Google Git
Sign in
chromium / chromium / src.git / 139c557f19f0213f007048dfc75cfbb863db9c10 / . / net / socket / ssl_server_socket_unittest.cc
blob: 14e80e37fb3e5b32f575047ddb66f0ce04c70ce9 [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]20#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]21
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]22#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]23#include "base/compiler_specific.h"
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]24#include "base/containers/queue.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]25#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]26#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]27#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]28#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]29#include "base/macros.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]30#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]31#include "base/single_thread_task_runner.h"
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]32#include "base/test/scoped_task_environment.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]33#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]34#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]35#include "crypto/nss_util.h"
36#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]37#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]38#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]39#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]40#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]42#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]43#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]45#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]46#include "net/cert/ct_policy_enforcer.h"
47#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]48#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]50#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]51#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]52#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]53#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]54#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]55#include "net/socket/client_socket_factory.h"
56#include "net/socket/socket_test_util.h"
57#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]58#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]59#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]60#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]61#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]62#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]64#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]65#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]66#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]67#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]68#include "net/test/test_data_directory.h"
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]69#include "net/test/test_with_scoped_task_environment.h"
[email protected]578968d42017-12-13 15:39:32[diff] [blame]70#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]71#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]72#include "testing/gtest/include/gtest/gtest.h"
73#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:01[diff] [blame]74#include "third_party/boringssl/src/include/openssl/evp.h"
75#include "third_party/boringssl/src/include/openssl/ssl.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]76
robpercival214763f2016-07-01 23:27:01[diff] [blame]77using net::test::IsError;
78using net::test::IsOk;
79
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]80namespace net {
81
82namespace {
83
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]84const char kClientCertFileName[] = "client_1.pem";
85const char kClientPrivateKeyFileName[] = "client_1.pk8";
86const char kWrongClientCertFileName[] = "client_2.pem";
87const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]88
rsleevid6de8302016-06-21 01:33:20[diff] [blame]89class MockCTPolicyEnforcer : public CTPolicyEnforcer {
90 public:
91 MockCTPolicyEnforcer() = default;
92 ~MockCTPolicyEnforcer() override = default;
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]93 ct::CTPolicyCompliance CheckCompliance(
rsleevid6de8302016-06-21 01:33:20[diff] [blame]94 X509Certificate* cert,
Ryan Sleevi8a9c9c12018-05-09 02:36:23[diff] [blame]95 const ct::SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]96 const NetLogWithSource& net_log) override {
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]97 return ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]98 }
rsleevid6de8302016-06-21 01:33:20[diff] [blame]99};
100
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]101class FakeDataChannel {
102 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]103 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]104 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]105 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]106 write_called_after_close_(false),
107 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]108 }
109
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]110 int Read(IOBuffer* buf, int buf_len, CompletionOnceCallback callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]111 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]112 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]113 if (closed_)
114 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]115 if (data_.empty()) {
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]116 read_callback_ = std::move(callback);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]117 read_buf_ = buf;
118 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]119 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]120 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]121 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]122 }
123
[email protected]a2b2cfc2017-12-06 09:06:08[diff] [blame]124 int Write(IOBuffer* buf,
125 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]126 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32[diff] [blame]127 const NetworkTrafficAnnotationTag& traffic_annotation) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]128 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]129 if (closed_) {
130 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]131 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]132 write_called_after_close_ = true;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]133 write_callback_ = std::move(callback);
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]134 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]135 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
136 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]137 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]138 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]139 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]140 data_.push(new DrainableIOBuffer(
141 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]142 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]143 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]144 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
145 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]146 return buf_len;
147 }
148
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]149 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
150 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
151 // after the FakeDataChannel is closed, the first Write() call completes
152 // asynchronously, which is necessary to reproduce bug 127822.
153 void Close() {
154 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]155 if (!read_callback_.is_null()) {
156 base::ThreadTaskRunnerHandle::Get()->PostTask(
157 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
158 weak_factory_.GetWeakPtr()));
159 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]160 }
161
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]162 private:
163 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]164 if (read_callback_.is_null())
165 return;
166
167 if (closed_) {
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]168 std::move(read_callback_).Run(ERR_CONNECTION_CLOSED);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]169 return;
170 }
171
172 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]173 return;
174
tfarina9b6381442015-10-05 22:38:11[diff] [blame]175 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]176 read_buf_ = NULL;
177 read_buf_len_ = 0;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]178 std::move(read_callback_).Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]179 }
180
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]181 void DoWriteCallback() {
182 if (write_callback_.is_null())
183 return;
184
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]185 std::move(write_callback_).Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]186 }
187
tfarina9b6381442015-10-05 22:38:11[diff] [blame]188 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]189 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]190 int copied = std::min(buf->BytesRemaining(), read_buf_len);
191 memcpy(read_buf->data(), buf->data(), copied);
192 buf->DidConsume(copied);
193
194 if (!buf->BytesRemaining())
195 data_.pop();
196 return copied;
197 }
198
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]199 CompletionOnceCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]200 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]201 int read_buf_len_;
202
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]203 CompletionOnceCallback write_callback_;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]204
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]205 base::queue<scoped_refptr<DrainableIOBuffer>> data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]206
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]207 // True if Close() has been called.
208 bool closed_;
209
210 // Controls the completion of Write() after the FakeDataChannel is closed.
211 // After the FakeDataChannel is closed, the first Write() call completes
212 // asynchronously.
213 bool write_called_after_close_;
214
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]215 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
216
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]217 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
218};
219
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]220class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]221 public:
222 FakeSocket(FakeDataChannel* incoming_channel,
223 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]224 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]225
Chris Watkins7a41d3552017-12-01 02:13:27[diff] [blame]226 ~FakeSocket() override = default;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]227
dchengb03027d2014-10-21 12:00:20[diff] [blame]228 int Read(IOBuffer* buf,
229 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]230 CompletionOnceCallback callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]231 // Read random number of bytes.
232 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]233 return incoming_->Read(buf, buf_len, std::move(callback));
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]234 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]235
dchengb03027d2014-10-21 12:00:20[diff] [blame]236 int Write(IOBuffer* buf,
237 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]238 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32[diff] [blame]239 const NetworkTrafficAnnotationTag& traffic_annotation) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]240 // Write random number of bytes.
241 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]242 return outgoing_->Write(buf, buf_len, std::move(callback),
[email protected]578968d42017-12-13 15:39:32[diff] [blame]243 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]244 }
245
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]246 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]247
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]248 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]249
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]250 int Connect(CompletionOnceCallback callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]251
dchengb03027d2014-10-21 12:00:20[diff] [blame]252 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]253 incoming_->Close();
254 outgoing_->Close();
255 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]256
dchengb03027d2014-10-21 12:00:20[diff] [blame]257 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]258
dchengb03027d2014-10-21 12:00:20[diff] [blame]259 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]260
dchengb03027d2014-10-21 12:00:20[diff] [blame]261 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]262 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]263 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]264 }
265
dchengb03027d2014-10-21 12:00:20[diff] [blame]266 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]267 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]268 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]269 }
270
tfarina428341112016-09-22 13:38:20[diff] [blame]271 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]272
dchengb03027d2014-10-21 12:00:20[diff] [blame]273 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]274
tfarina2846404c2016-12-25 14:31:37[diff] [blame]275 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]276
dchengb03027d2014-10-21 12:00:20[diff] [blame]277 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]278
dchengb03027d2014-10-21 12:00:20[diff] [blame]279 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]280
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]281 void GetConnectionAttempts(ConnectionAttempts* out) const override {
282 out->clear();
283 }
284
285 void ClearConnectionAttempts() override {}
286
287 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
288
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]289 int64_t GetTotalReceivedBytes() const override {
290 NOTIMPLEMENTED();
291 return 0;
292 }
293
Paul Jensen0f49dec2017-12-12 23:39:58[diff] [blame]294 void ApplySocketTag(const SocketTag& tag) override {}
295
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]296 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]297 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]298 FakeDataChannel* incoming_;
299 FakeDataChannel* outgoing_;
300
301 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
302};
303
304} // namespace
305
306// Verify the correctness of the test helper classes first.
307TEST(FakeSocketTest, DataTransfer) {
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]308 base::test::ScopedTaskEnvironment scoped_task_environment;
309
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]310 // Establish channels between two sockets.
311 FakeDataChannel channel_1;
312 FakeDataChannel channel_2;
313 FakeSocket client(&channel_1, &channel_2);
314 FakeSocket server(&channel_2, &channel_1);
315
316 const char kTestData[] = "testing123";
317 const int kTestDataSize = strlen(kTestData);
318 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]319 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
320 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]321
322 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]323 int written =
[email protected]578968d42017-12-13 15:39:32[diff] [blame]324 server.Write(write_buf.get(), kTestDataSize, CompletionCallback(),
325 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]326 EXPECT_GT(written, 0);
327 EXPECT_LE(written, kTestDataSize);
328
[email protected]90499482013-06-01 00:39:50[diff] [blame]329 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]330 EXPECT_GT(read, 0);
331 EXPECT_LE(read, written);
332 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]333
334 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]335 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]336 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]337 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]338
[email protected]578968d42017-12-13 15:39:32[diff] [blame]339 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback(),
340 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]341 EXPECT_GT(written, 0);
342 EXPECT_LE(written, kTestDataSize);
343
344 read = callback.WaitForResult();
345 EXPECT_GT(read, 0);
346 EXPECT_LE(read, written);
347 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]348}
349
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]350class SSLServerSocketTest : public PlatformTest,
351 public WithScopedTaskEnvironment {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]352 public:
353 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]354 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]355 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]356 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]357 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]358 ct_verifier_(new DoNothingCTVerifier),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]359 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]360
361 void SetUp() override {
362 PlatformTest::SetUp();
363
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]364 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
365 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]366
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]367 server_cert_ =
368 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]369 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]370 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]371 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]372
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]373 std::unique_ptr<crypto::RSAPrivateKey> key =
374 ReadTestKey("unittest.key.bin");
375 ASSERT_TRUE(key);
David Benjamin139c5572018-07-06 23:53:42[diff] [blame^]376 server_ssl_private_key_ = WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]377
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]378 client_ssl_config_.false_start_enabled = false;
379 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]380
381 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]382 client_ssl_config_.allowed_bad_certs.emplace_back(
383 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]384 }
385
386 protected:
387 void CreateContext() {
388 client_socket_.reset();
389 server_socket_.reset();
390 channel_1_.reset();
391 channel_2_.reset();
392 server_context_.reset();
393 server_context_ = CreateSSLServerContext(
394 server_cert_.get(), *server_private_key_, server_ssl_config_);
395 }
396
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]397 void CreateContextSSLPrivateKey() {
398 client_socket_.reset();
399 server_socket_.reset();
400 channel_1_.reset();
401 channel_2_.reset();
402 server_context_.reset();
403 server_context_ = CreateSSLServerContext(
404 server_cert_.get(), server_ssl_private_key_, server_ssl_config_);
405 }
406
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]407 void CreateSockets() {
408 client_socket_.reset();
409 server_socket_.reset();
410 channel_1_.reset(new FakeDataChannel());
411 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]412 std::unique_ptr<ClientSocketHandle> client_connection(
413 new ClientSocketHandle);
414 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]415 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]416 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]417 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]418
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]419 HostPortPair host_and_pair("unittest", 0);
420 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]421 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]422 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]423 context.cert_transparency_verifier = ct_verifier_.get();
424 context.ct_policy_enforcer = ct_policy_enforcer_.get();
David Benjaminb3840f42017-08-03 15:50:16[diff] [blame]425 // Set a dummy session cache shard to enable session caching.
426 context.ssl_session_cache_shard = "shard";
rsleevia5c430222016-03-11 05:55:12[diff] [blame]427
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]428 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]429 std::move(client_connection), host_and_pair, client_ssl_config_,
430 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]431 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]432
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]433 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]434 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]435 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]436 }
437
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]438 void ConfigureClientCertsForClient(const char* cert_file_name,
439 const char* private_key_file_name) {
440 client_ssl_config_.send_client_cert = true;
441 client_ssl_config_.client_cert =
442 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
443 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]444
danakj655b66c2016-04-16 00:51:38[diff] [blame]445 std::unique_ptr<crypto::RSAPrivateKey> key =
446 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]447 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]448
agl5a7cadf2016-07-13 16:52:53[diff] [blame]449 client_ssl_config_.client_private_key =
David Benjamin139c5572018-07-06 23:53:42[diff] [blame^]450 WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]451 }
452
453 void ConfigureClientCertsForServer() {
454 server_ssl_config_.client_cert_type =
455 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
456
David Benjamin99dada22017-09-28 20:04:00[diff] [blame]457 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
458 static const uint8_t kClientCertCAName[] = {
459 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
460 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
461 server_ssl_config_.cert_authorities_.push_back(std::string(
462 std::begin(kClientCertCAName), std::end(kClientCertCAName)));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]463
464 scoped_refptr<X509Certificate> expected_client_cert(
465 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]466 ASSERT_TRUE(expected_client_cert);
467
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]468 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
469
470 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
471 }
472
danakj655b66c2016-04-16 00:51:38[diff] [blame]473 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
474 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]475 base::FilePath certs_dir(GetTestCertsDirectory());
476 base::FilePath key_path = certs_dir.AppendASCII(name);
477 std::string key_string;
478 if (!base::ReadFileToString(key_path, &key_string))
479 return nullptr;
480 std::vector<uint8_t> key_vector(
481 reinterpret_cast<const uint8_t*>(key_string.data()),
482 reinterpret_cast<const uint8_t*>(key_string.data() +
483 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]484 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]485 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
486 return key;
487 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]488
danakj655b66c2016-04-16 00:51:38[diff] [blame]489 std::unique_ptr<FakeDataChannel> channel_1_;
490 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]491 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]492 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]493 std::unique_ptr<SSLClientSocket> client_socket_;
494 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]495 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]496 std::unique_ptr<MockCertVerifier> cert_verifier_;
497 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
498 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]499 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]500 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]501 std::unique_ptr<SSLServerContext> server_context_;
502 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]503 scoped_refptr<SSLPrivateKey> server_ssl_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]504 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]505};
506
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]507// This test only executes creation of client and server sockets. This is to
508// test that creation of sockets doesn't crash and have minimal code to run
Mostyn Bramley-Moore699c5312018-05-01 10:48:09[diff] [blame]509// with memory leak/corruption checking tools.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]510TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]511 ASSERT_NO_FATAL_FAILURE(CreateContext());
512 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]513}
514
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]515// This test executes Connect() on SSLClientSocket and Handshake() on
516// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]517// completed successfully.
518TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]519 ASSERT_NO_FATAL_FAILURE(CreateContext());
520 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]521
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]522 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]523 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]524
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]525 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]526 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]527
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]528 client_ret = connect_callback.GetResult(client_ret);
529 server_ret = handshake_callback.GetResult(server_ret);
530
robpercival214763f2016-07-01 23:27:01[diff] [blame]531 ASSERT_THAT(client_ret, IsOk());
532 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]533
534 // Make sure the cert status is expected.
535 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]536 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]537 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]538
davidben56a8aece2016-10-14 18:20:56[diff] [blame]539 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58[diff] [blame]540 uint16_t cipher_suite =
541 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
542 const char* key_exchange;
543 const char* cipher;
544 const char* mac;
545 bool is_aead;
davidben56a8aece2016-10-14 18:20:56[diff] [blame]546 bool is_tls13;
547 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
548 cipher_suite);
hansc048c38b2016-10-14 11:30:09[diff] [blame]549 EXPECT_TRUE(is_aead);
davidben56a8aece2016-10-14 18:20:56[diff] [blame]550 ASSERT_FALSE(is_tls13);
551 EXPECT_STREQ("ECDHE_RSA", key_exchange);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]552}
553
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]554// This test makes sure the session cache is working.
555TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]556 ASSERT_NO_FATAL_FAILURE(CreateContext());
557 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]558
559 TestCompletionCallback handshake_callback;
560 int server_ret = server_socket_->Handshake(handshake_callback.callback());
561
562 TestCompletionCallback connect_callback;
563 int client_ret = client_socket_->Connect(connect_callback.callback());
564
565 client_ret = connect_callback.GetResult(client_ret);
566 server_ret = handshake_callback.GetResult(server_ret);
567
robpercival214763f2016-07-01 23:27:01[diff] [blame]568 ASSERT_THAT(client_ret, IsOk());
569 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]570
571 // Make sure the cert status is expected.
572 SSLInfo ssl_info;
573 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
574 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
575 SSLInfo ssl_server_info;
576 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
577 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
578
579 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]580 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]581 TestCompletionCallback handshake_callback2;
582 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
583
584 TestCompletionCallback connect_callback2;
585 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
586
587 client_ret2 = connect_callback2.GetResult(client_ret2);
588 server_ret2 = handshake_callback2.GetResult(server_ret2);
589
robpercival214763f2016-07-01 23:27:01[diff] [blame]590 ASSERT_THAT(client_ret2, IsOk());
591 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]592
593 // Make sure the cert status is expected.
594 SSLInfo ssl_info2;
595 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
596 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
597 SSLInfo ssl_server_info2;
598 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
599 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
600}
601
602// This test makes sure the session cache separates out by server context.
603TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]604 ASSERT_NO_FATAL_FAILURE(CreateContext());
605 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]606
607 TestCompletionCallback handshake_callback;
608 int server_ret = server_socket_->Handshake(handshake_callback.callback());
609
610 TestCompletionCallback connect_callback;
611 int client_ret = client_socket_->Connect(connect_callback.callback());
612
613 client_ret = connect_callback.GetResult(client_ret);
614 server_ret = handshake_callback.GetResult(server_ret);
615
robpercival214763f2016-07-01 23:27:01[diff] [blame]616 ASSERT_THAT(client_ret, IsOk());
617 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]618
619 // Make sure the cert status is expected.
620 SSLInfo ssl_info;
621 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
622 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
623 SSLInfo ssl_server_info;
624 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
625 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
626
627 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]628 ASSERT_NO_FATAL_FAILURE(CreateContext());
629 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]630
631 TestCompletionCallback handshake_callback2;
632 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
633
634 TestCompletionCallback connect_callback2;
635 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
636
637 client_ret2 = connect_callback2.GetResult(client_ret2);
638 server_ret2 = handshake_callback2.GetResult(server_ret2);
639
robpercival214763f2016-07-01 23:27:01[diff] [blame]640 ASSERT_THAT(client_ret2, IsOk());
641 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]642
643 // Make sure the cert status is expected.
644 SSLInfo ssl_info2;
645 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
646 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
647 SSLInfo ssl_server_info2;
648 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
649 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
650}
651
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]652// This test executes Connect() on SSLClientSocket and Handshake() on
653// SSLServerSocket to make sure handshaking between the two sockets is
654// completed successfully, using client certificate.
655TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
656 scoped_refptr<X509Certificate> client_cert =
657 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]658 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
659 kClientCertFileName, kClientPrivateKeyFileName));
660 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
661 ASSERT_NO_FATAL_FAILURE(CreateContext());
662 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]663
664 TestCompletionCallback handshake_callback;
665 int server_ret = server_socket_->Handshake(handshake_callback.callback());
666
667 TestCompletionCallback connect_callback;
668 int client_ret = client_socket_->Connect(connect_callback.callback());
669
670 client_ret = connect_callback.GetResult(client_ret);
671 server_ret = handshake_callback.GetResult(server_ret);
672
robpercival214763f2016-07-01 23:27:01[diff] [blame]673 ASSERT_THAT(client_ret, IsOk());
674 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]675
676 // Make sure the cert status is expected.
677 SSLInfo ssl_info;
678 client_socket_->GetSSLInfo(&ssl_info);
679 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
680 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]681 ASSERT_TRUE(ssl_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53[diff] [blame]682 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_info.cert.get()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]683}
684
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]685// This test executes Connect() on SSLClientSocket and Handshake() twice on
686// SSLServerSocket to make sure handshaking between the two sockets is
687// completed successfully, using client certificate. The second connection is
688// expected to succeed through the session cache.
689TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
690 scoped_refptr<X509Certificate> client_cert =
691 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]692 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
693 kClientCertFileName, kClientPrivateKeyFileName));
694 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
695 ASSERT_NO_FATAL_FAILURE(CreateContext());
696 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]697
698 TestCompletionCallback handshake_callback;
699 int server_ret = server_socket_->Handshake(handshake_callback.callback());
700
701 TestCompletionCallback connect_callback;
702 int client_ret = client_socket_->Connect(connect_callback.callback());
703
704 client_ret = connect_callback.GetResult(client_ret);
705 server_ret = handshake_callback.GetResult(server_ret);
706
robpercival214763f2016-07-01 23:27:01[diff] [blame]707 ASSERT_THAT(client_ret, IsOk());
708 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]709
710 // Make sure the cert status is expected.
711 SSLInfo ssl_info;
712 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
713 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
714 SSLInfo ssl_server_info;
715 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
716 ASSERT_TRUE(ssl_server_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53[diff] [blame]717 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]718 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
719 server_socket_->Disconnect();
720 client_socket_->Disconnect();
721
722 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]723 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]724 TestCompletionCallback handshake_callback2;
725 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
726
727 TestCompletionCallback connect_callback2;
728 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
729
730 client_ret2 = connect_callback2.GetResult(client_ret2);
731 server_ret2 = handshake_callback2.GetResult(server_ret2);
732
robpercival214763f2016-07-01 23:27:01[diff] [blame]733 ASSERT_THAT(client_ret2, IsOk());
734 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]735
736 // Make sure the cert status is expected.
737 SSLInfo ssl_info2;
738 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
739 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
740 SSLInfo ssl_server_info2;
741 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
742 ASSERT_TRUE(ssl_server_info2.cert.get());
Matt Mueller294998d2018-04-17 03:04:53[diff] [blame]743 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info2.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]744 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
745}
746
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]747TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]748 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
749 ASSERT_NO_FATAL_FAILURE(CreateContext());
750 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]751 // Use the default setting for the client socket, which is to not send
752 // a client certificate. This will cause the client to receive an
753 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
754 // requested cert_authorities from the CertificateRequest sent by the
755 // server.
756
757 TestCompletionCallback handshake_callback;
758 int server_ret = server_socket_->Handshake(handshake_callback.callback());
759
760 TestCompletionCallback connect_callback;
761 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
762 connect_callback.GetResult(
763 client_socket_->Connect(connect_callback.callback())));
764
765 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
766 client_socket_->GetSSLCertRequestInfo(request_info.get());
767
768 // Check that the authority name that arrived in the CertificateRequest
769 // handshake message is as expected.
770 scoped_refptr<X509Certificate> client_cert =
771 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]772 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]773 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
774
775 client_socket_->Disconnect();
776
davidben3418e81f2016-10-19 00:09:45[diff] [blame]777 EXPECT_THAT(handshake_callback.GetResult(server_ret),
778 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]779}
780
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]781TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]782 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
783 ASSERT_NO_FATAL_FAILURE(CreateContext());
784 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]785 // Use the default setting for the client socket, which is to not send
786 // a client certificate. This will cause the client to receive an
787 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
788 // requested cert_authorities from the CertificateRequest sent by the
789 // server.
790
791 TestCompletionCallback handshake_callback;
792 int server_ret = server_socket_->Handshake(handshake_callback.callback());
793
794 TestCompletionCallback connect_callback;
795 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
796 connect_callback.GetResult(
797 client_socket_->Connect(connect_callback.callback())));
798
799 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
800 client_socket_->GetSSLCertRequestInfo(request_info.get());
801
802 // Check that the authority name that arrived in the CertificateRequest
803 // handshake message is as expected.
804 scoped_refptr<X509Certificate> client_cert =
805 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]806 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]807 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
808
809 client_socket_->Disconnect();
810
davidben3418e81f2016-10-19 00:09:45[diff] [blame]811 EXPECT_THAT(handshake_callback.GetResult(server_ret),
812 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]813 server_socket_->Disconnect();
814
815 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]816 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]817 TestCompletionCallback handshake_callback2;
818 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
819
820 TestCompletionCallback connect_callback2;
821 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
822 connect_callback2.GetResult(
823 client_socket_->Connect(connect_callback2.callback())));
824
825 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
826 client_socket_->GetSSLCertRequestInfo(request_info2.get());
827
828 // Check that the authority name that arrived in the CertificateRequest
829 // handshake message is as expected.
830 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
831
832 client_socket_->Disconnect();
833
davidben3418e81f2016-10-19 00:09:45[diff] [blame]834 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
835 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]836}
837
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]838TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
839 scoped_refptr<X509Certificate> client_cert =
840 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]841 ASSERT_TRUE(client_cert);
842
843 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
844 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
845 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
846 ASSERT_NO_FATAL_FAILURE(CreateContext());
847 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]848
849 TestCompletionCallback handshake_callback;
850 int server_ret = server_socket_->Handshake(handshake_callback.callback());
851
852 TestCompletionCallback connect_callback;
853 int client_ret = client_socket_->Connect(connect_callback.callback());
854
855 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
856 connect_callback.GetResult(client_ret));
857 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
858 handshake_callback.GetResult(server_ret));
859}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]860
861TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
862 scoped_refptr<X509Certificate> client_cert =
863 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]864 ASSERT_TRUE(client_cert);
865
866 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
867 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
868 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
869 ASSERT_NO_FATAL_FAILURE(CreateContext());
870 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]871
872 TestCompletionCallback handshake_callback;
873 int server_ret = server_socket_->Handshake(handshake_callback.callback());
874
875 TestCompletionCallback connect_callback;
876 int client_ret = client_socket_->Connect(connect_callback.callback());
877
878 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
879 connect_callback.GetResult(client_ret));
880 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
881 handshake_callback.GetResult(server_ret));
882
883 client_socket_->Disconnect();
884 server_socket_->Disconnect();
885
886 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]887 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]888 TestCompletionCallback handshake_callback2;
889 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
890
891 TestCompletionCallback connect_callback2;
892 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
893
894 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
895 connect_callback2.GetResult(client_ret2));
896 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
897 handshake_callback2.GetResult(server_ret2));
898}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]899
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]900TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]901 ASSERT_NO_FATAL_FAILURE(CreateContext());
902 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]903
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]904 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]905 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]906 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]907 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]908
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]909 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]910 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]911 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]912
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]913 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]914 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]915 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]916 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]917
918 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]919 scoped_refptr<StringIOBuffer> write_buf =
920 new StringIOBuffer("testing123");
921 scoped_refptr<DrainableIOBuffer> read_buf =
922 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]923
924 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]925 TestCompletionCallback write_callback;
926 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]927 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]928 write_callback.callback(),
929 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]930 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]931 client_ret = client_socket_->Read(
932 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]933 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]934
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]935 server_ret = write_callback.GetResult(server_ret);
936 EXPECT_GT(server_ret, 0);
937 client_ret = read_callback.GetResult(client_ret);
938 ASSERT_GT(client_ret, 0);
939
940 read_buf->DidConsume(client_ret);
941 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]942 client_ret = client_socket_->Read(
943 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]944 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]945 client_ret = read_callback.GetResult(client_ret);
946 ASSERT_GT(client_ret, 0);
947 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]948 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]949 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
950 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]951 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
952
953 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]954 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]955 server_ret = server_socket_->Read(
956 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]957 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]958 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]959 write_callback.callback(),
960 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]961 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]962
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]963 server_ret = read_callback.GetResult(server_ret);
964 ASSERT_GT(server_ret, 0);
965 client_ret = write_callback.GetResult(client_ret);
966 EXPECT_GT(client_ret, 0);
967
968 read_buf->DidConsume(server_ret);
969 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]970 server_ret = server_socket_->Read(
971 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]972 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]973 server_ret = read_callback.GetResult(server_ret);
974 ASSERT_GT(server_ret, 0);
975 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]976 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]977 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
978 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]979 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
980}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]981
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]982// A regression test for bug 127822 (http://crbug.com/127822).
983// If the server closes the connection after the handshake is finished,
984// the client's Write() call should not cause an infinite loop.
985// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]986TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]987 ASSERT_NO_FATAL_FAILURE(CreateContext());
988 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]989
990 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]991 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]992 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]993 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]994
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]995 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]996 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]997 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]998
999 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1000 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1001 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1002 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1003
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1004 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1005
1006 // The server closes the connection. The server needs to write some
1007 // data first so that the client's Read() calls from the transport
1008 // socket won't return ERR_IO_PENDING. This ensures that the client
1009 // will call Read() on the transport socket again.
1010 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1011 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]1012 write_callback.callback(),
1013 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1014 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1015
1016 server_ret = write_callback.GetResult(server_ret);
1017 EXPECT_GT(server_ret, 0);
1018
1019 server_socket_->Disconnect();
1020
1021 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1022 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]1023 write_callback.callback(),
1024 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1025 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1026
1027 client_ret = write_callback.GetResult(client_ret);
1028 EXPECT_GT(client_ret, 0);
1029
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1030 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
Gabriel Charetteea918012018-05-16 11:53:44[diff] [blame]1031 FROM_HERE, base::RunLoop::QuitCurrentWhenIdleClosureDeprecated(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1032 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1033 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1034}
1035
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1036// This test executes ExportKeyingMaterial() on the client and server sockets,
1037// after connecting them, and verifies that the results match.
1038// This test will fail if False Start is enabled (see crbug.com/90208).
1039TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1040 ASSERT_NO_FATAL_FAILURE(CreateContext());
1041 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1042
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1043 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1044 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1045 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1046
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1047 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1048 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1049 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1050
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1051 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1052 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1053 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1054 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1055 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1056 }
1057
1058 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1059 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1060 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1061 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1062 int rv = server_socket_->ExportKeyingMaterial(
1063 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1064 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1065
1066 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1067 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1068 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1069 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1070 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1071
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1072 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1073 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1074 rv = client_socket_->ExportKeyingMaterial(
1075 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1076 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1077 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1078}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1079
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1080// Verifies that SSLConfig::require_ecdhe flags works properly.
1081TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1082 // Disable all ECDHE suites on the client side.
1083 uint16_t kEcdheCiphers[] = {
1084 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1085 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1086 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1087 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1088 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1089 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1090 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1091 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:49[diff] [blame]1092 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1093 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1094 };
1095 client_ssl_config_.disabled_cipher_suites.assign(
1096 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1097
1098 // Require ECDHE on the server.
1099 server_ssl_config_.require_ecdhe = true;
1100
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1101 ASSERT_NO_FATAL_FAILURE(CreateContext());
1102 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1103
1104 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1105 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1106
1107 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1108 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1109
1110 client_ret = connect_callback.GetResult(client_ret);
1111 server_ret = handshake_callback.GetResult(server_ret);
1112
robpercival214763f2016-07-01 23:27:01[diff] [blame]1113 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1114 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1115}
1116
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]1117// This test executes Connect() on SSLClientSocket and Handshake() on
1118// SSLServerSocket to make sure handshaking between the two sockets is
1119// completed successfully. The server key is represented by SSLPrivateKey.
1120TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKey) {
1121 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1122 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1123
1124 TestCompletionCallback handshake_callback;
1125 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1126
1127 TestCompletionCallback connect_callback;
1128 int client_ret = client_socket_->Connect(connect_callback.callback());
1129
1130 client_ret = connect_callback.GetResult(client_ret);
1131 server_ret = handshake_callback.GetResult(server_ret);
1132
1133 ASSERT_THAT(client_ret, IsOk());
1134 ASSERT_THAT(server_ret, IsOk());
1135
1136 // Make sure the cert status is expected.
1137 SSLInfo ssl_info;
1138 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
1139 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
1140
1141 // The default cipher suite should be ECDHE and an AEAD.
1142 uint16_t cipher_suite =
1143 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
1144 const char* key_exchange;
1145 const char* cipher;
1146 const char* mac;
1147 bool is_aead;
1148 bool is_tls13;
1149 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
1150 cipher_suite);
1151 EXPECT_TRUE(is_aead);
1152 ASSERT_FALSE(is_tls13);
1153 EXPECT_STREQ("ECDHE_RSA", key_exchange);
1154}
1155
1156// Verifies that non-ECDHE ciphers are disabled when using SSLPrivateKey as the
1157// server key.
1158TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) {
1159 // Disable all ECDHE suites on the client side.
1160 uint16_t kEcdheCiphers[] = {
1161 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1162 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1163 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1164 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1165 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1166 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1167 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1168 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1169 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1170 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1171 };
1172 client_ssl_config_.disabled_cipher_suites.assign(
1173 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1174 // TLS 1.3 always works with SSLPrivateKey.
1175 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1176
1177 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1178 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1179
1180 TestCompletionCallback connect_callback;
1181 int client_ret = client_socket_->Connect(connect_callback.callback());
1182
1183 TestCompletionCallback handshake_callback;
1184 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1185
1186 client_ret = connect_callback.GetResult(client_ret);
1187 server_ret = handshake_callback.GetResult(server_ret);
1188
1189 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1190 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1191}
1192
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1193} // namespace net