Google Git
Sign in
chromium / chromium / src.git / e8cb8aafd908216d655367275db40892d3ee0397 / . / net / socket / ssl_server_socket_unittest.cc
blob: fe9953da02aeffc3682afe99114f48f8cca28e97 [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:58[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]18#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]19#include <stdlib.h>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]20#include <queue>
dchengc7eeda422015-12-26 03:56:48[diff] [blame]21#include <utility>
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]22
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]23#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]24#include "base/compiler_specific.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]25#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:29[diff] [blame]26#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]27#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]28#include "base/logging.h"
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]29#include "base/macros.h"
[email protected]18b577412013-07-18 04:19:15[diff] [blame]30#include "base/message_loop/message_loop.h"
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]31#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]32#include "base/single_thread_task_runner.h"
gabf767595f2016-05-11 18:50:35[diff] [blame]33#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]34#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]35#include "crypto/nss_util.h"
36#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]37#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]38#include "net/base/address_list.h"
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]39#include "net/base/completion_callback.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]40#include "net/base/host_port_pair.h"
41#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:45[diff] [blame]42#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]43#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]44#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]45#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:20[diff] [blame]46#include "net/cert/ct_policy_enforcer.h"
47#include "net/cert/ct_policy_status.h"
48#include "net/cert/ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]49#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]50#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:10[diff] [blame]51#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]52#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]53#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:19[diff] [blame]54#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]55#include "net/socket/client_socket_factory.h"
56#include "net/socket/socket_test_util.h"
57#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]58#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]59#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]60#include "net/ssl/ssl_cipher_suite_names.h"
davidben9dd84872015-05-02 00:22:58[diff] [blame]61#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:57[diff] [blame]62#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]63#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]64#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]65#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:11[diff] [blame]66#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]67#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:43[diff] [blame]68#include "net/test/test_data_directory.h"
robpercival214763f2016-07-01 23:27:01[diff] [blame]69#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]70#include "testing/gtest/include/gtest/gtest.h"
71#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:01[diff] [blame^]72#include "third_party/boringssl/src/include/openssl/evp.h"
73#include "third_party/boringssl/src/include/openssl/ssl.h"
74#include "third_party/boringssl/src/include/openssl/x509.h"
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]75
robpercival214763f2016-07-01 23:27:01[diff] [blame]76using net::test::IsError;
77using net::test::IsOk;
78
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]79namespace net {
80
81namespace {
82
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]83const char kClientCertFileName[] = "client_1.pem";
84const char kClientPrivateKeyFileName[] = "client_1.pk8";
85const char kWrongClientCertFileName[] = "client_2.pem";
86const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
87const char kClientCertCAFileName[] = "client_1_ca.pem";
88
rsleevid6de8302016-06-21 01:33:20[diff] [blame]89class MockCTVerifier : public CTVerifier {
90 public:
91 MockCTVerifier() = default;
92 ~MockCTVerifier() override = default;
93
94 int Verify(X509Certificate* cert,
95 const std::string& stapled_ocsp_response,
96 const std::string& sct_list_from_tls_extension,
eranmdcec9632016-10-10 14:16:10[diff] [blame]97 SignedCertificateTimestampAndStatusList* output_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]98 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]99 return net::OK;
100 }
101
102 void SetObserver(Observer* observer) override {}
103};
104
105class MockCTPolicyEnforcer : public CTPolicyEnforcer {
106 public:
107 MockCTPolicyEnforcer() = default;
108 ~MockCTPolicyEnforcer() override = default;
109 ct::CertPolicyCompliance DoesConformToCertPolicy(
110 X509Certificate* cert,
111 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]112 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]113 return ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS;
114 }
115
116 ct::EVPolicyCompliance DoesConformToCTEVPolicy(
117 X509Certificate* cert,
118 const ct::EVCertsWhitelist* ev_whitelist,
119 const SCTList& verified_scts,
tfarina428341112016-09-22 13:38:20[diff] [blame]120 const NetLogWithSource& net_log) override {
rsleevid6de8302016-06-21 01:33:20[diff] [blame]121 return ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS;
122 }
123};
124
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]125class FakeDataChannel {
126 public:
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]127 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]128 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]129 closed_(false),
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]130 write_called_after_close_(false),
131 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]132 }
133
[email protected]47a12862012-04-10 01:00:49[diff] [blame]134 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]135 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09[diff] [blame]136 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]137 if (closed_)
138 return 0;
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]139 if (data_.empty()) {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]140 read_callback_ = callback;
141 read_buf_ = buf;
142 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]143 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]144 }
tfarina9b6381442015-10-05 22:38:11[diff] [blame]145 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]146 }
147
[email protected]47a12862012-04-10 01:00:49[diff] [blame]148 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) {
[email protected]4da82282014-07-16 18:40:43[diff] [blame]149 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]150 if (closed_) {
151 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]152 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]153 write_called_after_close_ = true;
154 write_callback_ = callback;
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]155 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]156 FROM_HERE, base::Bind(&FakeDataChannel::DoWriteCallback,
157 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]158 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]159 }
[email protected]4da82282014-07-16 18:40:43[diff] [blame]160 // This function returns synchronously, so make a copy of the buffer.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]161 data_.push(new DrainableIOBuffer(
162 new StringIOBuffer(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43[diff] [blame]163 buf_len));
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]164 base::ThreadTaskRunnerHandle::Get()->PostTask(
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]165 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
166 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]167 return buf_len;
168 }
169
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]170 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
171 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
172 // after the FakeDataChannel is closed, the first Write() call completes
173 // asynchronously, which is necessary to reproduce bug 127822.
174 void Close() {
175 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]176 if (!read_callback_.is_null()) {
177 base::ThreadTaskRunnerHandle::Get()->PostTask(
178 FROM_HERE, base::Bind(&FakeDataChannel::DoReadCallback,
179 weak_factory_.GetWeakPtr()));
180 }
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]181 }
182
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]183 private:
184 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]185 if (read_callback_.is_null())
186 return;
187
188 if (closed_) {
189 base::ResetAndReturn(&read_callback_).Run(ERR_CONNECTION_CLOSED);
190 return;
191 }
192
193 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]194 return;
195
tfarina9b6381442015-10-05 22:38:11[diff] [blame]196 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]197 CompletionCallback callback = read_callback_;
198 read_callback_.Reset();
199 read_buf_ = NULL;
200 read_buf_len_ = 0;
201 callback.Run(copied);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]202 }
203
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]204 void DoWriteCallback() {
205 if (write_callback_.is_null())
206 return;
207
208 CompletionCallback callback = write_callback_;
209 write_callback_.Reset();
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]210 callback.Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]211 }
212
tfarina9b6381442015-10-05 22:38:11[diff] [blame]213 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]214 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]215 int copied = std::min(buf->BytesRemaining(), read_buf_len);
216 memcpy(read_buf->data(), buf->data(), copied);
217 buf->DidConsume(copied);
218
219 if (!buf->BytesRemaining())
220 data_.pop();
221 return copied;
222 }
223
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]224 CompletionCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]225 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]226 int read_buf_len_;
227
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]228 CompletionCallback write_callback_;
229
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]230 std::queue<scoped_refptr<DrainableIOBuffer> > data_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]231
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]232 // True if Close() has been called.
233 bool closed_;
234
235 // Controls the completion of Write() after the FakeDataChannel is closed.
236 // After the FakeDataChannel is closed, the first Write() call completes
237 // asynchronously.
238 bool write_called_after_close_;
239
[email protected]d5492c52013-11-10 20:44:39[diff] [blame]240 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
241
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]242 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
243};
244
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]245class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]246 public:
247 FakeSocket(FakeDataChannel* incoming_channel,
248 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]249 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]250
dchengb03027d2014-10-21 12:00:20[diff] [blame]251 ~FakeSocket() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]252
dchengb03027d2014-10-21 12:00:20[diff] [blame]253 int Read(IOBuffer* buf,
254 int buf_len,
255 const CompletionCallback& callback) override {
[email protected]3f55aa12011-12-07 02:03:33[diff] [blame]256 // Read random number of bytes.
257 buf_len = rand() % buf_len + 1;
258 return incoming_->Read(buf, buf_len, callback);
259 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]260
dchengb03027d2014-10-21 12:00:20[diff] [blame]261 int Write(IOBuffer* buf,
262 int buf_len,
263 const CompletionCallback& callback) override {
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]264 // Write random number of bytes.
265 buf_len = rand() % buf_len + 1;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]266 return outgoing_->Write(buf, buf_len, callback);
267 }
268
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]269 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]270
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]271 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]272
dchengb03027d2014-10-21 12:00:20[diff] [blame]273 int Connect(const CompletionCallback& callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]274
dchengb03027d2014-10-21 12:00:20[diff] [blame]275 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]276 incoming_->Close();
277 outgoing_->Close();
278 }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]279
dchengb03027d2014-10-21 12:00:20[diff] [blame]280 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]281
dchengb03027d2014-10-21 12:00:20[diff] [blame]282 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]283
dchengb03027d2014-10-21 12:00:20[diff] [blame]284 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]285 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]286 return OK;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]287 }
288
dchengb03027d2014-10-21 12:00:20[diff] [blame]289 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45[diff] [blame]290 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]291 return OK;
[email protected]e7f74da2011-04-19 23:49:35[diff] [blame]292 }
293
tfarina428341112016-09-22 13:38:20[diff] [blame]294 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]295
dchengb03027d2014-10-21 12:00:20[diff] [blame]296 void SetSubresourceSpeculation() override {}
297 void SetOmniboxSpeculation() override {}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]298
dchengb03027d2014-10-21 12:00:20[diff] [blame]299 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]300
dchengb03027d2014-10-21 12:00:20[diff] [blame]301 bool WasNpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41[diff] [blame]302
dchengb03027d2014-10-21 12:00:20[diff] [blame]303 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]304
dchengb03027d2014-10-21 12:00:20[diff] [blame]305 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17[diff] [blame]306
ttuttle23fdb7b2015-05-15 01:28:03[diff] [blame]307 void GetConnectionAttempts(ConnectionAttempts* out) const override {
308 out->clear();
309 }
310
311 void ClearConnectionAttempts() override {}
312
313 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
314
tbansalf82cc8e2015-10-14 20:05:49[diff] [blame]315 int64_t GetTotalReceivedBytes() const override {
316 NOTIMPLEMENTED();
317 return 0;
318 }
319
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]320 private:
tfarina428341112016-09-22 13:38:20[diff] [blame]321 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]322 FakeDataChannel* incoming_;
323 FakeDataChannel* outgoing_;
324
325 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
326};
327
328} // namespace
329
330// Verify the correctness of the test helper classes first.
331TEST(FakeSocketTest, DataTransfer) {
332 // Establish channels between two sockets.
333 FakeDataChannel channel_1;
334 FakeDataChannel channel_2;
335 FakeSocket client(&channel_1, &channel_2);
336 FakeSocket server(&channel_2, &channel_1);
337
338 const char kTestData[] = "testing123";
339 const int kTestDataSize = strlen(kTestData);
340 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]341 scoped_refptr<IOBuffer> write_buf = new StringIOBuffer(kTestData);
342 scoped_refptr<IOBuffer> read_buf = new IOBuffer(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]343
344 // Write then read.
[email protected]90499482013-06-01 00:39:50[diff] [blame]345 int written =
346 server.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]347 EXPECT_GT(written, 0);
348 EXPECT_LE(written, kTestDataSize);
349
[email protected]90499482013-06-01 00:39:50[diff] [blame]350 int read = client.Read(read_buf.get(), kReadBufSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]351 EXPECT_GT(read, 0);
352 EXPECT_LE(read, written);
353 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]354
355 // Read then write.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]356 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]357 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50[diff] [blame]358 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]359
[email protected]90499482013-06-01 00:39:50[diff] [blame]360 written = client.Write(write_buf.get(), kTestDataSize, CompletionCallback());
[email protected]55ee0e52011-07-21 18:29:44[diff] [blame]361 EXPECT_GT(written, 0);
362 EXPECT_LE(written, kTestDataSize);
363
364 read = callback.WaitForResult();
365 EXPECT_GT(read, 0);
366 EXPECT_LE(read, written);
367 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]368}
369
370class SSLServerSocketTest : public PlatformTest {
371 public:
372 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]373 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]374 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]375 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20[diff] [blame]376 transport_security_state_(new TransportSecurityState),
377 ct_verifier_(new MockCTVerifier),
378 ct_policy_enforcer_(new MockCTPolicyEnforcer) {}
rsleevia5c430222016-03-11 05:55:12[diff] [blame]379
380 void SetUp() override {
381 PlatformTest::SetUp();
382
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]383 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
384 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]385
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]386 server_cert_ =
387 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]388 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]389 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12[diff] [blame]390 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]391
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]392 client_ssl_config_.false_start_enabled = false;
393 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]394
395 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25[diff] [blame]396 client_ssl_config_.allowed_bad_certs.emplace_back(
397 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]398 }
399
400 protected:
401 void CreateContext() {
402 client_socket_.reset();
403 server_socket_.reset();
404 channel_1_.reset();
405 channel_2_.reset();
406 server_context_.reset();
407 server_context_ = CreateSSLServerContext(
408 server_cert_.get(), *server_private_key_, server_ssl_config_);
409 }
410
411 void CreateSockets() {
412 client_socket_.reset();
413 server_socket_.reset();
414 channel_1_.reset(new FakeDataChannel());
415 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38[diff] [blame]416 std::unique_ptr<ClientSocketHandle> client_connection(
417 new ClientSocketHandle);
418 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]419 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38[diff] [blame]420 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]421 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]422
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]423 HostPortPair host_and_pair("unittest", 0);
424 SSLClientSocketContext context;
[email protected]9f59fac2012-03-21 23:18:11[diff] [blame]425 context.cert_verifier = cert_verifier_.get();
[email protected]b1c988b2013-06-13 06:48:11[diff] [blame]426 context.transport_security_state = transport_security_state_.get();
rsleevid6de8302016-06-21 01:33:20[diff] [blame]427 context.cert_transparency_verifier = ct_verifier_.get();
428 context.ct_policy_enforcer = ct_policy_enforcer_.get();
rsleevia5c430222016-03-11 05:55:12[diff] [blame]429
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]430 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48[diff] [blame]431 std::move(client_connection), host_and_pair, client_ssl_config_,
432 context);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]433 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]434
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]435 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]436 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]437 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]438 }
439
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]440 void ConfigureClientCertsForClient(const char* cert_file_name,
441 const char* private_key_file_name) {
442 client_ssl_config_.send_client_cert = true;
443 client_ssl_config_.client_cert =
444 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
445 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]446
danakj655b66c2016-04-16 00:51:38[diff] [blame]447 std::unique_ptr<crypto::RSAPrivateKey> key =
448 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]449 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]450
agl5a7cadf2016-07-13 16:52:53[diff] [blame]451 EVP_PKEY_up_ref(key->key());
452 client_ssl_config_.client_private_key =
davidbend80c12c2016-10-11 00:13:49[diff] [blame]453 WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY>(key->key()));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]454 }
455
456 void ConfigureClientCertsForServer() {
457 server_ssl_config_.client_cert_type =
458 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
459
davidbend80c12c2016-10-11 00:13:49[diff] [blame]460 bssl::UniquePtr<STACK_OF(X509_NAME)> cert_names(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]461 SSL_load_client_CA_file(GetTestCertsDirectory()
462 .AppendASCII(kClientCertCAFileName)
463 .MaybeAsASCII()
464 .c_str()));
465 ASSERT_TRUE(cert_names);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]466
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]467 for (size_t i = 0; i < sk_X509_NAME_num(cert_names.get()); ++i) {
468 uint8_t* str = nullptr;
469 int length = i2d_X509_NAME(sk_X509_NAME_value(cert_names.get(), i), &str);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]470 ASSERT_LT(0, length);
471
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]472 server_ssl_config_.cert_authorities_.push_back(std::string(
473 reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
474 OPENSSL_free(str);
475 }
476
477 scoped_refptr<X509Certificate> expected_client_cert(
478 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12[diff] [blame]479 ASSERT_TRUE(expected_client_cert);
480
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]481 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
482
483 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
484 }
485
danakj655b66c2016-04-16 00:51:38[diff] [blame]486 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
487 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]488 base::FilePath certs_dir(GetTestCertsDirectory());
489 base::FilePath key_path = certs_dir.AppendASCII(name);
490 std::string key_string;
491 if (!base::ReadFileToString(key_path, &key_string))
492 return nullptr;
493 std::vector<uint8_t> key_vector(
494 reinterpret_cast<const uint8_t*>(key_string.data()),
495 reinterpret_cast<const uint8_t*>(key_string.data() +
496 key_string.length()));
danakj655b66c2016-04-16 00:51:38[diff] [blame]497 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]498 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
499 return key;
500 }
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]501
danakj655b66c2016-04-16 00:51:38[diff] [blame]502 std::unique_ptr<FakeDataChannel> channel_1_;
503 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]504 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53[diff] [blame]505 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]506 std::unique_ptr<SSLClientSocket> client_socket_;
507 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]508 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]509 std::unique_ptr<MockCertVerifier> cert_verifier_;
510 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
511 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevid6de8302016-06-21 01:33:20[diff] [blame]512 std::unique_ptr<MockCTVerifier> ct_verifier_;
513 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
danakj655b66c2016-04-16 00:51:38[diff] [blame]514 std::unique_ptr<SSLServerContext> server_context_;
515 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]516 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]517};
518
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]519// This test only executes creation of client and server sockets. This is to
520// test that creation of sockets doesn't crash and have minimal code to run
521// under valgrind in order to help debugging memory problems.
522TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]523 ASSERT_NO_FATAL_FAILURE(CreateContext());
524 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]525}
526
[email protected]a7ac3c32011-06-17 19:10:15[diff] [blame]527// This test executes Connect() on SSLClientSocket and Handshake() on
528// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]529// completed successfully.
530TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]531 ASSERT_NO_FATAL_FAILURE(CreateContext());
532 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]533
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]534 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]535 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]536
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]537 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]538 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]539
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]540 client_ret = connect_callback.GetResult(client_ret);
541 server_ret = handshake_callback.GetResult(server_ret);
542
robpercival214763f2016-07-01 23:27:01[diff] [blame]543 ASSERT_THAT(client_ret, IsOk());
544 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]545
546 // Make sure the cert status is expected.
547 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58[diff] [blame]548 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24[diff] [blame]549 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58[diff] [blame]550
davidben56a8aece2016-10-14 18:20:56[diff] [blame]551 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58[diff] [blame]552 uint16_t cipher_suite =
553 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
554 const char* key_exchange;
555 const char* cipher;
556 const char* mac;
557 bool is_aead;
davidben56a8aece2016-10-14 18:20:56[diff] [blame]558 bool is_tls13;
559 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
560 cipher_suite);
hansc048c38b2016-10-14 11:30:09[diff] [blame]561 EXPECT_TRUE(is_aead);
davidben56a8aece2016-10-14 18:20:56[diff] [blame]562 ASSERT_FALSE(is_tls13);
563 EXPECT_STREQ("ECDHE_RSA", key_exchange);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]564}
565
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]566// This test makes sure the session cache is working.
567TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]568 ASSERT_NO_FATAL_FAILURE(CreateContext());
569 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]570
571 TestCompletionCallback handshake_callback;
572 int server_ret = server_socket_->Handshake(handshake_callback.callback());
573
574 TestCompletionCallback connect_callback;
575 int client_ret = client_socket_->Connect(connect_callback.callback());
576
577 client_ret = connect_callback.GetResult(client_ret);
578 server_ret = handshake_callback.GetResult(server_ret);
579
robpercival214763f2016-07-01 23:27:01[diff] [blame]580 ASSERT_THAT(client_ret, IsOk());
581 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]582
583 // Make sure the cert status is expected.
584 SSLInfo ssl_info;
585 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
586 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
587 SSLInfo ssl_server_info;
588 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
589 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
590
591 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]592 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]593 TestCompletionCallback handshake_callback2;
594 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
595
596 TestCompletionCallback connect_callback2;
597 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
598
599 client_ret2 = connect_callback2.GetResult(client_ret2);
600 server_ret2 = handshake_callback2.GetResult(server_ret2);
601
robpercival214763f2016-07-01 23:27:01[diff] [blame]602 ASSERT_THAT(client_ret2, IsOk());
603 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]604
605 // Make sure the cert status is expected.
606 SSLInfo ssl_info2;
607 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
608 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
609 SSLInfo ssl_server_info2;
610 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
611 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
612}
613
614// This test makes sure the session cache separates out by server context.
615TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]616 ASSERT_NO_FATAL_FAILURE(CreateContext());
617 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]618
619 TestCompletionCallback handshake_callback;
620 int server_ret = server_socket_->Handshake(handshake_callback.callback());
621
622 TestCompletionCallback connect_callback;
623 int client_ret = client_socket_->Connect(connect_callback.callback());
624
625 client_ret = connect_callback.GetResult(client_ret);
626 server_ret = handshake_callback.GetResult(server_ret);
627
robpercival214763f2016-07-01 23:27:01[diff] [blame]628 ASSERT_THAT(client_ret, IsOk());
629 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]630
631 // Make sure the cert status is expected.
632 SSLInfo ssl_info;
633 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
634 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
635 SSLInfo ssl_server_info;
636 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
637 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
638
639 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]640 ASSERT_NO_FATAL_FAILURE(CreateContext());
641 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]642
643 TestCompletionCallback handshake_callback2;
644 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
645
646 TestCompletionCallback connect_callback2;
647 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
648
649 client_ret2 = connect_callback2.GetResult(client_ret2);
650 server_ret2 = handshake_callback2.GetResult(server_ret2);
651
robpercival214763f2016-07-01 23:27:01[diff] [blame]652 ASSERT_THAT(client_ret2, IsOk());
653 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]654
655 // Make sure the cert status is expected.
656 SSLInfo ssl_info2;
657 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
658 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
659 SSLInfo ssl_server_info2;
660 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
661 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
662}
663
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]664// This test executes Connect() on SSLClientSocket and Handshake() on
665// SSLServerSocket to make sure handshaking between the two sockets is
666// completed successfully, using client certificate.
667TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
668 scoped_refptr<X509Certificate> client_cert =
669 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]670 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
671 kClientCertFileName, kClientPrivateKeyFileName));
672 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
673 ASSERT_NO_FATAL_FAILURE(CreateContext());
674 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]675
676 TestCompletionCallback handshake_callback;
677 int server_ret = server_socket_->Handshake(handshake_callback.callback());
678
679 TestCompletionCallback connect_callback;
680 int client_ret = client_socket_->Connect(connect_callback.callback());
681
682 client_ret = connect_callback.GetResult(client_ret);
683 server_ret = handshake_callback.GetResult(server_ret);
684
robpercival214763f2016-07-01 23:27:01[diff] [blame]685 ASSERT_THAT(client_ret, IsOk());
686 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]687
688 // Make sure the cert status is expected.
689 SSLInfo ssl_info;
690 client_socket_->GetSSLInfo(&ssl_info);
691 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
692 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]693 ASSERT_TRUE(ssl_info.cert.get());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]694 EXPECT_TRUE(client_cert->Equals(ssl_info.cert.get()));
695}
696
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]697// This test executes Connect() on SSLClientSocket and Handshake() twice on
698// SSLServerSocket to make sure handshaking between the two sockets is
699// completed successfully, using client certificate. The second connection is
700// expected to succeed through the session cache.
701TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
702 scoped_refptr<X509Certificate> client_cert =
703 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]704 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
705 kClientCertFileName, kClientPrivateKeyFileName));
706 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
707 ASSERT_NO_FATAL_FAILURE(CreateContext());
708 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]709
710 TestCompletionCallback handshake_callback;
711 int server_ret = server_socket_->Handshake(handshake_callback.callback());
712
713 TestCompletionCallback connect_callback;
714 int client_ret = client_socket_->Connect(connect_callback.callback());
715
716 client_ret = connect_callback.GetResult(client_ret);
717 server_ret = handshake_callback.GetResult(server_ret);
718
robpercival214763f2016-07-01 23:27:01[diff] [blame]719 ASSERT_THAT(client_ret, IsOk());
720 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]721
722 // Make sure the cert status is expected.
723 SSLInfo ssl_info;
724 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
725 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
726 SSLInfo ssl_server_info;
727 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
728 ASSERT_TRUE(ssl_server_info.cert.get());
729 EXPECT_TRUE(client_cert->Equals(ssl_server_info.cert.get()));
730 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
731 server_socket_->Disconnect();
732 client_socket_->Disconnect();
733
734 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]735 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]736 TestCompletionCallback handshake_callback2;
737 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
738
739 TestCompletionCallback connect_callback2;
740 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
741
742 client_ret2 = connect_callback2.GetResult(client_ret2);
743 server_ret2 = handshake_callback2.GetResult(server_ret2);
744
robpercival214763f2016-07-01 23:27:01[diff] [blame]745 ASSERT_THAT(client_ret2, IsOk());
746 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]747
748 // Make sure the cert status is expected.
749 SSLInfo ssl_info2;
750 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
751 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
752 SSLInfo ssl_server_info2;
753 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
754 ASSERT_TRUE(ssl_server_info2.cert.get());
755 EXPECT_TRUE(client_cert->Equals(ssl_server_info2.cert.get()));
756 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
757}
758
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]759TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]760 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
761 ASSERT_NO_FATAL_FAILURE(CreateContext());
762 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]763 // Use the default setting for the client socket, which is to not send
764 // a client certificate. This will cause the client to receive an
765 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
766 // requested cert_authorities from the CertificateRequest sent by the
767 // server.
768
769 TestCompletionCallback handshake_callback;
770 int server_ret = server_socket_->Handshake(handshake_callback.callback());
771
772 TestCompletionCallback connect_callback;
773 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
774 connect_callback.GetResult(
775 client_socket_->Connect(connect_callback.callback())));
776
777 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
778 client_socket_->GetSSLCertRequestInfo(request_info.get());
779
780 // Check that the authority name that arrived in the CertificateRequest
781 // handshake message is as expected.
782 scoped_refptr<X509Certificate> client_cert =
783 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]784 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]785 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
786
787 client_socket_->Disconnect();
788
davidben3418e81f2016-10-19 00:09:45[diff] [blame]789 EXPECT_THAT(handshake_callback.GetResult(server_ret),
790 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]791}
792
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]793TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]794 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
795 ASSERT_NO_FATAL_FAILURE(CreateContext());
796 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]797 // Use the default setting for the client socket, which is to not send
798 // a client certificate. This will cause the client to receive an
799 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
800 // requested cert_authorities from the CertificateRequest sent by the
801 // server.
802
803 TestCompletionCallback handshake_callback;
804 int server_ret = server_socket_->Handshake(handshake_callback.callback());
805
806 TestCompletionCallback connect_callback;
807 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
808 connect_callback.GetResult(
809 client_socket_->Connect(connect_callback.callback())));
810
811 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
812 client_socket_->GetSSLCertRequestInfo(request_info.get());
813
814 // Check that the authority name that arrived in the CertificateRequest
815 // handshake message is as expected.
816 scoped_refptr<X509Certificate> client_cert =
817 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]818 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]819 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
820
821 client_socket_->Disconnect();
822
davidben3418e81f2016-10-19 00:09:45[diff] [blame]823 EXPECT_THAT(handshake_callback.GetResult(server_ret),
824 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]825 server_socket_->Disconnect();
826
827 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]828 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]829 TestCompletionCallback handshake_callback2;
830 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
831
832 TestCompletionCallback connect_callback2;
833 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
834 connect_callback2.GetResult(
835 client_socket_->Connect(connect_callback2.callback())));
836
837 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
838 client_socket_->GetSSLCertRequestInfo(request_info2.get());
839
840 // Check that the authority name that arrived in the CertificateRequest
841 // handshake message is as expected.
842 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
843
844 client_socket_->Disconnect();
845
davidben3418e81f2016-10-19 00:09:45[diff] [blame]846 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
847 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]848}
849
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]850TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
851 scoped_refptr<X509Certificate> client_cert =
852 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]853 ASSERT_TRUE(client_cert);
854
855 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
856 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
857 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
858 ASSERT_NO_FATAL_FAILURE(CreateContext());
859 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]860
861 TestCompletionCallback handshake_callback;
862 int server_ret = server_socket_->Handshake(handshake_callback.callback());
863
864 TestCompletionCallback connect_callback;
865 int client_ret = client_socket_->Connect(connect_callback.callback());
866
867 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
868 connect_callback.GetResult(client_ret));
869 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
870 handshake_callback.GetResult(server_ret));
871}
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]872
873TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
874 scoped_refptr<X509Certificate> client_cert =
875 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12[diff] [blame]876 ASSERT_TRUE(client_cert);
877
878 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
879 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
880 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
881 ASSERT_NO_FATAL_FAILURE(CreateContext());
882 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]883
884 TestCompletionCallback handshake_callback;
885 int server_ret = server_socket_->Handshake(handshake_callback.callback());
886
887 TestCompletionCallback connect_callback;
888 int client_ret = client_socket_->Connect(connect_callback.callback());
889
890 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
891 connect_callback.GetResult(client_ret));
892 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
893 handshake_callback.GetResult(server_ret));
894
895 client_socket_->Disconnect();
896 server_socket_->Disconnect();
897
898 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12[diff] [blame]899 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]900 TestCompletionCallback handshake_callback2;
901 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
902
903 TestCompletionCallback connect_callback2;
904 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
905
906 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
907 connect_callback2.GetResult(client_ret2));
908 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
909 handshake_callback2.GetResult(server_ret2));
910}
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]911
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]912TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]913 ASSERT_NO_FATAL_FAILURE(CreateContext());
914 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]915
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]916 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]917 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]918 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]919 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]920
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]921 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]922 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]923 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]924
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]925 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]926 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]927 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]928 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]929
930 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]931 scoped_refptr<StringIOBuffer> write_buf =
932 new StringIOBuffer("testing123");
933 scoped_refptr<DrainableIOBuffer> read_buf =
934 new DrainableIOBuffer(new IOBuffer(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]935
936 // Write then read.
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]937 TestCompletionCallback write_callback;
938 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]939 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
940 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]941 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:50[diff] [blame]942 client_ret = client_socket_->Read(
943 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]944 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]945
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]946 server_ret = write_callback.GetResult(server_ret);
947 EXPECT_GT(server_ret, 0);
948 client_ret = read_callback.GetResult(client_ret);
949 ASSERT_GT(client_ret, 0);
950
951 read_buf->DidConsume(client_ret);
952 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]953 client_ret = client_socket_->Read(
954 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]955 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]956 client_ret = read_callback.GetResult(client_ret);
957 ASSERT_GT(client_ret, 0);
958 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]959 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]960 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
961 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]962 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
963
964 // Read then write.
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]965 write_buf = new StringIOBuffer("hello123");
[email protected]90499482013-06-01 00:39:50[diff] [blame]966 server_ret = server_socket_->Read(
967 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]968 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]969 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
970 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]971 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]972
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]973 server_ret = read_callback.GetResult(server_ret);
974 ASSERT_GT(server_ret, 0);
975 client_ret = write_callback.GetResult(client_ret);
976 EXPECT_GT(client_ret, 0);
977
978 read_buf->DidConsume(server_ret);
979 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:50[diff] [blame]980 server_ret = server_socket_->Read(
981 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]982 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]983 server_ret = read_callback.GetResult(server_ret);
984 ASSERT_GT(server_ret, 0);
985 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]986 }
[email protected]febbbb52011-08-17 04:59:23[diff] [blame]987 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
988 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]989 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
990}
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]991
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]992// A regression test for bug 127822 (http://crbug.com/127822).
993// If the server closes the connection after the handshake is finished,
994// the client's Write() call should not cause an infinite loop.
995// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:43[diff] [blame]996TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]997 ASSERT_NO_FATAL_FAILURE(CreateContext());
998 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]999
1000 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1001 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1002 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1003 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1004
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1005 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1006 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1007 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1008
1009 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1010 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1011 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:01[diff] [blame]1012 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1013
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1014 scoped_refptr<StringIOBuffer> write_buf = new StringIOBuffer("testing123");
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1015
1016 // The server closes the connection. The server needs to write some
1017 // data first so that the client's Read() calls from the transport
1018 // socket won't return ERR_IO_PENDING. This ensures that the client
1019 // will call Read() on the transport socket again.
1020 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1021 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
1022 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1023 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1024
1025 server_ret = write_callback.GetResult(server_ret);
1026 EXPECT_GT(server_ret, 0);
1027
1028 server_socket_->Disconnect();
1029
1030 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1031 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
1032 write_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1033 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1034
1035 client_ret = write_callback.GetResult(client_ret);
1036 EXPECT_GT(client_ret, 0);
1037
skyostil4891b25b2015-06-11 11:43:45[diff] [blame]1038 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
ki.stfu375812e2015-10-09 20:23:17[diff] [blame]1039 FROM_HERE, base::MessageLoop::QuitWhenIdleClosure(),
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1040 base::TimeDelta::FromMilliseconds(10));
fdoray5eeb7642016-06-22 16:11:28[diff] [blame]1041 base::RunLoop().Run();
[email protected]c0e4dd12012-05-16 19:36:31[diff] [blame]1042}
1043
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1044// This test executes ExportKeyingMaterial() on the client and server sockets,
1045// after connecting them, and verifies that the results match.
1046// This test will fail if False Start is enabled (see crbug.com/90208).
1047TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1048 ASSERT_NO_FATAL_FAILURE(CreateContext());
1049 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1050
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1051 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55[diff] [blame]1052 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1053 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1054
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1055 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13[diff] [blame]1056 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1057 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1058
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1059 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1060 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1061 }
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1062 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:01[diff] [blame]1063 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1064 }
1065
1066 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1067 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1068 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1069 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1070 int rv = server_socket_->ExportKeyingMaterial(
1071 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1072 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1073
1074 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1075 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1076 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:01[diff] [blame]1077 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1078 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1079
thestig9d3bb0c2015-01-24 00:49:51[diff] [blame]1080 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1081 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:10[diff] [blame]1082 rv = client_socket_->ExportKeyingMaterial(
1083 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:04[diff] [blame]1084 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:49[diff] [blame]1085 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:39[diff] [blame]1086}
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1087
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1088// Verifies that SSLConfig::require_ecdhe flags works properly.
1089TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1090 // Disable all ECDHE suites on the client side.
1091 uint16_t kEcdheCiphers[] = {
1092 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1093 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1094 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1095 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1096 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1097 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1098 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1099 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1100 0xcc13, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1101 0xcc14, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1102 };
1103 client_ssl_config_.disabled_cipher_suites.assign(
1104 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers));
1105
1106 // Require ECDHE on the server.
1107 server_ssl_config_.require_ecdhe = true;
1108
rsleevia5c430222016-03-11 05:55:12[diff] [blame]1109 ASSERT_NO_FATAL_FAILURE(CreateContext());
1110 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1111
1112 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1113 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:12[diff] [blame]1114
1115 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1116 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1117
1118 client_ret = connect_callback.GetResult(client_ret);
1119 server_ret = handshake_callback.GetResult(server_ret);
1120
robpercival214763f2016-07-01 23:27:01[diff] [blame]1121 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1122 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:22[diff] [blame]1123}
1124
[email protected]f61c3972010-12-23 09:54:15[diff] [blame]1125} // namespace net