Chromium Code Reviews Chromium Code Reviews
Issue 1696563002:
Blimp: add support for SSL connections. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: blimp/client/session/assignment_source_unittest.cc |
| diff --git a/blimp/client/session/assignment_source_unittest.cc b/blimp/client/session/assignment_source_unittest.cc |
| index d893ae3d3a79b4e342b233957b7215cd212e7e16..34f6295e8f92581432933d59aae84360f4a6c973 100644 |
| --- a/blimp/client/session/assignment_source_unittest.cc |
| +++ b/blimp/client/session/assignment_source_unittest.cc |
| @@ -5,6 +5,7 @@ |
| #include "blimp/client/session/assignment_source.h" |
| #include "base/command_line.h" |
| +#include "base/files/file_path.h" |
| #include "base/json/json_reader.h" |
| #include "base/json/json_writer.h" |
| #include "base/test/test_simple_task_runner.h" |
| @@ -17,44 +18,90 @@ |
| #include "testing/gtest/include/gtest/gtest.h" |
| using testing::_; |
| +using testing::DoAll; |
| using testing::InSequence; |
| +using testing::NotNull; |
| +using testing::Return; |
| +using testing::SetArgPointee; |
| namespace blimp { |
| namespace client { |
| namespace { |
| +const char kCertificatePEMEncoded[] = |
| + "-----BEGIN CERTIFICATE-----\n" |
| + "MIIDNzCCAh+gAwIBAgIJAM6Wyzih3bLNMA0GCSqGSIb3DQEBCwUAMDIxEjAQBgNV\n" |
| + "BAMMCWtldmluLmNvbTEPMA0GA1UECgwGR29vZ2xlMQswCQYDVQQGEwJVUzAeFw0x\n" |
| + "NjAyMTkyMTU3NDZaFw0xNzAyMTgyMTU3NDZaMDIxEjAQBgNVBAMMCWtldmluLmNv\n" |
| + "bTEPMA0GA1UECgwGR29vZ2xlMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB\n" |
| + "BQADggEPADCCAQoCggEBALTLD9KDNKM5qSLzYct+zndPB8cFCtOIbvW7LFlwLqm7\n" |
| + "w2xTOaaWhMPcbWJAo5Z+93q+vwNuNaenuENnKiJ7HFX0nyBUXjOSh8ds5JAA8+MW\n" |
| + "qFM5r/+/Ww9mH3/Yhta/bzTIrt35SMclfcytH1YfACDenXNxYPA+GqFfcZnx7eat\n" |
| + "Af0EvMi375Xf2qCROghuDfaPeY6FnqVNHhqFCB79f8UQmciO2cJsI3vMSLSAfoXQ\n" |
| + "g3Fl4m6Q0PYFKPLECVxh9FLdqlAMBgxJIM2XhLXqR9qbrpCUlq/BVa2kmLcY061E\n" |
| + "maTlrjVbtgqm5xJzXyCV1ZNBIdmfBZbO/OOOf4UFDgcCAwEAAaNQME4wHQYDVR0O\n" |
| + "BBYEFCvDRIJ15+pept6O/OdVnNChxk8WMB8GA1UdIwQYMBaAFCvDRIJ15+pept6O\n" |
| + "/OdVnNChxk8WMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI+fgjIl\n" |
| + "s0QFFAw+6lupC5BkFwXp5kgnD80mbvq9jeCmd8Rzs46XhI1CsKtODNRpjcqKAakW\n" |
| + "PPIMExT1kUpHrbzs4fMbEPTYQryjRk29UNV6gPm264XHJNzOfh4vvV2u8F1Glb5j\n" |
| + "Lcipt9+jGFMTcSRZ6fUtAaSl0LxXTCyzqQb86IQgxxWkW61ow99D+I/x1U+gE/w1\n" |
| + "8NfudsmClORGinEwy5ZepmwQHDZjpnwauLoJuo3TbTLj6BY4AFPS+VD1ySvec6Lk\n" |
| + "OkI7+7+kmbrqn0OJKIUVtw/0t9qMyPH+B87uyvgSd3J/xURnPEnIbpmrqM3bAdP6\n" |
| + "j05XNhHVBefITMI=\n" |
| + "-----END CERTIFICATE-----"; |
| + |
| +const char kCertPath[] = "/path/to/cert.pem"; |
| + |
| MATCHER_P(AssignmentEquals, assignment, "") { |
| return arg.transport_protocol == assignment.transport_protocol && |
| arg.ip_endpoint == assignment.ip_endpoint && |
| arg.client_token == assignment.client_token && |
| - arg.certificate == assignment.certificate && |
| - arg.certificate_fingerprint == assignment.certificate_fingerprint; |
| + (!assignment.cert || arg.cert->Equals(assignment.cert.get())); |
| } |
| +class MockFileReader : public FileReader { |
|
Ryan Sleevi
2016/02/23 00:49:45
If this is the whole reason for abstracting the Fi
Kevin M
2016/02/23 01:58:25
Done.
|
| + public: |
| + MockFileReader() {} |
| + ~MockFileReader() override {} |
| + |
| + MOCK_METHOD2(ReadFileToString, |
| + bool(const base::FilePath& path, std::string* output)); |
| +}; |
| + |
| net::IPEndPoint BuildIPEndPoint(const std::string& ip, int port) { |
| net::IPAddress ip_address; |
| EXPECT_TRUE(ip_address.AssignFromIPLiteral(ip)); |
| - |
| return net::IPEndPoint(ip_address, port); |
| } |
| +scoped_refptr<net::X509Certificate> ParseCert(const std::string& cert_str) { |
| + net::CertificateList cert_list = |
| + net::X509Certificate::CreateCertificateListFromBytes( |
| + kCertificatePEMEncoded, arraysize(kCertificatePEMEncoded), |
| + net::X509Certificate::FORMAT_PEM_CERT_SEQUENCE); |
| + CHECK_EQ(1u, cert_list.size()); |
|
Ryan Sleevi
2016/02/23 00:49:45
Seems like this is duplicating logic/preconditions
Kevin M
2016/02/23 01:58:25
This seems pretty trivial to me, and PEM certifica
|
| + return cert_list[0]; |
| +} |
| + |
| Assignment BuildValidAssignment() { |
| Assignment assignment; |
| assignment.transport_protocol = Assignment::TransportProtocol::SSL; |
| assignment.ip_endpoint = BuildIPEndPoint("100.150.200.250", 500); |
| assignment.client_token = "SecretT0kenz"; |
| - assignment.certificate_fingerprint = "WhaleWhaleWhale"; |
| - assignment.certificate = "whaaaaaaaaaaaaale"; |
| + assignment.cert = ParseCert(kCertificatePEMEncoded); |
| return assignment; |
| } |
| -std::string BuildResponseFromAssignment(const Assignment& assignment) { |
| +// Builds simulated JSON response from the Assigner service. |
| +// |assignment|: The Assignment to convert. |
| +// |expected_cert_str|: The PEM encoded certificate to include in the response. |
| +std::string BuildResponseFromAssignment(const Assignment& assignment, |
| + const std::string& expected_cert_str) { |
| base::DictionaryValue dict; |
| dict.SetString("clientToken", assignment.client_token); |
| dict.SetString("host", assignment.ip_endpoint.address().ToString()); |
| dict.SetInteger("port", assignment.ip_endpoint.port()); |
| - dict.SetString("certificateFingerprint", assignment.certificate_fingerprint); |
| - dict.SetString("certificate", assignment.certificate); |
| + dict.SetString("certificate", expected_cert_str); |
| std::string json; |
| base::JSONWriter::Write(dict, &json); |
| @@ -66,7 +113,11 @@ class AssignmentSourceTest : public testing::Test { |
| AssignmentSourceTest() |
| : task_runner_(new base::TestSimpleTaskRunner), |
| task_runner_handle_(task_runner_), |
| - source_(task_runner_, task_runner_) {} |
| + source_(task_runner_) { |
| + scoped_ptr<MockFileReader> mock_reader(new MockFileReader); |
| + mock_reader_ = mock_reader.get(); |
| + source_.SetFileReaderForTest(std::move(mock_reader)); |
| + } |
| // This expects the AssignmentSource::GetAssignment to return a custom |
| // endpoint without having to hit the network. This will typically be used |
| @@ -90,11 +141,10 @@ class AssignmentSourceTest : public testing::Test { |
| source_.GetAssignment(client_auth_token, |
| base::Bind(&AssignmentSourceTest::AssignmentResponse, |
| base::Unretained(this))); |
| + task_runner_->RunUntilIdle(); |
| net::TestURLFetcher* fetcher = factory_.GetFetcherByID(0); |
| - task_runner_->RunUntilIdle(); |
| - |
| EXPECT_NE(nullptr, fetcher); |
| EXPECT_EQ(kDefaultAssignerURL, fetcher->GetOriginalURL().spec()); |
| @@ -132,6 +182,8 @@ class AssignmentSourceTest : public testing::Test { |
| void(AssignmentSource::Result, const Assignment&)); |
| protected: |
| + MockFileReader* mock_reader_; |
| + |
| // Used to drive all AssignmentSource tasks. |
| scoped_refptr<base::TestSimpleTaskRunner> task_runner_; |
| base::ThreadTaskRunnerHandle task_runner_handle_; |
| @@ -146,9 +198,10 @@ TEST_F(AssignmentSourceTest, TestTCPAlternateEndpointSuccess) { |
| assignment.transport_protocol = Assignment::TransportProtocol::TCP; |
| assignment.ip_endpoint = BuildIPEndPoint("100.150.200.250", 500); |
| assignment.client_token = kDummyClientToken; |
| + assignment.cert = scoped_refptr<net::X509Certificate>(nullptr); |
| base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| - switches::kBlimpletEndpoint, "tcp:100.150.200.250:500"); |
| + switches::kEngineEndpoint, "tcp:100.150.200.250:500"); |
| EXPECT_CALL(*this, AssignmentResponse(AssignmentSource::Result::RESULT_OK, |
| AssignmentEquals(assignment))) |
| @@ -162,10 +215,16 @@ TEST_F(AssignmentSourceTest, TestSSLAlternateEndpointSuccess) { |
| assignment.transport_protocol = Assignment::TransportProtocol::SSL; |
| assignment.ip_endpoint = BuildIPEndPoint("100.150.200.250", 500); |
| assignment.client_token = kDummyClientToken; |
| + assignment.cert = ParseCert(kCertificatePEMEncoded); |
| base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| - switches::kBlimpletEndpoint, "ssl:100.150.200.250:500"); |
| + switches::kEngineEndpoint, "ssl:100.150.200.250:500"); |
| + base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| + switches::kEngineCertPath, kCertPath); |
| + EXPECT_CALL(*mock_reader_, |
| + ReadFileToString(base::FilePath(kCertPath), NotNull())) |
| + .WillOnce(DoAll(SetArgPointee<1>(kCertificatePEMEncoded), Return(true))); |
| EXPECT_CALL(*this, AssignmentResponse(AssignmentSource::Result::RESULT_OK, |
| AssignmentEquals(assignment))) |
| .Times(1); |
| @@ -178,10 +237,16 @@ TEST_F(AssignmentSourceTest, TestQUICAlternateEndpointSuccess) { |
| assignment.transport_protocol = Assignment::TransportProtocol::QUIC; |
| assignment.ip_endpoint = BuildIPEndPoint("100.150.200.250", 500); |
| assignment.client_token = kDummyClientToken; |
| + assignment.cert = ParseCert(kCertificatePEMEncoded); |
| base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| - switches::kBlimpletEndpoint, "quic:100.150.200.250:500"); |
| + switches::kEngineEndpoint, "quic:100.150.200.250:500"); |
| + base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| + switches::kEngineCertPath, kCertPath); |
| + EXPECT_CALL(*mock_reader_, |
| + ReadFileToString(base::FilePath(kCertPath), NotNull())) |
| + .WillOnce(DoAll(SetArgPointee<1>(kCertificatePEMEncoded), Return(true))); |
| EXPECT_CALL(*this, AssignmentResponse(AssignmentSource::Result::RESULT_OK, |
| AssignmentEquals(assignment))) |
| .Times(1); |
| @@ -197,7 +262,8 @@ TEST_F(AssignmentSourceTest, TestSuccess) { |
| .Times(1); |
| GetNetworkAssignmentAndWaitForResponse( |
| - net::HTTP_OK, net::Error::OK, BuildResponseFromAssignment(assignment), |
| + net::HTTP_OK, net::Error::OK, |
| + BuildResponseFromAssignment(assignment, kCertificatePEMEncoded), |
| "UserAuthT0kenz", kEngineVersion); |
| } |
| @@ -221,7 +287,8 @@ TEST_F(AssignmentSourceTest, TestSecondRequestInterruptsFirst) { |
| .RetiresOnSaturation(); |
| GetNetworkAssignmentAndWaitForResponse( |
| - net::HTTP_OK, net::Error::OK, BuildResponseFromAssignment(assignment), |
| + net::HTTP_OK, net::Error::OK, |
| + BuildResponseFromAssignment(assignment, kCertificatePEMEncoded), |
| "UserAuthT0kenz", kEngineVersion); |
| } |
| @@ -244,7 +311,8 @@ TEST_F(AssignmentSourceTest, TestValidAfterError) { |
| "", "UserAuthT0kenz", kEngineVersion); |
| GetNetworkAssignmentAndWaitForResponse( |
| - net::HTTP_OK, net::Error::OK, BuildResponseFromAssignment(assignment), |
| + net::HTTP_OK, net::Error::OK, |
| + BuildResponseFromAssignment(assignment, kCertificatePEMEncoded), |
| "UserAuthT0kenz", kEngineVersion); |
| } |
| @@ -306,7 +374,8 @@ TEST_F(AssignmentSourceTest, TestInvalidJsonResponse) { |
| Assignment assignment = BuildValidAssignment(); |
| // Remove half the response. |
| - std::string response = BuildResponseFromAssignment(assignment); |
| + std::string response = |
| + BuildResponseFromAssignment(assignment, kCertificatePEMEncoded); |
| response = response.substr(response.size() / 2); |
| EXPECT_CALL(*this, AssignmentResponse( |
| @@ -320,7 +389,6 @@ TEST_F(AssignmentSourceTest, TestMissingResponsePort) { |
| base::DictionaryValue dict; |
| dict.SetString("clientToken", "SecretT0kenz"); |
| dict.SetString("host", "happywhales"); |
| - dict.SetString("certificateFingerprint", "WhaleWhaleWhale"); |
| dict.SetString("certificate", "whaaaaaaaaaaaaale"); |
| std::string response; |
| @@ -338,7 +406,6 @@ TEST_F(AssignmentSourceTest, TestInvalidIPAddress) { |
| dict.SetString("clientToken", "SecretT0kenz"); |
| dict.SetString("host", "happywhales"); |
| dict.SetInteger("port", 500); |
| - dict.SetString("certificateFingerprint", "WhaleWhaleWhale"); |
| dict.SetString("certificate", "whaaaaaaaaaaaaale"); |
| std::string response; |
| @@ -350,6 +417,37 @@ TEST_F(AssignmentSourceTest, TestInvalidIPAddress) { |
| "UserAuthT0kenz", kEngineVersion); |
| } |
| +TEST_F(AssignmentSourceTest, TestMissingCert) { |
| + base::DictionaryValue dict; |
| + dict.SetString("clientToken", "SecretT0kenz"); |
| + dict.SetString("host", "127.0.0.1"); |
| + dict.SetInteger("port", 500); |
| + |
| + std::string response; |
| + base::JSONWriter::Write(dict, &response); |
| + |
| + EXPECT_CALL(*this, AssignmentResponse( |
| + AssignmentSource::Result::RESULT_BAD_RESPONSE, _)); |
| + GetNetworkAssignmentAndWaitForResponse(net::HTTP_OK, net::Error::OK, response, |
| + "UserAuthT0kenz", kEngineVersion); |
| +} |
| + |
| +TEST_F(AssignmentSourceTest, TestInvalidCert) { |
| + base::DictionaryValue dict; |
| + dict.SetString("clientToken", "SecretT0kenz"); |
| + dict.SetString("host", "127.0.0.1"); |
| + dict.SetInteger("port", 500); |
| + dict.SetString("certificate", "h4x0r c3r7"); |
| + |
| + std::string response; |
| + base::JSONWriter::Write(dict, &response); |
| + |
| + EXPECT_CALL(*this, AssignmentResponse( |
| + AssignmentSource::Result::RESULT_INVALID_CERT, _)); |
| + GetNetworkAssignmentAndWaitForResponse(net::HTTP_OK, net::Error::OK, response, |
| + "UserAuthT0kenz", kEngineVersion); |
| +} |
| + |
| } // namespace |
| } // namespace client |
| } // namespace blimp |
