| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <math.h> // ceil | 7 #include <math.h> // ceil |
| 8 #include <stdarg.h> | 8 #include <stdarg.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 #include "net/socket/socket_test_util.h" | 71 #include "net/socket/socket_test_util.h" |
| 72 #include "net/socket/ssl_client_socket.h" | 72 #include "net/socket/ssl_client_socket.h" |
| 73 #include "net/spdy/spdy_framer.h" | 73 #include "net/spdy/spdy_framer.h" |
| 74 #include "net/spdy/spdy_session.h" | 74 #include "net/spdy/spdy_session.h" |
| 75 #include "net/spdy/spdy_session_pool.h" | 75 #include "net/spdy/spdy_session_pool.h" |
| 76 #include "net/spdy/spdy_test_util_common.h" | 76 #include "net/spdy/spdy_test_util_common.h" |
| 77 #include "net/ssl/ssl_cert_request_info.h" | 77 #include "net/ssl/ssl_cert_request_info.h" |
| 78 #include "net/ssl/ssl_config_service.h" | 78 #include "net/ssl/ssl_config_service.h" |
| 79 #include "net/ssl/ssl_config_service_defaults.h" | 79 #include "net/ssl/ssl_config_service_defaults.h" |
| 80 #include "net/ssl/ssl_info.h" | 80 #include "net/ssl/ssl_info.h" |
| 81 #include "net/ssl/ssl_private_key.h" |
| 81 #include "net/test/cert_test_util.h" | 82 #include "net/test/cert_test_util.h" |
| 82 #include "net/websockets/websocket_handshake_stream_base.h" | 83 #include "net/websockets/websocket_handshake_stream_base.h" |
| 83 #include "testing/gtest/include/gtest/gtest.h" | 84 #include "testing/gtest/include/gtest/gtest.h" |
| 84 #include "testing/platform_test.h" | 85 #include "testing/platform_test.h" |
| 85 #include "url/gurl.h" | 86 #include "url/gurl.h" |
| 86 | 87 |
| 87 using base::ASCIIToUTF16; | 88 using base::ASCIIToUTF16; |
| 88 | 89 |
| 89 //----------------------------------------------------------------------------- | 90 //----------------------------------------------------------------------------- |
| 90 | 91 |
| (...skipping 11411 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11502 | 11503 |
| 11503 // Complete the SSL handshake, which should abort due to requiring a | 11504 // Complete the SSL handshake, which should abort due to requiring a |
| 11504 // client certificate. | 11505 // client certificate. |
| 11505 rv = callback.WaitForResult(); | 11506 rv = callback.WaitForResult(); |
| 11506 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 11507 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 11507 | 11508 |
| 11508 // Indicate that no certificate should be supplied. From the perspective | 11509 // Indicate that no certificate should be supplied. From the perspective |
| 11509 // of SSLClientCertCache, NULL is just as meaningful as a real | 11510 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 11510 // certificate, so this is the same as supply a | 11511 // certificate, so this is the same as supply a |
| 11511 // legitimate-but-unacceptable certificate. | 11512 // legitimate-but-unacceptable certificate. |
| 11512 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 11513 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 11513 ASSERT_EQ(ERR_IO_PENDING, rv); | 11514 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 11514 | 11515 |
| 11515 // Ensure the certificate was added to the client auth cache before | 11516 // Ensure the certificate was added to the client auth cache before |
| 11516 // allowing the connection to continue restarting. | 11517 // allowing the connection to continue restarting. |
| 11517 scoped_refptr<X509Certificate> client_cert; | 11518 scoped_refptr<X509Certificate> client_cert; |
| 11519 scoped_refptr<SSLPrivateKey> client_private_key; |
| 11518 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 11520 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 11519 HostPortPair("www.example.com", 443), &client_cert)); | 11521 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 11520 ASSERT_EQ(NULL, client_cert.get()); | 11522 ASSERT_EQ(NULL, client_cert.get()); |
| 11521 | 11523 |
| 11522 // Restart the handshake. This will consume ssl_data2, which fails, and | 11524 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 11523 // then consume ssl_data3 and ssl_data4, both of which should also fail. | 11525 // then consume ssl_data3 and ssl_data4, both of which should also fail. |
| 11524 // The result code is checked against what ssl_data4 should return. | 11526 // The result code is checked against what ssl_data4 should return. |
| 11525 rv = callback.WaitForResult(); | 11527 rv = callback.WaitForResult(); |
| 11526 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 11528 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 11527 | 11529 |
| 11528 // Ensure that the client certificate is removed from the cache on a | 11530 // Ensure that the client certificate is removed from the cache on a |
| 11529 // handshake failure. | 11531 // handshake failure. |
| 11530 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 11532 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 11531 HostPortPair("www.example.com", 443), &client_cert)); | 11533 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 11532 } | 11534 } |
| 11533 | 11535 |
| 11534 // Ensure that a client certificate is removed from the SSL client auth | 11536 // Ensure that a client certificate is removed from the SSL client auth |
| 11535 // cache when: | 11537 // cache when: |
| 11536 // 1) No proxy is involved. | 11538 // 1) No proxy is involved. |
| 11537 // 2) TLS False Start is enabled. | 11539 // 2) TLS False Start is enabled. |
| 11538 // 3) The initial TLS handshake requests a client certificate. | 11540 // 3) The initial TLS handshake requests a client certificate. |
| 11539 // 4) The client supplies an invalid/unacceptable certificate. | 11541 // 4) The client supplies an invalid/unacceptable certificate. |
| 11540 TEST_P(HttpNetworkTransactionTest, | 11542 TEST_P(HttpNetworkTransactionTest, |
| 11541 ClientAuthCertCache_Direct_FalseStart) { | 11543 ClientAuthCertCache_Direct_FalseStart) { |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11619 | 11621 |
| 11620 // Complete the SSL handshake, which should abort due to requiring a | 11622 // Complete the SSL handshake, which should abort due to requiring a |
| 11621 // client certificate. | 11623 // client certificate. |
| 11622 rv = callback.WaitForResult(); | 11624 rv = callback.WaitForResult(); |
| 11623 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 11625 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 11624 | 11626 |
| 11625 // Indicate that no certificate should be supplied. From the perspective | 11627 // Indicate that no certificate should be supplied. From the perspective |
| 11626 // of SSLClientCertCache, NULL is just as meaningful as a real | 11628 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 11627 // certificate, so this is the same as supply a | 11629 // certificate, so this is the same as supply a |
| 11628 // legitimate-but-unacceptable certificate. | 11630 // legitimate-but-unacceptable certificate. |
| 11629 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 11631 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 11630 ASSERT_EQ(ERR_IO_PENDING, rv); | 11632 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 11631 | 11633 |
| 11632 // Ensure the certificate was added to the client auth cache before | 11634 // Ensure the certificate was added to the client auth cache before |
| 11633 // allowing the connection to continue restarting. | 11635 // allowing the connection to continue restarting. |
| 11634 scoped_refptr<X509Certificate> client_cert; | 11636 scoped_refptr<X509Certificate> client_cert; |
| 11637 scoped_refptr<SSLPrivateKey> client_private_key; |
| 11635 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 11638 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 11636 HostPortPair("www.example.com", 443), &client_cert)); | 11639 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 11637 ASSERT_EQ(NULL, client_cert.get()); | 11640 ASSERT_EQ(NULL, client_cert.get()); |
| 11638 | 11641 |
| 11639 // Restart the handshake. This will consume ssl_data2, which fails, and | 11642 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 11640 // then consume ssl_data3 and ssl_data4, both of which should also fail. | 11643 // then consume ssl_data3 and ssl_data4, both of which should also fail. |
| 11641 // The result code is checked against what ssl_data4 should return. | 11644 // The result code is checked against what ssl_data4 should return. |
| 11642 rv = callback.WaitForResult(); | 11645 rv = callback.WaitForResult(); |
| 11643 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 11646 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 11644 | 11647 |
| 11645 // Ensure that the client certificate is removed from the cache on a | 11648 // Ensure that the client certificate is removed from the cache on a |
| 11646 // handshake failure. | 11649 // handshake failure. |
| 11647 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 11650 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 11648 HostPortPair("www.example.com", 443), &client_cert)); | 11651 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 11649 } | 11652 } |
| 11650 | 11653 |
| 11651 // Ensure that a client certificate is removed from the SSL client auth | 11654 // Ensure that a client certificate is removed from the SSL client auth |
| 11652 // cache when: | 11655 // cache when: |
| 11653 // 1) An HTTPS proxy is involved. | 11656 // 1) An HTTPS proxy is involved. |
| 11654 // 3) The HTTPS proxy requests a client certificate. | 11657 // 3) The HTTPS proxy requests a client certificate. |
| 11655 // 4) The client supplies an invalid/unacceptable certificate for the | 11658 // 4) The client supplies an invalid/unacceptable certificate for the |
| 11656 // proxy. | 11659 // proxy. |
| 11657 // The test is repeated twice, first for connecting to an HTTPS endpoint, | 11660 // The test is repeated twice, first for connecting to an HTTPS endpoint, |
| 11658 // then for connecting to an HTTP endpoint. | 11661 // then for connecting to an HTTP endpoint. |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 11711 | 11714 |
| 11712 // Complete the SSL handshake, which should abort due to requiring a | 11715 // Complete the SSL handshake, which should abort due to requiring a |
| 11713 // client certificate. | 11716 // client certificate. |
| 11714 rv = callback.WaitForResult(); | 11717 rv = callback.WaitForResult(); |
| 11715 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 11718 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 11716 | 11719 |
| 11717 // Indicate that no certificate should be supplied. From the perspective | 11720 // Indicate that no certificate should be supplied. From the perspective |
| 11718 // of SSLClientCertCache, NULL is just as meaningful as a real | 11721 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 11719 // certificate, so this is the same as supply a | 11722 // certificate, so this is the same as supply a |
| 11720 // legitimate-but-unacceptable certificate. | 11723 // legitimate-but-unacceptable certificate. |
| 11721 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 11724 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 11722 ASSERT_EQ(ERR_IO_PENDING, rv); | 11725 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 11723 | 11726 |
| 11724 // Ensure the certificate was added to the client auth cache before | 11727 // Ensure the certificate was added to the client auth cache before |
| 11725 // allowing the connection to continue restarting. | 11728 // allowing the connection to continue restarting. |
| 11726 scoped_refptr<X509Certificate> client_cert; | 11729 scoped_refptr<X509Certificate> client_cert; |
| 11730 scoped_refptr<SSLPrivateKey> client_private_key; |
| 11727 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 11731 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 11728 HostPortPair("proxy", 70), &client_cert)); | 11732 HostPortPair("proxy", 70), &client_cert, &client_private_key)); |
| 11729 ASSERT_EQ(NULL, client_cert.get()); | 11733 ASSERT_EQ(NULL, client_cert.get()); |
| 11730 // Ensure the certificate was NOT cached for the endpoint. This only | 11734 // Ensure the certificate was NOT cached for the endpoint. This only |
| 11731 // applies to HTTPS requests, but is fine to check for HTTP requests. | 11735 // applies to HTTPS requests, but is fine to check for HTTP requests. |
| 11732 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 11736 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 11733 HostPortPair("www.example.com", 443), &client_cert)); | 11737 HostPortPair("www.example.com", 443), &client_cert, |
| 11738 &client_private_key)); |
| 11734 | 11739 |
| 11735 // Restart the handshake. This will consume ssl_data2, which fails, and | 11740 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 11736 // then consume ssl_data3, which should also fail. The result code is | 11741 // then consume ssl_data3, which should also fail. The result code is |
| 11737 // checked against what ssl_data3 should return. | 11742 // checked against what ssl_data3 should return. |
| 11738 rv = callback.WaitForResult(); | 11743 rv = callback.WaitForResult(); |
| 11739 ASSERT_EQ(ERR_PROXY_CONNECTION_FAILED, rv); | 11744 ASSERT_EQ(ERR_PROXY_CONNECTION_FAILED, rv); |
| 11740 | 11745 |
| 11741 // Now that the new handshake has failed, ensure that the client | 11746 // Now that the new handshake has failed, ensure that the client |
| 11742 // certificate was removed from the client auth cache. | 11747 // certificate was removed from the client auth cache. |
| 11743 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 11748 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 11744 HostPortPair("proxy", 70), &client_cert)); | 11749 HostPortPair("proxy", 70), &client_cert, &client_private_key)); |
| 11745 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 11750 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 11746 HostPortPair("www.example.com", 443), &client_cert)); | 11751 HostPortPair("www.example.com", 443), &client_cert, |
| 11752 &client_private_key)); |
| 11747 } | 11753 } |
| 11748 } | 11754 } |
| 11749 | 11755 |
| 11750 TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) { | 11756 TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) { |
| 11751 session_deps_.use_alternative_services = true; | 11757 session_deps_.use_alternative_services = true; |
| 11752 session_deps_.next_protos = SpdyNextProtos(); | 11758 session_deps_.next_protos = SpdyNextProtos(); |
| 11753 | 11759 |
| 11754 // Set up a special HttpNetworkSession with a MockCachingHostResolver. | 11760 // Set up a special HttpNetworkSession with a MockCachingHostResolver. |
| 11755 session_deps_.host_resolver.reset(new MockCachingHostResolver()); | 11761 session_deps_.host_resolver.reset(new MockCachingHostResolver()); |
| 11756 scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_)); | 11762 scoped_refptr<HttpNetworkSession> session(CreateSession(&session_deps_)); |
| (...skipping 2964 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 14721 std::string response_data; | 14727 std::string response_data; |
| 14722 EXPECT_EQ(OK, ReadTransaction(trans.get(), &response_data)); | 14728 EXPECT_EQ(OK, ReadTransaction(trans.get(), &response_data)); |
| 14723 | 14729 |
| 14724 EXPECT_EQ(CountWriteBytes(data_writes, arraysize(data_writes)), | 14730 EXPECT_EQ(CountWriteBytes(data_writes, arraysize(data_writes)), |
| 14725 trans->GetTotalSentBytes()); | 14731 trans->GetTotalSentBytes()); |
| 14726 EXPECT_EQ(CountReadBytes(data_reads, arraysize(data_reads)), | 14732 EXPECT_EQ(CountReadBytes(data_reads, arraysize(data_reads)), |
| 14727 trans->GetTotalReceivedBytes()); | 14733 trans->GetTotalReceivedBytes()); |
| 14728 } | 14734 } |
| 14729 | 14735 |
| 14730 } // namespace net | 14736 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1304143010:
Plumbing SSLPrivateKey
Base URL: https://chromium.googlesource.com/chromium/src.git@master