Google Git
Sign in
chromium / chromium / src.git / a2e83bd7ccf333483d7ac0f7bcc1f36191af1a6d / . / net / socket / ssl_server_socket_unittest.cc
blob: 6060fa5a9a5da67a7a69becd58594bbee149bf0a [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]20#include <queue>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]21#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]22
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]23#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]24#include "base/compiler_specific.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]25#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]26#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]27#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]28#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]29#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]30#include "base/message_loop/message_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]31#include "base/single_thread_task_runner.h"
32#include "base/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]33#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]34#include "crypto/nss_util.h"
35#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]36#include "crypto/scoped_openssl_types.h"
37#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]38#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]39#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]40#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame^]42#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]43#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/net_errors.h"
[email protected]42fdb452012-11-01 12:44:40[diff] [blame]45#include "net/base/test_data_directory.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]46#include "net/cert/cert_status_flags.h"
47#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]48#include "net/cert/mock_client_cert_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]50#include "net/http/transport_security_state.h"
eroman87c53d62015-04-02 06:51:07[diff] [blame]51#include "net/log/net_log.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]52#include "net/socket/client_socket_factory.h"
53#include "net/socket/socket_test_util.h"
54#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]55#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]56#include "net/ssl/scoped_openssl_types.h"
57#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]58#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]59#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]60#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]61#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]62#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]64#include "net/test/cert_test_util.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]65#include "testing/gtest/include/gtest/gtest.h"
66#include "testing/platform_test.h"
67
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]68#if defined(USE_OPENSSL)
69#include <openssl/evp.h>
70#include <openssl/ssl.h>
71#include <openssl/x509.h>
72#endif
73
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]74namespace net {
75
76namespace {
77
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]78const char kClientCertFileName[] = "client_1.pem";
79const char kClientPrivateKeyFileName[] = "client_1.pk8";
80const char kWrongClientCertFileName[] = "client_2.pem";
81const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
82const char kClientCertCAFileName[] = "client_1_ca.pem";
83
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]84class FakeDataChannel {
85 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]86 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]87 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]88 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]89 write_called_after_close_(false),
90 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]91 }
92
[email protected]47a12862012-04-10 01:00:49[diff] [blame]93 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]94 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]95 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]96 if (closed_)
97 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]98 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]99 read_callback_ = callback;
100 read_buf_ = buf;
101 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]102 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]103 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]104 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]105 }
106
[email protected]47a12862012-04-10 01:00:49[diff] [blame]107 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]108 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]109 if (closed_) {
110 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]111 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]112 write_called_after_close_ = true;
113 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]114 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]115 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
116 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]117 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]118 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]119 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]120 data_.push(new DrainableIOBuffer(
121 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]122 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]123 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]124 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
125 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]126 return buf_len;
127 }
128
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]129 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
130 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
131 // after the FakeDataChannel is closed, the first Write() call completes
132 // asynchronously, which is necessary to reproduce bug 127822.
133 void Close() {
134 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]135 if (!read_callback_.is_null()) {
136 base::ThreadTaskRunnerHandle::Get()->PostTask(
137 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
138 weak_factory_.GetWeakPtr()));
139 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]140 }
141
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]142 private:
143 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]144 if (read_callback_.is_null())
145 return;
146
147 if (closed_) {
148 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
149 return;
150 }
151
152 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]153 return;
154
tfarina9b6381442015-10-05 22:38:11[diff] [blame]155 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]156 CompletionCallback callback = read_callback_;
157 read_callback_.Reset();
158 read_buf_ = NULL;
159 read_buf_len_ = 0;
160 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]161 }
162
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]163 void DoWriteCallback() {
164 if (write_callback_.is_null())
165 return;
166
167 CompletionCallback callback = write_callback_;
168 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]169 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]170 }
171
tfarina9b6381442015-10-05 22:38:11[diff] [blame]172 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]173 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]174 int copied = std::min(buf->BytesRemaining(), read_buf_len);
175 memcpy(read_buf->data(), buf->data(), copied);
176 buf->DidConsume(copied);
177
178 if (!buf->BytesRemaining())
179 data_.pop();
180 return copied;
181 }
182
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]183 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]184 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]185 int read_buf_len_;
186
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]187 CompletionCallback write_callback_;
188
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]189 std::queue<scoped_refptr<DrainableIOBuffer> > data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]190
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]191 // True if Close() has been called.
192 bool closed_;
193
194 // Controls the completion of Write() after the FakeDataChannel is closed.
195 // After the FakeDataChannel is closed, the first Write() call completes
196 // asynchronously.
197 bool write_called_after_close_;
198
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]199 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
200
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]201 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
202};
203
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]204class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]205 public:
206 FakeSocket(FakeDataChannel* incoming_channel,
207 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]208 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]209
dchengb03027d2014-10-21 12:00:20[diff] [blame]210 ~FakeSocket() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]211
dchengb03027d2014-10-21 12:00:20[diff] [blame]212 int Read(IOBuffer* buf,
213 int buf_len,
214 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]215 // Read random number of bytes.
216 buf_len = rand() % buf_len + 1;
217 return incoming_->Read(buf, buf_len, callback);
218 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]219
dchengb03027d2014-10-21 12:00:20[diff] [blame]220 int Write(IOBuffer* buf,
221 int buf_len,
222 const CompletionCallback& callback) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]223 // Write random number of bytes.
224 buf_len = rand() % buf_len + 1;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]225 return outgoing_->Write(buf, buf_len, callback);
226 }
227
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]228 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]229
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]230 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]231
dchengb03027d2014-10-21 12:00:20[diff] [blame]232 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]233
dchengb03027d2014-10-21 12:00:20[diff] [blame]234 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]235 incoming_->Close();
236 outgoing_->Close();
237 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]238
dchengb03027d2014-10-21 12:00:20[diff] [blame]239 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]240
dchengb03027d2014-10-21 12:00:20[diff] [blame]241 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]242
dchengb03027d2014-10-21 12:00:20[diff] [blame]243 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame^]244 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]245 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]246 }
247
dchengb03027d2014-10-21 12:00:20[diff] [blame]248 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame^]249 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]250 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]251 }
252
dchengb03027d2014-10-21 12:00:20[diff] [blame]253 const BoundNetLog& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]254
dchengb03027d2014-10-21 12:00:20[diff] [blame]255 void SetSubresourceSpeculation() override {}
256 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]257
dchengb03027d2014-10-21 12:00:20[diff] [blame]258 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]259
dchengb03027d2014-10-21 12:00:20[diff] [blame]260 bool UsingTCPFastOpen() const override { return false; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]261
dchengb03027d2014-10-21 12:00:20[diff] [blame]262 bool WasNpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]263
dchengb03027d2014-10-21 12:00:20[diff] [blame]264 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]265
dchengb03027d2014-10-21 12:00:20[diff] [blame]266 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]267
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]268 void GetConnectionAttempts(ConnectionAttempts* out) const override {
269 out->clear();
270 }
271
272 void ClearConnectionAttempts() override {}
273
274 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
275
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]276 int64_t GetTotalReceivedBytes() const override {
277 NOTIMPLEMENTED();
278 return 0;
279 }
280
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]281 private:
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]282 BoundNetLog net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]283 FakeDataChannel* incoming_;
284 FakeDataChannel* outgoing_;
285
286 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
287};
288
289} // namespace
290
291// Verify the correctness of the test helper classes first.
292TEST(FakeSocketTest, DataTransfer) {
293 // Establish channels between two sockets.
294 FakeDataChannel channel_1;
295 FakeDataChannel channel_2;
296 FakeSocket client(&channel_1, &channel_2);
297 FakeSocket server(&channel_2, &channel_1);
298
299 const char kTestData[] = "testing123";
300 const int kTestDataSize = strlen(kTestData);
301 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]302 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
303 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]304
305 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]306 int written =
307 server.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]308 EXPECT_GT(written, 0);
309 EXPECT_LE(written, kTestDataSize);
310
[email protected]90499482013-06-01 00:39:50[diff] [blame]311 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]312 EXPECT_GT(read, 0);
313 EXPECT_LE(read, written);
314 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]315
316 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]317 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]318 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]319 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]320
[email protected]90499482013-06-01 00:39:50[diff] [blame]321 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]322 EXPECT_GT(written, 0);
323 EXPECT_LE(written, kTestDataSize);
324
325 read = callback.WaitForResult();
326 EXPECT_GT(read, 0);
327 EXPECT_LE(read, written);
328 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]329}
330
331class SSLServerSocketTest : public PlatformTest {
332 public:
333 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]334 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]335 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]336 client_cert_verifier_(new MockClientCertVerifier()),
rsleevia5c430222016-03-11 05:55:12[diff] [blame]337 transport_security_state_(new TransportSecurityState) {}
338
339 void SetUp() override {
340 PlatformTest::SetUp();
341
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]342 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
343 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]344
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]345 server_cert_ =
346 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]347 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]348 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]349 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]350
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]351 client_ssl_config_.false_start_enabled = false;
352 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]353
354 // Certificate provided by the host doesn't need authority.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]355 SSLConfig::CertAndStatus cert_and_status;
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]356 cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]357 std::string server_cert_der;
rsleevia5c430222016-03-11 05:55:12[diff] [blame]358 ASSERT_TRUE(X509Certificate::GetDEREncoded(server_cert_->os_cert_handle(),
359 &server_cert_der));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]360 cert_and_status.der_cert = server_cert_der;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]361 client_ssl_config_.allowed_bad_certs.push_back(cert_and_status);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]362 }
363
364 protected:
365 void CreateContext() {
366 client_socket_.reset();
367 server_socket_.reset();
368 channel_1_.reset();
369 channel_2_.reset();
370 server_context_.reset();
371 server_context_ = CreateSSLServerContext(
372 server_cert_.get(), *server_private_key_, server_ssl_config_);
373 }
374
375 void CreateSockets() {
376 client_socket_.reset();
377 server_socket_.reset();
378 channel_1_.reset(new FakeDataChannel());
379 channel_2_.reset(new FakeDataChannel());
380 scoped_ptr<ClientSocketHandle> client_connection(new ClientSocketHandle);
381 client_connection->SetSocket(scoped_ptr<StreamSocket>(
382 new FakeSocket(channel_1_.get(), channel_2_.get())));
383 scoped_ptr<StreamSocket> server_socket(
384 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]385
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]386 HostPortPair host_and_pair("unittest", 0);
387 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]388 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]389 context.transport_security_state = transport_security_state_.get();
rsleevia5c430222016-03-11 05:55:12[diff] [blame]390
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]391 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]392 std::move(client_connection), host_and_pair, client_ssl_config_,
393 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]394 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]395
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]396 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]397 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]398 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]399 }
400
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]401#if defined(USE_OPENSSL)
402 void ConfigureClientCertsForClient(const char* cert_file_name,
403 const char* private_key_file_name) {
404 client_ssl_config_.send_client_cert = true;
405 client_ssl_config_.client_cert =
406 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
407 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]408
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]409 scoped_ptr<crypto::RSAPrivateKey> key = ReadTestKey(private_key_file_name);
410 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]411
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]412 client_ssl_config_.client_private_key = WrapOpenSSLPrivateKey(
413 crypto::ScopedEVP_PKEY(EVP_PKEY_up_ref(key->key())));
414 }
415
416 void ConfigureClientCertsForServer() {
417 server_ssl_config_.client_cert_type =
418 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
419
420 ScopedX509NameStack cert_names(
421 SSL_load_client_CA_file(GetTestCertsDirectory()
422 .AppendASCII(kClientCertCAFileName)
423 .MaybeAsASCII()
424 .c_str()));
425 ASSERT_TRUE(cert_names);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]426
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]427 for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
428 uint8_t* str = nullptr;
429 int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]430 ASSERT_LT(0, length);
431
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]432 server_ssl_config_.cert_authorities_.push_back(std::string(
433 reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
434 OPENSSL_free(str);
435 }
436
437 scoped_refptr<X509Certificate> expected_client_cert(
438 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]439 ASSERT_TRUE(expected_client_cert);
440
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]441 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
442
443 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
444 }
445
446 scoped_ptr<crypto::RSAPrivateKey> ReadTestKey(const base::StringPiece& name) {
447 base::FilePath certs_dir(GetTestCertsDirectory());
448 base::FilePath key_path = certs_dir.AppendASCII(name);
449 std::string key_string;
450 if (!base::ReadFileToString(key_path, &key_string))
451 return nullptr;
452 std::vector<uint8_t> key_vector(
453 reinterpret_cast<const uint8_t*>(key_string.data()),
454 reinterpret_cast<const uint8_t*>(key_string.data() +
455 key_string.length()));
456 scoped_ptr<crypto::RSAPrivateKey> key(
457 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
458 return key;
459 }
460#endif
461
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]462 scoped_ptr<FakeDataChannel> channel_1_;
463 scoped_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]464 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]465 SSLServerConfig server_ssl_config_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]466 scoped_ptr<SSLClientSocket> client_socket_;
467 scoped_ptr<SSLServerSocket> server_socket_;
468 ClientSocketFactory* socket_factory_;
469 scoped_ptr<MockCertVerifier> cert_verifier_;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]470 scoped_ptr<MockClientCertVerifier> client_cert_verifier_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]471 scoped_ptr<TransportSecurityState> transport_security_state_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]472 scoped_ptr<SSLServerContext> server_context_;
473 scoped_ptr<crypto::RSAPrivateKey> server_private_key_;
474 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]475};
476
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]477// This test only executes creation of client and server sockets. This is to
478// test that creation of sockets doesn't crash and have minimal code to run
479// under valgrind in order to help debugging memory problems.
480TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]481 ASSERT_NO_FATAL_FAILURE(CreateContext());
482 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]483}
484
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]485// This test executes Connect() on SSLClientSocket and Handshake() on
486// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]487// completed successfully.
488TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]489 ASSERT_NO_FATAL_FAILURE(CreateContext());
490 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]491
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]492 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]493 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]494
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]495 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]496 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]497
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]498 client_ret = connect_callback.GetResult(client_ret);
499 server_ret = handshake_callback.GetResult(server_ret);
500
501 ASSERT_EQ(OK, client_ret);
502 ASSERT_EQ(OK, server_ret);
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]503
504 // Make sure the cert status is expected.
505 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]506 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]507 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]508
509 // The default cipher suite should be ECDHE and, unless on NSS and the
510 // platform doesn't support it, an AEAD.
511 uint16_t cipher_suite =
512 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
513 const char* key_exchange;
514 const char* cipher;
515 const char* mac;
516 bool is_aead;
517 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite);
518 EXPECT_STREQ("ECDHE_RSA", key_exchange);
davidben6cacd572015-09-29 22:24:10[diff] [blame]519 EXPECT_TRUE(is_aead);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]520}
521
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]522// NSS ports don't support client certificates and have a global session cache.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]523#if defined(USE_OPENSSL)
524
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]525// This test makes sure the session cache is working.
526TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]527 ASSERT_NO_FATAL_FAILURE(CreateContext());
528 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]529
530 TestCompletionCallback handshake_callback;
531 int server_ret = server_socket_->Handshake(handshake_callback.callback());
532
533 TestCompletionCallback connect_callback;
534 int client_ret = client_socket_->Connect(connect_callback.callback());
535
536 client_ret = connect_callback.GetResult(client_ret);
537 server_ret = handshake_callback.GetResult(server_ret);
538
539 ASSERT_EQ(OK, client_ret);
540 ASSERT_EQ(OK, server_ret);
541
542 // Make sure the cert status is expected.
543 SSLInfo ssl_info;
544 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
545 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
546 SSLInfo ssl_server_info;
547 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
548 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
549
550 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]551 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]552 TestCompletionCallback handshake_callback2;
553 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
554
555 TestCompletionCallback connect_callback2;
556 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
557
558 client_ret2 = connect_callback2.GetResult(client_ret2);
559 server_ret2 = handshake_callback2.GetResult(server_ret2);
560
561 ASSERT_EQ(OK, client_ret2);
562 ASSERT_EQ(OK, server_ret2);
563
564 // Make sure the cert status is expected.
565 SSLInfo ssl_info2;
566 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
567 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
568 SSLInfo ssl_server_info2;
569 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
570 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
571}
572
573// This test makes sure the session cache separates out by server context.
574TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]575 ASSERT_NO_FATAL_FAILURE(CreateContext());
576 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]577
578 TestCompletionCallback handshake_callback;
579 int server_ret = server_socket_->Handshake(handshake_callback.callback());
580
581 TestCompletionCallback connect_callback;
582 int client_ret = client_socket_->Connect(connect_callback.callback());
583
584 client_ret = connect_callback.GetResult(client_ret);
585 server_ret = handshake_callback.GetResult(server_ret);
586
587 ASSERT_EQ(OK, client_ret);
588 ASSERT_EQ(OK, server_ret);
589
590 // Make sure the cert status is expected.
591 SSLInfo ssl_info;
592 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
593 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
594 SSLInfo ssl_server_info;
595 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
596 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
597
598 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]599 ASSERT_NO_FATAL_FAILURE(CreateContext());
600 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]601
602 TestCompletionCallback handshake_callback2;
603 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
604
605 TestCompletionCallback connect_callback2;
606 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
607
608 client_ret2 = connect_callback2.GetResult(client_ret2);
609 server_ret2 = handshake_callback2.GetResult(server_ret2);
610
611 ASSERT_EQ(OK, client_ret2);
612 ASSERT_EQ(OK, server_ret2);
613
614 // Make sure the cert status is expected.
615 SSLInfo ssl_info2;
616 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
617 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
618 SSLInfo ssl_server_info2;
619 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
620 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
621}
622
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]623// This test executes Connect() on SSLClientSocket and Handshake() on
624// SSLServerSocket to make sure handshaking between the two sockets is
625// completed successfully, using client certificate.
626TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
627 scoped_refptr<X509Certificate> client_cert =
628 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]629 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
630 kClientCertFileName, kClientPrivateKeyFileName));
631 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
632 ASSERT_NO_FATAL_FAILURE(CreateContext());
633 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]634
635 TestCompletionCallback handshake_callback;
636 int server_ret = server_socket_->Handshake(handshake_callback.callback());
637
638 TestCompletionCallback connect_callback;
639 int client_ret = client_socket_->Connect(connect_callback.callback());
640
641 client_ret = connect_callback.GetResult(client_ret);
642 server_ret = handshake_callback.GetResult(server_ret);
643
644 ASSERT_EQ(OK, client_ret);
645 ASSERT_EQ(OK, server_ret);
646
647 // Make sure the cert status is expected.
648 SSLInfo ssl_info;
649 client_socket_->GetSSLInfo(&ssl_info);
650 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
651 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]652 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]653 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
654}
655
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]656// This test executes Connect() on SSLClientSocket and Handshake() twice on
657// SSLServerSocket to make sure handshaking between the two sockets is
658// completed successfully, using client certificate. The second connection is
659// expected to succeed through the session cache.
660TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
661 scoped_refptr<X509Certificate> client_cert =
662 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]663 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
664 kClientCertFileName, kClientPrivateKeyFileName));
665 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
666 ASSERT_NO_FATAL_FAILURE(CreateContext());
667 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]668
669 TestCompletionCallback handshake_callback;
670 int server_ret = server_socket_->Handshake(handshake_callback.callback());
671
672 TestCompletionCallback connect_callback;
673 int client_ret = client_socket_->Connect(connect_callback.callback());
674
675 client_ret = connect_callback.GetResult(client_ret);
676 server_ret = handshake_callback.GetResult(server_ret);
677
678 ASSERT_EQ(OK, client_ret);
679 ASSERT_EQ(OK, server_ret);
680
681 // Make sure the cert status is expected.
682 SSLInfo ssl_info;
683 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
684 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
685 SSLInfo ssl_server_info;
686 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
687 ASSERT_TRUE(ssl_server_info.cert.get());
688 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
689 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
690 server_socket_->Disconnect();
691 client_socket_->Disconnect();
692
693 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]694 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]695 TestCompletionCallback handshake_callback2;
696 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
697
698 TestCompletionCallback connect_callback2;
699 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
700
701 client_ret2 = connect_callback2.GetResult(client_ret2);
702 server_ret2 = handshake_callback2.GetResult(server_ret2);
703
704 ASSERT_EQ(OK, client_ret2);
705 ASSERT_EQ(OK, server_ret2);
706
707 // Make sure the cert status is expected.
708 SSLInfo ssl_info2;
709 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
710 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
711 SSLInfo ssl_server_info2;
712 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
713 ASSERT_TRUE(ssl_server_info2.cert.get());
714 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
715 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
716}
717
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]718TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]719 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
720 ASSERT_NO_FATAL_FAILURE(CreateContext());
721 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]722 // Use the default setting for the client socket, which is to not send
723 // a client certificate. This will cause the client to receive an
724 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
725 // requested cert_authorities from the CertificateRequest sent by the
726 // server.
727
728 TestCompletionCallback handshake_callback;
729 int server_ret = server_socket_->Handshake(handshake_callback.callback());
730
731 TestCompletionCallback connect_callback;
732 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
733 connect_callback.GetResult(
734 client_socket_->Connect(connect_callback.callback())));
735
736 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
737 client_socket_->GetSSLCertRequestInfo(request_info.get());
738
739 // Check that the authority name that arrived in the CertificateRequest
740 // handshake message is as expected.
741 scoped_refptr<X509Certificate> client_cert =
742 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]743 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]744 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
745
746 client_socket_->Disconnect();
747
748 EXPECT_EQ(ERR_FAILED, handshake_callback.GetResult(server_ret));
749}
750
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]751TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]752 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
753 ASSERT_NO_FATAL_FAILURE(CreateContext());
754 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]755 // Use the default setting for the client socket, which is to not send
756 // a client certificate. This will cause the client to receive an
757 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
758 // requested cert_authorities from the CertificateRequest sent by the
759 // server.
760
761 TestCompletionCallback handshake_callback;
762 int server_ret = server_socket_->Handshake(handshake_callback.callback());
763
764 TestCompletionCallback connect_callback;
765 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
766 connect_callback.GetResult(
767 client_socket_->Connect(connect_callback.callback())));
768
769 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
770 client_socket_->GetSSLCertRequestInfo(request_info.get());
771
772 // Check that the authority name that arrived in the CertificateRequest
773 // handshake message is as expected.
774 scoped_refptr<X509Certificate> client_cert =
775 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]776 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]777 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
778
779 client_socket_->Disconnect();
780
781 EXPECT_EQ(ERR_FAILED, handshake_callback.GetResult(server_ret));
782 server_socket_->Disconnect();
783
784 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]785 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]786 TestCompletionCallback handshake_callback2;
787 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
788
789 TestCompletionCallback connect_callback2;
790 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
791 connect_callback2.GetResult(
792 client_socket_->Connect(connect_callback2.callback())));
793
794 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
795 client_socket_->GetSSLCertRequestInfo(request_info2.get());
796
797 // Check that the authority name that arrived in the CertificateRequest
798 // handshake message is as expected.
799 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
800
801 client_socket_->Disconnect();
802
803 EXPECT_EQ(ERR_FAILED, handshake_callback2.GetResult(server_ret2));
804}
805
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]806TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
807 scoped_refptr<X509Certificate> client_cert =
808 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]809 ASSERT_TRUE(client_cert);
810
811 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
812 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
813 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
814 ASSERT_NO_FATAL_FAILURE(CreateContext());
815 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]816
817 TestCompletionCallback handshake_callback;
818 int server_ret = server_socket_->Handshake(handshake_callback.callback());
819
820 TestCompletionCallback connect_callback;
821 int client_ret = client_socket_->Connect(connect_callback.callback());
822
823 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
824 connect_callback.GetResult(client_ret));
825 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
826 handshake_callback.GetResult(server_ret));
827}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]828
829TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
830 scoped_refptr<X509Certificate> client_cert =
831 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]832 ASSERT_TRUE(client_cert);
833
834 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
835 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
836 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
837 ASSERT_NO_FATAL_FAILURE(CreateContext());
838 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]839
840 TestCompletionCallback handshake_callback;
841 int server_ret = server_socket_->Handshake(handshake_callback.callback());
842
843 TestCompletionCallback connect_callback;
844 int client_ret = client_socket_->Connect(connect_callback.callback());
845
846 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
847 connect_callback.GetResult(client_ret));
848 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
849 handshake_callback.GetResult(server_ret));
850
851 client_socket_->Disconnect();
852 server_socket_->Disconnect();
853
854 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]855 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]856 TestCompletionCallback handshake_callback2;
857 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
858
859 TestCompletionCallback connect_callback2;
860 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
861
862 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
863 connect_callback2.GetResult(client_ret2));
864 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
865 handshake_callback2.GetResult(server_ret2));
866}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]867#endif // defined(USE_OPENSSL)
868
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]869TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]870 ASSERT_NO_FATAL_FAILURE(CreateContext());
871 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]872
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]873 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]874 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]875 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]876 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]877
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]878 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]879 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]880 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]881
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]882 client_ret = connect_callback.GetResult(client_ret);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]883 ASSERT_EQ(OK, client_ret);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]884 server_ret = handshake_callback.GetResult(server_ret);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]885 ASSERT_EQ(OK, server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]886
887 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]888 scoped_refptr<StringIOBuffer> write_buf =
889 new StringIOBuffer("testing123");
890 scoped_refptr<DrainableIOBuffer> read_buf =
891 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]892
893 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]894 TestCompletionCallback write_callback;
895 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]896 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
897 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]898 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]899 client_ret = client_socket_->Read(
900 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]901 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]902
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]903 server_ret = write_callback.GetResult(server_ret);
904 EXPECT_GT(server_ret, 0);
905 client_ret = read_callback.GetResult(client_ret);
906 ASSERT_GT(client_ret, 0);
907
908 read_buf->DidConsume(client_ret);
909 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]910 client_ret = client_socket_->Read(
911 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]912 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]913 client_ret = read_callback.GetResult(client_ret);
914 ASSERT_GT(client_ret, 0);
915 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]916 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]917 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
918 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]919 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
920
921 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]922 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]923 server_ret = server_socket_->Read(
924 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]925 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]926 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
927 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]928 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]929
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]930 server_ret = read_callback.GetResult(server_ret);
931 ASSERT_GT(server_ret, 0);
932 client_ret = write_callback.GetResult(client_ret);
933 EXPECT_GT(client_ret, 0);
934
935 read_buf->DidConsume(server_ret);
936 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]937 server_ret = server_socket_->Read(
938 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]939 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]940 server_ret = read_callback.GetResult(server_ret);
941 ASSERT_GT(server_ret, 0);
942 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]943 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]944 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
945 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]946 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
947}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]948
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]949// A regression test for bug 127822 (http://crbug.com/127822).
950// If the server closes the connection after the handshake is finished,
951// the client's Write() call should not cause an infinite loop.
952// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]953TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]954 ASSERT_NO_FATAL_FAILURE(CreateContext());
955 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]956
957 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]958 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]959 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]960 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]961
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]962 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]963 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]964 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]965
966 client_ret = connect_callback.GetResult(client_ret);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]967 ASSERT_EQ(OK, client_ret);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]968 server_ret = handshake_callback.GetResult(server_ret);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]969 ASSERT_EQ(OK, server_ret);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]970
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]971 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]972
973 // The server closes the connection. The server needs to write some
974 // data first so that the client's Read() calls from the transport
975 // socket won't return ERR_IO_PENDING. This ensures that the client
976 // will call Read() on the transport socket again.
977 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]978 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
979 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]980 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]981
982 server_ret = write_callback.GetResult(server_ret);
983 EXPECT_GT(server_ret, 0);
984
985 server_socket_->Disconnect();
986
987 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]988 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
989 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]990 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]991
992 client_ret = write_callback.GetResult(client_ret);
993 EXPECT_GT(client_ret, 0);
994
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]995 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]996 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]997 base::TimeDelta::FromMilliseconds(10));
[email protected]2da659e2013-05-23 20:51:34[diff] [blame]998 base::MessageLoop::current()->Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]999}
1000
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1001// This test executes ExportKeyingMaterial() on the client and server sockets,
1002// after connecting them, and verifies that the results match.
1003// This test will fail if False Start is enabled (see crbug.com/90208).
1004TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1005 ASSERT_NO_FATAL_FAILURE(CreateContext());
1006 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1007
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1008 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1009 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1010 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1011
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1012 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1013 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1014 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1015
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1016 if (client_ret == ERR_IO_PENDING) {
1017 ASSERT_EQ(OK, connect_callback.WaitForResult());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1018 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1019 if (server_ret == ERR_IO_PENDING) {
1020 ASSERT_EQ(OK, handshake_callback.WaitForResult());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1021 }
1022
1023 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1024 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1025 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1026 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1027 int rv = server_socket_->ExportKeyingMaterial(
1028 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1029 ASSERT_EQ(OK, rv);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1030
1031 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1032 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1033 client_out, sizeof(client_out));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1034 ASSERT_EQ(OK, rv);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1035 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1036
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1037 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1038 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1039 rv = client_socket_->ExportKeyingMaterial(
1040 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1041 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1042 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1043}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1044
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1045// Verifies that SSLConfig::require_ecdhe flags works properly.
1046TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1047 // Disable all ECDHE suites on the client side.
1048 uint16_t kEcdheCiphers[] = {
1049 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1050 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1051 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1052 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1053 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1054 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1055 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1056 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1057 0xcc13, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1058 0xcc14, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1059 };
1060 client_ssl_config_.disabled_cipher_suites.assign(
1061 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1062
1063 // Require ECDHE on the server.
1064 server_ssl_config_.require_ecdhe = true;
1065
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1066 ASSERT_NO_FATAL_FAILURE(CreateContext());
1067 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1068
1069 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1070 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1071
1072 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1073 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1074
1075 client_ret = connect_callback.GetResult(client_ret);
1076 server_ret = handshake_callback.GetResult(server_ret);
1077
1078 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret);
1079 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret);
1080}
1081
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1082} // namespace net