net: split the SSL session cache between incognito and normal.

net/tools/testserver/testserver.py

 #!/usr/bin/env python
 # Copyright (c) 2011 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """This is a simple HTTP/FTP/SYNC/TCP/UDP/ server used for testing Chrome.
 
 It supports several test URLs, as specified by the handlers in TestPageHandler.
 By default, it listens on an ephemeral port and sends the port number back to
 the originating process over a pipe. The originating process can specify an
@@ skipping 50 matching lines @@
 SERVER_SYNC = 2
 SERVER_TCP_ECHO = 3
 SERVER_UDP_ECHO = 4
 
 # Using debug() seems to cause hangs on XP: see http://crbug.com/64515 .
 debug_output = sys.stderr
 def debug(str):
   debug_output.write(str + "\n")
   debug_output.flush()
 
+class RecordingSessionCache(object):

[wtc, 2011/12/10 01:22:37]

I suggest renaming

  SessionCache => SSLSessionCache

where the context is not SSL-specific.  Up to you...

[agl, 2011/12/12 22:18:20]

Done.

+  """RecordingSessionCache acts as a TLS session cache and maintains a log of
+  lookups and inserts in order to test session cache behaviours."""
+
+  def __init__(self):
+    self.log = []
+
+  def __getitem__(self, sessionID):
+    self.log.append(('lookup', sessionID))
+    raise KeyError()
+
+  def __setitem__(self, sessionID, session):
+    self.log.append(('insert', sessionID))
+
 class StoppableHTTPServer(BaseHTTPServer.HTTPServer):
   """This is a specialization of of BaseHTTPServer to allow it
   to be exited cleanly (by setting its "stop" member to True)."""
 
   def serve_forever(self):
     self.stop = False
     self.nonce_time = None
     while not self.stop:
       self.handle_request()
     self.socket.close()
 
 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, StoppableHTTPServer):
   """This is a specialization of StoppableHTTPerver that add https support."""
 
   def __init__(self, server_address, request_hander_class, cert_path,
-               ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers):
+               ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
+               record_resume_info):
     s = open(cert_path).read()
     x509 = tlslite.api.X509()
     x509.parse(s)
     self.cert_chain = tlslite.api.X509CertChain([x509])
     s = open(cert_path).read()
     self.private_key = tlslite.api.parsePEMKey(s, private=True)
     self.ssl_client_auth = ssl_client_auth
     self.ssl_client_cas = []
     for ca_file in ssl_client_cas:
         s = open(ca_file).read()
         x509 = tlslite.api.X509()
         x509.parse(s)
         self.ssl_client_cas.append(x509.subject)
     self.ssl_handshake_settings = tlslite.api.HandshakeSettings()
     if ssl_bulk_ciphers is not None:
       self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers
 
-    self.session_cache = tlslite.api.SessionCache()
+    if record_resume_info:
+      # If record_resume_info is true then we'll replace the session cache with
+      # an object that records the lookups and inserts that it sees.
+      self.session_cache = RecordingSessionCache()
+    else:
+      self.session_cache = tlslite.api.SessionCache()
     StoppableHTTPServer.__init__(self, server_address, request_hander_class)
 
   def handshake(self, tlsConnection):
     """Creates the SSL connection."""
     try:
       tlsConnection.handshakeServer(certChain=self.cert_chain,
                                     privateKey=self.private_key,
                                     sessionCache=self.session_cache,
                                     reqCert=self.ssl_client_auth,
                                     settings=self.ssl_handshake_settings,
@@ skipping 235 matching lines @@
       self.AuthBasicHandler,
       self.AuthDigestHandler,
       self.SlowServerHandler,
       self.ChunkedServerHandler,
       self.ContentTypeHandler,
       self.NoContentHandler,
       self.ServerRedirectHandler,
       self.ClientRedirectHandler,
       self.MultipartHandler,
       self.MultipartSlowHandler,
+      self.GetSessionCacheHandler,
       self.DefaultResponseHandler]
     post_handlers = [
       self.EchoTitleHandler,
       self.EchoHandler,
       self.DeviceManagementHandler] + get_handlers
     put_handlers = [
       self.EchoTitleHandler,
       self.EchoHandler] + get_handlers
     head_handlers = [
       self.FileHandler,
@@ skipping 1003 matching lines @@
       time.sleep(0.25)
       if i == 2:
         self.wfile.write('<title>PASS</title>')
       else:
         self.wfile.write('<title>page ' + str(i) + '</title>')
       self.wfile.write('page ' + str(i) + '<!-- ' + ('x' * 2048) + '-->')
 
     self.wfile.write('--' + bound + '--')
     return True
 
+  def GetSessionCacheHandler(self):
+    """Send a reply containing a log of the session cache operations."""
+
+    if not self._ShouldHandleRequest('/session-cache'):

[wtc, 2011/12/10 01:22:37]

/session-cache => /ssl-session-cache

also on line 1966 below.

[agl, 2011/12/12 22:18:20]

Done.

+      return False
+
+    self.send_response(200)
+    self.send_header('Content-Type', 'text/plain')
+    self.end_headers()
+    try:
+      for (action, sessionID) in self.server.session_cache.log:
+        self.wfile.write('%s\t%s\n' % (action, sessionID.encode('hex')))
+    except AttributeError, e:
+      self.wfile.write('Pass --https-record-resume in order to use' +
+                       ' this request')
+    return True
+
   def DefaultResponseHandler(self):
     """This is the catch-all response handler for requests that aren't handled
     by one of the special handlers above.
     Note that we specify the content-length as without it the https connection
     is not closed properly (and the browser keeps expecting data)."""
 
     contents = "Default response given for path: " + self.path
     self.send_response(200)
     self.send_header('Content-Type', 'text/html')
     self.send_header('Content-Length', len(contents))
@@ skipping 405 matching lines @@
         print 'specified server cert file not found: ' + options.cert + \
               ' exiting...'
         return
       for ca_cert in options.ssl_client_ca:
         if not os.path.isfile(ca_cert):
           print 'specified trusted client CA file not found: ' + ca_cert + \
                 ' exiting...'
           return
       server = HTTPSServer(('127.0.0.1', port), TestPageHandler, options.cert,
                            options.ssl_client_auth, options.ssl_client_ca,
-                           options.ssl_bulk_cipher)
+                           options.ssl_bulk_cipher, options.record_resume)
       print 'HTTPS server started on port %d...' % server.server_port
     else:
       server = StoppableHTTPServer(('127.0.0.1', port), TestPageHandler)
       print 'HTTP server started on port %d...' % server.server_port
 
     server.data_dir = MakeDataDir()
     server.file_root_url = options.file_root_url
     server_data['port'] = server.server_port
     server._device_management_handler = None
     server.policy_keys = options.policy_keys
@@ skipping 95 matching lines @@
                            'the console.')
   option_parser.add_option('', '--port', default='0', type='int',
                            help='Port used by the server. If unspecified, the '
                            'server will listen on an ephemeral port.')
   option_parser.add_option('', '--data-dir', dest='data_dir',
                            help='Directory from which to read the files.')
   option_parser.add_option('', '--https', dest='cert',
                            help='Specify that https should be used, specify '
                            'the path to the cert containing the private key '
                            'the server should use.')
+  option_parser.add_option('', '--https-record-resume', dest='record_resume',
+                           const=True, default=False, action='store_const',
+                           help='Record resumption cache events rather than'
+                           ' resuming as normal. Allows the use of the'
+                           ' /session-cache request')
   option_parser.add_option('', '--ssl-client-auth', action='store_true',
                            help='Require SSL client auth on every connection.')
   option_parser.add_option('', '--ssl-client-ca', action='append', default=[],
                            help='Specify that the client certificate request '
                            'should include the CA named in the subject of '
                            'the DER-encoded certificate contained in the '
                            'specified file. This option may appear multiple '
                            'times, indicating multiple CA names should be '
                            'sent in the request.')
   option_parser.add_option('', '--ssl-bulk-cipher', action='append',
@@ skipping 19 matching lines @@
                            'random key if none is specified on the command '
                            'line.')
   option_parser.add_option('', '--policy-user', default='user@example.com',
                            dest='policy_user',
                            help='Specify the user name the server should '
                            'report back to the client as the user owning the '
                            'token used for making the policy request.')
   options, args = option_parser.parse_args()
 
   sys.exit(main(options, args))