OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_http_stream.h" | 5 #include "net/spdy/spdy_http_stream.h" |
6 | 6 |
| 7 #include "crypto/ec_private_key.h" |
| 8 #include "crypto/ec_signature_creator.h" |
7 #include "crypto/rsa_private_key.h" | 9 #include "crypto/rsa_private_key.h" |
8 #include "crypto/signature_creator.h" | 10 #include "crypto/signature_creator.h" |
| 11 #include "net/base/asn1_util.h" |
9 #include "net/base/default_origin_bound_cert_store.h" | 12 #include "net/base/default_origin_bound_cert_store.h" |
10 #include "net/http/http_response_headers.h" | 13 #include "net/http/http_response_headers.h" |
11 #include "net/http/http_response_info.h" | 14 #include "net/http/http_response_info.h" |
12 #include "net/spdy/spdy_session.h" | 15 #include "net/spdy/spdy_session.h" |
13 #include "net/spdy/spdy_test_util.h" | 16 #include "net/spdy/spdy_test_util.h" |
14 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
15 | 18 |
16 namespace net { | 19 namespace net { |
17 | 20 |
18 class SpdyHttpStreamTest : public testing::Test { | 21 class SpdyHttpStreamTest : public testing::Test { |
19 public: | 22 public: |
20 OrderedSocketData* data() { return data_.get(); } | 23 OrderedSocketData* data() { return data_.get(); } |
21 protected: | 24 protected: |
22 SpdyHttpStreamTest() {} | 25 SpdyHttpStreamTest() {} |
23 | 26 |
24 void EnableCompression(bool enabled) { | 27 void EnableCompression(bool enabled) { |
25 spdy::SpdyFramer::set_enable_compression_default(enabled); | 28 spdy::SpdyFramer::set_enable_compression_default(enabled); |
26 } | 29 } |
27 | 30 |
28 virtual void TearDown() { | 31 virtual void TearDown() { |
| 32 crypto::ECSignatureCreator::SetFactoryForTesting(NULL); |
29 MessageLoop::current()->RunAllPending(); | 33 MessageLoop::current()->RunAllPending(); |
30 } | 34 } |
31 int InitSession(MockRead* reads, size_t reads_count, | 35 int InitSession(MockRead* reads, size_t reads_count, |
32 MockWrite* writes, size_t writes_count, | 36 MockWrite* writes, size_t writes_count, |
33 HostPortPair& host_port_pair) { | 37 HostPortPair& host_port_pair) { |
34 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); | 38 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); |
35 data_.reset(new OrderedSocketData(reads, reads_count, | 39 data_.reset(new OrderedSocketData(reads, reads_count, |
36 writes, writes_count)); | 40 writes, writes_count)); |
37 session_deps_.socket_factory->AddSocketDataProvider(data_.get()); | 41 session_deps_.socket_factory->AddSocketDataProvider(data_.get()); |
38 http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_); | 42 http_session_ = SpdySessionDependencies::SpdyCreateSession(&session_deps_); |
39 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); | 43 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); |
40 transport_params_ = new TransportSocketParams(host_port_pair, | 44 transport_params_ = new TransportSocketParams(host_port_pair, |
41 MEDIUM, false, false); | 45 MEDIUM, false, false); |
42 TestCompletionCallback callback; | 46 TestCompletionCallback callback; |
43 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 47 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
44 EXPECT_EQ(ERR_IO_PENDING, | 48 EXPECT_EQ(ERR_IO_PENDING, |
45 connection->Init(host_port_pair.ToString(), | 49 connection->Init(host_port_pair.ToString(), |
46 transport_params_, | 50 transport_params_, |
47 MEDIUM, | 51 MEDIUM, |
48 callback.callback(), | 52 callback.callback(), |
49 http_session_->GetTransportSocketPool(), | 53 http_session_->GetTransportSocketPool(), |
50 BoundNetLog())); | 54 BoundNetLog())); |
51 EXPECT_EQ(OK, callback.WaitForResult()); | 55 EXPECT_EQ(OK, callback.WaitForResult()); |
52 return session_->InitializeWithSocket(connection.release(), false, OK); | 56 return session_->InitializeWithSocket(connection.release(), false, OK); |
53 } | 57 } |
| 58 |
| 59 void TestSendCredentials( |
| 60 OriginBoundCertService* obc_service, |
| 61 const std::string& cert, |
| 62 const std::string& proof, |
| 63 SSLClientCertType type); |
| 64 |
54 SpdySessionDependencies session_deps_; | 65 SpdySessionDependencies session_deps_; |
55 scoped_ptr<OrderedSocketData> data_; | 66 scoped_ptr<OrderedSocketData> data_; |
56 scoped_refptr<HttpNetworkSession> http_session_; | 67 scoped_refptr<HttpNetworkSession> http_session_; |
57 scoped_refptr<SpdySession> session_; | 68 scoped_refptr<SpdySession> session_; |
58 scoped_refptr<TransportSocketParams> transport_params_; | 69 scoped_refptr<TransportSocketParams> transport_params_; |
59 }; | 70 }; |
60 | 71 |
61 TEST_F(SpdyHttpStreamTest, SendRequest) { | 72 TEST_F(SpdyHttpStreamTest, SendRequest) { |
62 EnableCompression(false); | 73 EnableCompression(false); |
63 SpdySession::SetSSLMode(false); | 74 SpdySession::SetSSLMode(false); |
(...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
221 // This triggers read 3. The empty read causes the session to shut down. | 232 // This triggers read 3. The empty read causes the session to shut down. |
222 data()->CompleteRead(); | 233 data()->CompleteRead(); |
223 | 234 |
224 // Because we abandoned the stream, we don't expect to find a session in the | 235 // Because we abandoned the stream, we don't expect to find a session in the |
225 // pool anymore. | 236 // pool anymore. |
226 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); | 237 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); |
227 EXPECT_TRUE(data()->at_read_eof()); | 238 EXPECT_TRUE(data()->at_read_eof()); |
228 EXPECT_TRUE(data()->at_write_eof()); | 239 EXPECT_TRUE(data()->at_write_eof()); |
229 } | 240 } |
230 | 241 |
231 void GetOriginBoundCertAndProof(const std::string& origin, | 242 void GetRSAOriginBoundCertAndProof(const std::string& origin, |
232 OriginBoundCertService* obc_service, | 243 OriginBoundCertService* obc_service, |
233 std::string* cert, | 244 std::string* cert, |
234 std::string* proof) { | 245 std::string* proof) { |
235 TestCompletionCallback callback; | 246 TestCompletionCallback callback; |
236 std::vector<uint8> requested_cert_types; | 247 std::vector<uint8> requested_cert_types; |
237 requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN); | 248 requested_cert_types.push_back(CLIENT_CERT_RSA_SIGN); |
238 SSLClientCertType cert_type; | 249 SSLClientCertType cert_type; |
239 std::string key; | 250 std::string key; |
240 OriginBoundCertService::RequestHandle request_handle; | 251 OriginBoundCertService::RequestHandle request_handle; |
241 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, | 252 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, |
(...skipping 16 matching lines...) Expand all Loading... |
258 std::vector<uint8> proof_data; | 269 std::vector<uint8> proof_data; |
259 scoped_ptr<crypto::RSAPrivateKey> private_key( | 270 scoped_ptr<crypto::RSAPrivateKey> private_key( |
260 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_data)); | 271 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_data)); |
261 scoped_ptr<crypto::SignatureCreator> creator( | 272 scoped_ptr<crypto::SignatureCreator> creator( |
262 crypto::SignatureCreator::Create(private_key.get())); | 273 crypto::SignatureCreator::Create(private_key.get())); |
263 creator->Update(secret, arraysize(secret)); | 274 creator->Update(secret, arraysize(secret)); |
264 creator->Final(&proof_data); | 275 creator->Final(&proof_data); |
265 proof->assign(proof_data.begin(), proof_data.end()); | 276 proof->assign(proof_data.begin(), proof_data.end()); |
266 } | 277 } |
267 | 278 |
| 279 void GetECOriginBoundCertAndProof(const std::string& origin, |
| 280 OriginBoundCertService* obc_service, |
| 281 std::string* cert, |
| 282 std::string* proof) { |
| 283 TestCompletionCallback callback; |
| 284 std::vector<uint8> requested_cert_types; |
| 285 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 286 SSLClientCertType cert_type; |
| 287 std::string key; |
| 288 OriginBoundCertService::RequestHandle request_handle; |
| 289 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, |
| 290 &cert_type, &key, cert, |
| 291 callback.callback(), |
| 292 &request_handle); |
| 293 EXPECT_EQ(ERR_IO_PENDING, rv); |
| 294 EXPECT_EQ(OK, callback.WaitForResult()); |
| 295 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type); |
| 296 |
| 297 unsigned char secret[32]; |
| 298 memset(secret, 'A', arraysize(secret)); |
| 299 |
| 300 // Convert the key string into a vector<unit8> |
| 301 std::vector<uint8> key_data(key.begin(), key.end()); |
| 302 |
| 303 base::StringPiece spki_piece; |
| 304 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece)); |
| 305 std::vector<uint8> spki(spki_piece.data(), |
| 306 spki_piece.data() + spki_piece.size()); |
| 307 |
| 308 std::vector<uint8> proof_data; |
| 309 scoped_ptr<crypto::ECPrivateKey> private_key( |
| 310 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 311 OriginBoundCertService::kEPKIPassword, key_data, spki)); |
| 312 scoped_ptr<crypto::ECSignatureCreator> creator( |
| 313 crypto::ECSignatureCreator::Create(private_key.get())); |
| 314 creator->Sign(secret, arraysize(secret), &proof_data); |
| 315 proof->assign(proof_data.begin(), proof_data.end()); |
| 316 } |
| 317 |
268 // TODO(rch): When openssl supports origin bound certifictes, this | 318 // TODO(rch): When openssl supports origin bound certifictes, this |
269 // guard can be removed | 319 // guard can be removed |
270 #if !defined(USE_OPENSSL) | 320 #if !defined(USE_OPENSSL) |
271 // Test that if we request a resource for a new origin on a session that | 321 // Test that if we request a resource for a new origin on a session that |
272 // used origin bound certificates, that we send a CREDENTIAL frame for | 322 // used origin bound certificates, that we send a CREDENTIAL frame for |
273 // the new origin before we send the new request. | 323 // the new origin before we send the new request. |
274 TEST_F(SpdyHttpStreamTest, SendCredentials) { | 324 void SpdyHttpStreamTest::TestSendCredentials( |
| 325 OriginBoundCertService* obc_service, |
| 326 const std::string& cert, |
| 327 const std::string& proof, |
| 328 SSLClientCertType type) { |
275 EnableCompression(false); | 329 EnableCompression(false); |
276 | 330 |
277 scoped_ptr<OriginBoundCertService> obc_service( | |
278 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); | |
279 std::string cert; | |
280 std::string proof; | |
281 GetOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), | |
282 &cert, &proof); | |
283 | |
284 spdy::SpdyCredential cred; | 331 spdy::SpdyCredential cred; |
285 cred.slot = 1; | 332 cred.slot = 1; |
286 cred.origin = "http://www.gmail.com"; | 333 cred.origin = "http://www.gmail.com"; |
287 cred.proof = proof; | 334 cred.proof = proof; |
288 cred.certs.push_back(cert); | 335 cred.certs.push_back(cert); |
289 | 336 |
290 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST)); | 337 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST)); |
291 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred)); | 338 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred)); |
292 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com", | 339 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com", |
293 false, 3, LOWEST)); | 340 false, 3, LOWEST)); |
(...skipping 14 matching lines...) Expand all Loading... |
308 HostPortPair host_port_pair("www.google.com", 80); | 355 HostPortPair host_port_pair("www.google.com", 80); |
309 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); | 356 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); |
310 | 357 |
311 DeterministicMockClientSocketFactory* socket_factory = | 358 DeterministicMockClientSocketFactory* socket_factory = |
312 session_deps_.deterministic_socket_factory.get(); | 359 session_deps_.deterministic_socket_factory.get(); |
313 scoped_refptr<DeterministicSocketData> data( | 360 scoped_refptr<DeterministicSocketData> data( |
314 new DeterministicSocketData(reads, arraysize(reads), | 361 new DeterministicSocketData(reads, arraysize(reads), |
315 writes, arraysize(writes))); | 362 writes, arraysize(writes))); |
316 socket_factory->AddSocketDataProvider(data.get()); | 363 socket_factory->AddSocketDataProvider(data.get()); |
317 SSLSocketDataProvider ssl(SYNCHRONOUS, OK); | 364 SSLSocketDataProvider ssl(SYNCHRONOUS, OK); |
318 ssl.origin_bound_cert_type = CLIENT_CERT_RSA_SIGN; | 365 ssl.origin_bound_cert_type = type; |
319 ssl.origin_bound_cert_service = obc_service.get(); | 366 ssl.origin_bound_cert_service = obc_service; |
320 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; | 367 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; |
321 socket_factory->AddSSLSocketDataProvider(&ssl); | 368 socket_factory->AddSSLSocketDataProvider(&ssl); |
322 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( | 369 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( |
323 &session_deps_); | 370 &session_deps_); |
324 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); | 371 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); |
325 transport_params_ = new TransportSocketParams(host_port_pair, | 372 transport_params_ = new TransportSocketParams(host_port_pair, |
326 MEDIUM, false, false); | 373 MEDIUM, false, false); |
327 TestCompletionCallback callback; | 374 TestCompletionCallback callback; |
328 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 375 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
329 SSLConfig ssl_config; | 376 SSLConfig ssl_config; |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
386 callback.WaitForResult(); | 433 callback.WaitForResult(); |
387 | 434 |
388 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders( | 435 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders( |
389 callback.callback())); | 436 callback.callback())); |
390 data->RunFor(1); | 437 data->RunFor(1); |
391 EXPECT_EQ(OK, callback.WaitForResult()); | 438 EXPECT_EQ(OK, callback.WaitForResult()); |
392 ASSERT_TRUE(response.headers.get() != NULL); | 439 ASSERT_TRUE(response.headers.get() != NULL); |
393 ASSERT_EQ(200, response.headers->response_code()); | 440 ASSERT_EQ(200, response.headers->response_code()); |
394 } | 441 } |
395 | 442 |
| 443 TEST_F(SpdyHttpStreamTest, SendCredentialsRSA) { |
| 444 scoped_ptr<OriginBoundCertService> obc_service( |
| 445 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); |
| 446 std::string cert; |
| 447 std::string proof; |
| 448 GetRSAOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), |
| 449 &cert, &proof); |
| 450 |
| 451 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_RSA_SIGN); |
| 452 } |
| 453 |
| 454 class MockECSignatureCreator : public crypto::ECSignatureCreator { |
| 455 public: |
| 456 explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {} |
| 457 |
| 458 virtual bool Sign(const uint8* data, |
| 459 int data_len, |
| 460 std::vector<uint8>* signature) OVERRIDE { |
| 461 std::vector<uint8> private_key_value; |
| 462 key_->ExportValue(&private_key_value); |
| 463 std::string head = "fakesignature"; |
| 464 std::string tail = "/fakesignature"; |
| 465 |
| 466 signature->clear(); |
| 467 signature->insert(signature->end(), head.begin(), head.end()); |
| 468 signature->insert(signature->end(), private_key_value.begin(), |
| 469 private_key_value.end()); |
| 470 signature->insert(signature->end(), '-'); |
| 471 signature->insert(signature->end(), data, data + data_len); |
| 472 signature->insert(signature->end(), tail.begin(), tail.end()); |
| 473 return true; |
| 474 } |
| 475 |
| 476 private: |
| 477 crypto::ECPrivateKey* key_; |
| 478 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator); |
| 479 }; |
| 480 |
| 481 class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory { |
| 482 public: |
| 483 MockECSignatureCreatorFactory() {} |
| 484 virtual ~MockECSignatureCreatorFactory() {} |
| 485 |
| 486 virtual crypto::ECSignatureCreator* Create( |
| 487 crypto::ECPrivateKey* key) OVERRIDE { |
| 488 return new MockECSignatureCreator(key); |
| 489 } |
| 490 private: |
| 491 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory); |
| 492 }; |
| 493 |
| 494 TEST_F(SpdyHttpStreamTest, SendCredentialsEC) { |
| 495 scoped_ptr<crypto::ECSignatureCreatorFactory> ec_signature_creator_factory( |
| 496 new MockECSignatureCreatorFactory()); |
| 497 crypto::ECSignatureCreator::SetFactoryForTesting( |
| 498 ec_signature_creator_factory.get()); |
| 499 |
| 500 scoped_ptr<OriginBoundCertService> obc_service( |
| 501 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); |
| 502 std::string cert; |
| 503 std::string proof; |
| 504 GetECOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), |
| 505 &cert, &proof); |
| 506 |
| 507 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_ECDSA_SIGN); |
| 508 } |
| 509 |
396 #endif // !defined(USE_OPENSSL) | 510 #endif // !defined(USE_OPENSSL) |
397 | 511 |
398 // TODO(willchan): Write a longer test for SpdyStream that exercises all | 512 // TODO(willchan): Write a longer test for SpdyStream that exercises all |
399 // methods. | 513 // methods. |
400 | 514 |
401 } // namespace net | 515 } // namespace net |
OLD | NEW |