OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_http_stream.h" | 5 #include "net/spdy/spdy_http_stream.h" |
6 | 6 |
7 #include "crypto/ec_private_key.h" | |
8 #include "crypto/ec_signature_creator.h" | |
7 #include "crypto/rsa_private_key.h" | 9 #include "crypto/rsa_private_key.h" |
8 #include "crypto/signature_creator.h" | 10 #include "crypto/signature_creator.h" |
11 #include "net/base/asn1_util.h" | |
9 #include "net/base/default_origin_bound_cert_store.h" | 12 #include "net/base/default_origin_bound_cert_store.h" |
10 #include "net/http/http_response_headers.h" | 13 #include "net/http/http_response_headers.h" |
11 #include "net/http/http_response_info.h" | 14 #include "net/http/http_response_info.h" |
12 #include "net/spdy/spdy_session.h" | 15 #include "net/spdy/spdy_session.h" |
13 #include "net/spdy/spdy_test_util.h" | 16 #include "net/spdy/spdy_test_util.h" |
14 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
15 | 18 |
16 namespace net { | 19 namespace net { |
17 | 20 |
18 class SpdyHttpStreamTest : public testing::Test { | 21 class SpdyHttpStreamTest : public testing::Test { |
19 public: | 22 public: |
20 OrderedSocketData* data() { return data_.get(); } | 23 OrderedSocketData* data() { return data_.get(); } |
21 protected: | 24 protected: |
22 SpdyHttpStreamTest() {} | 25 SpdyHttpStreamTest() {} |
23 | 26 |
24 void EnableCompression(bool enabled) { | 27 void EnableCompression(bool enabled) { |
25 spdy::SpdyFramer::set_enable_compression_default(enabled); | 28 spdy::SpdyFramer::set_enable_compression_default(enabled); |
26 } | 29 } |
27 | 30 |
28 virtual void TearDown() { | 31 virtual void TearDown() { |
32 crypto::ECSignatureCreator::SetFactoryForTesting(NULL); | |
29 MessageLoop::current()->RunAllPending(); | 33 MessageLoop::current()->RunAllPending(); |
30 } | 34 } |
31 int InitSession(MockRead* reads, size_t reads_count, | 35 int InitSession(MockRead* reads, size_t reads_count, |
32 MockWrite* writes, size_t writes_count, | 36 MockWrite* writes, size_t writes_count, |
33 HostPortPair& host_port_pair) { | 37 HostPortPair& host_port_pair) { |
34 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); | 38 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); |
35 data_.reset(new OrderedSocketData(reads, reads_count, | 39 data_.reset(new OrderedSocketData(reads, reads_count, |
36 writes, writes_count)); | 40 writes, writes_count)); |
37 session_deps_.socket_factory->AddSocketDataProvider(data_.get()); | 41 session_deps_.socket_factory->AddSocketDataProvider(data_.get()); |
38 http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_); | 42 http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_); |
39 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); | 43 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); |
40 transport_params_ = new TransportSocketParams(host_port_pair, | 44 transport_params_ = new TransportSocketParams(host_port_pair, |
41 MEDIUM, false, false); | 45 MEDIUM, false, false); |
42 TestCompletionCallback callback; | 46 TestCompletionCallback callback; |
43 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 47 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
44 EXPECT_EQ(ERR_IO_PENDING, | 48 EXPECT_EQ(ERR_IO_PENDING, |
45 connection->Init(host_port_pair.ToString(), | 49 connection->Init(host_port_pair.ToString(), |
46 transport_params_, | 50 transport_params_, |
47 MEDIUM, | 51 MEDIUM, |
48 callback.callback(), | 52 callback.callback(), |
49 http_session_->GetTransportSocketPool(), | 53 http_session_->GetTransportSocketPool(), |
50 BoundNetLog())); | 54 BoundNetLog())); |
51 EXPECT_EQ(OK, callback.WaitForResult()); | 55 EXPECT_EQ(OK, callback.WaitForResult()); |
52 return session_->InitializeWithSocket(connection.release(), false, OK); | 56 return session_->InitializeWithSocket(connection.release(), false, OK); |
53 } | 57 } |
58 | |
59 void TestSendCredentials( | |
60 OriginBoundCertService* obc_service, | |
61 const std::string& cert, | |
62 const std::string& proof, | |
63 SSLClientCertType type); | |
64 | |
54 SpdySessionDependencies session_deps_; | 65 SpdySessionDependencies session_deps_; |
55 scoped_ptr<OrderedSocketData> data_; | 66 scoped_ptr<OrderedSocketData> data_; |
56 scoped_refptr<HttpNetworkSession> http_session_; | 67 scoped_refptr<HttpNetworkSession> http_session_; |
57 scoped_refptr<SpdySession> session_; | 68 scoped_refptr<SpdySession> session_; |
58 scoped_refptr<TransportSocketParams> transport_params_; | 69 scoped_refptr<TransportSocketParams> transport_params_; |
59 }; | 70 }; |
60 | 71 |
61 TEST_F(SpdyHttpStreamTest, SendRequest) { | 72 TEST_F(SpdyHttpStreamTest, SendRequest) { |
62 EnableCompression(false); | 73 EnableCompression(false); |
63 SpdySession::SetSSLMode(false); | 74 SpdySession::SetSSLMode(false); |
(...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
221 // This triggers read 3. The empty read causes the session to shut down. | 232 // This triggers read 3. The empty read causes the session to shut down. |
222 data()->CompleteRead(); | 233 data()->CompleteRead(); |
223 | 234 |
224 // Because we abandoned the stream, we don't expect to find a session in the | 235 // Because we abandoned the stream, we don't expect to find a session in the |
225 // pool anymore. | 236 // pool anymore. |
226 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); | 237 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); |
227 EXPECT_TRUE(data()->at_read_eof()); | 238 EXPECT_TRUE(data()->at_read_eof()); |
228 EXPECT_TRUE(data()->at_write_eof()); | 239 EXPECT_TRUE(data()->at_write_eof()); |
229 } | 240 } |
230 | 241 |
231 void GetOriginBoundCertAndProof(const std::string& origin, | 242 void GetRSAOriginBoundCertAndProof(const std::string& origin, |
232 OriginBoundCertService* obc_service, | 243 OriginBoundCertService* obc_service, |
233 std::string* cert, | 244 std::string* cert, |
234 std::string* proof) { | 245 std::string* proof) { |
235 TestCompletionCallback callback; | 246 TestCompletionCallback callback; |
236 std::vector<uint8> requested_cert_types; | 247 std::vector<uint8> requested_cert_types; |
237 requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN); | 248 requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN); |
238 SSLClientCertType cert_type; | 249 SSLClientCertType cert_type; |
239 std::string key; | 250 std::string key; |
240 OriginBoundCertService::RequestHandle request_handle; | 251 OriginBoundCertService::RequestHandle request_handle; |
241 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, | 252 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, |
(...skipping 16 matching lines...) Expand all Loading... | |
258 std::vector<uint8> proof_data; | 269 std::vector<uint8> proof_data; |
259 scoped_ptr<crypto::RSAPrivateKey> private_key( | 270 scoped_ptr<crypto::RSAPrivateKey> private_key( |
260 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_data)); | 271 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_data)); |
261 scoped_ptr<crypto::SignatureCreator> creator( | 272 scoped_ptr<crypto::SignatureCreator> creator( |
262 crypto::SignatureCreator::Create(private_key.get())); | 273 crypto::SignatureCreator::Create(private_key.get())); |
263 creator->Update(secret, arraysize(secret)); | 274 creator->Update(secret, arraysize(secret)); |
264 creator->Final(&proof_data); | 275 creator->Final(&proof_data); |
265 proof->assign(proof_data.begin(), proof_data.end()); | 276 proof->assign(proof_data.begin(), proof_data.end()); |
266 } | 277 } |
267 | 278 |
279 void GetECOriginBoundCertAndProof(const std::string& origin, | |
280 OriginBoundCertService* obc_service, | |
281 std::string* cert, | |
282 std::string* proof) { | |
283 TestCompletionCallback callback; | |
284 std::vector<uint8> requested_cert_types; | |
285 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); | |
286 SSLClientCertType cert_type; | |
287 std::string key; | |
288 OriginBoundCertService::RequestHandle request_handle; | |
289 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, | |
290 &cert_type, &key, cert, | |
291 callback.callback(), | |
292 &request_handle); | |
293 EXPECT_EQ(ERR_IO_PENDING, rv); | |
294 EXPECT_EQ(OK, callback.WaitForResult()); | |
295 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type); | |
296 | |
297 unsigned char secret[32]; | |
298 memset(secret, 'A', arraysize(secret)); | |
299 | |
300 // Convert the key string into a vector<unit8> | |
301 std::vector<uint8> key_data(key.begin(), key.end()); | |
302 | |
303 base::StringPiece spki_piece; | |
304 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece)); | |
305 std::vector<uint8> spki(spki_piece.data(), | |
306 spki_piece.data() + spki_piece.size()); | |
307 | |
308 std::vector<uint8> proof_data; | |
309 scoped_ptr<crypto::ECPrivateKey> private_key( | |
310 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | |
311 OriginBoundCertService::kEPKIPassword, key_data, spki)); | |
312 scoped_ptr<crypto::ECSignatureCreator> creator( | |
313 crypto::ECSignatureCreator::Create(private_key.get())); | |
314 creator->Sign(secret, arraysize(secret), &proof_data); | |
315 proof->assign(proof_data.begin(), proof_data.end()); | |
316 } | |
317 | |
268 // TODO(rch): When openssl supports origin bound certifictes, this | 318 // TODO(rch): When openssl supports origin bound certifictes, this |
269 // guard can be removed | 319 // guard can be removed |
270 #if !defined(USE_OPENSSL) | 320 #if !defined(USE_OPENSSL) |
271 // Test that if we request a resource for a new origin on a session that | 321 // Test that if we request a resource for a new origin on a session that |
272 // used origin bound certificates, that we send a CREDENTIAL frame for | 322 // used origin bound certificates, that we send a CREDENTIAL frame for |
273 // the new origin before we send the new request. | 323 // the new origin before we send the new request. |
274 TEST_F(SpdyHttpStreamTest, SendCredentials) { | 324 void SpdyHttpStreamTest::TestSendCredentials( |
325 OriginBoundCertService* obc_service, | |
326 const std::string& cert, | |
327 const std::string& proof, | |
328 SSLClientCertType type) { | |
275 EnableCompression(false); | 329 EnableCompression(false); |
276 | 330 |
277 scoped_ptr<OriginBoundCertService> obc_service( | |
278 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); | |
279 std::string cert; | |
280 std::string proof; | |
281 GetOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), | |
282 &cert, &proof); | |
283 | |
284 spdy::SpdyCredential cred; | 331 spdy::SpdyCredential cred; |
285 cred.slot = 1; | 332 cred.slot = 1; |
286 cred.origin = "http://www.gmail.com"; | 333 cred.origin = "http://www.gmail.com"; |
287 cred.proof = proof; | 334 cred.proof = proof; |
288 cred.certs.push_back(cert); | 335 cred.certs.push_back(cert); |
289 | 336 |
290 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST)); | 337 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST)); |
291 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred)); | 338 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred)); |
292 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com", | 339 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com", |
293 false, 3, LOWEST)); | 340 false, 3, LOWEST)); |
(...skipping 14 matching lines...) Expand all Loading... | |
308 HostPortPair host_port_pair("www.google.com", 80); | 355 HostPortPair host_port_pair("www.google.com", 80); |
309 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); | 356 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); |
310 | 357 |
311 DeterministicMockClientSocketFactory* socket_factory = | 358 DeterministicMockClientSocketFactory* socket_factory = |
312 session_deps_.deterministic_socket_factory.get(); | 359 session_deps_.deterministic_socket_factory.get(); |
313 scoped_refptr<DeterministicSocketData> data( | 360 scoped_refptr<DeterministicSocketData> data( |
314 new DeterministicSocketData(reads, arraysize(reads), | 361 new DeterministicSocketData(reads, arraysize(reads), |
315 writes, arraysize(writes))); | 362 writes, arraysize(writes))); |
316 socket_factory->AddSocketDataProvider(data.get()); | 363 socket_factory->AddSocketDataProvider(data.get()); |
317 SSLSocketDataProvider ssl(false, OK); | 364 SSLSocketDataProvider ssl(false, OK); |
318 ssl.origin_bound_cert_type = CLIENT_CERT_RSA_SIGN; | 365 ssl.origin_bound_cert_type = type; |
319 ssl.origin_bound_cert_service = obc_service.get(); | 366 ssl.origin_bound_cert_service = obc_service; |
320 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; | 367 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; |
321 socket_factory->AddSSLSocketDataProvider(&ssl); | 368 socket_factory->AddSSLSocketDataProvider(&ssl); |
322 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( | 369 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( |
323 &session_deps_); | 370 &session_deps_); |
324 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); | 371 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); |
325 transport_params_ = new TransportSocketParams(host_port_pair, | 372 transport_params_ = new TransportSocketParams(host_port_pair, |
326 MEDIUM, false, false); | 373 MEDIUM, false, false); |
327 TestCompletionCallback callback; | 374 TestCompletionCallback callback; |
328 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 375 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
329 SSLConfig ssl_config; | 376 SSLConfig ssl_config; |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
386 callback.WaitForResult(); | 433 callback.WaitForResult(); |
387 | 434 |
388 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders( | 435 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders( |
389 callback.callback())); | 436 callback.callback())); |
390 data->RunFor(1); | 437 data->RunFor(1); |
391 EXPECT_EQ(OK, callback.WaitForResult()); | 438 EXPECT_EQ(OK, callback.WaitForResult()); |
392 ASSERT_TRUE(response.headers.get() != NULL); | 439 ASSERT_TRUE(response.headers.get() != NULL); |
393 ASSERT_EQ(200, response.headers->response_code()); | 440 ASSERT_EQ(200, response.headers->response_code()); |
394 } | 441 } |
395 | 442 |
443 TEST_F(SpdyHttpStreamTest, SendCredentialsRSA) { | |
444 scoped_ptr<OriginBoundCertService> obc_service( | |
445 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); | |
446 std::string cert; | |
447 std::string proof; | |
448 GetRSAOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), | |
449 &cert, &proof); | |
450 | |
451 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_RSA_SIGN); | |
452 } | |
453 | |
454 class MockECSignatureCreator : public crypto::ECSignatureCreator { | |
455 public: | |
456 explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {} | |
457 | |
458 virtual bool Sign(const uint8* data, | |
459 int data_len, | |
460 std::vector<uint8>* signature) { | |
461 std::vector<uint8> private_key_value; | |
462 key_->ExportValue(&private_key_value); | |
463 std::string head = "fakesignature"; | |
464 std::string tail = "/fakesignature"; | |
465 | |
466 signature->clear(); | |
467 signature->insert(signature->end(), head.begin(), head.end()); | |
468 signature->insert(signature->end(), private_key_value.begin(), | |
469 private_key_value.end()); | |
470 signature->insert(signature->end(), '-'); | |
471 signature->insert(signature->end(), data, data + data_len); | |
472 signature->insert(signature->end(), tail.begin(), tail.end()); | |
473 return true; | |
474 } | |
475 | |
476 private: | |
477 crypto::ECPrivateKey* key_; | |
478 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator); | |
479 }; | |
480 | |
481 class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory { | |
482 public: | |
483 MockECSignatureCreatorFactory() {} | |
484 | |
485 virtual crypto::ECSignatureCreator* Create(crypto::ECPrivateKey* key) { | |
486 return new MockECSignatureCreator(key); | |
487 } | |
488 private: | |
489 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory); | |
490 }; | |
491 | |
492 TEST_F(SpdyHttpStreamTest, SendCredentialsEC) { | |
493 scoped_ptr<crypto::ECSignatureCreatorFactory> ec_signature_creator_factory( | |
494 new MockECSignatureCreatorFactory()); | |
495 crypto::ECSignatureCreator::SetFactoryForTesting( | |
496 ec_signature_creator_factory.get()); | |
497 | |
498 scoped_ptr<OriginBoundCertService> obc_service( | |
499 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); | |
500 std::string cert; | |
501 std::string proof; | |
502 GetECOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), | |
503 &cert, &proof); | |
Ryan Hamilton
2012/02/23 04:36:12
I think this needs to be indented one more charact
mattm
2012/02/23 04:44:57
Done.
| |
504 | |
505 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_ECDSA_SIGN); | |
506 } | |
507 | |
396 #endif // !defined(USE_OPENSSL) | 508 #endif // !defined(USE_OPENSSL) |
397 | 509 |
398 // TODO(willchan): Write a longer test for SpdyStream that exercises all | 510 // TODO(willchan): Write a longer test for SpdyStream that exercises all |
399 // methods. | 511 // methods. |
400 | 512 |
401 } // namespace net | 513 } // namespace net |
OLD | NEW |