| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <openssl/bio.h> | 10 #include <openssl/bio.h> |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 43 #include "testing/gtest/include/gtest/gtest.h" | 43 #include "testing/gtest/include/gtest/gtest.h" |
| 44 #include "testing/platform_test.h" | 44 #include "testing/platform_test.h" |
| 45 | 45 |
| 46 namespace net { | 46 namespace net { |
| 47 | 47 |
| 48 namespace { | 48 namespace { |
| 49 | 49 |
| 50 // These client auth tests are currently dependent on OpenSSL's struct X509. | 50 // These client auth tests are currently dependent on OpenSSL's struct X509. |
| 51 #if defined(USE_OPENSSL_CERTS) | 51 #if defined(USE_OPENSSL_CERTS) |
| 52 | 52 |
| 53 const SSLConfig kDefaultSSLConfig; | |
| 54 | |
| 55 // Loads a PEM-encoded private key file into a scoped EVP_PKEY object. | 53 // Loads a PEM-encoded private key file into a scoped EVP_PKEY object. |
| 56 // |filepath| is the private key file path. | 54 // |filepath| is the private key file path. |
| 57 // |*pkey| is reset to the new EVP_PKEY on success, untouched otherwise. | 55 // |*pkey| is reset to the new EVP_PKEY on success, untouched otherwise. |
| 58 // Returns true on success, false on failure. | 56 // Returns true on success, false on failure. |
| 59 bool LoadPrivateKeyOpenSSL( | 57 bool LoadPrivateKeyOpenSSL( |
| 60 const base::FilePath& filepath, | 58 const base::FilePath& filepath, |
| 61 crypto::ScopedEVP_PKEY* pkey) { | 59 crypto::ScopedEVP_PKEY* pkey) { |
| 62 std::string data; | 60 std::string data; |
| 63 if (!base::ReadFileToString(filepath, &data)) { | 61 if (!base::ReadFileToString(filepath, &data)) { |
| 64 LOG(ERROR) << "Could not read private key file: " | 62 LOG(ERROR) << "Could not read private key file: " |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 } | 145 } |
| 148 | 146 |
| 149 // Create an SSLClientSocket object and use it to connect to a test | 147 // Create an SSLClientSocket object and use it to connect to a test |
| 150 // server, then wait for connection results. This must be called after | 148 // server, then wait for connection results. This must be called after |
| 151 // a succesful ConnectToTestServer() call. | 149 // a succesful ConnectToTestServer() call. |
| 152 // |ssl_config| the SSL configuration to use. | 150 // |ssl_config| the SSL configuration to use. |
| 153 // |result| will retrieve the ::Connect() result value. | 151 // |result| will retrieve the ::Connect() result value. |
| 154 // Returns true on succes, false otherwise. Success means that the socket | 152 // Returns true on succes, false otherwise. Success means that the socket |
| 155 // could be created and its Connect() was called, not that the connection | 153 // could be created and its Connect() was called, not that the connection |
| 156 // itself was a success. | 154 // itself was a success. |
| 157 bool CreateAndConnectSSLClientSocket(SSLConfig& ssl_config, | 155 bool CreateAndConnectSSLClientSocket(const SSLConfig& ssl_config, |
| 158 int* result) { | 156 int* result) { |
| 159 sock_ = CreateSSLClientSocket(transport_.Pass(), | 157 sock_ = CreateSSLClientSocket(transport_.Pass(), |
| 160 test_server_->host_port_pair(), | 158 test_server_->host_port_pair(), |
| 161 ssl_config); | 159 ssl_config); |
| 162 | 160 |
| 163 if (sock_->IsConnected()) { | 161 if (sock_->IsConnected()) { |
| 164 LOG(ERROR) << "SSL Socket prematurely connected"; | 162 LOG(ERROR) << "SSL Socket prematurely connected"; |
| 165 return false; | 163 return false; |
| 166 } | 164 } |
| 167 | 165 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 193 | 191 |
| 194 // Connect to a server requesting client authentication, do not send | 192 // Connect to a server requesting client authentication, do not send |
| 195 // any client certificates. It should refuse the connection. | 193 // any client certificates. It should refuse the connection. |
| 196 TEST_F(SSLClientSocketOpenSSLClientAuthTest, NoCert) { | 194 TEST_F(SSLClientSocketOpenSSLClientAuthTest, NoCert) { |
| 197 SpawnedTestServer::SSLOptions ssl_options; | 195 SpawnedTestServer::SSLOptions ssl_options; |
| 198 ssl_options.request_client_certificate = true; | 196 ssl_options.request_client_certificate = true; |
| 199 | 197 |
| 200 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | 198 ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
| 201 | 199 |
| 202 base::FilePath certs_dir = GetTestCertsDirectory(); | 200 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 203 SSLConfig ssl_config = kDefaultSSLConfig; | |
| 204 | 201 |
| 205 int rv; | 202 int rv; |
| 206 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 203 ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); |
| 207 | 204 |
| 208 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); | 205 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv); |
| 209 EXPECT_FALSE(sock_->IsConnected()); | 206 EXPECT_FALSE(sock_->IsConnected()); |
| 210 } | 207 } |
| 211 | 208 |
| 212 // Connect to a server requesting client authentication, and send it | 209 // Connect to a server requesting client authentication, and send it |
| 213 // an empty certificate. It should refuse the connection. | 210 // an empty certificate. It should refuse the connection. |
| 214 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) { | 211 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) { |
| 215 SpawnedTestServer::SSLOptions ssl_options; | 212 SpawnedTestServer::SSLOptions ssl_options; |
| 216 ssl_options.request_client_certificate = true; | 213 ssl_options.request_client_certificate = true; |
| 217 ssl_options.client_authorities.push_back( | 214 ssl_options.client_authorities.push_back( |
| 218 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); | 215 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); |
| 219 | 216 |
| 220 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | 217 ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
| 221 | 218 |
| 222 base::FilePath certs_dir = GetTestCertsDirectory(); | 219 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 223 SSLConfig ssl_config = kDefaultSSLConfig; | 220 SSLConfig ssl_config; |
| 224 ssl_config.send_client_cert = true; | 221 ssl_config.send_client_cert = true; |
| 225 ssl_config.client_cert = NULL; | 222 ssl_config.client_cert = NULL; |
| 226 | 223 |
| 227 int rv; | 224 int rv; |
| 228 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 225 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 229 | 226 |
| 230 EXPECT_EQ(OK, rv); | 227 EXPECT_EQ(OK, rv); |
| 231 EXPECT_TRUE(sock_->IsConnected()); | 228 EXPECT_TRUE(sock_->IsConnected()); |
| 232 } | 229 } |
| 233 | 230 |
| 234 // Connect to a server requesting client authentication. Send it a | 231 // Connect to a server requesting client authentication. Send it a |
| 235 // matching certificate. It should allow the connection. | 232 // matching certificate. It should allow the connection. |
| 236 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendGoodCert) { | 233 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendGoodCert) { |
| 237 SpawnedTestServer::SSLOptions ssl_options; | 234 SpawnedTestServer::SSLOptions ssl_options; |
| 238 ssl_options.request_client_certificate = true; | 235 ssl_options.request_client_certificate = true; |
| 239 ssl_options.client_authorities.push_back( | 236 ssl_options.client_authorities.push_back( |
| 240 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); | 237 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem")); |
| 241 | 238 |
| 242 ASSERT_TRUE(ConnectToTestServer(ssl_options)); | 239 ASSERT_TRUE(ConnectToTestServer(ssl_options)); |
| 243 | 240 |
| 244 base::FilePath certs_dir = GetTestCertsDirectory(); | 241 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 245 SSLConfig ssl_config = kDefaultSSLConfig; | 242 SSLConfig ssl_config; |
| 246 ssl_config.send_client_cert = true; | 243 ssl_config.send_client_cert = true; |
| 247 ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem"); | 244 ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem"); |
| 248 | 245 |
| 249 // This is required to ensure that signing works with the client | 246 // This is required to ensure that signing works with the client |
| 250 // certificate's private key. | 247 // certificate's private key. |
| 251 crypto::ScopedEVP_PKEY client_private_key; | 248 crypto::ScopedEVP_PKEY client_private_key; |
| 252 ASSERT_TRUE(LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"), | 249 ASSERT_TRUE(LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"), |
| 253 &client_private_key)); | 250 &client_private_key)); |
| 254 EXPECT_TRUE(RecordPrivateKey(ssl_config, client_private_key.get())); | 251 EXPECT_TRUE(RecordPrivateKey(ssl_config, client_private_key.get())); |
| 255 | 252 |
| 256 int rv; | 253 int rv; |
| 257 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 254 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 258 | 255 |
| 259 EXPECT_EQ(OK, rv); | 256 EXPECT_EQ(OK, rv); |
| 260 EXPECT_TRUE(sock_->IsConnected()); | 257 EXPECT_TRUE(sock_->IsConnected()); |
| 261 | 258 |
| 262 EXPECT_TRUE(CheckSSLClientSocketSentCert()); | 259 EXPECT_TRUE(CheckSSLClientSocketSentCert()); |
| 263 | 260 |
| 264 sock_->Disconnect(); | 261 sock_->Disconnect(); |
| 265 EXPECT_FALSE(sock_->IsConnected()); | 262 EXPECT_FALSE(sock_->IsConnected()); |
| 266 } | 263 } |
| 267 #endif // defined(USE_OPENSSL_CERTS) | 264 #endif // defined(USE_OPENSSL_CERTS) |
| 268 | 265 |
| 269 } // namespace | 266 } // namespace |
| 270 } // namespace net | 267 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 845753002:
Call EnsureNSSInit in SSLClientSocket::GetMaxSupportedSSLVersion. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master