OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <memory> | 5 #include <memory> |
6 #include <utility> | 6 #include <utility> |
7 | 7 |
8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
(...skipping 3403 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3414 public: | 3414 public: |
3415 TestSSLConfigService(bool ev_enabled, | 3415 TestSSLConfigService(bool ev_enabled, |
3416 bool online_rev_checking, | 3416 bool online_rev_checking, |
3417 bool rev_checking_required_local_anchors, | 3417 bool rev_checking_required_local_anchors, |
3418 bool token_binding_enabled) | 3418 bool token_binding_enabled) |
3419 : ev_enabled_(ev_enabled), | 3419 : ev_enabled_(ev_enabled), |
3420 online_rev_checking_(online_rev_checking), | 3420 online_rev_checking_(online_rev_checking), |
3421 rev_checking_required_local_anchors_( | 3421 rev_checking_required_local_anchors_( |
3422 rev_checking_required_local_anchors), | 3422 rev_checking_required_local_anchors), |
3423 token_binding_enabled_(token_binding_enabled), | 3423 token_binding_enabled_(token_binding_enabled), |
3424 min_version_(kDefaultSSLVersionMin) {} | 3424 min_version_(kDefaultSSLVersionMin), |
3425 max_version_(kDefaultSSLVersionMax) {} | |
3425 | 3426 |
3427 void set_max_version(uint16_t version) { max_version_ = version; } | |
3426 void set_min_version(uint16_t version) { min_version_ = version; } | 3428 void set_min_version(uint16_t version) { min_version_ = version; } |
3427 | 3429 |
3428 // SSLConfigService: | 3430 // SSLConfigService: |
3429 void GetSSLConfig(SSLConfig* config) override { | 3431 void GetSSLConfig(SSLConfig* config) override { |
3430 *config = SSLConfig(); | 3432 *config = SSLConfig(); |
3431 config->rev_checking_enabled = online_rev_checking_; | 3433 config->rev_checking_enabled = online_rev_checking_; |
3432 config->verify_ev_cert = ev_enabled_; | 3434 config->verify_ev_cert = ev_enabled_; |
3433 config->rev_checking_required_local_anchors = | 3435 config->rev_checking_required_local_anchors = |
3434 rev_checking_required_local_anchors_; | 3436 rev_checking_required_local_anchors_; |
3435 if (min_version_) { | 3437 config->version_min = min_version_; |
3436 config->version_min = min_version_; | 3438 config->version_max = max_version_; |
3437 } | |
3438 if (token_binding_enabled_) { | 3439 if (token_binding_enabled_) { |
3439 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); | 3440 config->token_binding_params.push_back(TB_PARAM_ECDSAP256); |
3440 } | 3441 } |
3441 } | 3442 } |
3442 | 3443 |
3443 protected: | 3444 protected: |
3444 ~TestSSLConfigService() override {} | 3445 ~TestSSLConfigService() override {} |
3445 | 3446 |
3446 private: | 3447 private: |
3447 const bool ev_enabled_; | 3448 const bool ev_enabled_; |
3448 const bool online_rev_checking_; | 3449 const bool online_rev_checking_; |
3449 const bool rev_checking_required_local_anchors_; | 3450 const bool rev_checking_required_local_anchors_; |
3450 const bool token_binding_enabled_; | 3451 const bool token_binding_enabled_; |
3451 uint16_t min_version_; | 3452 uint16_t min_version_; |
3453 uint16_t max_version_; | |
3452 }; | 3454 }; |
3453 | 3455 |
3454 // TODO(svaldez): Update tests to use EmbeddedTestServer. | 3456 // TODO(svaldez): Update tests to use EmbeddedTestServer. |
3455 #if !defined(OS_IOS) | 3457 #if !defined(OS_IOS) |
3456 class TokenBindingURLRequestTest : public URLRequestTestHTTP { | 3458 class TokenBindingURLRequestTest : public URLRequestTestHTTP { |
3457 public: | 3459 public: |
3458 TokenBindingURLRequestTest() = default; | 3460 TokenBindingURLRequestTest() = default; |
3459 | 3461 |
3460 void SetUp() override { | 3462 void SetUp() override { |
3461 default_context_.set_ssl_config_service( | 3463 default_context_.set_ssl_config_service( |
(...skipping 5769 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
9231 // With a newline at the end which makes the split think that there are | 9233 // With a newline at the end which makes the split think that there are |
9232 // three lines. | 9234 // three lines. |
9233 | 9235 |
9234 EXPECT_EQ(1, d.response_started_count()); | 9236 EXPECT_EQ(1, d.response_started_count()); |
9235 AssertTwoDistinctSessionsInserted(d.data_received()); | 9237 AssertTwoDistinctSessionsInserted(d.data_received()); |
9236 } | 9238 } |
9237 } | 9239 } |
9238 | 9240 |
9239 class HTTPSFallbackTest : public testing::Test { | 9241 class HTTPSFallbackTest : public testing::Test { |
9240 public: | 9242 public: |
9241 HTTPSFallbackTest() : context_(true) {} | 9243 HTTPSFallbackTest() |
9244 : scoped_task_scheduler_(base::MessageLoop::current()), context_(true) { | |
9245 ssl_config_service_ = new TestSSLConfigService( | |
9246 true /* check for EV */, false /* online revocation checking */, | |
9247 false /* require rev. checking for local | |
9248 anchors */, | |
svaldez
2017/04/10 19:10:32
clang format?
davidben
2017/04/10 19:52:25
That's what clang-format did. but I think it got c
| |
9249 false /* token binding enabled */); | |
9250 context_.set_ssl_config_service(ssl_config_service_.get()); | |
9251 } | |
9242 ~HTTPSFallbackTest() override {} | 9252 ~HTTPSFallbackTest() override {} |
9243 | 9253 |
9244 protected: | 9254 protected: |
9255 TestSSLConfigService* ssl_config_service() { | |
9256 return ssl_config_service_.get(); | |
9257 } | |
9258 | |
9245 void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { | 9259 void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { |
9246 DCHECK(!request_); | 9260 DCHECK(!request_); |
9247 context_.Init(); | 9261 context_.Init(); |
9248 delegate_.set_allow_certificate_errors(true); | 9262 delegate_.set_allow_certificate_errors(true); |
9249 | 9263 |
9250 SpawnedTestServer test_server( | 9264 SpawnedTestServer test_server( |
9251 SpawnedTestServer::TYPE_HTTPS, | 9265 SpawnedTestServer::TYPE_HTTPS, |
9252 ssl_options, | 9266 ssl_options, |
9253 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 9267 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
9254 ASSERT_TRUE(test_server.Start()); | 9268 ASSERT_TRUE(test_server.Start()); |
9255 | 9269 |
9256 request_ = context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, | 9270 request_ = context_.CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY, |
9257 &delegate_); | 9271 &delegate_); |
9258 request_->Start(); | 9272 request_->Start(); |
9259 | 9273 |
9260 base::RunLoop().Run(); | 9274 base::RunLoop().Run(); |
9261 } | 9275 } |
9262 | 9276 |
9277 void ExpectConnection(int version) { | |
9278 EXPECT_EQ(1, delegate_.response_started_count()); | |
9279 EXPECT_NE(0, delegate_.bytes_received()); | |
9280 EXPECT_EQ(version, SSLConnectionStatusToVersion( | |
9281 request_->ssl_info().connection_status)); | |
9282 } | |
9283 | |
9263 void ExpectFailure(int error) { | 9284 void ExpectFailure(int error) { |
9264 EXPECT_EQ(1, delegate_.response_started_count()); | 9285 EXPECT_EQ(1, delegate_.response_started_count()); |
9265 EXPECT_EQ(error, delegate_.request_status()); | 9286 EXPECT_EQ(error, delegate_.request_status()); |
9266 } | 9287 } |
9267 | 9288 |
9268 private: | 9289 private: |
9290 // Required by ChannelIDService. | |
9291 base::test::ScopedTaskScheduler scoped_task_scheduler_; | |
9269 TestDelegate delegate_; | 9292 TestDelegate delegate_; |
9270 TestURLRequestContext context_; | 9293 TestURLRequestContext context_; |
9271 std::unique_ptr<URLRequest> request_; | 9294 std::unique_ptr<URLRequest> request_; |
9295 scoped_refptr<TestSSLConfigService> ssl_config_service_; | |
9272 }; | 9296 }; |
9273 | 9297 |
9274 // Tests the TLS 1.0 fallback doesn't happen. | 9298 // Tests the TLS 1.0 fallback doesn't happen. |
9275 TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { | 9299 TEST_F(HTTPSFallbackTest, TLSv1NoFallback) { |
9276 SpawnedTestServer::SSLOptions ssl_options( | 9300 SpawnedTestServer::SSLOptions ssl_options( |
9277 SpawnedTestServer::SSLOptions::CERT_OK); | 9301 SpawnedTestServer::SSLOptions::CERT_OK); |
9278 ssl_options.tls_intolerant = | 9302 ssl_options.tls_intolerant = |
9279 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; | 9303 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1; |
9280 | 9304 |
9281 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 9305 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
9282 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); | 9306 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
9283 } | 9307 } |
9284 | 9308 |
9285 // Tests the TLS 1.1 fallback doesn't happen. | 9309 // Tests the TLS 1.1 fallback doesn't happen. |
9286 TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { | 9310 TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { |
9287 SpawnedTestServer::SSLOptions ssl_options( | 9311 SpawnedTestServer::SSLOptions ssl_options( |
9288 SpawnedTestServer::SSLOptions::CERT_OK); | 9312 SpawnedTestServer::SSLOptions::CERT_OK); |
9289 ssl_options.tls_intolerant = | 9313 ssl_options.tls_intolerant = |
9290 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; | 9314 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2; |
9291 | 9315 |
9292 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | 9316 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); |
9293 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); | 9317 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); |
9294 } | 9318 } |
9295 | 9319 |
9320 // Tests that TLS 1.3 interference results in a dedicated error code. | |
9321 TEST_F(HTTPSFallbackTest, TLSv1_3Interference) { | |
9322 SpawnedTestServer::SSLOptions ssl_options( | |
9323 SpawnedTestServer::SSLOptions::CERT_OK); | |
9324 ssl_options.tls_intolerant = | |
9325 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; | |
9326 ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_3); | |
9327 | |
9328 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | |
9329 ExpectFailure(ERR_SSL_VERSION_INTERFERENCE); | |
9330 } | |
9331 | |
9332 // Tests that disabling TLS 1.3 leaves TLS 1.3 interference unnoticed. | |
9333 TEST_F(HTTPSFallbackTest, TLSv1_3InterferenceDisableVersion) { | |
9334 SpawnedTestServer::SSLOptions ssl_options( | |
9335 SpawnedTestServer::SSLOptions::CERT_OK); | |
9336 ssl_options.tls_intolerant = | |
9337 SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; | |
9338 ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_2); | |
9339 | |
9340 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); | |
9341 ExpectConnection(SSL_CONNECTION_VERSION_TLS1_2); | |
9342 } | |
9343 | |
9296 class HTTPSSessionTest : public testing::Test { | 9344 class HTTPSSessionTest : public testing::Test { |
9297 public: | 9345 public: |
9298 HTTPSSessionTest() | 9346 HTTPSSessionTest() |
9299 : scoped_task_scheduler_(base::MessageLoop::current()), | 9347 : scoped_task_scheduler_(base::MessageLoop::current()), |
9300 default_context_(true) { | 9348 default_context_(true) { |
9301 cert_verifier_.set_default_result(OK); | 9349 cert_verifier_.set_default_result(OK); |
9302 | 9350 |
9303 default_context_.set_network_delegate(&default_network_delegate_); | 9351 default_context_.set_network_delegate(&default_network_delegate_); |
9304 default_context_.set_cert_verifier(&cert_verifier_); | 9352 default_context_.set_cert_verifier(&cert_verifier_); |
9305 default_context_.Init(); | 9353 default_context_.Init(); |
(...skipping 1565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
10871 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10919 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
10872 | 10920 |
10873 req->Start(); | 10921 req->Start(); |
10874 req->Cancel(); | 10922 req->Cancel(); |
10875 base::RunLoop().RunUntilIdle(); | 10923 base::RunLoop().RunUntilIdle(); |
10876 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 10924 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
10877 EXPECT_EQ(0, d.received_redirect_count()); | 10925 EXPECT_EQ(0, d.received_redirect_count()); |
10878 } | 10926 } |
10879 | 10927 |
10880 } // namespace net | 10928 } // namespace net |
OLD | NEW |