Google Git
Sign in
chromium / chromium / src.git / b3840f43894fcbf55b299ff8a9ba191b9f6006c0 / . / net / socket / ssl_server_socket_unittest.cc
blob: 7a518cc1bba69f60949804c07f588a05b040129c [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]20#include <queue>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]21#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]22
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]23#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]24#include "base/compiler_specific.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]25#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]26#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]27#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]28#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]29#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]30#include "base/message_loop/message_loop.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]31#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]32#include "base/single_thread_task_runner.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]33#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]34#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]35#include "crypto/nss_util.h"
36#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]37#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]38#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]39#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]40#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]42#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]43#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]45#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]46#include "net/cert/ct_policy_enforcer.h"
47#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]48#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]50#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]51#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]52#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]53#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]54#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]55#include "net/socket/client_socket_factory.h"
56#include "net/socket/socket_test_util.h"
57#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]58#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]59#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]60#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]61#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]62#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]64#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]65#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]66#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]67#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]68#include "net/test/test_data_directory.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]69#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]70#include "testing/gtest/include/gtest/gtest.h"
71#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:01[diff] [blame]72#include "third_party/boringssl/src/include/openssl/evp.h"
73#include "third_party/boringssl/src/include/openssl/ssl.h"
74#include "third_party/boringssl/src/include/openssl/x509.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]75
robpercival214763f2016-07-01 23:27:01[diff] [blame]76using net::test::IsError;
77using net::test::IsOk;
78
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]79namespace net {
80
81namespace {
82
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]83const char kClientCertFileName[] = "client_1.pem";
84const char kClientPrivateKeyFileName[] = "client_1.pk8";
85const char kWrongClientCertFileName[] = "client_2.pem";
86const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
87const char kClientCertCAFileName[] = "client_1_ca.pem";
88
rsleevid6de8302016-06-21 01:33:20[diff] [blame]89class MockCTPolicyEnforcer : public CTPolicyEnforcer {
90 public:
91 MockCTPolicyEnforcer() = default;
92 ~MockCTPolicyEnforcer() override = default;
93 ct::CertPolicyCompliance DoesConformToCertPolicy(
94 X509Certificate* cert,
95 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]96 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]97 return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
98 }
rsleevid6de8302016-06-21 01:33:20[diff] [blame]99};
100
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]101class FakeDataChannel {
102 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]103 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]104 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]105 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]106 write_called_after_close_(false),
107 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]108 }
109
[email protected]47a12862012-04-10 01:00:49[diff] [blame]110 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]111 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]112 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]113 if (closed_)
114 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]115 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]116 read_callback_ = callback;
117 read_buf_ = buf;
118 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]119 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]120 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]121 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]122 }
123
[email protected]47a12862012-04-10 01:00:49[diff] [blame]124 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]125 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]126 if (closed_) {
127 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]128 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]129 write_called_after_close_ = true;
130 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]131 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]132 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
133 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]134 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]135 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]136 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]137 data_.push(new DrainableIOBuffer(
138 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]139 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]140 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]141 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
142 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]143 return buf_len;
144 }
145
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]146 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
147 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
148 // after the FakeDataChannel is closed, the first Write() call completes
149 // asynchronously, which is necessary to reproduce bug 127822.
150 void Close() {
151 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]152 if (!read_callback_.is_null()) {
153 base::ThreadTaskRunnerHandle::Get()->PostTask(
154 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
155 weak_factory_.GetWeakPtr()));
156 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]157 }
158
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]159 private:
160 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]161 if (read_callback_.is_null())
162 return;
163
164 if (closed_) {
165 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
166 return;
167 }
168
169 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]170 return;
171
tfarina9b6381442015-10-05 22:38:11[diff] [blame]172 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]173 CompletionCallback callback = read_callback_;
174 read_callback_.Reset();
175 read_buf_ = NULL;
176 read_buf_len_ = 0;
177 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]178 }
179
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]180 void DoWriteCallback() {
181 if (write_callback_.is_null())
182 return;
183
184 CompletionCallback callback = write_callback_;
185 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]186 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]187 }
188
tfarina9b6381442015-10-05 22:38:11[diff] [blame]189 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]190 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]191 int copied = std::min(buf->BytesRemaining(), read_buf_len);
192 memcpy(read_buf->data(), buf->data(), copied);
193 buf->DidConsume(copied);
194
195 if (!buf->BytesRemaining())
196 data_.pop();
197 return copied;
198 }
199
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]200 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]201 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]202 int read_buf_len_;
203
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]204 CompletionCallback write_callback_;
205
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]206 std::queue<scoped_refptr<DrainableIOBuffer> > data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]207
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]208 // True if Close() has been called.
209 bool closed_;
210
211 // Controls the completion of Write() after the FakeDataChannel is closed.
212 // After the FakeDataChannel is closed, the first Write() call completes
213 // asynchronously.
214 bool write_called_after_close_;
215
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]216 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
217
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]218 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
219};
220
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]221class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]222 public:
223 FakeSocket(FakeDataChannel* incoming_channel,
224 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]225 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]226
dchengb03027d2014-10-21 12:00:20[diff] [blame]227 ~FakeSocket() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]228
dchengb03027d2014-10-21 12:00:20[diff] [blame]229 int Read(IOBuffer* buf,
230 int buf_len,
231 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]232 // Read random number of bytes.
233 buf_len = rand() % buf_len + 1;
234 return incoming_->Read(buf, buf_len, callback);
235 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]236
dchengb03027d2014-10-21 12:00:20[diff] [blame]237 int Write(IOBuffer* buf,
238 int buf_len,
239 const CompletionCallback& callback) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]240 // Write random number of bytes.
241 buf_len = rand() % buf_len + 1;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]242 return outgoing_->Write(buf, buf_len, callback);
243 }
244
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]245 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]246
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]247 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]248
dchengb03027d2014-10-21 12:00:20[diff] [blame]249 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]250
dchengb03027d2014-10-21 12:00:20[diff] [blame]251 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]252 incoming_->Close();
253 outgoing_->Close();
254 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]255
dchengb03027d2014-10-21 12:00:20[diff] [blame]256 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]257
dchengb03027d2014-10-21 12:00:20[diff] [blame]258 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]259
dchengb03027d2014-10-21 12:00:20[diff] [blame]260 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]261 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]262 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]263 }
264
dchengb03027d2014-10-21 12:00:20[diff] [blame]265 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]266 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]267 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]268 }
269
tfarina428341112016-09-22 13:38:20[diff] [blame]270 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]271
dchengb03027d2014-10-21 12:00:20[diff] [blame]272 void SetSubresourceSpeculation() override {}
273 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]274
dchengb03027d2014-10-21 12:00:20[diff] [blame]275 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]276
tfarina2846404c2016-12-25 14:31:37[diff] [blame]277 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]278
dchengb03027d2014-10-21 12:00:20[diff] [blame]279 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]280
dchengb03027d2014-10-21 12:00:20[diff] [blame]281 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]282
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]283 void GetConnectionAttempts(ConnectionAttempts* out) const override {
284 out->clear();
285 }
286
287 void ClearConnectionAttempts() override {}
288
289 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
290
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]291 int64_t GetTotalReceivedBytes() const override {
292 NOTIMPLEMENTED();
293 return 0;
294 }
295
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]296 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]297 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]298 FakeDataChannel* incoming_;
299 FakeDataChannel* outgoing_;
300
301 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
302};
303
304} // namespace
305
306// Verify the correctness of the test helper classes first.
307TEST(FakeSocketTest, DataTransfer) {
308 // Establish channels between two sockets.
309 FakeDataChannel channel_1;
310 FakeDataChannel channel_2;
311 FakeSocket client(&channel_1, &channel_2);
312 FakeSocket server(&channel_2, &channel_1);
313
314 const char kTestData[] = "testing123";
315 const int kTestDataSize = strlen(kTestData);
316 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]317 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
318 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]319
320 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]321 int written =
322 server.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]323 EXPECT_GT(written, 0);
324 EXPECT_LE(written, kTestDataSize);
325
[email protected]90499482013-06-01 00:39:50[diff] [blame]326 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]327 EXPECT_GT(read, 0);
328 EXPECT_LE(read, written);
329 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]330
331 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]332 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]333 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]334 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]335
[email protected]90499482013-06-01 00:39:50[diff] [blame]336 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]337 EXPECT_GT(written, 0);
338 EXPECT_LE(written, kTestDataSize);
339
340 read = callback.WaitForResult();
341 EXPECT_GT(read, 0);
342 EXPECT_LE(read, written);
343 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]344}
345
346class SSLServerSocketTest : public PlatformTest {
347 public:
348 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]349 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]350 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]351 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]352 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]353 ct_verifier_(new DoNothingCTVerifier),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]354 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]355
356 void SetUp() override {
357 PlatformTest::SetUp();
358
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]359 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
360 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]361
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]362 server_cert_ =
363 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]364 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]365 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]366 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]367
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]368 client_ssl_config_.false_start_enabled = false;
369 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]370
371 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]372 client_ssl_config_.allowed_bad_certs.emplace_back(
373 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]374 }
375
376 protected:
377 void CreateContext() {
378 client_socket_.reset();
379 server_socket_.reset();
380 channel_1_.reset();
381 channel_2_.reset();
382 server_context_.reset();
383 server_context_ = CreateSSLServerContext(
384 server_cert_.get(), *server_private_key_, server_ssl_config_);
385 }
386
387 void CreateSockets() {
388 client_socket_.reset();
389 server_socket_.reset();
390 channel_1_.reset(new FakeDataChannel());
391 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]392 std::unique_ptr<ClientSocketHandle> client_connection(
393 new ClientSocketHandle);
394 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]395 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]396 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]397 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]398
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]399 HostPortPair host_and_pair("unittest", 0);
400 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]401 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]402 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]403 context.cert_transparency_verifier = ct_verifier_.get();
404 context.ct_policy_enforcer = ct_policy_enforcer_.get();
David Benjaminb3840f42017-08-03 15:50:16[diff] [blame^]405 // Set a dummy session cache shard to enable session caching.
406 context.ssl_session_cache_shard = "shard";
rsleevia5c430222016-03-11 05:55:12[diff] [blame]407
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]408 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]409 std::move(client_connection), host_and_pair, client_ssl_config_,
410 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]411 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]412
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]413 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]414 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]415 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]416 }
417
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]418 void ConfigureClientCertsForClient(const char* cert_file_name,
419 const char* private_key_file_name) {
420 client_ssl_config_.send_client_cert = true;
421 client_ssl_config_.client_cert =
422 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
423 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]424
danakj655b66c2016-04-16 00:51:38[diff] [blame]425 std::unique_ptr<crypto::RSAPrivateKey> key =
426 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]427 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]428
agl5a7cadf2016-07-13 16:52:53[diff] [blame]429 EVP_PKEY_up_ref(key->key());
430 client_ssl_config_.client_private_key =
davidbend80c12c2016-10-11 00:13:49[diff] [blame]431 WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY>(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]432 }
433
434 void ConfigureClientCertsForServer() {
435 server_ssl_config_.client_cert_type =
436 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
437
davidbend80c12c2016-10-11 00:13:49[diff] [blame]438 bssl::UniquePtr<STACK_OF(X509_NAME)> cert_names(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]439 SSL_load_client_CA_file(GetTestCertsDirectory()
440 .AppendASCII(kClientCertCAFileName)
441 .MaybeAsASCII()
442 .c_str()));
443 ASSERT_TRUE(cert_names);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]444
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]445 for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
446 uint8_t* str = nullptr;
447 int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]448 ASSERT_LT(0, length);
449
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]450 server_ssl_config_.cert_authorities_.push_back(std::string(
451 reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
452 OPENSSL_free(str);
453 }
454
455 scoped_refptr<X509Certificate> expected_client_cert(
456 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]457 ASSERT_TRUE(expected_client_cert);
458
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]459 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
460
461 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
462 }
463
danakj655b66c2016-04-16 00:51:38[diff] [blame]464 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
465 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]466 base::FilePath certs_dir(GetTestCertsDirectory());
467 base::FilePath key_path = certs_dir.AppendASCII(name);
468 std::string key_string;
469 if (!base::ReadFileToString(key_path, &key_string))
470 return nullptr;
471 std::vector<uint8_t> key_vector(
472 reinterpret_cast<const uint8_t*>(key_string.data()),
473 reinterpret_cast<const uint8_t*>(key_string.data() +
474 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]475 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]476 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
477 return key;
478 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]479
danakj655b66c2016-04-16 00:51:38[diff] [blame]480 std::unique_ptr<FakeDataChannel> channel_1_;
481 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]482 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]483 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]484 std::unique_ptr<SSLClientSocket> client_socket_;
485 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]486 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]487 std::unique_ptr<MockCertVerifier> cert_verifier_;
488 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
489 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36[diff] [blame]490 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]491 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]492 std::unique_ptr<SSLServerContext> server_context_;
493 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]494 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]495};
496
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]497// This test only executes creation of client and server sockets. This is to
498// test that creation of sockets doesn't crash and have minimal code to run
499// under valgrind in order to help debugging memory problems.
500TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]501 ASSERT_NO_FATAL_FAILURE(CreateContext());
502 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]503}
504
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]505// This test executes Connect() on SSLClientSocket and Handshake() on
506// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]507// completed successfully.
508TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]509 ASSERT_NO_FATAL_FAILURE(CreateContext());
510 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]511
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]512 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]513 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]514
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]515 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]516 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]517
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]518 client_ret = connect_callback.GetResult(client_ret);
519 server_ret = handshake_callback.GetResult(server_ret);
520
robpercival214763f2016-07-01 23:27:01[diff] [blame]521 ASSERT_THAT(client_ret, IsOk());
522 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]523
524 // Make sure the cert status is expected.
525 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]526 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]527 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]528
davidben56a8aece2016-10-14 18:20:56[diff] [blame]529 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58[diff] [blame]530 uint16_t cipher_suite =
531 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
532 const char* key_exchange;
533 const char* cipher;
534 const char* mac;
535 bool is_aead;
davidben56a8aece2016-10-14 18:20:56[diff] [blame]536 bool is_tls13;
537 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
538 cipher_suite);
hansc048c38b2016-10-14 11:30:09[diff] [blame]539 EXPECT_TRUE(is_aead);
davidben56a8aece2016-10-14 18:20:56[diff] [blame]540 ASSERT_FALSE(is_tls13);
541 EXPECT_STREQ("ECDHE_RSA", key_exchange);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]542}
543
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]544// This test makes sure the session cache is working.
545TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]546 ASSERT_NO_FATAL_FAILURE(CreateContext());
547 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]548
549 TestCompletionCallback handshake_callback;
550 int server_ret = server_socket_->Handshake(handshake_callback.callback());
551
552 TestCompletionCallback connect_callback;
553 int client_ret = client_socket_->Connect(connect_callback.callback());
554
555 client_ret = connect_callback.GetResult(client_ret);
556 server_ret = handshake_callback.GetResult(server_ret);
557
robpercival214763f2016-07-01 23:27:01[diff] [blame]558 ASSERT_THAT(client_ret, IsOk());
559 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]560
561 // Make sure the cert status is expected.
562 SSLInfo ssl_info;
563 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
564 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
565 SSLInfo ssl_server_info;
566 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
567 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
568
569 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]570 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]571 TestCompletionCallback handshake_callback2;
572 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
573
574 TestCompletionCallback connect_callback2;
575 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
576
577 client_ret2 = connect_callback2.GetResult(client_ret2);
578 server_ret2 = handshake_callback2.GetResult(server_ret2);
579
robpercival214763f2016-07-01 23:27:01[diff] [blame]580 ASSERT_THAT(client_ret2, IsOk());
581 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]582
583 // Make sure the cert status is expected.
584 SSLInfo ssl_info2;
585 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
586 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
587 SSLInfo ssl_server_info2;
588 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
589 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
590}
591
592// This test makes sure the session cache separates out by server context.
593TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]594 ASSERT_NO_FATAL_FAILURE(CreateContext());
595 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]596
597 TestCompletionCallback handshake_callback;
598 int server_ret = server_socket_->Handshake(handshake_callback.callback());
599
600 TestCompletionCallback connect_callback;
601 int client_ret = client_socket_->Connect(connect_callback.callback());
602
603 client_ret = connect_callback.GetResult(client_ret);
604 server_ret = handshake_callback.GetResult(server_ret);
605
robpercival214763f2016-07-01 23:27:01[diff] [blame]606 ASSERT_THAT(client_ret, IsOk());
607 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]608
609 // Make sure the cert status is expected.
610 SSLInfo ssl_info;
611 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
612 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
613 SSLInfo ssl_server_info;
614 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
615 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
616
617 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]618 ASSERT_NO_FATAL_FAILURE(CreateContext());
619 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]620
621 TestCompletionCallback handshake_callback2;
622 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
623
624 TestCompletionCallback connect_callback2;
625 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
626
627 client_ret2 = connect_callback2.GetResult(client_ret2);
628 server_ret2 = handshake_callback2.GetResult(server_ret2);
629
robpercival214763f2016-07-01 23:27:01[diff] [blame]630 ASSERT_THAT(client_ret2, IsOk());
631 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]632
633 // Make sure the cert status is expected.
634 SSLInfo ssl_info2;
635 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
636 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
637 SSLInfo ssl_server_info2;
638 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
639 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
640}
641
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]642// This test executes Connect() on SSLClientSocket and Handshake() on
643// SSLServerSocket to make sure handshaking between the two sockets is
644// completed successfully, using client certificate.
645TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
646 scoped_refptr<X509Certificate> client_cert =
647 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]648 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
649 kClientCertFileName, kClientPrivateKeyFileName));
650 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
651 ASSERT_NO_FATAL_FAILURE(CreateContext());
652 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]653
654 TestCompletionCallback handshake_callback;
655 int server_ret = server_socket_->Handshake(handshake_callback.callback());
656
657 TestCompletionCallback connect_callback;
658 int client_ret = client_socket_->Connect(connect_callback.callback());
659
660 client_ret = connect_callback.GetResult(client_ret);
661 server_ret = handshake_callback.GetResult(server_ret);
662
robpercival214763f2016-07-01 23:27:01[diff] [blame]663 ASSERT_THAT(client_ret, IsOk());
664 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]665
666 // Make sure the cert status is expected.
667 SSLInfo ssl_info;
668 client_socket_->GetSSLInfo(&ssl_info);
669 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
670 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]671 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]672 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
673}
674
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]675// This test executes Connect() on SSLClientSocket and Handshake() twice on
676// SSLServerSocket to make sure handshaking between the two sockets is
677// completed successfully, using client certificate. The second connection is
678// expected to succeed through the session cache.
679TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
680 scoped_refptr<X509Certificate> client_cert =
681 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]682 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
683 kClientCertFileName, kClientPrivateKeyFileName));
684 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
685 ASSERT_NO_FATAL_FAILURE(CreateContext());
686 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]687
688 TestCompletionCallback handshake_callback;
689 int server_ret = server_socket_->Handshake(handshake_callback.callback());
690
691 TestCompletionCallback connect_callback;
692 int client_ret = client_socket_->Connect(connect_callback.callback());
693
694 client_ret = connect_callback.GetResult(client_ret);
695 server_ret = handshake_callback.GetResult(server_ret);
696
robpercival214763f2016-07-01 23:27:01[diff] [blame]697 ASSERT_THAT(client_ret, IsOk());
698 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]699
700 // Make sure the cert status is expected.
701 SSLInfo ssl_info;
702 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
703 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
704 SSLInfo ssl_server_info;
705 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
706 ASSERT_TRUE(ssl_server_info.cert.get());
707 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
708 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
709 server_socket_->Disconnect();
710 client_socket_->Disconnect();
711
712 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]713 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]714 TestCompletionCallback handshake_callback2;
715 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
716
717 TestCompletionCallback connect_callback2;
718 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
719
720 client_ret2 = connect_callback2.GetResult(client_ret2);
721 server_ret2 = handshake_callback2.GetResult(server_ret2);
722
robpercival214763f2016-07-01 23:27:01[diff] [blame]723 ASSERT_THAT(client_ret2, IsOk());
724 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]725
726 // Make sure the cert status is expected.
727 SSLInfo ssl_info2;
728 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
729 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
730 SSLInfo ssl_server_info2;
731 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
732 ASSERT_TRUE(ssl_server_info2.cert.get());
733 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
734 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
735}
736
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]737TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]738 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
739 ASSERT_NO_FATAL_FAILURE(CreateContext());
740 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]741 // Use the default setting for the client socket, which is to not send
742 // a client certificate. This will cause the client to receive an
743 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
744 // requested cert_authorities from the CertificateRequest sent by the
745 // server.
746
747 TestCompletionCallback handshake_callback;
748 int server_ret = server_socket_->Handshake(handshake_callback.callback());
749
750 TestCompletionCallback connect_callback;
751 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
752 connect_callback.GetResult(
753 client_socket_->Connect(connect_callback.callback())));
754
755 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
756 client_socket_->GetSSLCertRequestInfo(request_info.get());
757
758 // Check that the authority name that arrived in the CertificateRequest
759 // handshake message is as expected.
760 scoped_refptr<X509Certificate> client_cert =
761 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]762 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]763 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
764
765 client_socket_->Disconnect();
766
davidben3418e81f2016-10-19 00:09:45[diff] [blame]767 EXPECT_THAT(handshake_callback.GetResult(server_ret),
768 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]769}
770
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]771TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]772 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
773 ASSERT_NO_FATAL_FAILURE(CreateContext());
774 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]775 // Use the default setting for the client socket, which is to not send
776 // a client certificate. This will cause the client to receive an
777 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
778 // requested cert_authorities from the CertificateRequest sent by the
779 // server.
780
781 TestCompletionCallback handshake_callback;
782 int server_ret = server_socket_->Handshake(handshake_callback.callback());
783
784 TestCompletionCallback connect_callback;
785 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
786 connect_callback.GetResult(
787 client_socket_->Connect(connect_callback.callback())));
788
789 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
790 client_socket_->GetSSLCertRequestInfo(request_info.get());
791
792 // Check that the authority name that arrived in the CertificateRequest
793 // handshake message is as expected.
794 scoped_refptr<X509Certificate> client_cert =
795 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]796 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]797 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
798
799 client_socket_->Disconnect();
800
davidben3418e81f2016-10-19 00:09:45[diff] [blame]801 EXPECT_THAT(handshake_callback.GetResult(server_ret),
802 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]803 server_socket_->Disconnect();
804
805 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]806 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]807 TestCompletionCallback handshake_callback2;
808 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
809
810 TestCompletionCallback connect_callback2;
811 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
812 connect_callback2.GetResult(
813 client_socket_->Connect(connect_callback2.callback())));
814
815 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
816 client_socket_->GetSSLCertRequestInfo(request_info2.get());
817
818 // Check that the authority name that arrived in the CertificateRequest
819 // handshake message is as expected.
820 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
821
822 client_socket_->Disconnect();
823
davidben3418e81f2016-10-19 00:09:45[diff] [blame]824 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
825 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]826}
827
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]828TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
829 scoped_refptr<X509Certificate> client_cert =
830 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]831 ASSERT_TRUE(client_cert);
832
833 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
834 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
835 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
836 ASSERT_NO_FATAL_FAILURE(CreateContext());
837 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]838
839 TestCompletionCallback handshake_callback;
840 int server_ret = server_socket_->Handshake(handshake_callback.callback());
841
842 TestCompletionCallback connect_callback;
843 int client_ret = client_socket_->Connect(connect_callback.callback());
844
845 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
846 connect_callback.GetResult(client_ret));
847 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
848 handshake_callback.GetResult(server_ret));
849}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]850
851TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
852 scoped_refptr<X509Certificate> client_cert =
853 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]854 ASSERT_TRUE(client_cert);
855
856 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
857 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
858 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
859 ASSERT_NO_FATAL_FAILURE(CreateContext());
860 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]861
862 TestCompletionCallback handshake_callback;
863 int server_ret = server_socket_->Handshake(handshake_callback.callback());
864
865 TestCompletionCallback connect_callback;
866 int client_ret = client_socket_->Connect(connect_callback.callback());
867
868 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
869 connect_callback.GetResult(client_ret));
870 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
871 handshake_callback.GetResult(server_ret));
872
873 client_socket_->Disconnect();
874 server_socket_->Disconnect();
875
876 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]877 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]878 TestCompletionCallback handshake_callback2;
879 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
880
881 TestCompletionCallback connect_callback2;
882 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
883
884 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
885 connect_callback2.GetResult(client_ret2));
886 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
887 handshake_callback2.GetResult(server_ret2));
888}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]889
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]890TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]891 ASSERT_NO_FATAL_FAILURE(CreateContext());
892 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]893
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]894 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]895 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]896 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]897 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]898
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]899 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]900 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]901 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]902
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]903 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]904 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]905 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]906 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]907
908 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]909 scoped_refptr<StringIOBuffer> write_buf =
910 new StringIOBuffer("testing123");
911 scoped_refptr<DrainableIOBuffer> read_buf =
912 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]913
914 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]915 TestCompletionCallback write_callback;
916 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]917 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
918 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]919 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]920 client_ret = client_socket_->Read(
921 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]922 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]923
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]924 server_ret = write_callback.GetResult(server_ret);
925 EXPECT_GT(server_ret, 0);
926 client_ret = read_callback.GetResult(client_ret);
927 ASSERT_GT(client_ret, 0);
928
929 read_buf->DidConsume(client_ret);
930 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]931 client_ret = client_socket_->Read(
932 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]933 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]934 client_ret = read_callback.GetResult(client_ret);
935 ASSERT_GT(client_ret, 0);
936 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]937 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]938 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
939 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]940 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
941
942 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]943 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]944 server_ret = server_socket_->Read(
945 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]946 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]947 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
948 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]949 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]950
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]951 server_ret = read_callback.GetResult(server_ret);
952 ASSERT_GT(server_ret, 0);
953 client_ret = write_callback.GetResult(client_ret);
954 EXPECT_GT(client_ret, 0);
955
956 read_buf->DidConsume(server_ret);
957 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]958 server_ret = server_socket_->Read(
959 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]960 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]961 server_ret = read_callback.GetResult(server_ret);
962 ASSERT_GT(server_ret, 0);
963 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]964 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]965 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
966 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]967 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
968}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]969
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]970// A regression test for bug 127822 (http://crbug.com/127822).
971// If the server closes the connection after the handshake is finished,
972// the client's Write() call should not cause an infinite loop.
973// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]974TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]975 ASSERT_NO_FATAL_FAILURE(CreateContext());
976 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]977
978 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]979 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]980 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]981 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]982
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]983 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]984 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]985 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]986
987 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]988 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]989 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]990 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]991
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]992 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]993
994 // The server closes the connection. The server needs to write some
995 // data first so that the client's Read() calls from the transport
996 // socket won't return ERR_IO_PENDING. This ensures that the client
997 // will call Read() on the transport socket again.
998 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]999 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
1000 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1001 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1002
1003 server_ret = write_callback.GetResult(server_ret);
1004 EXPECT_GT(server_ret, 0);
1005
1006 server_socket_->Disconnect();
1007
1008 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1009 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
1010 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1011 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1012
1013 client_ret = write_callback.GetResult(client_ret);
1014 EXPECT_GT(client_ret, 0);
1015
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1016 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]1017 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1018 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1019 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1020}
1021
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1022// This test executes ExportKeyingMaterial() on the client and server sockets,
1023// after connecting them, and verifies that the results match.
1024// This test will fail if False Start is enabled (see crbug.com/90208).
1025TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1026 ASSERT_NO_FATAL_FAILURE(CreateContext());
1027 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1028
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1029 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1030 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1031 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1032
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1033 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1034 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1035 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1036
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1037 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1038 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1039 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1040 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1041 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1042 }
1043
1044 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1045 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1046 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1047 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1048 int rv = server_socket_->ExportKeyingMaterial(
1049 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1050 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1051
1052 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1053 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1054 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1055 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1056 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1057
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1058 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1059 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1060 rv = client_socket_->ExportKeyingMaterial(
1061 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1062 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1063 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1064}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1065
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1066// Verifies that SSLConfig::require_ecdhe flags works properly.
1067TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1068 // Disable all ECDHE suites on the client side.
1069 uint16_t kEcdheCiphers[] = {
1070 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1071 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1072 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1073 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1074 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1075 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1076 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1077 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:49[diff] [blame]1078 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1079 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1080 };
1081 client_ssl_config_.disabled_cipher_suites.assign(
1082 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1083
1084 // Require ECDHE on the server.
1085 server_ssl_config_.require_ecdhe = true;
1086
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1087 ASSERT_NO_FATAL_FAILURE(CreateContext());
1088 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1089
1090 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1091 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1092
1093 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1094 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1095
1096 client_ret = connect_callback.GetResult(client_ret);
1097 server_ret = handshake_callback.GetResult(server_ret);
1098
robpercival214763f2016-07-01 23:27:01[diff] [blame]1099 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1100 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1101}
1102
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1103} // namespace net