Google Git
Sign in
chromium / chromium / src.git / 6d0558fd1092421d2c9cd91ba61af1606d948e6e / . / net / socket / ssl_server_socket_unittest.cc
blob: 781ba95c8039de0c8c7a93257bb9b156c9456775 [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]20#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]21
Sebastien Marchand6d0558fd2019-01-25 16:49:37[diff] [blame^]22#include "base/bind.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]23#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]24#include "base/compiler_specific.h"
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]25#include "base/containers/queue.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]26#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]27#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]28#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]29#include "base/logging.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]30#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]31#include "base/single_thread_task_runner.h"
Avi Drissman4365a4782018-12-28 19:26:24[diff] [blame]32#include "base/stl_util.h"
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]33#include "base/test/scoped_task_environment.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]34#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]35#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]36#include "crypto/nss_util.h"
37#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]38#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]39#include "net/base/address_list.h"
Bence Békybdbb0e72018-08-07 21:42:59[diff] [blame]40#include "net/base/completion_once_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]41#include "net/base/host_port_pair.h"
42#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]43#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]44#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]45#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]46#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]47#include "net/cert/ct_policy_enforcer.h"
48#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]49#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]50#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]51#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]52#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]53#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]54#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]55#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]56#include "net/socket/client_socket_factory.h"
57#include "net/socket/socket_test_util.h"
58#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]59#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]60#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]61#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]62#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]63#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]64#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]65#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]66#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]67#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]68#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]69#include "net/test/test_data_directory.h"
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]70#include "net/test/test_with_scoped_task_environment.h"
[email protected]578968d42017-12-13 15:39:32[diff] [blame]71#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]72#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]73#include "testing/gtest/include/gtest/gtest.h"
74#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:01[diff] [blame]75#include "third_party/boringssl/src/include/openssl/evp.h"
76#include "third_party/boringssl/src/include/openssl/ssl.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]77
robpercival214763f2016-07-01 23:27:01[diff] [blame]78using net::test::IsError;
79using net::test::IsOk;
80
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]81namespace net {
82
83namespace {
84
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]85const char kClientCertFileName[] = "client_1.pem";
86const char kClientPrivateKeyFileName[] = "client_1.pk8";
87const char kWrongClientCertFileName[] = "client_2.pem";
88const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]89
rsleevid6de8302016-06-21 01:33:20[diff] [blame]90class MockCTPolicyEnforcer : public CTPolicyEnforcer {
91 public:
92 MockCTPolicyEnforcer() = default;
93 ~MockCTPolicyEnforcer() override = default;
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]94 ct::CTPolicyCompliance CheckCompliance(
rsleevid6de8302016-06-21 01:33:20[diff] [blame]95 X509Certificate* cert,
Ryan Sleevi8a9c9c12018-05-09 02:36:23[diff] [blame]96 const ct::SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]97 const NetLogWithSource& net_log) override {
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]98 return ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]99 }
rsleevid6de8302016-06-21 01:33:20[diff] [blame]100};
101
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]102class FakeDataChannel {
103 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]104 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]105 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]106 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]107 write_called_after_close_(false),
108 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]109 }
110
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]111 int Read(IOBuffer* buf, int buf_len, CompletionOnceCallback callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]112 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]113 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]114 if (closed_)
115 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]116 if (data_.empty()) {
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]117 read_callback_ = std::move(callback);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]118 read_buf_ = buf;
119 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]120 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]121 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]122 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]123 }
124
[email protected]a2b2cfc2017-12-06 09:06:08[diff] [blame]125 int Write(IOBuffer* buf,
126 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]127 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32[diff] [blame]128 const NetworkTrafficAnnotationTag& traffic_annotation) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]129 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]130 if (closed_) {
131 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]132 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]133 write_called_after_close_ = true;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]134 write_callback_ = std::move(callback);
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]135 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]136 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
137 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]138 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]139 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]140 // This function returns synchronously, so make a copy of the buffer.
Victor Costancd439782018-08-30 07:27:57[diff] [blame]141 data_.push(base::MakeRefCounted<DrainableIOBuffer>(
142 base::MakeRefCounted<StringIOBuffer>(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]143 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]144 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]145 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
146 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]147 return buf_len;
148 }
149
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]150 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
151 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
152 // after the FakeDataChannel is closed, the first Write() call completes
153 // asynchronously, which is necessary to reproduce bug 127822.
154 void Close() {
155 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]156 if (!read_callback_.is_null()) {
157 base::ThreadTaskRunnerHandle::Get()->PostTask(
158 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
159 weak_factory_.GetWeakPtr()));
160 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]161 }
162
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]163 private:
164 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]165 if (read_callback_.is_null())
166 return;
167
168 if (closed_) {
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]169 std::move(read_callback_).Run(ERR_CONNECTION_CLOSED);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]170 return;
171 }
172
173 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]174 return;
175
tfarina9b6381442015-10-05 22:38:11[diff] [blame]176 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]177 read_buf_ = NULL;
178 read_buf_len_ = 0;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]179 std::move(read_callback_).Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]180 }
181
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]182 void DoWriteCallback() {
183 if (write_callback_.is_null())
184 return;
185
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]186 std::move(write_callback_).Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]187 }
188
tfarina9b6381442015-10-05 22:38:11[diff] [blame]189 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]190 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]191 int copied = std::min(buf->BytesRemaining(), read_buf_len);
192 memcpy(read_buf->data(), buf->data(), copied);
193 buf->DidConsume(copied);
194
195 if (!buf->BytesRemaining())
196 data_.pop();
197 return copied;
198 }
199
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]200 CompletionOnceCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]201 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]202 int read_buf_len_;
203
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]204 CompletionOnceCallback write_callback_;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]205
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]206 base::queue<scoped_refptr<DrainableIOBuffer>> data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]207
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]208 // True if Close() has been called.
209 bool closed_;
210
211 // Controls the completion of Write() after the FakeDataChannel is closed.
212 // After the FakeDataChannel is closed, the first Write() call completes
213 // asynchronously.
214 bool write_called_after_close_;
215
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]216 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
217
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]218 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
219};
220
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]221class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]222 public:
223 FakeSocket(FakeDataChannel* incoming_channel,
224 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]225 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]226
Chris Watkins7a41d3552017-12-01 02:13:27[diff] [blame]227 ~FakeSocket() override = default;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]228
dchengb03027d2014-10-21 12:00:20[diff] [blame]229 int Read(IOBuffer* buf,
230 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]231 CompletionOnceCallback callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]232 // Read random number of bytes.
233 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]234 return incoming_->Read(buf, buf_len, std::move(callback));
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]235 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]236
dchengb03027d2014-10-21 12:00:20[diff] [blame]237 int Write(IOBuffer* buf,
238 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]239 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32[diff] [blame]240 const NetworkTrafficAnnotationTag& traffic_annotation) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]241 // Write random number of bytes.
242 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]243 return outgoing_->Write(buf, buf_len, std::move(callback),
[email protected]578968d42017-12-13 15:39:32[diff] [blame]244 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]245 }
246
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]247 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]248
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]249 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]250
Brad Lassey3a814172018-04-26 03:30:21[diff] [blame]251 int Connect(CompletionOnceCallback callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]252
dchengb03027d2014-10-21 12:00:20[diff] [blame]253 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]254 incoming_->Close();
255 outgoing_->Close();
256 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]257
dchengb03027d2014-10-21 12:00:20[diff] [blame]258 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]259
dchengb03027d2014-10-21 12:00:20[diff] [blame]260 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]261
dchengb03027d2014-10-21 12:00:20[diff] [blame]262 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]263 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]264 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]265 }
266
dchengb03027d2014-10-21 12:00:20[diff] [blame]267 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]268 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]269 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]270 }
271
tfarina428341112016-09-22 13:38:20[diff] [blame]272 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]273
dchengb03027d2014-10-21 12:00:20[diff] [blame]274 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]275
tfarina2846404c2016-12-25 14:31:37[diff] [blame]276 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]277
dchengb03027d2014-10-21 12:00:20[diff] [blame]278 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]279
dchengb03027d2014-10-21 12:00:20[diff] [blame]280 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]281
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]282 void GetConnectionAttempts(ConnectionAttempts* out) const override {
283 out->clear();
284 }
285
286 void ClearConnectionAttempts() override {}
287
288 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
289
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]290 int64_t GetTotalReceivedBytes() const override {
291 NOTIMPLEMENTED();
292 return 0;
293 }
294
Paul Jensen0f49dec2017-12-12 23:39:58[diff] [blame]295 void ApplySocketTag(const SocketTag& tag) override {}
296
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]297 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]298 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]299 FakeDataChannel* incoming_;
300 FakeDataChannel* outgoing_;
301
302 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
303};
304
305} // namespace
306
307// Verify the correctness of the test helper classes first.
308TEST(FakeSocketTest, DataTransfer) {
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]309 base::test::ScopedTaskEnvironment scoped_task_environment;
310
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]311 // Establish channels between two sockets.
312 FakeDataChannel channel_1;
313 FakeDataChannel channel_2;
314 FakeSocket client(&channel_1, &channel_2);
315 FakeSocket server(&channel_2, &channel_1);
316
317 const char kTestData[] = "testing123";
318 const int kTestDataSize = strlen(kTestData);
319 const int kReadBufSize = 1024;
Victor Costan9c7302b2018-08-27 16:39:44[diff] [blame]320 scoped_refptr<IOBuffer> write_buf =
321 base::MakeRefCounted<StringIOBuffer>(kTestData);
322 scoped_refptr<IOBuffer> read_buf =
323 base::MakeRefCounted<IOBuffer>(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]324
325 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]326 int written =
Bence Békybdbb0e72018-08-07 21:42:59[diff] [blame]327 server.Write(write_buf.get(), kTestDataSize, CompletionOnceCallback(),
[email protected]578968d42017-12-13 15:39:32[diff] [blame]328 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]329 EXPECT_GT(written, 0);
330 EXPECT_LE(written, kTestDataSize);
331
Bence Békybdbb0e72018-08-07 21:42:59[diff] [blame]332 int read =
333 client.Read(read_buf.get(), kReadBufSize, CompletionOnceCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]334 EXPECT_GT(read, 0);
335 EXPECT_LE(read, written);
336 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]337
338 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]339 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]340 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]341 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]342
Bence Békybdbb0e72018-08-07 21:42:59[diff] [blame]343 written =
344 client.Write(write_buf.get(), kTestDataSize, CompletionOnceCallback(),
345 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]346 EXPECT_GT(written, 0);
347 EXPECT_LE(written, kTestDataSize);
348
349 read = callback.WaitForResult();
350 EXPECT_GT(read, 0);
351 EXPECT_LE(read, written);
352 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]353}
354
Bence Béky98447b12018-05-08 03:14:01[diff] [blame]355class SSLServerSocketTest : public PlatformTest,
356 public WithScopedTaskEnvironment {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]357 public:
358 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]359 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]360 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]361 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]362 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]363 ct_verifier_(new DoNothingCTVerifier),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]364 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]365
366 void SetUp() override {
367 PlatformTest::SetUp();
368
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]369 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
370 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]371
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]372 server_cert_ =
373 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]374 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]375 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]376 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]377
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]378 std::unique_ptr<crypto::RSAPrivateKey> key =
379 ReadTestKey("unittest.key.bin");
380 ASSERT_TRUE(key);
David Benjamin139c5572018-07-06 23:53:42[diff] [blame]381 server_ssl_private_key_ = WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]382
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]383 client_ssl_config_.false_start_enabled = false;
384 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]385
386 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]387 client_ssl_config_.allowed_bad_certs.emplace_back(
388 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]389 }
390
391 protected:
392 void CreateContext() {
393 client_socket_.reset();
394 server_socket_.reset();
395 channel_1_.reset();
396 channel_2_.reset();
397 server_context_.reset();
398 server_context_ = CreateSSLServerContext(
399 server_cert_.get(), *server_private_key_, server_ssl_config_);
400 }
401
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]402 void CreateContextSSLPrivateKey() {
403 client_socket_.reset();
404 server_socket_.reset();
405 channel_1_.reset();
406 channel_2_.reset();
407 server_context_.reset();
408 server_context_ = CreateSSLServerContext(
409 server_cert_.get(), server_ssl_private_key_, server_ssl_config_);
410 }
411
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]412 void CreateSockets() {
413 client_socket_.reset();
414 server_socket_.reset();
415 channel_1_.reset(new FakeDataChannel());
416 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]417 std::unique_ptr<ClientSocketHandle> client_connection(
418 new ClientSocketHandle);
419 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]420 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]421 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]422 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]423
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]424 HostPortPair host_and_pair("unittest", 0);
425 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]426 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]427 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]428 context.cert_transparency_verifier = ct_verifier_.get();
429 context.ct_policy_enforcer = ct_policy_enforcer_.get();
David Benjaminb3840f42017-08-03 15:50:16[diff] [blame]430 // Set a dummy session cache shard to enable session caching.
431 context.ssl_session_cache_shard = "shard";
rsleevia5c430222016-03-11 05:55:12[diff] [blame]432
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]433 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]434 std::move(client_connection), host_and_pair, client_ssl_config_,
435 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]436 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]437
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]438 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]439 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]440 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]441 }
442
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]443 void ConfigureClientCertsForClient(const char* cert_file_name,
444 const char* private_key_file_name) {
445 client_ssl_config_.send_client_cert = true;
446 client_ssl_config_.client_cert =
447 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
448 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]449
danakj655b66c2016-04-16 00:51:38[diff] [blame]450 std::unique_ptr<crypto::RSAPrivateKey> key =
451 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]452 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]453
agl5a7cadf2016-07-13 16:52:53[diff] [blame]454 client_ssl_config_.client_private_key =
David Benjamin139c5572018-07-06 23:53:42[diff] [blame]455 WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]456 }
457
458 void ConfigureClientCertsForServer() {
459 server_ssl_config_.client_cert_type =
460 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
461
David Benjamin99dada22017-09-28 20:04:00[diff] [blame]462 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
463 static const uint8_t kClientCertCAName[] = {
464 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
465 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
466 server_ssl_config_.cert_authorities_.push_back(std::string(
467 std::begin(kClientCertCAName), std::end(kClientCertCAName)));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]468
469 scoped_refptr<X509Certificate> expected_client_cert(
470 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]471 ASSERT_TRUE(expected_client_cert);
472
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]473 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
474
475 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
476 }
477
danakj655b66c2016-04-16 00:51:38[diff] [blame]478 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
479 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]480 base::FilePath certs_dir(GetTestCertsDirectory());
481 base::FilePath key_path = certs_dir.AppendASCII(name);
482 std::string key_string;
483 if (!base::ReadFileToString(key_path, &key_string))
484 return nullptr;
485 std::vector<uint8_t> key_vector(
486 reinterpret_cast<const uint8_t*>(key_string.data()),
487 reinterpret_cast<const uint8_t*>(key_string.data() +
488 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]489 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]490 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
491 return key;
492 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]493
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]494 void PumpServerToClient() {
495 const int kReadBufSize = 1024;
496 scoped_refptr<StringIOBuffer> write_buf =
497 base::MakeRefCounted<StringIOBuffer>("testing123");
498 scoped_refptr<DrainableIOBuffer> read_buf =
499 base::MakeRefCounted<DrainableIOBuffer>(
500 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
501 TestCompletionCallback write_callback;
502 TestCompletionCallback read_callback;
503 int server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
504 write_callback.callback(),
505 TRAFFIC_ANNOTATION_FOR_TESTS);
506 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
507 int client_ret = client_socket_->Read(
508 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
509 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
510
511 server_ret = write_callback.GetResult(server_ret);
512 EXPECT_GT(server_ret, 0);
513 client_ret = read_callback.GetResult(client_ret);
514 ASSERT_GT(client_ret, 0);
515 }
516
danakj655b66c2016-04-16 00:51:38[diff] [blame]517 std::unique_ptr<FakeDataChannel> channel_1_;
518 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]519 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]520 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]521 std::unique_ptr<SSLClientSocket> client_socket_;
522 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]523 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]524 std::unique_ptr<MockCertVerifier> cert_verifier_;
525 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
526 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]527 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]528 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]529 std::unique_ptr<SSLServerContext> server_context_;
530 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]531 scoped_refptr<SSLPrivateKey> server_ssl_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]532 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]533};
534
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]535// This test only executes creation of client and server sockets. This is to
536// test that creation of sockets doesn't crash and have minimal code to run
Mostyn Bramley-Moore699c5312018-05-01 10:48:09[diff] [blame]537// with memory leak/corruption checking tools.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]538TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]539 ASSERT_NO_FATAL_FAILURE(CreateContext());
540 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]541}
542
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]543// This test executes Connect() on SSLClientSocket and Handshake() on
544// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]545// completed successfully.
546TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]547 ASSERT_NO_FATAL_FAILURE(CreateContext());
548 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]549
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]550 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]551 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]552
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]553 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]554 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]555
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]556 client_ret = connect_callback.GetResult(client_ret);
557 server_ret = handshake_callback.GetResult(server_ret);
558
robpercival214763f2016-07-01 23:27:01[diff] [blame]559 ASSERT_THAT(client_ret, IsOk());
560 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]561
562 // Make sure the cert status is expected.
563 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]564 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]565 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]566
davidben56a8aece2016-10-14 18:20:56[diff] [blame]567 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58[diff] [blame]568 uint16_t cipher_suite =
569 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
570 const char* key_exchange;
571 const char* cipher;
572 const char* mac;
573 bool is_aead;
davidben56a8aece2016-10-14 18:20:56[diff] [blame]574 bool is_tls13;
575 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
576 cipher_suite);
hansc048c38b2016-10-14 11:30:09[diff] [blame]577 EXPECT_TRUE(is_aead);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]578}
579
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]580// This test makes sure the session cache is working.
581TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]582 ASSERT_NO_FATAL_FAILURE(CreateContext());
583 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]584
585 TestCompletionCallback handshake_callback;
586 int server_ret = server_socket_->Handshake(handshake_callback.callback());
587
588 TestCompletionCallback connect_callback;
589 int client_ret = client_socket_->Connect(connect_callback.callback());
590
591 client_ret = connect_callback.GetResult(client_ret);
592 server_ret = handshake_callback.GetResult(server_ret);
593
robpercival214763f2016-07-01 23:27:01[diff] [blame]594 ASSERT_THAT(client_ret, IsOk());
595 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]596
597 // Make sure the cert status is expected.
598 SSLInfo ssl_info;
599 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
600 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
601 SSLInfo ssl_server_info;
602 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
603 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
604
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]605 // Pump client read to get new session tickets.
606 PumpServerToClient();
607
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]608 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]609 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]610 TestCompletionCallback handshake_callback2;
611 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
612
613 TestCompletionCallback connect_callback2;
614 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
615
616 client_ret2 = connect_callback2.GetResult(client_ret2);
617 server_ret2 = handshake_callback2.GetResult(server_ret2);
618
robpercival214763f2016-07-01 23:27:01[diff] [blame]619 ASSERT_THAT(client_ret2, IsOk());
620 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]621
622 // Make sure the cert status is expected.
623 SSLInfo ssl_info2;
624 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
625 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
626 SSLInfo ssl_server_info2;
627 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
628 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
629}
630
631// This test makes sure the session cache separates out by server context.
632TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]633 ASSERT_NO_FATAL_FAILURE(CreateContext());
634 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]635
636 TestCompletionCallback handshake_callback;
637 int server_ret = server_socket_->Handshake(handshake_callback.callback());
638
639 TestCompletionCallback connect_callback;
640 int client_ret = client_socket_->Connect(connect_callback.callback());
641
642 client_ret = connect_callback.GetResult(client_ret);
643 server_ret = handshake_callback.GetResult(server_ret);
644
robpercival214763f2016-07-01 23:27:01[diff] [blame]645 ASSERT_THAT(client_ret, IsOk());
646 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]647
648 // Make sure the cert status is expected.
649 SSLInfo ssl_info;
650 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
651 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
652 SSLInfo ssl_server_info;
653 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
654 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
655
656 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]657 ASSERT_NO_FATAL_FAILURE(CreateContext());
658 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]659
660 TestCompletionCallback handshake_callback2;
661 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
662
663 TestCompletionCallback connect_callback2;
664 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
665
666 client_ret2 = connect_callback2.GetResult(client_ret2);
667 server_ret2 = handshake_callback2.GetResult(server_ret2);
668
robpercival214763f2016-07-01 23:27:01[diff] [blame]669 ASSERT_THAT(client_ret2, IsOk());
670 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]671
672 // Make sure the cert status is expected.
673 SSLInfo ssl_info2;
674 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
675 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
676 SSLInfo ssl_server_info2;
677 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
678 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
679}
680
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]681// This test executes Connect() on SSLClientSocket and Handshake() on
682// SSLServerSocket to make sure handshaking between the two sockets is
683// completed successfully, using client certificate.
684TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
685 scoped_refptr<X509Certificate> client_cert =
686 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]687 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
688 kClientCertFileName, kClientPrivateKeyFileName));
689 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
690 ASSERT_NO_FATAL_FAILURE(CreateContext());
691 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]692
693 TestCompletionCallback handshake_callback;
694 int server_ret = server_socket_->Handshake(handshake_callback.callback());
695
696 TestCompletionCallback connect_callback;
697 int client_ret = client_socket_->Connect(connect_callback.callback());
698
699 client_ret = connect_callback.GetResult(client_ret);
700 server_ret = handshake_callback.GetResult(server_ret);
701
robpercival214763f2016-07-01 23:27:01[diff] [blame]702 ASSERT_THAT(client_ret, IsOk());
703 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]704
705 // Make sure the cert status is expected.
706 SSLInfo ssl_info;
707 client_socket_->GetSSLInfo(&ssl_info);
708 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
709 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]710 ASSERT_TRUE(ssl_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53[diff] [blame]711 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_info.cert.get()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]712}
713
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]714// This test executes Connect() on SSLClientSocket and Handshake() twice on
715// SSLServerSocket to make sure handshaking between the two sockets is
716// completed successfully, using client certificate. The second connection is
717// expected to succeed through the session cache.
718TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
719 scoped_refptr<X509Certificate> client_cert =
720 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]721 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
722 kClientCertFileName, kClientPrivateKeyFileName));
723 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
724 ASSERT_NO_FATAL_FAILURE(CreateContext());
725 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]726
727 TestCompletionCallback handshake_callback;
728 int server_ret = server_socket_->Handshake(handshake_callback.callback());
729
730 TestCompletionCallback connect_callback;
731 int client_ret = client_socket_->Connect(connect_callback.callback());
732
733 client_ret = connect_callback.GetResult(client_ret);
734 server_ret = handshake_callback.GetResult(server_ret);
735
robpercival214763f2016-07-01 23:27:01[diff] [blame]736 ASSERT_THAT(client_ret, IsOk());
737 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]738
739 // Make sure the cert status is expected.
740 SSLInfo ssl_info;
741 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
742 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
743 SSLInfo ssl_server_info;
744 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
745 ASSERT_TRUE(ssl_server_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53[diff] [blame]746 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]747 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]748 // Pump client read to get new session tickets.
749 PumpServerToClient();
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]750 server_socket_->Disconnect();
751 client_socket_->Disconnect();
752
753 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]754 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]755 TestCompletionCallback handshake_callback2;
756 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
757
758 TestCompletionCallback connect_callback2;
759 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
760
761 client_ret2 = connect_callback2.GetResult(client_ret2);
762 server_ret2 = handshake_callback2.GetResult(server_ret2);
763
robpercival214763f2016-07-01 23:27:01[diff] [blame]764 ASSERT_THAT(client_ret2, IsOk());
765 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]766
767 // Make sure the cert status is expected.
768 SSLInfo ssl_info2;
769 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
770 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
771 SSLInfo ssl_server_info2;
772 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
773 ASSERT_TRUE(ssl_server_info2.cert.get());
Matt Mueller294998d2018-04-17 03:04:53[diff] [blame]774 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info2.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]775 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
776}
777
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]778TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]779 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
780 ASSERT_NO_FATAL_FAILURE(CreateContext());
781 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]782 // Use the default setting for the client socket, which is to not send
783 // a client certificate. This will cause the client to receive an
784 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
785 // requested cert_authorities from the CertificateRequest sent by the
786 // server.
787
788 TestCompletionCallback handshake_callback;
789 int server_ret = server_socket_->Handshake(handshake_callback.callback());
790
791 TestCompletionCallback connect_callback;
792 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
793 connect_callback.GetResult(
794 client_socket_->Connect(connect_callback.callback())));
795
796 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
797 client_socket_->GetSSLCertRequestInfo(request_info.get());
798
799 // Check that the authority name that arrived in the CertificateRequest
800 // handshake message is as expected.
801 scoped_refptr<X509Certificate> client_cert =
802 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]803 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]804 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
805
806 client_socket_->Disconnect();
807
davidben3418e81f2016-10-19 00:09:45[diff] [blame]808 EXPECT_THAT(handshake_callback.GetResult(server_ret),
809 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]810}
811
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]812TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]813 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
814 ASSERT_NO_FATAL_FAILURE(CreateContext());
815 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]816 // Use the default setting for the client socket, which is to not send
817 // a client certificate. This will cause the client to receive an
818 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
819 // requested cert_authorities from the CertificateRequest sent by the
820 // server.
821
822 TestCompletionCallback handshake_callback;
823 int server_ret = server_socket_->Handshake(handshake_callback.callback());
824
825 TestCompletionCallback connect_callback;
826 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
827 connect_callback.GetResult(
828 client_socket_->Connect(connect_callback.callback())));
829
830 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
831 client_socket_->GetSSLCertRequestInfo(request_info.get());
832
833 // Check that the authority name that arrived in the CertificateRequest
834 // handshake message is as expected.
835 scoped_refptr<X509Certificate> client_cert =
836 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]837 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]838 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
839
840 client_socket_->Disconnect();
841
davidben3418e81f2016-10-19 00:09:45[diff] [blame]842 EXPECT_THAT(handshake_callback.GetResult(server_ret),
843 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]844 server_socket_->Disconnect();
845
846 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]847 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]848 TestCompletionCallback handshake_callback2;
849 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
850
851 TestCompletionCallback connect_callback2;
852 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
853 connect_callback2.GetResult(
854 client_socket_->Connect(connect_callback2.callback())));
855
856 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
857 client_socket_->GetSSLCertRequestInfo(request_info2.get());
858
859 // Check that the authority name that arrived in the CertificateRequest
860 // handshake message is as expected.
861 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
862
863 client_socket_->Disconnect();
864
davidben3418e81f2016-10-19 00:09:45[diff] [blame]865 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
866 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]867}
868
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]869TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
870 scoped_refptr<X509Certificate> client_cert =
871 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]872 ASSERT_TRUE(client_cert);
873
874 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
875 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
876 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
877 ASSERT_NO_FATAL_FAILURE(CreateContext());
878 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]879
880 TestCompletionCallback handshake_callback;
881 int server_ret = server_socket_->Handshake(handshake_callback.callback());
882
883 TestCompletionCallback connect_callback;
884 int client_ret = client_socket_->Connect(connect_callback.callback());
885
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]886 // In TLS 1.3, the client cert error isn't exposed until Read is called.
887 EXPECT_EQ(OK, connect_callback.GetResult(client_ret));
888 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
889 handshake_callback.GetResult(server_ret));
890
891 // Pump client read to get client cert error.
892 const int kReadBufSize = 1024;
893 scoped_refptr<DrainableIOBuffer> read_buf =
894 base::MakeRefCounted<DrainableIOBuffer>(
895 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
896 TestCompletionCallback read_callback;
897 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
898 read_callback.callback());
899 client_ret = read_callback.GetResult(client_ret);
900 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
901}
902
903TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedTLS12) {
904 scoped_refptr<X509Certificate> client_cert =
905 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
906 ASSERT_TRUE(client_cert);
907
908 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
909 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
910 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
911 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
912 ASSERT_NO_FATAL_FAILURE(CreateContext());
913 ASSERT_NO_FATAL_FAILURE(CreateSockets());
914
915 TestCompletionCallback handshake_callback;
916 int server_ret = server_socket_->Handshake(handshake_callback.callback());
917
918 TestCompletionCallback connect_callback;
919 int client_ret = client_socket_->Connect(connect_callback.callback());
920
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]921 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
922 connect_callback.GetResult(client_ret));
923 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
924 handshake_callback.GetResult(server_ret));
925}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]926
927TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
928 scoped_refptr<X509Certificate> client_cert =
929 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]930 ASSERT_TRUE(client_cert);
931
932 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
933 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
934 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
935 ASSERT_NO_FATAL_FAILURE(CreateContext());
936 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]937
938 TestCompletionCallback handshake_callback;
939 int server_ret = server_socket_->Handshake(handshake_callback.callback());
940
941 TestCompletionCallback connect_callback;
942 int client_ret = client_socket_->Connect(connect_callback.callback());
943
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]944 // In TLS 1.3, the client cert error isn't exposed until Read is called.
945 EXPECT_EQ(OK, connect_callback.GetResult(client_ret));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]946 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
947 handshake_callback.GetResult(server_ret));
948
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]949 // Pump client read to get client cert error.
950 const int kReadBufSize = 1024;
951 scoped_refptr<DrainableIOBuffer> read_buf =
952 base::MakeRefCounted<DrainableIOBuffer>(
953 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
954 TestCompletionCallback read_callback;
955 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
956 read_callback.callback());
957 client_ret = read_callback.GetResult(client_ret);
958 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
959
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]960 client_socket_->Disconnect();
961 server_socket_->Disconnect();
962
963 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]964 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]965 TestCompletionCallback handshake_callback2;
966 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
967
968 TestCompletionCallback connect_callback2;
969 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
970
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]971 // In TLS 1.3, the client cert error isn't exposed until Read is called.
972 EXPECT_EQ(OK, connect_callback2.GetResult(client_ret2));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]973 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
974 handshake_callback2.GetResult(server_ret2));
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]975
976 // Pump client read to get client cert error.
977 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
978 read_callback.callback());
979 client_ret = read_callback.GetResult(client_ret);
980 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]981}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]982
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]983TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]984 ASSERT_NO_FATAL_FAILURE(CreateContext());
985 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]986
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]987 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]988 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]989 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]990 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]991
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]992 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]993 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]994 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]995
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]996 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]997 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]998 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]999 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1000
1001 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1002 scoped_refptr<StringIOBuffer> write_buf =
Victor Costan9c7302b2018-08-27 16:39:44[diff] [blame]1003 base::MakeRefCounted<StringIOBuffer>("testing123");
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1004 scoped_refptr<DrainableIOBuffer> read_buf =
Victor Costancd439782018-08-30 07:27:57[diff] [blame]1005 base::MakeRefCounted<DrainableIOBuffer>(
1006 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1007
1008 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1009 TestCompletionCallback write_callback;
1010 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1011 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]1012 write_callback.callback(),
1013 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1014 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]1015 client_ret = client_socket_->Read(
1016 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1017 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1018
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]1019 server_ret = write_callback.GetResult(server_ret);
1020 EXPECT_GT(server_ret, 0);
1021 client_ret = read_callback.GetResult(client_ret);
1022 ASSERT_GT(client_ret, 0);
1023
1024 read_buf->DidConsume(client_ret);
1025 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]1026 client_ret = client_socket_->Read(
1027 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1028 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]1029 client_ret = read_callback.GetResult(client_ret);
1030 ASSERT_GT(client_ret, 0);
1031 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1032 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]1033 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
1034 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1035 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
1036
1037 // Read then write.
Victor Costan9c7302b2018-08-27 16:39:44[diff] [blame]1038 write_buf = base::MakeRefCounted<StringIOBuffer>("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]1039 server_ret = server_socket_->Read(
1040 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1041 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1042 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]1043 write_callback.callback(),
1044 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1045 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1046
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]1047 server_ret = read_callback.GetResult(server_ret);
1048 ASSERT_GT(server_ret, 0);
1049 client_ret = write_callback.GetResult(client_ret);
1050 EXPECT_GT(client_ret, 0);
1051
1052 read_buf->DidConsume(server_ret);
1053 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]1054 server_ret = server_socket_->Read(
1055 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1056 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]1057 server_ret = read_callback.GetResult(server_ret);
1058 ASSERT_GT(server_ret, 0);
1059 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1060 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]1061 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
1062 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1063 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
1064}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1065
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1066// A regression test for bug 127822 (http://crbug.com/127822).
1067// If the server closes the connection after the handshake is finished,
1068// the client's Write() call should not cause an infinite loop.
1069// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]1070TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1071 ASSERT_NO_FATAL_FAILURE(CreateContext());
1072 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1073
1074 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1075 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1076 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1077 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1078
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1079 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1080 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1081 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1082
1083 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1084 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1085 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1086 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1087
Victor Costan9c7302b2018-08-27 16:39:44[diff] [blame]1088 scoped_refptr<StringIOBuffer> write_buf =
1089 base::MakeRefCounted<StringIOBuffer>("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1090
1091 // The server closes the connection. The server needs to write some
1092 // data first so that the client's Read() calls from the transport
1093 // socket won't return ERR_IO_PENDING. This ensures that the client
1094 // will call Read() on the transport socket again.
1095 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1096 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]1097 write_callback.callback(),
1098 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1099 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1100
1101 server_ret = write_callback.GetResult(server_ret);
1102 EXPECT_GT(server_ret, 0);
1103
1104 server_socket_->Disconnect();
1105
1106 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1107 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:38[diff] [blame]1108 write_callback.callback(),
1109 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1110 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1111
1112 client_ret = write_callback.GetResult(client_ret);
1113 EXPECT_GT(client_ret, 0);
1114
Weza03bae02018-07-13 17:17:33[diff] [blame]1115 base::RunLoop run_loop;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1116 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
Weza03bae02018-07-13 17:17:33[diff] [blame]1117 FROM_HERE, run_loop.QuitClosure(), base::TimeDelta::FromMilliseconds(10));
1118 run_loop.Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1119}
1120
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1121// This test executes ExportKeyingMaterial() on the client and server sockets,
1122// after connecting them, and verifies that the results match.
1123// This test will fail if False Start is enabled (see crbug.com/90208).
1124TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1125 ASSERT_NO_FATAL_FAILURE(CreateContext());
1126 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1127
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1128 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1129 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1130 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1131
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1132 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1133 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1134 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1135
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1136 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1137 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1138 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1139 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1140 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1141 }
1142
1143 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1144 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1145 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1146 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1147 int rv = server_socket_->ExportKeyingMaterial(
1148 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1149 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1150
1151 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1152 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1153 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1154 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1155 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1156
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1157 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1158 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1159 rv = client_socket_->ExportKeyingMaterial(
1160 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1161 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1162 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1163}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1164
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1165// Verifies that SSLConfig::require_ecdhe flags works properly.
1166TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1167 // Disable all ECDHE suites on the client side.
1168 uint16_t kEcdheCiphers[] = {
1169 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1170 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1171 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1172 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1173 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1174 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1175 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1176 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:49[diff] [blame]1177 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1178 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1179 };
1180 client_ssl_config_.disabled_cipher_suites.assign(
Avi Drissman4365a4782018-12-28 19:26:24[diff] [blame]1181 kEcdheCiphers, kEcdheCiphers + base::size(kEcdheCiphers));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1182
Steven Valdez0ef94d02018-11-19 23:28:13[diff] [blame]1183 // Legacy RSA key exchange ciphers only exist in TLS 1.2 and below.
1184 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1185
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1186 // Require ECDHE on the server.
1187 server_ssl_config_.require_ecdhe = true;
1188
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1189 ASSERT_NO_FATAL_FAILURE(CreateContext());
1190 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1191
1192 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1193 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1194
1195 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1196 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1197
1198 client_ret = connect_callback.GetResult(client_ret);
1199 server_ret = handshake_callback.GetResult(server_ret);
1200
robpercival214763f2016-07-01 23:27:01[diff] [blame]1201 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1202 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1203}
1204
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]1205// This test executes Connect() on SSLClientSocket and Handshake() on
1206// SSLServerSocket to make sure handshaking between the two sockets is
1207// completed successfully. The server key is represented by SSLPrivateKey.
1208TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKey) {
1209 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1210 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1211
1212 TestCompletionCallback handshake_callback;
1213 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1214
1215 TestCompletionCallback connect_callback;
1216 int client_ret = client_socket_->Connect(connect_callback.callback());
1217
1218 client_ret = connect_callback.GetResult(client_ret);
1219 server_ret = handshake_callback.GetResult(server_ret);
1220
1221 ASSERT_THAT(client_ret, IsOk());
1222 ASSERT_THAT(server_ret, IsOk());
1223
1224 // Make sure the cert status is expected.
1225 SSLInfo ssl_info;
1226 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
1227 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
1228
1229 // The default cipher suite should be ECDHE and an AEAD.
1230 uint16_t cipher_suite =
1231 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
1232 const char* key_exchange;
1233 const char* cipher;
1234 const char* mac;
1235 bool is_aead;
1236 bool is_tls13;
1237 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
1238 cipher_suite);
1239 EXPECT_TRUE(is_aead);
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]1240}
1241
1242// Verifies that non-ECDHE ciphers are disabled when using SSLPrivateKey as the
1243// server key.
1244TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) {
1245 // Disable all ECDHE suites on the client side.
1246 uint16_t kEcdheCiphers[] = {
1247 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1248 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1249 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1250 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1251 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1252 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1253 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1254 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1255 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1256 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1257 };
1258 client_ssl_config_.disabled_cipher_suites.assign(
Avi Drissman4365a4782018-12-28 19:26:24[diff] [blame]1259 kEcdheCiphers, kEcdheCiphers + base::size(kEcdheCiphers));
Ryan Ki Sing Chung665861e2017-12-15 22:05:55[diff] [blame]1260 // TLS 1.3 always works with SSLPrivateKey.
1261 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1262
1263 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1264 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1265
1266 TestCompletionCallback connect_callback;
1267 int client_ret = client_socket_->Connect(connect_callback.callback());
1268
1269 TestCompletionCallback handshake_callback;
1270 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1271
1272 client_ret = connect_callback.GetResult(client_ret);
1273 server_ret = handshake_callback.GetResult(server_ret);
1274
1275 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1276 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1277}
1278
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1279} // namespace net