Chromium Code Reviews Chromium Code Reviews
Issue 353713005:
Implements new, more robust design for communicating between SSLConnectJobs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <openssl/bio.h> | 10 #include <openssl/bio.h> |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 80 } | 80 } |
| 81 pkey->reset(result); | 81 pkey->reset(result); |
| 82 return true; | 82 return true; |
| 83 } | 83 } |
| 84 | 84 |
| 85 class SSLClientSocketOpenSSLClientAuthTest : public PlatformTest { | 85 class SSLClientSocketOpenSSLClientAuthTest : public PlatformTest { |
| 86 public: | 86 public: |
| 87 SSLClientSocketOpenSSLClientAuthTest() | 87 SSLClientSocketOpenSSLClientAuthTest() |
| 88 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), | 88 : socket_factory_(ClientSocketFactory::GetDefaultFactory()), |
| 89 cert_verifier_(new MockCertVerifier), | 89 cert_verifier_(new MockCertVerifier), |
| 90 transport_security_state_(new TransportSecurityState) { | 90 transport_security_state_(new TransportSecurityState), |
| 91 ran_handshake_completion_callback_(false) { | |
|
wtc
2014/08/03 01:49:10
I think you should undo all changes in this file.
mshelley
2014/08/03 23:37:09
Done.
| |
| 91 cert_verifier_->set_default_result(OK); | 92 cert_verifier_->set_default_result(OK); |
| 92 context_.cert_verifier = cert_verifier_.get(); | 93 context_.cert_verifier = cert_verifier_.get(); |
| 93 context_.transport_security_state = transport_security_state_.get(); | 94 context_.transport_security_state = transport_security_state_.get(); |
| 94 key_store_ = OpenSSLClientKeyStore::GetInstance(); | 95 key_store_ = OpenSSLClientKeyStore::GetInstance(); |
| 95 } | 96 } |
| 96 | 97 |
| 97 virtual ~SSLClientSocketOpenSSLClientAuthTest() { | 98 virtual ~SSLClientSocketOpenSSLClientAuthTest() { |
| 98 key_store_->Flush(); | 99 key_store_->Flush(); |
| 99 } | 100 } |
| 100 | 101 |
| 102 void RecordCompletedHandshake() { ran_handshake_completion_callback_ = true; } | |
| 103 | |
| 101 protected: | 104 protected: |
| 102 scoped_ptr<SSLClientSocket> CreateSSLClientSocket( | 105 scoped_ptr<SSLClientSocket> CreateSSLClientSocket( |
| 103 scoped_ptr<StreamSocket> transport_socket, | 106 scoped_ptr<StreamSocket> transport_socket, |
| 104 const HostPortPair& host_and_port, | 107 const HostPortPair& host_and_port, |
| 105 const SSLConfig& ssl_config) { | 108 const SSLConfig& ssl_config) { |
| 106 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 109 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
| 107 connection->SetSocket(transport_socket.Pass()); | 110 connection->SetSocket(transport_socket.Pass()); |
| 108 return socket_factory_->CreateSSLClientSocket(connection.Pass(), | 111 return socket_factory_->CreateSSLClientSocket(connection.Pass(), |
| 109 host_and_port, | 112 host_and_port, |
| 110 ssl_config, | 113 ssl_config, |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 155 // |result| will retrieve the ::Connect() result value. | 158 // |result| will retrieve the ::Connect() result value. |
| 156 // Returns true on succes, false otherwise. Success means that the socket | 159 // Returns true on succes, false otherwise. Success means that the socket |
| 157 // could be created and its Connect() was called, not that the connection | 160 // could be created and its Connect() was called, not that the connection |
| 158 // itself was a success. | 161 // itself was a success. |
| 159 bool CreateAndConnectSSLClientSocket(SSLConfig& ssl_config, | 162 bool CreateAndConnectSSLClientSocket(SSLConfig& ssl_config, |
| 160 int* result) { | 163 int* result) { |
| 161 sock_ = CreateSSLClientSocket(transport_.Pass(), | 164 sock_ = CreateSSLClientSocket(transport_.Pass(), |
| 162 test_server_->host_port_pair(), | 165 test_server_->host_port_pair(), |
| 163 ssl_config); | 166 ssl_config); |
| 164 | 167 |
| 168 sock_->SetHandshakeCompletionCallback(base::Bind( | |
| 169 &SSLClientSocketOpenSSLClientAuthTest::RecordCompletedHandshake, | |
| 170 base::Unretained(this))); | |
| 171 | |
| 165 if (sock_->IsConnected()) { | 172 if (sock_->IsConnected()) { |
| 166 LOG(ERROR) << "SSL Socket prematurely connected"; | 173 LOG(ERROR) << "SSL Socket prematurely connected"; |
| 167 return false; | 174 return false; |
| 168 } | 175 } |
| 169 | 176 |
| 170 *result = callback_.GetResult(sock_->Connect(callback_.callback())); | 177 *result = callback_.GetResult(sock_->Connect(callback_.callback())); |
| 171 return true; | 178 return true; |
| 172 } | 179 } |
| 173 | 180 |
| 174 | 181 |
| 175 // Check that the client certificate was sent. | 182 // Check that the client certificate was sent. |
| 176 // Returns true on success. | 183 // Returns true on success. |
| 177 bool CheckSSLClientSocketSentCert() { | 184 bool CheckSSLClientSocketSentCert() { |
| 178 SSLInfo ssl_info; | 185 SSLInfo ssl_info; |
| 179 sock_->GetSSLInfo(&ssl_info); | 186 sock_->GetSSLInfo(&ssl_info); |
| 180 return ssl_info.client_cert_sent; | 187 return ssl_info.client_cert_sent; |
| 181 } | 188 } |
| 182 | 189 |
| 183 ClientSocketFactory* socket_factory_; | 190 ClientSocketFactory* socket_factory_; |
| 184 scoped_ptr<MockCertVerifier> cert_verifier_; | 191 scoped_ptr<MockCertVerifier> cert_verifier_; |
| 185 scoped_ptr<TransportSecurityState> transport_security_state_; | 192 scoped_ptr<TransportSecurityState> transport_security_state_; |
| 186 SSLClientSocketContext context_; | 193 SSLClientSocketContext context_; |
| 187 OpenSSLClientKeyStore* key_store_; | 194 OpenSSLClientKeyStore* key_store_; |
| 188 scoped_ptr<SpawnedTestServer> test_server_; | 195 scoped_ptr<SpawnedTestServer> test_server_; |
| 189 AddressList addr_; | 196 AddressList addr_; |
| 190 TestCompletionCallback callback_; | 197 TestCompletionCallback callback_; |
| 191 CapturingNetLog log_; | 198 CapturingNetLog log_; |
| 192 scoped_ptr<StreamSocket> transport_; | 199 scoped_ptr<StreamSocket> transport_; |
| 193 scoped_ptr<SSLClientSocket> sock_; | 200 scoped_ptr<SSLClientSocket> sock_; |
| 201 bool ran_handshake_completion_callback_; | |
| 194 }; | 202 }; |
| 195 | 203 |
| 196 // Connect to a server requesting client authentication, do not send | 204 // Connect to a server requesting client authentication, do not send |
| 197 // any client certificates. It should refuse the connection. | 205 // any client certificates. It should refuse the connection. |
| 198 TEST_F(SSLClientSocketOpenSSLClientAuthTest, NoCert) { | 206 TEST_F(SSLClientSocketOpenSSLClientAuthTest, NoCert) { |
| 199 SpawnedTestServer::SSLOptions ssl_options; | 207 SpawnedTestServer::SSLOptions ssl_options; |
| 200 ssl_options.request_client_certificate = true; | 208 ssl_options.request_client_certificate = true; |
| 201 | 209 |
| 202 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | 210 ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
| 203 | 211 |
| 204 base::FilePath certs_dir = GetTestCertsDirectory(); | 212 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 205 SSLConfig ssl_config = kDefaultSSLConfig; | 213 SSLConfig ssl_config = kDefaultSSLConfig; |
| 206 | 214 |
| 207 int rv; | 215 int rv; |
| 208 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 216 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 209 | 217 |
| 210 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 218 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 211 EXPECT_FALSE(sock_->IsConnected()); | 219 EXPECT_FALSE(sock_->IsConnected()); |
| 220 EXPECT_TRUE(ran_handshake_completion_callback_); | |
| 212 } | 221 } |
| 213 | 222 |
| 214 // Connect to a server requesting client authentication, and send it | 223 // Connect to a server requesting client authentication, and send it |
| 215 // an empty certificate. It should refuse the connection. | 224 // an empty certificate. It should refuse the connection. |
| 216 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) { | 225 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) { |
| 217 SpawnedTestServer::SSLOptions ssl_options; | 226 SpawnedTestServer::SSLOptions ssl_options; |
| 218 ssl_options.request_client_certificate = true; | 227 ssl_options.request_client_certificate = true; |
| 219 ssl_options.client_authorities.push_back( | 228 ssl_options.client_authorities.push_back( |
| 220 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); | 229 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); |
| 221 | 230 |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 259 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 268 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 260 | 269 |
| 261 EXPECT_EQ(OK, rv); | 270 EXPECT_EQ(OK, rv); |
| 262 EXPECT_TRUE(sock_->IsConnected()); | 271 EXPECT_TRUE(sock_->IsConnected()); |
| 263 | 272 |
| 264 EXPECT_TRUE(CheckSSLClientSocketSentCert()); | 273 EXPECT_TRUE(CheckSSLClientSocketSentCert()); |
| 265 | 274 |
| 266 sock_->Disconnect(); | 275 sock_->Disconnect(); |
| 267 EXPECT_FALSE(sock_->IsConnected()); | 276 EXPECT_FALSE(sock_->IsConnected()); |
| 268 } | 277 } |
| 278 | |
| 269 #endif // defined(USE_OPENSSL_CERTS) | 279 #endif // defined(USE_OPENSSL_CERTS) |
| 270 | 280 |
| 271 } // namespace | 281 } // namespace |
| 282 | |
| 272 } // namespace net | 283 } // namespace net |
| OLD | NEW |
