OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_http_stream.h" | 5 #include "net/spdy/spdy_http_stream.h" |
6 | 6 |
7 #include "crypto/ec_private_key.h" | 7 #include "crypto/ec_private_key.h" |
8 #include "crypto/ec_signature_creator.h" | 8 #include "crypto/ec_signature_creator.h" |
9 #include "crypto/signature_creator.h" | 9 #include "crypto/signature_creator.h" |
10 #include "net/base/asn1_util.h" | 10 #include "net/base/asn1_util.h" |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
56 transport_params_, | 56 transport_params_, |
57 MEDIUM, | 57 MEDIUM, |
58 callback.callback(), | 58 callback.callback(), |
59 http_session_->GetTransportSocketPool( | 59 http_session_->GetTransportSocketPool( |
60 HttpNetworkSession::NORMAL_SOCKET_POOL), | 60 HttpNetworkSession::NORMAL_SOCKET_POOL), |
61 BoundNetLog())); | 61 BoundNetLog())); |
62 EXPECT_EQ(OK, callback.WaitForResult()); | 62 EXPECT_EQ(OK, callback.WaitForResult()); |
63 return session_->InitializeWithSocket(connection.release(), false, OK); | 63 return session_->InitializeWithSocket(connection.release(), false, OK); |
64 } | 64 } |
65 | 65 |
66 void TestSendCredentials( | |
67 OriginBoundCertService* obc_service, | |
68 const std::string& cert, | |
69 const std::string& proof, | |
70 SSLClientCertType type); | |
71 | |
72 SpdySessionDependencies session_deps_; | 66 SpdySessionDependencies session_deps_; |
73 scoped_ptr<OrderedSocketData> data_; | 67 scoped_ptr<OrderedSocketData> data_; |
74 scoped_refptr<HttpNetworkSession> http_session_; | 68 scoped_refptr<HttpNetworkSession> http_session_; |
75 scoped_refptr<SpdySession> session_; | 69 scoped_refptr<SpdySession> session_; |
76 scoped_refptr<TransportSocketParams> transport_params_; | 70 scoped_refptr<TransportSocketParams> transport_params_; |
77 }; | 71 }; |
78 | 72 |
79 TEST_F(SpdyHttpStreamSpdy2Test, SendRequest) { | 73 TEST_F(SpdyHttpStreamSpdy2Test, SendRequest) { |
80 EnableCompression(false); | 74 EnableCompression(false); |
81 | 75 |
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
236 // This triggers read 3. The empty read causes the session to shut down. | 230 // This triggers read 3. The empty read causes the session to shut down. |
237 data()->CompleteRead(); | 231 data()->CompleteRead(); |
238 | 232 |
239 // Because we abandoned the stream, we don't expect to find a session in the | 233 // Because we abandoned the stream, we don't expect to find a session in the |
240 // pool anymore. | 234 // pool anymore. |
241 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); | 235 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); |
242 EXPECT_TRUE(data()->at_read_eof()); | 236 EXPECT_TRUE(data()->at_read_eof()); |
243 EXPECT_TRUE(data()->at_write_eof()); | 237 EXPECT_TRUE(data()->at_write_eof()); |
244 } | 238 } |
245 | 239 |
246 namespace { | |
247 | |
248 void GetECOriginBoundCertAndProof(const std::string& origin, | |
249 OriginBoundCertService* obc_service, | |
250 std::string* cert, | |
251 std::string* proof) { | |
252 TestCompletionCallback callback; | |
253 std::vector<uint8> requested_cert_types; | |
254 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); | |
255 SSLClientCertType cert_type; | |
256 std::string key; | |
257 OriginBoundCertService::RequestHandle request_handle; | |
258 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, | |
259 &cert_type, &key, cert, | |
260 callback.callback(), | |
261 &request_handle); | |
262 EXPECT_EQ(ERR_IO_PENDING, rv); | |
263 EXPECT_EQ(OK, callback.WaitForResult()); | |
264 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type); | |
265 | |
266 unsigned char secret[32]; | |
267 memset(secret, 'A', arraysize(secret)); | |
268 | |
269 // Convert the key string into a vector<unit8> | |
270 std::vector<uint8> key_data(key.begin(), key.end()); | |
271 | |
272 base::StringPiece spki_piece; | |
273 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece)); | |
274 std::vector<uint8> spki(spki_piece.data(), | |
275 spki_piece.data() + spki_piece.size()); | |
276 | |
277 std::vector<uint8> proof_data; | |
278 scoped_ptr<crypto::ECPrivateKey> private_key( | |
279 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | |
280 OriginBoundCertService::kEPKIPassword, key_data, spki)); | |
281 scoped_ptr<crypto::ECSignatureCreator> creator( | |
282 crypto::ECSignatureCreator::Create(private_key.get())); | |
283 creator->Sign(secret, arraysize(secret), &proof_data); | |
284 proof->assign(proof_data.begin(), proof_data.end()); | |
285 } | |
286 | |
287 } // namespace | |
288 | |
289 // TODO(rch): When openssl supports origin bound certifictes, this | |
290 // guard can be removed | |
291 #if !defined(USE_OPENSSL) | |
292 // Test that if we request a resource for a new origin on a session that | |
293 // used origin bound certificates, that we send a CREDENTIAL frame for | |
294 // the new origin before we send the new request. | |
295 void SpdyHttpStreamSpdy2Test::TestSendCredentials( | |
296 OriginBoundCertService* obc_service, | |
297 const std::string& cert, | |
298 const std::string& proof, | |
299 SSLClientCertType type) { | |
300 EnableCompression(false); | |
301 | |
302 spdy::SpdyCredential cred; | |
303 cred.slot = 1; | |
304 cred.proof = proof; | |
305 cred.certs.push_back(cert); | |
306 | |
307 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST)); | |
308 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred)); | |
309 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com", | |
310 false, 3, LOWEST)); | |
311 MockWrite writes[] = { | |
312 CreateMockWrite(*req.get(), 0), | |
313 CreateMockWrite(*credential.get(), 2), | |
314 CreateMockWrite(*req2.get(), 3), | |
315 }; | |
316 | |
317 scoped_ptr<spdy::SpdyFrame> resp(ConstructSpdyGetSynReply(NULL, 0, 1)); | |
318 scoped_ptr<spdy::SpdyFrame> resp2(ConstructSpdyGetSynReply(NULL, 0, 3)); | |
319 MockRead reads[] = { | |
320 CreateMockRead(*resp, 1), | |
321 CreateMockRead(*resp2, 4), | |
322 MockRead(SYNCHRONOUS, 0, 5) // EOF | |
323 }; | |
324 | |
325 HostPortPair host_port_pair("www.google.com", 80); | |
326 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); | |
327 | |
328 DeterministicMockClientSocketFactory* socket_factory = | |
329 session_deps_.deterministic_socket_factory.get(); | |
330 scoped_refptr<DeterministicSocketData> data( | |
331 new DeterministicSocketData(reads, arraysize(reads), | |
332 writes, arraysize(writes))); | |
333 socket_factory->AddSocketDataProvider(data.get()); | |
334 SSLSocketDataProvider ssl(SYNCHRONOUS, OK); | |
335 ssl.origin_bound_cert_type = type; | |
336 ssl.origin_bound_cert_service = obc_service; | |
337 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; | |
338 socket_factory->AddSSLSocketDataProvider(&ssl); | |
339 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( | |
340 &session_deps_); | |
341 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); | |
342 transport_params_ = new TransportSocketParams(host_port_pair, | |
343 MEDIUM, false, false); | |
344 TestCompletionCallback callback; | |
345 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | |
346 SSLConfig ssl_config; | |
347 scoped_refptr<SOCKSSocketParams> socks_params; | |
348 scoped_refptr<HttpProxySocketParams> http_proxy_params; | |
349 scoped_refptr<SSLSocketParams> ssl_params( | |
350 new SSLSocketParams(transport_params_, | |
351 socks_params, | |
352 http_proxy_params, | |
353 ProxyServer::SCHEME_DIRECT, | |
354 host_port_pair, | |
355 ssl_config, | |
356 0, | |
357 false, | |
358 false)); | |
359 EXPECT_EQ(ERR_IO_PENDING, | |
360 connection->Init(host_port_pair.ToString(), | |
361 ssl_params, | |
362 MEDIUM, | |
363 callback.callback(), | |
364 http_session_->GetSSLSocketPool( | |
365 HttpNetworkSession::NORMAL_SOCKET_POOL), | |
366 BoundNetLog())); | |
367 callback.WaitForResult(); | |
368 EXPECT_EQ(OK, | |
369 session_->InitializeWithSocket(connection.release(), true, OK)); | |
370 | |
371 HttpRequestInfo request; | |
372 request.method = "GET"; | |
373 request.url = GURL("http://www.google.com/"); | |
374 HttpResponseInfo response; | |
375 HttpRequestHeaders headers; | |
376 BoundNetLog net_log; | |
377 scoped_ptr<SpdyHttpStream> http_stream( | |
378 new SpdyHttpStream(session_.get(), true)); | |
379 ASSERT_EQ( | |
380 OK, | |
381 http_stream->InitializeStream(&request, net_log, CompletionCallback())); | |
382 | |
383 EXPECT_FALSE(session_->NeedsCredentials(host_port_pair)); | |
384 HostPortPair new_host_port_pair("www.gmail.com", 80); | |
385 EXPECT_TRUE(session_->NeedsCredentials(new_host_port_pair)); | |
386 | |
387 EXPECT_EQ(ERR_IO_PENDING, http_stream->SendRequest(headers, NULL, &response, | |
388 callback.callback())); | |
389 EXPECT_TRUE(http_session_->spdy_session_pool()->HasSession(pair)); | |
390 | |
391 data->RunFor(2); | |
392 callback.WaitForResult(); | |
393 | |
394 // Start up second request for resource on a new origin. | |
395 scoped_ptr<SpdyHttpStream> http_stream2( | |
396 new SpdyHttpStream(session_.get(), true)); | |
397 request.url = GURL("http://www.gmail.com/"); | |
398 ASSERT_EQ( | |
399 OK, | |
400 http_stream2->InitializeStream(&request, net_log, CompletionCallback())); | |
401 EXPECT_EQ(ERR_IO_PENDING, http_stream2->SendRequest(headers, NULL, &response, | |
402 callback.callback())); | |
403 data->RunFor(2); | |
404 callback.WaitForResult(); | |
405 | |
406 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders( | |
407 callback.callback())); | |
408 data->RunFor(1); | |
409 EXPECT_EQ(OK, callback.WaitForResult()); | |
410 ASSERT_TRUE(response.headers.get() != NULL); | |
411 ASSERT_EQ(200, response.headers->response_code()); | |
412 } | |
413 | |
414 class MockECSignatureCreator : public crypto::ECSignatureCreator { | |
415 public: | |
416 explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {} | |
417 | |
418 virtual bool Sign(const uint8* data, | |
419 int data_len, | |
420 std::vector<uint8>* signature) OVERRIDE { | |
421 std::vector<uint8> private_key_value; | |
422 key_->ExportValue(&private_key_value); | |
423 std::string head = "fakesignature"; | |
424 std::string tail = "/fakesignature"; | |
425 | |
426 signature->clear(); | |
427 signature->insert(signature->end(), head.begin(), head.end()); | |
428 signature->insert(signature->end(), private_key_value.begin(), | |
429 private_key_value.end()); | |
430 signature->insert(signature->end(), '-'); | |
431 signature->insert(signature->end(), data, data + data_len); | |
432 signature->insert(signature->end(), tail.begin(), tail.end()); | |
433 return true; | |
434 } | |
435 | |
436 private: | |
437 crypto::ECPrivateKey* key_; | |
438 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator); | |
439 }; | |
440 | |
441 class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory { | |
442 public: | |
443 MockECSignatureCreatorFactory() {} | |
444 virtual ~MockECSignatureCreatorFactory() {} | |
445 | |
446 virtual crypto::ECSignatureCreator* Create( | |
447 crypto::ECPrivateKey* key) OVERRIDE { | |
448 return new MockECSignatureCreator(key); | |
449 } | |
450 private: | |
451 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory); | |
452 }; | |
453 | |
454 #endif // !defined(USE_OPENSSL) | |
455 | |
456 // TODO(willchan): Write a longer test for SpdyStream that exercises all | 240 // TODO(willchan): Write a longer test for SpdyStream that exercises all |
457 // methods. | 241 // methods. |
458 | 242 |
459 } // namespace net | 243 } // namespace net |
OLD | NEW |