OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "net/base/address_list.h" | 10 #include "net/base/address_list.h" |
11 #include "net/base/io_buffer.h" | 11 #include "net/base/io_buffer.h" |
12 #include "net/base/net_errors.h" | 12 #include "net/base/net_errors.h" |
13 #include "net/base/net_log.h" | 13 #include "net/base/net_log.h" |
14 #include "net/base/net_log_unittest.h" | 14 #include "net/base/net_log_unittest.h" |
15 #include "net/base/test_completion_callback.h" | 15 #include "net/base/test_completion_callback.h" |
16 #include "net/base/test_data_directory.h" | 16 #include "net/base/test_data_directory.h" |
17 #include "net/cert/mock_cert_verifier.h" | 17 #include "net/cert/mock_cert_verifier.h" |
18 #include "net/cert/test_root_certs.h" | 18 #include "net/cert/test_root_certs.h" |
19 #include "net/dns/host_resolver.h" | 19 #include "net/dns/host_resolver.h" |
20 #include "net/http/transport_security_state.h" | 20 #include "net/http/transport_security_state.h" |
21 #include "net/socket/client_socket_factory.h" | 21 #include "net/socket/client_socket_factory.h" |
22 #include "net/socket/client_socket_handle.h" | 22 #include "net/socket/client_socket_handle.h" |
23 #include "net/socket/socket_test_util.h" | 23 #include "net/socket/socket_test_util.h" |
24 #include "net/socket/tcp_client_socket.h" | 24 #include "net/socket/tcp_client_socket.h" |
25 #include "net/ssl/default_server_bound_cert_store.h" | |
25 #include "net/ssl/ssl_cert_request_info.h" | 26 #include "net/ssl/ssl_cert_request_info.h" |
26 #include "net/ssl/ssl_config_service.h" | 27 #include "net/ssl/ssl_config_service.h" |
27 #include "net/test/cert_test_util.h" | 28 #include "net/test/cert_test_util.h" |
28 #include "net/test/spawned_test_server/spawned_test_server.h" | 29 #include "net/test/spawned_test_server/spawned_test_server.h" |
29 #include "testing/gtest/include/gtest/gtest.h" | 30 #include "testing/gtest/include/gtest/gtest.h" |
30 #include "testing/platform_test.h" | 31 #include "testing/platform_test.h" |
31 | 32 |
32 //----------------------------------------------------------------------------- | 33 //----------------------------------------------------------------------------- |
33 | 34 |
34 namespace net { | 35 namespace net { |
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
550 } | 551 } |
551 SetResult(result); | 552 SetResult(result); |
552 } | 553 } |
553 | 554 |
554 StreamSocket* socket_; | 555 StreamSocket* socket_; |
555 CompletionCallback callback_; | 556 CompletionCallback callback_; |
556 | 557 |
557 DISALLOW_COPY_AND_ASSIGN(DeleteSocketCallback); | 558 DISALLOW_COPY_AND_ASSIGN(DeleteSocketCallback); |
558 }; | 559 }; |
559 | 560 |
561 // A ServerBoundCertStore that always returns an error when asked for a | |
562 // certificate. | |
563 class FailingServerBoundCertStore : public ServerBoundCertStore { | |
564 virtual int GetServerBoundCert(const std::string& server_identifier, | |
565 base::Time* expiration_time, | |
566 std::string* private_key_result, | |
567 std::string* cert_result, | |
568 const GetCertCallback& callback) OVERRIDE { | |
569 return ERR_UNEXPECTED; | |
570 } | |
571 virtual void SetServerBoundCert(const std::string& server_identifier, | |
572 base::Time creation_time, | |
573 base::Time expiration_time, | |
574 const std::string& private_key, | |
575 const std::string& cert) OVERRIDE {} | |
576 virtual void DeleteServerBoundCert(const std::string& server_identifier, | |
577 const base::Closure& completion_callback) | |
578 OVERRIDE {} | |
579 virtual void DeleteAllCreatedBetween(base::Time delete_begin, | |
580 base::Time delete_end, | |
581 const base::Closure& completion_callback) | |
582 OVERRIDE {} | |
583 virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {} | |
584 virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) | |
585 OVERRIDE {} | |
586 virtual int GetCertCount() OVERRIDE { return 0; } | |
587 virtual void SetForceKeepSessionState() OVERRIDE {} | |
588 }; | |
589 | |
560 class SSLClientSocketTest : public PlatformTest { | 590 class SSLClientSocketTest : public PlatformTest { |
561 public: | 591 public: |
562 SSLClientSocketTest() | 592 SSLClientSocketTest() |
563 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), | 593 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), |
564 cert_verifier_(new MockCertVerifier), | 594 cert_verifier_(new MockCertVerifier), |
565 transport_security_state_(new TransportSecurityState) { | 595 transport_security_state_(new TransportSecurityState) { |
566 cert_verifier_->set_default_result(OK); | 596 cert_verifier_->set_default_result(OK); |
567 context_.cert_verifier = cert_verifier_.get(); | 597 context_.cert_verifier = cert_verifier_.get(); |
568 context_.transport_security_state = transport_security_state_.get(); | 598 context_.transport_security_state = transport_security_state_.get(); |
569 } | 599 } |
570 | 600 |
571 protected: | 601 protected: |
572 scoped_ptr<SSLClientSocket> CreateSSLClientSocket( | 602 scoped_ptr<SSLClientSocket> CreateSSLClientSocket( |
573 scoped_ptr<StreamSocket> transport_socket, | 603 scoped_ptr<StreamSocket> transport_socket, |
574 const HostPortPair& host_and_port, | 604 const HostPortPair& host_and_port, |
575 const SSLConfig& ssl_config) { | 605 const SSLConfig& ssl_config) { |
576 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 606 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
577 connection->SetSocket(transport_socket.Pass()); | 607 connection->SetSocket(transport_socket.Pass()); |
578 return socket_factory_->CreateSSLClientSocket( | 608 return socket_factory_->CreateSSLClientSocket( |
579 connection.Pass(), host_and_port, ssl_config, context_); | 609 connection.Pass(), host_and_port, ssl_config, context_); |
580 } | 610 } |
581 | 611 |
612 // Connect to a HTTPS test server. | |
wtc
2014/05/07 19:23:24
Nit: it would be good to point out that this only
haavardm
2014/05/07 19:42:59
Done.
| |
613 bool ConnectToTestServer(SpawnedTestServer::SSLOptions& ssl_options) { | |
614 test_server_.reset(new SpawnedTestServer( | |
615 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath())); | |
616 if (!test_server_->Start()) { | |
617 LOG(ERROR) << "Could not start SpawnedTestServer"; | |
618 return false; | |
619 } | |
620 | |
621 if (!test_server_->GetAddressList(&addr_)) { | |
622 LOG(ERROR) << "Could not get SpawnedTestServer address list"; | |
623 return false; | |
624 } | |
625 | |
626 transport_.reset(new TCPClientSocket(addr_, &log_, NetLog::Source())); | |
627 int rv = callback_.GetResult(transport_->Connect(callback_.callback())); | |
628 if (rv != OK) { | |
629 LOG(ERROR) << "Could not connect to SpawnedTestServer"; | |
630 return false; | |
631 } | |
632 return true; | |
633 } | |
634 | |
635 // Create an SSLClientSocket object and use it to connect to a test | |
636 // server, then wait for connection results. This must be called after | |
637 // a successful ConnectToTestServer() call. | |
638 // |ssl_config| the SSL configuration to use. | |
639 // |result| will retrieve the ::Connect() result value. | |
640 // Returns true on success, false otherwise. Success means that the socket | |
641 // could be created and its Connect() was called, not that the connection | |
642 // itself was a success. | |
643 bool CreateAndConnectSSLClientSocket(SSLConfig& ssl_config, int* result) { | |
wtc
2014/05/07 19:23:24
Nit: this method is closely relaed to the CreateSS
haavardm
2014/05/07 19:42:59
Done.
| |
644 sock_ = CreateSSLClientSocket( | |
645 transport_.Pass(), test_server_->host_port_pair(), ssl_config); | |
646 | |
647 if (sock_->IsConnected()) { | |
648 LOG(ERROR) << "SSL Socket prematurely connected"; | |
649 return false; | |
650 } | |
651 | |
652 *result = callback_.GetResult(sock_->Connect(callback_.callback())); | |
653 return true; | |
654 } | |
wtc
2014/05/07 19:19:01
The indentation of lines 613-654) is off by one. L
haavardm
2014/05/07 19:42:59
Done.
| |
655 | |
582 ClientSocketFactory* socket_factory_; | 656 ClientSocketFactory* socket_factory_; |
583 scoped_ptr<MockCertVerifier> cert_verifier_; | 657 scoped_ptr<MockCertVerifier> cert_verifier_; |
584 scoped_ptr<TransportSecurityState> transport_security_state_; | 658 scoped_ptr<TransportSecurityState> transport_security_state_; |
585 SSLClientSocketContext context_; | 659 SSLClientSocketContext context_; |
660 scoped_ptr<SSLClientSocket> sock_; | |
661 CapturingNetLog log_; | |
wtc
2014/05/07 19:19:01
Do you think log_ needs to be a protected member?
haavardm
2014/05/07 19:42:59
Many of the the tests below could easily be conver
| |
662 | |
663 private: | |
664 scoped_ptr<StreamSocket> transport_; | |
665 scoped_ptr<SpawnedTestServer> test_server_; | |
666 TestCompletionCallback callback_; | |
667 AddressList addr_; | |
586 }; | 668 }; |
587 | 669 |
588 // Verifies the correctness of GetSSLCertRequestInfo. | 670 // Verifies the correctness of GetSSLCertRequestInfo. |
589 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest { | 671 class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest { |
590 protected: | 672 protected: |
591 // Creates a test server with the given SSLOptions, connects to it and returns | 673 // Creates a test server with the given SSLOptions, connects to it and returns |
592 // the SSLCertRequestInfo reported by the socket. | 674 // the SSLCertRequestInfo reported by the socket. |
593 scoped_refptr<SSLCertRequestInfo> GetCertRequest( | 675 scoped_refptr<SSLCertRequestInfo> GetCertRequest( |
594 SpawnedTestServer::SSLOptions ssl_options) { | 676 SpawnedTestServer::SSLOptions ssl_options) { |
595 SpawnedTestServer test_server( | 677 SpawnedTestServer test_server( |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
706 EXPECT_LT(0, rv); | 788 EXPECT_LT(0, rv); |
707 } else { | 789 } else { |
708 // False Start is not enabled, so the handshake will not complete because | 790 // False Start is not enabled, so the handshake will not complete because |
709 // the server second leg is blocked. | 791 // the server second leg is blocked. |
710 base::RunLoop().RunUntilIdle(); | 792 base::RunLoop().RunUntilIdle(); |
711 EXPECT_FALSE(callback.have_result()); | 793 EXPECT_FALSE(callback.have_result()); |
712 } | 794 } |
713 } | 795 } |
714 }; | 796 }; |
715 | 797 |
798 class SSLClientSocketChannelIDTest : public SSLClientSocketTest { | |
799 protected: | |
800 void EnableChannelID() { | |
801 cert_service_.reset( | |
802 new ServerBoundCertService(new DefaultServerBoundCertStore(NULL), | |
803 base::MessageLoopProxy::current())); | |
804 context_.server_bound_cert_service = cert_service_.get(); | |
805 } | |
806 | |
807 void EnableFailingChannelID() { | |
808 cert_service_.reset(new ServerBoundCertService( | |
809 new FailingServerBoundCertStore(), base::MessageLoopProxy::current())); | |
810 context_.server_bound_cert_service = cert_service_.get(); | |
811 } | |
812 | |
813 private: | |
814 scoped_ptr<ServerBoundCertService> cert_service_; | |
815 }; | |
816 | |
716 //----------------------------------------------------------------------------- | 817 //----------------------------------------------------------------------------- |
717 | 818 |
718 // LogContainsSSLConnectEndEvent returns true if the given index in the given | 819 // LogContainsSSLConnectEndEvent returns true if the given index in the given |
719 // log is an SSL connect end event. The NSS sockets will cork in an attempt to | 820 // log is an SSL connect end event. The NSS sockets will cork in an attempt to |
720 // merge the first application data record with the Finished message when false | 821 // merge the first application data record with the Finished message when false |
721 // starting. However, in order to avoid the server timing out the handshake, | 822 // starting. However, in order to avoid the server timing out the handshake, |
722 // they'll give up waiting for application data and send the Finished after a | 823 // they'll give up waiting for application data and send the Finished after a |
723 // timeout. This means that an SSL connect end event may appear as a socket | 824 // timeout. This means that an SSL connect end event may appear as a socket |
724 // write. | 825 // write. |
725 static bool LogContainsSSLConnectEndEvent( | 826 static bool LogContainsSSLConnectEndEvent( |
(...skipping 1630 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2356 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { | 2457 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { |
2357 SpawnedTestServer::SSLOptions server_options; | 2458 SpawnedTestServer::SSLOptions server_options; |
2358 server_options.key_exchanges = | 2459 server_options.key_exchanges = |
2359 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2460 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2360 server_options.enable_npn = true; | 2461 server_options.enable_npn = true; |
2361 SSLConfig client_config; | 2462 SSLConfig client_config; |
2362 client_config.next_protos.push_back("http/1.1"); | 2463 client_config.next_protos.push_back("http/1.1"); |
2363 TestFalseStart(server_options, client_config, false); | 2464 TestFalseStart(server_options, client_config, false); |
2364 } | 2465 } |
2365 | 2466 |
2467 // Connect to a server using channel id. It should allow the connection. | |
2468 TEST_F(SSLClientSocketChannelIDTest, SendChannelID) { | |
2469 SpawnedTestServer::SSLOptions ssl_options; | |
2470 | |
2471 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | |
2472 | |
2473 EnableChannelID(); | |
2474 SSLConfig ssl_config = kDefaultSSLConfig; | |
2475 ssl_config.channel_id_enabled = true; | |
2476 | |
2477 int rv; | |
2478 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2479 | |
2480 EXPECT_EQ(OK, rv); | |
2481 EXPECT_TRUE(sock_->IsConnected()); | |
2482 EXPECT_TRUE(sock_->WasChannelIDSent()); | |
2483 | |
2484 sock_->Disconnect(); | |
2485 EXPECT_FALSE(sock_->IsConnected()); | |
2486 } | |
2487 | |
2488 // Connect to a server using channel id but without sending a key. It should | |
2489 // fail. | |
2490 TEST_F(SSLClientSocketChannelIDTest, FailingChannelID) { | |
2491 SpawnedTestServer::SSLOptions ssl_options; | |
2492 | |
2493 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | |
2494 | |
2495 EnableFailingChannelID(); | |
2496 SSLConfig ssl_config = kDefaultSSLConfig; | |
2497 ssl_config.channel_id_enabled = true; | |
2498 | |
2499 int rv; | |
2500 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
2501 | |
2502 EXPECT_EQ(ERR_UNEXPECTED, rv); | |
2503 EXPECT_FALSE(sock_->IsConnected()); | |
2504 } | |
2505 | |
2366 } // namespace net | 2506 } // namespace net |
OLD | NEW |