Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(516)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_http_stream_unittest.cc

Issue 9455006: Fix SpdySession::WriteCredentialFrame ECPrivateKey creation args. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: openssl fix Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « crypto/ec_signature_creator_unittest.cc ('k') | net/spdy/spdy_session.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_http_stream.h" 5 #include "net/spdy/spdy_http_stream.h"
6 6
7 #include "crypto/ec_private_key.h"
8 #include "crypto/ec_signature_creator.h"
7 #include "crypto/rsa_private_key.h" 9 #include "crypto/rsa_private_key.h"
8 #include "crypto/signature_creator.h" 10 #include "crypto/signature_creator.h"
11 #include "net/base/asn1_util.h"
9 #include "net/base/default_origin_bound_cert_store.h" 12 #include "net/base/default_origin_bound_cert_store.h"
10 #include "net/http/http_response_headers.h" 13 #include "net/http/http_response_headers.h"
11 #include "net/http/http_response_info.h" 14 #include "net/http/http_response_info.h"
12 #include "net/spdy/spdy_session.h" 15 #include "net/spdy/spdy_session.h"
13 #include "net/spdy/spdy_test_util.h" 16 #include "net/spdy/spdy_test_util.h"
14 #include "testing/gtest/include/gtest/gtest.h" 17 #include "testing/gtest/include/gtest/gtest.h"
15 18
16 namespace net { 19 namespace net {
17 20
18 class SpdyHttpStreamTest : public testing::Test { 21 class SpdyHttpStreamTest : public testing::Test {
19 public: 22 public:
20 OrderedSocketData* data() { return data_.get(); } 23 OrderedSocketData* data() { return data_.get(); }
21 protected: 24 protected:
22 SpdyHttpStreamTest() {} 25 SpdyHttpStreamTest() {}
23 26
24 void EnableCompression(bool enabled) { 27 void EnableCompression(bool enabled) {
25 spdy::SpdyFramer::set_enable_compression_default(enabled); 28 spdy::SpdyFramer::set_enable_compression_default(enabled);
26 } 29 }
27 30
28 virtual void TearDown() { 31 virtual void TearDown() {
32 crypto::ECSignatureCreator::SetFactoryForTesting(NULL);
29 MessageLoop::current()->RunAllPending(); 33 MessageLoop::current()->RunAllPending();
30 } 34 }
31 int InitSession(MockRead* reads, size_t reads_count, 35 int InitSession(MockRead* reads, size_t reads_count,
32 MockWrite* writes, size_t writes_count, 36 MockWrite* writes, size_t writes_count,
33 HostPortPair& host_port_pair) { 37 HostPortPair& host_port_pair) {
34 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); 38 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct());
35 data_.reset(new OrderedSocketData(reads, reads_count, 39 data_.reset(new OrderedSocketData(reads, reads_count,
36 writes, writes_count)); 40 writes, writes_count));
37 session_deps_.socket_factory->AddSocketDataProvider(data_.get()); 41 session_deps_.socket_factory->AddSocketDataProvider(data_.get());
38 http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_); 42 http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_);
39 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); 43 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog());
40 transport_params_ = new TransportSocketParams(host_port_pair, 44 transport_params_ = new TransportSocketParams(host_port_pair,
41 MEDIUM, false, false); 45 MEDIUM, false, false);
42 TestCompletionCallback callback; 46 TestCompletionCallback callback;
43 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); 47 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
44 EXPECT_EQ(ERR_IO_PENDING, 48 EXPECT_EQ(ERR_IO_PENDING,
45 connection->Init(host_port_pair.ToString(), 49 connection->Init(host_port_pair.ToString(),
46 transport_params_, 50 transport_params_,
47 MEDIUM, 51 MEDIUM,
48 callback.callback(), 52 callback.callback(),
49 http_session_->GetTransportSocketPool(), 53 http_session_->GetTransportSocketPool(),
50 BoundNetLog())); 54 BoundNetLog()));
51 EXPECT_EQ(OK, callback.WaitForResult()); 55 EXPECT_EQ(OK, callback.WaitForResult());
52 return session_->InitializeWithSocket(connection.release(), false, OK); 56 return session_->InitializeWithSocket(connection.release(), false, OK);
53 } 57 }
58
59 void TestSendCredentials(
60 OriginBoundCertService* obc_service,
61 const std::string& cert,
62 const std::string& proof,
63 SSLClientCertType type);
64
54 SpdySessionDependencies session_deps_; 65 SpdySessionDependencies session_deps_;
55 scoped_ptr<OrderedSocketData> data_; 66 scoped_ptr<OrderedSocketData> data_;
56 scoped_refptr<HttpNetworkSession> http_session_; 67 scoped_refptr<HttpNetworkSession> http_session_;
57 scoped_refptr<SpdySession> session_; 68 scoped_refptr<SpdySession> session_;
58 scoped_refptr<TransportSocketParams> transport_params_; 69 scoped_refptr<TransportSocketParams> transport_params_;
59 }; 70 };
60 71
61 TEST_F(SpdyHttpStreamTest, SendRequest) { 72 TEST_F(SpdyHttpStreamTest, SendRequest) {
62 EnableCompression(false); 73 EnableCompression(false);
63 SpdySession::SetSSLMode(false); 74 SpdySession::SetSSLMode(false);
(...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after
221 // This triggers read 3. The empty read causes the session to shut down. 232 // This triggers read 3. The empty read causes the session to shut down.
222 data()->CompleteRead(); 233 data()->CompleteRead();
223 234
224 // Because we abandoned the stream, we don't expect to find a session in the 235 // Because we abandoned the stream, we don't expect to find a session in the
225 // pool anymore. 236 // pool anymore.
226 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); 237 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair));
227 EXPECT_TRUE(data()->at_read_eof()); 238 EXPECT_TRUE(data()->at_read_eof());
228 EXPECT_TRUE(data()->at_write_eof()); 239 EXPECT_TRUE(data()->at_write_eof());
229 } 240 }
230 241
231 void GetOriginBoundCertAndProof(const std::string& origin, 242 void GetRSAOriginBoundCertAndProof(const std::string& origin,
232 OriginBoundCertService* obc_service, 243 OriginBoundCertService* obc_service,
233 std::string* cert, 244 std::string* cert,
234 std::string* proof) { 245 std::string* proof) {
235 TestCompletionCallback callback; 246 TestCompletionCallback callback;
236 std::vector<uint8> requested_cert_types; 247 std::vector<uint8> requested_cert_types;
237 requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN); 248 requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN);
238 SSLClientCertType cert_type; 249 SSLClientCertType cert_type;
239 std::string key; 250 std::string key;
240 OriginBoundCertService::RequestHandle request_handle; 251 OriginBoundCertService::RequestHandle request_handle;
241 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, 252 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types,
(...skipping 16 matching lines...) Expand all
258 std::vector<uint8> proof_data; 269 std::vector<uint8> proof_data;
259 scoped_ptr<crypto::RSAPrivateKey> private_key( 270 scoped_ptr<crypto::RSAPrivateKey> private_key(
260 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_data)); 271 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_data));
261 scoped_ptr<crypto::SignatureCreator> creator( 272 scoped_ptr<crypto::SignatureCreator> creator(
262 crypto::SignatureCreator::Create(private_key.get())); 273 crypto::SignatureCreator::Create(private_key.get()));
263 creator->Update(secret, arraysize(secret)); 274 creator->Update(secret, arraysize(secret));
264 creator->Final(&proof_data); 275 creator->Final(&proof_data);
265 proof->assign(proof_data.begin(), proof_data.end()); 276 proof->assign(proof_data.begin(), proof_data.end());
266 } 277 }
267 278
279 void GetECOriginBoundCertAndProof(const std::string& origin,
280 OriginBoundCertService* obc_service,
281 std::string* cert,
282 std::string* proof) {
283 TestCompletionCallback callback;
284 std::vector<uint8> requested_cert_types;
285 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
286 SSLClientCertType cert_type;
287 std::string key;
288 OriginBoundCertService::RequestHandle request_handle;
289 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types,
290 &cert_type, &key, cert,
291 callback.callback(),
292 &request_handle);
293 EXPECT_EQ(ERR_IO_PENDING, rv);
294 EXPECT_EQ(OK, callback.WaitForResult());
295 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
296
297 unsigned char secret[32];
298 memset(secret, 'A', arraysize(secret));
299
300 // Convert the key string into a vector<unit8>
301 std::vector<uint8> key_data(key.begin(), key.end());
302
303 base::StringPiece spki_piece;
304 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece));
305 std::vector<uint8> spki(spki_piece.data(),
306 spki_piece.data() + spki_piece.size());
307
308 std::vector<uint8> proof_data;
309 scoped_ptr<crypto::ECPrivateKey> private_key(
310 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
311 OriginBoundCertService::kEPKIPassword, key_data, spki));
312 scoped_ptr<crypto::ECSignatureCreator> creator(
313 crypto::ECSignatureCreator::Create(private_key.get()));
314 creator->Sign(secret, arraysize(secret), &proof_data);
315 proof->assign(proof_data.begin(), proof_data.end());
316 }
317
268 // TODO(rch): When openssl supports origin bound certifictes, this 318 // TODO(rch): When openssl supports origin bound certifictes, this
269 // guard can be removed 319 // guard can be removed
270 #if !defined(USE_OPENSSL) 320 #if !defined(USE_OPENSSL)
271 // Test that if we request a resource for a new origin on a session that 321 // Test that if we request a resource for a new origin on a session that
272 // used origin bound certificates, that we send a CREDENTIAL frame for 322 // used origin bound certificates, that we send a CREDENTIAL frame for
273 // the new origin before we send the new request. 323 // the new origin before we send the new request.
274 TEST_F(SpdyHttpStreamTest, SendCredentials) { 324 void SpdyHttpStreamTest::TestSendCredentials(
325 OriginBoundCertService* obc_service,
326 const std::string& cert,
327 const std::string& proof,
328 SSLClientCertType type) {
275 EnableCompression(false); 329 EnableCompression(false);
276 330
277 scoped_ptr<OriginBoundCertService> obc_service(
278 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
279 std::string cert;
280 std::string proof;
281 GetOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(),
282 &cert, &proof);
283
284 spdy::SpdyCredential cred; 331 spdy::SpdyCredential cred;
285 cred.slot = 1; 332 cred.slot = 1;
286 cred.origin = "http://www.gmail.com"; 333 cred.origin = "http://www.gmail.com";
287 cred.proof = proof; 334 cred.proof = proof;
288 cred.certs.push_back(cert); 335 cred.certs.push_back(cert);
289 336
290 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST)); 337 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST));
291 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred)); 338 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred));
292 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com", 339 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com",
293 false, 3, LOWEST)); 340 false, 3, LOWEST));
(...skipping 14 matching lines...) Expand all
308 HostPortPair host_port_pair("www.google.com", 80); 355 HostPortPair host_port_pair("www.google.com", 80);
309 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); 356 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct());
310 357
311 DeterministicMockClientSocketFactory* socket_factory = 358 DeterministicMockClientSocketFactory* socket_factory =
312 session_deps_.deterministic_socket_factory.get(); 359 session_deps_.deterministic_socket_factory.get();
313 scoped_refptr<DeterministicSocketData> data( 360 scoped_refptr<DeterministicSocketData> data(
314 new DeterministicSocketData(reads, arraysize(reads), 361 new DeterministicSocketData(reads, arraysize(reads),
315 writes, arraysize(writes))); 362 writes, arraysize(writes)));
316 socket_factory->AddSocketDataProvider(data.get()); 363 socket_factory->AddSocketDataProvider(data.get());
317 SSLSocketDataProvider ssl(SYNCHRONOUS, OK); 364 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
318 ssl.origin_bound_cert_type = CLIENT_CERT_RSA_SIGN; 365 ssl.origin_bound_cert_type = type;
319 ssl.origin_bound_cert_service = obc_service.get(); 366 ssl.origin_bound_cert_service = obc_service;
320 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; 367 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
321 socket_factory->AddSSLSocketDataProvider(&ssl); 368 socket_factory->AddSSLSocketDataProvider(&ssl);
322 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( 369 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic(
323 &session_deps_); 370 &session_deps_);
324 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); 371 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog());
325 transport_params_ = new TransportSocketParams(host_port_pair, 372 transport_params_ = new TransportSocketParams(host_port_pair,
326 MEDIUM, false, false); 373 MEDIUM, false, false);
327 TestCompletionCallback callback; 374 TestCompletionCallback callback;
328 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); 375 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
329 SSLConfig ssl_config; 376 SSLConfig ssl_config;
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
386 callback.WaitForResult(); 433 callback.WaitForResult();
387 434
388 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders( 435 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders(
389 callback.callback())); 436 callback.callback()));
390 data->RunFor(1); 437 data->RunFor(1);
391 EXPECT_EQ(OK, callback.WaitForResult()); 438 EXPECT_EQ(OK, callback.WaitForResult());
392 ASSERT_TRUE(response.headers.get() != NULL); 439 ASSERT_TRUE(response.headers.get() != NULL);
393 ASSERT_EQ(200, response.headers->response_code()); 440 ASSERT_EQ(200, response.headers->response_code());
394 } 441 }
395 442
443 TEST_F(SpdyHttpStreamTest, SendCredentialsRSA) {
444 scoped_ptr<OriginBoundCertService> obc_service(
445 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
446 std::string cert;
447 std::string proof;
448 GetRSAOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(),
449 &cert, &proof);
450
451 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_RSA_SIGN);
452 }
453
454 class MockECSignatureCreator : public crypto::ECSignatureCreator {
455 public:
456 explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {}
457
458 virtual bool Sign(const uint8* data,
459 int data_len,
460 std::vector<uint8>* signature) OVERRIDE {
461 std::vector<uint8> private_key_value;
462 key_->ExportValue(&private_key_value);
463 std::string head = "fakesignature";
464 std::string tail = "/fakesignature";
465
466 signature->clear();
467 signature->insert(signature->end(), head.begin(), head.end());
468 signature->insert(signature->end(), private_key_value.begin(),
469 private_key_value.end());
470 signature->insert(signature->end(), '-');
471 signature->insert(signature->end(), data, data + data_len);
472 signature->insert(signature->end(), tail.begin(), tail.end());
473 return true;
474 }
475
476 private:
477 crypto::ECPrivateKey* key_;
478 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator);
479 };
480
481 class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory {
482 public:
483 MockECSignatureCreatorFactory() {}
484 virtual ~MockECSignatureCreatorFactory() {}
485
486 virtual crypto::ECSignatureCreator* Create(
487 crypto::ECPrivateKey* key) OVERRIDE {
488 return new MockECSignatureCreator(key);
489 }
490 private:
491 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory);
492 };
493
494 TEST_F(SpdyHttpStreamTest, SendCredentialsEC) {
495 scoped_ptr<crypto::ECSignatureCreatorFactory> ec_signature_creator_factory(
496 new MockECSignatureCreatorFactory());
497 crypto::ECSignatureCreator::SetFactoryForTesting(
498 ec_signature_creator_factory.get());
499
500 scoped_ptr<OriginBoundCertService> obc_service(
501 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
502 std::string cert;
503 std::string proof;
504 GetECOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(),
505 &cert, &proof);
506
507 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_ECDSA_SIGN);
508 }
509
396 #endif // !defined(USE_OPENSSL) 510 #endif // !defined(USE_OPENSSL)
397 511
398 // TODO(willchan): Write a longer test for SpdyStream that exercises all 512 // TODO(willchan): Write a longer test for SpdyStream that exercises all
399 // methods. 513 // methods.
400 514
401 } // namespace net 515 } // namespace net
OLDNEW
« no previous file with comments | « crypto/ec_signature_creator_unittest.cc ('k') | net/spdy/spdy_session.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698