An implementation of chrome.socket.secure().

chrome/browser/extensions/api/socket/tls_socket_unittest.cc

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/api/socket/tls_socket.h"
+
+#include "base/memory/scoped_ptr.h"
+#include "base/strings/string_piece.h"
+#include "net/base/address_list.h"
+#include "net/base/completion_callback.h"
+#include "net/base/io_buffer.h"
+#include "net/base/net_errors.h"
+#include "net/base/rand_callback.h"
+#include "net/socket/ssl_client_socket.h"
+#include "net/socket/tcp_client_socket.h"
+#include "testing/gmock/include/gmock/gmock.h"
+
+using testing::_;
+using testing::DoAll;
+using testing::Invoke;
+using testing::Gt;
+using testing::Le;
+using testing::Lt;
+using testing::Return;
+using testing::SaveArg;
+using testing::WithArg;
+using base::StringPiece;
+
+namespace net {
+class ServerBoundCertService;
+}
+
+namespace extensions {
+
+class MockSSLClientSocket : public net::SSLClientSocket {
+ public:
+  MockSSLClientSocket() {}
+  MOCK_METHOD0(Disconnect, void());
+  MOCK_METHOD3(Read,
+               int(net::IOBuffer* buf,
+                   int buf_len,
+                   const net::CompletionCallback& callback));
+  MOCK_METHOD3(Write,
+               int(net::IOBuffer* buf,
+                   int buf_len,
+                   const net::CompletionCallback& callback));
+  MOCK_METHOD1(SetReceiveBufferSize, bool(int32));
+  MOCK_METHOD1(SetSendBufferSize, bool(int32));
+  MOCK_METHOD1(Connect, int(const CompletionCallback&));
+  MOCK_CONST_METHOD0(IsConnectedAndIdle, bool());
+  MOCK_CONST_METHOD1(GetPeerAddress, int(net::IPEndPoint*));
+  MOCK_CONST_METHOD1(GetLocalAddress, int(net::IPEndPoint*));
+  MOCK_CONST_METHOD0(NetLog, const net::BoundNetLog&());
+  MOCK_METHOD0(SetSubresourceSpeculation, void());
+  MOCK_METHOD0(SetOmniboxSpeculation, void());
+  MOCK_CONST_METHOD0(WasEverUsed, bool());
+  MOCK_CONST_METHOD0(UsingTCPFastOpen, bool());
+  MOCK_METHOD1(GetSSLInfo, bool(net::SSLInfo*));
+  MOCK_METHOD5(ExportKeyingMaterial,
+               int(const StringPiece&,
+                   bool,
+                   const StringPiece&,
+                   unsigned char*,
+                   unsigned int));
+  MOCK_METHOD1(GetTLSUniqueChannelBinding, int(std::string*));
+  MOCK_METHOD1(GetSSLCertRequestInfo, void(net::SSLCertRequestInfo*));
+  MOCK_METHOD2(GetNextProto,
+               net::SSLClientSocket::NextProtoStatus(std::string*,
+                                                     std::string*));
+  MOCK_CONST_METHOD0(GetServerBoundCertService, net::ServerBoundCertService*());
+  virtual bool IsConnected() const OVERRIDE { return true; }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockSSLClientSocket);
+};
+
+class MockTCPSocket : public net::TCPClientSocket {
+ public:
+  explicit MockTCPSocket(const net::AddressList& address_list)
+      : net::TCPClientSocket(address_list, NULL, net::NetLog::Source()) {}
+
+  MOCK_METHOD3(Read,
+               int(net::IOBuffer* buf,
+                   int buf_len,
+                   const net::CompletionCallback& callback));
+  MOCK_METHOD3(Write,
+               int(net::IOBuffer* buf,
+                   int buf_len,
+                   const net::CompletionCallback& callback));
+  MOCK_METHOD2(SetKeepAlive, bool(bool enable, int delay));
+  MOCK_METHOD1(SetNoDelay, bool(bool no_delay));
+
+  virtual bool IsConnected() const OVERRIDE { return true; }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockTCPSocket);
+};
+
+class CompleteHandler {
+ public:
+  CompleteHandler() {}
+  MOCK_METHOD1(OnComplete, void(int result_code));
+  MOCK_METHOD2(OnReadComplete,
+               void(int result_code, scoped_refptr<net::IOBuffer> io_buffer));
+  MOCK_METHOD2(OnAccept, void(int, net::TCPClientSocket*));
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(CompleteHandler);
+};
+
+static const char FAKE_ID[] = "faktetesttlssocketunittest";
+
+class TLSSocketTest : public ::testing::Test {
+ public:
+  TLSSocketTest() {}
+
+  virtual void SetUp() {
+    net::AddressList address_list;
+    // MockTCPSocket* tcp_client_socket = new MockTCPSocket(address_list);
+    // ssl_socket_ is owned by socket_. TLSSocketTest keeps a pointer to it to
+    // expect invocations from TLSSocket to ssl_socket_.
+    scoped_ptr<MockSSLClientSocket> ssl_sock(new MockSSLClientSocket);
+    ssl_socket_ = ssl_sock.get();
+    socket_.reset(new TLSSocket(ssl_sock.PassAs<net::StreamSocket>(),
+                                "test_extension_id"));
+    EXPECT_CALL(*ssl_socket_, Disconnect()).Times(1);
+  };
+
+  virtual void TearDown() {
+    ssl_socket_ = NULL;
+    socket_.reset();
+  };
+
+ protected:
+  MockSSLClientSocket* ssl_socket_;
+  scoped_ptr<TLSSocket> socket_;
+};
+
+// Verify that a Read() on TLSSocket will pass through into a Read() on
+// ssl_socket_ and invoke its completion callback.
+TEST_F(TLSSocketTest, TestTLSSocketRead) {
+  CompleteHandler handler;
+
+  EXPECT_CALL(*ssl_socket_, Read(_, _, _)).Times(1);
+  EXPECT_CALL(handler, OnReadComplete(_, _)).Times(1);
+
+  const int count = 512;
+  socket_->Read(
+      count,
+      base::Bind(&CompleteHandler::OnReadComplete, base::Unretained(&handler)));
+}
+
+// Verify that a Write() on a TLSSocket will pass through to Write()
+// invocations on ssl_socket_, handling partial writes correctly, and calls
+// the completion callback correctly.
+TEST_F(TLSSocketTest, TestTLSSocketWrite) {
+  CompleteHandler handler;
+  net::CompletionCallback callback;
+
+  EXPECT_CALL(*ssl_socket_, Write(_, _, _)).Times(2).WillRepeatedly(
+      DoAll(SaveArg<2>(&callback), Return(128)));
+  EXPECT_CALL(handler, OnComplete(_)).Times(1);
+
+  scoped_refptr<net::IOBufferWithSize> io_buffer(
+      new net::IOBufferWithSize(256));
+  socket_->Write(
+      io_buffer.get(),
+      io_buffer->size(),
+      base::Bind(&CompleteHandler::OnComplete, base::Unretained(&handler)));
+}
+
+// Simulate a blocked Write, and verify that, when simulating the Write going
+// through, the callback gets invoked.
+TEST_F(TLSSocketTest, TestTLSSocketBlockedWrite) {
+  CompleteHandler handler;
+  net::CompletionCallback callback;
+
+  // Return ERR_IO_PENDING to say the Write()'s blocked. Save the |callback|
+  // Write()'s passed.
+  EXPECT_CALL(*ssl_socket_, Write(_, _, _)).Times(2).WillRepeatedly(
+      DoAll(SaveArg<2>(&callback), Return(net::ERR_IO_PENDING)));
+
+  scoped_refptr<net::IOBufferWithSize> io_buffer(new net::IOBufferWithSize(42));
+  socket_->Write(
+      io_buffer.get(),
+      io_buffer->size(),
+      base::Bind(&CompleteHandler::OnComplete, base::Unretained(&handler)));
+
+  // After the simulated asynchronous writes come back (via calls to
+  // callback.Run()), hander's OnComplete should get invoked with the total
+  // amount written.
+  EXPECT_CALL(handler, OnComplete(42)).Times(1);
+  callback.Run(40);
+  callback.Run(2);
+}
+
+// Simulate multiple blocked Write()s.
+TEST_F(TLSSocketTest, TestTLSSocketBlockedWriteReentry) {
+  const int kNumIOs = 5;
+  CompleteHandler handlers[kNumIOs];
+  net::CompletionCallback callback;
+  scoped_refptr<net::IOBufferWithSize> io_buffers[kNumIOs];
+
+  // The implementation of TLSSocket::Write() is inherited from
+  // Socket::Write(), which implements an internal write queue that wraps
+  // TLSSocket::WriteImpl(). Each call from TLSSocket::WriteImpl() will invoke
+  // ssl_socket_'s Write() (mocked here). Save the |callback| (assume they
+  // will all be equivalent), and return ERR_IO_PENDING, to indicate a blocked
+  // request. The mocked SSLClientSocket::Write() will get one request per
+  // TLSSocket::Write() request invoked on |socket_| below.
+  EXPECT_CALL(*ssl_socket_, Write(_, _, _)).Times(kNumIOs).WillRepeatedly(
+      DoAll(SaveArg<2>(&callback), Return(net::ERR_IO_PENDING)));
+
+  // Send out |kNuMIOs| requests, each with a different size.
+  for (int i = 0; i < kNumIOs; i++) {
+    io_buffers[i] = new net::IOBufferWithSize(128 + i * 50);
+    socket_->Write(io_buffers[i].get(),
+                   io_buffers[i]->size(),
+                   base::Bind(&CompleteHandler::OnComplete,
+                              base::Unretained(&handlers[i])));
+
+    // Set up expectations on all |kNumIOs| handlers.
+    EXPECT_CALL(handlers[i], OnComplete(io_buffers[i]->size())).Times(1);
+  }
+
+  // Finish each pending I/O. This should satisfy the expectations on the
+  // handlers.
+  for (int i = 0; i < kNumIOs; i++) {
+    callback.Run(128 + i * 50);
+  }
+}
+
+// Simulate Write()s above and below a SSLClientSocket size limit.
+TEST_F(TLSSocketTest, TestTLSSocketLargeWrites) {
+  const int kSizeIncrement = 4096;
+  const int kNumIncrements = 10;
+  const int kStartFailingIncrement = 4;
+  const int kSizeLimit = kSizeIncrement * kStartFailingIncrement;
+  net::CompletionCallback callback;
+  CompleteHandler handler;
+  scoped_refptr<net::IOBufferWithSize> io_buffers[kNumIncrements];
+  std::vector<int> callback_args;
+
+  // Some implementations of SSLClientSocket may have write-size limits (e.g,
+  // max 1 TLS record, which is 16k). This test mocks a size limit at
+  // |kSizeIncrement| and calls Write() above and below that limit. It makes
+  // sure that (a) rejected-Write() errors are properly propagated back to
+  // the caller, and (b) those errors don't prevent future Write()s with
+  // below-limit sizes from working.
+
+  // The default case for Write() will be for the over-size case, returning
+  // ERR_INVALID_ARGUMENT. Socket::Write() will invoke the callback
+  // itself, so don't save that argument here.
+  EXPECT_CALL(*ssl_socket_, Write(_, _, _))
+      .WillRepeatedly(Return(net::ERR_INVALID_ARGUMENT));

[Ryan Sleevi, 2014/03/26 19:57:40]

I don't entirely understand this.

If the caller attempts to Write 32K, we should return success (that we wrote
16K). You seem to be suggesting the caller should be instead dropping things to
15K?

[lally, 2014/03/28 16:22:51]

I misunderstood you when you said "SSLClientSocketNSS won't accept more than 16K
(one SSL record size)" to mean it'll return an error (as above).  I've changed
the behavior of the test to do as you say above.

+
+  // Calls under the limit return ERR_IO_PENDING and save the callback for
+  // manual invocation (simulating a completed write).
+  EXPECT_CALL(*ssl_socket_, Write(_, Le(kSizeLimit), _)).WillRepeatedly(
+      DoAll(SaveArg<2>(&callback), Return(net::ERR_IO_PENDING)));
+
+  // Observe what comes back from Write() here. First, the over-size-limit
+  // errors, which return values < 0. The calls after the first
+  // |kStartFailingIncrement| are all over the size limit, except for the
+  // last call, which is for a below-limit amount.
+  EXPECT_CALL(handler, OnComplete(Lt(0)))
+      .Times(kNumIncrements - kStartFailingIncrement - 1);
+
+  // Write() returning successful. The first |kStartFailingIncrement| calls
+  // succeed, as well as the last one.
+  EXPECT_CALL(handler, OnComplete(Gt(0))).Times(kStartFailingIncrement + 1);
+
+  // Send out |kNumIncrements| requests, each with a different size. The
+  // last request is the same size as the first, and the ones in the middle
+  // are monotonically increasing from the first.
+  for (int i = 0; i < kNumIncrements; i++) {
+    const bool last = i == (kNumIncrements - 1);
+    const bool over_limit = (i >= kStartFailingIncrement) && !last;
+    io_buffers[i] = new net::IOBufferWithSize(last ? kSizeIncrement
+                                                   : kSizeIncrement * (i + 1));
+
+    socket_->Write(
+        io_buffers[i].get(),
+        io_buffers[i]->size(),
+        base::Bind(&CompleteHandler::OnComplete, base::Unretained(&handler)));
+
+    // Do not save arguments for callbacks that don't need invocation -- they
+    // will already have been called by the time Write() returns.
+    if (!over_limit) {
+      callback_args.push_back(io_buffers[i]->size());
+    }
+  }
+
+  // Invoke the callback for the pendiong I/Os.
+  for (size_t i = 0; i < callback_args.size(); i++) {
+    callback.Run(callback_args[i]);
+  }
+}
+
+}  // namespace extensions