// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif // This test suite uses SSLClientSocket to test the implementation of // SSLServerSocket. In order to establish connections between the sockets // we need two additional classes: // 1. FakeSocket // Connects SSL socket to FakeDataChannel. This class is just a stub. // // 2. FakeDataChannel // Implements the actual exchange of data between two FakeSockets. // // Implementations of these two classes are included in this file. #include "net/socket/ssl_server_socket.h" #include <stdint.h> #include <stdlib.h> #include <memory> #include <string_view> #include <utility> #include "base/check.h" #include "base/compiler_specific.h" #include "base/containers/queue.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/functional/callback_helpers.h" #include "base/location.h" #include "base/memory/raw_ptr.h" #include "base/memory/scoped_refptr.h" #include "base/notreached.h" #include "base/run_loop.h" #include "base/task/single_thread_task_runner.h" #include "base/test/bind.h" #include "base/test/task_environment.h" #include "build/build_config.h" #include "crypto/rsa_private_key.h" #include "net/base/address_list.h" #include "net/base/completion_once_callback.h" #include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" #include "net/cert/cert_status_flags.h" #include "net/cert/mock_cert_verifier.h" #include "net/cert/mock_client_cert_verifier.h" #include "net/cert/signed_certificate_timestamp_and_status.h" #include "net/cert/x509_certificate.h" #include "net/http/transport_security_state.h" #include "net/log/net_log_with_source.h" #include "net/socket/client_socket_factory.h" #include "net/socket/socket_test_util.h" #include "net/socket/ssl_client_socket.h" #include "net/socket/stream_socket.h" #include "net/ssl/openssl_private_key.h" #include "net/ssl/ssl_cert_request_info.h" #include "net/ssl/ssl_cipher_suite_names.h" #include "net/ssl/ssl_client_session_cache.h" #include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/ssl_server_config.h" #include "net/ssl/test_ssl_config_service.h" #include "net/test/cert_test_util.h" #include "net/test/gtest_util.h" #include "net/test/test_data_directory.h" #include "net/test/test_with_task_environment.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/ssl.h" IsError; IsOk; namespace net { namespace { // Client certificates are disabled on iOS. #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES) const char kClientCertFileName[] = …; const char kClientPrivateKeyFileName[] = …; const char kWrongClientCertFileName[] = …; const char kWrongClientPrivateKeyFileName[] = …; #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES) const uint16_t kEcdheCiphers[] = …; class FakeDataChannel { … }; class FakeSocket : public StreamSocket { … }; } // namespace // Verify the correctness of the test helper classes first. TEST(FakeSocketTest, DataTransfer) { … } class SSLServerSocketTest : public PlatformTest, public WithTaskEnvironment { … }; class SSLServerSocketReadTest : public SSLServerSocketTest, public ::testing::WithParamInterface<bool> { … }; INSTANTIATE_TEST_SUITE_P(…); // This test only executes creation of client and server sockets. This is to // test that creation of sockets doesn't crash and have minimal code to run // with memory leak/corruption checking tools. TEST_F(SSLServerSocketTest, Initialize) { … } // This test executes Connect() on SSLClientSocket and Handshake() on // SSLServerSocket to make sure handshaking between the two sockets is // completed successfully. TEST_F(SSLServerSocketTest, Handshake) { … } // This test makes sure the session cache is working. TEST_F(SSLServerSocketTest, HandshakeCached) { … } // This test makes sure the session cache separates out by server context. TEST_F(SSLServerSocketTest, HandshakeCachedContextSwitch) { … } // Client certificates are disabled on iOS. #if BUILDFLAG(ENABLE_CLIENT_CERTIFICATES) // This test executes Connect() on SSLClientSocket and Handshake() on // SSLServerSocket to make sure handshaking between the two sockets is // completed successfully, using client certificate. TEST_F(SSLServerSocketTest, HandshakeWithClientCert) { … } // This test executes Connect() on SSLClientSocket and Handshake() twice on // SSLServerSocket to make sure handshaking between the two sockets is // completed successfully, using client certificate. The second connection is // expected to succeed through the session cache. TEST_F(SSLServerSocketTest, HandshakeWithClientCertCached) { … } TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) { … } TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) { … } TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSupplied) { … } TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedTLS12) { … } TEST_F(SSLServerSocketTest, HandshakeWithWrongClientCertSuppliedCached) { … } #endif // BUILDFLAG(ENABLE_CLIENT_CERTIFICATES) TEST_P(SSLServerSocketReadTest, DataTransfer) { … } // A regression test for bug 127822 (http://crbug.com/127822). // If the server closes the connection after the handshake is finished, // the client's Write() call should not cause an infinite loop. // NOTE: this is a test for SSLClientSocket rather than SSLServerSocket. TEST_F(SSLServerSocketTest, ClientWriteAfterServerClose) { … } // This test executes ExportKeyingMaterial() on the client and server sockets, // after connecting them, and verifies that the results match. // This test will fail if False Start is enabled (see crbug.com/90208). TEST_F(SSLServerSocketTest, ExportKeyingMaterial) { … } // Verifies that SSLConfig::require_ecdhe flags works properly. TEST_F(SSLServerSocketTest, RequireEcdheFlag) { … } // This test executes Connect() on SSLClientSocket and Handshake() on // SSLServerSocket to make sure handshaking between the two sockets is // completed successfully. The server key is represented by SSLPrivateKey. TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKey) { … } namespace { // Helper that wraps an underlying SSLPrivateKey to allow the test to // do some work immediately before a `Sign()` operation is performed. class SSLPrivateKeyHook : public SSLPrivateKey { … }; } // namespace // Verifies that if the client disconnects while during private key signing then // the disconnection is correctly reported to the `Handshake()` completion // callback, with `ERR_CONNECTION_CLOSED`. // This is a regression test for crbug.com/1449461. TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyDisconnectDuringSigning_ReturnsError) { … } // Verifies that non-ECDHE ciphers are disabled when using SSLPrivateKey as the // server key. TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) { … } class SSLServerSocketAlpsTest : public SSLServerSocketTest, public ::testing::WithParamInterface<std::tuple<bool, bool>> { … }; INSTANTIATE_TEST_SUITE_P(…); TEST_P(SSLServerSocketAlpsTest, Alps) { … } // Test that CancelReadIfReady works. TEST_F(SSLServerSocketTest, CancelReadIfReady) { … } } // namespace net
Codebase Browser
chromium