SSL in EmbeddedTestServer

net/test/embedded_test_server/embedded_test_server.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/test/embedded_test_server/embedded_test_server.h"
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
+#include "base/path_service.h"
 #include "base/process/process_metrics.h"
 #include "base/run_loop.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/threading/thread_restrictions.h"
+#include "crypto/rsa_private_key.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
+#include "net/base/test_data_directory.h"
+#include "net/cert/pem_tokenizer.h"
+#include "net/cert/test_root_certs.h"
+#include "net/socket/ssl_server_socket.h"
 #include "net/socket/stream_socket.h"
 #include "net/socket/tcp_server_socket.h"
+#include "net/ssl/ssl_server_config.h"
+#include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/embedded_test_server_connection_listener.h"
 #include "net/test/embedded_test_server/http_connection.h"
 #include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/http_response.h"
+#include "net/test/embedded_test_server/request_helpers.h"
 
 namespace net {
 namespace test_server {
 
-namespace {
-
-class CustomHttpResponse : public HttpResponse {
- public:
-  CustomHttpResponse(const std::string& headers, const std::string& contents)
-      : headers_(headers), contents_(contents) {
+EmbeddedTestServer::EmbeddedTestServer(bool use_ssl)
+    : use_ssl_(use_ssl), connection_listener_(nullptr), port_(0) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  if (use_ssl_) {
+    LoadTestSSLRoot();
   }
-
-  std::string ToResponseString() const override {
-    return headers_ + "\r\n" + contents_;
-  }
-
- private:
-  std::string headers_;
-  std::string contents_;
-
-  DISALLOW_COPY_AND_ASSIGN(CustomHttpResponse);
-};
-
-// Handles |request| by serving a file from under |server_root|.
-scoped_ptr<HttpResponse> HandleFileRequest(
-    const base::FilePath& server_root,
-    const HttpRequest& request) {
-  // This is a test-only server. Ignore I/O thread restrictions.
-  base::ThreadRestrictions::ScopedAllowIO allow_io;
-
-  std::string relative_url(request.relative_url);
-  // A proxy request will have an absolute path. Simulate the proxy by stripping
-  // the scheme, host, and port.
-  GURL relative_gurl(relative_url);
-  if (relative_gurl.is_valid())
-    relative_url = relative_gurl.PathForRequest();
-
-  // Trim the first byte ('/').
-  std::string request_path = relative_url.substr(1);
-
-  // Remove the query string if present.
-  size_t query_pos = request_path.find('?');
-  if (query_pos != std::string::npos)
-    request_path = request_path.substr(0, query_pos);
-
-  base::FilePath file_path(server_root.AppendASCII(request_path));
-  std::string file_contents;
-  if (!base::ReadFileToString(file_path, &file_contents))
-    return scoped_ptr<HttpResponse>();
-
-  base::FilePath headers_path(
-      file_path.AddExtension(FILE_PATH_LITERAL("mock-http-headers")));
-
-  if (base::PathExists(headers_path)) {
-    std::string headers_contents;
-    if (!base::ReadFileToString(headers_path, &headers_contents))
-      return scoped_ptr<HttpResponse>();
-
-    scoped_ptr<CustomHttpResponse> http_response(
-        new CustomHttpResponse(headers_contents, file_contents));
-    return http_response.Pass();
-  }
-
-  scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse);
-  http_response->set_code(HTTP_OK);
-  http_response->set_content(file_contents);
-  return http_response.Pass();
-}
-
-}  // namespace
-
-EmbeddedTestServer::EmbeddedTestServer()
-    : connection_listener_(nullptr), port_(0) {
-  DCHECK(thread_checker_.CalledOnValidThread());
 }
 
 EmbeddedTestServer::~EmbeddedTestServer() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   if (Started() && !ShutdownAndWaitUntilComplete()) {
     LOG(ERROR) << "EmbeddedTestServer failed to shut down.";
   }
 }
 
 void EmbeddedTestServer::SetConnectionListener(
     EmbeddedTestServerConnectionListener* listener) {
   DCHECK(!Started());
   connection_listener_ = listener;
 }
 
-bool EmbeddedTestServer::InitializeAndWaitUntilReady() {
+bool EmbeddedTestServer::Start() {
   bool success = InitializeAndListen();
   if (!success)
     return false;
   StartAcceptingConnections();
   return true;
 }
 
+bool EmbeddedTestServer::InitializeAndWaitUntilReady() {
+  return Start();
+}
+
 bool EmbeddedTestServer::InitializeAndListen() {
   DCHECK(!Started());
 
   listen_socket_.reset(new TCPServerSocket(nullptr, NetLog::Source()));
 
   int result = listen_socket_->ListenWithAddressAndPort("127.0.0.1", 0, 10);
   if (result) {
     LOG(ERROR) << "Listen failed: " << ErrorToString(result);
     listen_socket_.reset();
     return false;
   }
 
   result = listen_socket_->GetLocalAddress(&local_endpoint_);
   if (result != OK) {
     LOG(ERROR) << "GetLocalAddress failed: " << ErrorToString(result);
     listen_socket_.reset();
     return false;
   }
 
-  base_url_ = GURL(std::string("http://") + local_endpoint_.ToString());
+  base_url_ = GURL("http://" + local_endpoint_.ToString());

[davidben, 2015/10/13 19:43:47]

Nit: I'd probably put this in an else.

[svaldez, 2015/10/13 20:54:43]

Done.

+  if (use_ssl_) {
+    base_url_ = GURL("https://" + local_endpoint_.ToString());
+    if (ssl_config_.server_cert == SSLServerConfig::CERT_MISMATCHED_NAME ||
+        ssl_config_.server_cert ==
+            SSLServerConfig::CERT_COMMON_NAME_IS_DOMAIN) {
+      base_url_ = GURL(
+          base::StringPrintf("https://localhost:%d", local_endpoint_.port()));
+    }
+  }
   port_ = local_endpoint_.port();
 
   listen_socket_->DetachFromThread();
   return true;
 }
 
 void EmbeddedTestServer::StartAcceptingConnections() {
   DCHECK(!io_thread_.get());
   base::Thread::Options thread_options;
   thread_options.message_loop_type = base::MessageLoop::TYPE_IO;
@@ skipping 20 matching lines @@
                                        connections_.end());
   connections_.clear();
 }
 
 void EmbeddedTestServer::HandleRequest(HttpConnection* connection,
                                        scoped_ptr<HttpRequest> request) {
   DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
 
   scoped_ptr<HttpResponse> response;
 
+  LOG(WARNING) << "Request incoming: " << request->relative_url;

[davidben, 2015/10/13 19:43:48]

Probably didn't mean to keep this line.

[svaldez, 2015/10/13 20:54:44]

Done.

   for (size_t i = 0; i < request_handlers_.size(); ++i) {
     response = request_handlers_[i].Run(*request);
     if (response)
       break;
   }
 
   if (!response) {
+    for (size_t i = 0; i < default_request_handlers_.size(); ++i) {
+      response = default_request_handlers_[i].Run(*request);
+      if (response)
+        break;
+    }
+  }
+
+  if (!response) {
     LOG(WARNING) << "Request not handled. Returning 404: "
                  << request->relative_url;
     scoped_ptr<BasicHttpResponse> not_found_response(new BasicHttpResponse);
     not_found_response->set_code(HTTP_NOT_FOUND);
     response = not_found_response.Pass();
   }
 
-  connection->SendResponse(response.Pass(),
-                           base::Bind(&EmbeddedTestServer::DidClose,
-                                      base::Unretained(this), connection));
+  response->SendResponse(
+      base::Bind(&HttpConnection::SendResponse, base::Unretained(connection)),
+      base::Bind(&EmbeddedTestServer::DidClose, base::Unretained(this),
+                 connection));
 }
 
 GURL EmbeddedTestServer::GetURL(const std::string& relative_url) const {
   DCHECK(Started()) << "You must start the server first.";
   DCHECK(base::StartsWith(relative_url, "/", base::CompareCase::SENSITIVE))
       << relative_url;
   return base_url_.Resolve(relative_url);
 }
 
 GURL EmbeddedTestServer::GetURL(
     const std::string& hostname,
     const std::string& relative_url) const {
   GURL local_url = GetURL(relative_url);
   GURL::Replacements replace_host;
   replace_host.SetHostStr(hostname);
   return local_url.ReplaceComponents(replace_host);
 }
 
 bool EmbeddedTestServer::GetAddressList(AddressList* address_list) const {
   *address_list = AddressList(local_endpoint_);
   return true;
 }
 
+std::string EmbeddedTestServer::GetCertificateName() const {
+  std::string cert_name;
+
+  switch (ssl_config_.server_cert) {
+    case SSLServerConfig::CERT_OK:
+    case SSLServerConfig::CERT_MISMATCHED_NAME:
+      cert_name = "ok_cert.pem";
+      break;
+    case SSLServerConfig::CERT_COMMON_NAME_IS_DOMAIN:
+      cert_name = "localhost_cert.pem";
+      break;
+    case SSLServerConfig::CERT_EXPIRED:
+      cert_name = "expired_cert.pem";
+      break;
+    case SSLServerConfig::CERT_CHAIN_WRONG_ROOT:
+      cert_name = "redundant-server-chain.pem";
+      break;
+    case SSLServerConfig::CERT_BAD_VALIDITY:
+      cert_name = "bad_validity.pem";
+      break;
+  }
+
+  return cert_name;
+}
+
+scoped_refptr<X509Certificate> EmbeddedTestServer::GetCertificate() const {
+  base::FilePath certs_dir(GetTestCertsDirectory());
+  return ImportCertFromFile(certs_dir, GetCertificateName());
+}
+
 void EmbeddedTestServer::ServeFilesFromDirectory(
     const base::FilePath& directory) {
   RegisterRequestHandler(base::Bind(&HandleFileRequest, directory));
 }
 
+void EmbeddedTestServer::ServeFilesFromSourceDirectory(
+    const std::string relative) {
+  base::FilePath test_data_dir;
+  if (PathService::Get(base::DIR_SOURCE_ROOT, &test_data_dir))
+    ServeFilesFromDirectory(test_data_dir.AppendASCII(relative));
+}
+
+void EmbeddedTestServer::ServeFilesFromSourceDirectory(
+    const base::FilePath& relative) {
+  base::FilePath test_data_dir;
+  if (PathService::Get(base::DIR_SOURCE_ROOT, &test_data_dir))
+    ServeFilesFromDirectory(test_data_dir.Append(relative));
+}
+
+void EmbeddedTestServer::AddDefaultHandlers(const base::FilePath& directory) {
+  RegisterDefaultHandlers(this);
+  ServeFilesFromSourceDirectory(directory);
+}
+
 void EmbeddedTestServer::RegisterRequestHandler(
     const HandleRequestCallback& callback) {
   request_handlers_.push_back(callback);
 }
 
+void EmbeddedTestServer::RegisterDefaultHandler(
+    const HandleRequestCallback& callback) {
+  default_request_handlers_.push_back(callback);
+}
+
+void EmbeddedTestServer::LoadTestSSLRoot() {
+  TestRootCerts* root_certs = TestRootCerts::GetInstance();
+  if (!root_certs)
+    return;
+  base::FilePath certs_dir(GetTestCertsDirectory());
+  root_certs->AddFromFile(certs_dir.AppendASCII("root_ca_cert.pem"));
+}
+
+scoped_ptr<StreamSocket> EmbeddedTestServer::DoSSLUpgrade(
+    scoped_ptr<StreamSocket> connection) {
+  DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
+
+  base::FilePath certs_dir(GetTestCertsDirectory());
+  std::string cert_name = GetCertificateName();
+  scoped_refptr<X509Certificate> server_cert = GetCertificate();
+
+  base::FilePath key_path = certs_dir.AppendASCII(cert_name);
+  std::string key_string;
+  DCHECK(base::ReadFileToString(key_path, &key_string));

[davidben, 2015/10/13 19:43:48]

If wrapped in a DCHECK, release builds won't even run this code. Could make this
return nullptr, or maybe return int and take a scoped_ptr<StreamSocket>* output
pointer. That or maybe a CHECK is fine since this is all test code.

[svaldez, 2015/10/13 20:54:44]

Done.

+  std::vector<std::string> headers;
+  headers.push_back("PRIVATE KEY");
+  PEMTokenizer pem_tok(key_string, headers);

[davidben, 2015/10/13 19:43:48]

Nit: pem_tokenizer

[svaldez, 2015/10/13 20:54:44]

Done.

+  pem_tok.GetNext();
+  std::vector<uint8> key_vector;

[davidben, 2015/10/13 19:43:47]

Nit: uint8_t for new code

[svaldez, 2015/10/13 20:54:44]

Done.

+  key_vector.assign(pem_tok.data().begin(), pem_tok.data().end());
+
+  scoped_ptr<crypto::RSAPrivateKey> server_key(
+      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
+
+  return CreateSSLServerSocket(connection.Pass(), server_cert.get(),
+                               server_key.get(), ssl_config_);
+}
+
 void EmbeddedTestServer::DoAcceptLoop() {
   int rv = OK;
   while (rv == OK) {
     rv = listen_socket_->Accept(
         &accepted_socket_, base::Bind(&EmbeddedTestServer::OnAcceptCompleted,
                                       base::Unretained(this)));
     if (rv == ERR_IO_PENDING)
       return;
     HandleAcceptResult(accepted_socket_.Pass());
   }
 }
 
 void EmbeddedTestServer::OnAcceptCompleted(int rv) {
   DCHECK_NE(ERR_IO_PENDING, rv);
   HandleAcceptResult(accepted_socket_.Pass());
   DoAcceptLoop();
 }
 
+void EmbeddedTestServer::OnHandshakeDone(HttpConnection* connection, int rv) {
+  if (connection->socket_->IsConnected()) {
+    ReadData(connection);
+  }

[davidben, 2015/10/13 19:43:48]

Nit: No curlies

[svaldez, 2015/10/13 20:54:44]

Done.

+}
+
 void EmbeddedTestServer::HandleAcceptResult(scoped_ptr<StreamSocket> socket) {
   DCHECK(io_thread_->task_runner()->BelongsToCurrentThread());
   if (connection_listener_)
     connection_listener_->AcceptedSocket(*socket);
 
+  if (use_ssl_) {
+    socket = DoSSLUpgrade(socket.Pass());
+  }

[davidben, 2015/10/13 19:43:47]

Nit: No curlies

[svaldez, 2015/10/13 20:54:44]

Done.

+
   HttpConnection* http_connection = new HttpConnection(
       socket.Pass(),
       base::Bind(&EmbeddedTestServer::HandleRequest, base::Unretained(this)));
   connections_[http_connection->socket_.get()] = http_connection;
 
-  ReadData(http_connection);
+  if (use_ssl_) {
+    SSLServerSocket* ssl_socket =
+        (SSLServerSocket*)http_connection->socket_.get();

[davidben, 2015/10/13 19:43:48]

static_cast<SSLServerSocket*>(....)

[svaldez, 2015/10/13 20:54:44]

Done.

+    int rv = ssl_socket->Handshake(
+        base::Bind(&EmbeddedTestServer::OnHandshakeDone, base::Unretained(this),
+                   http_connection));
+    if (rv != ERR_IO_PENDING) {
+      OnHandshakeDone(http_connection, rv);

[davidben, 2015/10/13 19:43:47]

Nit: no curlies

[svaldez, 2015/10/13 20:54:44]

Done.

+    }
+  } else {
+    ReadData(http_connection);
+  }
 }
 
 void EmbeddedTestServer::ReadData(HttpConnection* connection) {
   while (true) {
     int rv =
         connection->ReadData(base::Bind(&EmbeddedTestServer::OnReadCompleted,
                                         base::Unretained(this), connection));
     if (rv == ERR_IO_PENDING)
       return;
     if (!HandleReadResult(connection, rv))
@@ skipping 64 matching lines @@
                                                    run_loop.QuitClosure())) {
     return false;
   }
   run_loop.Run();
 
   return true;
 }
 
 }  // namespace test_server
 }  // namespace net