OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_http_stream.h" | 5 #include "net/spdy/spdy_http_stream.h" |
6 | 6 |
7 #include "crypto/ec_private_key.h" | 7 #include "crypto/ec_private_key.h" |
8 #include "crypto/ec_signature_creator.h" | 8 #include "crypto/ec_signature_creator.h" |
9 #include "crypto/signature_creator.h" | 9 #include "crypto/signature_creator.h" |
10 #include "net/base/asn1_util.h" | 10 #include "net/base/asn1_util.h" |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
57 MEDIUM, | 57 MEDIUM, |
58 callback.callback(), | 58 callback.callback(), |
59 http_session_->GetTransportSocketPool( | 59 http_session_->GetTransportSocketPool( |
60 HttpNetworkSession::NORMAL_SOCKET_POOL), | 60 HttpNetworkSession::NORMAL_SOCKET_POOL), |
61 BoundNetLog())); | 61 BoundNetLog())); |
62 EXPECT_EQ(OK, callback.WaitForResult()); | 62 EXPECT_EQ(OK, callback.WaitForResult()); |
63 return session_->InitializeWithSocket(connection.release(), false, OK); | 63 return session_->InitializeWithSocket(connection.release(), false, OK); |
64 } | 64 } |
65 | 65 |
66 void TestSendCredentials( | 66 void TestSendCredentials( |
67 OriginBoundCertService* obc_service, | 67 ServerBoundCertService* server_bound_cert_service, |
68 const std::string& cert, | 68 const std::string& cert, |
69 const std::string& proof, | 69 const std::string& proof, |
70 SSLClientCertType type); | 70 SSLClientCertType type); |
71 | 71 |
72 SpdySessionDependencies session_deps_; | 72 SpdySessionDependencies session_deps_; |
73 scoped_ptr<OrderedSocketData> data_; | 73 scoped_ptr<OrderedSocketData> data_; |
74 scoped_refptr<HttpNetworkSession> http_session_; | 74 scoped_refptr<HttpNetworkSession> http_session_; |
75 scoped_refptr<SpdySession> session_; | 75 scoped_refptr<SpdySession> session_; |
76 scoped_refptr<TransportSocketParams> transport_params_; | 76 scoped_refptr<TransportSocketParams> transport_params_; |
77 }; | 77 }; |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
238 | 238 |
239 // Because we abandoned the stream, we don't expect to find a session in the | 239 // Because we abandoned the stream, we don't expect to find a session in the |
240 // pool anymore. | 240 // pool anymore. |
241 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); | 241 EXPECT_FALSE(http_session_->spdy_session_pool()->HasSession(pair)); |
242 EXPECT_TRUE(data()->at_read_eof()); | 242 EXPECT_TRUE(data()->at_read_eof()); |
243 EXPECT_TRUE(data()->at_write_eof()); | 243 EXPECT_TRUE(data()->at_write_eof()); |
244 } | 244 } |
245 | 245 |
246 namespace { | 246 namespace { |
247 | 247 |
248 void GetECOriginBoundCertAndProof(const std::string& origin, | 248 void GetECServerBoundCertAndProof( |
249 OriginBoundCertService* obc_service, | 249 const std::string& origin, |
250 std::string* cert, | 250 ServerBoundCertService* server_bound_cert_service, |
251 std::string* proof) { | 251 std::string* cert, |
| 252 std::string* proof) { |
252 TestCompletionCallback callback; | 253 TestCompletionCallback callback; |
253 std::vector<uint8> requested_cert_types; | 254 std::vector<uint8> requested_cert_types; |
254 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); | 255 requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN); |
255 SSLClientCertType cert_type; | 256 SSLClientCertType cert_type; |
256 std::string key; | 257 std::string key; |
257 OriginBoundCertService::RequestHandle request_handle; | 258 ServerBoundCertService::RequestHandle request_handle; |
258 int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types, | 259 int rv = server_bound_cert_service->GetDomainBoundCert( |
259 &cert_type, &key, cert, | 260 origin, requested_cert_types, &cert_type, &key, cert, callback.callback(), |
260 callback.callback(), | 261 &request_handle); |
261 &request_handle); | |
262 EXPECT_EQ(ERR_IO_PENDING, rv); | 262 EXPECT_EQ(ERR_IO_PENDING, rv); |
263 EXPECT_EQ(OK, callback.WaitForResult()); | 263 EXPECT_EQ(OK, callback.WaitForResult()); |
264 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type); | 264 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type); |
265 | 265 |
266 unsigned char secret[32]; | 266 unsigned char secret[32]; |
267 memset(secret, 'A', arraysize(secret)); | 267 memset(secret, 'A', arraysize(secret)); |
268 | 268 |
269 // Convert the key string into a vector<unit8> | 269 // Convert the key string into a vector<unit8> |
270 std::vector<uint8> key_data(key.begin(), key.end()); | 270 std::vector<uint8> key_data(key.begin(), key.end()); |
271 | 271 |
272 base::StringPiece spki_piece; | 272 base::StringPiece spki_piece; |
273 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece)); | 273 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece)); |
274 std::vector<uint8> spki(spki_piece.data(), | 274 std::vector<uint8> spki(spki_piece.data(), |
275 spki_piece.data() + spki_piece.size()); | 275 spki_piece.data() + spki_piece.size()); |
276 | 276 |
277 std::vector<uint8> proof_data; | 277 std::vector<uint8> proof_data; |
278 scoped_ptr<crypto::ECPrivateKey> private_key( | 278 scoped_ptr<crypto::ECPrivateKey> private_key( |
279 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 279 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
280 OriginBoundCertService::kEPKIPassword, key_data, spki)); | 280 ServerBoundCertService::kEPKIPassword, key_data, spki)); |
281 scoped_ptr<crypto::ECSignatureCreator> creator( | 281 scoped_ptr<crypto::ECSignatureCreator> creator( |
282 crypto::ECSignatureCreator::Create(private_key.get())); | 282 crypto::ECSignatureCreator::Create(private_key.get())); |
283 creator->Sign(secret, arraysize(secret), &proof_data); | 283 creator->Sign(secret, arraysize(secret), &proof_data); |
284 proof->assign(proof_data.begin(), proof_data.end()); | 284 proof->assign(proof_data.begin(), proof_data.end()); |
285 } | 285 } |
286 | 286 |
287 } // namespace | 287 } // namespace |
288 | 288 |
289 // TODO(rch): When openssl supports origin bound certifictes, this | 289 // TODO(rch): When openssl supports server bound certifictes, this |
290 // guard can be removed | 290 // guard can be removed |
291 #if !defined(USE_OPENSSL) | 291 #if !defined(USE_OPENSSL) |
292 // Test that if we request a resource for a new origin on a session that | 292 // Test that if we request a resource for a new origin on a session that |
293 // used origin bound certificates, that we send a CREDENTIAL frame for | 293 // used domain bound certificates, that we send a CREDENTIAL frame for |
294 // the new origin before we send the new request. | 294 // the new domain before we send the new request. |
295 void SpdyHttpStreamSpdy3Test::TestSendCredentials( | 295 void SpdyHttpStreamSpdy3Test::TestSendCredentials( |
296 OriginBoundCertService* obc_service, | 296 ServerBoundCertService* server_bound_cert_service, |
297 const std::string& cert, | 297 const std::string& cert, |
298 const std::string& proof, | 298 const std::string& proof, |
299 SSLClientCertType type) { | 299 SSLClientCertType type) { |
300 EnableCompression(false); | 300 EnableCompression(false); |
301 | 301 |
302 spdy::SpdyCredential cred; | 302 spdy::SpdyCredential cred; |
303 cred.slot = 1; | 303 cred.slot = 1; |
304 cred.proof = proof; | 304 cred.proof = proof; |
305 cred.certs.push_back(cert); | 305 cred.certs.push_back(cert); |
306 | 306 |
(...skipping 18 matching lines...) Expand all Loading... |
325 HostPortPair host_port_pair("www.google.com", 80); | 325 HostPortPair host_port_pair("www.google.com", 80); |
326 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); | 326 HostPortProxyPair pair(host_port_pair, ProxyServer::Direct()); |
327 | 327 |
328 DeterministicMockClientSocketFactory* socket_factory = | 328 DeterministicMockClientSocketFactory* socket_factory = |
329 session_deps_.deterministic_socket_factory.get(); | 329 session_deps_.deterministic_socket_factory.get(); |
330 scoped_refptr<DeterministicSocketData> data( | 330 scoped_refptr<DeterministicSocketData> data( |
331 new DeterministicSocketData(reads, arraysize(reads), | 331 new DeterministicSocketData(reads, arraysize(reads), |
332 writes, arraysize(writes))); | 332 writes, arraysize(writes))); |
333 socket_factory->AddSocketDataProvider(data.get()); | 333 socket_factory->AddSocketDataProvider(data.get()); |
334 SSLSocketDataProvider ssl(SYNCHRONOUS, OK); | 334 SSLSocketDataProvider ssl(SYNCHRONOUS, OK); |
335 ssl.origin_bound_cert_type = type; | 335 ssl.domain_bound_cert_type = type; |
336 ssl.origin_bound_cert_service = obc_service; | 336 ssl.server_bound_cert_service = server_bound_cert_service; |
337 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; | 337 ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3; |
338 socket_factory->AddSSLSocketDataProvider(&ssl); | 338 socket_factory->AddSSLSocketDataProvider(&ssl); |
339 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( | 339 http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic( |
340 &session_deps_); | 340 &session_deps_); |
341 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); | 341 session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog()); |
342 transport_params_ = new TransportSocketParams(host_port_pair, | 342 transport_params_ = new TransportSocketParams(host_port_pair, |
343 MEDIUM, false, false); | 343 MEDIUM, false, false); |
344 TestCompletionCallback callback; | 344 TestCompletionCallback callback; |
345 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); | 345 scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle); |
346 SSLConfig ssl_config; | 346 SSLConfig ssl_config; |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
450 private: | 450 private: |
451 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory); | 451 DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory); |
452 }; | 452 }; |
453 | 453 |
454 TEST_F(SpdyHttpStreamSpdy3Test, SendCredentialsEC) { | 454 TEST_F(SpdyHttpStreamSpdy3Test, SendCredentialsEC) { |
455 scoped_ptr<crypto::ECSignatureCreatorFactory> ec_signature_creator_factory( | 455 scoped_ptr<crypto::ECSignatureCreatorFactory> ec_signature_creator_factory( |
456 new MockECSignatureCreatorFactory()); | 456 new MockECSignatureCreatorFactory()); |
457 crypto::ECSignatureCreator::SetFactoryForTesting( | 457 crypto::ECSignatureCreator::SetFactoryForTesting( |
458 ec_signature_creator_factory.get()); | 458 ec_signature_creator_factory.get()); |
459 | 459 |
460 scoped_ptr<OriginBoundCertService> obc_service( | 460 scoped_ptr<ServerBoundCertService> server_bound_cert_service( |
461 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); | 461 new ServerBoundCertService(new DefaultServerBoundCertStore(NULL))); |
462 std::string cert; | 462 std::string cert; |
463 std::string proof; | 463 std::string proof; |
464 GetECOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(), | 464 GetECServerBoundCertAndProof("http://www.gmail.com/", |
| 465 server_bound_cert_service.get(), |
465 &cert, &proof); | 466 &cert, &proof); |
466 | 467 |
467 TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_ECDSA_SIGN); | 468 TestSendCredentials(server_bound_cert_service.get(), cert, proof, |
| 469 CLIENT_CERT_ECDSA_SIGN); |
468 } | 470 } |
469 | 471 |
470 #endif // !defined(USE_OPENSSL) | 472 #endif // !defined(USE_OPENSSL) |
471 | 473 |
472 // TODO(willchan): Write a longer test for SpdyStream that exercises all | 474 // TODO(willchan): Write a longer test for SpdyStream that exercises all |
473 // methods. | 475 // methods. |
474 | 476 |
475 } // namespace net | 477 } // namespace net |
OLD | NEW |