Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(471)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/tools/testserver/testserver.py

Issue 109563002: net: add test for TLS_FALLBACK_SCSV (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Typo fix. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/test/spawned_test_server/base_test_server.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/env python 1 #!/usr/bin/env python
2 # Copyright 2013 The Chromium Authors. All rights reserved. 2 # Copyright 2013 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for
7 testing Chrome. 7 testing Chrome.
8 8
9 It supports several test URLs, as specified by the handlers in TestPageHandler. 9 It supports several test URLs, as specified by the handlers in TestPageHandler.
10 By default, it listens on an ephemeral port and sends the port number back to 10 By default, it listens on an ephemeral port and sends the port number back to
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after
128 128
129 class HTTPSServer(tlslite.api.TLSSocketServerMixIn, 129 class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
130 testserver_base.ClientRestrictingServerMixIn, 130 testserver_base.ClientRestrictingServerMixIn,
131 testserver_base.BrokenPipeHandlerMixIn, 131 testserver_base.BrokenPipeHandlerMixIn,
132 testserver_base.StoppableHTTPServer): 132 testserver_base.StoppableHTTPServer):
133 """This is a specialization of StoppableHTTPServer that add https support and 133 """This is a specialization of StoppableHTTPServer that add https support and
134 client verification.""" 134 client verification."""
135 135
136 def __init__(self, server_address, request_hander_class, pem_cert_and_key, 136 def __init__(self, server_address, request_hander_class, pem_cert_and_key,
137 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, 137 ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
138 record_resume_info, tls_intolerant, signed_cert_timestamps): 138 record_resume_info, tls_intolerant, signed_cert_timestamps,
139 fallback_scsv_enabled):
139 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key) 140 self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key)
140 # Force using only python implementation - otherwise behavior is different 141 # Force using only python implementation - otherwise behavior is different
141 # depending on whether m2crypto Python module is present (error is thrown 142 # depending on whether m2crypto Python module is present (error is thrown
142 # when it is). m2crypto uses a C (based on OpenSSL) implementation under 143 # when it is). m2crypto uses a C (based on OpenSSL) implementation under
143 # the hood. 144 # the hood.
144 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, 145 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key,
145 private=True, 146 private=True,
146 implementations=['python']) 147 implementations=['python'])
147 self.ssl_client_auth = ssl_client_auth 148 self.ssl_client_auth = ssl_client_auth
148 self.ssl_client_cas = [] 149 self.ssl_client_cas = []
149 self.tls_intolerant = tls_intolerant 150 self.tls_intolerant = tls_intolerant
150 self.signed_cert_timestamps = signed_cert_timestamps 151 self.signed_cert_timestamps = signed_cert_timestamps
152 self.fallback_scsv_enabled = fallback_scsv_enabled
151 153
152 for ca_file in ssl_client_cas: 154 for ca_file in ssl_client_cas:
153 s = open(ca_file).read() 155 s = open(ca_file).read()
154 x509 = tlslite.api.X509() 156 x509 = tlslite.api.X509()
155 x509.parse(s) 157 x509.parse(s)
156 self.ssl_client_cas.append(x509.subject) 158 self.ssl_client_cas.append(x509.subject)
157 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() 159 self.ssl_handshake_settings = tlslite.api.HandshakeSettings()
158 if ssl_bulk_ciphers is not None: 160 if ssl_bulk_ciphers is not None:
159 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers 161 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers
160 162
(...skipping 13 matching lines...) Expand all
174 try: 176 try:
175 self.tlsConnection = tlsConnection 177 self.tlsConnection = tlsConnection
176 tlsConnection.handshakeServer(certChain=self.cert_chain, 178 tlsConnection.handshakeServer(certChain=self.cert_chain,
177 privateKey=self.private_key, 179 privateKey=self.private_key,
178 sessionCache=self.session_cache, 180 sessionCache=self.session_cache,
179 reqCert=self.ssl_client_auth, 181 reqCert=self.ssl_client_auth,
180 settings=self.ssl_handshake_settings, 182 settings=self.ssl_handshake_settings,
181 reqCAs=self.ssl_client_cas, 183 reqCAs=self.ssl_client_cas,
182 tlsIntolerant=self.tls_intolerant, 184 tlsIntolerant=self.tls_intolerant,
183 signedCertTimestamps= 185 signedCertTimestamps=
184 self.signed_cert_timestamps) 186 self.signed_cert_timestamps,
187 fallbackSCSV=self.fallback_scsv_enabled)
185 tlsConnection.ignoreAbruptClose = True 188 tlsConnection.ignoreAbruptClose = True
186 return True 189 return True
187 except tlslite.api.TLSAbruptCloseError: 190 except tlslite.api.TLSAbruptCloseError:
188 # Ignore abrupt close. 191 # Ignore abrupt close.
189 return True 192 return True
190 except tlslite.api.TLSError, error: 193 except tlslite.api.TLSError, error:
191 print "Handshake failure:", str(error) 194 print "Handshake failure:", str(error)
192 return False 195 return False
193 196
194 197
(...skipping 1745 matching lines...) Expand 10 before | Expand all | Expand 10 after
1940 raise testserver_base.OptionError( 1943 raise testserver_base.OptionError(
1941 'specified trusted client CA file not found: ' + ca_cert + 1944 'specified trusted client CA file not found: ' + ca_cert +
1942 ' exiting...') 1945 ' exiting...')
1943 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key, 1946 server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key,
1944 self.options.ssl_client_auth, 1947 self.options.ssl_client_auth,
1945 self.options.ssl_client_ca, 1948 self.options.ssl_client_ca,
1946 self.options.ssl_bulk_cipher, 1949 self.options.ssl_bulk_cipher,
1947 self.options.record_resume, 1950 self.options.record_resume,
1948 self.options.tls_intolerant, 1951 self.options.tls_intolerant,
1949 self.options.signed_cert_timestamps.decode( 1952 self.options.signed_cert_timestamps.decode(
1950 "base64")) 1953 "base64"),
1954 self.options.fallback_scsv)
1951 print 'HTTPS server started on %s:%d...' % (host, server.server_port) 1955 print 'HTTPS server started on %s:%d...' % (host, server.server_port)
1952 else: 1956 else:
1953 server = HTTPServer((host, port), TestPageHandler) 1957 server = HTTPServer((host, port), TestPageHandler)
1954 print 'HTTP server started on %s:%d...' % (host, server.server_port) 1958 print 'HTTP server started on %s:%d...' % (host, server.server_port)
1955 1959
1956 server.data_dir = self.__make_data_dir() 1960 server.data_dir = self.__make_data_dir()
1957 server.file_root_url = self.options.file_root_url 1961 server.file_root_url = self.options.file_root_url
1958 server_data['port'] = server.server_port 1962 server_data['port'] = server.server_port
1959 elif self.options.server_type == SERVER_WEBSOCKET: 1963 elif self.options.server_type == SERVER_WEBSOCKET:
1960 # Launch pywebsocket via WebSocketServer. 1964 # Launch pywebsocket via WebSocketServer.
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
2085 'aborted. 2 means TLS 1.1 or higher will be ' 2089 'aborted. 2 means TLS 1.1 or higher will be '
2086 'aborted. 3 means TLS 1.2 or higher will be ' 2090 'aborted. 3 means TLS 1.2 or higher will be '
2087 'aborted.') 2091 'aborted.')
2088 self.option_parser.add_option('--signed-cert-timestamps', 2092 self.option_parser.add_option('--signed-cert-timestamps',
2089 dest='signed_cert_timestamps', 2093 dest='signed_cert_timestamps',
2090 default='', 2094 default='',
2091 help='Base64 encoded SCT list. If set, ' 2095 help='Base64 encoded SCT list. If set, '
2092 'server will respond with a ' 2096 'server will respond with a '
2093 'signed_certificate_timestamp TLS extension ' 2097 'signed_certificate_timestamp TLS extension '
2094 'whenever the client supports it.') 2098 'whenever the client supports it.')
2099 self.option_parser.add_option('--fallback-scsv', dest='fallback_scsv',
2100 default=False, const=True,
2101 action='store_const',
2102 help='If given, TLS_FALLBACK_SCSV support '
2103 'will be enabled. This causes the server to '
2104 'reject fallback connections from compatible '
2105 'clients (e.g. Chrome).')
2095 self.option_parser.add_option('--https-record-resume', 2106 self.option_parser.add_option('--https-record-resume',
2096 dest='record_resume', const=True, 2107 dest='record_resume', const=True,
2097 default=False, action='store_const', 2108 default=False, action='store_const',
2098 help='Record resumption cache events rather ' 2109 help='Record resumption cache events rather '
2099 'than resuming as normal. Allows the use of ' 2110 'than resuming as normal. Allows the use of '
2100 'the /ssl-session-cache request') 2111 'the /ssl-session-cache request')
2101 self.option_parser.add_option('--ssl-client-auth', action='store_true', 2112 self.option_parser.add_option('--ssl-client-auth', action='store_true',
2102 help='Require SSL client auth on every ' 2113 help='Require SSL client auth on every '
2103 'connection.') 2114 'connection.')
2104 self.option_parser.add_option('--ssl-client-ca', action='append', 2115 self.option_parser.add_option('--ssl-client-ca', action='append',
(...skipping 11 matching lines...) Expand all
2116 '"aes128", "3des", "rc4". If omitted, all ' 2127 '"aes128", "3des", "rc4". If omitted, all '
2117 'algorithms will be used. This option may ' 2128 'algorithms will be used. This option may '
2118 'appear multiple times, indicating ' 2129 'appear multiple times, indicating '
2119 'multiple algorithms should be enabled.'); 2130 'multiple algorithms should be enabled.');
2120 self.option_parser.add_option('--file-root-url', default='/files/', 2131 self.option_parser.add_option('--file-root-url', default='/files/',
2121 help='Specify a root URL for files served.') 2132 help='Specify a root URL for files served.')
2122 2133
2123 2134
2124 if __name__ == '__main__': 2135 if __name__ == '__main__':
2125 sys.exit(ServerRunner().main()) 2136 sys.exit(ServerRunner().main())
OLDNEW
« no previous file with comments | « net/test/spawned_test_server/base_test_server.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')

Powered by Google App Engine
This is Rietveld 408576698