Google Git
Sign in
chromium / chromium / src.git / 7a41d355a4a582e2139e21d58ce08fb423092ab7 / . / net / socket / ssl_server_socket_unittest.cc
blob: 73a038d61cc31b275fe038024d8e3b77aee6c21b [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]20#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]21
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]22#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]23#include "base/compiler_specific.h"
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]24#include "base/containers/queue.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]25#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]26#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]27#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]28#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]29#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]30#include "base/message_loop/message_loop.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]31#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]32#include "base/single_thread_task_runner.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]33#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]34#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]35#include "crypto/nss_util.h"
36#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]37#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]38#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]39#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]40#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]42#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]43#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]45#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]46#include "net/cert/ct_policy_enforcer.h"
47#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]48#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]50#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]51#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]52#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]53#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]54#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]55#include "net/socket/client_socket_factory.h"
56#include "net/socket/socket_test_util.h"
57#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]58#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]59#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]60#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]61#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]62#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]64#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]65#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]66#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]67#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]68#include "net/test/test_data_directory.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]69#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]70#include "testing/gtest/include/gtest/gtest.h"
71#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:01[diff] [blame]72#include "third_party/boringssl/src/include/openssl/evp.h"
73#include "third_party/boringssl/src/include/openssl/ssl.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]74
robpercival214763f2016-07-01 23:27:01[diff] [blame]75using net::test::IsError;
76using net::test::IsOk;
77
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]78namespace net {
79
80namespace {
81
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]82const char kClientCertFileName[] = "client_1.pem";
83const char kClientPrivateKeyFileName[] = "client_1.pk8";
84const char kWrongClientCertFileName[] = "client_2.pem";
85const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]86
rsleevid6de8302016-06-21 01:33:20[diff] [blame]87class MockCTPolicyEnforcer : public CTPolicyEnforcer {
88 public:
89 MockCTPolicyEnforcer() = default;
90 ~MockCTPolicyEnforcer() override = default;
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]91 ct::CTPolicyCompliance CheckCompliance(
rsleevid6de8302016-06-21 01:33:20[diff] [blame]92 X509Certificate* cert,
93 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]94 const NetLogWithSource& net_log) override {
Emily Stark627238f2017-11-29 03:29:54[diff] [blame]95 return ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]96 }
rsleevid6de8302016-06-21 01:33:20[diff] [blame]97};
98
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]99class FakeDataChannel {
100 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]101 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]102 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]103 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]104 write_called_after_close_(false),
105 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]106 }
107
[email protected]47a12862012-04-10 01:00:49[diff] [blame]108 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]109 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]110 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]111 if (closed_)
112 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]113 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]114 read_callback_ = callback;
115 read_buf_ = buf;
116 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]117 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]118 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]119 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]120 }
121
[email protected]47a12862012-04-10 01:00:49[diff] [blame]122 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]123 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]124 if (closed_) {
125 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]126 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]127 write_called_after_close_ = true;
128 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]129 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]130 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
131 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]132 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]133 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]134 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]135 data_.push(new DrainableIOBuffer(
136 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]137 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]138 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]139 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
140 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]141 return buf_len;
142 }
143
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]144 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
145 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
146 // after the FakeDataChannel is closed, the first Write() call completes
147 // asynchronously, which is necessary to reproduce bug 127822.
148 void Close() {
149 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]150 if (!read_callback_.is_null()) {
151 base::ThreadTaskRunnerHandle::Get()->PostTask(
152 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
153 weak_factory_.GetWeakPtr()));
154 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]155 }
156
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]157 private:
158 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]159 if (read_callback_.is_null())
160 return;
161
162 if (closed_) {
163 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
164 return;
165 }
166
167 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]168 return;
169
tfarina9b6381442015-10-05 22:38:11[diff] [blame]170 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]171 CompletionCallback callback = read_callback_;
172 read_callback_.Reset();
173 read_buf_ = NULL;
174 read_buf_len_ = 0;
175 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]176 }
177
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]178 void DoWriteCallback() {
179 if (write_callback_.is_null())
180 return;
181
182 CompletionCallback callback = write_callback_;
183 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]184 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]185 }
186
tfarina9b6381442015-10-05 22:38:11[diff] [blame]187 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]188 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]189 int copied = std::min(buf->BytesRemaining(), read_buf_len);
190 memcpy(read_buf->data(), buf->data(), copied);
191 buf->DidConsume(copied);
192
193 if (!buf->BytesRemaining())
194 data_.pop();
195 return copied;
196 }
197
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]198 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]199 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]200 int read_buf_len_;
201
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]202 CompletionCallback write_callback_;
203
Brett Wilsonc6a0c822017-09-12 00:04:29[diff] [blame]204 base::queue<scoped_refptr<DrainableIOBuffer>> data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]205
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]206 // True if Close() has been called.
207 bool closed_;
208
209 // Controls the completion of Write() after the FakeDataChannel is closed.
210 // After the FakeDataChannel is closed, the first Write() call completes
211 // asynchronously.
212 bool write_called_after_close_;
213
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]214 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
215
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]216 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
217};
218
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]219class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]220 public:
221 FakeSocket(FakeDataChannel* incoming_channel,
222 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]223 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]224
Chris Watkins7a41d3552017-12-01 02:13:27[diff] [blame^]225 ~FakeSocket() override = default;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]226
dchengb03027d2014-10-21 12:00:20[diff] [blame]227 int Read(IOBuffer* buf,
228 int buf_len,
229 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]230 // Read random number of bytes.
231 buf_len = rand() % buf_len + 1;
232 return incoming_->Read(buf, buf_len, callback);
233 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]234
dchengb03027d2014-10-21 12:00:20[diff] [blame]235 int Write(IOBuffer* buf,
236 int buf_len,
237 const CompletionCallback& callback) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]238 // Write random number of bytes.
239 buf_len = rand() % buf_len + 1;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]240 return outgoing_->Write(buf, buf_len, callback);
241 }
242
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]243 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]244
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]245 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]246
dchengb03027d2014-10-21 12:00:20[diff] [blame]247 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]248
dchengb03027d2014-10-21 12:00:20[diff] [blame]249 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]250 incoming_->Close();
251 outgoing_->Close();
252 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]253
dchengb03027d2014-10-21 12:00:20[diff] [blame]254 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]255
dchengb03027d2014-10-21 12:00:20[diff] [blame]256 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]257
dchengb03027d2014-10-21 12:00:20[diff] [blame]258 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]259 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]260 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]261 }
262
dchengb03027d2014-10-21 12:00:20[diff] [blame]263 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]264 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]265 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]266 }
267
tfarina428341112016-09-22 13:38:20[diff] [blame]268 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]269
dchengb03027d2014-10-21 12:00:20[diff] [blame]270 void SetSubresourceSpeculation() override {}
271 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]272
dchengb03027d2014-10-21 12:00:20[diff] [blame]273 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]274
tfarina2846404c2016-12-25 14:31:37[diff] [blame]275 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]276
dchengb03027d2014-10-21 12:00:20[diff] [blame]277 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]278
dchengb03027d2014-10-21 12:00:20[diff] [blame]279 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]280
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]281 void GetConnectionAttempts(ConnectionAttempts* out) const override {
282 out->clear();
283 }
284
285 void ClearConnectionAttempts() override {}
286
287 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
288
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]289 int64_t GetTotalReceivedBytes() const override {
290 NOTIMPLEMENTED();
291 return 0;
292 }
293
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]294 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]295 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]296 FakeDataChannel* incoming_;
297 FakeDataChannel* outgoing_;
298
299 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
300};
301
302} // namespace
303
304// Verify the correctness of the test helper classes first.
305TEST(FakeSocketTest, DataTransfer) {
306 // Establish channels between two sockets.
307 FakeDataChannel channel_1;
308 FakeDataChannel channel_2;
309 FakeSocket client(&channel_1, &channel_2);
310 FakeSocket server(&channel_2, &channel_1);
311
312 const char kTestData[] = "testing123";
313 const int kTestDataSize = strlen(kTestData);
314 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]315 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
316 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]317
318 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]319 int written =
320 server.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]321 EXPECT_GT(written, 0);
322 EXPECT_LE(written, kTestDataSize);
323
[email protected]90499482013-06-01 00:39:50[diff] [blame]324 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]325 EXPECT_GT(read, 0);
326 EXPECT_LE(read, written);
327 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]328
329 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]330 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]331 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]332 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]333
[email protected]90499482013-06-01 00:39:50[diff] [blame]334 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]335 EXPECT_GT(written, 0);
336 EXPECT_LE(written, kTestDataSize);
337
338 read = callback.WaitForResult();
339 EXPECT_GT(read, 0);
340 EXPECT_LE(read, written);
341 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]342}
343
344class SSLServerSocketTest : public PlatformTest {
345 public:
346 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]347 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]348 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]349 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]350 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]351 ct_verifier_(new DoNothingCTVerifier),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]352 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]353
354 void SetUp() override {
355 PlatformTest::SetUp();
356
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]357 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
358 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]359
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]360 server_cert_ =
361 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]362 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]363 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]364 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]365
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]366 client_ssl_config_.false_start_enabled = false;
367 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]368
369 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]370 client_ssl_config_.allowed_bad_certs.emplace_back(
371 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]372 }
373
374 protected:
375 void CreateContext() {
376 client_socket_.reset();
377 server_socket_.reset();
378 channel_1_.reset();
379 channel_2_.reset();
380 server_context_.reset();
381 server_context_ = CreateSSLServerContext(
382 server_cert_.get(), *server_private_key_, server_ssl_config_);
383 }
384
385 void CreateSockets() {
386 client_socket_.reset();
387 server_socket_.reset();
388 channel_1_.reset(new FakeDataChannel());
389 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]390 std::unique_ptr<ClientSocketHandle> client_connection(
391 new ClientSocketHandle);
392 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]393 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]394 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]395 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]396
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]397 HostPortPair host_and_pair("unittest", 0);
398 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]399 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]400 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]401 context.cert_transparency_verifier = ct_verifier_.get();
402 context.ct_policy_enforcer = ct_policy_enforcer_.get();
David Benjaminb3840f42017-08-03 15:50:16[diff] [blame]403 // Set a dummy session cache shard to enable session caching.
404 context.ssl_session_cache_shard = "shard";
rsleevia5c430222016-03-11 05:55:12[diff] [blame]405
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]406 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]407 std::move(client_connection), host_and_pair, client_ssl_config_,
408 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]409 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]410
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]411 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]412 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]413 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]414 }
415
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]416 void ConfigureClientCertsForClient(const char* cert_file_name,
417 const char* private_key_file_name) {
418 client_ssl_config_.send_client_cert = true;
419 client_ssl_config_.client_cert =
420 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
421 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]422
danakj655b66c2016-04-16 00:51:38[diff] [blame]423 std::unique_ptr<crypto::RSAPrivateKey> key =
424 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]425 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]426
agl5a7cadf2016-07-13 16:52:53[diff] [blame]427 EVP_PKEY_up_ref(key->key());
428 client_ssl_config_.client_private_key =
davidbend80c12c2016-10-11 00:13:49[diff] [blame]429 WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY>(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]430 }
431
432 void ConfigureClientCertsForServer() {
433 server_ssl_config_.client_cert_type =
434 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
435
David Benjamin99dada22017-09-28 20:04:00[diff] [blame]436 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
437 static const uint8_t kClientCertCAName[] = {
438 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
439 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
440 server_ssl_config_.cert_authorities_.push_back(std::string(
441 std::begin(kClientCertCAName), std::end(kClientCertCAName)));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]442
443 scoped_refptr<X509Certificate> expected_client_cert(
444 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]445 ASSERT_TRUE(expected_client_cert);
446
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]447 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
448
449 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
450 }
451
danakj655b66c2016-04-16 00:51:38[diff] [blame]452 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
453 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]454 base::FilePath certs_dir(GetTestCertsDirectory());
455 base::FilePath key_path = certs_dir.AppendASCII(name);
456 std::string key_string;
457 if (!base::ReadFileToString(key_path, &key_string))
458 return nullptr;
459 std::vector<uint8_t> key_vector(
460 reinterpret_cast<const uint8_t*>(key_string.data()),
461 reinterpret_cast<const uint8_t*>(key_string.data() +
462 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]463 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]464 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
465 return key;
466 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]467
danakj655b66c2016-04-16 00:51:38[diff] [blame]468 std::unique_ptr<FakeDataChannel> channel_1_;
469 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]470 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]471 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]472 std::unique_ptr<SSLClientSocket> client_socket_;
473 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]474 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]475 std::unique_ptr<MockCertVerifier> cert_verifier_;
476 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
477 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]478 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]479 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]480 std::unique_ptr<SSLServerContext> server_context_;
481 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]482 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]483};
484
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]485// This test only executes creation of client and server sockets. This is to
486// test that creation of sockets doesn't crash and have minimal code to run
487// under valgrind in order to help debugging memory problems.
488TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]489 ASSERT_NO_FATAL_FAILURE(CreateContext());
490 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]491}
492
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]493// This test executes Connect() on SSLClientSocket and Handshake() on
494// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]495// completed successfully.
496TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]497 ASSERT_NO_FATAL_FAILURE(CreateContext());
498 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]499
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]500 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]501 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]502
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]503 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]504 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]505
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]506 client_ret = connect_callback.GetResult(client_ret);
507 server_ret = handshake_callback.GetResult(server_ret);
508
robpercival214763f2016-07-01 23:27:01[diff] [blame]509 ASSERT_THAT(client_ret, IsOk());
510 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]511
512 // Make sure the cert status is expected.
513 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]514 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]515 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]516
davidben56a8aece2016-10-14 18:20:56[diff] [blame]517 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58[diff] [blame]518 uint16_t cipher_suite =
519 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
520 const char* key_exchange;
521 const char* cipher;
522 const char* mac;
523 bool is_aead;
davidben56a8aece2016-10-14 18:20:56[diff] [blame]524 bool is_tls13;
525 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
526 cipher_suite);
hansc048c38b2016-10-14 11:30:09[diff] [blame]527 EXPECT_TRUE(is_aead);
davidben56a8aece2016-10-14 18:20:56[diff] [blame]528 ASSERT_FALSE(is_tls13);
529 EXPECT_STREQ("ECDHE_RSA", key_exchange);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]530}
531
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]532// This test makes sure the session cache is working.
533TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]534 ASSERT_NO_FATAL_FAILURE(CreateContext());
535 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]536
537 TestCompletionCallback handshake_callback;
538 int server_ret = server_socket_->Handshake(handshake_callback.callback());
539
540 TestCompletionCallback connect_callback;
541 int client_ret = client_socket_->Connect(connect_callback.callback());
542
543 client_ret = connect_callback.GetResult(client_ret);
544 server_ret = handshake_callback.GetResult(server_ret);
545
robpercival214763f2016-07-01 23:27:01[diff] [blame]546 ASSERT_THAT(client_ret, IsOk());
547 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]548
549 // Make sure the cert status is expected.
550 SSLInfo ssl_info;
551 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
552 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
553 SSLInfo ssl_server_info;
554 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
555 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
556
557 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]558 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]559 TestCompletionCallback handshake_callback2;
560 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
561
562 TestCompletionCallback connect_callback2;
563 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
564
565 client_ret2 = connect_callback2.GetResult(client_ret2);
566 server_ret2 = handshake_callback2.GetResult(server_ret2);
567
robpercival214763f2016-07-01 23:27:01[diff] [blame]568 ASSERT_THAT(client_ret2, IsOk());
569 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]570
571 // Make sure the cert status is expected.
572 SSLInfo ssl_info2;
573 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
574 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
575 SSLInfo ssl_server_info2;
576 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
577 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
578}
579
580// This test makes sure the session cache separates out by server context.
581TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]582 ASSERT_NO_FATAL_FAILURE(CreateContext());
583 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]584
585 TestCompletionCallback handshake_callback;
586 int server_ret = server_socket_->Handshake(handshake_callback.callback());
587
588 TestCompletionCallback connect_callback;
589 int client_ret = client_socket_->Connect(connect_callback.callback());
590
591 client_ret = connect_callback.GetResult(client_ret);
592 server_ret = handshake_callback.GetResult(server_ret);
593
robpercival214763f2016-07-01 23:27:01[diff] [blame]594 ASSERT_THAT(client_ret, IsOk());
595 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]596
597 // Make sure the cert status is expected.
598 SSLInfo ssl_info;
599 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
600 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
601 SSLInfo ssl_server_info;
602 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
603 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
604
605 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]606 ASSERT_NO_FATAL_FAILURE(CreateContext());
607 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]608
609 TestCompletionCallback handshake_callback2;
610 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
611
612 TestCompletionCallback connect_callback2;
613 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
614
615 client_ret2 = connect_callback2.GetResult(client_ret2);
616 server_ret2 = handshake_callback2.GetResult(server_ret2);
617
robpercival214763f2016-07-01 23:27:01[diff] [blame]618 ASSERT_THAT(client_ret2, IsOk());
619 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]620
621 // Make sure the cert status is expected.
622 SSLInfo ssl_info2;
623 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
624 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
625 SSLInfo ssl_server_info2;
626 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
627 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
628}
629
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]630// This test executes Connect() on SSLClientSocket and Handshake() on
631// SSLServerSocket to make sure handshaking between the two sockets is
632// completed successfully, using client certificate.
633TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
634 scoped_refptr<X509Certificate> client_cert =
635 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]636 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
637 kClientCertFileName, kClientPrivateKeyFileName));
638 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
639 ASSERT_NO_FATAL_FAILURE(CreateContext());
640 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]641
642 TestCompletionCallback handshake_callback;
643 int server_ret = server_socket_->Handshake(handshake_callback.callback());
644
645 TestCompletionCallback connect_callback;
646 int client_ret = client_socket_->Connect(connect_callback.callback());
647
648 client_ret = connect_callback.GetResult(client_ret);
649 server_ret = handshake_callback.GetResult(server_ret);
650
robpercival214763f2016-07-01 23:27:01[diff] [blame]651 ASSERT_THAT(client_ret, IsOk());
652 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]653
654 // Make sure the cert status is expected.
655 SSLInfo ssl_info;
656 client_socket_->GetSSLInfo(&ssl_info);
657 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
658 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]659 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]660 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
661}
662
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]663// This test executes Connect() on SSLClientSocket and Handshake() twice on
664// SSLServerSocket to make sure handshaking between the two sockets is
665// completed successfully, using client certificate. The second connection is
666// expected to succeed through the session cache.
667TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
668 scoped_refptr<X509Certificate> client_cert =
669 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]670 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
671 kClientCertFileName, kClientPrivateKeyFileName));
672 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
673 ASSERT_NO_FATAL_FAILURE(CreateContext());
674 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]675
676 TestCompletionCallback handshake_callback;
677 int server_ret = server_socket_->Handshake(handshake_callback.callback());
678
679 TestCompletionCallback connect_callback;
680 int client_ret = client_socket_->Connect(connect_callback.callback());
681
682 client_ret = connect_callback.GetResult(client_ret);
683 server_ret = handshake_callback.GetResult(server_ret);
684
robpercival214763f2016-07-01 23:27:01[diff] [blame]685 ASSERT_THAT(client_ret, IsOk());
686 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]687
688 // Make sure the cert status is expected.
689 SSLInfo ssl_info;
690 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
691 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
692 SSLInfo ssl_server_info;
693 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
694 ASSERT_TRUE(ssl_server_info.cert.get());
695 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
696 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
697 server_socket_->Disconnect();
698 client_socket_->Disconnect();
699
700 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]701 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]702 TestCompletionCallback handshake_callback2;
703 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
704
705 TestCompletionCallback connect_callback2;
706 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
707
708 client_ret2 = connect_callback2.GetResult(client_ret2);
709 server_ret2 = handshake_callback2.GetResult(server_ret2);
710
robpercival214763f2016-07-01 23:27:01[diff] [blame]711 ASSERT_THAT(client_ret2, IsOk());
712 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]713
714 // Make sure the cert status is expected.
715 SSLInfo ssl_info2;
716 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
717 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
718 SSLInfo ssl_server_info2;
719 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
720 ASSERT_TRUE(ssl_server_info2.cert.get());
721 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
722 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
723}
724
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]725TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]726 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
727 ASSERT_NO_FATAL_FAILURE(CreateContext());
728 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]729 // Use the default setting for the client socket, which is to not send
730 // a client certificate. This will cause the client to receive an
731 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
732 // requested cert_authorities from the CertificateRequest sent by the
733 // server.
734
735 TestCompletionCallback handshake_callback;
736 int server_ret = server_socket_->Handshake(handshake_callback.callback());
737
738 TestCompletionCallback connect_callback;
739 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
740 connect_callback.GetResult(
741 client_socket_->Connect(connect_callback.callback())));
742
743 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
744 client_socket_->GetSSLCertRequestInfo(request_info.get());
745
746 // Check that the authority name that arrived in the CertificateRequest
747 // handshake message is as expected.
748 scoped_refptr<X509Certificate> client_cert =
749 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]750 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]751 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
752
753 client_socket_->Disconnect();
754
davidben3418e81f2016-10-19 00:09:45[diff] [blame]755 EXPECT_THAT(handshake_callback.GetResult(server_ret),
756 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]757}
758
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]759TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]760 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
761 ASSERT_NO_FATAL_FAILURE(CreateContext());
762 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]763 // Use the default setting for the client socket, which is to not send
764 // a client certificate. This will cause the client to receive an
765 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
766 // requested cert_authorities from the CertificateRequest sent by the
767 // server.
768
769 TestCompletionCallback handshake_callback;
770 int server_ret = server_socket_->Handshake(handshake_callback.callback());
771
772 TestCompletionCallback connect_callback;
773 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
774 connect_callback.GetResult(
775 client_socket_->Connect(connect_callback.callback())));
776
777 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
778 client_socket_->GetSSLCertRequestInfo(request_info.get());
779
780 // Check that the authority name that arrived in the CertificateRequest
781 // handshake message is as expected.
782 scoped_refptr<X509Certificate> client_cert =
783 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]784 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]785 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
786
787 client_socket_->Disconnect();
788
davidben3418e81f2016-10-19 00:09:45[diff] [blame]789 EXPECT_THAT(handshake_callback.GetResult(server_ret),
790 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]791 server_socket_->Disconnect();
792
793 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]794 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]795 TestCompletionCallback handshake_callback2;
796 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
797
798 TestCompletionCallback connect_callback2;
799 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
800 connect_callback2.GetResult(
801 client_socket_->Connect(connect_callback2.callback())));
802
803 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
804 client_socket_->GetSSLCertRequestInfo(request_info2.get());
805
806 // Check that the authority name that arrived in the CertificateRequest
807 // handshake message is as expected.
808 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
809
810 client_socket_->Disconnect();
811
davidben3418e81f2016-10-19 00:09:45[diff] [blame]812 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
813 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]814}
815
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]816TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
817 scoped_refptr<X509Certificate> client_cert =
818 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]819 ASSERT_TRUE(client_cert);
820
821 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
822 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
823 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
824 ASSERT_NO_FATAL_FAILURE(CreateContext());
825 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]826
827 TestCompletionCallback handshake_callback;
828 int server_ret = server_socket_->Handshake(handshake_callback.callback());
829
830 TestCompletionCallback connect_callback;
831 int client_ret = client_socket_->Connect(connect_callback.callback());
832
833 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
834 connect_callback.GetResult(client_ret));
835 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
836 handshake_callback.GetResult(server_ret));
837}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]838
839TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
840 scoped_refptr<X509Certificate> client_cert =
841 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]842 ASSERT_TRUE(client_cert);
843
844 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
845 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
846 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
847 ASSERT_NO_FATAL_FAILURE(CreateContext());
848 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]849
850 TestCompletionCallback handshake_callback;
851 int server_ret = server_socket_->Handshake(handshake_callback.callback());
852
853 TestCompletionCallback connect_callback;
854 int client_ret = client_socket_->Connect(connect_callback.callback());
855
856 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
857 connect_callback.GetResult(client_ret));
858 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
859 handshake_callback.GetResult(server_ret));
860
861 client_socket_->Disconnect();
862 server_socket_->Disconnect();
863
864 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]865 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]866 TestCompletionCallback handshake_callback2;
867 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
868
869 TestCompletionCallback connect_callback2;
870 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
871
872 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
873 connect_callback2.GetResult(client_ret2));
874 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
875 handshake_callback2.GetResult(server_ret2));
876}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]877
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]878TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]879 ASSERT_NO_FATAL_FAILURE(CreateContext());
880 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]881
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]882 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]883 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]884 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]885 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]886
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]887 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]888 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]889 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]890
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]891 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]892 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]893 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]894 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]895
896 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]897 scoped_refptr<StringIOBuffer> write_buf =
898 new StringIOBuffer("testing123");
899 scoped_refptr<DrainableIOBuffer> read_buf =
900 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]901
902 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]903 TestCompletionCallback write_callback;
904 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]905 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
906 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]907 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]908 client_ret = client_socket_->Read(
909 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]910 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]911
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]912 server_ret = write_callback.GetResult(server_ret);
913 EXPECT_GT(server_ret, 0);
914 client_ret = read_callback.GetResult(client_ret);
915 ASSERT_GT(client_ret, 0);
916
917 read_buf->DidConsume(client_ret);
918 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]919 client_ret = client_socket_->Read(
920 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]921 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]922 client_ret = read_callback.GetResult(client_ret);
923 ASSERT_GT(client_ret, 0);
924 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]925 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]926 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
927 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]928 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
929
930 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]931 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]932 server_ret = server_socket_->Read(
933 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]934 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]935 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
936 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]937 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]938
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]939 server_ret = read_callback.GetResult(server_ret);
940 ASSERT_GT(server_ret, 0);
941 client_ret = write_callback.GetResult(client_ret);
942 EXPECT_GT(client_ret, 0);
943
944 read_buf->DidConsume(server_ret);
945 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]946 server_ret = server_socket_->Read(
947 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]948 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]949 server_ret = read_callback.GetResult(server_ret);
950 ASSERT_GT(server_ret, 0);
951 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]952 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]953 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
954 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]955 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
956}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]957
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]958// A regression test for bug 127822 (http://crbug.com/127822).
959// If the server closes the connection after the handshake is finished,
960// the client's Write() call should not cause an infinite loop.
961// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]962TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]963 ASSERT_NO_FATAL_FAILURE(CreateContext());
964 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]965
966 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]967 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]968 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]969 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]970
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]971 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]972 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]973 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]974
975 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]976 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]977 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]978 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]979
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]980 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]981
982 // The server closes the connection. The server needs to write some
983 // data first so that the client's Read() calls from the transport
984 // socket won't return ERR_IO_PENDING. This ensures that the client
985 // will call Read() on the transport socket again.
986 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]987 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
988 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]989 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]990
991 server_ret = write_callback.GetResult(server_ret);
992 EXPECT_GT(server_ret, 0);
993
994 server_socket_->Disconnect();
995
996 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]997 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
998 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]999 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1000
1001 client_ret = write_callback.GetResult(client_ret);
1002 EXPECT_GT(client_ret, 0);
1003
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1004 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]1005 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1006 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1007 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1008}
1009
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1010// This test executes ExportKeyingMaterial() on the client and server sockets,
1011// after connecting them, and verifies that the results match.
1012// This test will fail if False Start is enabled (see crbug.com/90208).
1013TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1014 ASSERT_NO_FATAL_FAILURE(CreateContext());
1015 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1016
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1017 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1018 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1019 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1020
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1021 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1022 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1023 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1024
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1025 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1026 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1027 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1028 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1029 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1030 }
1031
1032 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1033 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1034 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1035 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1036 int rv = server_socket_->ExportKeyingMaterial(
1037 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1038 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1039
1040 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1041 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1042 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1043 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1044 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1045
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1046 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1047 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1048 rv = client_socket_->ExportKeyingMaterial(
1049 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1050 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1051 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1052}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1053
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1054// Verifies that SSLConfig::require_ecdhe flags works properly.
1055TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1056 // Disable all ECDHE suites on the client side.
1057 uint16_t kEcdheCiphers[] = {
1058 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1059 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1060 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1061 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1062 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1063 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1064 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1065 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:49[diff] [blame]1066 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1067 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1068 };
1069 client_ssl_config_.disabled_cipher_suites.assign(
1070 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1071
1072 // Require ECDHE on the server.
1073 server_ssl_config_.require_ecdhe = true;
1074
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1075 ASSERT_NO_FATAL_FAILURE(CreateContext());
1076 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1077
1078 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1079 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1080
1081 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1082 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1083
1084 client_ret = connect_callback.GetResult(client_ret);
1085 server_ret = handshake_callback.GetResult(server_ret);
1086
robpercival214763f2016-07-01 23:27:01[diff] [blame]1087 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1088 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1089}
1090
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1091} // namespace net