blob: 74448621885b849d1182aa61592268ef15b0957d [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:581// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:152// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:4918#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:4419#include <stdlib.h>
dchengc7eeda422015-12-26 03:56:4820#include <utility>
[email protected]f61c3972010-12-23 09:54:1521
ryanchung987b2ff2016-02-19 00:17:1222#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:4423#include "base/compiler_specific.h"
Brett Wilsonc6a0c822017-09-12 00:04:2924#include "base/containers/queue.h"
[email protected]57999812013-02-24 05:40:5225#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:2926#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:4527#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:4928#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:4629#include "base/macros.h"
fdoray5eeb7642016-06-22 16:11:2830#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:4531#include "base/single_thread_task_runner.h"
Bence Béky98447b12018-05-08 03:14:0132#include "base/test/scoped_task_environment.h"
gabf767595f2016-05-11 18:50:3533#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:1234#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:1435#include "crypto/nss_util.h"
36#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:1237#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:1538#include "net/base/address_list.h"
Bence Békybdbb0e72018-08-07 21:42:5939#include "net/base/completion_once_callback.h"
[email protected]f61c3972010-12-23 09:54:1540#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:4542#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:3543#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:1544#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:1145#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:2046#include "net/cert/ct_policy_enforcer.h"
47#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:3648#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:1149#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:1250#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:1051#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:1152#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:1153#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:1954#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:1555#include "net/socket/client_socket_factory.h"
56#include "net/socket/socket_test_util.h"
57#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:1058#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:1259#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:5860#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:5861#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:5762#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:1263#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:5364#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:1265#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:1166#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:0167#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:4368#include "net/test/test_data_directory.h"
Bence Béky98447b12018-05-08 03:14:0169#include "net/test/test_with_scoped_task_environment.h"
[email protected]578968d42017-12-13 15:39:3270#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
robpercival214763f2016-07-01 23:27:0171#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:1572#include "testing/gtest/include/gtest/gtest.h"
73#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:0174#include "third_party/boringssl/src/include/openssl/evp.h"
75#include "third_party/boringssl/src/include/openssl/ssl.h"
[email protected]f61c3972010-12-23 09:54:1576
robpercival214763f2016-07-01 23:27:0177using net::test::IsError;
78using net::test::IsOk;
79
[email protected]f61c3972010-12-23 09:54:1580namespace net {
81
82namespace {
83
ryanchung987b2ff2016-02-19 00:17:1284const char kClientCertFileName[] = "client_1.pem";
85const char kClientPrivateKeyFileName[] = "client_1.pk8";
86const char kWrongClientCertFileName[] = "client_2.pem";
87const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
ryanchung987b2ff2016-02-19 00:17:1288
rsleevid6de8302016-06-21 01:33:2089class MockCTPolicyEnforcer : public CTPolicyEnforcer {
90 public:
91 MockCTPolicyEnforcer() = default;
92 ~MockCTPolicyEnforcer() override = default;
Emily Stark627238f2017-11-29 03:29:5493 ct::CTPolicyCompliance CheckCompliance(
rsleevid6de8302016-06-21 01:33:2094 X509Certificate* cert,
Ryan Sleevi8a9c9c12018-05-09 02:36:2395 const ct::SCTList& verified_scts,
tfarina428341112016-09-22 13:38:2096 const NetLogWithSource& net_log) override {
Emily Stark627238f2017-11-29 03:29:5497 return ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
rsleevid6de8302016-06-21 01:33:2098 }
rsleevid6de8302016-06-21 01:33:2099};
100
[email protected]f61c3972010-12-23 09:54:15101class FakeDataChannel {
102 public:
[email protected]55ee0e52011-07-21 18:29:44103 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55104 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31105 closed_(false),
[email protected]d5492c52013-11-10 20:44:39106 write_called_after_close_(false),
107 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15108 }
109
Brad Lassey3a814172018-04-26 03:30:21110 int Read(IOBuffer* buf, int buf_len, CompletionOnceCallback callback) {
[email protected]4da82282014-07-16 18:40:43111 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09112 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31113 if (closed_)
114 return 0;
[email protected]3f55aa12011-12-07 02:03:33115 if (data_.empty()) {
Brad Lassey3a814172018-04-26 03:30:21116 read_callback_ = std::move(callback);
[email protected]f61c3972010-12-23 09:54:15117 read_buf_ = buf;
118 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04119 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15120 }
tfarina9b6381442015-10-05 22:38:11121 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15122 }
123
[email protected]a2b2cfc2017-12-06 09:06:08124 int Write(IOBuffer* buf,
125 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21126 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32127 const NetworkTrafficAnnotationTag& traffic_annotation) {
[email protected]4da82282014-07-16 18:40:43128 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31129 if (closed_) {
130 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04131 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31132 write_called_after_close_ = true;
Brad Lassey3a814172018-04-26 03:30:21133 write_callback_ = std::move(callback);
skyostil4891b25b2015-06-11 11:43:45134 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31135 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
136 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04137 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31138 }
[email protected]4da82282014-07-16 18:40:43139 // This function returns synchronously, so make a copy of the buffer.
Victor Costancd439782018-08-30 07:27:57140 data_.push(base::MakeRefCounted<DrainableIOBuffer>(
141 base::MakeRefCounted<StringIOBuffer>(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43142 buf_len));
skyostil4891b25b2015-06-11 11:43:45143 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55144 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
145 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15146 return buf_len;
147 }
148
[email protected]c0e4dd12012-05-16 19:36:31149 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
150 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
151 // after the FakeDataChannel is closed, the first Write() call completes
152 // asynchronously, which is necessary to reproduce bug 127822.
153 void Close() {
154 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12155 if (!read_callback_.is_null()) {
156 base::ThreadTaskRunnerHandle::Get()->PostTask(
157 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
158 weak_factory_.GetWeakPtr()));
159 }
[email protected]c0e4dd12012-05-16 19:36:31160 }
161
[email protected]f61c3972010-12-23 09:54:15162 private:
163 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12164 if (read_callback_.is_null())
165 return;
166
167 if (closed_) {
Brad Lassey3a814172018-04-26 03:30:21168 std::move(read_callback_).Run(ERR_CONNECTION_CLOSED);
ryanchung987b2ff2016-02-19 00:17:12169 return;
170 }
171
172 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15173 return;
174
tfarina9b6381442015-10-05 22:38:11175 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55176 read_buf_ = NULL;
177 read_buf_len_ = 0;
Brad Lassey3a814172018-04-26 03:30:21178 std::move(read_callback_).Run(copied);
[email protected]f61c3972010-12-23 09:54:15179 }
180
[email protected]c0e4dd12012-05-16 19:36:31181 void DoWriteCallback() {
182 if (write_callback_.is_null())
183 return;
184
Brad Lassey3a814172018-04-26 03:30:21185 std::move(write_callback_).Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31186 }
187
tfarina9b6381442015-10-05 22:38:11188 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04189 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15190 int copied = std::min(buf->BytesRemaining(), read_buf_len);
191 memcpy(read_buf->data(), buf->data(), copied);
192 buf->DidConsume(copied);
193
194 if (!buf->BytesRemaining())
195 data_.pop();
196 return copied;
197 }
198
Brad Lassey3a814172018-04-26 03:30:21199 CompletionOnceCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04200 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15201 int read_buf_len_;
202
Brad Lassey3a814172018-04-26 03:30:21203 CompletionOnceCallback write_callback_;
[email protected]c0e4dd12012-05-16 19:36:31204
Brett Wilsonc6a0c822017-09-12 00:04:29205 base::queue<scoped_refptr<DrainableIOBuffer>> data_;
[email protected]f61c3972010-12-23 09:54:15206
[email protected]c0e4dd12012-05-16 19:36:31207 // True if Close() has been called.
208 bool closed_;
209
210 // Controls the completion of Write() after the FakeDataChannel is closed.
211 // After the FakeDataChannel is closed, the first Write() call completes
212 // asynchronously.
213 bool write_called_after_close_;
214
[email protected]d5492c52013-11-10 20:44:39215 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
216
[email protected]f61c3972010-12-23 09:54:15217 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
218};
219
[email protected]3268023f2011-05-05 00:08:10220class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15221 public:
222 FakeSocket(FakeDataChannel* incoming_channel,
223 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10224 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15225
Chris Watkins7a41d3552017-12-01 02:13:27226 ~FakeSocket() override = default;
[email protected]f61c3972010-12-23 09:54:15227
dchengb03027d2014-10-21 12:00:20228 int Read(IOBuffer* buf,
229 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21230 CompletionOnceCallback callback) override {
[email protected]3f55aa12011-12-07 02:03:33231 // Read random number of bytes.
232 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21233 return incoming_->Read(buf, buf_len, std::move(callback));
[email protected]3f55aa12011-12-07 02:03:33234 }
[email protected]f61c3972010-12-23 09:54:15235
dchengb03027d2014-10-21 12:00:20236 int Write(IOBuffer* buf,
237 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21238 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32239 const NetworkTrafficAnnotationTag& traffic_annotation) override {
[email protected]55ee0e52011-07-21 18:29:44240 // Write random number of bytes.
241 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21242 return outgoing_->Write(buf, buf_len, std::move(callback),
[email protected]578968d42017-12-13 15:39:32243 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]f61c3972010-12-23 09:54:15244 }
245
Avi Drissman13fc8932015-12-20 04:40:46246 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15247
Avi Drissman13fc8932015-12-20 04:40:46248 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15249
Brad Lassey3a814172018-04-26 03:30:21250 int Connect(CompletionOnceCallback callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15251
dchengb03027d2014-10-21 12:00:20252 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31253 incoming_->Close();
254 outgoing_->Close();
255 }
[email protected]f61c3972010-12-23 09:54:15256
dchengb03027d2014-10-21 12:00:20257 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15258
dchengb03027d2014-10-21 12:00:20259 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15260
dchengb03027d2014-10-21 12:00:20261 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45262 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04263 return OK;
[email protected]f61c3972010-12-23 09:54:15264 }
265
dchengb03027d2014-10-21 12:00:20266 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45267 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04268 return OK;
[email protected]e7f74da2011-04-19 23:49:35269 }
270
tfarina428341112016-09-22 13:38:20271 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15272
dchengb03027d2014-10-21 12:00:20273 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15274
tfarina2846404c2016-12-25 14:31:37275 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41276
dchengb03027d2014-10-21 12:00:20277 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17278
dchengb03027d2014-10-21 12:00:20279 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17280
ttuttle23fdb7b2015-05-15 01:28:03281 void GetConnectionAttempts(ConnectionAttempts* out) const override {
282 out->clear();
283 }
284
285 void ClearConnectionAttempts() override {}
286
287 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
288
tbansalf82cc8e2015-10-14 20:05:49289 int64_t GetTotalReceivedBytes() const override {
290 NOTIMPLEMENTED();
291 return 0;
292 }
293
Paul Jensen0f49dec2017-12-12 23:39:58294 void ApplySocketTag(const SocketTag& tag) override {}
295
[email protected]f61c3972010-12-23 09:54:15296 private:
tfarina428341112016-09-22 13:38:20297 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15298 FakeDataChannel* incoming_;
299 FakeDataChannel* outgoing_;
300
301 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
302};
303
304} // namespace
305
306// Verify the correctness of the test helper classes first.
307TEST(FakeSocketTest, DataTransfer) {
Bence Béky98447b12018-05-08 03:14:01308 base::test::ScopedTaskEnvironment scoped_task_environment;
309
[email protected]f61c3972010-12-23 09:54:15310 // Establish channels between two sockets.
311 FakeDataChannel channel_1;
312 FakeDataChannel channel_2;
313 FakeSocket client(&channel_1, &channel_2);
314 FakeSocket server(&channel_2, &channel_1);
315
316 const char kTestData[] = "testing123";
317 const int kTestDataSize = strlen(kTestData);
318 const int kReadBufSize = 1024;
Victor Costan9c7302b2018-08-27 16:39:44319 scoped_refptr<IOBuffer> write_buf =
320 base::MakeRefCounted<StringIOBuffer>(kTestData);
321 scoped_refptr<IOBuffer> read_buf =
322 base::MakeRefCounted<IOBuffer>(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15323
324 // Write then read.
[email protected]90499482013-06-01 00:39:50325 int written =
Bence Békybdbb0e72018-08-07 21:42:59326 server.Write(write_buf.get(), kTestDataSize, CompletionOnceCallback(),
[email protected]578968d42017-12-13 15:39:32327 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44328 EXPECT_GT(written, 0);
329 EXPECT_LE(written, kTestDataSize);
330
Bence Békybdbb0e72018-08-07 21:42:59331 int read =
332 client.Read(read_buf.get(), kReadBufSize, CompletionOnceCallback());
[email protected]55ee0e52011-07-21 18:29:44333 EXPECT_GT(read, 0);
334 EXPECT_LE(read, written);
335 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15336
337 // Read then write.
[email protected]83039bb2011-12-09 18:43:55338 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04339 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50340 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44341
Bence Békybdbb0e72018-08-07 21:42:59342 written =
343 client.Write(write_buf.get(), kTestDataSize, CompletionOnceCallback(),
344 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44345 EXPECT_GT(written, 0);
346 EXPECT_LE(written, kTestDataSize);
347
348 read = callback.WaitForResult();
349 EXPECT_GT(read, 0);
350 EXPECT_LE(read, written);
351 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15352}
353
Bence Béky98447b12018-05-08 03:14:01354class SSLServerSocketTest : public PlatformTest,
355 public WithScopedTaskEnvironment {
[email protected]f61c3972010-12-23 09:54:15356 public:
357 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04358 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11359 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12360 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20361 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36362 ct_verifier_(new DoNothingCTVerifier),
rsleevid6de8302016-06-21 01:33:20363 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12364
365 void SetUp() override {
366 PlatformTest::SetUp();
367
ryanchung987b2ff2016-02-19 00:17:12368 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
369 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15370
ryanchungeb9e3bc2016-03-08 05:08:10371 server_cert_ =
372 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12373 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10374 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12375 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15376
Ryan Ki Sing Chung665861e2017-12-15 22:05:55377 std::unique_ptr<crypto::RSAPrivateKey> key =
378 ReadTestKey("unittest.key.bin");
379 ASSERT_TRUE(key);
David Benjamin139c5572018-07-06 23:53:42380 server_ssl_private_key_ = WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
Ryan Ki Sing Chung665861e2017-12-15 22:05:55381
sergeyuff826d5e2015-05-13 20:35:22382 client_ssl_config_.false_start_enabled = false;
383 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15384
385 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25386 client_ssl_config_.allowed_bad_certs.emplace_back(
387 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10388 }
389
390 protected:
391 void CreateContext() {
392 client_socket_.reset();
393 server_socket_.reset();
394 channel_1_.reset();
395 channel_2_.reset();
396 server_context_.reset();
397 server_context_ = CreateSSLServerContext(
398 server_cert_.get(), *server_private_key_, server_ssl_config_);
399 }
400
Ryan Ki Sing Chung665861e2017-12-15 22:05:55401 void CreateContextSSLPrivateKey() {
402 client_socket_.reset();
403 server_socket_.reset();
404 channel_1_.reset();
405 channel_2_.reset();
406 server_context_.reset();
407 server_context_ = CreateSSLServerContext(
408 server_cert_.get(), server_ssl_private_key_, server_ssl_config_);
409 }
410
ryanchungeb9e3bc2016-03-08 05:08:10411 void CreateSockets() {
412 client_socket_.reset();
413 server_socket_.reset();
414 channel_1_.reset(new FakeDataChannel());
415 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38416 std::unique_ptr<ClientSocketHandle> client_connection(
417 new ClientSocketHandle);
418 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10419 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38420 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10421 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15422
[email protected]fa6ce922014-07-17 04:27:04423 HostPortPair host_and_pair("unittest", 0);
424 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11425 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11426 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20427 context.cert_transparency_verifier = ct_verifier_.get();
428 context.ct_policy_enforcer = ct_policy_enforcer_.get();
David Benjaminb3840f42017-08-03 15:50:16429 // Set a dummy session cache shard to enable session caching.
430 context.ssl_session_cache_shard = "shard";
rsleevia5c430222016-03-11 05:55:12431
sergeyuff826d5e2015-05-13 20:35:22432 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48433 std::move(client_connection), host_and_pair, client_ssl_config_,
434 context);
rsleevia5c430222016-03-11 05:55:12435 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10436
ryanchung987b2ff2016-02-19 00:17:12437 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10438 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12439 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15440 }
441
ryanchung987b2ff2016-02-19 00:17:12442 void ConfigureClientCertsForClient(const char* cert_file_name,
443 const char* private_key_file_name) {
444 client_ssl_config_.send_client_cert = true;
445 client_ssl_config_.client_cert =
446 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
447 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12448
danakj655b66c2016-04-16 00:51:38449 std::unique_ptr<crypto::RSAPrivateKey> key =
450 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12451 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12452
agl5a7cadf2016-07-13 16:52:53453 client_ssl_config_.client_private_key =
David Benjamin139c5572018-07-06 23:53:42454 WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
ryanchung987b2ff2016-02-19 00:17:12455 }
456
457 void ConfigureClientCertsForServer() {
458 server_ssl_config_.client_cert_type =
459 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
460
David Benjamin99dada22017-09-28 20:04:00461 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
462 static const uint8_t kClientCertCAName[] = {
463 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
464 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
465 server_ssl_config_.cert_authorities_.push_back(std::string(
466 std::begin(kClientCertCAName), std::end(kClientCertCAName)));
ryanchung987b2ff2016-02-19 00:17:12467
468 scoped_refptr<X509Certificate> expected_client_cert(
469 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12470 ASSERT_TRUE(expected_client_cert);
471
ryanchung987b2ff2016-02-19 00:17:12472 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
473
474 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
475 }
476
danakj655b66c2016-04-16 00:51:38477 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
478 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12479 base::FilePath certs_dir(GetTestCertsDirectory());
480 base::FilePath key_path = certs_dir.AppendASCII(name);
481 std::string key_string;
482 if (!base::ReadFileToString(key_path, &key_string))
483 return nullptr;
484 std::vector<uint8_t> key_vector(
485 reinterpret_cast<const uint8_t*>(key_string.data()),
486 reinterpret_cast<const uint8_t*>(key_string.data() +
487 key_string.length()));
danakj655b66c2016-04-16 00:51:38488 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12489 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
490 return key;
491 }
ryanchung987b2ff2016-02-19 00:17:12492
Steven Valdez0ef94d02018-11-19 23:28:13493 void PumpServerToClient() {
494 const int kReadBufSize = 1024;
495 scoped_refptr<StringIOBuffer> write_buf =
496 base::MakeRefCounted<StringIOBuffer>("testing123");
497 scoped_refptr<DrainableIOBuffer> read_buf =
498 base::MakeRefCounted<DrainableIOBuffer>(
499 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
500 TestCompletionCallback write_callback;
501 TestCompletionCallback read_callback;
502 int server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
503 write_callback.callback(),
504 TRAFFIC_ANNOTATION_FOR_TESTS);
505 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
506 int client_ret = client_socket_->Read(
507 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
508 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
509
510 server_ret = write_callback.GetResult(server_ret);
511 EXPECT_GT(server_ret, 0);
512 client_ret = read_callback.GetResult(client_ret);
513 ASSERT_GT(client_ret, 0);
514 }
515
danakj655b66c2016-04-16 00:51:38516 std::unique_ptr<FakeDataChannel> channel_1_;
517 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22518 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53519 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38520 std::unique_ptr<SSLClientSocket> client_socket_;
521 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04522 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38523 std::unique_ptr<MockCertVerifier> cert_verifier_;
524 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
525 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36526 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20527 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38528 std::unique_ptr<SSLServerContext> server_context_;
529 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
Ryan Ki Sing Chung665861e2017-12-15 22:05:55530 scoped_refptr<SSLPrivateKey> server_ssl_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10531 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15532};
533
[email protected]f61c3972010-12-23 09:54:15534// This test only executes creation of client and server sockets. This is to
535// test that creation of sockets doesn't crash and have minimal code to run
Mostyn Bramley-Moore699c5312018-05-01 10:48:09536// with memory leak/corruption checking tools.
[email protected]f61c3972010-12-23 09:54:15537TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12538 ASSERT_NO_FATAL_FAILURE(CreateContext());
539 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15540}
541
[email protected]a7ac3c32011-06-17 19:10:15542// This test executes Connect() on SSLClientSocket and Handshake() on
543// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15544// completed successfully.
545TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12546 ASSERT_NO_FATAL_FAILURE(CreateContext());
547 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15548
[email protected]6ea7b152011-12-21 21:21:13549 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13550 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15551
ryanchung987b2ff2016-02-19 00:17:12552 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55553 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15554
ryanchung987b2ff2016-02-19 00:17:12555 client_ret = connect_callback.GetResult(client_ret);
556 server_ret = handshake_callback.GetResult(server_ret);
557
robpercival214763f2016-07-01 23:27:01558 ASSERT_THAT(client_ret, IsOk());
559 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24560
561 // Make sure the cert status is expected.
562 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58563 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24564 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58565
davidben56a8aece2016-10-14 18:20:56566 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58567 uint16_t cipher_suite =
568 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
569 const char* key_exchange;
570 const char* cipher;
571 const char* mac;
572 bool is_aead;
davidben56a8aece2016-10-14 18:20:56573 bool is_tls13;
574 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
575 cipher_suite);
hansc048c38b2016-10-14 11:30:09576 EXPECT_TRUE(is_aead);
[email protected]f61c3972010-12-23 09:54:15577}
578
ryanchungeb9e3bc2016-03-08 05:08:10579// This test makes sure the session cache is working.
580TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12581 ASSERT_NO_FATAL_FAILURE(CreateContext());
582 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10583
584 TestCompletionCallback handshake_callback;
585 int server_ret = server_socket_->Handshake(handshake_callback.callback());
586
587 TestCompletionCallback connect_callback;
588 int client_ret = client_socket_->Connect(connect_callback.callback());
589
590 client_ret = connect_callback.GetResult(client_ret);
591 server_ret = handshake_callback.GetResult(server_ret);
592
robpercival214763f2016-07-01 23:27:01593 ASSERT_THAT(client_ret, IsOk());
594 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10595
596 // Make sure the cert status is expected.
597 SSLInfo ssl_info;
598 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
599 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
600 SSLInfo ssl_server_info;
601 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
602 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
603
Steven Valdez0ef94d02018-11-19 23:28:13604 // Pump client read to get new session tickets.
605 PumpServerToClient();
606
ryanchungeb9e3bc2016-03-08 05:08:10607 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12608 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10609 TestCompletionCallback handshake_callback2;
610 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
611
612 TestCompletionCallback connect_callback2;
613 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
614
615 client_ret2 = connect_callback2.GetResult(client_ret2);
616 server_ret2 = handshake_callback2.GetResult(server_ret2);
617
robpercival214763f2016-07-01 23:27:01618 ASSERT_THAT(client_ret2, IsOk());
619 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10620
621 // Make sure the cert status is expected.
622 SSLInfo ssl_info2;
623 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
624 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
625 SSLInfo ssl_server_info2;
626 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
627 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
628}
629
630// This test makes sure the session cache separates out by server context.
631TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12632 ASSERT_NO_FATAL_FAILURE(CreateContext());
633 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10634
635 TestCompletionCallback handshake_callback;
636 int server_ret = server_socket_->Handshake(handshake_callback.callback());
637
638 TestCompletionCallback connect_callback;
639 int client_ret = client_socket_->Connect(connect_callback.callback());
640
641 client_ret = connect_callback.GetResult(client_ret);
642 server_ret = handshake_callback.GetResult(server_ret);
643
robpercival214763f2016-07-01 23:27:01644 ASSERT_THAT(client_ret, IsOk());
645 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10646
647 // Make sure the cert status is expected.
648 SSLInfo ssl_info;
649 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
650 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
651 SSLInfo ssl_server_info;
652 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
653 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
654
655 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12656 ASSERT_NO_FATAL_FAILURE(CreateContext());
657 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10658
659 TestCompletionCallback handshake_callback2;
660 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
661
662 TestCompletionCallback connect_callback2;
663 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
664
665 client_ret2 = connect_callback2.GetResult(client_ret2);
666 server_ret2 = handshake_callback2.GetResult(server_ret2);
667
robpercival214763f2016-07-01 23:27:01668 ASSERT_THAT(client_ret2, IsOk());
669 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10670
671 // Make sure the cert status is expected.
672 SSLInfo ssl_info2;
673 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
674 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
675 SSLInfo ssl_server_info2;
676 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
677 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
678}
679
ryanchung987b2ff2016-02-19 00:17:12680// This test executes Connect() on SSLClientSocket and Handshake() on
681// SSLServerSocket to make sure handshaking between the two sockets is
682// completed successfully, using client certificate.
683TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
684 scoped_refptr<X509Certificate> client_cert =
685 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12686 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
687 kClientCertFileName, kClientPrivateKeyFileName));
688 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
689 ASSERT_NO_FATAL_FAILURE(CreateContext());
690 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12691
692 TestCompletionCallback handshake_callback;
693 int server_ret = server_socket_->Handshake(handshake_callback.callback());
694
695 TestCompletionCallback connect_callback;
696 int client_ret = client_socket_->Connect(connect_callback.callback());
697
698 client_ret = connect_callback.GetResult(client_ret);
699 server_ret = handshake_callback.GetResult(server_ret);
700
robpercival214763f2016-07-01 23:27:01701 ASSERT_THAT(client_ret, IsOk());
702 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12703
704 // Make sure the cert status is expected.
705 SSLInfo ssl_info;
706 client_socket_->GetSSLInfo(&ssl_info);
707 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
708 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12709 ASSERT_TRUE(ssl_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53710 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_info.cert.get()));
ryanchung987b2ff2016-02-19 00:17:12711}
712
ryanchungeb9e3bc2016-03-08 05:08:10713// This test executes Connect() on SSLClientSocket and Handshake() twice on
714// SSLServerSocket to make sure handshaking between the two sockets is
715// completed successfully, using client certificate. The second connection is
716// expected to succeed through the session cache.
717TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
718 scoped_refptr<X509Certificate> client_cert =
719 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12720 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
721 kClientCertFileName, kClientPrivateKeyFileName));
722 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
723 ASSERT_NO_FATAL_FAILURE(CreateContext());
724 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10725
726 TestCompletionCallback handshake_callback;
727 int server_ret = server_socket_->Handshake(handshake_callback.callback());
728
729 TestCompletionCallback connect_callback;
730 int client_ret = client_socket_->Connect(connect_callback.callback());
731
732 client_ret = connect_callback.GetResult(client_ret);
733 server_ret = handshake_callback.GetResult(server_ret);
734
robpercival214763f2016-07-01 23:27:01735 ASSERT_THAT(client_ret, IsOk());
736 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10737
738 // Make sure the cert status is expected.
739 SSLInfo ssl_info;
740 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
741 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
742 SSLInfo ssl_server_info;
743 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
744 ASSERT_TRUE(ssl_server_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53745 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10746 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
Steven Valdez0ef94d02018-11-19 23:28:13747 // Pump client read to get new session tickets.
748 PumpServerToClient();
ryanchungeb9e3bc2016-03-08 05:08:10749 server_socket_->Disconnect();
750 client_socket_->Disconnect();
751
752 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12753 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10754 TestCompletionCallback handshake_callback2;
755 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
756
757 TestCompletionCallback connect_callback2;
758 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
759
760 client_ret2 = connect_callback2.GetResult(client_ret2);
761 server_ret2 = handshake_callback2.GetResult(server_ret2);
762
robpercival214763f2016-07-01 23:27:01763 ASSERT_THAT(client_ret2, IsOk());
764 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10765
766 // Make sure the cert status is expected.
767 SSLInfo ssl_info2;
768 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
769 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
770 SSLInfo ssl_server_info2;
771 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
772 ASSERT_TRUE(ssl_server_info2.cert.get());
Matt Mueller294998d2018-04-17 03:04:53773 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info2.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10774 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
775}
776
ryanchung987b2ff2016-02-19 00:17:12777TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12778 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
779 ASSERT_NO_FATAL_FAILURE(CreateContext());
780 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12781 // Use the default setting for the client socket, which is to not send
782 // a client certificate. This will cause the client to receive an
783 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
784 // requested cert_authorities from the CertificateRequest sent by the
785 // server.
786
787 TestCompletionCallback handshake_callback;
788 int server_ret = server_socket_->Handshake(handshake_callback.callback());
789
790 TestCompletionCallback connect_callback;
791 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
792 connect_callback.GetResult(
793 client_socket_->Connect(connect_callback.callback())));
794
795 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
796 client_socket_->GetSSLCertRequestInfo(request_info.get());
797
798 // Check that the authority name that arrived in the CertificateRequest
799 // handshake message is as expected.
800 scoped_refptr<X509Certificate> client_cert =
801 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12802 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12803 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
804
805 client_socket_->Disconnect();
806
davidben3418e81f2016-10-19 00:09:45807 EXPECT_THAT(handshake_callback.GetResult(server_ret),
808 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12809}
810
ryanchungeb9e3bc2016-03-08 05:08:10811TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12812 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
813 ASSERT_NO_FATAL_FAILURE(CreateContext());
814 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10815 // Use the default setting for the client socket, which is to not send
816 // a client certificate. This will cause the client to receive an
817 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
818 // requested cert_authorities from the CertificateRequest sent by the
819 // server.
820
821 TestCompletionCallback handshake_callback;
822 int server_ret = server_socket_->Handshake(handshake_callback.callback());
823
824 TestCompletionCallback connect_callback;
825 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
826 connect_callback.GetResult(
827 client_socket_->Connect(connect_callback.callback())));
828
829 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
830 client_socket_->GetSSLCertRequestInfo(request_info.get());
831
832 // Check that the authority name that arrived in the CertificateRequest
833 // handshake message is as expected.
834 scoped_refptr<X509Certificate> client_cert =
835 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12836 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10837 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
838
839 client_socket_->Disconnect();
840
davidben3418e81f2016-10-19 00:09:45841 EXPECT_THAT(handshake_callback.GetResult(server_ret),
842 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10843 server_socket_->Disconnect();
844
845 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12846 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10847 TestCompletionCallback handshake_callback2;
848 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
849
850 TestCompletionCallback connect_callback2;
851 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
852 connect_callback2.GetResult(
853 client_socket_->Connect(connect_callback2.callback())));
854
855 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
856 client_socket_->GetSSLCertRequestInfo(request_info2.get());
857
858 // Check that the authority name that arrived in the CertificateRequest
859 // handshake message is as expected.
860 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
861
862 client_socket_->Disconnect();
863
davidben3418e81f2016-10-19 00:09:45864 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
865 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10866}
867
ryanchung987b2ff2016-02-19 00:17:12868TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
869 scoped_refptr<X509Certificate> client_cert =
870 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12871 ASSERT_TRUE(client_cert);
872
873 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
874 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
875 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
876 ASSERT_NO_FATAL_FAILURE(CreateContext());
877 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12878
879 TestCompletionCallback handshake_callback;
880 int server_ret = server_socket_->Handshake(handshake_callback.callback());
881
882 TestCompletionCallback connect_callback;
883 int client_ret = client_socket_->Connect(connect_callback.callback());
884
Steven Valdez0ef94d02018-11-19 23:28:13885 // In TLS 1.3, the client cert error isn't exposed until Read is called.
886 EXPECT_EQ(OK, connect_callback.GetResult(client_ret));
887 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
888 handshake_callback.GetResult(server_ret));
889
890 // Pump client read to get client cert error.
891 const int kReadBufSize = 1024;
892 scoped_refptr<DrainableIOBuffer> read_buf =
893 base::MakeRefCounted<DrainableIOBuffer>(
894 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
895 TestCompletionCallback read_callback;
896 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
897 read_callback.callback());
898 client_ret = read_callback.GetResult(client_ret);
899 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
900}
901
902TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedTLS12) {
903 scoped_refptr<X509Certificate> client_cert =
904 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
905 ASSERT_TRUE(client_cert);
906
907 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
908 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
909 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
910 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
911 ASSERT_NO_FATAL_FAILURE(CreateContext());
912 ASSERT_NO_FATAL_FAILURE(CreateSockets());
913
914 TestCompletionCallback handshake_callback;
915 int server_ret = server_socket_->Handshake(handshake_callback.callback());
916
917 TestCompletionCallback connect_callback;
918 int client_ret = client_socket_->Connect(connect_callback.callback());
919
ryanchung987b2ff2016-02-19 00:17:12920 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
921 connect_callback.GetResult(client_ret));
922 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
923 handshake_callback.GetResult(server_ret));
924}
ryanchungeb9e3bc2016-03-08 05:08:10925
926TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
927 scoped_refptr<X509Certificate> client_cert =
928 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12929 ASSERT_TRUE(client_cert);
930
931 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
932 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
933 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
934 ASSERT_NO_FATAL_FAILURE(CreateContext());
935 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10936
937 TestCompletionCallback handshake_callback;
938 int server_ret = server_socket_->Handshake(handshake_callback.callback());
939
940 TestCompletionCallback connect_callback;
941 int client_ret = client_socket_->Connect(connect_callback.callback());
942
Steven Valdez0ef94d02018-11-19 23:28:13943 // In TLS 1.3, the client cert error isn't exposed until Read is called.
944 EXPECT_EQ(OK, connect_callback.GetResult(client_ret));
ryanchungeb9e3bc2016-03-08 05:08:10945 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
946 handshake_callback.GetResult(server_ret));
947
Steven Valdez0ef94d02018-11-19 23:28:13948 // Pump client read to get client cert error.
949 const int kReadBufSize = 1024;
950 scoped_refptr<DrainableIOBuffer> read_buf =
951 base::MakeRefCounted<DrainableIOBuffer>(
952 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
953 TestCompletionCallback read_callback;
954 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
955 read_callback.callback());
956 client_ret = read_callback.GetResult(client_ret);
957 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
958
ryanchungeb9e3bc2016-03-08 05:08:10959 client_socket_->Disconnect();
960 server_socket_->Disconnect();
961
962 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12963 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10964 TestCompletionCallback handshake_callback2;
965 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
966
967 TestCompletionCallback connect_callback2;
968 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
969
Steven Valdez0ef94d02018-11-19 23:28:13970 // In TLS 1.3, the client cert error isn't exposed until Read is called.
971 EXPECT_EQ(OK, connect_callback2.GetResult(client_ret2));
ryanchungeb9e3bc2016-03-08 05:08:10972 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
973 handshake_callback2.GetResult(server_ret2));
Steven Valdez0ef94d02018-11-19 23:28:13974
975 // Pump client read to get client cert error.
976 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
977 read_callback.callback());
978 client_ret = read_callback.GetResult(client_ret);
979 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
ryanchungeb9e3bc2016-03-08 05:08:10980}
ryanchung987b2ff2016-02-19 00:17:12981
[email protected]f61c3972010-12-23 09:54:15982TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12983 ASSERT_NO_FATAL_FAILURE(CreateContext());
984 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15985
[email protected]f61c3972010-12-23 09:54:15986 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12987 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55988 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04989 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15990
ryanchung987b2ff2016-02-19 00:17:12991 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13992 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04993 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15994
[email protected]febbbb52011-08-17 04:59:23995 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01996 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23997 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01998 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15999
1000 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:041001 scoped_refptr<StringIOBuffer> write_buf =
Victor Costan9c7302b2018-08-27 16:39:441002 base::MakeRefCounted<StringIOBuffer>("testing123");
[email protected]fa6ce922014-07-17 04:27:041003 scoped_refptr<DrainableIOBuffer> read_buf =
Victor Costancd439782018-08-30 07:27:571004 base::MakeRefCounted<DrainableIOBuffer>(
1005 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:151006
1007 // Write then read.
[email protected]83039bb2011-12-09 18:43:551008 TestCompletionCallback write_callback;
1009 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:101010 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381011 write_callback.callback(),
1012 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041013 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:501014 client_ret = client_socket_->Read(
1015 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041016 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:151017
[email protected]febbbb52011-08-17 04:59:231018 server_ret = write_callback.GetResult(server_ret);
1019 EXPECT_GT(server_ret, 0);
1020 client_ret = read_callback.GetResult(client_ret);
1021 ASSERT_GT(client_ret, 0);
1022
1023 read_buf->DidConsume(client_ret);
1024 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:501025 client_ret = client_socket_->Read(
1026 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041027 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:231028 client_ret = read_callback.GetResult(client_ret);
1029 ASSERT_GT(client_ret, 0);
1030 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:151031 }
[email protected]febbbb52011-08-17 04:59:231032 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
1033 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:151034 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
1035
1036 // Read then write.
Victor Costan9c7302b2018-08-27 16:39:441037 write_buf = base::MakeRefCounted<StringIOBuffer>("hello123");
[email protected]90499482013-06-01 00:39:501038 server_ret = server_socket_->Read(
1039 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041040 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:101041 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381042 write_callback.callback(),
1043 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041044 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:151045
[email protected]febbbb52011-08-17 04:59:231046 server_ret = read_callback.GetResult(server_ret);
1047 ASSERT_GT(server_ret, 0);
1048 client_ret = write_callback.GetResult(client_ret);
1049 EXPECT_GT(client_ret, 0);
1050
1051 read_buf->DidConsume(server_ret);
1052 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:501053 server_ret = server_socket_->Read(
1054 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041055 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:231056 server_ret = read_callback.GetResult(server_ret);
1057 ASSERT_GT(server_ret, 0);
1058 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:151059 }
[email protected]febbbb52011-08-17 04:59:231060 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
1061 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:151062 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
1063}
[email protected]b0ff3f82011-07-23 05:12:391064
[email protected]c0e4dd12012-05-16 19:36:311065// A regression test for bug 127822 (http://crbug.com/127822).
1066// If the server closes the connection after the handshake is finished,
1067// the client's Write() call should not cause an infinite loop.
1068// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:431069TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:121070 ASSERT_NO_FATAL_FAILURE(CreateContext());
1071 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:311072
1073 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:121074 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:311075 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041076 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311077
ryanchung987b2ff2016-02-19 00:17:121078 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:311079 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041080 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311081
1082 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:011083 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:311084 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:011085 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:311086
Victor Costan9c7302b2018-08-27 16:39:441087 scoped_refptr<StringIOBuffer> write_buf =
1088 base::MakeRefCounted<StringIOBuffer>("testing123");
[email protected]c0e4dd12012-05-16 19:36:311089
1090 // The server closes the connection. The server needs to write some
1091 // data first so that the client's Read() calls from the transport
1092 // socket won't return ERR_IO_PENDING. This ensures that the client
1093 // will call Read() on the transport socket again.
1094 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:101095 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381096 write_callback.callback(),
1097 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041098 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311099
1100 server_ret = write_callback.GetResult(server_ret);
1101 EXPECT_GT(server_ret, 0);
1102
1103 server_socket_->Disconnect();
1104
1105 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:101106 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381107 write_callback.callback(),
1108 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041109 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311110
1111 client_ret = write_callback.GetResult(client_ret);
1112 EXPECT_GT(client_ret, 0);
1113
Weza03bae02018-07-13 17:17:331114 base::RunLoop run_loop;
skyostil4891b25b2015-06-11 11:43:451115 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
Weza03bae02018-07-13 17:17:331116 FROM_HERE, run_loop.QuitClosure(), base::TimeDelta::FromMilliseconds(10));
1117 run_loop.Run();
[email protected]c0e4dd12012-05-16 19:36:311118}
1119
[email protected]b0ff3f82011-07-23 05:12:391120// This test executes ExportKeyingMaterial() on the client and server sockets,
1121// after connecting them, and verifies that the results match.
1122// This test will fail if False Start is enabled (see crbug.com/90208).
1123TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:121124 ASSERT_NO_FATAL_FAILURE(CreateContext());
1125 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:391126
[email protected]83039bb2011-12-09 18:43:551127 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:551128 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041129 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:391130
ryanchung987b2ff2016-02-19 00:17:121131 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:131132 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041133 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:391134
[email protected]fa6ce922014-07-17 04:27:041135 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:011136 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:391137 }
[email protected]fa6ce922014-07-17 04:27:041138 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:011139 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:391140 }
1141
1142 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:511143 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1144 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:391145 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:101146 int rv = server_socket_->ExportKeyingMaterial(
1147 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:011148 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:391149
1150 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:101151 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:391152 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:011153 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:491154 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:391155
thestig9d3bb0c2015-01-24 00:49:511156 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:391157 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:101158 rv = client_socket_->ExportKeyingMaterial(
1159 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:041160 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:491161 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:391162}
[email protected]f61c3972010-12-23 09:54:151163
sergeyuff826d5e2015-05-13 20:35:221164// Verifies that SSLConfig::require_ecdhe flags works properly.
1165TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1166 // Disable all ECDHE suites on the client side.
1167 uint16_t kEcdheCiphers[] = {
1168 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1169 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1170 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1171 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1172 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1173 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1174 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1175 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:491176 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1177 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:221178 };
1179 client_ssl_config_.disabled_cipher_suites.assign(
1180 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1181
Steven Valdez0ef94d02018-11-19 23:28:131182 // Legacy RSA key exchange ciphers only exist in TLS 1.2 and below.
1183 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1184
sergeyuff826d5e2015-05-13 20:35:221185 // Require ECDHE on the server.
1186 server_ssl_config_.require_ecdhe = true;
1187
rsleevia5c430222016-03-11 05:55:121188 ASSERT_NO_FATAL_FAILURE(CreateContext());
1189 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:221190
1191 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:221192 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:121193
1194 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:221195 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1196
1197 client_ret = connect_callback.GetResult(client_ret);
1198 server_ret = handshake_callback.GetResult(server_ret);
1199
robpercival214763f2016-07-01 23:27:011200 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1201 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:221202}
1203
Ryan Ki Sing Chung665861e2017-12-15 22:05:551204// This test executes Connect() on SSLClientSocket and Handshake() on
1205// SSLServerSocket to make sure handshaking between the two sockets is
1206// completed successfully. The server key is represented by SSLPrivateKey.
1207TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKey) {
1208 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1209 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1210
1211 TestCompletionCallback handshake_callback;
1212 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1213
1214 TestCompletionCallback connect_callback;
1215 int client_ret = client_socket_->Connect(connect_callback.callback());
1216
1217 client_ret = connect_callback.GetResult(client_ret);
1218 server_ret = handshake_callback.GetResult(server_ret);
1219
1220 ASSERT_THAT(client_ret, IsOk());
1221 ASSERT_THAT(server_ret, IsOk());
1222
1223 // Make sure the cert status is expected.
1224 SSLInfo ssl_info;
1225 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
1226 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
1227
1228 // The default cipher suite should be ECDHE and an AEAD.
1229 uint16_t cipher_suite =
1230 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
1231 const char* key_exchange;
1232 const char* cipher;
1233 const char* mac;
1234 bool is_aead;
1235 bool is_tls13;
1236 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
1237 cipher_suite);
1238 EXPECT_TRUE(is_aead);
Ryan Ki Sing Chung665861e2017-12-15 22:05:551239}
1240
1241// Verifies that non-ECDHE ciphers are disabled when using SSLPrivateKey as the
1242// server key.
1243TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) {
1244 // Disable all ECDHE suites on the client side.
1245 uint16_t kEcdheCiphers[] = {
1246 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1247 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1248 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1249 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1250 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1251 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1252 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1253 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1254 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1255 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1256 };
1257 client_ssl_config_.disabled_cipher_suites.assign(
1258 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1259 // TLS 1.3 always works with SSLPrivateKey.
1260 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1261
1262 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1263 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1264
1265 TestCompletionCallback connect_callback;
1266 int client_ret = client_socket_->Connect(connect_callback.callback());
1267
1268 TestCompletionCallback handshake_callback;
1269 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1270
1271 client_ret = connect_callback.GetResult(client_ret);
1272 server_ret = handshake_callback.GetResult(server_ret);
1273
1274 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1275 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1276}
1277
[email protected]f61c3972010-12-23 09:54:151278} // namespace net