| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This test suite uses SSLClientSocket to test the implementation of | 5 // This test suite uses SSLClientSocket to test the implementation of |
| 6 // SSLServerSocket. In order to establish connections between the sockets | 6 // SSLServerSocket. In order to establish connections between the sockets |
| 7 // we need two additional classes: | 7 // we need two additional classes: |
| 8 // 1. FakeSocket | 8 // 1. FakeSocket |
| 9 // Connects SSL socket to FakeDataChannel. This class is just a stub. | 9 // Connects SSL socket to FakeDataChannel. This class is just a stub. |
| 10 // | 10 // |
| 11 // 2. FakeDataChannel | 11 // 2. FakeDataChannel |
| 12 // Implements the actual exchange of data between two FakeSockets. | 12 // Implements the actual exchange of data between two FakeSockets. |
| 13 // | 13 // |
| 14 // Implementations of these two classes are included in this file. | 14 // Implementations of these two classes are included in this file. |
| 15 | 15 |
| 16 #include "net/socket/ssl_server_socket.h" | 16 #include "net/socket/ssl_server_socket.h" |
| 17 | 17 |
| 18 #include <stdint.h> | 18 #include <stdint.h> |
| 19 #include <stdlib.h> | 19 #include <stdlib.h> |
| 20 #include <queue> | 20 #include <queue> |
| 21 #include <utility> | 21 #include <utility> |
| 22 | 22 |
| 23 #include <openssl/evp.h> |
| 24 #include <openssl/ssl.h> |
| 25 #include <openssl/x509.h> |
| 26 |
| 23 #include "base/callback_helpers.h" | 27 #include "base/callback_helpers.h" |
| 24 #include "base/compiler_specific.h" | 28 #include "base/compiler_specific.h" |
| 25 #include "base/files/file_path.h" | 29 #include "base/files/file_path.h" |
| 26 #include "base/files/file_util.h" | 30 #include "base/files/file_util.h" |
| 27 #include "base/location.h" | 31 #include "base/location.h" |
| 28 #include "base/logging.h" | 32 #include "base/logging.h" |
| 29 #include "base/macros.h" | 33 #include "base/macros.h" |
| 30 #include "base/message_loop/message_loop.h" | 34 #include "base/message_loop/message_loop.h" |
| 31 #include "base/single_thread_task_runner.h" | 35 #include "base/single_thread_task_runner.h" |
| 32 #include "base/thread_task_runner_handle.h" | 36 #include "base/thread_task_runner_handle.h" |
| (...skipping 25 matching lines...) Expand all Loading... |
| 58 #include "net/ssl/ssl_cipher_suite_names.h" | 62 #include "net/ssl/ssl_cipher_suite_names.h" |
| 59 #include "net/ssl/ssl_connection_status_flags.h" | 63 #include "net/ssl/ssl_connection_status_flags.h" |
| 60 #include "net/ssl/ssl_info.h" | 64 #include "net/ssl/ssl_info.h" |
| 61 #include "net/ssl/ssl_private_key.h" | 65 #include "net/ssl/ssl_private_key.h" |
| 62 #include "net/ssl/ssl_server_config.h" | 66 #include "net/ssl/ssl_server_config.h" |
| 63 #include "net/ssl/test_ssl_private_key.h" | 67 #include "net/ssl/test_ssl_private_key.h" |
| 64 #include "net/test/cert_test_util.h" | 68 #include "net/test/cert_test_util.h" |
| 65 #include "testing/gtest/include/gtest/gtest.h" | 69 #include "testing/gtest/include/gtest/gtest.h" |
| 66 #include "testing/platform_test.h" | 70 #include "testing/platform_test.h" |
| 67 | 71 |
| 68 #if defined(USE_OPENSSL) | |
| 69 #include <openssl/evp.h> | |
| 70 #include <openssl/ssl.h> | |
| 71 #include <openssl/x509.h> | |
| 72 #endif | |
| 73 | |
| 74 namespace net { | 72 namespace net { |
| 75 | 73 |
| 76 namespace { | 74 namespace { |
| 77 | 75 |
| 78 const char kClientCertFileName[] = "client_1.pem"; | 76 const char kClientCertFileName[] = "client_1.pem"; |
| 79 const char kClientPrivateKeyFileName[] = "client_1.pk8"; | 77 const char kClientPrivateKeyFileName[] = "client_1.pk8"; |
| 80 const char kWrongClientCertFileName[] = "client_2.pem"; | 78 const char kWrongClientCertFileName[] = "client_2.pem"; |
| 81 const char kWrongClientPrivateKeyFileName[] = "client_2.pk8"; | 79 const char kWrongClientPrivateKeyFileName[] = "client_2.pk8"; |
| 82 const char kClientCertCAFileName[] = "client_1_ca.pem"; | 80 const char kClientCertCAFileName[] = "client_1_ca.pem"; |
| 83 | 81 |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 client_socket_ = socket_factory_->CreateSSLClientSocket( | 388 client_socket_ = socket_factory_->CreateSSLClientSocket( |
| 391 std::move(client_connection), host_and_pair, client_ssl_config_, | 389 std::move(client_connection), host_and_pair, client_ssl_config_, |
| 392 context); | 390 context); |
| 393 ASSERT_TRUE(client_socket_); | 391 ASSERT_TRUE(client_socket_); |
| 394 | 392 |
| 395 server_socket_ = | 393 server_socket_ = |
| 396 server_context_->CreateSSLServerSocket(std::move(server_socket)); | 394 server_context_->CreateSSLServerSocket(std::move(server_socket)); |
| 397 ASSERT_TRUE(server_socket_); | 395 ASSERT_TRUE(server_socket_); |
| 398 } | 396 } |
| 399 | 397 |
| 400 #if defined(USE_OPENSSL) | |
| 401 void ConfigureClientCertsForClient(const char* cert_file_name, | 398 void ConfigureClientCertsForClient(const char* cert_file_name, |
| 402 const char* private_key_file_name) { | 399 const char* private_key_file_name) { |
| 403 client_ssl_config_.send_client_cert = true; | 400 client_ssl_config_.send_client_cert = true; |
| 404 client_ssl_config_.client_cert = | 401 client_ssl_config_.client_cert = |
| 405 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name); | 402 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name); |
| 406 ASSERT_TRUE(client_ssl_config_.client_cert); | 403 ASSERT_TRUE(client_ssl_config_.client_cert); |
| 407 | 404 |
| 408 std::unique_ptr<crypto::RSAPrivateKey> key = | 405 std::unique_ptr<crypto::RSAPrivateKey> key = |
| 409 ReadTestKey(private_key_file_name); | 406 ReadTestKey(private_key_file_name); |
| 410 ASSERT_TRUE(key); | 407 ASSERT_TRUE(key); |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 451 if (!base::ReadFileToString(key_path, &key_string)) | 448 if (!base::ReadFileToString(key_path, &key_string)) |
| 452 return nullptr; | 449 return nullptr; |
| 453 std::vector<uint8_t> key_vector( | 450 std::vector<uint8_t> key_vector( |
| 454 reinterpret_cast<const uint8_t*>(key_string.data()), | 451 reinterpret_cast<const uint8_t*>(key_string.data()), |
| 455 reinterpret_cast<const uint8_t*>(key_string.data() + | 452 reinterpret_cast<const uint8_t*>(key_string.data() + |
| 456 key_string.length())); | 453 key_string.length())); |
| 457 std::unique_ptr<crypto::RSAPrivateKey> key( | 454 std::unique_ptr<crypto::RSAPrivateKey> key( |
| 458 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); | 455 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); |
| 459 return key; | 456 return key; |
| 460 } | 457 } |
| 461 #endif | |
| 462 | 458 |
| 463 std::unique_ptr<FakeDataChannel> channel_1_; | 459 std::unique_ptr<FakeDataChannel> channel_1_; |
| 464 std::unique_ptr<FakeDataChannel> channel_2_; | 460 std::unique_ptr<FakeDataChannel> channel_2_; |
| 465 SSLConfig client_ssl_config_; | 461 SSLConfig client_ssl_config_; |
| 466 SSLServerConfig server_ssl_config_; | 462 SSLServerConfig server_ssl_config_; |
| 467 std::unique_ptr<SSLClientSocket> client_socket_; | 463 std::unique_ptr<SSLClientSocket> client_socket_; |
| 468 std::unique_ptr<SSLServerSocket> server_socket_; | 464 std::unique_ptr<SSLServerSocket> server_socket_; |
| 469 ClientSocketFactory* socket_factory_; | 465 ClientSocketFactory* socket_factory_; |
| 470 std::unique_ptr<MockCertVerifier> cert_verifier_; | 466 std::unique_ptr<MockCertVerifier> cert_verifier_; |
| 471 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_; | 467 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 513 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); | 509 SSLConnectionStatusToCipherSuite(ssl_info.connection_status); |
| 514 const char* key_exchange; | 510 const char* key_exchange; |
| 515 const char* cipher; | 511 const char* cipher; |
| 516 const char* mac; | 512 const char* mac; |
| 517 bool is_aead; | 513 bool is_aead; |
| 518 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite); | 514 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite); |
| 519 EXPECT_STREQ("ECDHE_RSA", key_exchange); | 515 EXPECT_STREQ("ECDHE_RSA", key_exchange); |
| 520 EXPECT_TRUE(is_aead); | 516 EXPECT_TRUE(is_aead); |
| 521 } | 517 } |
| 522 | 518 |
| 523 // NSS ports don't support client certificates and have a global session cache. | |
| 524 #if defined(USE_OPENSSL) | |
| 525 | |
| 526 // This test makes sure the session cache is working. | 519 // This test makes sure the session cache is working. |
| 527 TEST_F(SSLServerSocketTest, HandshakeCached) { | 520 TEST_F(SSLServerSocketTest, HandshakeCached) { |
| 528 ASSERT_NO_FATAL_FAILURE(CreateContext()); | 521 ASSERT_NO_FATAL_FAILURE(CreateContext()); |
| 529 ASSERT_NO_FATAL_FAILURE(CreateSockets()); | 522 ASSERT_NO_FATAL_FAILURE(CreateSockets()); |
| 530 | 523 |
| 531 TestCompletionCallback handshake_callback; | 524 TestCompletionCallback handshake_callback; |
| 532 int server_ret = server_socket_->Handshake(handshake_callback.callback()); | 525 int server_ret = server_socket_->Handshake(handshake_callback.callback()); |
| 533 | 526 |
| 534 TestCompletionCallback connect_callback; | 527 TestCompletionCallback connect_callback; |
| 535 int client_ret = client_socket_->Connect(connect_callback.callback()); | 528 int client_ret = client_socket_->Connect(connect_callback.callback()); |
| (...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 858 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback()); | 851 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback()); |
| 859 | 852 |
| 860 TestCompletionCallback connect_callback2; | 853 TestCompletionCallback connect_callback2; |
| 861 int client_ret2 = client_socket_->Connect(connect_callback2.callback()); | 854 int client_ret2 = client_socket_->Connect(connect_callback2.callback()); |
| 862 | 855 |
| 863 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, | 856 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, |
| 864 connect_callback2.GetResult(client_ret2)); | 857 connect_callback2.GetResult(client_ret2)); |
| 865 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, | 858 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, |
| 866 handshake_callback2.GetResult(server_ret2)); | 859 handshake_callback2.GetResult(server_ret2)); |
| 867 } | 860 } |
| 868 #endif // defined(USE_OPENSSL) | |
| 869 | 861 |
| 870 TEST_F(SSLServerSocketTest, DataTransfer) { | 862 TEST_F(SSLServerSocketTest, DataTransfer) { |
| 871 ASSERT_NO_FATAL_FAILURE(CreateContext()); | 863 ASSERT_NO_FATAL_FAILURE(CreateContext()); |
| 872 ASSERT_NO_FATAL_FAILURE(CreateSockets()); | 864 ASSERT_NO_FATAL_FAILURE(CreateSockets()); |
| 873 | 865 |
| 874 // Establish connection. | 866 // Establish connection. |
| 875 TestCompletionCallback connect_callback; | 867 TestCompletionCallback connect_callback; |
| 876 int client_ret = client_socket_->Connect(connect_callback.callback()); | 868 int client_ret = client_socket_->Connect(connect_callback.callback()); |
| 877 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING); | 869 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING); |
| 878 | 870 |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1074 int server_ret = server_socket_->Handshake(handshake_callback.callback()); | 1066 int server_ret = server_socket_->Handshake(handshake_callback.callback()); |
| 1075 | 1067 |
| 1076 client_ret = connect_callback.GetResult(client_ret); | 1068 client_ret = connect_callback.GetResult(client_ret); |
| 1077 server_ret = handshake_callback.GetResult(server_ret); | 1069 server_ret = handshake_callback.GetResult(server_ret); |
| 1078 | 1070 |
| 1079 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret); | 1071 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret); |
| 1080 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret); | 1072 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret); |
| 1081 } | 1073 } |
| 1082 | 1074 |
| 1083 } // namespace net | 1075 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master