 +397,7 @@ TEST_F(ProxyResolvingSocketMojoTest, SocketDestroyedBeforeConnectCompletes) {
   base::RunLoop run_loop;
   int net_error = net::OK;
   factory()->CreateProxyResolvingSocket(
-      kDestination, false,
+      kDestination, nullptr,
       net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS),
       mojo::MakeRequest(&socket), nullptr /* observer */,
       base::BindLambdaForTesting(

services/network/public/mojom/proxy_resolving_socket.mojom

@@ -36,14 +36,23 @@ interface ProxyResolvingSocket {
           handle<data_pipe_producer>? send_stream);
 };
 
+struct ProxyResolvingSocketOptions {
+  // Establish a TLS connection on top of the TCP connection.
+  bool use_tls = false;
+
+  // Tries to do a fake TLS handshake on the connection.
+  // This is sometimes used with XMPP to pass through proxies.
+  // See jingle_glue::FakeSSLClientSocket for more details.
+  bool fake_tls_handshake = false;
+};
+
 // Factory interface for creating ProxyResolvingSocket. Each factory instance
 // has separate socket pools from the NetworkContext which created the
 // factory instance.
 interface ProxyResolvingSocketFactory {
   // Creates a socket connected to |url|. This connection might be done through
-  // proxies if any is set in system's proxy settings. If |use_tls|, a TLS
-  // connection will be established on top of a TCP connection. On success,
-  // |result| is net::OK. Caller is to use |send_stream| to send data and
+  // proxies if any is set in system's proxy settings. On success, |result| is
+  // net::OK. Caller is to use |send_stream| to send data and
   // |receive_stream| to receive data over the connection. On failure, |result|
   // is a network error code. |local_addr| contains the local address of the
   // socket. |peer_addr| contains the peer address. If socket is connected to a
@@ -54,7 +63,8 @@ interface ProxyResolvingSocketFactory {
   //
   // Any sockets that are created but are yet to be destroyed will be destroyed
   // when the implementation of this factory goes away.
-  CreateProxyResolvingSocket(url.mojom.Url url, bool use_tls,
+  CreateProxyResolvingSocket(url.mojom.Url url,
+      ProxyResolvingSocketOptions? options,
       MutableNetworkTrafficAnnotationTag traffic_annotation,
       ProxyResolvingSocket& socket,
       SocketObserver? observer)

services/network/tls_client_socket_unittest.cc

@@ -167,7 +167,7 @@ class TLSClientSocketTestBase {
     base::RunLoop run_loop;
     int net_error = net::ERR_FAILED;
     proxy_resolving_factory_->CreateProxyResolvingSocket(
-        url, false /* use_tls */,
+        url, nullptr /* options */,
         net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS),
         std::move(request), nullptr /* observer */,
         base::BindLambdaForTesting(