Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(377)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_http_stream_spdy2_unittest.cc

Issue 9617039: Change Origin bound certs -> Domain bound certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address review comments, remove dead code from spdy_http_stream_spdy2_unittest.cc Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_util_nss_unittest.cc ('K') | « net/socket_stream/socket_stream.cc ('k') | net/spdy/spdy_http_stream_spdy3_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_http_stream.h" 5 #include "net/spdy/spdy_http_stream.h"
6 6
7 #include "crypto/ec_private_key.h" 7 #include "crypto/ec_private_key.h"
8 #include "crypto/ec_signature_creator.h" 8 #include "crypto/ec_signature_creator.h"
9 #include "crypto/signature_creator.h" 9 #include "crypto/signature_creator.h"
10 #include "net/base/asn1_util.h" 10 #include "net/base/asn1_util.h"
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
55 connection->Init(host_port_pair.ToString(), 55 connection->Init(host_port_pair.ToString(),
56 transport_params_, 56 transport_params_,
57 MEDIUM, 57 MEDIUM,
58 callback.callback(), 58 callback.callback(),
59 http_session_->GetTransportSocketPool(), 59 http_session_->GetTransportSocketPool(),
60 BoundNetLog())); 60 BoundNetLog()));
61 EXPECT_EQ(OK, callback.WaitForResult()); 61 EXPECT_EQ(OK, callback.WaitForResult());
62 return session_->InitializeWithSocket(connection.release(), false, OK); 62 return session_->InitializeWithSocket(connection.release(), false, OK);
63 } 63 }
64 64
65 void TestSendCredentials(
66 OriginBoundCertService* obc_service,
67 const std::string& cert,
68 const std::string& proof,
69 SSLClientCertType type);
70
71 SpdySessionDependencies session_deps_; 65 SpdySessionDependencies session_deps_;
72 scoped_ptr<OrderedSocketData> data_; 66 scoped_ptr<OrderedSocketData> data_;
73 scoped_refptr<HttpNetworkSession> http_session_; 67 scoped_refptr<HttpNetworkSession> http_session_;
74 scoped_refptr<SpdySession> session_; 68 scoped_refptr<SpdySession> session_;
75 scoped_refptr<TransportSocketParams> transport_params_; 69 scoped_refptr<TransportSocketParams> transport_params_;
76 }; 70 };
77 71
78 TEST_F(SpdyHttpStreamSpdy2Test, SendRequest) { 72 TEST_F(SpdyHttpStreamSpdy2Test, SendRequest) {
79 EnableCompression(false); 73 EnableCompression(false);
80 74
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
235 // This triggers read 3. The empty read causes the session to shut down. 229 // This triggers read 3. The empty read causes the session to shut down.
236 data()->CompleteRead(); 230 data()->CompleteRead();
237 231
238 // Because we abandoned the stream, we don't expect to find a session in the 232 // Because we abandoned the stream, we don't expect to find a session in the
239 // pool anymore. 233 // pool anymore.
240 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); 234 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair));
241 EXPECT_TRUE(data()->at_read_eof()); 235 EXPECT_TRUE(data()->at_read_eof());
242 EXPECT_TRUE(data()->at_write_eof()); 236 EXPECT_TRUE(data()->at_write_eof());
243 } 237 }
244 238
245 namespace {
246
247 void GetECOriginBoundCertAndProof(const std::string& origin,
248 OriginBoundCertService* obc_service,
249 std::string* cert,
250 std::string* proof) {
251 TestCompletionCallback callback;
252 std::vector<uint8> requested_cert_types;
253 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
254 SSLClientCertType cert_type;
255 std::string key;
256 OriginBoundCertService::RequestHandle request_handle;
257 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types,
258 &cert_type, &key, cert,
259 callback.callback(),
260 &request_handle);
261 EXPECT_EQ(ERR_IO_PENDING, rv);
262 EXPECT_EQ(OK, callback.WaitForResult());
263 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
264
265 unsigned char secret[32];
266 memset(secret, 'A', arraysize(secret));
267
268 // Convert the key string into a vector<unit8>
269 std::vector<uint8> key_data(key.begin(), key.end());
270
271 base::StringPiece spki_piece;
272 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece));
273 std::vector<uint8> spki(spki_piece.data(),
274 spki_piece.data() + spki_piece.size());
275
276 std::vector<uint8> proof_data;
277 scoped_ptr<crypto::ECPrivateKey> private_key(
278 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
279 OriginBoundCertService::kEPKIPassword, key_data, spki));
280 scoped_ptr<crypto::ECSignatureCreator> creator(
281 crypto::ECSignatureCreator::Create(private_key.get()));
282 creator->Sign(secret, arraysize(secret), &proof_data);
283 proof->assign(proof_data.begin(), proof_data.end());
284 }
285
286 } // namespace
287
288 // TODO(rch): When openssl supports origin bound certifictes, this
289 // guard can be removed
290 #if !defined(USE_OPENSSL)
291 // Test that if we request a resource for a new origin on a session that
292 // used origin bound certificates, that we send a CREDENTIAL frame for
293 // the new origin before we send the new request.
294 void SpdyHttpStreamSpdy2Test::TestSendCredentials(
295 OriginBoundCertService* obc_service,
296 const std::string& cert,
297 const std::string& proof,
298 SSLClientCertType type) {
299 EnableCompression(false);
300
301 spdy::SpdyCredential cred;
302 cred.slot = 1;
303 cred.proof = proof;
304 cred.certs.push_back(cert);
305
306 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST));
307 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred));
308 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com",
309 false, 3, LOWEST));
310 MockWrite writes[] = {
311 CreateMockWrite(*req.get(), 0),
312 CreateMockWrite(*credential.get(), 2),
313 CreateMockWrite(*req2.get(), 3),
314 };
315
316 scoped_ptr<spdy::SpdyFrame> resp(ConstructSpdyGetSynReply(NULL, 0, 1));
317 scoped_ptr<spdy::SpdyFrame> resp2(ConstructSpdyGetSynReply(NULL, 0, 3));
318 MockRead reads[] = {
319 CreateMockRead(*resp, 1),
320 CreateMockRead(*resp2, 4),
321 MockRead(SYNCHRONOUS, 0, 5) // EOF
322 };
323
324 HostPortPair host_port_pair("www.google.com", 80);
325 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct());
326
327 DeterministicMockClientSocketFactory* socket_factory =
328 session_deps_.deterministic_socket_factory.get();
329 scoped_refptr<DeterministicSocketData> data(
330 new DeterministicSocketData(reads, arraysize(reads),
331 writes, arraysize(writes)));
332 socket_factory->AddSocketDataProvider(data.get());
333 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
334 ssl.origin_bound_cert_type = type;
335 ssl.origin_bound_cert_service = obc_service;
336 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
337 socket_factory->AddSSLSocketDataProvider(&ssl);
338 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic(
339 &session_deps_);
340 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog());
341 transport_params_ = new TransportSocketParams(host_port_pair,
342 MEDIUM, false, false);
343 TestCompletionCallback callback;
344 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
345 SSLConfig ssl_config;
346 scoped_refptr<SOCKSSocketParams> socks_params;
347 scoped_refptr<HttpProxySocketParams> http_proxy_params;
348 scoped_refptr<SSLSocketParams> ssl_params(
349 new SSLSocketParams(transport_params_,
350 socks_params,
351 http_proxy_params,
352 ProxyServer::SCHEME_DIRECT,
353 host_port_pair,
354 ssl_config,
355 0,
356 false,
357 false));
358 EXPECT_EQ(ERR_IO_PENDING,
359 connection->Init(host_port_pair.ToString(),
360 ssl_params,
361 MEDIUM,
362 callback.callback(),
363 http_session_->GetSSLSocketPool(),
364 BoundNetLog()));
365 callback.WaitForResult();
366 EXPECT_EQ(OK,
367 session_->InitializeWithSocket(connection.release(), true, OK));
368
369 HttpRequestInfo request;
370 request.method = "GET";
371 request.url = GURL("http://www.google.com/");
372 HttpResponseInfo response;
373 HttpRequestHeaders headers;
374 BoundNetLog net_log;
375 scoped_ptr<SpdyHttpStream> http_stream(
376 new SpdyHttpStream(session_.get(), true));
377 ASSERT_EQ(
378 OK,
379 http_stream->InitializeStream(&request, net_log, CompletionCallback()));
380
381 EXPECT_FALSE(session_->NeedsCredentials(host_port_pair));
382 HostPortPair new_host_port_pair("www.gmail.com", 80);
383 EXPECT_TRUE(session_->NeedsCredentials(new_host_port_pair));
384
385 EXPECT_EQ(ERR_IO_PENDING, http_stream->SendRequest(headers, NULL, &response,
386 callback.callback()));
387 EXPECT_TRUE(http_session_->spdy_session_pool()->HasSession(pair));
388
389 data->RunFor(2);
390 callback.WaitForResult();
391
392 // Start up second request for resource on a new origin.
393 scoped_ptr<SpdyHttpStream> http_stream2(
394 new SpdyHttpStream(session_.get(), true));
395 request.url = GURL("http://www.gmail.com/");
396 ASSERT_EQ(
397 OK,
398 http_stream2->InitializeStream(&request, net_log, CompletionCallback()));
399 EXPECT_EQ(ERR_IO_PENDING, http_stream2->SendRequest(headers, NULL, &response,
400 callback.callback()));
401 data->RunFor(2);
402 callback.WaitForResult();
403
404 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders(
405 callback.callback()));
406 data->RunFor(1);
407 EXPECT_EQ(OK, callback.WaitForResult());
408 ASSERT_TRUE(response.headers.get() != NULL);
409 ASSERT_EQ(200, response.headers->response_code());
410 }
411
412 class MockECSignatureCreator : public crypto::ECSignatureCreator {
413 public:
414 explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {}
415
416 virtual bool Sign(const uint8* data,
417 int data_len,
418 std::vector<uint8>* signature) OVERRIDE {
419 std::vector<uint8> private_key_value;
420 key_->ExportValue(&private_key_value);
421 std::string head = "fakesignature";
422 std::string tail = "/fakesignature";
423
424 signature->clear();
425 signature->insert(signature->end(), head.begin(), head.end());
426 signature->insert(signature->end(), private_key_value.begin(),
427 private_key_value.end());
428 signature->insert(signature->end(), '-');
429 signature->insert(signature->end(), data, data + data_len);
430 signature->insert(signature->end(), tail.begin(), tail.end());
431 return true;
432 }
433
434 private:
435 crypto::ECPrivateKey* key_;
436 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator);
437 };
438
439 class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory {
440 public:
441 MockECSignatureCreatorFactory() {}
442 virtual ~MockECSignatureCreatorFactory() {}
443
444 virtual crypto::ECSignatureCreator* Create(
445 crypto::ECPrivateKey* key) OVERRIDE {
446 return new MockECSignatureCreator(key);
447 }
448 private:
449 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory);
450 };
451
452 #endif // !defined(USE_OPENSSL)
453
454 // TODO(willchan): Write a longer test for SpdyStream that exercises all 239 // TODO(willchan): Write a longer test for SpdyStream that exercises all
455 // methods. 240 // methods.
456 241
457 } // namespace net 242 } // namespace net
OLDNEW
« net/base/x509_util_nss_unittest.cc ('K') | « net/socket_stream/socket_stream.cc ('k') | net/spdy/spdy_http_stream_spdy3_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698