OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This test suite uses SSLClientSocket to test the implementation of | 5 // This test suite uses SSLClientSocket to test the implementation of |
6 // SSLServerSocket. In order to establish connections between the sockets | 6 // SSLServerSocket. In order to establish connections between the sockets |
7 // we need two additional classes: | 7 // we need two additional classes: |
8 // 1. FakeSocket | 8 // 1. FakeSocket |
9 // Connects SSL socket to FakeDataChannel. This class is just a stub. | 9 // Connects SSL socket to FakeDataChannel. This class is just a stub. |
10 // | 10 // |
11 // 2. FakeDataChannel | 11 // 2. FakeDataChannel |
12 // Implements the actual exchange of data between two FakeSockets. | 12 // Implements the actual exchange of data between two FakeSockets. |
13 // | 13 // |
14 // Implementations of these two classes are included in this file. | 14 // Implementations of these two classes are included in this file. |
15 | 15 |
16 #include "net/socket/ssl_server_socket.h" | 16 #include "net/socket/ssl_server_socket.h" |
17 | 17 |
18 #include <stdint.h> | 18 #include <stdint.h> |
19 #include <stdlib.h> | 19 #include <stdlib.h> |
20 #include <queue> | 20 #include <queue> |
21 #include <utility> | 21 #include <utility> |
22 | 22 |
| 23 #include <openssl/evp.h> |
| 24 #include <openssl/ssl.h> |
| 25 #include <openssl/x509.h> |
| 26 |
23 #include "base/callback_helpers.h" | 27 #include "base/callback_helpers.h" |
24 #include "base/compiler_specific.h" | 28 #include "base/compiler_specific.h" |
25 #include "base/files/file_path.h" | 29 #include "base/files/file_path.h" |
26 #include "base/files/file_util.h" | 30 #include "base/files/file_util.h" |
27 #include "base/location.h" | 31 #include "base/location.h" |
28 #include "base/logging.h" | 32 #include "base/logging.h" |
29 #include "base/macros.h" | 33 #include "base/macros.h" |
30 #include "base/message_loop/message_loop.h" | 34 #include "base/message_loop/message_loop.h" |
31 #include "base/single_thread_task_runner.h" | 35 #include "base/single_thread_task_runner.h" |
32 #include "base/thread_task_runner_handle.h" | 36 #include "base/thread_task_runner_handle.h" |
(...skipping 25 matching lines...) Expand all Loading... |
58 #include "net/ssl/ssl_cipher_suite_names.h" | 62 #include "net/ssl/ssl_cipher_suite_names.h" |
59 #include "net/ssl/ssl_connection_status_flags.h" | 63 #include "net/ssl/ssl_connection_status_flags.h" |
60 #include "net/ssl/ssl_info.h" | 64 #include "net/ssl/ssl_info.h" |
61 #include "net/ssl/ssl_private_key.h" | 65 #include "net/ssl/ssl_private_key.h" |
62 #include "net/ssl/ssl_server_config.h" | 66 #include "net/ssl/ssl_server_config.h" |
63 #include "net/ssl/test_ssl_private_key.h" | 67 #include "net/ssl/test_ssl_private_key.h" |
64 #include "net/test/cert_test_util.h" | 68 #include "net/test/cert_test_util.h" |
65 #include "testing/gtest/include/gtest/gtest.h" | 69 #include "testing/gtest/include/gtest/gtest.h" |
66 #include "testing/platform_test.h" | 70 #include "testing/platform_test.h" |
67 | 71 |
68 #if defined(USE_OPENSSL) | |
69 #include <openssl/evp.h> | |
70 #include <openssl/ssl.h> | |
71 #include <openssl/x509.h> | |
72 #endif | |
73 | |
74 namespace net { | 72 namespace net { |
75 | 73 |
76 namespace { | 74 namespace { |
77 | 75 |
78 const char kClientCertFileName[] = "client_1.pem"; | 76 const char kClientCertFileName[] = "client_1.pem"; |
79 const char kClientPrivateKeyFileName[] = "client_1.pk8"; | 77 const char kClientPrivateKeyFileName[] = "client_1.pk8"; |
80 const char kWrongClientCertFileName[] = "client_2.pem"; | 78 const char kWrongClientCertFileName[] = "client_2.pem"; |
81 const char kWrongClientPrivateKeyFileName[] = "client_2.pk8"; | 79 const char kWrongClientPrivateKeyFileName[] = "client_2.pk8"; |
82 const char kClientCertCAFileName[] = "client_1_ca.pem"; | 80 const char kClientCertCAFileName[] = "client_1_ca.pem"; |
83 | 81 |
(...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
390 client_socket_ = socket_factory_->CreateSSLClientSocket( | 388 client_socket_ = socket_factory_->CreateSSLClientSocket( |
391 std::move(client_connection), host_and_pair, client_ssl_config_, | 389 std::move(client_connection), host_and_pair, client_ssl_config_, |
392 context); | 390 context); |
393 ASSERT_TRUE(client_socket_); | 391 ASSERT_TRUE(client_socket_); |
394 | 392 |
395 server_socket_ = | 393 server_socket_ = |
396 server_context_->CreateSSLServerSocket(std::move(server_socket)); | 394 server_context_->CreateSSLServerSocket(std::move(server_socket)); |
397 ASSERT_TRUE(server_socket_); | 395 ASSERT_TRUE(server_socket_); |
398 } | 396 } |
399 | 397 |
400 #if defined(USE_OPENSSL) | |
401 void ConfigureClientCertsForClient(const char* cert_file_name, | 398 void ConfigureClientCertsForClient(const char* cert_file_name, |
402 const char* private_key_file_name) { | 399 const char* private_key_file_name) { |
403 client_ssl_config_.send_client_cert = true; | 400 client_ssl_config_.send_client_cert = true; |
404 client_ssl_config_.client_cert = | 401 client_ssl_config_.client_cert = |
405 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name); | 402 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name); |
406 ASSERT_TRUE(client_ssl_config_.client_cert); | 403 ASSERT_TRUE(client_ssl_config_.client_cert); |
407 | 404 |
408 std::unique_ptr<crypto::RSAPrivateKey> key = | 405 std::unique_ptr<crypto::RSAPrivateKey> key = |
409 ReadTestKey(private_key_file_name); | 406 ReadTestKey(private_key_file_name); |
410 ASSERT_TRUE(key); | 407 ASSERT_TRUE(key); |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
451 if (!base::ReadFileToString(key_path, &key_string)) | 448 if (!base::ReadFileToString(key_path, &key_string)) |
452 return nullptr; | 449 return nullptr; |
453 std::vector<uint8_t> key_vector( | 450 std::vector<uint8_t> key_vector( |
454 reinterpret_cast<const uint8_t*>(key_string.data()), | 451 reinterpret_cast<const uint8_t*>(key_string.data()), |
455 reinterpret_cast<const uint8_t*>(key_string.data() + | 452 reinterpret_cast<const uint8_t*>(key_string.data() + |
456 key_string.length())); | 453 key_string.length())); |
457 std::unique_ptr<crypto::RSAPrivateKey> key( | 454 std::unique_ptr<crypto::RSAPrivateKey> key( |
458 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); | 455 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); |
459 return key; | 456 return key; |
460 } | 457 } |
461 #endif | |
462 | 458 |
463 std::unique_ptr<FakeDataChannel> channel_1_; | 459 std::unique_ptr<FakeDataChannel> channel_1_; |
464 std::unique_ptr<FakeDataChannel> channel_2_; | 460 std::unique_ptr<FakeDataChannel> channel_2_; |
465 SSLConfig client_ssl_config_; | 461 SSLConfig client_ssl_config_; |
466 SSLServerConfig server_ssl_config_; | 462 SSLServerConfig server_ssl_config_; |
467 std::unique_ptr<SSLClientSocket> client_socket_; | 463 std::unique_ptr<SSLClientSocket> client_socket_; |
468 std::unique_ptr<SSLServerSocket> server_socket_; | 464 std::unique_ptr<SSLServerSocket> server_socket_; |
469 ClientSocketFactory* socket_factory_; | 465 ClientSocketFactory* socket_factory_; |
470 std::unique_ptr<MockCertVerifier> cert_verifier_; | 466 std::unique_ptr<MockCertVerifier> cert_verifier_; |
471 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_; | 467 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_; |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
513 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); | 509 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); |
514 const char* key_exchange; | 510 const char* key_exchange; |
515 const char* cipher; | 511 const char* cipher; |
516 const char* mac; | 512 const char* mac; |
517 bool is_aead; | 513 bool is_aead; |
518 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite); | 514 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite); |
519 EXPECT_STREQ("ECDHE_RSA", key_exchange); | 515 EXPECT_STREQ("ECDHE_RSA", key_exchange); |
520 EXPECT_TRUE(is_aead); | 516 EXPECT_TRUE(is_aead); |
521 } | 517 } |
522 | 518 |
523 // NSS ports don't support client certificates and have a global session cache. | |
524 #if defined(USE_OPENSSL) | |
525 | |
526 // This test makes sure the session cache is working. | 519 // This test makes sure the session cache is working. |
527 TEST_F(SSLServerSocketTest, HandshakeCached) { | 520 TEST_F(SSLServerSocketTest, HandshakeCached) { |
528 ASSERT_NO_FATAL_FAILURE(CreateContext()); | 521 ASSERT_NO_FATAL_FAILURE(CreateContext()); |
529 ASSERT_NO_FATAL_FAILURE(CreateSockets()); | 522 ASSERT_NO_FATAL_FAILURE(CreateSockets()); |
530 | 523 |
531 TestCompletionCallback handshake_callback; | 524 TestCompletionCallback handshake_callback; |
532 int server_ret = server_socket_->Handshake(handshake_callback.callback()); | 525 int server_ret = server_socket_->Handshake(handshake_callback.callback()); |
533 | 526 |
534 TestCompletionCallback connect_callback; | 527 TestCompletionCallback connect_callback; |
535 int client_ret = client_socket_->Connect(connect_callback.callback()); | 528 int client_ret = client_socket_->Connect(connect_callback.callback()); |
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
858 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback()); | 851 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback()); |
859 | 852 |
860 TestCompletionCallback connect_callback2; | 853 TestCompletionCallback connect_callback2; |
861 int client_ret2 = client_socket_->Connect(connect_callback2.callback()); | 854 int client_ret2 = client_socket_->Connect(connect_callback2.callback()); |
862 | 855 |
863 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, | 856 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, |
864 connect_callback2.GetResult(client_ret2)); | 857 connect_callback2.GetResult(client_ret2)); |
865 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, | 858 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, |
866 handshake_callback2.GetResult(server_ret2)); | 859 handshake_callback2.GetResult(server_ret2)); |
867 } | 860 } |
868 #endif // defined(USE_OPENSSL) | |
869 | 861 |
870 TEST_F(SSLServerSocketTest, DataTransfer) { | 862 TEST_F(SSLServerSocketTest, DataTransfer) { |
871 ASSERT_NO_FATAL_FAILURE(CreateContext()); | 863 ASSERT_NO_FATAL_FAILURE(CreateContext()); |
872 ASSERT_NO_FATAL_FAILURE(CreateSockets()); | 864 ASSERT_NO_FATAL_FAILURE(CreateSockets()); |
873 | 865 |
874 // Establish connection. | 866 // Establish connection. |
875 TestCompletionCallback connect_callback; | 867 TestCompletionCallback connect_callback; |
876 int client_ret = client_socket_->Connect(connect_callback.callback()); | 868 int client_ret = client_socket_->Connect(connect_callback.callback()); |
877 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING); | 869 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING); |
878 | 870 |
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1074 int server_ret = server_socket_->Handshake(handshake_callback.callback()); | 1066 int server_ret = server_socket_->Handshake(handshake_callback.callback()); |
1075 | 1067 |
1076 client_ret = connect_callback.GetResult(client_ret); | 1068 client_ret = connect_callback.GetResult(client_ret); |
1077 server_ret = handshake_callback.GetResult(server_ret); | 1069 server_ret = handshake_callback.GetResult(server_ret); |
1078 | 1070 |
1079 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret); | 1071 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret); |
1080 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret); | 1072 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret); |
1081 } | 1073 } |
1082 | 1074 |
1083 } // namespace net | 1075 } // namespace net |
OLD | NEW |