Google Git
Sign in
chromium / chromium / src.git / d80c12cc3341c364f67c04b1a6153a1ee34be25d / . / net / socket / ssl_server_socket_unittest.cc
blob: 82c8f35171a583b302dd28c63d06274a33206309 [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]20#include <queue>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]21#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]22
svaldez2135be52016-04-20 16:34:53[diff] [blame]23#include <openssl/evp.h>
24#include <openssl/ssl.h>
25#include <openssl/x509.h>
26
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]27#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]28#include "base/compiler_specific.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]29#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]30#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]31#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]32#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]33#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]34#include "base/message_loop/message_loop.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]35#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]36#include "base/single_thread_task_runner.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]37#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]38#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]39#include "crypto/nss_util.h"
40#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]41#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]42#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]43#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/host_port_pair.h"
45#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]46#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]47#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]48#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]50#include "net/cert/ct_policy_enforcer.h"
51#include "net/cert/ct_policy_status.h"
52#include "net/cert/ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]53#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]54#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]55#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]56#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]57#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]58#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]59#include "net/socket/client_socket_factory.h"
60#include "net/socket/socket_test_util.h"
61#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]62#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]64#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]65#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]66#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]67#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]68#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]69#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]70#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]71#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]72#include "net/test/test_data_directory.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]73#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]74#include "testing/gtest/include/gtest/gtest.h"
75#include "testing/platform_test.h"
76
robpercival214763f2016-07-01 23:27:01[diff] [blame]77using net::test::IsError;
78using net::test::IsOk;
79
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]80namespace net {
81
82namespace {
83
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]84const char kClientCertFileName[] = "client_1.pem";
85const char kClientPrivateKeyFileName[] = "client_1.pk8";
86const char kWrongClientCertFileName[] = "client_2.pem";
87const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
88const char kClientCertCAFileName[] = "client_1_ca.pem";
89
rsleevid6de8302016-06-21 01:33:20[diff] [blame]90class MockCTVerifier : public CTVerifier {
91 public:
92 MockCTVerifier() = default;
93 ~MockCTVerifier() override = default;
94
95 int Verify(X509Certificate* cert,
96 const std::string& stapled_ocsp_response,
97 const std::string& sct_list_from_tls_extension,
eranmdcec9632016-10-10 14:16:10[diff] [blame]98 SignedCertificateTimestampAndStatusList* output_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]99 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]100 return net::OK;
101 }
102
103 void SetObserver(Observer* observer) override {}
104};
105
106class MockCTPolicyEnforcer : public CTPolicyEnforcer {
107 public:
108 MockCTPolicyEnforcer() = default;
109 ~MockCTPolicyEnforcer() override = default;
110 ct::CertPolicyCompliance DoesConformToCertPolicy(
111 X509Certificate* cert,
112 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]113 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]114 return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
115 }
116
117 ct::EVPolicyCompliance DoesConformToCTEVPolicy(
118 X509Certificate* cert,
119 const ct::EVCertsWhitelist* ev_whitelist,
120 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]121 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]122 return ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS;
123 }
124};
125
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]126class FakeDataChannel {
127 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]128 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]129 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]130 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]131 write_called_after_close_(false),
132 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]133 }
134
[email protected]47a12862012-04-10 01:00:49[diff] [blame]135 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]136 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]137 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]138 if (closed_)
139 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]140 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]141 read_callback_ = callback;
142 read_buf_ = buf;
143 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]144 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]145 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]146 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]147 }
148
[email protected]47a12862012-04-10 01:00:49[diff] [blame]149 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]150 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]151 if (closed_) {
152 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]153 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]154 write_called_after_close_ = true;
155 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]156 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]157 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
158 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]159 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]160 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]161 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]162 data_.push(new DrainableIOBuffer(
163 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]164 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]165 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]166 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
167 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]168 return buf_len;
169 }
170
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]171 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
172 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
173 // after the FakeDataChannel is closed, the first Write() call completes
174 // asynchronously, which is necessary to reproduce bug 127822.
175 void Close() {
176 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]177 if (!read_callback_.is_null()) {
178 base::ThreadTaskRunnerHandle::Get()->PostTask(
179 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
180 weak_factory_.GetWeakPtr()));
181 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]182 }
183
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]184 private:
185 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]186 if (read_callback_.is_null())
187 return;
188
189 if (closed_) {
190 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
191 return;
192 }
193
194 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]195 return;
196
tfarina9b6381442015-10-05 22:38:11[diff] [blame]197 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]198 CompletionCallback callback = read_callback_;
199 read_callback_.Reset();
200 read_buf_ = NULL;
201 read_buf_len_ = 0;
202 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]203 }
204
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]205 void DoWriteCallback() {
206 if (write_callback_.is_null())
207 return;
208
209 CompletionCallback callback = write_callback_;
210 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]211 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]212 }
213
tfarina9b6381442015-10-05 22:38:11[diff] [blame]214 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]215 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]216 int copied = std::min(buf->BytesRemaining(), read_buf_len);
217 memcpy(read_buf->data(), buf->data(), copied);
218 buf->DidConsume(copied);
219
220 if (!buf->BytesRemaining())
221 data_.pop();
222 return copied;
223 }
224
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]225 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]226 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]227 int read_buf_len_;
228
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]229 CompletionCallback write_callback_;
230
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]231 std::queue<scoped_refptr<DrainableIOBuffer> > data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]232
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]233 // True if Close() has been called.
234 bool closed_;
235
236 // Controls the completion of Write() after the FakeDataChannel is closed.
237 // After the FakeDataChannel is closed, the first Write() call completes
238 // asynchronously.
239 bool write_called_after_close_;
240
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]241 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
242
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]243 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
244};
245
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]246class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]247 public:
248 FakeSocket(FakeDataChannel* incoming_channel,
249 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]250 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]251
dchengb03027d2014-10-21 12:00:20[diff] [blame]252 ~FakeSocket() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]253
dchengb03027d2014-10-21 12:00:20[diff] [blame]254 int Read(IOBuffer* buf,
255 int buf_len,
256 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]257 // Read random number of bytes.
258 buf_len = rand() % buf_len + 1;
259 return incoming_->Read(buf, buf_len, callback);
260 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]261
dchengb03027d2014-10-21 12:00:20[diff] [blame]262 int Write(IOBuffer* buf,
263 int buf_len,
264 const CompletionCallback& callback) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]265 // Write random number of bytes.
266 buf_len = rand() % buf_len + 1;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]267 return outgoing_->Write(buf, buf_len, callback);
268 }
269
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]270 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]271
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]272 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]273
dchengb03027d2014-10-21 12:00:20[diff] [blame]274 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]275
dchengb03027d2014-10-21 12:00:20[diff] [blame]276 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]277 incoming_->Close();
278 outgoing_->Close();
279 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]280
dchengb03027d2014-10-21 12:00:20[diff] [blame]281 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]282
dchengb03027d2014-10-21 12:00:20[diff] [blame]283 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]284
dchengb03027d2014-10-21 12:00:20[diff] [blame]285 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]286 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]287 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]288 }
289
dchengb03027d2014-10-21 12:00:20[diff] [blame]290 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]291 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]292 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]293 }
294
tfarina428341112016-09-22 13:38:20[diff] [blame]295 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]296
dchengb03027d2014-10-21 12:00:20[diff] [blame]297 void SetSubresourceSpeculation() override {}
298 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]299
dchengb03027d2014-10-21 12:00:20[diff] [blame]300 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]301
dchengb03027d2014-10-21 12:00:20[diff] [blame]302 bool WasNpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]303
dchengb03027d2014-10-21 12:00:20[diff] [blame]304 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]305
dchengb03027d2014-10-21 12:00:20[diff] [blame]306 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]307
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]308 void GetConnectionAttempts(ConnectionAttempts* out) const override {
309 out->clear();
310 }
311
312 void ClearConnectionAttempts() override {}
313
314 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
315
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]316 int64_t GetTotalReceivedBytes() const override {
317 NOTIMPLEMENTED();
318 return 0;
319 }
320
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]321 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]322 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]323 FakeDataChannel* incoming_;
324 FakeDataChannel* outgoing_;
325
326 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
327};
328
329} // namespace
330
331// Verify the correctness of the test helper classes first.
332TEST(FakeSocketTest, DataTransfer) {
333 // Establish channels between two sockets.
334 FakeDataChannel channel_1;
335 FakeDataChannel channel_2;
336 FakeSocket client(&channel_1, &channel_2);
337 FakeSocket server(&channel_2, &channel_1);
338
339 const char kTestData[] = "testing123";
340 const int kTestDataSize = strlen(kTestData);
341 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]342 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
343 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]344
345 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]346 int written =
347 server.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]348 EXPECT_GT(written, 0);
349 EXPECT_LE(written, kTestDataSize);
350
[email protected]90499482013-06-01 00:39:50[diff] [blame]351 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]352 EXPECT_GT(read, 0);
353 EXPECT_LE(read, written);
354 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]355
356 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]357 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]358 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]359 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]360
[email protected]90499482013-06-01 00:39:50[diff] [blame]361 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]362 EXPECT_GT(written, 0);
363 EXPECT_LE(written, kTestDataSize);
364
365 read = callback.WaitForResult();
366 EXPECT_GT(read, 0);
367 EXPECT_LE(read, written);
368 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]369}
370
371class SSLServerSocketTest : public PlatformTest {
372 public:
373 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]374 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]375 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]376 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]377 transport_security_state_(new TransportSecurityState),
378 ct_verifier_(new MockCTVerifier),
379 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]380
381 void SetUp() override {
382 PlatformTest::SetUp();
383
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]384 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
385 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]386
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]387 server_cert_ =
388 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]389 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]390 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]391 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]392
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]393 client_ssl_config_.false_start_enabled = false;
394 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]395
396 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]397 client_ssl_config_.allowed_bad_certs.emplace_back(
398 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]399 }
400
401 protected:
402 void CreateContext() {
403 client_socket_.reset();
404 server_socket_.reset();
405 channel_1_.reset();
406 channel_2_.reset();
407 server_context_.reset();
408 server_context_ = CreateSSLServerContext(
409 server_cert_.get(), *server_private_key_, server_ssl_config_);
410 }
411
412 void CreateSockets() {
413 client_socket_.reset();
414 server_socket_.reset();
415 channel_1_.reset(new FakeDataChannel());
416 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]417 std::unique_ptr<ClientSocketHandle> client_connection(
418 new ClientSocketHandle);
419 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]420 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]421 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]422 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]423
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]424 HostPortPair host_and_pair("unittest", 0);
425 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]426 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]427 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]428 context.cert_transparency_verifier = ct_verifier_.get();
429 context.ct_policy_enforcer = ct_policy_enforcer_.get();
rsleevia5c430222016-03-11 05:55:12[diff] [blame]430
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]431 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]432 std::move(client_connection), host_and_pair, client_ssl_config_,
433 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]434 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]435
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]436 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]437 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]438 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]439 }
440
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]441 void ConfigureClientCertsForClient(const char* cert_file_name,
442 const char* private_key_file_name) {
443 client_ssl_config_.send_client_cert = true;
444 client_ssl_config_.client_cert =
445 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
446 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]447
danakj655b66c2016-04-16 00:51:38[diff] [blame]448 std::unique_ptr<crypto::RSAPrivateKey> key =
449 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]450 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]451
agl5a7cadf2016-07-13 16:52:53[diff] [blame]452 EVP_PKEY_up_ref(key->key());
453 client_ssl_config_.client_private_key =
davidbend80c12c2016-10-11 00:13:49[diff] [blame^]454 WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY>(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]455 }
456
457 void ConfigureClientCertsForServer() {
458 server_ssl_config_.client_cert_type =
459 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
460
davidbend80c12c2016-10-11 00:13:49[diff] [blame^]461 bssl::UniquePtr<STACK_OF(X509_NAME)> cert_names(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]462 SSL_load_client_CA_file(GetTestCertsDirectory()
463 .AppendASCII(kClientCertCAFileName)
464 .MaybeAsASCII()
465 .c_str()));
466 ASSERT_TRUE(cert_names);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]467
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]468 for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
469 uint8_t* str = nullptr;
470 int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]471 ASSERT_LT(0, length);
472
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]473 server_ssl_config_.cert_authorities_.push_back(std::string(
474 reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
475 OPENSSL_free(str);
476 }
477
478 scoped_refptr<X509Certificate> expected_client_cert(
479 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]480 ASSERT_TRUE(expected_client_cert);
481
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]482 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
483
484 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
485 }
486
danakj655b66c2016-04-16 00:51:38[diff] [blame]487 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
488 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]489 base::FilePath certs_dir(GetTestCertsDirectory());
490 base::FilePath key_path = certs_dir.AppendASCII(name);
491 std::string key_string;
492 if (!base::ReadFileToString(key_path, &key_string))
493 return nullptr;
494 std::vector<uint8_t> key_vector(
495 reinterpret_cast<const uint8_t*>(key_string.data()),
496 reinterpret_cast<const uint8_t*>(key_string.data() +
497 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]498 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]499 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
500 return key;
501 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]502
danakj655b66c2016-04-16 00:51:38[diff] [blame]503 std::unique_ptr<FakeDataChannel> channel_1_;
504 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]505 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]506 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]507 std::unique_ptr<SSLClientSocket> client_socket_;
508 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]509 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]510 std::unique_ptr<MockCertVerifier> cert_verifier_;
511 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
512 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]513 std::unique_ptr<MockCTVerifier> ct_verifier_;
514 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]515 std::unique_ptr<SSLServerContext> server_context_;
516 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]517 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]518};
519
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]520// This test only executes creation of client and server sockets. This is to
521// test that creation of sockets doesn't crash and have minimal code to run
522// under valgrind in order to help debugging memory problems.
523TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]524 ASSERT_NO_FATAL_FAILURE(CreateContext());
525 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]526}
527
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]528// This test executes Connect() on SSLClientSocket and Handshake() on
529// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]530// completed successfully.
531TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]532 ASSERT_NO_FATAL_FAILURE(CreateContext());
533 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]534
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]535 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]536 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]537
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]538 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]539 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]540
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]541 client_ret = connect_callback.GetResult(client_ret);
542 server_ret = handshake_callback.GetResult(server_ret);
543
robpercival214763f2016-07-01 23:27:01[diff] [blame]544 ASSERT_THAT(client_ret, IsOk());
545 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]546
547 // Make sure the cert status is expected.
548 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]549 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]550 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]551
552 // The default cipher suite should be ECDHE and, unless on NSS and the
553 // platform doesn't support it, an AEAD.
554 uint16_t cipher_suite =
555 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
556 const char* key_exchange;
557 const char* cipher;
558 const char* mac;
559 bool is_aead;
560 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, cipher_suite);
561 EXPECT_STREQ("ECDHE_RSA", key_exchange);
davidben6cacd572015-09-29 22:24:10[diff] [blame]562 EXPECT_TRUE(is_aead);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]563}
564
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]565// This test makes sure the session cache is working.
566TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]567 ASSERT_NO_FATAL_FAILURE(CreateContext());
568 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]569
570 TestCompletionCallback handshake_callback;
571 int server_ret = server_socket_->Handshake(handshake_callback.callback());
572
573 TestCompletionCallback connect_callback;
574 int client_ret = client_socket_->Connect(connect_callback.callback());
575
576 client_ret = connect_callback.GetResult(client_ret);
577 server_ret = handshake_callback.GetResult(server_ret);
578
robpercival214763f2016-07-01 23:27:01[diff] [blame]579 ASSERT_THAT(client_ret, IsOk());
580 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]581
582 // Make sure the cert status is expected.
583 SSLInfo ssl_info;
584 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
585 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
586 SSLInfo ssl_server_info;
587 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
588 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
589
590 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]591 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]592 TestCompletionCallback handshake_callback2;
593 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
594
595 TestCompletionCallback connect_callback2;
596 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
597
598 client_ret2 = connect_callback2.GetResult(client_ret2);
599 server_ret2 = handshake_callback2.GetResult(server_ret2);
600
robpercival214763f2016-07-01 23:27:01[diff] [blame]601 ASSERT_THAT(client_ret2, IsOk());
602 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]603
604 // Make sure the cert status is expected.
605 SSLInfo ssl_info2;
606 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
607 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
608 SSLInfo ssl_server_info2;
609 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
610 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
611}
612
613// This test makes sure the session cache separates out by server context.
614TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]615 ASSERT_NO_FATAL_FAILURE(CreateContext());
616 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]617
618 TestCompletionCallback handshake_callback;
619 int server_ret = server_socket_->Handshake(handshake_callback.callback());
620
621 TestCompletionCallback connect_callback;
622 int client_ret = client_socket_->Connect(connect_callback.callback());
623
624 client_ret = connect_callback.GetResult(client_ret);
625 server_ret = handshake_callback.GetResult(server_ret);
626
robpercival214763f2016-07-01 23:27:01[diff] [blame]627 ASSERT_THAT(client_ret, IsOk());
628 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]629
630 // Make sure the cert status is expected.
631 SSLInfo ssl_info;
632 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
633 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
634 SSLInfo ssl_server_info;
635 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
636 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
637
638 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]639 ASSERT_NO_FATAL_FAILURE(CreateContext());
640 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]641
642 TestCompletionCallback handshake_callback2;
643 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
644
645 TestCompletionCallback connect_callback2;
646 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
647
648 client_ret2 = connect_callback2.GetResult(client_ret2);
649 server_ret2 = handshake_callback2.GetResult(server_ret2);
650
robpercival214763f2016-07-01 23:27:01[diff] [blame]651 ASSERT_THAT(client_ret2, IsOk());
652 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]653
654 // Make sure the cert status is expected.
655 SSLInfo ssl_info2;
656 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
657 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
658 SSLInfo ssl_server_info2;
659 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
660 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
661}
662
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]663// This test executes Connect() on SSLClientSocket and Handshake() on
664// SSLServerSocket to make sure handshaking between the two sockets is
665// completed successfully, using client certificate.
666TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
667 scoped_refptr<X509Certificate> client_cert =
668 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]669 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
670 kClientCertFileName, kClientPrivateKeyFileName));
671 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
672 ASSERT_NO_FATAL_FAILURE(CreateContext());
673 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]674
675 TestCompletionCallback handshake_callback;
676 int server_ret = server_socket_->Handshake(handshake_callback.callback());
677
678 TestCompletionCallback connect_callback;
679 int client_ret = client_socket_->Connect(connect_callback.callback());
680
681 client_ret = connect_callback.GetResult(client_ret);
682 server_ret = handshake_callback.GetResult(server_ret);
683
robpercival214763f2016-07-01 23:27:01[diff] [blame]684 ASSERT_THAT(client_ret, IsOk());
685 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]686
687 // Make sure the cert status is expected.
688 SSLInfo ssl_info;
689 client_socket_->GetSSLInfo(&ssl_info);
690 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
691 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]692 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]693 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
694}
695
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]696// This test executes Connect() on SSLClientSocket and Handshake() twice on
697// SSLServerSocket to make sure handshaking between the two sockets is
698// completed successfully, using client certificate. The second connection is
699// expected to succeed through the session cache.
700TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
701 scoped_refptr<X509Certificate> client_cert =
702 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]703 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
704 kClientCertFileName, kClientPrivateKeyFileName));
705 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
706 ASSERT_NO_FATAL_FAILURE(CreateContext());
707 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]708
709 TestCompletionCallback handshake_callback;
710 int server_ret = server_socket_->Handshake(handshake_callback.callback());
711
712 TestCompletionCallback connect_callback;
713 int client_ret = client_socket_->Connect(connect_callback.callback());
714
715 client_ret = connect_callback.GetResult(client_ret);
716 server_ret = handshake_callback.GetResult(server_ret);
717
robpercival214763f2016-07-01 23:27:01[diff] [blame]718 ASSERT_THAT(client_ret, IsOk());
719 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]720
721 // Make sure the cert status is expected.
722 SSLInfo ssl_info;
723 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
724 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
725 SSLInfo ssl_server_info;
726 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
727 ASSERT_TRUE(ssl_server_info.cert.get());
728 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
729 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
730 server_socket_->Disconnect();
731 client_socket_->Disconnect();
732
733 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]734 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]735 TestCompletionCallback handshake_callback2;
736 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
737
738 TestCompletionCallback connect_callback2;
739 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
740
741 client_ret2 = connect_callback2.GetResult(client_ret2);
742 server_ret2 = handshake_callback2.GetResult(server_ret2);
743
robpercival214763f2016-07-01 23:27:01[diff] [blame]744 ASSERT_THAT(client_ret2, IsOk());
745 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]746
747 // Make sure the cert status is expected.
748 SSLInfo ssl_info2;
749 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
750 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
751 SSLInfo ssl_server_info2;
752 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
753 ASSERT_TRUE(ssl_server_info2.cert.get());
754 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
755 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
756}
757
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]758TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]759 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
760 ASSERT_NO_FATAL_FAILURE(CreateContext());
761 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]762 // Use the default setting for the client socket, which is to not send
763 // a client certificate. This will cause the client to receive an
764 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
765 // requested cert_authorities from the CertificateRequest sent by the
766 // server.
767
768 TestCompletionCallback handshake_callback;
769 int server_ret = server_socket_->Handshake(handshake_callback.callback());
770
771 TestCompletionCallback connect_callback;
772 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
773 connect_callback.GetResult(
774 client_socket_->Connect(connect_callback.callback())));
775
776 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
777 client_socket_->GetSSLCertRequestInfo(request_info.get());
778
779 // Check that the authority name that arrived in the CertificateRequest
780 // handshake message is as expected.
781 scoped_refptr<X509Certificate> client_cert =
782 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]783 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]784 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
785
786 client_socket_->Disconnect();
787
robpercival214763f2016-07-01 23:27:01[diff] [blame]788 EXPECT_THAT(handshake_callback.GetResult(server_ret), IsError(ERR_FAILED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]789}
790
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]791TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]792 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
793 ASSERT_NO_FATAL_FAILURE(CreateContext());
794 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]795 // Use the default setting for the client socket, which is to not send
796 // a client certificate. This will cause the client to receive an
797 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
798 // requested cert_authorities from the CertificateRequest sent by the
799 // server.
800
801 TestCompletionCallback handshake_callback;
802 int server_ret = server_socket_->Handshake(handshake_callback.callback());
803
804 TestCompletionCallback connect_callback;
805 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
806 connect_callback.GetResult(
807 client_socket_->Connect(connect_callback.callback())));
808
809 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
810 client_socket_->GetSSLCertRequestInfo(request_info.get());
811
812 // Check that the authority name that arrived in the CertificateRequest
813 // handshake message is as expected.
814 scoped_refptr<X509Certificate> client_cert =
815 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]816 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]817 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
818
819 client_socket_->Disconnect();
820
robpercival214763f2016-07-01 23:27:01[diff] [blame]821 EXPECT_THAT(handshake_callback.GetResult(server_ret), IsError(ERR_FAILED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]822 server_socket_->Disconnect();
823
824 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]825 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]826 TestCompletionCallback handshake_callback2;
827 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
828
829 TestCompletionCallback connect_callback2;
830 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
831 connect_callback2.GetResult(
832 client_socket_->Connect(connect_callback2.callback())));
833
834 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
835 client_socket_->GetSSLCertRequestInfo(request_info2.get());
836
837 // Check that the authority name that arrived in the CertificateRequest
838 // handshake message is as expected.
839 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
840
841 client_socket_->Disconnect();
842
robpercival214763f2016-07-01 23:27:01[diff] [blame]843 EXPECT_THAT(handshake_callback2.GetResult(server_ret2), IsError(ERR_FAILED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]844}
845
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]846TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
847 scoped_refptr<X509Certificate> client_cert =
848 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]849 ASSERT_TRUE(client_cert);
850
851 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
852 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
853 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
854 ASSERT_NO_FATAL_FAILURE(CreateContext());
855 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]856
857 TestCompletionCallback handshake_callback;
858 int server_ret = server_socket_->Handshake(handshake_callback.callback());
859
860 TestCompletionCallback connect_callback;
861 int client_ret = client_socket_->Connect(connect_callback.callback());
862
863 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
864 connect_callback.GetResult(client_ret));
865 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
866 handshake_callback.GetResult(server_ret));
867}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]868
869TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
870 scoped_refptr<X509Certificate> client_cert =
871 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]872 ASSERT_TRUE(client_cert);
873
874 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
875 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
876 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
877 ASSERT_NO_FATAL_FAILURE(CreateContext());
878 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]879
880 TestCompletionCallback handshake_callback;
881 int server_ret = server_socket_->Handshake(handshake_callback.callback());
882
883 TestCompletionCallback connect_callback;
884 int client_ret = client_socket_->Connect(connect_callback.callback());
885
886 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
887 connect_callback.GetResult(client_ret));
888 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
889 handshake_callback.GetResult(server_ret));
890
891 client_socket_->Disconnect();
892 server_socket_->Disconnect();
893
894 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]895 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]896 TestCompletionCallback handshake_callback2;
897 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
898
899 TestCompletionCallback connect_callback2;
900 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
901
902 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
903 connect_callback2.GetResult(client_ret2));
904 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
905 handshake_callback2.GetResult(server_ret2));
906}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]907
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]908TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]909 ASSERT_NO_FATAL_FAILURE(CreateContext());
910 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]911
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]912 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]913 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]914 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]915 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]916
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]917 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]918 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]919 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]920
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]921 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]922 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]923 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]924 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]925
926 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]927 scoped_refptr<StringIOBuffer> write_buf =
928 new StringIOBuffer("testing123");
929 scoped_refptr<DrainableIOBuffer> read_buf =
930 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]931
932 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]933 TestCompletionCallback write_callback;
934 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]935 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
936 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]937 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]938 client_ret = client_socket_->Read(
939 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]940 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]941
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]942 server_ret = write_callback.GetResult(server_ret);
943 EXPECT_GT(server_ret, 0);
944 client_ret = read_callback.GetResult(client_ret);
945 ASSERT_GT(client_ret, 0);
946
947 read_buf->DidConsume(client_ret);
948 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]949 client_ret = client_socket_->Read(
950 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]951 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]952 client_ret = read_callback.GetResult(client_ret);
953 ASSERT_GT(client_ret, 0);
954 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]955 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]956 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
957 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]958 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
959
960 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]961 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]962 server_ret = server_socket_->Read(
963 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]964 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]965 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
966 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]967 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]968
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]969 server_ret = read_callback.GetResult(server_ret);
970 ASSERT_GT(server_ret, 0);
971 client_ret = write_callback.GetResult(client_ret);
972 EXPECT_GT(client_ret, 0);
973
974 read_buf->DidConsume(server_ret);
975 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]976 server_ret = server_socket_->Read(
977 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]978 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]979 server_ret = read_callback.GetResult(server_ret);
980 ASSERT_GT(server_ret, 0);
981 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]982 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]983 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
984 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]985 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
986}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]987
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]988// A regression test for bug 127822 (http://crbug.com/127822).
989// If the server closes the connection after the handshake is finished,
990// the client's Write() call should not cause an infinite loop.
991// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]992TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]993 ASSERT_NO_FATAL_FAILURE(CreateContext());
994 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]995
996 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]997 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]998 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]999 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1000
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1001 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1002 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1003 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1004
1005 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1006 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1007 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1008 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1009
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1010 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1011
1012 // The server closes the connection. The server needs to write some
1013 // data first so that the client's Read() calls from the transport
1014 // socket won't return ERR_IO_PENDING. This ensures that the client
1015 // will call Read() on the transport socket again.
1016 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1017 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
1018 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1019 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1020
1021 server_ret = write_callback.GetResult(server_ret);
1022 EXPECT_GT(server_ret, 0);
1023
1024 server_socket_->Disconnect();
1025
1026 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1027 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
1028 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1029 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1030
1031 client_ret = write_callback.GetResult(client_ret);
1032 EXPECT_GT(client_ret, 0);
1033
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1034 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]1035 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1036 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1037 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1038}
1039
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1040// This test executes ExportKeyingMaterial() on the client and server sockets,
1041// after connecting them, and verifies that the results match.
1042// This test will fail if False Start is enabled (see crbug.com/90208).
1043TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1044 ASSERT_NO_FATAL_FAILURE(CreateContext());
1045 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1046
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1047 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1048 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1049 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1050
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1051 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1052 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1053 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1054
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1055 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1056 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1057 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1058 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1059 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1060 }
1061
1062 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1063 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1064 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1065 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1066 int rv = server_socket_->ExportKeyingMaterial(
1067 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1068 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1069
1070 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1071 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1072 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1073 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1074 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1075
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1076 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1077 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1078 rv = client_socket_->ExportKeyingMaterial(
1079 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1080 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1081 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1082}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1083
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1084// Verifies that SSLConfig::require_ecdhe flags works properly.
1085TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1086 // Disable all ECDHE suites on the client side.
1087 uint16_t kEcdheCiphers[] = {
1088 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1089 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1090 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1091 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1092 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1093 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1094 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1095 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1096 0xcc13, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1097 0xcc14, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1098 };
1099 client_ssl_config_.disabled_cipher_suites.assign(
1100 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1101
1102 // Require ECDHE on the server.
1103 server_ssl_config_.require_ecdhe = true;
1104
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1105 ASSERT_NO_FATAL_FAILURE(CreateContext());
1106 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1107
1108 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1109 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1110
1111 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1112 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1113
1114 client_ret = connect_callback.GetResult(client_ret);
1115 server_ret = handshake_callback.GetResult(server_ret);
1116
robpercival214763f2016-07-01 23:27:01[diff] [blame]1117 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1118 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1119}
1120
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1121} // namespace net