diff options
author | Yigit Akcay <yigit.akcay@qt.io> | 2023-04-28 18:11:46 +0200 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2023-07-29 09:22:38 +0200 |
commit | a80b5d2299af8cea49ff0d2c02ae7632efe6d82b (patch) | |
tree | f8f8574367be2039cc018e4f3a9f1fe1954d2dc9 /tests/auto | |
parent | 3af75992d2e4d034daf328938a07a1539ee852ae (diff) |
Improve DNS-over-HTTPS configuration logic
This patch improves the DNS-over-HTTPS configuration and sets defaults
for the general DNS logic. The following changes are included:
- Insecure Chromium DNS client is always OFF (OFF is the Chromium
default as well)
- Add DnsMode::SystemOnly, which configures Chromium to only use the
system DNS
- The default DNS configuration is DnsMode::SystemOnly
- Rename DnsMode::Secure to DnsMode::SecureOnly and
DnsMode::WithFallback to DnsMode::SecureWithFallback to be clearer
what each enum value does
- Add error handling for invalid URI templates
- Added test cases to handle the new logic
- Some minor refactoring for cleanup purposes with the new defaults and
logic taken into consideration
- Some minor bug fixes
Task-number: QTBUG-98284
Pick-to: 6.6
Change-Id: Ie332166f8b5b83c8939af35e4eb8b69b417abdcf
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'tests/auto')
-rw-r--r-- | tests/auto/core/qwebengineglobalsettings/tst_qwebengineglobalsettings.cpp | 73 |
1 files changed, 44 insertions, 29 deletions
diff --git a/tests/auto/core/qwebengineglobalsettings/tst_qwebengineglobalsettings.cpp b/tests/auto/core/qwebengineglobalsettings/tst_qwebengineglobalsettings.cpp index 71788ded5..e3986674f 100644 --- a/tests/auto/core/qwebengineglobalsettings/tst_qwebengineglobalsettings.cpp +++ b/tests/auto/core/qwebengineglobalsettings/tst_qwebengineglobalsettings.cpp @@ -36,15 +36,21 @@ void tst_QWebEngineGlobalSettings::dnsOverHttps_data() { QTest::addColumn<QWebEngineGlobalSettings::DnsMode>("dnsMode"); QTest::addColumn<QString>("uriTemplate"); - QTest::addColumn<bool>("isWithCustomDnsServer"); + QTest::addColumn<bool>("isMockDnsServerCalledExpected"); QTest::addColumn<bool>("isDnsResolutionSuccessExpected"); - QTest::newRow("DnsMode::Secure (mock DNS)") - << QWebEngineGlobalSettings::DnsMode::Secure - << QStringLiteral("https://127.0.0.1:3000/dns-query{?dns}") << true << false; - QTest::newRow("DnsMode::Secure (real DNS)") - << QWebEngineGlobalSettings::DnsMode::Secure - << QStringLiteral("https://dns.google/dns-query{?dns}") << false << true; - + QTest::addColumn<bool>("isConfigurationSuccessExpected"); + QTest::newRow("DnsMode::SystemOnly (no DoH server)") + << QWebEngineGlobalSettings::DnsMode::SystemOnly << QStringLiteral("") << false << true + << true; + QTest::newRow("DnsMode::SecureOnly (mock DoH server)") + << QWebEngineGlobalSettings::DnsMode::SecureOnly + << QStringLiteral("https://127.0.0.1:3000/dns-query{?dns}") << true << false << true; + QTest::newRow("DnsMode::SecureOnly (real DoH server)") + << QWebEngineGlobalSettings::DnsMode::SecureOnly + << QStringLiteral("https://dns.google/dns-query{?dns}") << false << true << true; + QTest::newRow("DnsMode::SecureOnly (Empty URI Templates)") + << QWebEngineGlobalSettings::DnsMode::SecureOnly << QStringLiteral("") << false << false + << false; // Note: In the following test, we can't verify that the DoH server is called first and // afterwards insecure DNS is tried, because for the DoH server to ever be used when the DNS // mode is set to DnsMode::WithFallback, Chromium starts an asynchronous DoH server DnsProbe and @@ -52,33 +58,45 @@ void tst_QWebEngineGlobalSettings::dnsOverHttps_data() // DNS response, which in turn requires that certificate errors aren't ignored and // non-self-signed certificates are used for correct encryption. Instead of implementing // all of that, this test verifies that Chromium tries probing the configured DoH server only. - QTest::newRow("DnsMode::WithFallback (mock DNS)") - << QWebEngineGlobalSettings::DnsMode::WithFallback - << QStringLiteral("https://127.0.0.1:3000/dns-query{?dns}") << true << true; + QTest::newRow("DnsMode::SecureWithFallback (mock DoH server)") + << QWebEngineGlobalSettings::DnsMode::SecureWithFallback + << QStringLiteral("https://127.0.0.1:3000/dns-query{?dns}") << true << true << true; + QTest::newRow("DnsMode::SecureWithFallback (Empty URI Templates)") + << QWebEngineGlobalSettings::DnsMode::SecureWithFallback << QStringLiteral("") << false + << false << false; } void tst_QWebEngineGlobalSettings::dnsOverHttps() { QFETCH(QWebEngineGlobalSettings::DnsMode, dnsMode); QFETCH(QString, uriTemplate); - QFETCH(bool, isWithCustomDnsServer); + QFETCH(bool, isMockDnsServerCalledExpected); QFETCH(bool, isDnsResolutionSuccessExpected); - bool isDnsServerCalled = false; + QFETCH(bool, isConfigurationSuccessExpected); + bool isMockDnsServerCalled = false; bool isLoadSuccessful = false; + QWebEngineGlobalSettings *globalSettings = QWebEngineGlobalSettings::instance(); + bool configurationSuccess = globalSettings->setDnsMode(dnsMode, QStringList() << uriTemplate); + QCOMPARE(configurationSuccess, isConfigurationSuccessExpected); + + if (!configurationSuccess) { + // In this case, DNS has invalid configuration, so the DNS change transaction is not + // triggered and the result of the DNS resolution depends on the current DNS mode, which is + // set by the previous run of this function. + return; + } HttpsServer httpsServer(":/cert/localhost.crt", ":/cert/localhost.key", ":/cert/RootCA.pem", 3000, this); - if (isWithCustomDnsServer) { - QObject::connect( - &httpsServer, &HttpsServer::newRequest, this, [&isDnsServerCalled](HttpReqRep *rr) { - QVERIFY(rr->requestPath().contains(QByteArrayLiteral("/dns-query?dns="))); - isDnsServerCalled = true; - rr->close(); - }); - QVERIFY(httpsServer.start()); - httpsServer.setExpectError(true); - httpsServer.setVerifyMode(QSslSocket::PeerVerifyMode::VerifyNone); - } + QObject::connect(&httpsServer, &HttpsServer::newRequest, this, + [&isMockDnsServerCalled](HttpReqRep *rr) { + QVERIFY(rr->requestPath().contains(QByteArrayLiteral("/dns-query?dns="))); + isMockDnsServerCalled = true; + rr->close(); + }); + QVERIFY(httpsServer.start()); + httpsServer.setExpectError(isMockDnsServerCalledExpected); + httpsServer.setVerifyMode(QSslSocket::PeerVerifyMode::VerifyNone); QWebEngineProfile profile; QWebEnginePage page(&profile); @@ -87,15 +105,12 @@ void tst_QWebEngineGlobalSettings::dnsOverHttps() connect(&page, &QWebEnginePage::loadFinished, this, [&isLoadSuccessful](bool ok) { isLoadSuccessful = ok; }); - QWebEngineGlobalSettings *globalSettings = QWebEngineGlobalSettings::instance(); - globalSettings->configureDnsOverHttps(dnsMode, uriTemplate); - page.load(QUrl("https://google.com/")); - if (!loadSpy.wait(10000)) { + if (!loadSpy.wait(20000)) { QSKIP("Couldn't load page from network, skipping test."); } - QTRY_COMPARE(isDnsServerCalled, isWithCustomDnsServer); + QTRY_COMPARE(isMockDnsServerCalled, isMockDnsServerCalledExpected); QCOMPARE(isLoadSuccessful, isDnsResolutionSuccessExpected); QVERIFY(httpsServer.stop()); } |