Chromium Code Reviews Chromium Code Reviews
Issue 353713005:
Implements new, more robust design for communicating between SSLConnectJobs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <openssl/bio.h> | 10 #include <openssl/bio.h> |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 91 } | 91 } |
| 92 pkey->reset(result); | 92 pkey->reset(result); |
| 93 return true; | 93 return true; |
| 94 } | 94 } |
| 95 | 95 |
| 96 class SSLClientSocketOpenSSLClientAuthTest : public PlatformTest { | 96 class SSLClientSocketOpenSSLClientAuthTest : public PlatformTest { |
| 97 public: | 97 public: |
| 98 SSLClientSocketOpenSSLClientAuthTest() | 98 SSLClientSocketOpenSSLClientAuthTest() |
| 99 : socket_factory_(net::ClientSocketFactory::GetDefaultFactory()), | 99 : socket_factory_(net::ClientSocketFactory::GetDefaultFactory()), |
| 100 cert_verifier_(new net::MockCertVerifier), | 100 cert_verifier_(new net::MockCertVerifier), |
| 101 transport_security_state_(new net::TransportSecurityState) { | 101 transport_security_state_(new net::TransportSecurityState), |
| 102 ran_completion_callback_(false) { | |
| 102 cert_verifier_->set_default_result(net::OK); | 103 cert_verifier_->set_default_result(net::OK); |
| 103 context_.cert_verifier = cert_verifier_.get(); | 104 context_.cert_verifier = cert_verifier_.get(); |
| 104 context_.transport_security_state = transport_security_state_.get(); | 105 context_.transport_security_state = transport_security_state_.get(); |
| 105 key_store_ = net::OpenSSLClientKeyStore::GetInstance(); | 106 key_store_ = net::OpenSSLClientKeyStore::GetInstance(); |
| 106 } | 107 } |
| 107 | 108 |
| 108 virtual ~SSLClientSocketOpenSSLClientAuthTest() { | 109 virtual ~SSLClientSocketOpenSSLClientAuthTest() { |
| 109 key_store_->Flush(); | 110 key_store_->Flush(); |
| 110 } | 111 } |
| 111 | 112 |
| 113 void RecordCompletedHandshake() { ran_completion_callback_ = true; } | |
| 114 | |
| 112 protected: | 115 protected: |
| 113 scoped_ptr<SSLClientSocket> CreateSSLClientSocket( | 116 scoped_ptr<SSLClientSocket> CreateSSLClientSocket( |
| 114 scoped_ptr<StreamSocket> transport_socket, | 117 scoped_ptr<StreamSocket> transport_socket, |
| 115 const HostPortPair& host_and_port, | 118 const HostPortPair& host_and_port, |
| 116 const SSLConfig& ssl_config) { | 119 const SSLConfig& ssl_config) { |
| 117 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 120 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
| 118 connection->SetSocket(transport_socket.Pass()); | 121 connection->SetSocket(transport_socket.Pass()); |
| 119 return socket_factory_->CreateSSLClientSocket(connection.Pass(), | 122 return socket_factory_->CreateSSLClientSocket(connection.Pass(), |
| 120 host_and_port, | 123 host_and_port, |
| 121 ssl_config, | 124 ssl_config, |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 166 // |result| will retrieve the ::Connect() result value. | 169 // |result| will retrieve the ::Connect() result value. |
| 167 // Returns true on succes, false otherwise. Success means that the socket | 170 // Returns true on succes, false otherwise. Success means that the socket |
| 168 // could be created and its Connect() was called, not that the connection | 171 // could be created and its Connect() was called, not that the connection |
| 169 // itself was a success. | 172 // itself was a success. |
| 170 bool CreateAndConnectSSLClientSocket(SSLConfig& ssl_config, | 173 bool CreateAndConnectSSLClientSocket(SSLConfig& ssl_config, |
| 171 int* result) { | 174 int* result) { |
| 172 sock_ = CreateSSLClientSocket(transport_.Pass(), | 175 sock_ = CreateSSLClientSocket(transport_.Pass(), |
| 173 test_server_->host_port_pair(), | 176 test_server_->host_port_pair(), |
| 174 ssl_config); | 177 ssl_config); |
| 175 | 178 |
| 179 sock_->SetHandshakeCompletionCallback(base::Bind( | |
| 180 &SSLClientSocketOpenSSLClientAuthTest::RecordCompletedHandshake, | |
| 181 base::Unretained(this))); | |
| 182 | |
| 176 if (sock_->IsConnected()) { | 183 if (sock_->IsConnected()) { |
| 177 LOG(ERROR) << "SSL Socket prematurely connected"; | 184 LOG(ERROR) << "SSL Socket prematurely connected"; |
| 178 return false; | 185 return false; |
| 179 } | 186 } |
| 180 | 187 |
| 181 *result = callback_.GetResult(sock_->Connect(callback_.callback())); | 188 *result = callback_.GetResult(sock_->Connect(callback_.callback())); |
| 182 return true; | 189 return true; |
| 183 } | 190 } |
| 184 | 191 |
| 185 | 192 |
| 186 // Check that the client certificate was sent. | 193 // Check that the client certificate was sent. |
| 187 // Returns true on success. | 194 // Returns true on success. |
| 188 bool CheckSSLClientSocketSentCert() { | 195 bool CheckSSLClientSocketSentCert() { |
| 189 SSLInfo ssl_info; | 196 SSLInfo ssl_info; |
| 190 sock_->GetSSLInfo(&ssl_info); | 197 sock_->GetSSLInfo(&ssl_info); |
| 191 return ssl_info.client_cert_sent; | 198 return ssl_info.client_cert_sent; |
| 192 } | 199 } |
| 193 | 200 |
| 194 ClientSocketFactory* socket_factory_; | 201 ClientSocketFactory* socket_factory_; |
| 195 scoped_ptr<MockCertVerifier> cert_verifier_; | 202 scoped_ptr<MockCertVerifier> cert_verifier_; |
| 196 scoped_ptr<TransportSecurityState> transport_security_state_; | 203 scoped_ptr<TransportSecurityState> transport_security_state_; |
| 197 SSLClientSocketContext context_; | 204 SSLClientSocketContext context_; |
| 198 OpenSSLClientKeyStore* key_store_; | 205 OpenSSLClientKeyStore* key_store_; |
| 199 scoped_ptr<SpawnedTestServer> test_server_; | 206 scoped_ptr<SpawnedTestServer> test_server_; |
| 200 AddressList addr_; | 207 AddressList addr_; |
| 201 TestCompletionCallback callback_; | 208 TestCompletionCallback callback_; |
| 202 CapturingNetLog log_; | 209 CapturingNetLog log_; |
| 203 scoped_ptr<StreamSocket> transport_; | 210 scoped_ptr<StreamSocket> transport_; |
| 204 scoped_ptr<SSLClientSocket> sock_; | 211 scoped_ptr<SSLClientSocket> sock_; |
| 212 bool ran_completion_callback_; | |
|
wtc
2014/07/30 21:56:57
Because of the "TestCompletionCallback callback_"
mshelley
2014/07/31 00:51:21
Done.
| |
| 205 }; | 213 }; |
| 206 | 214 |
| 207 // Connect to a server requesting client authentication, do not send | 215 // Connect to a server requesting client authentication, do not send |
| 208 // any client certificates. It should refuse the connection. | 216 // any client certificates. It should refuse the connection. |
| 209 TEST_F(SSLClientSocketOpenSSLClientAuthTest, NoCert) { | 217 TEST_F(SSLClientSocketOpenSSLClientAuthTest, NoCert) { |
| 210 SpawnedTestServer::SSLOptions ssl_options; | 218 SpawnedTestServer::SSLOptions ssl_options; |
| 211 ssl_options.request_client_certificate = true; | 219 ssl_options.request_client_certificate = true; |
| 212 | 220 |
| 213 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | 221 ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
| 214 | 222 |
| 215 base::FilePath certs_dir = GetTestCertsDirectory(); | 223 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 216 SSLConfig ssl_config = kDefaultSSLConfig; | 224 SSLConfig ssl_config = kDefaultSSLConfig; |
| 217 | 225 |
| 218 int rv; | 226 int rv; |
| 219 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 227 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 220 | 228 |
| 221 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 229 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 222 EXPECT_FALSE(sock_->IsConnected()); | 230 EXPECT_FALSE(sock_->IsConnected()); |
| 231 EXPECT_TRUE(ran_completion_callback_); | |
| 223 } | 232 } |
| 224 | 233 |
| 225 // Connect to a server requesting client authentication, and send it | 234 // Connect to a server requesting client authentication, and send it |
| 226 // an empty certificate. It should refuse the connection. | 235 // an empty certificate. It should refuse the connection. |
| 227 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) { | 236 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) { |
| 228 SpawnedTestServer::SSLOptions ssl_options; | 237 SpawnedTestServer::SSLOptions ssl_options; |
| 229 ssl_options.request_client_certificate = true; | 238 ssl_options.request_client_certificate = true; |
| 230 ssl_options.client_authorities.push_back( | 239 ssl_options.client_authorities.push_back( |
| 231 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); | 240 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); |
| 232 | 241 |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 274 | 283 |
| 275 EXPECT_TRUE(CheckSSLClientSocketSentCert()); | 284 EXPECT_TRUE(CheckSSLClientSocketSentCert()); |
| 276 | 285 |
| 277 sock_->Disconnect(); | 286 sock_->Disconnect(); |
| 278 EXPECT_FALSE(sock_->IsConnected()); | 287 EXPECT_FALSE(sock_->IsConnected()); |
| 279 } | 288 } |
| 280 #endif // defined(USE_OPENSSL_CERTS) | 289 #endif // defined(USE_OPENSSL_CERTS) |
| 281 | 290 |
| 282 } // namespace | 291 } // namespace |
| 283 } // namespace net | 292 } // namespace net |
| OLD | NEW |
