blob: 78bb3ca7f5eff04fadbe264eb26f946c87c680ff [file] [log] [blame]
[email protected]1bc6f5e2012-03-15 00:20:581// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]f61c3972010-12-23 09:54:152// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This test suite uses SSLClientSocket to test the implementation of
6// SSLServerSocket. In order to establish connections between the sockets
7// we need two additional classes:
8// 1. FakeSocket
9// Connects SSL socket to FakeDataChannel. This class is just a stub.
10//
11// 2. FakeDataChannel
12// Implements the actual exchange of data between two FakeSockets.
13//
14// Implementations of these two classes are included in this file.
15
16#include "net/socket/ssl_server_socket.h"
17
tbansalf82cc8e2015-10-14 20:05:4918#include <stdint.h>
[email protected]55ee0e52011-07-21 18:29:4419#include <stdlib.h>
dchengc7eeda422015-12-26 03:56:4820#include <utility>
[email protected]f61c3972010-12-23 09:54:1521
Sebastien Marchand6d0558fd2019-01-25 16:49:3722#include "base/bind.h"
ryanchung987b2ff2016-02-19 00:17:1223#include "base/callback_helpers.h"
[email protected]55ee0e52011-07-21 18:29:4424#include "base/compiler_specific.h"
Brett Wilsonc6a0c822017-09-12 00:04:2925#include "base/containers/queue.h"
[email protected]57999812013-02-24 05:40:5226#include "base/files/file_path.h"
thestigd8df0332014-09-04 06:33:2927#include "base/files/file_util.h"
skyostil4891b25b2015-06-11 11:43:4528#include "base/location.h"
tbansalf82cc8e2015-10-14 20:05:4929#include "base/logging.h"
fdoray5eeb7642016-06-22 16:11:2830#include "base/run_loop.h"
skyostil4891b25b2015-06-11 11:43:4531#include "base/single_thread_task_runner.h"
Avi Drissman4365a4782018-12-28 19:26:2432#include "base/stl_util.h"
Bence Béky98447b12018-05-08 03:14:0133#include "base/test/scoped_task_environment.h"
gabf767595f2016-05-11 18:50:3534#include "base/threading/thread_task_runner_handle.h"
ryanchung987b2ff2016-02-19 00:17:1235#include "build/build_config.h"
[email protected]4b559b4d2011-04-14 17:37:1436#include "crypto/nss_util.h"
37#include "crypto/rsa_private_key.h"
ryanchung987b2ff2016-02-19 00:17:1238#include "crypto/signature_creator.h"
[email protected]f61c3972010-12-23 09:54:1539#include "net/base/address_list.h"
Bence Békybdbb0e72018-08-07 21:42:5940#include "net/base/completion_once_callback.h"
[email protected]f61c3972010-12-23 09:54:1541#include "net/base/host_port_pair.h"
42#include "net/base/io_buffer.h"
martijna2e83bd2016-03-18 13:10:4543#include "net/base/ip_address.h"
[email protected]e7f74da2011-04-19 23:49:3544#include "net/base/ip_endpoint.h"
[email protected]f61c3972010-12-23 09:54:1545#include "net/base/net_errors.h"
[email protected]6e7845ae2013-03-29 21:48:1146#include "net/cert/cert_status_flags.h"
rsleevid6de8302016-06-21 01:33:2047#include "net/cert/ct_policy_enforcer.h"
48#include "net/cert/ct_policy_status.h"
rsleevi22cae1672016-12-28 01:53:3649#include "net/cert/do_nothing_ct_verifier.h"
[email protected]6e7845ae2013-03-29 21:48:1150#include "net/cert/mock_cert_verifier.h"
ryanchung987b2ff2016-02-19 00:17:1251#include "net/cert/mock_client_cert_verifier.h"
eranmdcec9632016-10-10 14:16:1052#include "net/cert/signed_certificate_timestamp_and_status.h"
[email protected]6e7845ae2013-03-29 21:48:1153#include "net/cert/x509_certificate.h"
[email protected]b1c988b2013-06-13 06:48:1154#include "net/http/transport_security_state.h"
mikecironef22f9812016-10-04 03:40:1955#include "net/log/net_log_with_source.h"
[email protected]f61c3972010-12-23 09:54:1556#include "net/socket/client_socket_factory.h"
57#include "net/socket/socket_test_util.h"
58#include "net/socket/ssl_client_socket.h"
[email protected]3268023f2011-05-05 00:08:1059#include "net/socket/stream_socket.h"
ryanchung987b2ff2016-02-19 00:17:1260#include "net/ssl/ssl_cert_request_info.h"
davidben9dd84872015-05-02 00:22:5861#include "net/ssl/ssl_cipher_suite_names.h"
Daniel McArdle3a663d62019-01-31 00:48:4762#include "net/ssl/ssl_client_session_cache.h"
davidben9dd84872015-05-02 00:22:5863#include "net/ssl/ssl_connection_status_flags.h"
[email protected]536fd0b2013-03-14 17:41:5764#include "net/ssl/ssl_info.h"
ryanchung987b2ff2016-02-19 00:17:1265#include "net/ssl/ssl_private_key.h"
svaldez6e7e82a22015-10-28 19:39:5366#include "net/ssl/ssl_server_config.h"
ryanchung987b2ff2016-02-19 00:17:1267#include "net/ssl/test_ssl_private_key.h"
[email protected]6e7845ae2013-03-29 21:48:1168#include "net/test/cert_test_util.h"
robpercival214763f2016-07-01 23:27:0169#include "net/test/gtest_util.h"
rsleevia69c79a2016-06-22 03:28:4370#include "net/test/test_data_directory.h"
Bence Béky98447b12018-05-08 03:14:0171#include "net/test/test_with_scoped_task_environment.h"
[email protected]578968d42017-12-13 15:39:3272#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
robpercival214763f2016-07-01 23:27:0173#include "testing/gmock/include/gmock/gmock.h"
[email protected]f61c3972010-12-23 09:54:1574#include "testing/gtest/include/gtest/gtest.h"
75#include "testing/platform_test.h"
tfarinae8cb8aa2016-10-21 02:44:0176#include "third_party/boringssl/src/include/openssl/evp.h"
77#include "third_party/boringssl/src/include/openssl/ssl.h"
[email protected]f61c3972010-12-23 09:54:1578
robpercival214763f2016-07-01 23:27:0179using net::test::IsError;
80using net::test::IsOk;
81
[email protected]f61c3972010-12-23 09:54:1582namespace net {
83
84namespace {
85
ryanchung987b2ff2016-02-19 00:17:1286const char kClientCertFileName[] = "client_1.pem";
87const char kClientPrivateKeyFileName[] = "client_1.pk8";
88const char kWrongClientCertFileName[] = "client_2.pem";
89const char kWrongClientPrivateKeyFileName[] = "client_2.pk8";
ryanchung987b2ff2016-02-19 00:17:1290
rsleevid6de8302016-06-21 01:33:2091class MockCTPolicyEnforcer : public CTPolicyEnforcer {
92 public:
93 MockCTPolicyEnforcer() = default;
94 ~MockCTPolicyEnforcer() override = default;
Emily Stark627238f2017-11-29 03:29:5495 ct::CTPolicyCompliance CheckCompliance(
rsleevid6de8302016-06-21 01:33:2096 X509Certificate* cert,
Ryan Sleevi8a9c9c12018-05-09 02:36:2397 const ct::SCTList& verified_scts,
tfarina428341112016-09-22 13:38:2098 const NetLogWithSource& net_log) override {
Emily Stark627238f2017-11-29 03:29:5499 return ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS;
rsleevid6de8302016-06-21 01:33:20100 }
rsleevid6de8302016-06-21 01:33:20101};
102
[email protected]f61c3972010-12-23 09:54:15103class FakeDataChannel {
104 public:
[email protected]55ee0e52011-07-21 18:29:44105 FakeDataChannel()
[email protected]83039bb2011-12-09 18:43:55106 : read_buf_len_(0),
[email protected]c0e4dd12012-05-16 19:36:31107 closed_(false),
[email protected]d5492c52013-11-10 20:44:39108 write_called_after_close_(false),
109 weak_factory_(this) {
[email protected]f61c3972010-12-23 09:54:15110 }
111
Brad Lassey3a814172018-04-26 03:30:21112 int Read(IOBuffer* buf, int buf_len, CompletionOnceCallback callback) {
[email protected]4da82282014-07-16 18:40:43113 DCHECK(read_callback_.is_null());
dcheng08ea2af02014-08-25 23:38:09114 DCHECK(!read_buf_.get());
[email protected]c0e4dd12012-05-16 19:36:31115 if (closed_)
116 return 0;
[email protected]3f55aa12011-12-07 02:03:33117 if (data_.empty()) {
Brad Lassey3a814172018-04-26 03:30:21118 read_callback_ = std::move(callback);
[email protected]f61c3972010-12-23 09:54:15119 read_buf_ = buf;
120 read_buf_len_ = buf_len;
[email protected]fa6ce922014-07-17 04:27:04121 return ERR_IO_PENDING;
[email protected]f61c3972010-12-23 09:54:15122 }
tfarina9b6381442015-10-05 22:38:11123 return PropagateData(buf, buf_len);
[email protected]f61c3972010-12-23 09:54:15124 }
125
[email protected]a2b2cfc2017-12-06 09:06:08126 int Write(IOBuffer* buf,
127 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21128 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32129 const NetworkTrafficAnnotationTag& traffic_annotation) {
[email protected]4da82282014-07-16 18:40:43130 DCHECK(write_callback_.is_null());
[email protected]c0e4dd12012-05-16 19:36:31131 if (closed_) {
132 if (write_called_after_close_)
[email protected]fa6ce922014-07-17 04:27:04133 return ERR_CONNECTION_RESET;
[email protected]c0e4dd12012-05-16 19:36:31134 write_called_after_close_ = true;
Brad Lassey3a814172018-04-26 03:30:21135 write_callback_ = std::move(callback);
skyostil4891b25b2015-06-11 11:43:45136 base::ThreadTaskRunnerHandle::Get()->PostTask(
kylecharf4fe5172019-02-15 18:53:49137 FROM_HERE, base::BindOnce(&FakeDataChannel::DoWriteCallback,
138 weak_factory_.GetWeakPtr()));
[email protected]fa6ce922014-07-17 04:27:04139 return ERR_IO_PENDING;
[email protected]c0e4dd12012-05-16 19:36:31140 }
[email protected]4da82282014-07-16 18:40:43141 // This function returns synchronously, so make a copy of the buffer.
Victor Costancd439782018-08-30 07:27:57142 data_.push(base::MakeRefCounted<DrainableIOBuffer>(
143 base::MakeRefCounted<StringIOBuffer>(std::string(buf->data(), buf_len)),
[email protected]4da82282014-07-16 18:40:43144 buf_len));
skyostil4891b25b2015-06-11 11:43:45145 base::ThreadTaskRunnerHandle::Get()->PostTask(
kylecharf4fe5172019-02-15 18:53:49146 FROM_HERE, base::BindOnce(&FakeDataChannel::DoReadCallback,
147 weak_factory_.GetWeakPtr()));
[email protected]f61c3972010-12-23 09:54:15148 return buf_len;
149 }
150
[email protected]c0e4dd12012-05-16 19:36:31151 // Closes the FakeDataChannel. After Close() is called, Read() returns 0,
152 // indicating EOF, and Write() fails with ERR_CONNECTION_RESET. Note that
153 // after the FakeDataChannel is closed, the first Write() call completes
154 // asynchronously, which is necessary to reproduce bug 127822.
155 void Close() {
156 closed_ = true;
ryanchung987b2ff2016-02-19 00:17:12157 if (!read_callback_.is_null()) {
158 base::ThreadTaskRunnerHandle::Get()->PostTask(
kylecharf4fe5172019-02-15 18:53:49159 FROM_HERE, base::BindOnce(&FakeDataChannel::DoReadCallback,
160 weak_factory_.GetWeakPtr()));
ryanchung987b2ff2016-02-19 00:17:12161 }
[email protected]c0e4dd12012-05-16 19:36:31162 }
163
[email protected]f61c3972010-12-23 09:54:15164 private:
165 void DoReadCallback() {
ryanchung987b2ff2016-02-19 00:17:12166 if (read_callback_.is_null())
167 return;
168
169 if (closed_) {
Brad Lassey3a814172018-04-26 03:30:21170 std::move(read_callback_).Run(ERR_CONNECTION_CLOSED);
ryanchung987b2ff2016-02-19 00:17:12171 return;
172 }
173
174 if (data_.empty())
[email protected]f61c3972010-12-23 09:54:15175 return;
176
tfarina9b6381442015-10-05 22:38:11177 int copied = PropagateData(read_buf_, read_buf_len_);
[email protected]83039bb2011-12-09 18:43:55178 read_buf_ = NULL;
179 read_buf_len_ = 0;
Brad Lassey3a814172018-04-26 03:30:21180 std::move(read_callback_).Run(copied);
[email protected]f61c3972010-12-23 09:54:15181 }
182
[email protected]c0e4dd12012-05-16 19:36:31183 void DoWriteCallback() {
184 if (write_callback_.is_null())
185 return;
186
Brad Lassey3a814172018-04-26 03:30:21187 std::move(write_callback_).Run(ERR_CONNECTION_RESET);
[email protected]c0e4dd12012-05-16 19:36:31188 }
189
tfarina9b6381442015-10-05 22:38:11190 int PropagateData(scoped_refptr<IOBuffer> read_buf, int read_buf_len) {
[email protected]fa6ce922014-07-17 04:27:04191 scoped_refptr<DrainableIOBuffer> buf = data_.front();
[email protected]f61c3972010-12-23 09:54:15192 int copied = std::min(buf->BytesRemaining(), read_buf_len);
193 memcpy(read_buf->data(), buf->data(), copied);
194 buf->DidConsume(copied);
195
196 if (!buf->BytesRemaining())
197 data_.pop();
198 return copied;
199 }
200
Brad Lassey3a814172018-04-26 03:30:21201 CompletionOnceCallback read_callback_;
[email protected]fa6ce922014-07-17 04:27:04202 scoped_refptr<IOBuffer> read_buf_;
[email protected]f61c3972010-12-23 09:54:15203 int read_buf_len_;
204
Brad Lassey3a814172018-04-26 03:30:21205 CompletionOnceCallback write_callback_;
[email protected]c0e4dd12012-05-16 19:36:31206
Brett Wilsonc6a0c822017-09-12 00:04:29207 base::queue<scoped_refptr<DrainableIOBuffer>> data_;
[email protected]f61c3972010-12-23 09:54:15208
[email protected]c0e4dd12012-05-16 19:36:31209 // True if Close() has been called.
210 bool closed_;
211
212 // Controls the completion of Write() after the FakeDataChannel is closed.
213 // After the FakeDataChannel is closed, the first Write() call completes
214 // asynchronously.
215 bool write_called_after_close_;
216
[email protected]d5492c52013-11-10 20:44:39217 base::WeakPtrFactory<FakeDataChannel> weak_factory_;
218
[email protected]f61c3972010-12-23 09:54:15219 DISALLOW_COPY_AND_ASSIGN(FakeDataChannel);
220};
221
[email protected]3268023f2011-05-05 00:08:10222class FakeSocket : public StreamSocket {
[email protected]f61c3972010-12-23 09:54:15223 public:
224 FakeSocket(FakeDataChannel* incoming_channel,
225 FakeDataChannel* outgoing_channel)
ryanchungeb9e3bc2016-03-08 05:08:10226 : incoming_(incoming_channel), outgoing_(outgoing_channel) {}
[email protected]f61c3972010-12-23 09:54:15227
Chris Watkins7a41d3552017-12-01 02:13:27228 ~FakeSocket() override = default;
[email protected]f61c3972010-12-23 09:54:15229
dchengb03027d2014-10-21 12:00:20230 int Read(IOBuffer* buf,
231 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21232 CompletionOnceCallback callback) override {
[email protected]3f55aa12011-12-07 02:03:33233 // Read random number of bytes.
234 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21235 return incoming_->Read(buf, buf_len, std::move(callback));
[email protected]3f55aa12011-12-07 02:03:33236 }
[email protected]f61c3972010-12-23 09:54:15237
dchengb03027d2014-10-21 12:00:20238 int Write(IOBuffer* buf,
239 int buf_len,
Brad Lassey3a814172018-04-26 03:30:21240 CompletionOnceCallback callback,
[email protected]578968d42017-12-13 15:39:32241 const NetworkTrafficAnnotationTag& traffic_annotation) override {
[email protected]55ee0e52011-07-21 18:29:44242 // Write random number of bytes.
243 buf_len = rand() % buf_len + 1;
Brad Lassey3a814172018-04-26 03:30:21244 return outgoing_->Write(buf, buf_len, std::move(callback),
[email protected]578968d42017-12-13 15:39:32245 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]f61c3972010-12-23 09:54:15246 }
247
Avi Drissman13fc8932015-12-20 04:40:46248 int SetReceiveBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15249
Avi Drissman13fc8932015-12-20 04:40:46250 int SetSendBufferSize(int32_t size) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15251
Brad Lassey3a814172018-04-26 03:30:21252 int Connect(CompletionOnceCallback callback) override { return OK; }
[email protected]f61c3972010-12-23 09:54:15253
dchengb03027d2014-10-21 12:00:20254 void Disconnect() override {
[email protected]c0e4dd12012-05-16 19:36:31255 incoming_->Close();
256 outgoing_->Close();
257 }
[email protected]f61c3972010-12-23 09:54:15258
dchengb03027d2014-10-21 12:00:20259 bool IsConnected() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15260
dchengb03027d2014-10-21 12:00:20261 bool IsConnectedAndIdle() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15262
dchengb03027d2014-10-21 12:00:20263 int GetPeerAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45264 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04265 return OK;
[email protected]f61c3972010-12-23 09:54:15266 }
267
dchengb03027d2014-10-21 12:00:20268 int GetLocalAddress(IPEndPoint* address) const override {
martijna2e83bd2016-03-18 13:10:45269 *address = IPEndPoint(IPAddress::IPv4AllZeros(), 0 /*port*/);
[email protected]fa6ce922014-07-17 04:27:04270 return OK;
[email protected]e7f74da2011-04-19 23:49:35271 }
272
tfarina428341112016-09-22 13:38:20273 const NetLogWithSource& NetLog() const override { return net_log_; }
[email protected]f61c3972010-12-23 09:54:15274
dchengb03027d2014-10-21 12:00:20275 bool WasEverUsed() const override { return true; }
[email protected]f61c3972010-12-23 09:54:15276
tfarina2846404c2016-12-25 14:31:37277 bool WasAlpnNegotiated() const override { return false; }
[email protected]5e6efa52011-06-27 17:26:41278
dchengb03027d2014-10-21 12:00:20279 NextProto GetNegotiatedProtocol() const override { return kProtoUnknown; }
[email protected]2d88e7d2012-07-19 17:55:17280
dchengb03027d2014-10-21 12:00:20281 bool GetSSLInfo(SSLInfo* ssl_info) override { return false; }
[email protected]2d88e7d2012-07-19 17:55:17282
ttuttle23fdb7b2015-05-15 01:28:03283 void GetConnectionAttempts(ConnectionAttempts* out) const override {
284 out->clear();
285 }
286
287 void ClearConnectionAttempts() override {}
288
289 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
290
tbansalf82cc8e2015-10-14 20:05:49291 int64_t GetTotalReceivedBytes() const override {
292 NOTIMPLEMENTED();
293 return 0;
294 }
295
Paul Jensen0f49dec2017-12-12 23:39:58296 void ApplySocketTag(const SocketTag& tag) override {}
297
[email protected]f61c3972010-12-23 09:54:15298 private:
tfarina428341112016-09-22 13:38:20299 NetLogWithSource net_log_;
[email protected]f61c3972010-12-23 09:54:15300 FakeDataChannel* incoming_;
301 FakeDataChannel* outgoing_;
302
303 DISALLOW_COPY_AND_ASSIGN(FakeSocket);
304};
305
306} // namespace
307
308// Verify the correctness of the test helper classes first.
309TEST(FakeSocketTest, DataTransfer) {
Bence Béky98447b12018-05-08 03:14:01310 base::test::ScopedTaskEnvironment scoped_task_environment;
311
[email protected]f61c3972010-12-23 09:54:15312 // Establish channels between two sockets.
313 FakeDataChannel channel_1;
314 FakeDataChannel channel_2;
315 FakeSocket client(&channel_1, &channel_2);
316 FakeSocket server(&channel_2, &channel_1);
317
318 const char kTestData[] = "testing123";
319 const int kTestDataSize = strlen(kTestData);
320 const int kReadBufSize = 1024;
Victor Costan9c7302b2018-08-27 16:39:44321 scoped_refptr<IOBuffer> write_buf =
322 base::MakeRefCounted<StringIOBuffer>(kTestData);
323 scoped_refptr<IOBuffer> read_buf =
324 base::MakeRefCounted<IOBuffer>(kReadBufSize);
[email protected]f61c3972010-12-23 09:54:15325
326 // Write then read.
[email protected]90499482013-06-01 00:39:50327 int written =
Bence Békybdbb0e72018-08-07 21:42:59328 server.Write(write_buf.get(), kTestDataSize, CompletionOnceCallback(),
[email protected]578968d42017-12-13 15:39:32329 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44330 EXPECT_GT(written, 0);
331 EXPECT_LE(written, kTestDataSize);
332
Bence Békybdbb0e72018-08-07 21:42:59333 int read =
334 client.Read(read_buf.get(), kReadBufSize, CompletionOnceCallback());
[email protected]55ee0e52011-07-21 18:29:44335 EXPECT_GT(read, 0);
336 EXPECT_LE(read, written);
337 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15338
339 // Read then write.
[email protected]83039bb2011-12-09 18:43:55340 TestCompletionCallback callback;
[email protected]fa6ce922014-07-17 04:27:04341 EXPECT_EQ(ERR_IO_PENDING,
[email protected]90499482013-06-01 00:39:50342 server.Read(read_buf.get(), kReadBufSize, callback.callback()));
[email protected]55ee0e52011-07-21 18:29:44343
Bence Békybdbb0e72018-08-07 21:42:59344 written =
345 client.Write(write_buf.get(), kTestDataSize, CompletionOnceCallback(),
346 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]55ee0e52011-07-21 18:29:44347 EXPECT_GT(written, 0);
348 EXPECT_LE(written, kTestDataSize);
349
350 read = callback.WaitForResult();
351 EXPECT_GT(read, 0);
352 EXPECT_LE(read, written);
353 EXPECT_EQ(0, memcmp(kTestData, read_buf->data(), read));
[email protected]f61c3972010-12-23 09:54:15354}
355
Bence Béky98447b12018-05-08 03:14:01356class SSLServerSocketTest : public PlatformTest,
357 public WithScopedTaskEnvironment {
[email protected]f61c3972010-12-23 09:54:15358 public:
359 SSLServerSocketTest()
[email protected]fa6ce922014-07-17 04:27:04360 : socket_factory_(ClientSocketFactory::GetDefaultFactory()),
[email protected]b1c988b2013-06-13 06:48:11361 cert_verifier_(new MockCertVerifier()),
ryanchung987b2ff2016-02-19 00:17:12362 client_cert_verifier_(new MockClientCertVerifier()),
rsleevid6de8302016-06-21 01:33:20363 transport_security_state_(new TransportSecurityState),
rsleevi22cae1672016-12-28 01:53:36364 ct_verifier_(new DoNothingCTVerifier),
Daniel McArdle3a663d62019-01-31 00:48:47365 ct_policy_enforcer_(new MockCTPolicyEnforcer),
366 ssl_client_session_cache_(
367 new SSLClientSessionCache(SSLClientSessionCache::Config())) {}
rsleevia5c430222016-03-11 05:55:12368
369 void SetUp() override {
370 PlatformTest::SetUp();
371
ryanchung987b2ff2016-02-19 00:17:12372 cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
373 client_cert_verifier_->set_default_result(ERR_CERT_AUTHORITY_INVALID);
[email protected]f61c3972010-12-23 09:54:15374
ryanchungeb9e3bc2016-03-08 05:08:10375 server_cert_ =
376 ImportCertFromFile(GetTestCertsDirectory(), "unittest.selfsigned.der");
rsleevia5c430222016-03-11 05:55:12377 ASSERT_TRUE(server_cert_);
ryanchungeb9e3bc2016-03-08 05:08:10378 server_private_key_ = ReadTestKey("unittest.key.bin");
rsleevia5c430222016-03-11 05:55:12379 ASSERT_TRUE(server_private_key_);
[email protected]f61c3972010-12-23 09:54:15380
Ryan Ki Sing Chung665861e2017-12-15 22:05:55381 std::unique_ptr<crypto::RSAPrivateKey> key =
382 ReadTestKey("unittest.key.bin");
383 ASSERT_TRUE(key);
David Benjamin139c5572018-07-06 23:53:42384 server_ssl_private_key_ = WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
Ryan Ki Sing Chung665861e2017-12-15 22:05:55385
sergeyuff826d5e2015-05-13 20:35:22386 client_ssl_config_.false_start_enabled = false;
387 client_ssl_config_.channel_id_enabled = false;
[email protected]f61c3972010-12-23 09:54:15388
389 // Certificate provided by the host doesn't need authority.
rsleevi74e99742016-09-13 20:35:25390 client_ssl_config_.allowed_bad_certs.emplace_back(
391 server_cert_, CERT_STATUS_AUTHORITY_INVALID);
ryanchungeb9e3bc2016-03-08 05:08:10392 }
393
394 protected:
395 void CreateContext() {
396 client_socket_.reset();
397 server_socket_.reset();
398 channel_1_.reset();
399 channel_2_.reset();
400 server_context_.reset();
401 server_context_ = CreateSSLServerContext(
402 server_cert_.get(), *server_private_key_, server_ssl_config_);
403 }
404
Ryan Ki Sing Chung665861e2017-12-15 22:05:55405 void CreateContextSSLPrivateKey() {
406 client_socket_.reset();
407 server_socket_.reset();
408 channel_1_.reset();
409 channel_2_.reset();
410 server_context_.reset();
411 server_context_ = CreateSSLServerContext(
412 server_cert_.get(), server_ssl_private_key_, server_ssl_config_);
413 }
414
ryanchungeb9e3bc2016-03-08 05:08:10415 void CreateSockets() {
416 client_socket_.reset();
417 server_socket_.reset();
418 channel_1_.reset(new FakeDataChannel());
419 channel_2_.reset(new FakeDataChannel());
danakj655b66c2016-04-16 00:51:38420 std::unique_ptr<ClientSocketHandle> client_connection(
421 new ClientSocketHandle);
422 client_connection->SetSocket(std::unique_ptr<StreamSocket>(
ryanchungeb9e3bc2016-03-08 05:08:10423 new FakeSocket(channel_1_.get(), channel_2_.get())));
danakj655b66c2016-04-16 00:51:38424 std::unique_ptr<StreamSocket> server_socket(
ryanchungeb9e3bc2016-03-08 05:08:10425 new FakeSocket(channel_2_.get(), channel_1_.get()));
[email protected]f61c3972010-12-23 09:54:15426
[email protected]fa6ce922014-07-17 04:27:04427 HostPortPair host_and_pair("unittest", 0);
Daniel McArdleda3fa942019-02-15 16:41:21428 SSLClientSocketContext context(
429 cert_verifier_.get(), nullptr, transport_security_state_.get(),
430 ct_verifier_.get(), ct_policy_enforcer_.get(),
431 ssl_client_session_cache_.get());
rsleevia5c430222016-03-11 05:55:12432
sergeyuff826d5e2015-05-13 20:35:22433 client_socket_ = socket_factory_->CreateSSLClientSocket(
dchengc7eeda422015-12-26 03:56:48434 std::move(client_connection), host_and_pair, client_ssl_config_,
435 context);
rsleevia5c430222016-03-11 05:55:12436 ASSERT_TRUE(client_socket_);
ryanchungeb9e3bc2016-03-08 05:08:10437
ryanchung987b2ff2016-02-19 00:17:12438 server_socket_ =
ryanchungeb9e3bc2016-03-08 05:08:10439 server_context_->CreateSSLServerSocket(std::move(server_socket));
rsleevia5c430222016-03-11 05:55:12440 ASSERT_TRUE(server_socket_);
[email protected]f61c3972010-12-23 09:54:15441 }
442
ryanchung987b2ff2016-02-19 00:17:12443 void ConfigureClientCertsForClient(const char* cert_file_name,
444 const char* private_key_file_name) {
445 client_ssl_config_.send_client_cert = true;
446 client_ssl_config_.client_cert =
447 ImportCertFromFile(GetTestCertsDirectory(), cert_file_name);
448 ASSERT_TRUE(client_ssl_config_.client_cert);
rsleevia5c430222016-03-11 05:55:12449
danakj655b66c2016-04-16 00:51:38450 std::unique_ptr<crypto::RSAPrivateKey> key =
451 ReadTestKey(private_key_file_name);
ryanchung987b2ff2016-02-19 00:17:12452 ASSERT_TRUE(key);
rsleevia5c430222016-03-11 05:55:12453
agl5a7cadf2016-07-13 16:52:53454 client_ssl_config_.client_private_key =
David Benjamin139c5572018-07-06 23:53:42455 WrapOpenSSLPrivateKey(bssl::UpRef(key->key()));
ryanchung987b2ff2016-02-19 00:17:12456 }
457
458 void ConfigureClientCertsForServer() {
459 server_ssl_config_.client_cert_type =
460 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
461
David Benjamin99dada22017-09-28 20:04:00462 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem
463 static const uint8_t kClientCertCAName[] = {
464 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55,
465 0x04, 0x03, 0x0c, 0x04, 0x42, 0x20, 0x43, 0x41};
466 server_ssl_config_.cert_authorities_.push_back(std::string(
467 std::begin(kClientCertCAName), std::end(kClientCertCAName)));
ryanchung987b2ff2016-02-19 00:17:12468
469 scoped_refptr<X509Certificate> expected_client_cert(
470 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName));
rsleevia5c430222016-03-11 05:55:12471 ASSERT_TRUE(expected_client_cert);
472
ryanchung987b2ff2016-02-19 00:17:12473 client_cert_verifier_->AddResultForCert(expected_client_cert.get(), OK);
474
475 server_ssl_config_.client_cert_verifier = client_cert_verifier_.get();
476 }
477
danakj655b66c2016-04-16 00:51:38478 std::unique_ptr<crypto::RSAPrivateKey> ReadTestKey(
479 const base::StringPiece& name) {
ryanchung987b2ff2016-02-19 00:17:12480 base::FilePath certs_dir(GetTestCertsDirectory());
481 base::FilePath key_path = certs_dir.AppendASCII(name);
482 std::string key_string;
483 if (!base::ReadFileToString(key_path, &key_string))
484 return nullptr;
485 std::vector<uint8_t> key_vector(
486 reinterpret_cast<const uint8_t*>(key_string.data()),
487 reinterpret_cast<const uint8_t*>(key_string.data() +
488 key_string.length()));
danakj655b66c2016-04-16 00:51:38489 std::unique_ptr<crypto::RSAPrivateKey> key(
ryanchung987b2ff2016-02-19 00:17:12490 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
491 return key;
492 }
ryanchung987b2ff2016-02-19 00:17:12493
Steven Valdez0ef94d02018-11-19 23:28:13494 void PumpServerToClient() {
495 const int kReadBufSize = 1024;
496 scoped_refptr<StringIOBuffer> write_buf =
497 base::MakeRefCounted<StringIOBuffer>("testing123");
498 scoped_refptr<DrainableIOBuffer> read_buf =
499 base::MakeRefCounted<DrainableIOBuffer>(
500 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
501 TestCompletionCallback write_callback;
502 TestCompletionCallback read_callback;
503 int server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
504 write_callback.callback(),
505 TRAFFIC_ANNOTATION_FOR_TESTS);
506 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
507 int client_ret = client_socket_->Read(
508 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
509 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
510
511 server_ret = write_callback.GetResult(server_ret);
512 EXPECT_GT(server_ret, 0);
513 client_ret = read_callback.GetResult(client_ret);
514 ASSERT_GT(client_ret, 0);
515 }
516
danakj655b66c2016-04-16 00:51:38517 std::unique_ptr<FakeDataChannel> channel_1_;
518 std::unique_ptr<FakeDataChannel> channel_2_;
sergeyuff826d5e2015-05-13 20:35:22519 SSLConfig client_ssl_config_;
svaldez6e7e82a22015-10-28 19:39:53520 SSLServerConfig server_ssl_config_;
danakj655b66c2016-04-16 00:51:38521 std::unique_ptr<SSLClientSocket> client_socket_;
522 std::unique_ptr<SSLServerSocket> server_socket_;
[email protected]fa6ce922014-07-17 04:27:04523 ClientSocketFactory* socket_factory_;
danakj655b66c2016-04-16 00:51:38524 std::unique_ptr<MockCertVerifier> cert_verifier_;
525 std::unique_ptr<MockClientCertVerifier> client_cert_verifier_;
526 std::unique_ptr<TransportSecurityState> transport_security_state_;
rsleevi22cae1672016-12-28 01:53:36527 std::unique_ptr<DoNothingCTVerifier> ct_verifier_;
rsleevid6de8302016-06-21 01:33:20528 std::unique_ptr<MockCTPolicyEnforcer> ct_policy_enforcer_;
Daniel McArdle3a663d62019-01-31 00:48:47529 std::unique_ptr<SSLClientSessionCache> ssl_client_session_cache_;
danakj655b66c2016-04-16 00:51:38530 std::unique_ptr<SSLServerContext> server_context_;
531 std::unique_ptr<crypto::RSAPrivateKey> server_private_key_;
Ryan Ki Sing Chung665861e2017-12-15 22:05:55532 scoped_refptr<SSLPrivateKey> server_ssl_private_key_;
ryanchungeb9e3bc2016-03-08 05:08:10533 scoped_refptr<X509Certificate> server_cert_;
[email protected]f61c3972010-12-23 09:54:15534};
535
[email protected]f61c3972010-12-23 09:54:15536// This test only executes creation of client and server sockets. This is to
537// test that creation of sockets doesn't crash and have minimal code to run
Mostyn Bramley-Moore699c5312018-05-01 10:48:09538// with memory leak/corruption checking tools.
[email protected]f61c3972010-12-23 09:54:15539TEST_F(SSLServerSocketTest, Initialize) {
rsleevia5c430222016-03-11 05:55:12540 ASSERT_NO_FATAL_FAILURE(CreateContext());
541 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15542}
543
[email protected]a7ac3c32011-06-17 19:10:15544// This test executes Connect() on SSLClientSocket and Handshake() on
545// SSLServerSocket to make sure handshaking between the two sockets is
[email protected]f61c3972010-12-23 09:54:15546// completed successfully.
547TEST_F(SSLServerSocketTest, Handshake) {
rsleevia5c430222016-03-11 05:55:12548 ASSERT_NO_FATAL_FAILURE(CreateContext());
549 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15550
[email protected]6ea7b152011-12-21 21:21:13551 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13552 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]f61c3972010-12-23 09:54:15553
ryanchung987b2ff2016-02-19 00:17:12554 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55555 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]f61c3972010-12-23 09:54:15556
ryanchung987b2ff2016-02-19 00:17:12557 client_ret = connect_callback.GetResult(client_ret);
558 server_ret = handshake_callback.GetResult(server_ret);
559
robpercival214763f2016-07-01 23:27:01560 ASSERT_THAT(client_ret, IsOk());
561 ASSERT_THAT(server_ret, IsOk());
[email protected]4dc832e2011-04-28 22:04:24562
563 // Make sure the cert status is expected.
564 SSLInfo ssl_info;
davidben9dd84872015-05-02 00:22:58565 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
[email protected]4dc832e2011-04-28 22:04:24566 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
davidben9dd84872015-05-02 00:22:58567
davidben56a8aece2016-10-14 18:20:56568 // The default cipher suite should be ECDHE and an AEAD.
davidben9dd84872015-05-02 00:22:58569 uint16_t cipher_suite =
570 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
571 const char* key_exchange;
572 const char* cipher;
573 const char* mac;
574 bool is_aead;
davidben56a8aece2016-10-14 18:20:56575 bool is_tls13;
576 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
577 cipher_suite);
hansc048c38b2016-10-14 11:30:09578 EXPECT_TRUE(is_aead);
[email protected]f61c3972010-12-23 09:54:15579}
580
ryanchungeb9e3bc2016-03-08 05:08:10581// This test makes sure the session cache is working.
582TEST_F(SSLServerSocketTest, HandshakeCached) {
rsleevia5c430222016-03-11 05:55:12583 ASSERT_NO_FATAL_FAILURE(CreateContext());
584 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10585
586 TestCompletionCallback handshake_callback;
587 int server_ret = server_socket_->Handshake(handshake_callback.callback());
588
589 TestCompletionCallback connect_callback;
590 int client_ret = client_socket_->Connect(connect_callback.callback());
591
592 client_ret = connect_callback.GetResult(client_ret);
593 server_ret = handshake_callback.GetResult(server_ret);
594
robpercival214763f2016-07-01 23:27:01595 ASSERT_THAT(client_ret, IsOk());
596 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10597
598 // Make sure the cert status is expected.
599 SSLInfo ssl_info;
600 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
601 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
602 SSLInfo ssl_server_info;
603 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
604 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
605
Steven Valdez0ef94d02018-11-19 23:28:13606 // Pump client read to get new session tickets.
607 PumpServerToClient();
608
ryanchungeb9e3bc2016-03-08 05:08:10609 // Make sure the second connection is cached.
rsleevia5c430222016-03-11 05:55:12610 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10611 TestCompletionCallback handshake_callback2;
612 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
613
614 TestCompletionCallback connect_callback2;
615 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
616
617 client_ret2 = connect_callback2.GetResult(client_ret2);
618 server_ret2 = handshake_callback2.GetResult(server_ret2);
619
robpercival214763f2016-07-01 23:27:01620 ASSERT_THAT(client_ret2, IsOk());
621 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10622
623 // Make sure the cert status is expected.
624 SSLInfo ssl_info2;
625 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
626 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
627 SSLInfo ssl_server_info2;
628 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
629 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
630}
631
632// This test makes sure the session cache separates out by server context.
633TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) {
rsleevia5c430222016-03-11 05:55:12634 ASSERT_NO_FATAL_FAILURE(CreateContext());
635 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10636
637 TestCompletionCallback handshake_callback;
638 int server_ret = server_socket_->Handshake(handshake_callback.callback());
639
640 TestCompletionCallback connect_callback;
641 int client_ret = client_socket_->Connect(connect_callback.callback());
642
643 client_ret = connect_callback.GetResult(client_ret);
644 server_ret = handshake_callback.GetResult(server_ret);
645
robpercival214763f2016-07-01 23:27:01646 ASSERT_THAT(client_ret, IsOk());
647 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10648
649 // Make sure the cert status is expected.
650 SSLInfo ssl_info;
651 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
652 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
653 SSLInfo ssl_server_info;
654 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
655 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
656
657 // Make sure the second connection is NOT cached when using a new context.
rsleevia5c430222016-03-11 05:55:12658 ASSERT_NO_FATAL_FAILURE(CreateContext());
659 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10660
661 TestCompletionCallback handshake_callback2;
662 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
663
664 TestCompletionCallback connect_callback2;
665 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
666
667 client_ret2 = connect_callback2.GetResult(client_ret2);
668 server_ret2 = handshake_callback2.GetResult(server_ret2);
669
robpercival214763f2016-07-01 23:27:01670 ASSERT_THAT(client_ret2, IsOk());
671 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10672
673 // Make sure the cert status is expected.
674 SSLInfo ssl_info2;
675 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
676 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
677 SSLInfo ssl_server_info2;
678 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
679 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_FULL);
680}
681
ryanchung987b2ff2016-02-19 00:17:12682// This test executes Connect() on SSLClientSocket and Handshake() on
683// SSLServerSocket to make sure handshaking between the two sockets is
684// completed successfully, using client certificate.
685TEST_F(SSLServerSocketTest, HandshakeWithClientCert) {
686 scoped_refptr<X509Certificate> client_cert =
687 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12688 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
689 kClientCertFileName, kClientPrivateKeyFileName));
690 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
691 ASSERT_NO_FATAL_FAILURE(CreateContext());
692 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12693
694 TestCompletionCallback handshake_callback;
695 int server_ret = server_socket_->Handshake(handshake_callback.callback());
696
697 TestCompletionCallback connect_callback;
698 int client_ret = client_socket_->Connect(connect_callback.callback());
699
700 client_ret = connect_callback.GetResult(client_ret);
701 server_ret = handshake_callback.GetResult(server_ret);
702
robpercival214763f2016-07-01 23:27:01703 ASSERT_THAT(client_ret, IsOk());
704 ASSERT_THAT(server_ret, IsOk());
ryanchung987b2ff2016-02-19 00:17:12705
706 // Make sure the cert status is expected.
707 SSLInfo ssl_info;
708 client_socket_->GetSSLInfo(&ssl_info);
709 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
710 server_socket_->GetSSLInfo(&ssl_info);
rsleevia5c430222016-03-11 05:55:12711 ASSERT_TRUE(ssl_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53712 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_info.cert.get()));
ryanchung987b2ff2016-02-19 00:17:12713}
714
ryanchungeb9e3bc2016-03-08 05:08:10715// This test executes Connect() on SSLClientSocket and Handshake() twice on
716// SSLServerSocket to make sure handshaking between the two sockets is
717// completed successfully, using client certificate. The second connection is
718// expected to succeed through the session cache.
719TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) {
720 scoped_refptr<X509Certificate> client_cert =
721 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12722 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
723 kClientCertFileName, kClientPrivateKeyFileName));
724 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
725 ASSERT_NO_FATAL_FAILURE(CreateContext());
726 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10727
728 TestCompletionCallback handshake_callback;
729 int server_ret = server_socket_->Handshake(handshake_callback.callback());
730
731 TestCompletionCallback connect_callback;
732 int client_ret = client_socket_->Connect(connect_callback.callback());
733
734 client_ret = connect_callback.GetResult(client_ret);
735 server_ret = handshake_callback.GetResult(server_ret);
736
robpercival214763f2016-07-01 23:27:01737 ASSERT_THAT(client_ret, IsOk());
738 ASSERT_THAT(server_ret, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10739
740 // Make sure the cert status is expected.
741 SSLInfo ssl_info;
742 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
743 EXPECT_EQ(ssl_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
744 SSLInfo ssl_server_info;
745 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info));
746 ASSERT_TRUE(ssl_server_info.cert.get());
Matt Mueller294998d2018-04-17 03:04:53747 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10748 EXPECT_EQ(ssl_server_info.handshake_type, SSLInfo::HANDSHAKE_FULL);
Steven Valdez0ef94d02018-11-19 23:28:13749 // Pump client read to get new session tickets.
750 PumpServerToClient();
ryanchungeb9e3bc2016-03-08 05:08:10751 server_socket_->Disconnect();
752 client_socket_->Disconnect();
753
754 // Create the connection again.
rsleevia5c430222016-03-11 05:55:12755 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10756 TestCompletionCallback handshake_callback2;
757 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
758
759 TestCompletionCallback connect_callback2;
760 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
761
762 client_ret2 = connect_callback2.GetResult(client_ret2);
763 server_ret2 = handshake_callback2.GetResult(server_ret2);
764
robpercival214763f2016-07-01 23:27:01765 ASSERT_THAT(client_ret2, IsOk());
766 ASSERT_THAT(server_ret2, IsOk());
ryanchungeb9e3bc2016-03-08 05:08:10767
768 // Make sure the cert status is expected.
769 SSLInfo ssl_info2;
770 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info2));
771 EXPECT_EQ(ssl_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
772 SSLInfo ssl_server_info2;
773 ASSERT_TRUE(server_socket_->GetSSLInfo(&ssl_server_info2));
774 ASSERT_TRUE(ssl_server_info2.cert.get());
Matt Mueller294998d2018-04-17 03:04:53775 EXPECT_TRUE(client_cert->EqualsExcludingChain(ssl_server_info2.cert.get()));
ryanchungeb9e3bc2016-03-08 05:08:10776 EXPECT_EQ(ssl_server_info2.handshake_type, SSLInfo::HANDSHAKE_RESUME);
777}
778
ryanchung987b2ff2016-02-19 00:17:12779TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) {
rsleevia5c430222016-03-11 05:55:12780 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
781 ASSERT_NO_FATAL_FAILURE(CreateContext());
782 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12783 // Use the default setting for the client socket, which is to not send
784 // a client certificate. This will cause the client to receive an
785 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
786 // requested cert_authorities from the CertificateRequest sent by the
787 // server.
788
789 TestCompletionCallback handshake_callback;
790 int server_ret = server_socket_->Handshake(handshake_callback.callback());
791
792 TestCompletionCallback connect_callback;
793 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
794 connect_callback.GetResult(
795 client_socket_->Connect(connect_callback.callback())));
796
797 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
798 client_socket_->GetSSLCertRequestInfo(request_info.get());
799
800 // Check that the authority name that arrived in the CertificateRequest
801 // handshake message is as expected.
802 scoped_refptr<X509Certificate> client_cert =
803 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12804 ASSERT_TRUE(client_cert);
ryanchung987b2ff2016-02-19 00:17:12805 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
806
807 client_socket_->Disconnect();
808
davidben3418e81f2016-10-19 00:09:45809 EXPECT_THAT(handshake_callback.GetResult(server_ret),
810 IsError(ERR_CONNECTION_CLOSED));
ryanchung987b2ff2016-02-19 00:17:12811}
812
ryanchungeb9e3bc2016-03-08 05:08:10813TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) {
rsleevia5c430222016-03-11 05:55:12814 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
815 ASSERT_NO_FATAL_FAILURE(CreateContext());
816 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10817 // Use the default setting for the client socket, which is to not send
818 // a client certificate. This will cause the client to receive an
819 // ERR_SSL_CLIENT_AUTH_CERT_NEEDED error, and allow for inspecting the
820 // requested cert_authorities from the CertificateRequest sent by the
821 // server.
822
823 TestCompletionCallback handshake_callback;
824 int server_ret = server_socket_->Handshake(handshake_callback.callback());
825
826 TestCompletionCallback connect_callback;
827 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
828 connect_callback.GetResult(
829 client_socket_->Connect(connect_callback.callback())));
830
831 scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
832 client_socket_->GetSSLCertRequestInfo(request_info.get());
833
834 // Check that the authority name that arrived in the CertificateRequest
835 // handshake message is as expected.
836 scoped_refptr<X509Certificate> client_cert =
837 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12838 ASSERT_TRUE(client_cert);
ryanchungeb9e3bc2016-03-08 05:08:10839 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info->cert_authorities));
840
841 client_socket_->Disconnect();
842
davidben3418e81f2016-10-19 00:09:45843 EXPECT_THAT(handshake_callback.GetResult(server_ret),
844 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10845 server_socket_->Disconnect();
846
847 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12848 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10849 TestCompletionCallback handshake_callback2;
850 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
851
852 TestCompletionCallback connect_callback2;
853 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED,
854 connect_callback2.GetResult(
855 client_socket_->Connect(connect_callback2.callback())));
856
857 scoped_refptr<SSLCertRequestInfo> request_info2 = new SSLCertRequestInfo();
858 client_socket_->GetSSLCertRequestInfo(request_info2.get());
859
860 // Check that the authority name that arrived in the CertificateRequest
861 // handshake message is as expected.
862 EXPECT_TRUE(client_cert->IsIssuedByEncoded(request_info2->cert_authorities));
863
864 client_socket_->Disconnect();
865
davidben3418e81f2016-10-19 00:09:45866 EXPECT_THAT(handshake_callback2.GetResult(server_ret2),
867 IsError(ERR_CONNECTION_CLOSED));
ryanchungeb9e3bc2016-03-08 05:08:10868}
869
ryanchung987b2ff2016-02-19 00:17:12870TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) {
871 scoped_refptr<X509Certificate> client_cert =
872 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12873 ASSERT_TRUE(client_cert);
874
875 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
876 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
877 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
878 ASSERT_NO_FATAL_FAILURE(CreateContext());
879 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchung987b2ff2016-02-19 00:17:12880
881 TestCompletionCallback handshake_callback;
882 int server_ret = server_socket_->Handshake(handshake_callback.callback());
883
884 TestCompletionCallback connect_callback;
885 int client_ret = client_socket_->Connect(connect_callback.callback());
886
Steven Valdez0ef94d02018-11-19 23:28:13887 // In TLS 1.3, the client cert error isn't exposed until Read is called.
888 EXPECT_EQ(OK, connect_callback.GetResult(client_ret));
889 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
890 handshake_callback.GetResult(server_ret));
891
892 // Pump client read to get client cert error.
893 const int kReadBufSize = 1024;
894 scoped_refptr<DrainableIOBuffer> read_buf =
895 base::MakeRefCounted<DrainableIOBuffer>(
896 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
897 TestCompletionCallback read_callback;
898 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
899 read_callback.callback());
900 client_ret = read_callback.GetResult(client_ret);
901 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
902}
903
904TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedTLS12) {
905 scoped_refptr<X509Certificate> client_cert =
906 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
907 ASSERT_TRUE(client_cert);
908
909 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
910 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
911 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
912 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
913 ASSERT_NO_FATAL_FAILURE(CreateContext());
914 ASSERT_NO_FATAL_FAILURE(CreateSockets());
915
916 TestCompletionCallback handshake_callback;
917 int server_ret = server_socket_->Handshake(handshake_callback.callback());
918
919 TestCompletionCallback connect_callback;
920 int client_ret = client_socket_->Connect(connect_callback.callback());
921
ryanchung987b2ff2016-02-19 00:17:12922 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
923 connect_callback.GetResult(client_ret));
924 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
925 handshake_callback.GetResult(server_ret));
926}
ryanchungeb9e3bc2016-03-08 05:08:10927
928TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) {
929 scoped_refptr<X509Certificate> client_cert =
930 ImportCertFromFile(GetTestCertsDirectory(), kClientCertFileName);
rsleevia5c430222016-03-11 05:55:12931 ASSERT_TRUE(client_cert);
932
933 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForClient(
934 kWrongClientCertFileName, kWrongClientPrivateKeyFileName));
935 ASSERT_NO_FATAL_FAILURE(ConfigureClientCertsForServer());
936 ASSERT_NO_FATAL_FAILURE(CreateContext());
937 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10938
939 TestCompletionCallback handshake_callback;
940 int server_ret = server_socket_->Handshake(handshake_callback.callback());
941
942 TestCompletionCallback connect_callback;
943 int client_ret = client_socket_->Connect(connect_callback.callback());
944
Steven Valdez0ef94d02018-11-19 23:28:13945 // In TLS 1.3, the client cert error isn't exposed until Read is called.
946 EXPECT_EQ(OK, connect_callback.GetResult(client_ret));
ryanchungeb9e3bc2016-03-08 05:08:10947 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
948 handshake_callback.GetResult(server_ret));
949
Steven Valdez0ef94d02018-11-19 23:28:13950 // Pump client read to get client cert error.
951 const int kReadBufSize = 1024;
952 scoped_refptr<DrainableIOBuffer> read_buf =
953 base::MakeRefCounted<DrainableIOBuffer>(
954 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
955 TestCompletionCallback read_callback;
956 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
957 read_callback.callback());
958 client_ret = read_callback.GetResult(client_ret);
959 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
960
ryanchungeb9e3bc2016-03-08 05:08:10961 client_socket_->Disconnect();
962 server_socket_->Disconnect();
963
964 // Below, check that the cache didn't store the result of a failed handshake.
rsleevia5c430222016-03-11 05:55:12965 ASSERT_NO_FATAL_FAILURE(CreateSockets());
ryanchungeb9e3bc2016-03-08 05:08:10966 TestCompletionCallback handshake_callback2;
967 int server_ret2 = server_socket_->Handshake(handshake_callback2.callback());
968
969 TestCompletionCallback connect_callback2;
970 int client_ret2 = client_socket_->Connect(connect_callback2.callback());
971
Steven Valdez0ef94d02018-11-19 23:28:13972 // In TLS 1.3, the client cert error isn't exposed until Read is called.
973 EXPECT_EQ(OK, connect_callback2.GetResult(client_ret2));
ryanchungeb9e3bc2016-03-08 05:08:10974 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT,
975 handshake_callback2.GetResult(server_ret2));
Steven Valdez0ef94d02018-11-19 23:28:13976
977 // Pump client read to get client cert error.
978 client_ret = client_socket_->Read(read_buf.get(), read_buf->BytesRemaining(),
979 read_callback.callback());
980 client_ret = read_callback.GetResult(client_ret);
981 EXPECT_EQ(ERR_BAD_SSL_CLIENT_AUTH_CERT, client_ret);
ryanchungeb9e3bc2016-03-08 05:08:10982}
ryanchung987b2ff2016-02-19 00:17:12983
[email protected]f61c3972010-12-23 09:54:15984TEST_F(SSLServerSocketTest, DataTransfer) {
rsleevia5c430222016-03-11 05:55:12985 ASSERT_NO_FATAL_FAILURE(CreateContext());
986 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]f61c3972010-12-23 09:54:15987
[email protected]f61c3972010-12-23 09:54:15988 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:12989 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:55990 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04991 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15992
ryanchung987b2ff2016-02-19 00:17:12993 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:13994 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:04995 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:15996
[email protected]febbbb52011-08-17 04:59:23997 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:01998 ASSERT_THAT(client_ret, IsOk());
[email protected]febbbb52011-08-17 04:59:23999 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:011000 ASSERT_THAT(server_ret, IsOk());
[email protected]f61c3972010-12-23 09:54:151001
1002 const int kReadBufSize = 1024;
[email protected]fa6ce922014-07-17 04:27:041003 scoped_refptr<StringIOBuffer> write_buf =
Victor Costan9c7302b2018-08-27 16:39:441004 base::MakeRefCounted<StringIOBuffer>("testing123");
[email protected]fa6ce922014-07-17 04:27:041005 scoped_refptr<DrainableIOBuffer> read_buf =
Victor Costancd439782018-08-30 07:27:571006 base::MakeRefCounted<DrainableIOBuffer>(
1007 base::MakeRefCounted<IOBuffer>(kReadBufSize), kReadBufSize);
[email protected]f61c3972010-12-23 09:54:151008
1009 // Write then read.
[email protected]83039bb2011-12-09 18:43:551010 TestCompletionCallback write_callback;
1011 TestCompletionCallback read_callback;
ryanchungeb9e3bc2016-03-08 05:08:101012 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381013 write_callback.callback(),
1014 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041015 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]90499482013-06-01 00:39:501016 client_ret = client_socket_->Read(
1017 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041018 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:151019
[email protected]febbbb52011-08-17 04:59:231020 server_ret = write_callback.GetResult(server_ret);
1021 EXPECT_GT(server_ret, 0);
1022 client_ret = read_callback.GetResult(client_ret);
1023 ASSERT_GT(client_ret, 0);
1024
1025 read_buf->DidConsume(client_ret);
1026 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:501027 client_ret = client_socket_->Read(
1028 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041029 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:231030 client_ret = read_callback.GetResult(client_ret);
1031 ASSERT_GT(client_ret, 0);
1032 read_buf->DidConsume(client_ret);
[email protected]f61c3972010-12-23 09:54:151033 }
[email protected]febbbb52011-08-17 04:59:231034 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
1035 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:151036 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
1037
1038 // Read then write.
Victor Costan9c7302b2018-08-27 16:39:441039 write_buf = base::MakeRefCounted<StringIOBuffer>("hello123");
[email protected]90499482013-06-01 00:39:501040 server_ret = server_socket_->Read(
1041 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041042 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
ryanchungeb9e3bc2016-03-08 05:08:101043 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381044 write_callback.callback(),
1045 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041046 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]f61c3972010-12-23 09:54:151047
[email protected]febbbb52011-08-17 04:59:231048 server_ret = read_callback.GetResult(server_ret);
1049 ASSERT_GT(server_ret, 0);
1050 client_ret = write_callback.GetResult(client_ret);
1051 EXPECT_GT(client_ret, 0);
1052
1053 read_buf->DidConsume(server_ret);
1054 while (read_buf->BytesConsumed() < write_buf->size()) {
[email protected]90499482013-06-01 00:39:501055 server_ret = server_socket_->Read(
1056 read_buf.get(), read_buf->BytesRemaining(), read_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041057 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]febbbb52011-08-17 04:59:231058 server_ret = read_callback.GetResult(server_ret);
1059 ASSERT_GT(server_ret, 0);
1060 read_buf->DidConsume(server_ret);
[email protected]f61c3972010-12-23 09:54:151061 }
[email protected]febbbb52011-08-17 04:59:231062 EXPECT_EQ(write_buf->size(), read_buf->BytesConsumed());
1063 read_buf->SetOffset(0);
[email protected]f61c3972010-12-23 09:54:151064 EXPECT_EQ(0, memcmp(write_buf->data(), read_buf->data(), write_buf->size()));
1065}
[email protected]b0ff3f82011-07-23 05:12:391066
[email protected]c0e4dd12012-05-16 19:36:311067// A regression test for bug 127822 (http://crbug.com/127822).
1068// If the server closes the connection after the handshake is finished,
1069// the client's Write() call should not cause an infinite loop.
1070// NOTE: this is a test for SSLClientSocket rather than SSLServerSocket.
[email protected]4da82282014-07-16 18:40:431071TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) {
rsleevia5c430222016-03-11 05:55:121072 ASSERT_NO_FATAL_FAILURE(CreateContext());
1073 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]c0e4dd12012-05-16 19:36:311074
1075 // Establish connection.
ryanchung987b2ff2016-02-19 00:17:121076 TestCompletionCallback connect_callback;
[email protected]c0e4dd12012-05-16 19:36:311077 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041078 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311079
ryanchung987b2ff2016-02-19 00:17:121080 TestCompletionCallback handshake_callback;
[email protected]c0e4dd12012-05-16 19:36:311081 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041082 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311083
1084 client_ret = connect_callback.GetResult(client_ret);
robpercival214763f2016-07-01 23:27:011085 ASSERT_THAT(client_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:311086 server_ret = handshake_callback.GetResult(server_ret);
robpercival214763f2016-07-01 23:27:011087 ASSERT_THAT(server_ret, IsOk());
[email protected]c0e4dd12012-05-16 19:36:311088
Victor Costan9c7302b2018-08-27 16:39:441089 scoped_refptr<StringIOBuffer> write_buf =
1090 base::MakeRefCounted<StringIOBuffer>("testing123");
[email protected]c0e4dd12012-05-16 19:36:311091
1092 // The server closes the connection. The server needs to write some
1093 // data first so that the client's Read() calls from the transport
1094 // socket won't return ERR_IO_PENDING. This ensures that the client
1095 // will call Read() on the transport socket again.
1096 TestCompletionCallback write_callback;
ryanchungeb9e3bc2016-03-08 05:08:101097 server_ret = server_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381098 write_callback.callback(),
1099 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041100 EXPECT_TRUE(server_ret > 0 || server_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311101
1102 server_ret = write_callback.GetResult(server_ret);
1103 EXPECT_GT(server_ret, 0);
1104
1105 server_socket_->Disconnect();
1106
1107 // The client writes some data. This should not cause an infinite loop.
ryanchungeb9e3bc2016-03-08 05:08:101108 client_ret = client_socket_->Write(write_buf.get(), write_buf->size(),
Ramin Halavati0a08cc82018-02-06 07:46:381109 write_callback.callback(),
1110 TRAFFIC_ANNOTATION_FOR_TESTS);
[email protected]fa6ce922014-07-17 04:27:041111 EXPECT_TRUE(client_ret > 0 || client_ret == ERR_IO_PENDING);
[email protected]c0e4dd12012-05-16 19:36:311112
1113 client_ret = write_callback.GetResult(client_ret);
1114 EXPECT_GT(client_ret, 0);
1115
Weza03bae02018-07-13 17:17:331116 base::RunLoop run_loop;
skyostil4891b25b2015-06-11 11:43:451117 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
Weza03bae02018-07-13 17:17:331118 FROM_HERE, run_loop.QuitClosure(), base::TimeDelta::FromMilliseconds(10));
1119 run_loop.Run();
[email protected]c0e4dd12012-05-16 19:36:311120}
1121
[email protected]b0ff3f82011-07-23 05:12:391122// This test executes ExportKeyingMaterial() on the client and server sockets,
1123// after connecting them, and verifies that the results match.
1124// This test will fail if False Start is enabled (see crbug.com/90208).
1125TEST_F(SSLServerSocketTest, ExportKeyingMaterial) {
rsleevia5c430222016-03-11 05:55:121126 ASSERT_NO_FATAL_FAILURE(CreateContext());
1127 ASSERT_NO_FATAL_FAILURE(CreateSockets());
[email protected]b0ff3f82011-07-23 05:12:391128
[email protected]83039bb2011-12-09 18:43:551129 TestCompletionCallback connect_callback;
[email protected]83039bb2011-12-09 18:43:551130 int client_ret = client_socket_->Connect(connect_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041131 ASSERT_TRUE(client_ret == OK || client_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:391132
ryanchung987b2ff2016-02-19 00:17:121133 TestCompletionCallback handshake_callback;
[email protected]6ea7b152011-12-21 21:21:131134 int server_ret = server_socket_->Handshake(handshake_callback.callback());
[email protected]fa6ce922014-07-17 04:27:041135 ASSERT_TRUE(server_ret == OK || server_ret == ERR_IO_PENDING);
[email protected]b0ff3f82011-07-23 05:12:391136
[email protected]fa6ce922014-07-17 04:27:041137 if (client_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:011138 ASSERT_THAT(connect_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:391139 }
[email protected]fa6ce922014-07-17 04:27:041140 if (server_ret == ERR_IO_PENDING) {
robpercival214763f2016-07-01 23:27:011141 ASSERT_THAT(handshake_callback.WaitForResult(), IsOk());
[email protected]b0ff3f82011-07-23 05:12:391142 }
1143
1144 const int kKeyingMaterialSize = 32;
thestig9d3bb0c2015-01-24 00:49:511145 const char kKeyingLabel[] = "EXPERIMENTAL-server-socket-test";
1146 const char kKeyingContext[] = "";
[email protected]b0ff3f82011-07-23 05:12:391147 unsigned char server_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:101148 int rv = server_socket_->ExportKeyingMaterial(
1149 kKeyingLabel, false, kKeyingContext, server_out, sizeof(server_out));
robpercival214763f2016-07-01 23:27:011150 ASSERT_THAT(rv, IsOk());
[email protected]b0ff3f82011-07-23 05:12:391151
1152 unsigned char client_out[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:101153 rv = client_socket_->ExportKeyingMaterial(kKeyingLabel, false, kKeyingContext,
[email protected]b0ff3f82011-07-23 05:12:391154 client_out, sizeof(client_out));
robpercival214763f2016-07-01 23:27:011155 ASSERT_THAT(rv, IsOk());
[email protected]47a12862012-04-10 01:00:491156 EXPECT_EQ(0, memcmp(server_out, client_out, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:391157
thestig9d3bb0c2015-01-24 00:49:511158 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad";
[email protected]b0ff3f82011-07-23 05:12:391159 unsigned char client_bad[kKeyingMaterialSize];
ryanchungeb9e3bc2016-03-08 05:08:101160 rv = client_socket_->ExportKeyingMaterial(
1161 kKeyingLabelBad, false, kKeyingContext, client_bad, sizeof(client_bad));
[email protected]fa6ce922014-07-17 04:27:041162 ASSERT_EQ(rv, OK);
[email protected]47a12862012-04-10 01:00:491163 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out)));
[email protected]b0ff3f82011-07-23 05:12:391164}
[email protected]f61c3972010-12-23 09:54:151165
sergeyuff826d5e2015-05-13 20:35:221166// Verifies that SSLConfig::require_ecdhe flags works properly.
1167TEST_F(SSLServerSocketTest, RequireEcdheFlag) {
1168 // Disable all ECDHE suites on the client side.
1169 uint16_t kEcdheCiphers[] = {
1170 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1171 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1172 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1173 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1174 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1175 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1176 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1177 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
davidben17f89c82017-01-24 20:56:491178 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1179 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
sergeyuff826d5e2015-05-13 20:35:221180 };
1181 client_ssl_config_.disabled_cipher_suites.assign(
Avi Drissman4365a4782018-12-28 19:26:241182 kEcdheCiphers, kEcdheCiphers + base::size(kEcdheCiphers));
sergeyuff826d5e2015-05-13 20:35:221183
Steven Valdez0ef94d02018-11-19 23:28:131184 // Legacy RSA key exchange ciphers only exist in TLS 1.2 and below.
1185 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1186
sergeyuff826d5e2015-05-13 20:35:221187 // Require ECDHE on the server.
1188 server_ssl_config_.require_ecdhe = true;
1189
rsleevia5c430222016-03-11 05:55:121190 ASSERT_NO_FATAL_FAILURE(CreateContext());
1191 ASSERT_NO_FATAL_FAILURE(CreateSockets());
sergeyuff826d5e2015-05-13 20:35:221192
1193 TestCompletionCallback connect_callback;
sergeyuff826d5e2015-05-13 20:35:221194 int client_ret = client_socket_->Connect(connect_callback.callback());
ryanchung987b2ff2016-02-19 00:17:121195
1196 TestCompletionCallback handshake_callback;
sergeyuff826d5e2015-05-13 20:35:221197 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1198
1199 client_ret = connect_callback.GetResult(client_ret);
1200 server_ret = handshake_callback.GetResult(server_ret);
1201
robpercival214763f2016-07-01 23:27:011202 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1203 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
sergeyuff826d5e2015-05-13 20:35:221204}
1205
Ryan Ki Sing Chung665861e2017-12-15 22:05:551206// This test executes Connect() on SSLClientSocket and Handshake() on
1207// SSLServerSocket to make sure handshaking between the two sockets is
1208// completed successfully. The server key is represented by SSLPrivateKey.
1209TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKey) {
1210 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1211 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1212
1213 TestCompletionCallback handshake_callback;
1214 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1215
1216 TestCompletionCallback connect_callback;
1217 int client_ret = client_socket_->Connect(connect_callback.callback());
1218
1219 client_ret = connect_callback.GetResult(client_ret);
1220 server_ret = handshake_callback.GetResult(server_ret);
1221
1222 ASSERT_THAT(client_ret, IsOk());
1223 ASSERT_THAT(server_ret, IsOk());
1224
1225 // Make sure the cert status is expected.
1226 SSLInfo ssl_info;
1227 ASSERT_TRUE(client_socket_->GetSSLInfo(&ssl_info));
1228 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, ssl_info.cert_status);
1229
1230 // The default cipher suite should be ECDHE and an AEAD.
1231 uint16_t cipher_suite =
1232 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
1233 const char* key_exchange;
1234 const char* cipher;
1235 const char* mac;
1236 bool is_aead;
1237 bool is_tls13;
1238 SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13,
1239 cipher_suite);
1240 EXPECT_TRUE(is_aead);
Ryan Ki Sing Chung665861e2017-12-15 22:05:551241}
1242
1243// Verifies that non-ECDHE ciphers are disabled when using SSLPrivateKey as the
1244// server key.
1245TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) {
1246 // Disable all ECDHE suites on the client side.
1247 uint16_t kEcdheCiphers[] = {
1248 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA
1249 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1250 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1251 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA
1252 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA
1253 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA
1254 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1255 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256
1256 0xcca8, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1257 0xcca9, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1258 };
1259 client_ssl_config_.disabled_cipher_suites.assign(
Avi Drissman4365a4782018-12-28 19:26:241260 kEcdheCiphers, kEcdheCiphers + base::size(kEcdheCiphers));
Ryan Ki Sing Chung665861e2017-12-15 22:05:551261 // TLS 1.3 always works with SSLPrivateKey.
1262 client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2;
1263
1264 ASSERT_NO_FATAL_FAILURE(CreateContextSSLPrivateKey());
1265 ASSERT_NO_FATAL_FAILURE(CreateSockets());
1266
1267 TestCompletionCallback connect_callback;
1268 int client_ret = client_socket_->Connect(connect_callback.callback());
1269
1270 TestCompletionCallback handshake_callback;
1271 int server_ret = server_socket_->Handshake(handshake_callback.callback());
1272
1273 client_ret = connect_callback.GetResult(client_ret);
1274 server_ret = handshake_callback.GetResult(server_ret);
1275
1276 ASSERT_THAT(client_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1277 ASSERT_THAT(server_ret, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
1278}
1279
[email protected]f61c3972010-12-23 09:54:151280} // namespace net