1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
12 #include "base/compiler_specific.h"
13 #include "base/files/file_path.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "net/base/host_port_pair.h"
20 class DictionaryValue
;
26 class ScopedPortException
;
28 // The base class of Test server implementation.
29 class BaseTestServer
{
31 typedef std::pair
<std::string
, std::string
> StringPair
;
33 // Following types represent protocol schemes. See also
34 // http://www.iana.org/assignments/uri-schemes.html
36 TYPE_BASIC_AUTH_PROXY
,
46 // Container for various options to control how the HTTPS or WSS server is
49 enum ServerCertificate
{
52 // CERT_AUTO causes the testserver to generate a test certificate issued
53 // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
58 // Cross-signed certificate to test PKIX path building. Contains an
59 // intermediate cross-signed by an unknown root, while the client (via
60 // TestRootStore) is expected to have a self-signed version of the
62 CERT_CHAIN_WRONG_ROOT
,
65 // OCSPStatus enumerates the types of OCSP response that the testserver
75 // Bitmask of key exchange algorithms that the test server supports and that
76 // can be selectively enabled or disabled.
78 // Special value used to indicate that any algorithm the server supports
79 // is acceptable. Preferred over explicitly OR-ing all key exchange
83 KEY_EXCHANGE_RSA
= (1 << 0),
84 KEY_EXCHANGE_DHE_RSA
= (1 << 1),
87 // Bitmask of bulk encryption algorithms that the test server supports
88 // and that can be selectively enabled or disabled.
90 // Special value used to indicate that any algorithm the server supports
91 // is acceptable. Preferred over explicitly OR-ing all ciphers.
94 BULK_CIPHER_RC4
= (1 << 0),
95 BULK_CIPHER_AES128
= (1 << 1),
96 BULK_CIPHER_AES256
= (1 << 2),
98 // NOTE: 3DES support in the Python test server has external
99 // dependencies and not be available on all machines. Clients may not
100 // be able to connect if only 3DES is specified.
101 BULK_CIPHER_3DES
= (1 << 3),
104 // NOTE: the values of these enumerators are passed to the the Python test
105 // server. Do not change them.
106 enum TLSIntolerantLevel
{
107 TLS_INTOLERANT_NONE
= 0,
108 TLS_INTOLERANT_ALL
= 1, // Intolerant of all TLS versions.
109 TLS_INTOLERANT_TLS1_1
= 2, // Intolerant of TLS 1.1 or higher.
110 TLS_INTOLERANT_TLS1_2
= 3, // Intolerant of TLS 1.2 or higher.
113 // Initialize a new SSLOptions using CERT_OK as the certificate.
116 // Initialize a new SSLOptions that will use the specified certificate.
117 explicit SSLOptions(ServerCertificate cert
);
120 // Returns the relative filename of the file that contains the
121 // |server_certificate|.
122 base::FilePath
GetCertificateFile() const;
124 // GetOCSPArgument returns the value of any OCSP argument to testserver or
125 // the empty string if there is none.
126 std::string
GetOCSPArgument() const;
128 // The certificate to use when serving requests.
129 ServerCertificate server_certificate
;
131 // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
132 // response returned.
133 OCSPStatus ocsp_status
;
135 // If not zero, |cert_serial| will be the serial number of the
136 // auto-generated leaf certificate when |server_certificate==CERT_AUTO|.
139 // True if a CertificateRequest should be sent to the client during
141 bool request_client_certificate
;
143 // If |request_client_certificate| is true, an optional list of files,
144 // each containing a single, PEM-encoded X.509 certificates. The subject
145 // from each certificate will be added to the certificate_authorities
146 // field of the CertificateRequest.
147 std::vector
<base::FilePath
> client_authorities
;
149 // A bitwise-OR of KeyExchnage that should be used by the
150 // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented
151 // key exchange algorithms are acceptable.
154 // A bitwise-OR of BulkCipher that should be used by the
155 // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
156 // ciphers are acceptable.
159 // If true, pass the --https-record-resume argument to testserver.py which
160 // causes it to log session cache actions and echo the log on
161 // /ssl-session-cache.
164 // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
165 // negotiates an intolerant TLS version in order to test version fallback.
166 TLSIntolerantLevel tls_intolerant
;
168 // fallback_scsv_enabled, if true, causes the server to process the
169 // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
170 // when performing TLS version fallback in response to an SSL handshake
171 // failure. If this option is enabled then the server will reject fallback
173 bool fallback_scsv_enabled
;
175 // Temporary glue for testing: validation of SCTs is application-controlled
176 // and can be appropriately mocked out, so sending fake data here does not
177 // affect handshaking behaviour.
178 // TODO(ekasper): replace with valid SCT files for test certs.
179 // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
181 std::string signed_cert_timestamps_tls_ext
;
183 // Whether to staple the OCSP response.
184 bool staple_ocsp_response
;
186 // Whether to enable NPN support.
190 // Pass as the 'host' parameter during construction to server on 127.0.0.1
191 static const char kLocalhost
[];
193 // Initialize a TestServer listening on a specific host (IP or hostname).
194 BaseTestServer(Type type
, const std::string
& host
);
196 // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS.
197 BaseTestServer(Type type
, const SSLOptions
& ssl_options
);
199 // Returns the host port pair used by current Python based test server only
200 // if the server is started.
201 const HostPortPair
& host_port_pair() const;
203 const base::FilePath
& document_root() const { return document_root_
; }
204 const base::DictionaryValue
& server_data() const;
205 std::string
GetScheme() const;
206 bool GetAddressList(AddressList
* address_list
) const WARN_UNUSED_RESULT
;
208 GURL
GetURL(const std::string
& path
) const;
210 GURL
GetURLWithUser(const std::string
& path
,
211 const std::string
& user
) const;
213 GURL
GetURLWithUserAndPassword(const std::string
& path
,
214 const std::string
& user
,
215 const std::string
& password
) const;
217 static bool GetFilePathWithReplacements(
218 const std::string
& original_path
,
219 const std::vector
<StringPair
>& text_to_replace
,
220 std::string
* replacement_path
);
222 static bool UsingSSL(Type type
) {
223 return type
== BaseTestServer::TYPE_HTTPS
||
224 type
== BaseTestServer::TYPE_WSS
;
228 virtual ~BaseTestServer();
229 Type
type() const { return type_
; }
231 // Gets port currently assigned to host_port_pair_ without checking
232 // whether it's available (server started) or not.
235 // Sets |port| as the actual port used by Python based test server.
236 void SetPort(uint16 port
);
238 // Set up internal status when the server is started.
239 bool SetupWhenServerStarted() WARN_UNUSED_RESULT
;
241 // Clean up internal status when starting to stop server.
242 void CleanUpWhenStoppingServer();
244 // Set path of test resources.
245 void SetResourcePath(const base::FilePath
& document_root
,
246 const base::FilePath
& certificates_dir
);
248 // Parses the server data read from the test server. Returns true
250 bool ParseServerData(const std::string
& server_data
) WARN_UNUSED_RESULT
;
252 // Generates a DictionaryValue with the arguments for launching the external
253 // Python test server.
254 bool GenerateArguments(base::DictionaryValue
* arguments
) const
257 // Subclasses can override this to add arguments that are specific to their
259 virtual bool GenerateAdditionalArguments(
260 base::DictionaryValue
* arguments
) const WARN_UNUSED_RESULT
;
263 void Init(const std::string
& host
);
265 // Marks the root certificate of an HTTPS test server as trusted for
266 // the duration of tests.
267 bool LoadTestRootCert() const WARN_UNUSED_RESULT
;
269 // Document root of the test server.
270 base::FilePath document_root_
;
272 // Directory that contains the SSL certificates.
273 base::FilePath certificates_dir_
;
275 // Address the test server listens on.
276 HostPortPair host_port_pair_
;
278 // Holds the data sent from the server (e.g., port number).
279 scoped_ptr
<base::DictionaryValue
> server_data_
;
281 // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
283 SSLOptions ssl_options_
;
287 // Has the server been started?
290 // Enables logging of the server to the console.
291 bool log_to_console_
;
293 scoped_ptr
<ScopedPortException
> allowed_port_
;
295 DISALLOW_COPY_AND_ASSIGN(BaseTestServer
);
300 #endif // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_