Google Git
Sign in
chromium / chromium / src.git / 665861e052c7580e86953b94346c4bcf5c714539 / . / net / socket / ssl_server_socket_unittest.cc
blob: b4465f77eab907ef2b7cd46cd99a55afb8aa907a [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]20#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]21
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]22#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]23#include "base/compiler_specific.h"
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]24#include "base/containers/queue.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]25#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]26#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]27#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]28#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]29#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]30#include "base/message_loop/message_loop.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]31#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]32#include "base/single_thread_task_runner.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]33#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]34#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]35#include "crypto/nss_util.h"
36#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]37#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]38#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]39#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]40#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]42#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]43#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]45#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]46#include "net/cert/ct_policy_enforcer.h"
47#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]48#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]50#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]51#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]52#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]53#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]54#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]55#include "net/socket/client_socket_factory.h"
56#include "net/socket/socket_test_util.h"
57#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]58#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]59#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]60#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]61#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]62#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]64#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]65#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]66#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]67#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]68#include "net/test/test_data_directory.h"
[email protected]578968d42017-12-13 15:39:32[diff] [blame]69#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]70#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]71#include "testing/gtest/include/gtest/gtest.h"
72#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:01[diff] [blame]73#include "third_party/boringssl/src/include/openssl/evp.h"
74#include "third_party/boringssl/src/include/openssl/ssl.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]75
robpercival214763f2016-07-01 23:27:01[diff] [blame]76using net::test::IsError;
77using net::test::IsOk;
78
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]79namespace net {
80
81namespace {
82
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]83const char kClientCertFileName[] = "client_1.pem";
84const char kClientPrivateKeyFileName[] = "client_1.pk8";
85const char kWrongClientCertFileName[] = "client_2.pem";
86const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]87
rsleevid6de8302016-06-21 01:33:20[diff] [blame]88class MockCTPolicyEnforcer : public CTPolicyEnforcer {
89 public:
90 MockCTPolicyEnforcer() = default;
91 ~MockCTPolicyEnforcer() override = default;
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]92 ct::CTPolicyCompliance CheckCompliance(
rsleevid6de8302016-06-21 01:33:20[diff] [blame]93 X509Certificate* cert,
94 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]95 const NetLogWithSource& net_log) override {
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]96 return ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]97 }
rsleevid6de8302016-06-21 01:33:20[diff] [blame]98};
99
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]100class FakeDataChannel {
101 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]102 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]103 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]104 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]105 write_called_after_close_(false),
106 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]107 }
108
[email protected]47a12862012-04-10 01:00:49[diff] [blame]109 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]110 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]111 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]112 if (closed_)
113 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]114 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]115 read_callback_ = callback;
116 read_buf_ = buf;
117 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]118 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]119 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]120 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]121 }
122
[email protected]a2b2cfc2017-12-06 09:06:08[diff] [blame]123 int Write(IOBuffer* buf,
124 int buf_len,
125 const CompletionCallback& callback,
[email protected]578968d42017-12-13 15:39:32[diff] [blame]126 const NetworkTrafficAnnotationTag& traffic_annotation) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]127 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]128 if (closed_) {
129 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]130 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]131 write_called_after_close_ = true;
132 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]133 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]134 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
135 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]136 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]137 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]138 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]139 data_.push(new DrainableIOBuffer(
140 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]141 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]142 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]143 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
144 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]145 return buf_len;
146 }
147
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]148 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
149 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
150 // after the FakeDataChannel is closed, the first Write() call completes
151 // asynchronously, which is necessary to reproduce bug 127822.
152 void Close() {
153 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]154 if (!read_callback_.is_null()) {
155 base::ThreadTaskRunnerHandle::Get()->PostTask(
156 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
157 weak_factory_.GetWeakPtr()));
158 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]159 }
160
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]161 private:
162 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]163 if (read_callback_.is_null())
164 return;
165
166 if (closed_) {
167 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
168 return;
169 }
170
171 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]172 return;
173
tfarina9b6381442015-10-05 22:38:11[diff] [blame]174 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]175 CompletionCallback callback = read_callback_;
176 read_callback_.Reset();
177 read_buf_ = NULL;
178 read_buf_len_ = 0;
179 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]180 }
181
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]182 void DoWriteCallback() {
183 if (write_callback_.is_null())
184 return;
185
186 CompletionCallback callback = write_callback_;
187 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]188 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]189 }
190
tfarina9b6381442015-10-05 22:38:11[diff] [blame]191 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]192 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]193 int copied = std::min(buf->BytesRemaining(), read_buf_len);
194 memcpy(read_buf->data(), buf->data(), copied);
195 buf->DidConsume(copied);
196
197 if (!buf->BytesRemaining())
198 data_.pop();
199 return copied;
200 }
201
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]202 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]203 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]204 int read_buf_len_;
205
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]206 CompletionCallback write_callback_;
207
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]208 base::queue<scoped_refptr<DrainableIOBuffer>> data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]209
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]210 // True if Close() has been called.
211 bool closed_;
212
213 // Controls the completion of Write() after the FakeDataChannel is closed.
214 // After the FakeDataChannel is closed, the first Write() call completes
215 // asynchronously.
216 bool write_called_after_close_;
217
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]218 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
219
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]220 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
221};
222
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]223class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]224 public:
225 FakeSocket(FakeDataChannel* incoming_channel,
226 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]227 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]228
Chris Watkins7a41d3552017-12-01 02:13:27[diff] [blame]229 ~FakeSocket() override = default;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]230
dchengb03027d2014-10-21 12:00:20[diff] [blame]231 int Read(IOBuffer* buf,
232 int buf_len,
233 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]234 // Read random number of bytes.
235 buf_len = rand() % buf_len + 1;
236 return incoming_->Read(buf, buf_len, callback);
237 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]238
dchengb03027d2014-10-21 12:00:20[diff] [blame]239 int Write(IOBuffer* buf,
240 int buf_len,
[email protected]a2b2cfc2017-12-06 09:06:08[diff] [blame]241 const CompletionCallback& callback,
[email protected]578968d42017-12-13 15:39:32[diff] [blame]242 const NetworkTrafficAnnotationTag& traffic_annotation) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]243 // Write random number of bytes.
244 buf_len = rand() % buf_len + 1;
[email protected]578968d42017-12-13 15:39:32[diff] [blame]245 return outgoing_->Write(buf, buf_len, callback,
246 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]247 }
248
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]249 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]250
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]251 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]252
dchengb03027d2014-10-21 12:00:20[diff] [blame]253 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]254
dchengb03027d2014-10-21 12:00:20[diff] [blame]255 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]256 incoming_->Close();
257 outgoing_->Close();
258 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]259
dchengb03027d2014-10-21 12:00:20[diff] [blame]260 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]261
dchengb03027d2014-10-21 12:00:20[diff] [blame]262 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]263
dchengb03027d2014-10-21 12:00:20[diff] [blame]264 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]265 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]266 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]267 }
268
dchengb03027d2014-10-21 12:00:20[diff] [blame]269 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]270 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]271 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]272 }
273
tfarina428341112016-09-22 13:38:20[diff] [blame]274 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]275
dchengb03027d2014-10-21 12:00:20[diff] [blame]276 void SetSubresourceSpeculation() override {}
277 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]278
dchengb03027d2014-10-21 12:00:20[diff] [blame]279 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]280
tfarina2846404c2016-12-25 14:31:37[diff] [blame]281 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]282
dchengb03027d2014-10-21 12:00:20[diff] [blame]283 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]284
dchengb03027d2014-10-21 12:00:20[diff] [blame]285 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]286
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]287 void GetConnectionAttempts(ConnectionAttempts* out) const override {
288 out->clear();
289 }
290
291 void ClearConnectionAttempts() override {}
292
293 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
294
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]295 int64_t GetTotalReceivedBytes() const override {
296 NOTIMPLEMENTED();
297 return 0;
298 }
299
Paul Jensen0f49dec2017-12-12 23:39:58[diff] [blame]300 void ApplySocketTag(const SocketTag& tag) override {}
301
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]302 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]303 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]304 FakeDataChannel* incoming_;
305 FakeDataChannel* outgoing_;
306
307 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
308};
309
310} // namespace
311
312// Verify the correctness of the test helper classes first.
313TEST(FakeSocketTest, DataTransfer) {
314 // Establish channels between two sockets.
315 FakeDataChannel channel_1;
316 FakeDataChannel channel_2;
317 FakeSocket client(&channel_1, &channel_2);
318 FakeSocket server(&channel_2, &channel_1);
319
320 const char kTestData[] = "testing123";
321 const int kTestDataSize = strlen(kTestData);
322 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]323 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
324 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]325
326 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]327 int written =
[email protected]578968d42017-12-13 15:39:32[diff] [blame]328 server.Write(write_buf.get(), kTestDataSize, CompletionCallback(),
329 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]330 EXPECT_GT(written, 0);
331 EXPECT_LE(written, kTestDataSize);
332
[email protected]90499482013-06-01 00:39:50[diff] [blame]333 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]334 EXPECT_GT(read, 0);
335 EXPECT_LE(read, written);
336 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]337
338 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]339 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]340 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]341 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]342
[email protected]578968d42017-12-13 15:39:32[diff] [blame]343 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback(),
344 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]345 EXPECT_GT(written, 0);
346 EXPECT_LE(written, kTestDataSize);
347
348 read = callback.WaitForResult();
349 EXPECT_GT(read, 0);
350 EXPECT_LE(read, written);
351 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]352}
353
354class SSLServerSocketTest : public PlatformTest {
355 public:
356 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]357 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]358 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]359 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]360 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]361 ct_verifier_(new DoNothingCTVerifier),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]362 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]363
364 void SetUp() override {
365 PlatformTest::SetUp();
366
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]367 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
368 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]369
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]370 server_cert_ =
371 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]372 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]373 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]374 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]375
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame^]376 std::unique_ptr<crypto::RSAPrivateKey> key =
377 ReadTestKey("unittest.key.bin");
378 ASSERT_TRUE(key);
379 EVP_PKEY_up_ref(key->key());
380 server_ssl_private_key_ =
381 WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY>(key->key()));
382
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]383 client_ssl_config_.false_start_enabled = false;
384 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]385
386 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]387 client_ssl_config_.allowed_bad_certs.emplace_back(
388 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]389 }
390
391 protected:
392 void CreateContext() {
393 client_socket_.reset();
394 server_socket_.reset();
395 channel_1_.reset();
396 channel_2_.reset();
397 server_context_.reset();
398 server_context_ = CreateSSLServerContext(
399 server_cert_.get(), *server_private_key_, server_ssl_config_);
400 }
401
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame^]402 void CreateContextSSLPrivateKey() {
403 client_socket_.reset();
404 server_socket_.reset();
405 channel_1_.reset();
406 channel_2_.reset();
407 server_context_.reset();
408 server_context_ = CreateSSLServerContext(
409 server_cert_.get(), server_ssl_private_key_, server_ssl_config_);
410 }
411
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]412 void CreateSockets() {
413 client_socket_.reset();
414 server_socket_.reset();
415 channel_1_.reset(new FakeDataChannel());
416 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]417 std::unique_ptr<ClientSocketHandle> client_connection(
418 new ClientSocketHandle);
419 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]420 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]421 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]422 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]423
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]424 HostPortPair host_and_pair("unittest", 0);
425 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]426 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]427 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]428 context.cert_transparency_verifier = ct_verifier_.get();
429 context.ct_policy_enforcer = ct_policy_enforcer_.get();
David Benjaminb3840f42017-08-03 15:50:16[diff] [blame]430 // Set a dummy session cache shard to enable session caching.
431 context.ssl_session_cache_shard = "shard";
rsleevia5c430222016-03-11 05:55:12[diff] [blame]432
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]433 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]434 std::move(client_connection), host_and_pair, client_ssl_config_,
435 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]436 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]437
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]438 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]439 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]440 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]441 }
442
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]443 void ConfigureClientCertsForClient(const char* cert_file_name,
444 const char* private_key_file_name) {
445 client_ssl_config_.send_client_cert = true;
446 client_ssl_config_.client_cert =
447 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
448 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]449
danakj655b66c2016-04-16 00:51:38[diff] [blame]450 std::unique_ptr<crypto::RSAPrivateKey> key =
451 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]452 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]453
agl5a7cadf2016-07-13 16:52:53[diff] [blame]454 EVP_PKEY_up_ref(key->key());
455 client_ssl_config_.client_private_key =
davidbend80c12c2016-10-11 00:13:49[diff] [blame]456 WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY>(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]457 }
458
459 void ConfigureClientCertsForServer() {
460 server_ssl_config_.client_cert_type =
461 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
462
David Benjamin99dada22017-09-28 20:04:00[diff] [blame]463 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
464 static const uint8_t kClientCertCAName[] = {
465 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
466 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
467 server_ssl_config_.cert_authorities_.push_back(std::string(
468 std::begin(kClientCertCAName), std::end(kClientCertCAName)));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]469
470 scoped_refptr<X509Certificate> expected_client_cert(
471 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]472 ASSERT_TRUE(expected_client_cert);
473
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]474 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
475
476 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
477 }
478
danakj655b66c2016-04-16 00:51:38[diff] [blame]479 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
480 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]481 base::FilePath certs_dir(GetTestCertsDirectory());
482 base::FilePath key_path = certs_dir.AppendASCII(name);
483 std::string key_string;
484 if (!base::ReadFileToString(key_path, &key_string))
485 return nullptr;
486 std::vector<uint8_t> key_vector(
487 reinterpret_cast<const uint8_t*>(key_string.data()),
488 reinterpret_cast<const uint8_t*>(key_string.data() +
489 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]490 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]491 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
492 return key;
493 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]494
danakj655b66c2016-04-16 00:51:38[diff] [blame]495 std::unique_ptr<FakeDataChannel> channel_1_;
496 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]497 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]498 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]499 std::unique_ptr<SSLClientSocket> client_socket_;
500 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]501 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]502 std::unique_ptr<MockCertVerifier> cert_verifier_;
503 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
504 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]505 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]506 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]507 std::unique_ptr<SSLServerContext> server_context_;
508 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame^]509 scoped_refptr<SSLPrivateKey> server_ssl_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]510 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]511};
512
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]513// This test only executes creation of client and server sockets. This is to
514// test that creation of sockets doesn't crash and have minimal code to run
515// under valgrind in order to help debugging memory problems.
516TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]517 ASSERT_NO_FATAL_FAILURE(CreateContext());
518 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]519}
520
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]521// This test executes Connect() on SSLClientSocket and Handshake() on
522// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]523// completed successfully.
524TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]525 ASSERT_NO_FATAL_FAILURE(CreateContext());
526 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]527
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]528 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]529 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]530
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]531 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]532 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]533
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]534 client_ret = connect_callback.GetResult(client_ret);
535 server_ret = handshake_callback.GetResult(server_ret);
536
robpercival214763f2016-07-01 23:27:01[diff] [blame]537 ASSERT_THAT(client_ret, IsOk());
538 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]539
540 // Make sure the cert status is expected.
541 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]542 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]543 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]544
davidben56a8aece2016-10-14 18:20:56[diff] [blame]545 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58[diff] [blame]546 uint16_t cipher_suite =
547 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
548 const char* key_exchange;
549 const char* cipher;
550 const char* mac;
551 bool is_aead;
davidben56a8aece2016-10-14 18:20:56[diff] [blame]552 bool is_tls13;
553 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
554 cipher_suite);
hansc048c38b2016-10-14 11:30:09[diff] [blame]555 EXPECT_TRUE(is_aead);
davidben56a8aece2016-10-14 18:20:56[diff] [blame]556 ASSERT_FALSE(is_tls13);
557 EXPECT_STREQ("ECDHE_RSA", key_exchange);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]558}
559
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]560// This test makes sure the session cache is working.
561TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]562 ASSERT_NO_FATAL_FAILURE(CreateContext());
563 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]564
565 TestCompletionCallback handshake_callback;
566 int server_ret = server_socket_->Handshake(handshake_callback.callback());
567
568 TestCompletionCallback connect_callback;
569 int client_ret = client_socket_->Connect(connect_callback.callback());
570
571 client_ret = connect_callback.GetResult(client_ret);
572 server_ret = handshake_callback.GetResult(server_ret);
573
robpercival214763f2016-07-01 23:27:01[diff] [blame]574 ASSERT_THAT(client_ret, IsOk());
575 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]576
577 // Make sure the cert status is expected.
578 SSLInfo ssl_info;
579 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
580 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
581 SSLInfo ssl_server_info;
582 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
583 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
584
585 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]586 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]587 TestCompletionCallback handshake_callback2;
588 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
589
590 TestCompletionCallback connect_callback2;
591 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
592
593 client_ret2 = connect_callback2.GetResult(client_ret2);
594 server_ret2 = handshake_callback2.GetResult(server_ret2);
595
robpercival214763f2016-07-01 23:27:01[diff] [blame]596 ASSERT_THAT(client_ret2, IsOk());
597 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]598
599 // Make sure the cert status is expected.
600 SSLInfo ssl_info2;
601 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
602 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
603 SSLInfo ssl_server_info2;
604 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
605 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
606}
607
608// This test makes sure the session cache separates out by server context.
609TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]610 ASSERT_NO_FATAL_FAILURE(CreateContext());
611 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]612
613 TestCompletionCallback handshake_callback;
614 int server_ret = server_socket_->Handshake(handshake_callback.callback());
615
616 TestCompletionCallback connect_callback;
617 int client_ret = client_socket_->Connect(connect_callback.callback());
618
619 client_ret = connect_callback.GetResult(client_ret);
620 server_ret = handshake_callback.GetResult(server_ret);
621
robpercival214763f2016-07-01 23:27:01[diff] [blame]622 ASSERT_THAT(client_ret, IsOk());
623 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]624
625 // Make sure the cert status is expected.
626 SSLInfo ssl_info;
627 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
628 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
629 SSLInfo ssl_server_info;
630 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
631 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
632
633 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]634 ASSERT_NO_FATAL_FAILURE(CreateContext());
635 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]636
637 TestCompletionCallback handshake_callback2;
638 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
639
640 TestCompletionCallback connect_callback2;
641 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
642
643 client_ret2 = connect_callback2.GetResult(client_ret2);
644 server_ret2 = handshake_callback2.GetResult(server_ret2);
645
robpercival214763f2016-07-01 23:27:01[diff] [blame]646 ASSERT_THAT(client_ret2, IsOk());
647 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]648
649 // Make sure the cert status is expected.
650 SSLInfo ssl_info2;
651 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
652 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
653 SSLInfo ssl_server_info2;
654 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
655 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
656}
657
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]658// This test executes Connect() on SSLClientSocket and Handshake() on
659// SSLServerSocket to make sure handshaking between the two sockets is
660// completed successfully, using client certificate.
661TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
662 scoped_refptr<X509Certificate> client_cert =
663 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]664 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
665 kClientCertFileName, kClientPrivateKeyFileName));
666 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
667 ASSERT_NO_FATAL_FAILURE(CreateContext());
668 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]669
670 TestCompletionCallback handshake_callback;
671 int server_ret = server_socket_->Handshake(handshake_callback.callback());
672
673 TestCompletionCallback connect_callback;
674 int client_ret = client_socket_->Connect(connect_callback.callback());
675
676 client_ret = connect_callback.GetResult(client_ret);
677 server_ret = handshake_callback.GetResult(server_ret);
678
robpercival214763f2016-07-01 23:27:01[diff] [blame]679 ASSERT_THAT(client_ret, IsOk());
680 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]681
682 // Make sure the cert status is expected.
683 SSLInfo ssl_info;
684 client_socket_->GetSSLInfo(&ssl_info);
685 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
686 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]687 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]688 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
689}
690
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]691// This test executes Connect() on SSLClientSocket and Handshake() twice on
692// SSLServerSocket to make sure handshaking between the two sockets is
693// completed successfully, using client certificate. The second connection is
694// expected to succeed through the session cache.
695TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
696 scoped_refptr<X509Certificate> client_cert =
697 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]698 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
699 kClientCertFileName, kClientPrivateKeyFileName));
700 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
701 ASSERT_NO_FATAL_FAILURE(CreateContext());
702 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]703
704 TestCompletionCallback handshake_callback;
705 int server_ret = server_socket_->Handshake(handshake_callback.callback());
706
707 TestCompletionCallback connect_callback;
708 int client_ret = client_socket_->Connect(connect_callback.callback());
709
710 client_ret = connect_callback.GetResult(client_ret);
711 server_ret = handshake_callback.GetResult(server_ret);
712
robpercival214763f2016-07-01 23:27:01[diff] [blame]713 ASSERT_THAT(client_ret, IsOk());
714 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]715
716 // Make sure the cert status is expected.
717 SSLInfo ssl_info;
718 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
719 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
720 SSLInfo ssl_server_info;
721 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
722 ASSERT_TRUE(ssl_server_info.cert.get());
723 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
724 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
725 server_socket_->Disconnect();
726 client_socket_->Disconnect();
727
728 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]729 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]730 TestCompletionCallback handshake_callback2;
731 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
732
733 TestCompletionCallback connect_callback2;
734 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
735
736 client_ret2 = connect_callback2.GetResult(client_ret2);
737 server_ret2 = handshake_callback2.GetResult(server_ret2);
738
robpercival214763f2016-07-01 23:27:01[diff] [blame]739 ASSERT_THAT(client_ret2, IsOk());
740 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]741
742 // Make sure the cert status is expected.
743 SSLInfo ssl_info2;
744 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
745 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
746 SSLInfo ssl_server_info2;
747 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
748 ASSERT_TRUE(ssl_server_info2.cert.get());
749 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
750 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
751}
752
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]753TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]754 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
755 ASSERT_NO_FATAL_FAILURE(CreateContext());
756 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]757 // Use the default setting for the client socket, which is to not send
758 // a client certificate. This will cause the client to receive an
759 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
760 // requested cert_authorities from the CertificateRequest sent by the
761 // server.
762
763 TestCompletionCallback handshake_callback;
764 int server_ret = server_socket_->Handshake(handshake_callback.callback());
765
766 TestCompletionCallback connect_callback;
767 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
768 connect_callback.GetResult(
769 client_socket_->Connect(connect_callback.callback())));
770
771 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
772 client_socket_->GetSSLCertRequestInfo(request_info.get());
773
774 // Check that the authority name that arrived in the CertificateRequest
775 // handshake message is as expected.
776 scoped_refptr<X509Certificate> client_cert =
777 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]778 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]779 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
780
781 client_socket_->Disconnect();
782
davidben3418e81f2016-10-19 00:09:45[diff] [blame]783 EXPECT_THAT(handshake_callback.GetResult(server_ret),
784 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]785}
786
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]787TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]788 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
789 ASSERT_NO_FATAL_FAILURE(CreateContext());
790 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]791 // Use the default setting for the client socket, which is to not send
792 // a client certificate. This will cause the client to receive an
793 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
794 // requested cert_authorities from the CertificateRequest sent by the
795 // server.
796
797 TestCompletionCallback handshake_callback;
798 int server_ret = server_socket_->Handshake(handshake_callback.callback());
799
800 TestCompletionCallback connect_callback;
801 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
802 connect_callback.GetResult(
803 client_socket_->Connect(connect_callback.callback())));
804
805 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
806 client_socket_->GetSSLCertRequestInfo(request_info.get());
807
808 // Check that the authority name that arrived in the CertificateRequest
809 // handshake message is as expected.
810 scoped_refptr<X509Certificate> client_cert =
811 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]812 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]813 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
814
815 client_socket_->Disconnect();
816
davidben3418e81f2016-10-19 00:09:45[diff] [blame]817 EXPECT_THAT(handshake_callback.GetResult(server_ret),
818 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]819 server_socket_->Disconnect();
820
821 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]822 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]823 TestCompletionCallback handshake_callback2;
824 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
825
826 TestCompletionCallback connect_callback2;
827 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
828 connect_callback2.GetResult(
829 client_socket_->Connect(connect_callback2.callback())));
830
831 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
832 client_socket_->GetSSLCertRequestInfo(request_info2.get());
833
834 // Check that the authority name that arrived in the CertificateRequest
835 // handshake message is as expected.
836 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
837
838 client_socket_->Disconnect();
839
davidben3418e81f2016-10-19 00:09:45[diff] [blame]840 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
841 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]842}
843
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]844TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
845 scoped_refptr<X509Certificate> client_cert =
846 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]847 ASSERT_TRUE(client_cert);
848
849 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
850 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
851 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
852 ASSERT_NO_FATAL_FAILURE(CreateContext());
853 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]854
855 TestCompletionCallback handshake_callback;
856 int server_ret = server_socket_->Handshake(handshake_callback.callback());
857
858 TestCompletionCallback connect_callback;
859 int client_ret = client_socket_->Connect(connect_callback.callback());
860
861 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
862 connect_callback.GetResult(client_ret));
863 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
864 handshake_callback.GetResult(server_ret));
865}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]866
867TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
868 scoped_refptr<X509Certificate> client_cert =
869 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]870 ASSERT_TRUE(client_cert);
871
872 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
873 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
874 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
875 ASSERT_NO_FATAL_FAILURE(CreateContext());
876 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]877
878 TestCompletionCallback handshake_callback;
879 int server_ret = server_socket_->Handshake(handshake_callback.callback());
880
881 TestCompletionCallback connect_callback;
882 int client_ret = client_socket_->Connect(connect_callback.callback());
883
884 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
885 connect_callback.GetResult(client_ret));
886 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
887 handshake_callback.GetResult(server_ret));
888
889 client_socket_->Disconnect();
890 server_socket_->Disconnect();
891
892 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]893 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]894 TestCompletionCallback handshake_callback2;
895 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
896
897 TestCompletionCallback connect_callback2;
898 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
899
900 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
901 connect_callback2.GetResult(client_ret2));
902 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
903 handshake_callback2.GetResult(server_ret2));
904}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]905
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]906TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]907 ASSERT_NO_FATAL_FAILURE(CreateContext());
908 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]909
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]910 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]911 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]912 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]913 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]914
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]915 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]916 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]917 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]918
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]919 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]920 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]921 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]922 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]923
924 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]925 scoped_refptr<StringIOBuffer> write_buf =
926 new StringIOBuffer("testing123");
927 scoped_refptr<DrainableIOBuffer> read_buf =
928 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]929
930 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]931 TestCompletionCallback write_callback;
932 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]933 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
934 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]935 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]936 client_ret = client_socket_->Read(
937 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]938 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]939
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]940 server_ret = write_callback.GetResult(server_ret);
941 EXPECT_GT(server_ret, 0);
942 client_ret = read_callback.GetResult(client_ret);
943 ASSERT_GT(client_ret, 0);
944
945 read_buf->DidConsume(client_ret);
946 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]947 client_ret = client_socket_->Read(
948 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]949 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]950 client_ret = read_callback.GetResult(client_ret);
951 ASSERT_GT(client_ret, 0);
952 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]953 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]954 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
955 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]956 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
957
958 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]959 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]960 server_ret = server_socket_->Read(
961 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]962 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]963 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
964 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]965 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]966
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]967 server_ret = read_callback.GetResult(server_ret);
968 ASSERT_GT(server_ret, 0);
969 client_ret = write_callback.GetResult(client_ret);
970 EXPECT_GT(client_ret, 0);
971
972 read_buf->DidConsume(server_ret);
973 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]974 server_ret = server_socket_->Read(
975 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]976 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]977 server_ret = read_callback.GetResult(server_ret);
978 ASSERT_GT(server_ret, 0);
979 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]980 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]981 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
982 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]983 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
984}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]985
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]986// A regression test for bug 127822 (http://crbug.com/127822).
987// If the server closes the connection after the handshake is finished,
988// the client's Write() call should not cause an infinite loop.
989// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]990TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]991 ASSERT_NO_FATAL_FAILURE(CreateContext());
992 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]993
994 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]995 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]996 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]997 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]998
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]999 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1000 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1001 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1002
1003 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1004 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1005 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1006 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1007
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1008 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1009
1010 // The server closes the connection. The server needs to write some
1011 // data first so that the client's Read() calls from the transport
1012 // socket won't return ERR_IO_PENDING. This ensures that the client
1013 // will call Read() on the transport socket again.
1014 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1015 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
1016 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1017 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1018
1019 server_ret = write_callback.GetResult(server_ret);
1020 EXPECT_GT(server_ret, 0);
1021
1022 server_socket_->Disconnect();
1023
1024 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1025 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
1026 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1027 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1028
1029 client_ret = write_callback.GetResult(client_ret);
1030 EXPECT_GT(client_ret, 0);
1031
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1032 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]1033 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1034 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1035 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1036}
1037
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1038// This test executes ExportKeyingMaterial() on the client and server sockets,
1039// after connecting them, and verifies that the results match.
1040// This test will fail if False Start is enabled (see crbug.com/90208).
1041TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1042 ASSERT_NO_FATAL_FAILURE(CreateContext());
1043 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1044
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1045 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1046 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1047 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1048
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1049 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1050 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1051 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1052
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1053 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1054 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1055 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1056 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1057 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1058 }
1059
1060 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1061 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1062 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1063 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1064 int rv = server_socket_->ExportKeyingMaterial(
1065 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1066 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1067
1068 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1069 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1070 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1071 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1072 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1073
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1074 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1075 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1076 rv = client_socket_->ExportKeyingMaterial(
1077 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1078 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1079 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1080}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1081
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1082// Verifies that SSLConfig::require_ecdhe flags works properly.
1083TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1084 // Disable all ECDHE suites on the client side.
1085 uint16_t kEcdheCiphers[] = {
1086 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1087 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1088 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1089 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1090 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1091 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1092 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1093 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:49[diff] [blame]1094 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1095 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1096 };
1097 client_ssl_config_.disabled_cipher_suites.assign(
1098 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1099
1100 // Require ECDHE on the server.
1101 server_ssl_config_.require_ecdhe = true;
1102
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1103 ASSERT_NO_FATAL_FAILURE(CreateContext());
1104 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1105
1106 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1107 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1108
1109 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1110 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1111
1112 client_ret = connect_callback.GetResult(client_ret);
1113 server_ret = handshake_callback.GetResult(server_ret);
1114
robpercival214763f2016-07-01 23:27:01[diff] [blame]1115 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1116 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1117}
1118
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame^]1119// This test executes Connect() on SSLClientSocket and Handshake() on
1120// SSLServerSocket to make sure handshaking between the two sockets is
1121// completed successfully. The server key is represented by SSLPrivateKey.
1122TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKey) {
1123 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1124 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1125
1126 TestCompletionCallback handshake_callback;
1127 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1128
1129 TestCompletionCallback connect_callback;
1130 int client_ret = client_socket_->Connect(connect_callback.callback());
1131
1132 client_ret = connect_callback.GetResult(client_ret);
1133 server_ret = handshake_callback.GetResult(server_ret);
1134
1135 ASSERT_THAT(client_ret, IsOk());
1136 ASSERT_THAT(server_ret, IsOk());
1137
1138 // Make sure the cert status is expected.
1139 SSLInfo ssl_info;
1140 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
1141 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
1142
1143 // The default cipher suite should be ECDHE and an AEAD.
1144 uint16_t cipher_suite =
1145 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
1146 const char* key_exchange;
1147 const char* cipher;
1148 const char* mac;
1149 bool is_aead;
1150 bool is_tls13;
1151 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
1152 cipher_suite);
1153 EXPECT_TRUE(is_aead);
1154 ASSERT_FALSE(is_tls13);
1155 EXPECT_STREQ("ECDHE_RSA", key_exchange);
1156}
1157
1158// Verifies that non-ECDHE ciphers are disabled when using SSLPrivateKey as the
1159// server key.
1160TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) {
1161 // Disable all ECDHE suites on the client side.
1162 uint16_t kEcdheCiphers[] = {
1163 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1164 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1165 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1166 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1167 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1168 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1169 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1170 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1171 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1172 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1173 };
1174 client_ssl_config_.disabled_cipher_suites.assign(
1175 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1176 // TLS 1.3 always works with SSLPrivateKey.
1177 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1178
1179 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1180 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1181
1182 TestCompletionCallback connect_callback;
1183 int client_ret = client_socket_->Connect(connect_callback.callback());
1184
1185 TestCompletionCallback handshake_callback;
1186 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1187
1188 client_ret = connect_callback.GetResult(client_ret);
1189 server_ret = handshake_callback.GetResult(server_ret);
1190
1191 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1192 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1193}
1194
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1195} // namespace net