Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(375)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_http_stream_spdy2_unittest.cc

Issue 9617039: Change Origin bound certs -> Domain bound certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket_stream/socket_stream.cc ('k') | net/spdy/spdy_http_stream_spdy3_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_http_stream.h" 5 #include "net/spdy/spdy_http_stream.h"
6 6
7 #include "crypto/ec_private_key.h" 7 #include "crypto/ec_private_key.h"
8 #include "crypto/ec_signature_creator.h" 8 #include "crypto/ec_signature_creator.h"
9 #include "crypto/signature_creator.h" 9 #include "crypto/signature_creator.h"
10 #include "net/base/asn1_util.h" 10 #include "net/base/asn1_util.h"
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 transport_params_, 56 transport_params_,
57 MEDIUM, 57 MEDIUM,
58 callback.callback(), 58 callback.callback(),
59 http_session_->GetTransportSocketPool( 59 http_session_->GetTransportSocketPool(
60 HttpNetworkSession::NORMAL_SOCKET_POOL), 60 HttpNetworkSession::NORMAL_SOCKET_POOL),
61 BoundNetLog())); 61 BoundNetLog()));
62 EXPECT_EQ(OK, callback.WaitForResult()); 62 EXPECT_EQ(OK, callback.WaitForResult());
63 return session_->InitializeWithSocket(connection.release(), false, OK); 63 return session_->InitializeWithSocket(connection.release(), false, OK);
64 } 64 }
65 65
66 void TestSendCredentials(
67 OriginBoundCertService* obc_service,
68 const std::string& cert,
69 const std::string& proof,
70 SSLClientCertType type);
71
72 SpdySessionDependencies session_deps_; 66 SpdySessionDependencies session_deps_;
73 scoped_ptr<OrderedSocketData> data_; 67 scoped_ptr<OrderedSocketData> data_;
74 scoped_refptr<HttpNetworkSession> http_session_; 68 scoped_refptr<HttpNetworkSession> http_session_;
75 scoped_refptr<SpdySession> session_; 69 scoped_refptr<SpdySession> session_;
76 scoped_refptr<TransportSocketParams> transport_params_; 70 scoped_refptr<TransportSocketParams> transport_params_;
77 }; 71 };
78 72
79 TEST_F(SpdyHttpStreamSpdy2Test, SendRequest) { 73 TEST_F(SpdyHttpStreamSpdy2Test, SendRequest) {
80 EnableCompression(false); 74 EnableCompression(false);
81 75
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
236 // This triggers read 3. The empty read causes the session to shut down. 230 // This triggers read 3. The empty read causes the session to shut down.
237 data()->CompleteRead(); 231 data()->CompleteRead();
238 232
239 // Because we abandoned the stream, we don't expect to find a session in the 233 // Because we abandoned the stream, we don't expect to find a session in the
240 // pool anymore. 234 // pool anymore.
241 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); 235 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair));
242 EXPECT_TRUE(data()->at_read_eof()); 236 EXPECT_TRUE(data()->at_read_eof());
243 EXPECT_TRUE(data()->at_write_eof()); 237 EXPECT_TRUE(data()->at_write_eof());
244 } 238 }
245 239
246 namespace {
247
248 void GetECOriginBoundCertAndProof(const std::string& origin,
249 OriginBoundCertService* obc_service,
250 std::string* cert,
251 std::string* proof) {
252 TestCompletionCallback callback;
253 std::vector<uint8> requested_cert_types;
254 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
255 SSLClientCertType cert_type;
256 std::string key;
257 OriginBoundCertService::RequestHandle request_handle;
258 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types,
259 &cert_type, &key, cert,
260 callback.callback(),
261 &request_handle);
262 EXPECT_EQ(ERR_IO_PENDING, rv);
263 EXPECT_EQ(OK, callback.WaitForResult());
264 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
265
266 unsigned char secret[32];
267 memset(secret, 'A', arraysize(secret));
268
269 // Convert the key string into a vector<unit8>
270 std::vector<uint8> key_data(key.begin(), key.end());
271
272 base::StringPiece spki_piece;
273 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece));
274 std::vector<uint8> spki(spki_piece.data(),
275 spki_piece.data() + spki_piece.size());
276
277 std::vector<uint8> proof_data;
278 scoped_ptr<crypto::ECPrivateKey> private_key(
279 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
280 OriginBoundCertService::kEPKIPassword, key_data, spki));
281 scoped_ptr<crypto::ECSignatureCreator> creator(
282 crypto::ECSignatureCreator::Create(private_key.get()));
283 creator->Sign(secret, arraysize(secret), &proof_data);
284 proof->assign(proof_data.begin(), proof_data.end());
285 }
286
287 } // namespace
288
289 // TODO(rch): When openssl supports origin bound certifictes, this
290 // guard can be removed
291 #if !defined(USE_OPENSSL)
292 // Test that if we request a resource for a new origin on a session that
293 // used origin bound certificates, that we send a CREDENTIAL frame for
294 // the new origin before we send the new request.
295 void SpdyHttpStreamSpdy2Test::TestSendCredentials(
296 OriginBoundCertService* obc_service,
297 const std::string& cert,
298 const std::string& proof,
299 SSLClientCertType type) {
300 EnableCompression(false);
301
302 spdy::SpdyCredential cred;
303 cred.slot = 1;
304 cred.proof = proof;
305 cred.certs.push_back(cert);
306
307 scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST));
308 scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred));
309 scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com",
310 false, 3, LOWEST));
311 MockWrite writes[] = {
312 CreateMockWrite(*req.get(), 0),
313 CreateMockWrite(*credential.get(), 2),
314 CreateMockWrite(*req2.get(), 3),
315 };
316
317 scoped_ptr<spdy::SpdyFrame> resp(ConstructSpdyGetSynReply(NULL, 0, 1));
318 scoped_ptr<spdy::SpdyFrame> resp2(ConstructSpdyGetSynReply(NULL, 0, 3));
319 MockRead reads[] = {
320 CreateMockRead(*resp, 1),
321 CreateMockRead(*resp2, 4),
322 MockRead(SYNCHRONOUS, 0, 5) // EOF
323 };
324
325 HostPortPair host_port_pair("www.google.com", 80);
326 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct());
327
328 DeterministicMockClientSocketFactory* socket_factory =
329 session_deps_.deterministic_socket_factory.get();
330 scoped_refptr<DeterministicSocketData> data(
331 new DeterministicSocketData(reads, arraysize(reads),
332 writes, arraysize(writes)));
333 socket_factory->AddSocketDataProvider(data.get());
334 SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
335 ssl.origin_bound_cert_type = type;
336 ssl.origin_bound_cert_service = obc_service;
337 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
338 socket_factory->AddSSLSocketDataProvider(&ssl);
339 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic(
340 &session_deps_);
341 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog());
342 transport_params_ = new TransportSocketParams(host_port_pair,
343 MEDIUM, false, false);
344 TestCompletionCallback callback;
345 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
346 SSLConfig ssl_config;
347 scoped_refptr<SOCKSSocketParams> socks_params;
348 scoped_refptr<HttpProxySocketParams> http_proxy_params;
349 scoped_refptr<SSLSocketParams> ssl_params(
350 new SSLSocketParams(transport_params_,
351 socks_params,
352 http_proxy_params,
353 ProxyServer::SCHEME_DIRECT,
354 host_port_pair,
355 ssl_config,
356 0,
357 false,
358 false));
359 EXPECT_EQ(ERR_IO_PENDING,
360 connection->Init(host_port_pair.ToString(),
361 ssl_params,
362 MEDIUM,
363 callback.callback(),
364 http_session_->GetSSLSocketPool(
365 HttpNetworkSession::NORMAL_SOCKET_POOL),
366 BoundNetLog()));
367 callback.WaitForResult();
368 EXPECT_EQ(OK,
369 session_->InitializeWithSocket(connection.release(), true, OK));
370
371 HttpRequestInfo request;
372 request.method = "GET";
373 request.url = GURL("http://www.google.com/");
374 HttpResponseInfo response;
375 HttpRequestHeaders headers;
376 BoundNetLog net_log;
377 scoped_ptr<SpdyHttpStream> http_stream(
378 new SpdyHttpStream(session_.get(), true));
379 ASSERT_EQ(
380 OK,
381 http_stream->InitializeStream(&request, net_log, CompletionCallback()));
382
383 EXPECT_FALSE(session_->NeedsCredentials(host_port_pair));
384 HostPortPair new_host_port_pair("www.gmail.com", 80);
385 EXPECT_TRUE(session_->NeedsCredentials(new_host_port_pair));
386
387 EXPECT_EQ(ERR_IO_PENDING, http_stream->SendRequest(headers, NULL, &response,
388 callback.callback()));
389 EXPECT_TRUE(http_session_->spdy_session_pool()->HasSession(pair));
390
391 data->RunFor(2);
392 callback.WaitForResult();
393
394 // Start up second request for resource on a new origin.
395 scoped_ptr<SpdyHttpStream> http_stream2(
396 new SpdyHttpStream(session_.get(), true));
397 request.url = GURL("http://www.gmail.com/");
398 ASSERT_EQ(
399 OK,
400 http_stream2->InitializeStream(&request, net_log, CompletionCallback()));
401 EXPECT_EQ(ERR_IO_PENDING, http_stream2->SendRequest(headers, NULL, &response,
402 callback.callback()));
403 data->RunFor(2);
404 callback.WaitForResult();
405
406 EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders(
407 callback.callback()));
408 data->RunFor(1);
409 EXPECT_EQ(OK, callback.WaitForResult());
410 ASSERT_TRUE(response.headers.get() != NULL);
411 ASSERT_EQ(200, response.headers->response_code());
412 }
413
414 class MockECSignatureCreator : public crypto::ECSignatureCreator {
415 public:
416 explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {}
417
418 virtual bool Sign(const uint8* data,
419 int data_len,
420 std::vector<uint8>* signature) OVERRIDE {
421 std::vector<uint8> private_key_value;
422 key_->ExportValue(&private_key_value);
423 std::string head = "fakesignature";
424 std::string tail = "/fakesignature";
425
426 signature->clear();
427 signature->insert(signature->end(), head.begin(), head.end());
428 signature->insert(signature->end(), private_key_value.begin(),
429 private_key_value.end());
430 signature->insert(signature->end(), '-');
431 signature->insert(signature->end(), data, data + data_len);
432 signature->insert(signature->end(), tail.begin(), tail.end());
433 return true;
434 }
435
436 private:
437 crypto::ECPrivateKey* key_;
438 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator);
439 };
440
441 class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory {
442 public:
443 MockECSignatureCreatorFactory() {}
444 virtual ~MockECSignatureCreatorFactory() {}
445
446 virtual crypto::ECSignatureCreator* Create(
447 crypto::ECPrivateKey* key) OVERRIDE {
448 return new MockECSignatureCreator(key);
449 }
450 private:
451 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory);
452 };
453
454 #endif // !defined(USE_OPENSSL)
455
456 // TODO(willchan): Write a longer test for SpdyStream that exercises all 240 // TODO(willchan): Write a longer test for SpdyStream that exercises all
457 // methods. 241 // methods.
458 242
459 } // namespace net 243 } // namespace net
OLDNEW
« no previous file with comments | « net/socket_stream/socket_stream.cc ('k') | net/spdy/spdy_http_stream_spdy3_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698