| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 21 matching lines...) Expand all Loading... |
| 32 #include "net/cert/ct_policy_status.h" | 32 #include "net/cert/ct_policy_status.h" |
| 33 #include "net/cert/ct_verifier.h" | 33 #include "net/cert/ct_verifier.h" |
| 34 #include "net/cert/mock_cert_verifier.h" | 34 #include "net/cert/mock_cert_verifier.h" |
| 35 #include "net/cert/test_root_certs.h" | 35 #include "net/cert/test_root_certs.h" |
| 36 #include "net/der/input.h" | 36 #include "net/der/input.h" |
| 37 #include "net/der/parser.h" | 37 #include "net/der/parser.h" |
| 38 #include "net/der/tag.h" | 38 #include "net/der/tag.h" |
| 39 #include "net/dns/host_resolver.h" | 39 #include "net/dns/host_resolver.h" |
| 40 #include "net/http/transport_security_state.h" | 40 #include "net/http/transport_security_state.h" |
| 41 #include "net/log/net_log.h" | 41 #include "net/log/net_log.h" |
| 42 #include "net/log/net_log_event_type.h" |
| 42 #include "net/log/test_net_log.h" | 43 #include "net/log/test_net_log.h" |
| 43 #include "net/log/test_net_log_entry.h" | 44 #include "net/log/test_net_log_entry.h" |
| 44 #include "net/log/test_net_log_util.h" | 45 #include "net/log/test_net_log_util.h" |
| 45 #include "net/socket/client_socket_factory.h" | 46 #include "net/socket/client_socket_factory.h" |
| 46 #include "net/socket/client_socket_handle.h" | 47 #include "net/socket/client_socket_handle.h" |
| 47 #include "net/socket/socket_test_util.h" | 48 #include "net/socket/socket_test_util.h" |
| 48 #include "net/socket/tcp_client_socket.h" | 49 #include "net/socket/tcp_client_socket.h" |
| 49 #include "net/ssl/channel_id_service.h" | 50 #include "net/ssl/channel_id_service.h" |
| 50 #include "net/ssl/default_channel_id_store.h" | 51 #include "net/ssl/default_channel_id_store.h" |
| 51 #include "net/ssl/ssl_cert_request_info.h" | 52 #include "net/ssl/ssl_cert_request_info.h" |
| (...skipping 982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1034 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( | 1035 std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( |
| 1035 std::move(transport), spawned_test_server()->host_port_pair(), | 1036 std::move(transport), spawned_test_server()->host_port_pair(), |
| 1036 SSLConfig())); | 1037 SSLConfig())); |
| 1037 | 1038 |
| 1038 EXPECT_FALSE(sock->IsConnected()); | 1039 EXPECT_FALSE(sock->IsConnected()); |
| 1039 | 1040 |
| 1040 rv = sock->Connect(callback.callback()); | 1041 rv = sock->Connect(callback.callback()); |
| 1041 | 1042 |
| 1042 TestNetLogEntry::List entries; | 1043 TestNetLogEntry::List entries; |
| 1043 log.GetEntries(&entries); | 1044 log.GetEntries(&entries); |
| 1044 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLog::TYPE_SSL_CONNECT)); | 1045 EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLogEventType::SSL_CONNECT)); |
| 1045 if (rv == ERR_IO_PENDING) | 1046 if (rv == ERR_IO_PENDING) |
| 1046 rv = callback.WaitForResult(); | 1047 rv = callback.WaitForResult(); |
| 1047 EXPECT_THAT(rv, IsOk()); | 1048 EXPECT_THAT(rv, IsOk()); |
| 1048 EXPECT_TRUE(sock->IsConnected()); | 1049 EXPECT_TRUE(sock->IsConnected()); |
| 1049 log.GetEntries(&entries); | 1050 log.GetEntries(&entries); |
| 1050 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); | 1051 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); |
| 1051 | 1052 |
| 1052 sock->Disconnect(); | 1053 sock->Disconnect(); |
| 1053 EXPECT_FALSE(sock->IsConnected()); | 1054 EXPECT_FALSE(sock->IsConnected()); |
| 1054 } | 1055 } |
| 1055 | 1056 |
| 1056 TEST_F(SSLClientSocketTest, ConnectExpired) { | 1057 TEST_F(SSLClientSocketTest, ConnectExpired) { |
| 1057 SpawnedTestServer::SSLOptions ssl_options( | 1058 SpawnedTestServer::SSLOptions ssl_options( |
| 1058 SpawnedTestServer::SSLOptions::CERT_EXPIRED); | 1059 SpawnedTestServer::SSLOptions::CERT_EXPIRED); |
| 1059 ASSERT_TRUE(StartTestServer(ssl_options)); | 1060 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 1060 | 1061 |
| 1061 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID); | 1062 cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID); |
| 1062 | 1063 |
| 1063 int rv; | 1064 int rv; |
| 1064 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); | 1065 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); |
| 1065 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID)); | 1066 EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID)); |
| 1066 | 1067 |
| 1067 // Rather than testing whether or not the underlying socket is connected, | 1068 // Rather than testing whether or not the underlying socket is connected, |
| 1068 // test that the handshake has finished. This is because it may be | 1069 // test that the handshake has finished. This is because it may be |
| 1069 // desirable to disconnect the socket before showing a user prompt, since | 1070 // desirable to disconnect the socket before showing a user prompt, since |
| 1070 // the user may take indefinitely long to respond. | 1071 // the user may take indefinitely long to respond. |
| 1071 TestNetLogEntry::List entries; | 1072 TestNetLogEntry::List entries; |
| 1072 log_.GetEntries(&entries); | 1073 log_.GetEntries(&entries); |
| 1073 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); | 1074 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); |
| 1074 } | 1075 } |
| 1075 | 1076 |
| 1076 TEST_F(SSLClientSocketTest, ConnectMismatched) { | 1077 TEST_F(SSLClientSocketTest, ConnectMismatched) { |
| 1077 SpawnedTestServer::SSLOptions ssl_options( | 1078 SpawnedTestServer::SSLOptions ssl_options( |
| 1078 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); | 1079 SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME); |
| 1079 ASSERT_TRUE(StartTestServer(ssl_options)); | 1080 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 1080 | 1081 |
| 1081 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); | 1082 cert_verifier_->set_default_result(ERR_CERT_COMMON_NAME_INVALID); |
| 1082 | 1083 |
| 1083 int rv; | 1084 int rv; |
| 1084 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); | 1085 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); |
| 1085 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID)); | 1086 EXPECT_THAT(rv, IsError(ERR_CERT_COMMON_NAME_INVALID)); |
| 1086 | 1087 |
| 1087 // Rather than testing whether or not the underlying socket is connected, | 1088 // Rather than testing whether or not the underlying socket is connected, |
| 1088 // test that the handshake has finished. This is because it may be | 1089 // test that the handshake has finished. This is because it may be |
| 1089 // desirable to disconnect the socket before showing a user prompt, since | 1090 // desirable to disconnect the socket before showing a user prompt, since |
| 1090 // the user may take indefinitely long to respond. | 1091 // the user may take indefinitely long to respond. |
| 1091 TestNetLogEntry::List entries; | 1092 TestNetLogEntry::List entries; |
| 1092 log_.GetEntries(&entries); | 1093 log_.GetEntries(&entries); |
| 1093 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); | 1094 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); |
| 1094 } | 1095 } |
| 1095 | 1096 |
| 1096 #if defined(OS_WIN) | 1097 #if defined(OS_WIN) |
| 1097 // Tests that certificates parsable by SSLClientSocket's internal SSL | 1098 // Tests that certificates parsable by SSLClientSocket's internal SSL |
| 1098 // implementation, but not X509Certificate are treated as fatal non-certificate | 1099 // implementation, but not X509Certificate are treated as fatal non-certificate |
| 1099 // errors. This is regression test for https://crbug.com/91341. | 1100 // errors. This is regression test for https://crbug.com/91341. |
| 1100 TEST_F(SSLClientSocketTest, ConnectBadValidity) { | 1101 TEST_F(SSLClientSocketTest, ConnectBadValidity) { |
| 1101 SpawnedTestServer::SSLOptions ssl_options( | 1102 SpawnedTestServer::SSLOptions ssl_options( |
| 1102 SpawnedTestServer::SSLOptions::CERT_BAD_VALIDITY); | 1103 SpawnedTestServer::SSLOptions::CERT_BAD_VALIDITY); |
| 1103 ASSERT_TRUE(StartTestServer(ssl_options)); | 1104 ASSERT_TRUE(StartTestServer(ssl_options)); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 1120 SpawnedTestServer::SSLOptions ssl_options; | 1121 SpawnedTestServer::SSLOptions ssl_options; |
| 1121 ssl_options.request_client_certificate = true; | 1122 ssl_options.request_client_certificate = true; |
| 1122 ASSERT_TRUE(StartTestServer(ssl_options)); | 1123 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 1123 | 1124 |
| 1124 int rv; | 1125 int rv; |
| 1125 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); | 1126 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); |
| 1126 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED)); | 1127 EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED)); |
| 1127 | 1128 |
| 1128 TestNetLogEntry::List entries; | 1129 TestNetLogEntry::List entries; |
| 1129 log_.GetEntries(&entries); | 1130 log_.GetEntries(&entries); |
| 1130 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); | 1131 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); |
| 1131 EXPECT_FALSE(sock_->IsConnected()); | 1132 EXPECT_FALSE(sock_->IsConnected()); |
| 1132 } | 1133 } |
| 1133 | 1134 |
| 1134 // Connect to a server requesting optional client authentication. Send it a | 1135 // Connect to a server requesting optional client authentication. Send it a |
| 1135 // null certificate. It should allow the connection. | 1136 // null certificate. It should allow the connection. |
| 1136 // | 1137 // |
| 1137 // TODO(davidben): Also test providing an actual certificate. | 1138 // TODO(davidben): Also test providing an actual certificate. |
| 1138 TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { | 1139 TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { |
| 1139 SpawnedTestServer::SSLOptions ssl_options; | 1140 SpawnedTestServer::SSLOptions ssl_options; |
| 1140 ssl_options.request_client_certificate = true; | 1141 ssl_options.request_client_certificate = true; |
| (...skipping 734 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1875 new IOBuffer(arraysize(request_text) - 1)); | 1876 new IOBuffer(arraysize(request_text) - 1)); |
| 1876 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); | 1877 memcpy(request_buffer->data(), request_text, arraysize(request_text) - 1); |
| 1877 | 1878 |
| 1878 rv = callback.GetResult(sock->Write( | 1879 rv = callback.GetResult(sock->Write( |
| 1879 request_buffer.get(), arraysize(request_text) - 1, callback.callback())); | 1880 request_buffer.get(), arraysize(request_text) - 1, callback.callback())); |
| 1880 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv); | 1881 EXPECT_EQ(static_cast<int>(arraysize(request_text) - 1), rv); |
| 1881 | 1882 |
| 1882 TestNetLogEntry::List entries; | 1883 TestNetLogEntry::List entries; |
| 1883 log.GetEntries(&entries); | 1884 log.GetEntries(&entries); |
| 1884 size_t last_index = ExpectLogContainsSomewhereAfter( | 1885 size_t last_index = ExpectLogContainsSomewhereAfter( |
| 1885 entries, 5, NetLog::TYPE_SSL_SOCKET_BYTES_SENT, NetLog::PHASE_NONE); | 1886 entries, 5, NetLogEventType::SSL_SOCKET_BYTES_SENT, |
| 1887 NetLogEventPhase::NONE); |
| 1886 | 1888 |
| 1887 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); | 1889 scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); |
| 1888 for (;;) { | 1890 for (;;) { |
| 1889 rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); | 1891 rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); |
| 1890 EXPECT_GE(rv, 0); | 1892 EXPECT_GE(rv, 0); |
| 1891 if (rv <= 0) | 1893 if (rv <= 0) |
| 1892 break; | 1894 break; |
| 1893 | 1895 |
| 1894 log.GetEntries(&entries); | 1896 log.GetEntries(&entries); |
| 1895 last_index = | 1897 last_index = ExpectLogContainsSomewhereAfter( |
| 1896 ExpectLogContainsSomewhereAfter(entries, | 1898 entries, last_index + 1, NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, |
| 1897 last_index + 1, | 1899 NetLogEventPhase::NONE); |
| 1898 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, | |
| 1899 NetLog::PHASE_NONE); | |
| 1900 } | 1900 } |
| 1901 } | 1901 } |
| 1902 | 1902 |
| 1903 // Regression test for http://crbug.com/42538 | 1903 // Regression test for http://crbug.com/42538 |
| 1904 TEST_F(SSLClientSocketTest, PrematureApplicationData) { | 1904 TEST_F(SSLClientSocketTest, PrematureApplicationData) { |
| 1905 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 1905 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
| 1906 | 1906 |
| 1907 static const unsigned char application_data[] = { | 1907 static const unsigned char application_data[] = { |
| 1908 0x17, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00, 0x46, 0x03, 0x01, 0x4b, | 1908 0x17, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00, 0x46, 0x03, 0x01, 0x4b, |
| 1909 0xc2, 0xf8, 0xb2, 0xc1, 0x56, 0x42, 0xb9, 0x57, 0x7f, 0xde, 0x87, 0x46, | 1909 0xc2, 0xf8, 0xb2, 0xc1, 0x56, 0x42, 0xb9, 0x57, 0x7f, 0xde, 0x87, 0x46, |
| (...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2163 SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT); | 2163 SpawnedTestServer::SSLOptions::CERT_CHAIN_WRONG_ROOT); |
| 2164 ASSERT_TRUE(StartTestServer(ssl_options)); | 2164 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2165 | 2165 |
| 2166 int rv; | 2166 int rv; |
| 2167 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); | 2167 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); |
| 2168 EXPECT_THAT(rv, IsOk()); | 2168 EXPECT_THAT(rv, IsOk()); |
| 2169 EXPECT_TRUE(sock_->IsConnected()); | 2169 EXPECT_TRUE(sock_->IsConnected()); |
| 2170 | 2170 |
| 2171 TestNetLogEntry::List entries; | 2171 TestNetLogEntry::List entries; |
| 2172 log_.GetEntries(&entries); | 2172 log_.GetEntries(&entries); |
| 2173 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLog::TYPE_SSL_CONNECT)); | 2173 EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); |
| 2174 | 2174 |
| 2175 SSLInfo ssl_info; | 2175 SSLInfo ssl_info; |
| 2176 sock_->GetSSLInfo(&ssl_info); | 2176 sock_->GetSSLInfo(&ssl_info); |
| 2177 | 2177 |
| 2178 // Verify that SSLInfo contains the corrected re-constructed chain A -> B | 2178 // Verify that SSLInfo contains the corrected re-constructed chain A -> B |
| 2179 // -> C2. | 2179 // -> C2. |
| 2180 const X509Certificate::OSCertHandles& intermediates = | 2180 const X509Certificate::OSCertHandles& intermediates = |
| 2181 ssl_info.cert->GetIntermediateCertificates(); | 2181 ssl_info.cert->GetIntermediateCertificates(); |
| 2182 ASSERT_EQ(2U, intermediates.size()); | 2182 ASSERT_EQ(2U, intermediates.size()); |
| 2183 EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(), | 2183 EXPECT_TRUE(X509Certificate::IsSameOSCert(ssl_info.cert->os_cert_handle(), |
| (...skipping 1282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3466 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 3466 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 3467 | 3467 |
| 3468 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); | 3468 EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN)); |
| 3469 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); | 3469 EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING); |
| 3470 EXPECT_TRUE(ssl_info.cert_status & | 3470 EXPECT_TRUE(ssl_info.cert_status & |
| 3471 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); | 3471 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED); |
| 3472 EXPECT_TRUE(sock_->IsConnected()); | 3472 EXPECT_TRUE(sock_->IsConnected()); |
| 3473 } | 3473 } |
| 3474 | 3474 |
| 3475 } // namespace net | 3475 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2315613002:
Extracted NetLog class's inner enum types into their own enum classes and (Closed)
