| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <math.h> // ceil | 7 #include <math.h> // ceil |
| 8 #include <stdarg.h> | 8 #include <stdarg.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 71 #include "net/socket/socket_test_util.h" | 71 #include "net/socket/socket_test_util.h" |
| 72 #include "net/socket/ssl_client_socket.h" | 72 #include "net/socket/ssl_client_socket.h" |
| 73 #include "net/spdy/spdy_framer.h" | 73 #include "net/spdy/spdy_framer.h" |
| 74 #include "net/spdy/spdy_session.h" | 74 #include "net/spdy/spdy_session.h" |
| 75 #include "net/spdy/spdy_session_pool.h" | 75 #include "net/spdy/spdy_session_pool.h" |
| 76 #include "net/spdy/spdy_test_util_common.h" | 76 #include "net/spdy/spdy_test_util_common.h" |
| 77 #include "net/ssl/ssl_cert_request_info.h" | 77 #include "net/ssl/ssl_cert_request_info.h" |
| 78 #include "net/ssl/ssl_config_service.h" | 78 #include "net/ssl/ssl_config_service.h" |
| 79 #include "net/ssl/ssl_config_service_defaults.h" | 79 #include "net/ssl/ssl_config_service_defaults.h" |
| 80 #include "net/ssl/ssl_info.h" | 80 #include "net/ssl/ssl_info.h" |
| 81 #include "net/ssl/ssl_private_key.h" |
| 81 #include "net/test/cert_test_util.h" | 82 #include "net/test/cert_test_util.h" |
| 82 #include "net/websockets/websocket_handshake_stream_base.h" | 83 #include "net/websockets/websocket_handshake_stream_base.h" |
| 83 #include "testing/gtest/include/gtest/gtest.h" | 84 #include "testing/gtest/include/gtest/gtest.h" |
| 84 #include "testing/platform_test.h" | 85 #include "testing/platform_test.h" |
| 85 #include "url/gurl.h" | 86 #include "url/gurl.h" |
| 86 | 87 |
| 87 using base::ASCIIToUTF16; | 88 using base::ASCIIToUTF16; |
| 88 | 89 |
| 89 //----------------------------------------------------------------------------- | 90 //----------------------------------------------------------------------------- |
| 90 | 91 |
| (...skipping 12045 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12136 | 12137 |
| 12137 // Complete the SSL handshake, which should abort due to requiring a | 12138 // Complete the SSL handshake, which should abort due to requiring a |
| 12138 // client certificate. | 12139 // client certificate. |
| 12139 rv = callback.WaitForResult(); | 12140 rv = callback.WaitForResult(); |
| 12140 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 12141 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 12141 | 12142 |
| 12142 // Indicate that no certificate should be supplied. From the perspective | 12143 // Indicate that no certificate should be supplied. From the perspective |
| 12143 // of SSLClientCertCache, NULL is just as meaningful as a real | 12144 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 12144 // certificate, so this is the same as supply a | 12145 // certificate, so this is the same as supply a |
| 12145 // legitimate-but-unacceptable certificate. | 12146 // legitimate-but-unacceptable certificate. |
| 12146 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 12147 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 12147 ASSERT_EQ(ERR_IO_PENDING, rv); | 12148 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 12148 | 12149 |
| 12149 // Ensure the certificate was added to the client auth cache before | 12150 // Ensure the certificate was added to the client auth cache before |
| 12150 // allowing the connection to continue restarting. | 12151 // allowing the connection to continue restarting. |
| 12151 scoped_refptr<X509Certificate> client_cert; | 12152 scoped_refptr<X509Certificate> client_cert; |
| 12153 scoped_refptr<SSLPrivateKey> client_private_key; |
| 12152 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 12154 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 12153 HostPortPair("www.example.com", 443), &client_cert)); | 12155 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12154 ASSERT_EQ(NULL, client_cert.get()); | 12156 ASSERT_EQ(NULL, client_cert.get()); |
| 12155 | 12157 |
| 12156 // Restart the handshake. This will consume ssl_data2, which fails, and | 12158 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 12157 // then consume ssl_data3 and ssl_data4, both of which should also fail. | 12159 // then consume ssl_data3 and ssl_data4, both of which should also fail. |
| 12158 // The result code is checked against what ssl_data4 should return. | 12160 // The result code is checked against what ssl_data4 should return. |
| 12159 rv = callback.WaitForResult(); | 12161 rv = callback.WaitForResult(); |
| 12160 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 12162 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 12161 | 12163 |
| 12162 // Ensure that the client certificate is removed from the cache on a | 12164 // Ensure that the client certificate is removed from the cache on a |
| 12163 // handshake failure. | 12165 // handshake failure. |
| 12164 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12166 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12165 HostPortPair("www.example.com", 443), &client_cert)); | 12167 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12166 } | 12168 } |
| 12167 | 12169 |
| 12168 // Ensure that a client certificate is removed from the SSL client auth | 12170 // Ensure that a client certificate is removed from the SSL client auth |
| 12169 // cache when: | 12171 // cache when: |
| 12170 // 1) No proxy is involved. | 12172 // 1) No proxy is involved. |
| 12171 // 2) TLS False Start is enabled. | 12173 // 2) TLS False Start is enabled. |
| 12172 // 3) The initial TLS handshake requests a client certificate. | 12174 // 3) The initial TLS handshake requests a client certificate. |
| 12173 // 4) The client supplies an invalid/unacceptable certificate. | 12175 // 4) The client supplies an invalid/unacceptable certificate. |
| 12174 TEST_P(HttpNetworkTransactionTest, | 12176 TEST_P(HttpNetworkTransactionTest, |
| 12175 ClientAuthCertCache_Direct_FalseStart) { | 12177 ClientAuthCertCache_Direct_FalseStart) { |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12253 | 12255 |
| 12254 // Complete the SSL handshake, which should abort due to requiring a | 12256 // Complete the SSL handshake, which should abort due to requiring a |
| 12255 // client certificate. | 12257 // client certificate. |
| 12256 rv = callback.WaitForResult(); | 12258 rv = callback.WaitForResult(); |
| 12257 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 12259 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 12258 | 12260 |
| 12259 // Indicate that no certificate should be supplied. From the perspective | 12261 // Indicate that no certificate should be supplied. From the perspective |
| 12260 // of SSLClientCertCache, NULL is just as meaningful as a real | 12262 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 12261 // certificate, so this is the same as supply a | 12263 // certificate, so this is the same as supply a |
| 12262 // legitimate-but-unacceptable certificate. | 12264 // legitimate-but-unacceptable certificate. |
| 12263 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 12265 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 12264 ASSERT_EQ(ERR_IO_PENDING, rv); | 12266 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 12265 | 12267 |
| 12266 // Ensure the certificate was added to the client auth cache before | 12268 // Ensure the certificate was added to the client auth cache before |
| 12267 // allowing the connection to continue restarting. | 12269 // allowing the connection to continue restarting. |
| 12268 scoped_refptr<X509Certificate> client_cert; | 12270 scoped_refptr<X509Certificate> client_cert; |
| 12271 scoped_refptr<SSLPrivateKey> client_private_key; |
| 12269 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 12272 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 12270 HostPortPair("www.example.com", 443), &client_cert)); | 12273 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12271 ASSERT_EQ(NULL, client_cert.get()); | 12274 ASSERT_EQ(NULL, client_cert.get()); |
| 12272 | 12275 |
| 12273 // Restart the handshake. This will consume ssl_data2, which fails, and | 12276 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 12274 // then consume ssl_data3 and ssl_data4, both of which should also fail. | 12277 // then consume ssl_data3 and ssl_data4, both of which should also fail. |
| 12275 // The result code is checked against what ssl_data4 should return. | 12278 // The result code is checked against what ssl_data4 should return. |
| 12276 rv = callback.WaitForResult(); | 12279 rv = callback.WaitForResult(); |
| 12277 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 12280 ASSERT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 12278 | 12281 |
| 12279 // Ensure that the client certificate is removed from the cache on a | 12282 // Ensure that the client certificate is removed from the cache on a |
| 12280 // handshake failure. | 12283 // handshake failure. |
| 12281 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12284 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12282 HostPortPair("www.example.com", 443), &client_cert)); | 12285 HostPortPair("www.example.com", 443), &client_cert, &client_private_key)); |
| 12283 } | 12286 } |
| 12284 | 12287 |
| 12285 // Ensure that a client certificate is removed from the SSL client auth | 12288 // Ensure that a client certificate is removed from the SSL client auth |
| 12286 // cache when: | 12289 // cache when: |
| 12287 // 1) An HTTPS proxy is involved. | 12290 // 1) An HTTPS proxy is involved. |
| 12288 // 3) The HTTPS proxy requests a client certificate. | 12291 // 3) The HTTPS proxy requests a client certificate. |
| 12289 // 4) The client supplies an invalid/unacceptable certificate for the | 12292 // 4) The client supplies an invalid/unacceptable certificate for the |
| 12290 // proxy. | 12293 // proxy. |
| 12291 // The test is repeated twice, first for connecting to an HTTPS endpoint, | 12294 // The test is repeated twice, first for connecting to an HTTPS endpoint, |
| 12292 // then for connecting to an HTTP endpoint. | 12295 // then for connecting to an HTTP endpoint. |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 12345 | 12348 |
| 12346 // Complete the SSL handshake, which should abort due to requiring a | 12349 // Complete the SSL handshake, which should abort due to requiring a |
| 12347 // client certificate. | 12350 // client certificate. |
| 12348 rv = callback.WaitForResult(); | 12351 rv = callback.WaitForResult(); |
| 12349 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 12352 ASSERT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 12350 | 12353 |
| 12351 // Indicate that no certificate should be supplied. From the perspective | 12354 // Indicate that no certificate should be supplied. From the perspective |
| 12352 // of SSLClientCertCache, NULL is just as meaningful as a real | 12355 // of SSLClientCertCache, NULL is just as meaningful as a real |
| 12353 // certificate, so this is the same as supply a | 12356 // certificate, so this is the same as supply a |
| 12354 // legitimate-but-unacceptable certificate. | 12357 // legitimate-but-unacceptable certificate. |
| 12355 rv = trans->RestartWithCertificate(NULL, callback.callback()); | 12358 rv = trans->RestartWithCertificate(NULL, NULL, callback.callback()); |
| 12356 ASSERT_EQ(ERR_IO_PENDING, rv); | 12359 ASSERT_EQ(ERR_IO_PENDING, rv); |
| 12357 | 12360 |
| 12358 // Ensure the certificate was added to the client auth cache before | 12361 // Ensure the certificate was added to the client auth cache before |
| 12359 // allowing the connection to continue restarting. | 12362 // allowing the connection to continue restarting. |
| 12360 scoped_refptr<X509Certificate> client_cert; | 12363 scoped_refptr<X509Certificate> client_cert; |
| 12364 scoped_refptr<SSLPrivateKey> client_private_key; |
| 12361 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( | 12365 ASSERT_TRUE(session->ssl_client_auth_cache()->Lookup( |
| 12362 HostPortPair("proxy", 70), &client_cert)); | 12366 HostPortPair("proxy", 70), &client_cert, &client_private_key)); |
| 12363 ASSERT_EQ(NULL, client_cert.get()); | 12367 ASSERT_EQ(NULL, client_cert.get()); |
| 12364 // Ensure the certificate was NOT cached for the endpoint. This only | 12368 // Ensure the certificate was NOT cached for the endpoint. This only |
| 12365 // applies to HTTPS requests, but is fine to check for HTTP requests. | 12369 // applies to HTTPS requests, but is fine to check for HTTP requests. |
| 12366 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12370 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12367 HostPortPair("www.example.com", 443), &client_cert)); | 12371 HostPortPair("www.example.com", 443), &client_cert, |
| 12372 &client_private_key)); |
| 12368 | 12373 |
| 12369 // Restart the handshake. This will consume ssl_data2, which fails, and | 12374 // Restart the handshake. This will consume ssl_data2, which fails, and |
| 12370 // then consume ssl_data3, which should also fail. The result code is | 12375 // then consume ssl_data3, which should also fail. The result code is |
| 12371 // checked against what ssl_data3 should return. | 12376 // checked against what ssl_data3 should return. |
| 12372 rv = callback.WaitForResult(); | 12377 rv = callback.WaitForResult(); |
| 12373 ASSERT_EQ(ERR_PROXY_CONNECTION_FAILED, rv); | 12378 ASSERT_EQ(ERR_PROXY_CONNECTION_FAILED, rv); |
| 12374 | 12379 |
| 12375 // Now that the new handshake has failed, ensure that the client | 12380 // Now that the new handshake has failed, ensure that the client |
| 12376 // certificate was removed from the client auth cache. | 12381 // certificate was removed from the client auth cache. |
| 12377 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12382 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12378 HostPortPair("proxy", 70), &client_cert)); | 12383 HostPortPair("proxy", 70), &client_cert, &client_private_key)); |
| 12379 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( | 12384 ASSERT_FALSE(session->ssl_client_auth_cache()->Lookup( |
| 12380 HostPortPair("www.example.com", 443), &client_cert)); | 12385 HostPortPair("www.example.com", 443), &client_cert, |
| 12386 &client_private_key)); |
| 12381 } | 12387 } |
| 12382 } | 12388 } |
| 12383 | 12389 |
| 12384 TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) { | 12390 TEST_P(HttpNetworkTransactionTest, UseIPConnectionPooling) { |
| 12385 session_deps_.use_alternative_services = true; | 12391 session_deps_.use_alternative_services = true; |
| 12386 session_deps_.next_protos = SpdyNextProtos(); | 12392 session_deps_.next_protos = SpdyNextProtos(); |
| 12387 | 12393 |
| 12388 // Set up a special HttpNetworkSession with a MockCachingHostResolver. | 12394 // Set up a special HttpNetworkSession with a MockCachingHostResolver. |
| 12389 session_deps_.host_resolver.reset(new MockCachingHostResolver()); | 12395 session_deps_.host_resolver.reset(new MockCachingHostResolver()); |
| 12390 scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); | 12396 scoped_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); |
| (...skipping 2976 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 15367 std::string response_data; | 15373 std::string response_data; |
| 15368 EXPECT_EQ(OK, ReadTransaction(trans.get(), &response_data)); | 15374 EXPECT_EQ(OK, ReadTransaction(trans.get(), &response_data)); |
| 15369 | 15375 |
| 15370 EXPECT_EQ(CountWriteBytes(data_writes, arraysize(data_writes)), | 15376 EXPECT_EQ(CountWriteBytes(data_writes, arraysize(data_writes)), |
| 15371 trans->GetTotalSentBytes()); | 15377 trans->GetTotalSentBytes()); |
| 15372 EXPECT_EQ(CountReadBytes(data_reads, arraysize(data_reads)), | 15378 EXPECT_EQ(CountReadBytes(data_reads, arraysize(data_reads)), |
| 15373 trans->GetTotalReceivedBytes()); | 15379 trans->GetTotalReceivedBytes()); |
| 15374 } | 15380 } |
| 15375 | 15381 |
| 15376 } // namespace net | 15382 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1422573008:
Plumbing SSLPrivateKey (//net) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master