Removing NSS files and USE_OPENSSL flag

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
+#include <errno.h>
+#include <string.h>
+
 #include <utility>
 
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
 #include "base/callback_helpers.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/time/time.h"
+#include "crypto/scoped_openssl_types.h"
 #include "net/base/address_list.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/asn1_util.h"
 #include "net/cert/ct_policy_enforcer.h"
 #include "net/cert/ct_policy_status.h"
 #include "net/cert/ct_verifier.h"
 #include "net/cert/mock_cert_verifier.h"
@@ skipping 10 matching lines @@
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/socket_test_util.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/ssl/channel_id_service.h"
 #include "net/ssl/default_channel_id_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
+#include "net/ssl/test_ssl_private_key.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
 
-#if defined(USE_OPENSSL)
-#include <errno.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <string.h>
-
-#include "crypto/scoped_openssl_types.h"
-#include "net/ssl/test_ssl_private_key.h"
-#endif
-
 using testing::_;
 using testing::Return;
 using testing::Truly;
 
 namespace net {
 
 namespace {
 
 // WrappedStreamSocket is a base class that wraps an existing StreamSocket,
 // forwarding the Socket and StreamSocket interfaces to the underlying
@@ skipping 1420 matching lines @@
   // the ERR_IO_PENDING caused by SetReadShouldBlock() and thus return.
   SSLClientSocket* raw_sock = sock.get();
   DeleteSocketCallback read_callback(sock.release());
   scoped_refptr<IOBuffer> read_buf(new IOBuffer(4096));
   rv = raw_sock->Read(read_buf.get(), 4096, read_callback.callback());
 
   // Ensure things didn't complete synchronously, otherwise |sock| is invalid.
   ASSERT_EQ(ERR_IO_PENDING, rv);
   ASSERT_FALSE(read_callback.have_result());
 
-#if !defined(USE_OPENSSL)
-  // NSS follows a pattern where a call to PR_Write will only consume as
-  // much data as it can encode into application data records before the
-  // internal memio buffer is full, which should only fill if writing a large
-  // amount of data and the underlying transport is blocked. Once this happens,
-  // NSS will return (total size of all application data records it wrote) - 1,
-  // with the caller expected to resume with the remaining unsent data.
-  //
-  // This causes SSLClientSocketNSS::Write to return that it wrote some data
-  // before it will return ERR_IO_PENDING, so make an extra call to Write() to
-  // get the socket in the state needed for the test below.
-  //
-  // This is not needed for OpenSSL, because for OpenSSL,
-  // SSL_MODE_ENABLE_PARTIAL_WRITE is not specified - thus
-  // SSLClientSocketOpenSSL::Write() will not return until all of
-  // |request_buffer| has been written to the underlying BIO (although not
-  // necessarily the underlying transport).
-  rv = callback.GetResult(raw_sock->Write(request_buffer.get(),
-                                          request_buffer->BytesRemaining(),
-                                          callback.callback()));
-  ASSERT_LT(0, rv);
-  request_buffer->DidConsume(rv);
-
-  // Guard to ensure that |request_buffer| was larger than all of the internal
-  // buffers (transport, memio, NSS) along the way - otherwise the next call
-  // to Write() will crash with an invalid buffer.
-  ASSERT_LT(0, request_buffer->BytesRemaining());
-#endif
-
   // Attempt to write the remaining data. NSS will not be able to consume the
   // application data because the internal buffers are full, while OpenSSL will
   // return that its blocked because the underlying transport is blocked.
   rv = raw_sock->Write(request_buffer.get(),
                        request_buffer->BytesRemaining(),
                        callback.callback());
   ASSERT_EQ(ERR_IO_PENDING, rv);
   ASSERT_FALSE(callback.have_result());
 
   // Now unblock Write(), which will invoke OnSendComplete and (eventually)
@@ skipping 89 matching lines @@
       ASSERT_LT(0, long_request_buffer->BytesRemaining());
     }
   } while (rv > 0);
 
   EXPECT_EQ(ERR_CONNECTION_RESET, rv);
 
   // Release the read.
   raw_transport->UnblockReadResult();
   rv = read_callback.WaitForResult();
 
-#if defined(USE_OPENSSL)
   // Should still read bytes despite the write error.
   EXPECT_LT(0, rv);
-#else
-  // NSS attempts to flush the write buffer in PR_Read on an SSL socket before
-  // pumping the read state machine, unless configured with SSL_ENABLE_FDX, so
-  // the write error stops future reads.
-  EXPECT_EQ(ERR_CONNECTION_RESET, rv);
-#endif
 }
 
 // Tests that SSLClientSocket fails the handshake if the underlying
 // transport is cleanly closed.
 TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
   scoped_ptr<StreamSocket> real_transport(
       new TCPClientSocket(addr(), NULL, NetLog::Source()));
@@ skipping 603 matching lines @@
   scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
   ASSERT_TRUE(request_info.get());
   ASSERT_EQ(2u, request_info->cert_authorities.size());
   EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen),
             request_info->cert_authorities[0]);
   EXPECT_EQ(
       std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen),
       request_info->cert_authorities[1]);
 }
 
-// cert_key_types is currently only populated on OpenSSL.
-#if defined(USE_OPENSSL)
 TEST_F(SSLClientSocketCertRequestInfoTest, CertKeyTypes) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.request_client_certificate = true;
   ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN);
   ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
   scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
   ASSERT_TRUE(request_info.get());
   ASSERT_EQ(2u, request_info->cert_key_types.size());
   EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]);
   EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]);
 }
-#endif  // defined(USE_OPENSSL)
 
 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.signed_cert_timestamps_tls_ext = "test";
 
   ASSERT_TRUE(StartTestServer(ssl_options));
 
   SSLConfig ssl_config;
   ssl_config.signed_cert_timestamps_enabled = true;
 
@@ skipping 532 matching lines @@
 
 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
   // False Start requires NPN/ALPN, ECDHE, and an AEAD.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   ASSERT_NO_FATAL_FAILURE(
       TestFalseStart(server_options, client_config, true));
 }
 
 // Test that False Start is disabled without NPN.
 TEST_F(SSLClientSocketFalseStartTest, NoNPN) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   SSLConfig client_config;
   client_config.alpn_protos.clear();
   client_config.npn_protos.clear();
   ASSERT_NO_FATAL_FAILURE(
       TestFalseStart(server_options, client_config, false));
 }
 
 // Test that False Start is disabled with plain RSA ciphers.
 TEST_F(SSLClientSocketFalseStartTest, RSA) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   ASSERT_NO_FATAL_FAILURE(
       TestFalseStart(server_options, client_config, false));
 }
 
 // Test that False Start is disabled with DHE_RSA ciphers.
 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   // DHE is only advertised when deprecated ciphers are enabled.
   client_config.deprecated_cipher_suites_enabled = true;
   ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));
 }
 
 // Test that False Start is disabled without an AEAD.
 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
   ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));
 }
 
 // Test that sessions are resumable after receiving the server Finished message.
 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
   // Start a server.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   // Let a full handshake complete with False Start.
   ASSERT_NO_FATAL_FAILURE(
       TestFalseStart(server_options, client_config, true));
 
   // Make a second connection.
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
   EXPECT_EQ(OK, rv);
@@ skipping 10 matching lines @@
   // Start a server.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   // Start a handshake up to the server Finished message.
   TestCompletionCallback callback;
   FakeBlockingStreamSocket* raw_transport1 = NULL;
   scoped_ptr<SSLClientSocket> sock1;
   ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
       client_config, &callback, &raw_transport1, &sock1));
   // Although raw_transport1 has the server Finished blocked, the handshake
   // still completes.
@@ skipping 34 matching lines @@
   // Start a server.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   // Start a handshake up to the server Finished message.
   TestCompletionCallback callback;
   FakeBlockingStreamSocket* raw_transport1 = NULL;
   scoped_ptr<SSLClientSocket> sock1;
   ASSERT_NO_FATAL_FAILURE(CreateAndConnectUntilServerFinishedReceived(
       client_config, &callback, &raw_transport1, &sock1));
   // Although raw_transport1 has the server Finished blocked, the handshake
   // still completes.
@@ skipping 126 matching lines @@
   EXPECT_TRUE(ssl_info.channel_id_sent);
 }
 
 TEST_F(SSLClientSocketTest, NPN) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.npn_protocols.push_back(std::string("spdy/3.1"));
   server_options.npn_protocols.push_back(std::string("h2"));
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP2);
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP2);
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
   EXPECT_EQ(OK, rv);
 
   std::string proto;
   EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto));
   EXPECT_EQ("h2", proto);
 }
 
 // In case of no overlap between client and server list, SSLClientSocket should
 // fall back to last one on the client list.
 TEST_F(SSLClientSocketTest, NPNNoOverlap) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.npn_protocols.push_back(std::string("http/1.1"));
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoSPDY31);
-  client_config.alpn_protos.push_back(kProtoHTTP2);
-#endif
   client_config.npn_protos.push_back(kProtoSPDY31);
   client_config.npn_protos.push_back(kProtoHTTP2);
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
   EXPECT_EQ(OK, rv);
 
   std::string proto;
   EXPECT_EQ(SSLClientSocket::kNextProtoNoOverlap, sock_->GetNextProto(&proto));
   EXPECT_EQ("h2", proto);
 }
 
 // Server preference should be respected.  The list is in decreasing order of
 // preference.
 TEST_F(SSLClientSocketTest, NPNServerPreference) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.npn_protocols.push_back(std::string("spdy/3.1"));
   server_options.npn_protocols.push_back(std::string("h2"));
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP2);
-  client_config.alpn_protos.push_back(kProtoSPDY31);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP2);
   client_config.npn_protos.push_back(kProtoSPDY31);
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
   EXPECT_EQ(OK, rv);
 
   std::string proto;
   EXPECT_EQ(SSLClientSocket::kNextProtoNegotiated, sock_->GetNextProto(&proto));
   EXPECT_EQ("spdy/3.1", proto);
@@ skipping 17 matching lines @@
   std::string proto;
   EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported,
             sock_->GetNextProto(&proto));
 }
 
 TEST_F(SSLClientSocketTest, NPNServerDisabled) {
   SpawnedTestServer::SSLOptions server_options;
   ASSERT_TRUE(StartTestServer(server_options));
 
   SSLConfig client_config;
-#if !defined(USE_OPENSSL)
-  client_config.alpn_protos.push_back(kProtoHTTP11);
-#endif
   client_config.npn_protos.push_back(kProtoHTTP11);
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
   EXPECT_EQ(OK, rv);
 
   std::string proto;
   EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported,
             sock_->GetNextProto(&proto));
 }
 
-// Client auth is not supported in NSS ports.
-#if defined(USE_OPENSSL)
-
 namespace {
 
 // Loads a PEM-encoded private key file into a SSLPrivateKey object.
 // |filepath| is the private key file path.
 // Returns the new SSLPrivateKey.
 scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL(
     const base::FilePath& filepath) {
   std::string data;
   if (!base::ReadFileToString(filepath, &data)) {
     LOG(ERROR) << "Could not read private key file: " << filepath.value();
@@ skipping 82 matching lines @@
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(sock_->IsConnected());
 
   SSLInfo ssl_info;
   ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
   EXPECT_TRUE(ssl_info.client_cert_sent);
 
   sock_->Disconnect();
   EXPECT_FALSE(sock_->IsConnected());
 }
-#endif  // defined(USE_OPENSSL)
 
 }  // namespace net