| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <math.h> // ceil | 7 #include <math.h> // ceil |
| 8 #include <stdarg.h> | 8 #include <stdarg.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 #include "net/socket/socket_test_util.h" | 71 #include "net/socket/socket_test_util.h" |
| 72 #include "net/socket/ssl_client_socket.h" | 72 #include "net/socket/ssl_client_socket.h" |
| 73 #include "net/spdy/spdy_framer.h" | 73 #include "net/spdy/spdy_framer.h" |
| 74 #include "net/spdy/spdy_session.h" | 74 #include "net/spdy/spdy_session.h" |
| 75 #include "net/spdy/spdy_session_pool.h" | 75 #include "net/spdy/spdy_session_pool.h" |
| 76 #include "net/spdy/spdy_test_util_common.h" | 76 #include "net/spdy/spdy_test_util_common.h" |
| 77 #include "net/ssl/ssl_cert_request_info.h" | 77 #include "net/ssl/ssl_cert_request_info.h" |
| 78 #include "net/ssl/ssl_config_service.h" | 78 #include "net/ssl/ssl_config_service.h" |
| 79 #include "net/ssl/ssl_config_service_defaults.h" | 79 #include "net/ssl/ssl_config_service_defaults.h" |
| 80 #include "net/ssl/ssl_info.h" | 80 #include "net/ssl/ssl_info.h" |
| 81 #include "net/ssl/ssl_private_key.h" |
| 81 #include "net/test/cert_test_util.h" | 82 #include "net/test/cert_test_util.h" |
| 82 #include "net/websockets/websocket_handshake_stream_base.h" | 83 #include "net/websockets/websocket_handshake_stream_base.h" |
| 83 #include "testing/gtest/include/gtest/gtest.h" | 84 #include "testing/gtest/include/gtest/gtest.h" |
| 84 #include "testing/platform_test.h" | 85 #include "testing/platform_test.h" |
| 85 #include "url/gurl.h" | 86 #include "url/gurl.h" |
| 86 | 87 |
| 87 using base::ASCIIToUTF16; | 88 using base::ASCIIToUTF16; |
| 88 | 89 |
| 89 //----------------------------------------------------------------------------- | 90 //----------------------------------------------------------------------------- |
| 90 | 91 |
| (...skipping 11987 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12078 | 12079 |
| 12079 // Complete the SSL handshake, which should abort due to requiring a | 12080 // Complete the SSL handshake, which should abort due to requiring a |
| 12080 // client certificate. | 12081 // client certificate. |
| 12081 rv = callback.WaitForResult(); | 12082 rv = callback.WaitForResult(); |
| 12082 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 12083 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 12083 | 12084 |
| 12084 // Indicate that no certificate should be supplied. From the perspective | 12085 // Indicate that no certificate should be supplied. From the perspective |
| 12085 // of SSLClientCertCache, NULL is just as meaningful as a real | 12086 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 12086 // certificate, so this is the same as supply a | 12087 // certificate, so this is the same as supply a |
| 12087 // legitimate-but-unacceptable certificate. | 12088 // legitimate-but-unacceptable certificate. |
| 12088 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 12089 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 12089 ASSERT_EQ(ERR_IO_PENDING, rv); | 12090 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 12090 | 12091 |
| 12091 // Ensure the certificate was added to the client auth cache before | 12092 // Ensure the certificate was added to the client auth cache before |
| 12092 // allowing the connection to continue restarting. | 12093 // allowing the connection to continue restarting. |
| 12093 scoped_refptr<X509Certificate> client_cert; | 12094 scoped_refptr<X509Certificate> client_cert; |
| 12095 scoped_refptr<SSLPrivateKey> client_private_key; |
| 12094 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 12096 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 12095 HostPortPair("www.example.com", 443), &client_cert)); | 12097 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12096 ASSERT_EQ(NULL, client_cert.get()); | 12098 ASSERT_EQ(NULL, client_cert.get()); |
| 12097 | 12099 |
| 12098 // Restart the handshake. This will consume ssl_data2, which fails, and | 12100 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 12099 // then consume ssl_data3 and ssl_data4, both of which should also fail. | 12101 // then consume ssl_data3 and ssl_data4, both of which should also fail. |
| 12100 // The result code is checked against what ssl_data4 should return. | 12102 // The result code is checked against what ssl_data4 should return. |
| 12101 rv = callback.WaitForResult(); | 12103 rv = callback.WaitForResult(); |
| 12102 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 12104 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 12103 | 12105 |
| 12104 // Ensure that the client certificate is removed from the cache on a | 12106 // Ensure that the client certificate is removed from the cache on a |
| 12105 // handshake failure. | 12107 // handshake failure. |
| 12106 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12108 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12107 HostPortPair("www.example.com", 443), &client_cert)); | 12109 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12108 } | 12110 } |
| 12109 | 12111 |
| 12110 // Ensure that a client certificate is removed from the SSL client auth | 12112 // Ensure that a client certificate is removed from the SSL client auth |
| 12111 // cache when: | 12113 // cache when: |
| 12112 // 1) No proxy is involved. | 12114 // 1) No proxy is involved. |
| 12113 // 2) TLS False Start is enabled. | 12115 // 2) TLS False Start is enabled. |
| 12114 // 3) The initial TLS handshake requests a client certificate. | 12116 // 3) The initial TLS handshake requests a client certificate. |
| 12115 // 4) The client supplies an invalid/unacceptable certificate. | 12117 // 4) The client supplies an invalid/unacceptable certificate. |
| 12116 TEST_P(HttpNetworkTransactionTest, | 12118 TEST_P(HttpNetworkTransactionTest, |
| 12117 ClientAuthCertCache_Direct_FalseStart) { | 12119 ClientAuthCertCache_Direct_FalseStart) { |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12195 | 12197 |
| 12196 // Complete the SSL handshake, which should abort due to requiring a | 12198 // Complete the SSL handshake, which should abort due to requiring a |
| 12197 // client certificate. | 12199 // client certificate. |
| 12198 rv = callback.WaitForResult(); | 12200 rv = callback.WaitForResult(); |
| 12199 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 12201 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 12200 | 12202 |
| 12201 // Indicate that no certificate should be supplied. From the perspective | 12203 // Indicate that no certificate should be supplied. From the perspective |
| 12202 // of SSLClientCertCache, NULL is just as meaningful as a real | 12204 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 12203 // certificate, so this is the same as supply a | 12205 // certificate, so this is the same as supply a |
| 12204 // legitimate-but-unacceptable certificate. | 12206 // legitimate-but-unacceptable certificate. |
| 12205 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 12207 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 12206 ASSERT_EQ(ERR_IO_PENDING, rv); | 12208 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 12207 | 12209 |
| 12208 // Ensure the certificate was added to the client auth cache before | 12210 // Ensure the certificate was added to the client auth cache before |
| 12209 // allowing the connection to continue restarting. | 12211 // allowing the connection to continue restarting. |
| 12210 scoped_refptr<X509Certificate> client_cert; | 12212 scoped_refptr<X509Certificate> client_cert; |
| 12213 scoped_refptr<SSLPrivateKey> client_private_key; |
| 12211 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 12214 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 12212 HostPortPair("www.example.com", 443), &client_cert)); | 12215 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12213 ASSERT_EQ(NULL, client_cert.get()); | 12216 ASSERT_EQ(NULL, client_cert.get()); |
| 12214 | 12217 |
| 12215 // Restart the handshake. This will consume ssl_data2, which fails, and | 12218 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 12216 // then consume ssl_data3 and ssl_data4, both of which should also fail. | 12219 // then consume ssl_data3 and ssl_data4, both of which should also fail. |
| 12217 // The result code is checked against what ssl_data4 should return. | 12220 // The result code is checked against what ssl_data4 should return. |
| 12218 rv = callback.WaitForResult(); | 12221 rv = callback.WaitForResult(); |
| 12219 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 12222 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 12220 | 12223 |
| 12221 // Ensure that the client certificate is removed from the cache on a | 12224 // Ensure that the client certificate is removed from the cache on a |
| 12222 // handshake failure. | 12225 // handshake failure. |
| 12223 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12226 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12224 HostPortPair("www.example.com", 443), &client_cert)); | 12227 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12225 } | 12228 } |
| 12226 | 12229 |
| 12227 // Ensure that a client certificate is removed from the SSL client auth | 12230 // Ensure that a client certificate is removed from the SSL client auth |
| 12228 // cache when: | 12231 // cache when: |
| 12229 // 1) An HTTPS proxy is involved. | 12232 // 1) An HTTPS proxy is involved. |
| 12230 // 3) The HTTPS proxy requests a client certificate. | 12233 // 3) The HTTPS proxy requests a client certificate. |
| 12231 // 4) The client supplies an invalid/unacceptable certificate for the | 12234 // 4) The client supplies an invalid/unacceptable certificate for the |
| 12232 // proxy. | 12235 // proxy. |
| 12233 // The test is repeated twice, first for connecting to an HTTPS endpoint, | 12236 // The test is repeated twice, first for connecting to an HTTPS endpoint, |
| 12234 // then for connecting to an HTTP endpoint. | 12237 // then for connecting to an HTTP endpoint. |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12287 | 12290 |
| 12288 // Complete the SSL handshake, which should abort due to requiring a | 12291 // Complete the SSL handshake, which should abort due to requiring a |
| 12289 // client certificate. | 12292 // client certificate. |
| 12290 rv = callback.WaitForResult(); | 12293 rv = callback.WaitForResult(); |
| 12291 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 12294 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 12292 | 12295 |
| 12293 // Indicate that no certificate should be supplied. From the perspective | 12296 // Indicate that no certificate should be supplied. From the perspective |
| 12294 // of SSLClientCertCache, NULL is just as meaningful as a real | 12297 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 12295 // certificate, so this is the same as supply a | 12298 // certificate, so this is the same as supply a |
| 12296 // legitimate-but-unacceptable certificate. | 12299 // legitimate-but-unacceptable certificate. |
| 12297 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 12300 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 12298 ASSERT_EQ(ERR_IO_PENDING, rv); | 12301 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 12299 | 12302 |
| 12300 // Ensure the certificate was added to the client auth cache before | 12303 // Ensure the certificate was added to the client auth cache before |
| 12301 // allowing the connection to continue restarting. | 12304 // allowing the connection to continue restarting. |
| 12302 scoped_refptr<X509Certificate> client_cert; | 12305 scoped_refptr<X509Certificate> client_cert; |
| 12306 scoped_refptr<SSLPrivateKey> client_private_key; |
| 12303 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 12307 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 12304 HostPortPair("proxy", 70), &client_cert)); | 12308 HostPortPair("proxy", 70), &client_cert, &client_private_key)); |
| 12305 ASSERT_EQ(NULL, client_cert.get()); | 12309 ASSERT_EQ(NULL, client_cert.get()); |
| 12306 // Ensure the certificate was NOT cached for the endpoint. This only | 12310 // Ensure the certificate was NOT cached for the endpoint. This only |
| 12307 // applies to HTTPS requests, but is fine to check for HTTP requests. | 12311 // applies to HTTPS requests, but is fine to check for HTTP requests. |
| 12308 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12312 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12309 HostPortPair("www.example.com", 443), &client_cert)); | 12313 HostPortPair("www.example.com", 443), &client_cert, |
| 12314 &client_private_key)); |
| 12310 | 12315 |
| 12311 // Restart the handshake. This will consume ssl_data2, which fails, and | 12316 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 12312 // then consume ssl_data3, which should also fail. The result code is | 12317 // then consume ssl_data3, which should also fail. The result code is |
| 12313 // checked against what ssl_data3 should return. | 12318 // checked against what ssl_data3 should return. |
| 12314 rv = callback.WaitForResult(); | 12319 rv = callback.WaitForResult(); |
| 12315 ASSERT_EQ(ERR_PROXY_CONNECTION_FAILED, rv); | 12320 ASSERT_EQ(ERR_PROXY_CONNECTION_FAILED, rv); |
| 12316 | 12321 |
| 12317 // Now that the new handshake has failed, ensure that the client | 12322 // Now that the new handshake has failed, ensure that the client |
| 12318 // certificate was removed from the client auth cache. | 12323 // certificate was removed from the client auth cache. |
| 12319 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12324 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12320 HostPortPair("proxy", 70), &client_cert)); | 12325 HostPortPair("proxy", 70), &client_cert, &client_private_key)); |
| 12321 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12326 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12322 HostPortPair("www.example.com", 443), &client_cert)); | 12327 HostPortPair("www.example.com", 443), &client_cert, |
| 12328 &client_private_key)); |
| 12323 } | 12329 } |
| 12324 } | 12330 } |
| 12325 | 12331 |
| 12326 TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) { | 12332 TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) { |
| 12327 session_deps_.use_alternative_services = true; | 12333 session_deps_.use_alternative_services = true; |
| 12328 session_deps_.next_protos = SpdyNextProtos(); | 12334 session_deps_.next_protos = SpdyNextProtos(); |
| 12329 | 12335 |
| 12330 // Set up a special HttpNetworkSession with a MockCachingHostResolver. | 12336 // Set up a special HttpNetworkSession with a MockCachingHostResolver. |
| 12331 session_deps_.host_resolver.reset(new MockCachingHostResolver()); | 12337 session_deps_.host_resolver.reset(new MockCachingHostResolver()); |
| 12332 scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_)); | 12338 scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_)); |
| (...skipping 2976 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 15309 std::string response_data; | 15315 std::string response_data; |
| 15310 EXPECT_EQ(OK, ReadTransaction(trans.get(), &response_data)); | 15316 EXPECT_EQ(OK, ReadTransaction(trans.get(), &response_data)); |
| 15311 | 15317 |
| 15312 EXPECT_EQ(CountWriteBytes(data_writes, arraysize(data_writes)), | 15318 EXPECT_EQ(CountWriteBytes(data_writes, arraysize(data_writes)), |
| 15313 trans->GetTotalSentBytes()); | 15319 trans->GetTotalSentBytes()); |
| 15314 EXPECT_EQ(CountReadBytes(data_reads, arraysize(data_reads)), | 15320 EXPECT_EQ(CountReadBytes(data_reads, arraysize(data_reads)), |
| 15315 trans->GetTotalReceivedBytes()); | 15321 trans->GetTotalReceivedBytes()); |
| 15316 } | 15322 } |
| 15317 | 15323 |
| 15318 } // namespace net | 15324 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1304143010:
Plumbing SSLPrivateKey
Base URL: https://chromium.googlesource.com/chromium/src.git@master