Add NetworkIsolationKey parameter to preconnect NetworkContext API.

The only two consumers currently just pass in a key created using the default contructor. I'll hook up reasonable values to PreconnectManager in followup CLs. Bug: 966896 Change-Id: Ic4c69dea4a97795e41d6dcd90b85b531eadbbf1e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1670529 Commit-Queue: Matt Menke <mmenke@chromium.org> Reviewed-by: Alexander Alekseev <alemate@chromium.org> Reviewed-by: Shivani Sharma <shivanisha@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Alex Ilin <alexilin@chromium.org> Reviewed-by: Tarun Bansal <tbansal@chromium.org> Cr-Commit-Position: refs/heads/master@{#671945}

Add NetworkIsolationKey parameter to preconnect NetworkContext API.
The only two consumers currently just pass in a key created using the default contructor. I'll hook up reasonable values to PreconnectManager in followup CLs. Bug: 966896 Change-Id: Ic4c69dea4a97795e41d6dcd90b85b531eadbbf1e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1670529 Commit-Queue: Matt Menke <mmenke@chromium.org> Reviewed-by: Alexander Alekseev <alemate@chromium.org> Reviewed-by: Shivani Sharma <shivanisha@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Alex Ilin <alexilin@chromium.org> Reviewed-by: Tarun Bansal <tbansal@chromium.org> Cr-Commit-Position: refs/heads/master@{#671945}
c77bc337 · Matt Menke · Commit Bot · a7627737 · c77bc337 · c77bc337
Commit c77bc337 authored Jun 25, 2019 by Matt Menke Committed by Commit Bot Jun 25, 2019
8 changed files
--- a/chrome/browser/chromeos/login/auth/auth_prewarmer.cc
+++ b/chrome/browser/chromeos/login/auth/auth_prewarmer.cc
@@ -6,6 +6,7 @@
 #include <stddef.h>
+#include "base/optional.h"
 #include "base/task/post_task.h"
 #include "chrome/browser/chromeos/login/helper.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
@@ -66,7 +67,7 @@ void AuthPrewarmer::DoPrewarm() {
  if (network_context) {
    // Do nothing if NetworkContext isn't available.
    network_context->PreconnectSockets(kConnectionsNeeded, url, kLoadFlags,
-                                       kShouldUsePrivacyMode);
+                                       kShouldUsePrivacyMode, base::nullopt);
  }
  if (!completion_callback_.is_null()) {
    base::PostTaskWithTraits(FROM_HERE, {content::BrowserThread::UI},

--- a/chrome/browser/predictors/preconnect_manager.cc
+++ b/chrome/browser/predictors/preconnect_manager.cc
@@ -7,6 +7,7 @@
 #include <utility>
 #include "base/bind.h"
+#include "base/optional.h"
 #include "base/task/post_task.h"
 #include "base/trace_event/trace_event.h"
 #include "chrome/browser/predictors/resource_prefetch_predictor.h"
@@ -160,8 +161,9 @@ void PreconnectManager::PreconnectUrl(const GURL& url,
                 net::LOAD_DO_NOT_SEND_AUTH_DATA;
  }
-  network_context->PreconnectSockets(num_sockets, url, load_flags,
+  // TODO(mmenke): Use an appropriate NetworkIsolationKey().
-                                     privacy_mode);
+  network_context->PreconnectSockets(num_sockets, url, load_flags, privacy_mode,
+                                     base::nullopt);
 }
 std::unique_ptr<ResolveHostClientImpl> PreconnectManager::PreresolveUrl(

--- a/chrome/browser/predictors/preconnect_manager_unittest.cc
+++ b/chrome/browser/predictors/preconnect_manager_unittest.cc
--- a/services/network/network_context.cc
+++ b/services/network/network_context.cc
@@ -41,6 +41,7 @@
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate.h"
+#include "net/base/network_isolation_key.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/ct_verify_result.h"
@@ -1559,10 +1560,12 @@ void NetworkContext::VerifyCertificateForTesting(
      request, net::NetLogWithSource());
 }
-void NetworkContext::PreconnectSockets(uint32_t num_streams,
+void NetworkContext::PreconnectSockets(
-                                       const GURL& original_url,
+    uint32_t num_streams,
-                                       int32_t load_flags,
+    const GURL& original_url,
-                                       bool privacy_mode_enabled) {
+    int32_t load_flags,
+    bool privacy_mode_enabled,
+    const base::Optional<net::NetworkIsolationKey>& network_isolation_key) {
  GURL url = GetHSTSRedirect(original_url);
  // |PreconnectSockets| may receive arguments from the renderer, which is not
@@ -1581,9 +1584,11 @@ void NetworkContext::PreconnectSockets(uint32_t num_streams,
  request_info.extra_headers.SetHeader(net::HttpRequestHeaders::kUserAgent,
                                       user_agent);
+  request_info.load_flags = load_flags;
  request_info.privacy_mode = privacy_mode_enabled ? net::PRIVACY_MODE_ENABLED
                                                   : net::PRIVACY_MODE_DISABLED;
-  request_info.load_flags = load_flags;
+  if (network_isolation_key)
+    request_info.network_isolation_key = *network_isolation_key;
  net::HttpTransactionFactory* factory =
      url_request_context_->http_transaction_factory();

--- a/services/network/network_context.h
+++ b/services/network/network_context.h
@@ -321,7 +321,9 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
  void PreconnectSockets(uint32_t num_streams,
                         const GURL& url,
                         int32_t load_flags,
-                         bool privacy_mode_enabled) override;
+                         bool privacy_mode_enabled,
+                         const base::Optional<net::NetworkIsolationKey>&
+                             network_isolation_key) override;
  void CreateP2PSocketManager(
      mojom::P2PTrustedSocketManagerClientPtr client,
      mojom::P2PTrustedSocketManagerRequest trusted_socket_manager,

--- a/services/network/network_context_unittest.cc
+++ b/services/network/network_context_unittest.cc
@@ -53,6 +53,7 @@
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_change_notifier.h"
+#include "net/base/network_isolation_key.h"
 #include "net/base/proxy_server.h"
 #include "net/base/test_completion_callback.h"
 #include "net/cert/cert_verify_result.h"
@@ -79,6 +80,7 @@
 #include "net/proxy_resolution/proxy_config.h"
 #include "net/proxy_resolution/proxy_info.h"
 #include "net/proxy_resolution/proxy_resolution_service.h"
+#include "net/socket/client_socket_pool.h"
 #include "net/socket/transport_client_socket_pool.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/controllable_http_response.h"
@@ -3484,8 +3486,9 @@ TEST_F(NetworkContextTest, PreconnectOne) {
  test_server.SetConnectionListener(&connection_listener);
  ASSERT_TRUE(test_server.Start());
-  network_context->PreconnectSockets(1, test_server.base_url(),
+  network_context->PreconnectSockets(
-                                     net::LOAD_NORMAL, true);
+      1, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
  connection_listener.WaitForAcceptedConnections(1u);
 }
@@ -3500,7 +3503,8 @@ TEST_F(NetworkContextTest, PreconnectHSTS) {
  const GURL server_http_url = GetHttpUrlFromHttps(test_server.base_url());
  network_context->PreconnectSockets(1, server_http_url, net::LOAD_NORMAL,
-                                     true);
+                                     true /* privacy_mode_enabled */,
+                                     net::NetworkIsolationKey());
  connection_listener.WaitForAcceptedConnections(1u);
  int num_sockets = GetSocketCountForGroup(
@@ -3513,7 +3517,8 @@ TEST_F(NetworkContextTest, PreconnectHSTS) {
  network_context->url_request_context()->transport_security_state()->AddHSTS(
      server_http_url.host(), expiry, false);
  network_context->PreconnectSockets(1, server_http_url, net::LOAD_NORMAL,
-                                     true);
+                                     true /* privacy_mode_enabled */,
+                                     net::NetworkIsolationKey());
  connection_listener.WaitForAcceptedConnections(1u);
  // If HSTS weren't respected, the initial connection would have been reused.
@@ -3532,8 +3537,9 @@ TEST_F(NetworkContextTest, PreconnectZero) {
  test_server.SetConnectionListener(&connection_listener);
  ASSERT_TRUE(test_server.Start());
-  network_context->PreconnectSockets(0, test_server.base_url(),
+  network_context->PreconnectSockets(
-                                     net::LOAD_NORMAL, true);
+      0, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
  base::RunLoop().RunUntilIdle();
  int num_sockets =
@@ -3553,8 +3559,9 @@ TEST_F(NetworkContextTest, PreconnectTwo) {
  test_server.SetConnectionListener(&connection_listener);
  ASSERT_TRUE(test_server.Start());
-  network_context->PreconnectSockets(2, test_server.base_url(),
+  network_context->PreconnectSockets(
-                                     net::LOAD_NORMAL, true);
+      2, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
  connection_listener.WaitForAcceptedConnections(2u);
  int num_sockets =
@@ -3571,8 +3578,9 @@ TEST_F(NetworkContextTest, PreconnectFour) {
  test_server.SetConnectionListener(&connection_listener);
  ASSERT_TRUE(test_server.Start());
-  network_context->PreconnectSockets(4, test_server.base_url(),
+  network_context->PreconnectSockets(
-                                     net::LOAD_NORMAL, true);
+      4, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
  connection_listener.WaitForAcceptedConnections(4u);
@@ -3594,8 +3602,9 @@ TEST_F(NetworkContextTest, PreconnectMax) {
      GetSocketPoolInfo(network_context.get(), "max_sockets_per_group");
  EXPECT_GT(76, max_num_sockets);
-  network_context->PreconnectSockets(76, test_server.base_url(),
+  network_context->PreconnectSockets(
-                                     net::LOAD_NORMAL, true);
+      76, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
  // Wait until |max_num_sockets| have been connected.
  connection_listener.WaitForAcceptedConnections(max_num_sockets);
@@ -3610,6 +3619,45 @@ TEST_F(NetworkContextTest, PreconnectMax) {
  ASSERT_EQ(num_sockets, max_num_sockets);
 }
+// Make sure preconnects for the same URL but with different network isolation
+// keys are not merged.
+TEST_F(NetworkContextTest, PreconnectNetworkIsolationKey) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(
+      net::features::kPartitionConnectionsByNetworkIsolationKey);
+  std::unique_ptr<NetworkContext> network_context =
+      CreateContextWithParams(CreateContextParams());
+  ConnectionListener connection_listener;
+  net::EmbeddedTestServer test_server;
+  test_server.SetConnectionListener(&connection_listener);
+  ASSERT_TRUE(test_server.Start());
+  const net::NetworkIsolationKey kKey1(
+      url::Origin::Create(GURL("http://foo.test")));
+  const net::NetworkIsolationKey kKey2(
+      url::Origin::Create(GURL("http://bar.test")));
+  network_context->PreconnectSockets(1, test_server.base_url(),
+                                     net::LOAD_NORMAL,
+                                     true /* privacy_mode_enabled */, kKey1);
+  network_context->PreconnectSockets(2, test_server.base_url(),
+                                     net::LOAD_NORMAL,
+                                     true /* privacy_mode_enabled */, kKey2);
+  connection_listener.WaitForAcceptedConnections(3u);
+  net::ClientSocketPool::GroupId group_id1(
+      test_server.host_port_pair(), net::ClientSocketPool::SocketType::kHttp,
+      net::PrivacyMode::PRIVACY_MODE_ENABLED, kKey1);
+  EXPECT_EQ(
+      1, GetSocketCountForGroup(network_context.get(), group_id1.ToString()));
+  net::ClientSocketPool::GroupId group_id2(
+      test_server.host_port_pair(), net::ClientSocketPool::SocketType::kHttp,
+      net::PrivacyMode::PRIVACY_MODE_ENABLED, kKey2);
+  EXPECT_EQ(
+      2, GetSocketCountForGroup(network_context.get(), group_id2.ToString()));
+}
 // This tests both ClostAllConnetions and CloseIdleConnections.
 TEST_F(NetworkContextTest, CloseConnections) {
  // Have to close all connections first, as CloseIdleConnections leaves around

--- a/services/network/public/mojom/network_context.mojom
+++ b/services/network/public/mojom/network_context.mojom
@@ -856,10 +856,14 @@ interface NetworkContext {
  // |privacy_mode_enabled| is also passed into the HttpRequestInfo class: if
  // it is true, then the request must be sent over a connection that cannot be
  // tracked by the server.
+  // |network_isolation_key| specifies the NetworkIsolationKey to associate
+  // with the preconnected sockets. The sockets will only be used for requests
+  // associated with the same key.
  PreconnectSockets(uint32 num_streams,
                    url.mojom.Url url,
                    int32 load_flags,
-                    bool privacy_mode_enabled);
+                    bool privacy_mode_enabled,
+                    NetworkIsolationKey? network_isolation_key);
  // Creates a P2PSocketManager instance, used for WebRTC.
  CreateP2PSocketManager(P2PTrustedSocketManagerClient client,

--- a/services/network/test/test_network_context.h
+++ b/services/network/test/test_network_context.h
@@ -27,6 +27,10 @@
 #include "services/network/public/mojom/websocket.mojom.h"
 #include "url/origin.h"
+namespace net {
+class NetworkIsolationKey;
+}
 namespace network {
 // Noop implementation of mojom::NetworkContext.  Useful to override to create
@@ -186,7 +190,9 @@ class TestNetworkContext : public mojom::NetworkContext {
  void PreconnectSockets(uint32_t num_streams,
                         const GURL& url,
                         int32_t load_flags,
-                         bool privacy_mode_enabled) override {}
+                         bool privacy_mode_enabled,
+                         const base::Optional<net::NetworkIsolationKey>&
+                             network_isolation_key) override {}
  void CreateP2PSocketManager(
      mojom::P2PTrustedSocketManagerClientPtr client,
      mojom::P2PTrustedSocketManagerRequest trusted_socket_manager,