Google Git
Sign in
chromium / chromium / src.git / 6be4d9fbc0b33047dfe901e2bbe2c322efda30cd / . / net / socket / ssl_server_socket_unittest.cc
blob: 71bfda918ba7f552c075c0530bd791f50adee7ef [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]20#include <queue>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]21#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]22
svaldez2135be52016-04-20 16:34:53[diff] [blame]23#include <openssl/evp.h>
24#include <openssl/ssl.h>
25#include <openssl/x509.h>
26
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]27#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]28#include "base/compiler_specific.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]29#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]30#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]31#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]32#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]33#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]34#include "base/message_loop/message_loop.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]35#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]36#include "base/single_thread_task_runner.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]37#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]38#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]39#include "crypto/nss_util.h"
40#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]41#include "crypto/scoped_openssl_types.h"
42#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]43#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]44#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]45#include "net/base/host_port_pair.h"
46#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]47#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]48#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]49#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]50#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]51#include "net/cert/ct_policy_enforcer.h"
52#include "net/cert/ct_policy_status.h"
53#include "net/cert/ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]54#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]55#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]56#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]57#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]58#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]59#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]60#include "net/socket/client_socket_factory.h"
61#include "net/socket/socket_test_util.h"
62#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]63#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]64#include "net/ssl/scoped_openssl_types.h"
65#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]66#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]67#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]68#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]69#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]70#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]71#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]72#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]73#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]74#include "net/test/test_data_directory.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]75#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]76#include "testing/gtest/include/gtest/gtest.h"
77#include "testing/platform_test.h"
78
robpercival214763f2016-07-01 23:27:01[diff] [blame]79using net::test::IsError;
80using net::test::IsOk;
81
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]82namespace net {
83
84namespace {
85
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]86const char kClientCertFileName[] = "client_1.pem";
87const char kClientPrivateKeyFileName[] = "client_1.pk8";
88const char kWrongClientCertFileName[] = "client_2.pem";
89const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
90const char kClientCertCAFileName[] = "client_1_ca.pem";
91
rsleevid6de8302016-06-21 01:33:20[diff] [blame]92class MockCTVerifier : public CTVerifier {
93 public:
94 MockCTVerifier() = default;
95 ~MockCTVerifier() override = default;
96
97 int Verify(X509Certificate* cert,
98 const std::string& stapled_ocsp_response,
99 const std::string& sct_list_from_tls_extension,
eranmdcec9632016-10-10 14:16:10[diff] [blame]100 SignedCertificateTimestampAndStatusList* output_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]101 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]102 return net::OK;
103 }
104
105 void SetObserver(Observer* observer) override {}
106};
107
108class MockCTPolicyEnforcer : public CTPolicyEnforcer {
109 public:
110 MockCTPolicyEnforcer() = default;
111 ~MockCTPolicyEnforcer() override = default;
112 ct::CertPolicyCompliance DoesConformToCertPolicy(
113 X509Certificate* cert,
114 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]115 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]116 return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
117 }
118
119 ct::EVPolicyCompliance DoesConformToCTEVPolicy(
120 X509Certificate* cert,
121 const ct::EVCertsWhitelist* ev_whitelist,
122 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]123 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]124 return ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS;
125 }
126};
127
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]128class FakeDataChannel {
129 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]130 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]131 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]132 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]133 write_called_after_close_(false),
134 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]135 }
136
[email protected]47a12862012-04-10 01:00:49[diff] [blame]137 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]138 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]139 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]140 if (closed_)
141 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]142 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]143 read_callback_ = callback;
144 read_buf_ = buf;
145 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]146 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]147 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]148 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]149 }
150
[email protected]47a12862012-04-10 01:00:49[diff] [blame]151 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]152 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]153 if (closed_) {
154 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]155 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]156 write_called_after_close_ = true;
157 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]158 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]159 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
160 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]161 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]162 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]163 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]164 data_.push(new DrainableIOBuffer(
165 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]166 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]167 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]168 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
169 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]170 return buf_len;
171 }
172
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]173 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
174 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
175 // after the FakeDataChannel is closed, the first Write() call completes
176 // asynchronously, which is necessary to reproduce bug 127822.
177 void Close() {
178 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]179 if (!read_callback_.is_null()) {
180 base::ThreadTaskRunnerHandle::Get()->PostTask(
181 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
182 weak_factory_.GetWeakPtr()));
183 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]184 }
185
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]186 private:
187 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]188 if (read_callback_.is_null())
189 return;
190
191 if (closed_) {
192 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
193 return;
194 }
195
196 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]197 return;
198
tfarina9b6381442015-10-05 22:38:11[diff] [blame]199 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]200 CompletionCallback callback = read_callback_;
201 read_callback_.Reset();
202 read_buf_ = NULL;
203 read_buf_len_ = 0;
204 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]205 }
206
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]207 void DoWriteCallback() {
208 if (write_callback_.is_null())
209 return;
210
211 CompletionCallback callback = write_callback_;
212 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]213 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]214 }
215
tfarina9b6381442015-10-05 22:38:11[diff] [blame]216 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]217 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]218 int copied = std::min(buf->BytesRemaining(), read_buf_len);
219 memcpy(read_buf->data(), buf->data(), copied);
220 buf->DidConsume(copied);
221
222 if (!buf->BytesRemaining())
223 data_.pop();
224 return copied;
225 }
226
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]227 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]228 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]229 int read_buf_len_;
230
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]231 CompletionCallback write_callback_;
232
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]233 std::queue<scoped_refptr<DrainableIOBuffer> > data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]234
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]235 // True if Close() has been called.
236 bool closed_;
237
238 // Controls the completion of Write() after the FakeDataChannel is closed.
239 // After the FakeDataChannel is closed, the first Write() call completes
240 // asynchronously.
241 bool write_called_after_close_;
242
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]243 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
244
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]245 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
246};
247
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]248class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]249 public:
250 FakeSocket(FakeDataChannel* incoming_channel,
251 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]252 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]253
dchengb03027d2014-10-21 12:00:20[diff] [blame]254 ~FakeSocket() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]255
dchengb03027d2014-10-21 12:00:20[diff] [blame]256 int Read(IOBuffer* buf,
257 int buf_len,
258 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]259 // Read random number of bytes.
260 buf_len = rand() % buf_len + 1;
261 return incoming_->Read(buf, buf_len, callback);
262 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]263
dchengb03027d2014-10-21 12:00:20[diff] [blame]264 int Write(IOBuffer* buf,
265 int buf_len,
266 const CompletionCallback& callback) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]267 // Write random number of bytes.
268 buf_len = rand() % buf_len + 1;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]269 return outgoing_->Write(buf, buf_len, callback);
270 }
271
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]272 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]273
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]274 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]275
dchengb03027d2014-10-21 12:00:20[diff] [blame]276 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]277
dchengb03027d2014-10-21 12:00:20[diff] [blame]278 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]279 incoming_->Close();
280 outgoing_->Close();
281 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]282
dchengb03027d2014-10-21 12:00:20[diff] [blame]283 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]284
dchengb03027d2014-10-21 12:00:20[diff] [blame]285 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]286
dchengb03027d2014-10-21 12:00:20[diff] [blame]287 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]288 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]289 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]290 }
291
dchengb03027d2014-10-21 12:00:20[diff] [blame]292 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]293 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]294 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]295 }
296
tfarina428341112016-09-22 13:38:20[diff] [blame]297 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]298
dchengb03027d2014-10-21 12:00:20[diff] [blame]299 void SetSubresourceSpeculation() override {}
300 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]301
dchengb03027d2014-10-21 12:00:20[diff] [blame]302 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]303
dchengb03027d2014-10-21 12:00:20[diff] [blame]304 bool WasNpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]305
dchengb03027d2014-10-21 12:00:20[diff] [blame]306 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]307
dchengb03027d2014-10-21 12:00:20[diff] [blame]308 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]309
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]310 void GetConnectionAttempts(ConnectionAttempts* out) const override {
311 out->clear();
312 }
313
314 void ClearConnectionAttempts() override {}
315
316 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
317
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]318 int64_t GetTotalReceivedBytes() const override {
319 NOTIMPLEMENTED();
320 return 0;
321 }
322
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]323 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]324 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]325 FakeDataChannel* incoming_;
326 FakeDataChannel* outgoing_;
327
328 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
329};
330
331} // namespace
332
333// Verify the correctness of the test helper classes first.
334TEST(FakeSocketTest, DataTransfer) {
335 // Establish channels between two sockets.
336 FakeDataChannel channel_1;
337 FakeDataChannel channel_2;
338 FakeSocket client(&channel_1, &channel_2);
339 FakeSocket server(&channel_2, &channel_1);
340
341 const char kTestData[] = "testing123";
342 const int kTestDataSize = strlen(kTestData);
343 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]344 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
345 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]346
347 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]348 int written =
349 server.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]350 EXPECT_GT(written, 0);
351 EXPECT_LE(written, kTestDataSize);
352
[email protected]90499482013-06-01 00:39:50[diff] [blame]353 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]354 EXPECT_GT(read, 0);
355 EXPECT_LE(read, written);
356 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]357
358 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]359 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]360 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]361 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]362
[email protected]90499482013-06-01 00:39:50[diff] [blame]363 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]364 EXPECT_GT(written, 0);
365 EXPECT_LE(written, kTestDataSize);
366
367 read = callback.WaitForResult();
368 EXPECT_GT(read, 0);
369 EXPECT_LE(read, written);
370 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]371}
372
373class SSLServerSocketTest : public PlatformTest {
374 public:
375 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]376 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]377 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]378 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]379 transport_security_state_(new TransportSecurityState),
380 ct_verifier_(new MockCTVerifier),
381 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]382
383 void SetUp() override {
384 PlatformTest::SetUp();
385
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]386 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
387 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]388
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]389 server_cert_ =
390 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]391 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]392 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]393 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]394
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]395 client_ssl_config_.false_start_enabled = false;
396 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]397
398 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]399 client_ssl_config_.allowed_bad_certs.emplace_back(
400 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]401 }
402
403 protected:
404 void CreateContext() {
405 client_socket_.reset();
406 server_socket_.reset();
407 channel_1_.reset();
408 channel_2_.reset();
409 server_context_.reset();
410 server_context_ = CreateSSLServerContext(
411 server_cert_.get(), *server_private_key_, server_ssl_config_);
412 }
413
414 void CreateSockets() {
415 client_socket_.reset();
416 server_socket_.reset();
417 channel_1_.reset(new FakeDataChannel());
418 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]419 std::unique_ptr<ClientSocketHandle> client_connection(
420 new ClientSocketHandle);
421 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]422 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]423 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]424 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]425
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]426 HostPortPair host_and_pair("unittest", 0);
427 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]428 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]429 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]430 context.cert_transparency_verifier = ct_verifier_.get();
431 context.ct_policy_enforcer = ct_policy_enforcer_.get();
rsleevia5c430222016-03-11 05:55:12[diff] [blame]432
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]433 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]434 std::move(client_connection), host_and_pair, client_ssl_config_,
435 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]436 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]437
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]438 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]439 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]440 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]441 }
442
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]443 void ConfigureClientCertsForClient(const char* cert_file_name,
444 const char* private_key_file_name) {
445 client_ssl_config_.send_client_cert = true;
446 client_ssl_config_.client_cert =
447 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
448 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]449
danakj655b66c2016-04-16 00:51:38[diff] [blame]450 std::unique_ptr<crypto::RSAPrivateKey> key =
451 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]452 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]453
agl5a7cadf2016-07-13 16:52:53[diff] [blame]454 EVP_PKEY_up_ref(key->key());
455 client_ssl_config_.client_private_key =
456 WrapOpenSSLPrivateKey(crypto::ScopedEVP_PKEY(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]457 }
458
459 void ConfigureClientCertsForServer() {
460 server_ssl_config_.client_cert_type =
461 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
462
463 ScopedX509NameStack cert_names(
464 SSL_load_client_CA_file(GetTestCertsDirectory()
465 .AppendASCII(kClientCertCAFileName)
466 .MaybeAsASCII()
467 .c_str()));
468 ASSERT_TRUE(cert_names);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]469
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]470 for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
471 uint8_t* str = nullptr;
472 int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]473 ASSERT_LT(0, length);
474
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]475 server_ssl_config_.cert_authorities_.push_back(std::string(
476 reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
477 OPENSSL_free(str);
478 }
479
480 scoped_refptr<X509Certificate> expected_client_cert(
481 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]482 ASSERT_TRUE(expected_client_cert);
483
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]484 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
485
486 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
487 }
488
danakj655b66c2016-04-16 00:51:38[diff] [blame]489 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
490 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]491 base::FilePath certs_dir(GetTestCertsDirectory());
492 base::FilePath key_path = certs_dir.AppendASCII(name);
493 std::string key_string;
494 if (!base::ReadFileToString(key_path, &key_string))
495 return nullptr;
496 std::vector<uint8_t> key_vector(
497 reinterpret_cast<const uint8_t*>(key_string.data()),
498 reinterpret_cast<const uint8_t*>(key_string.data() +
499 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]500 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]501 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
502 return key;
503 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]504
danakj655b66c2016-04-16 00:51:38[diff] [blame]505 std::unique_ptr<FakeDataChannel> channel_1_;
506 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]507 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]508 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]509 std::unique_ptr<SSLClientSocket> client_socket_;
510 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]511 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]512 std::unique_ptr<MockCertVerifier> cert_verifier_;
513 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
514 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]515 std::unique_ptr<MockCTVerifier> ct_verifier_;
516 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]517 std::unique_ptr<SSLServerContext> server_context_;
518 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]519 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]520};
521
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]522// This test only executes creation of client and server sockets. This is to
523// test that creation of sockets doesn't crash and have minimal code to run
524// under valgrind in order to help debugging memory problems.
525TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]526 ASSERT_NO_FATAL_FAILURE(CreateContext());
527 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]528}
529
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]530// This test executes Connect() on SSLClientSocket and Handshake() on
531// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]532// completed successfully.
533TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]534 ASSERT_NO_FATAL_FAILURE(CreateContext());
535 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]536
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]537 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]538 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]539
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]540 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]541 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]542
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]543 client_ret = connect_callback.GetResult(client_ret);
544 server_ret = handshake_callback.GetResult(server_ret);
545
robpercival214763f2016-07-01 23:27:01[diff] [blame]546 ASSERT_THAT(client_ret, IsOk());
547 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]548
549 // Make sure the cert status is expected.
550 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]551 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]552 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]553
554 // The default cipher suite should be ECDHE and, unless on NSS and the
555 // platform doesn't support it, an AEAD.
556 uint16_t cipher_suite =
557 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
558 const char* key_exchange;
559 const char* cipher;
560 const char* mac;
561 bool is_aead;
562 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite);
563 EXPECT_STREQ("ECDHE_RSA", key_exchange);
davidben6cacd572015-09-29 22:24:10[diff] [blame]564 EXPECT_TRUE(is_aead);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]565}
566
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]567// This test makes sure the session cache is working.
568TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]569 ASSERT_NO_FATAL_FAILURE(CreateContext());
570 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]571
572 TestCompletionCallback handshake_callback;
573 int server_ret = server_socket_->Handshake(handshake_callback.callback());
574
575 TestCompletionCallback connect_callback;
576 int client_ret = client_socket_->Connect(connect_callback.callback());
577
578 client_ret = connect_callback.GetResult(client_ret);
579 server_ret = handshake_callback.GetResult(server_ret);
580
robpercival214763f2016-07-01 23:27:01[diff] [blame]581 ASSERT_THAT(client_ret, IsOk());
582 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]583
584 // Make sure the cert status is expected.
585 SSLInfo ssl_info;
586 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
587 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
588 SSLInfo ssl_server_info;
589 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
590 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
591
592 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]593 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]594 TestCompletionCallback handshake_callback2;
595 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
596
597 TestCompletionCallback connect_callback2;
598 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
599
600 client_ret2 = connect_callback2.GetResult(client_ret2);
601 server_ret2 = handshake_callback2.GetResult(server_ret2);
602
robpercival214763f2016-07-01 23:27:01[diff] [blame]603 ASSERT_THAT(client_ret2, IsOk());
604 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]605
606 // Make sure the cert status is expected.
607 SSLInfo ssl_info2;
608 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
609 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
610 SSLInfo ssl_server_info2;
611 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
612 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
613}
614
615// This test makes sure the session cache separates out by server context.
616TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]617 ASSERT_NO_FATAL_FAILURE(CreateContext());
618 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]619
620 TestCompletionCallback handshake_callback;
621 int server_ret = server_socket_->Handshake(handshake_callback.callback());
622
623 TestCompletionCallback connect_callback;
624 int client_ret = client_socket_->Connect(connect_callback.callback());
625
626 client_ret = connect_callback.GetResult(client_ret);
627 server_ret = handshake_callback.GetResult(server_ret);
628
robpercival214763f2016-07-01 23:27:01[diff] [blame]629 ASSERT_THAT(client_ret, IsOk());
630 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]631
632 // Make sure the cert status is expected.
633 SSLInfo ssl_info;
634 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
635 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
636 SSLInfo ssl_server_info;
637 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
638 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
639
640 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]641 ASSERT_NO_FATAL_FAILURE(CreateContext());
642 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]643
644 TestCompletionCallback handshake_callback2;
645 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
646
647 TestCompletionCallback connect_callback2;
648 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
649
650 client_ret2 = connect_callback2.GetResult(client_ret2);
651 server_ret2 = handshake_callback2.GetResult(server_ret2);
652
robpercival214763f2016-07-01 23:27:01[diff] [blame]653 ASSERT_THAT(client_ret2, IsOk());
654 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]655
656 // Make sure the cert status is expected.
657 SSLInfo ssl_info2;
658 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
659 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
660 SSLInfo ssl_server_info2;
661 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
662 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
663}
664
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]665// This test executes Connect() on SSLClientSocket and Handshake() on
666// SSLServerSocket to make sure handshaking between the two sockets is
667// completed successfully, using client certificate.
668TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
669 scoped_refptr<X509Certificate> client_cert =
670 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]671 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
672 kClientCertFileName, kClientPrivateKeyFileName));
673 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
674 ASSERT_NO_FATAL_FAILURE(CreateContext());
675 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]676
677 TestCompletionCallback handshake_callback;
678 int server_ret = server_socket_->Handshake(handshake_callback.callback());
679
680 TestCompletionCallback connect_callback;
681 int client_ret = client_socket_->Connect(connect_callback.callback());
682
683 client_ret = connect_callback.GetResult(client_ret);
684 server_ret = handshake_callback.GetResult(server_ret);
685
robpercival214763f2016-07-01 23:27:01[diff] [blame]686 ASSERT_THAT(client_ret, IsOk());
687 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]688
689 // Make sure the cert status is expected.
690 SSLInfo ssl_info;
691 client_socket_->GetSSLInfo(&ssl_info);
692 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
693 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]694 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]695 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
696}
697
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]698// This test executes Connect() on SSLClientSocket and Handshake() twice on
699// SSLServerSocket to make sure handshaking between the two sockets is
700// completed successfully, using client certificate. The second connection is
701// expected to succeed through the session cache.
702TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
703 scoped_refptr<X509Certificate> client_cert =
704 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]705 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
706 kClientCertFileName, kClientPrivateKeyFileName));
707 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
708 ASSERT_NO_FATAL_FAILURE(CreateContext());
709 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]710
711 TestCompletionCallback handshake_callback;
712 int server_ret = server_socket_->Handshake(handshake_callback.callback());
713
714 TestCompletionCallback connect_callback;
715 int client_ret = client_socket_->Connect(connect_callback.callback());
716
717 client_ret = connect_callback.GetResult(client_ret);
718 server_ret = handshake_callback.GetResult(server_ret);
719
robpercival214763f2016-07-01 23:27:01[diff] [blame]720 ASSERT_THAT(client_ret, IsOk());
721 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]722
723 // Make sure the cert status is expected.
724 SSLInfo ssl_info;
725 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
726 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
727 SSLInfo ssl_server_info;
728 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
729 ASSERT_TRUE(ssl_server_info.cert.get());
730 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
731 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
732 server_socket_->Disconnect();
733 client_socket_->Disconnect();
734
735 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]736 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]737 TestCompletionCallback handshake_callback2;
738 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
739
740 TestCompletionCallback connect_callback2;
741 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
742
743 client_ret2 = connect_callback2.GetResult(client_ret2);
744 server_ret2 = handshake_callback2.GetResult(server_ret2);
745
robpercival214763f2016-07-01 23:27:01[diff] [blame]746 ASSERT_THAT(client_ret2, IsOk());
747 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]748
749 // Make sure the cert status is expected.
750 SSLInfo ssl_info2;
751 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
752 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
753 SSLInfo ssl_server_info2;
754 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
755 ASSERT_TRUE(ssl_server_info2.cert.get());
756 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
757 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
758}
759
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]760TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]761 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
762 ASSERT_NO_FATAL_FAILURE(CreateContext());
763 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]764 // Use the default setting for the client socket, which is to not send
765 // a client certificate. This will cause the client to receive an
766 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
767 // requested cert_authorities from the CertificateRequest sent by the
768 // server.
769
770 TestCompletionCallback handshake_callback;
771 int server_ret = server_socket_->Handshake(handshake_callback.callback());
772
773 TestCompletionCallback connect_callback;
774 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
775 connect_callback.GetResult(
776 client_socket_->Connect(connect_callback.callback())));
777
778 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
779 client_socket_->GetSSLCertRequestInfo(request_info.get());
780
781 // Check that the authority name that arrived in the CertificateRequest
782 // handshake message is as expected.
783 scoped_refptr<X509Certificate> client_cert =
784 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]785 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]786 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
787
788 client_socket_->Disconnect();
789
robpercival214763f2016-07-01 23:27:01[diff] [blame]790 EXPECT_THAT(handshake_callback.GetResult(server_ret), IsError(ERR_FAILED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]791}
792
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]793TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]794 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
795 ASSERT_NO_FATAL_FAILURE(CreateContext());
796 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]797 // Use the default setting for the client socket, which is to not send
798 // a client certificate. This will cause the client to receive an
799 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
800 // requested cert_authorities from the CertificateRequest sent by the
801 // server.
802
803 TestCompletionCallback handshake_callback;
804 int server_ret = server_socket_->Handshake(handshake_callback.callback());
805
806 TestCompletionCallback connect_callback;
807 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
808 connect_callback.GetResult(
809 client_socket_->Connect(connect_callback.callback())));
810
811 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
812 client_socket_->GetSSLCertRequestInfo(request_info.get());
813
814 // Check that the authority name that arrived in the CertificateRequest
815 // handshake message is as expected.
816 scoped_refptr<X509Certificate> client_cert =
817 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]818 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]819 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
820
821 client_socket_->Disconnect();
822
robpercival214763f2016-07-01 23:27:01[diff] [blame]823 EXPECT_THAT(handshake_callback.GetResult(server_ret), IsError(ERR_FAILED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]824 server_socket_->Disconnect();
825
826 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]827 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]828 TestCompletionCallback handshake_callback2;
829 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
830
831 TestCompletionCallback connect_callback2;
832 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
833 connect_callback2.GetResult(
834 client_socket_->Connect(connect_callback2.callback())));
835
836 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
837 client_socket_->GetSSLCertRequestInfo(request_info2.get());
838
839 // Check that the authority name that arrived in the CertificateRequest
840 // handshake message is as expected.
841 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
842
843 client_socket_->Disconnect();
844
robpercival214763f2016-07-01 23:27:01[diff] [blame]845 EXPECT_THAT(handshake_callback2.GetResult(server_ret2), IsError(ERR_FAILED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]846}
847
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]848TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
849 scoped_refptr<X509Certificate> client_cert =
850 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]851 ASSERT_TRUE(client_cert);
852
853 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
854 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
855 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
856 ASSERT_NO_FATAL_FAILURE(CreateContext());
857 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]858
859 TestCompletionCallback handshake_callback;
860 int server_ret = server_socket_->Handshake(handshake_callback.callback());
861
862 TestCompletionCallback connect_callback;
863 int client_ret = client_socket_->Connect(connect_callback.callback());
864
865 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
866 connect_callback.GetResult(client_ret));
867 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
868 handshake_callback.GetResult(server_ret));
869}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]870
871TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
872 scoped_refptr<X509Certificate> client_cert =
873 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]874 ASSERT_TRUE(client_cert);
875
876 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
877 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
878 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
879 ASSERT_NO_FATAL_FAILURE(CreateContext());
880 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]881
882 TestCompletionCallback handshake_callback;
883 int server_ret = server_socket_->Handshake(handshake_callback.callback());
884
885 TestCompletionCallback connect_callback;
886 int client_ret = client_socket_->Connect(connect_callback.callback());
887
888 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
889 connect_callback.GetResult(client_ret));
890 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
891 handshake_callback.GetResult(server_ret));
892
893 client_socket_->Disconnect();
894 server_socket_->Disconnect();
895
896 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]897 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]898 TestCompletionCallback handshake_callback2;
899 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
900
901 TestCompletionCallback connect_callback2;
902 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
903
904 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
905 connect_callback2.GetResult(client_ret2));
906 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
907 handshake_callback2.GetResult(server_ret2));
908}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]909
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]910TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]911 ASSERT_NO_FATAL_FAILURE(CreateContext());
912 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]913
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]914 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]915 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]916 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]917 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]918
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]919 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]920 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]921 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]922
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]923 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]924 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]925 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]926 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]927
928 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]929 scoped_refptr<StringIOBuffer> write_buf =
930 new StringIOBuffer("testing123");
931 scoped_refptr<DrainableIOBuffer> read_buf =
932 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]933
934 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]935 TestCompletionCallback write_callback;
936 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]937 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
938 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]939 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]940 client_ret = client_socket_->Read(
941 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]942 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]943
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]944 server_ret = write_callback.GetResult(server_ret);
945 EXPECT_GT(server_ret, 0);
946 client_ret = read_callback.GetResult(client_ret);
947 ASSERT_GT(client_ret, 0);
948
949 read_buf->DidConsume(client_ret);
950 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]951 client_ret = client_socket_->Read(
952 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]953 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]954 client_ret = read_callback.GetResult(client_ret);
955 ASSERT_GT(client_ret, 0);
956 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]957 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]958 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
959 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]960 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
961
962 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]963 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]964 server_ret = server_socket_->Read(
965 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]966 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]967 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
968 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]969 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]970
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]971 server_ret = read_callback.GetResult(server_ret);
972 ASSERT_GT(server_ret, 0);
973 client_ret = write_callback.GetResult(client_ret);
974 EXPECT_GT(client_ret, 0);
975
976 read_buf->DidConsume(server_ret);
977 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]978 server_ret = server_socket_->Read(
979 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]980 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]981 server_ret = read_callback.GetResult(server_ret);
982 ASSERT_GT(server_ret, 0);
983 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]984 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]985 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
986 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]987 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
988}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]989
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]990// A regression test for bug 127822 (http://crbug.com/127822).
991// If the server closes the connection after the handshake is finished,
992// the client's Write() call should not cause an infinite loop.
993// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]994TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]995 ASSERT_NO_FATAL_FAILURE(CreateContext());
996 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]997
998 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]999 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1000 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1001 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1002
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1003 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1004 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1005 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1006
1007 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1008 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1009 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1010 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1011
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1012 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1013
1014 // The server closes the connection. The server needs to write some
1015 // data first so that the client's Read() calls from the transport
1016 // socket won't return ERR_IO_PENDING. This ensures that the client
1017 // will call Read() on the transport socket again.
1018 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1019 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
1020 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1021 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1022
1023 server_ret = write_callback.GetResult(server_ret);
1024 EXPECT_GT(server_ret, 0);
1025
1026 server_socket_->Disconnect();
1027
1028 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1029 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
1030 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1031 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1032
1033 client_ret = write_callback.GetResult(client_ret);
1034 EXPECT_GT(client_ret, 0);
1035
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1036 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]1037 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1038 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1039 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1040}
1041
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1042// This test executes ExportKeyingMaterial() on the client and server sockets,
1043// after connecting them, and verifies that the results match.
1044// This test will fail if False Start is enabled (see crbug.com/90208).
1045TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1046 ASSERT_NO_FATAL_FAILURE(CreateContext());
1047 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1048
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1049 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1050 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1051 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1052
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1053 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1054 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1055 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1056
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1057 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1058 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1059 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1060 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1061 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1062 }
1063
1064 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1065 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1066 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1067 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1068 int rv = server_socket_->ExportKeyingMaterial(
1069 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1070 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1071
1072 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1073 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1074 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1075 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1076 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1077
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1078 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1079 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1080 rv = client_socket_->ExportKeyingMaterial(
1081 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1082 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1083 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1084}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1085
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1086// Verifies that SSLConfig::require_ecdhe flags works properly.
1087TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1088 // Disable all ECDHE suites on the client side.
1089 uint16_t kEcdheCiphers[] = {
1090 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1091 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1092 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1093 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1094 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1095 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1096 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1097 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1098 0xcc13, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1099 0xcc14, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1100 };
1101 client_ssl_config_.disabled_cipher_suites.assign(
1102 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1103
1104 // Require ECDHE on the server.
1105 server_ssl_config_.require_ecdhe = true;
1106
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1107 ASSERT_NO_FATAL_FAILURE(CreateContext());
1108 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1109
1110 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1111 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1112
1113 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1114 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1115
1116 client_ret = connect_callback.GetResult(client_ret);
1117 server_ret = handshake_callback.GetResult(server_ret);
1118
robpercival214763f2016-07-01 23:27:01[diff] [blame]1119 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1120 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1121}
1122
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1123} // namespace net