net/test/spawned_test_server/base_test_server.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
   6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
   7
   8 #include <string>
   9 #include <utility>
  10 #include <vector>
  11
  12 #include "base/compiler_specific.h"
  13 #include "base/files/file_path.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "net/base/host_port_pair.h"
  16
  17 class GURL;
  18
  19 namespace base {
  20 class DictionaryValue;
  21 }
  22
  23 namespace net {
  24
  25 class AddressList;
  26 class ScopedPortException;
  27
  28 // The base class of Test server implementation.
  29 class BaseTestServer {
  30  public:
  31   typedef std::pair<std::string, std::string> StringPair;
  32
  33   // Following types represent protocol schemes. See also
  34   // http://www.iana.org/assignments/uri-schemes.html
  35   enum Type {
  36     TYPE_BASIC_AUTH_PROXY,
  37     TYPE_FTP,
  38     TYPE_HTTP,
  39     TYPE_HTTPS,
  40     TYPE_WS,
  41     TYPE_WSS,
  42     TYPE_TCP_ECHO,
  43     TYPE_UDP_ECHO,
  44   };
  45
  46   // Container for various options to control how the HTTPS or WSS server is
  47   // initialized.
  48   struct SSLOptions {
  49     enum ServerCertificate {
  50       CERT_OK,
  51
  52       // CERT_AUTO causes the testserver to generate a test certificate issued
  53       // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
  54       CERT_AUTO,
  55
  56       CERT_MISMATCHED_NAME,
  57       CERT_EXPIRED,
  58       // Cross-signed certificate to test PKIX path building. Contains an
  59       // intermediate cross-signed by an unknown root, while the client (via
  60       // TestRootStore) is expected to have a self-signed version of the
  61       // intermediate.
  62       CERT_CHAIN_WRONG_ROOT,
  63     };
  64
  65     // OCSPStatus enumerates the types of OCSP response that the testserver
  66     // can produce.
  67     enum OCSPStatus {
  68       OCSP_OK,
  69       OCSP_REVOKED,
  70       OCSP_INVALID,
  71       OCSP_UNAUTHORIZED,
  72       OCSP_UNKNOWN,
  73     };
  74
  75     // Bitmask of key exchange algorithms that the test server supports and that
  76     // can be selectively enabled or disabled.
  77     enum KeyExchange {
  78       // Special value used to indicate that any algorithm the server supports
  79       // is acceptable. Preferred over explicitly OR-ing all key exchange
  80       // algorithms.
  81       KEY_EXCHANGE_ANY     = 0,
  82
  83       KEY_EXCHANGE_RSA     = (1 << 0),
  84       KEY_EXCHANGE_DHE_RSA = (1 << 1),
  85     };
  86
  87     // Bitmask of bulk encryption algorithms that the test server supports
  88     // and that can be selectively enabled or disabled.
  89     enum BulkCipher {
  90       // Special value used to indicate that any algorithm the server supports
  91       // is acceptable. Preferred over explicitly OR-ing all ciphers.
  92       BULK_CIPHER_ANY    = 0,
  93
  94       BULK_CIPHER_RC4    = (1 << 0),
  95       BULK_CIPHER_AES128 = (1 << 1),
  96       BULK_CIPHER_AES256 = (1 << 2),
  97
  98       // NOTE: 3DES support in the Python test server has external
  99       // dependencies and not be available on all machines. Clients may not
 100       // be able to connect if only 3DES is specified.
 101       BULK_CIPHER_3DES   = (1 << 3),
 102     };
 103
 104     // NOTE: the values of these enumerators are passed to the the Python test
 105     // server. Do not change them.
 106     enum TLSIntolerantLevel {
 107       TLS_INTOLERANT_NONE = 0,
 108       TLS_INTOLERANT_ALL = 1,  // Intolerant of all TLS versions.
 109       TLS_INTOLERANT_TLS1_1 = 2,  // Intolerant of TLS 1.1 or higher.
 110       TLS_INTOLERANT_TLS1_2 = 3,  // Intolerant of TLS 1.2 or higher.
 111     };
 112
 113     // Initialize a new SSLOptions using CERT_OK as the certificate.
 114     SSLOptions();
 115
 116     // Initialize a new SSLOptions that will use the specified certificate.
 117     explicit SSLOptions(ServerCertificate cert);
 118     ~SSLOptions();
 119
 120     // Returns the relative filename of the file that contains the
 121     // |server_certificate|.
 122     base::FilePath GetCertificateFile() const;
 123
 124     // GetOCSPArgument returns the value of any OCSP argument to testserver or
 125     // the empty string if there is none.
 126     std::string GetOCSPArgument() const;
 127
 128     // The certificate to use when serving requests.
 129     ServerCertificate server_certificate;
 130
 131     // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
 132     // response returned.
 133     OCSPStatus ocsp_status;
 134
 135     // If not zero, |cert_serial| will be the serial number of the
 136     // auto-generated leaf certificate when |server_certificate==CERT_AUTO|.
 137     uint64 cert_serial;
 138
 139     // True if a CertificateRequest should be sent to the client during
 140     // handshaking.
 141     bool request_client_certificate;
 142
 143     // If |request_client_certificate| is true, an optional list of files,
 144     // each containing a single, PEM-encoded X.509 certificates. The subject
 145     // from each certificate will be added to the certificate_authorities
 146     // field of the CertificateRequest.
 147     std::vector<base::FilePath> client_authorities;
 148
 149     // A bitwise-OR of KeyExchnage that should be used by the
 150     // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented
 151     // key exchange algorithms are acceptable.
 152     int key_exchanges;
 153
 154     // A bitwise-OR of BulkCipher that should be used by the
 155     // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
 156     // ciphers are acceptable.
 157     int bulk_ciphers;
 158
 159     // If true, pass the --https-record-resume argument to testserver.py which
 160     // causes it to log session cache actions and echo the log on
 161     // /ssl-session-cache.
 162     bool record_resume;
 163
 164     // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
 165     // negotiates an intolerant TLS version in order to test version fallback.
 166     TLSIntolerantLevel tls_intolerant;
 167
 168     // fallback_scsv_enabled, if true, causes the server to process the
 169     // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
 170     // when performing TLS version fallback in response to an SSL handshake
 171     // failure. If this option is enabled then the server will reject fallback
 172     // connections.
 173     bool fallback_scsv_enabled;
 174
 175     // Temporary glue for testing: validation of SCTs is application-controlled
 176     // and can be appropriately mocked out, so sending fake data here does not
 177     // affect handshaking behaviour.
 178     // TODO(ekasper): replace with valid SCT files for test certs.
 179     // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
 180     // a TLS extension.
 181     std::string signed_cert_timestamps_tls_ext;
 182
 183     // Whether to staple the OCSP response.
 184     bool staple_ocsp_response;
 185
 186     // Whether to enable NPN support.
 187     bool enable_npn;
 188   };
 189
 190   // Pass as the 'host' parameter during construction to server on 127.0.0.1
 191   static const char kLocalhost[];
 192
 193   // Initialize a TestServer listening on a specific host (IP or hostname).
 194   BaseTestServer(Type type,  const std::string& host);
 195
 196   // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS.
 197   BaseTestServer(Type type, const SSLOptions& ssl_options);
 198
 199   // Returns the host port pair used by current Python based test server only
 200   // if the server is started.
 201   const HostPortPair& host_port_pair() const;
 202
 203   const base::FilePath& document_root() const { return document_root_; }
 204   const base::DictionaryValue& server_data() const;
 205   std::string GetScheme() const;
 206   bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT;
 207
 208   GURL GetURL(const std::string& path) const;
 209
 210   GURL GetURLWithUser(const std::string& path,
 211                       const std::string& user) const;
 212
 213   GURL GetURLWithUserAndPassword(const std::string& path,
 214                                  const std::string& user,
 215                                  const std::string& password) const;
 216
 217   static bool GetFilePathWithReplacements(
 218       const std::string& original_path,
 219       const std::vector<StringPair>& text_to_replace,
 220       std::string* replacement_path);
 221
 222   static bool UsingSSL(Type type) {
 223     return type == BaseTestServer::TYPE_HTTPS ||
 224            type == BaseTestServer::TYPE_WSS;
 225   }
 226
 227  protected:
 228   virtual ~BaseTestServer();
 229   Type type() const { return type_; }
 230
 231   // Gets port currently assigned to host_port_pair_ without checking
 232   // whether it's available (server started) or not.
 233   uint16 GetPort();
 234
 235   // Sets |port| as the actual port used by Python based test server.
 236   void SetPort(uint16 port);
 237
 238   // Set up internal status when the server is started.
 239   bool SetupWhenServerStarted() WARN_UNUSED_RESULT;
 240
 241   // Clean up internal status when starting to stop server.
 242   void CleanUpWhenStoppingServer();
 243
 244   // Set path of test resources.
 245   void SetResourcePath(const base::FilePath& document_root,
 246                        const base::FilePath& certificates_dir);
 247
 248   // Parses the server data read from the test server.  Returns true
 249   // on success.
 250   bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT;
 251
 252   // Generates a DictionaryValue with the arguments for launching the external
 253   // Python test server.
 254   bool GenerateArguments(base::DictionaryValue* arguments) const
 255     WARN_UNUSED_RESULT;
 256
 257   // Subclasses can override this to add arguments that are specific to their
 258   // own test servers.
 259   virtual bool GenerateAdditionalArguments(
 260       base::DictionaryValue* arguments) const WARN_UNUSED_RESULT;
 261
 262  private:
 263   void Init(const std::string& host);
 264
 265   // Marks the root certificate of an HTTPS test server as trusted for
 266   // the duration of tests.
 267   bool LoadTestRootCert() const WARN_UNUSED_RESULT;
 268
 269   // Document root of the test server.
 270   base::FilePath document_root_;
 271
 272   // Directory that contains the SSL certificates.
 273   base::FilePath certificates_dir_;
 274
 275   // Address the test server listens on.
 276   HostPortPair host_port_pair_;
 277
 278   // Holds the data sent from the server (e.g., port number).
 279   scoped_ptr<base::DictionaryValue> server_data_;
 280
 281   // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
 282   // server.
 283   SSLOptions ssl_options_;
 284
 285   Type type_;
 286
 287   // Has the server been started?
 288   bool started_;
 289
 290   // Enables logging of the server to the console.
 291   bool log_to_console_;
 292
 293   scoped_ptr<ScopedPortException> allowed_port_;
 294
 295   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
 296 };
 297
 298 }  // namespace net
 299
 300 #endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_