search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Require ECDHE for False Start. (patchset #4 id:60001 of https://codereview...
[chromium-blink-merge.git] / net / test / spawned_test_server / base_test_server.cc
blobb5306899c2ac08ba99a5156866d68f9f388da659
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/test/spawned_test_server/base_test_server.h"
6
7 #include <string>
8 #include <vector>
9
10 #include "base/base64.h"
11 #include "base/files/file_util.h"
12 #include "base/json/json_reader.h"
13 #include "base/logging.h"
14 #include "base/path_service.h"
15 #include "base/values.h"
16 #include "net/base/address_list.h"
17 #include "net/base/host_port_pair.h"
18 #include "net/base/net_errors.h"
19 #include "net/base/net_util.h"
20 #include "net/base/test_completion_callback.h"
21 #include "net/cert/test_root_certs.h"
22 #include "net/dns/host_resolver.h"
23 #include "net/log/net_log.h"
24 #include "url/gurl.h"
25
26 namespace net {
27
28 namespace {
29
30 std::string GetHostname(BaseTestServer::Type type,
31 const BaseTestServer::SSLOptions& options) {
32 if (BaseTestServer::UsingSSL(type) &&
33 options.server_certificate ==
34 BaseTestServer::SSLOptions::CERT_MISMATCHED_NAME) {
35 // Return a different hostname string that resolves to the same hostname.
36 return "localhost";
37 }
38
39 // Use the 127.0.0.1 as default.
40 return BaseTestServer::kLocalhost;
41 }
42
43 std::string GetClientCertType(SSLClientCertType type) {
44 switch (type) {
45 case CLIENT_CERT_RSA_SIGN:
46 return "rsa_sign";
47 case CLIENT_CERT_DSS_SIGN:
48 return "dss_sign";
49 case CLIENT_CERT_ECDSA_SIGN:
50 return "ecdsa_sign";
51 default:
52 NOTREACHED();
53 return "";
54 }
55 }
56
57 void GetKeyExchangesList(int key_exchange, base::ListValue* values) {
58 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_RSA)
59 values->Append(new base::StringValue("rsa"));
60 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA)
61 values->Append(new base::StringValue("dhe_rsa"));
62 }
63
64 void GetCiphersList(int cipher, base::ListValue* values) {
65 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_RC4)
66 values->Append(new base::StringValue("rc4"));
67 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES128)
68 values->Append(new base::StringValue("aes128"));
69 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES256)
70 values->Append(new base::StringValue("aes256"));
71 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_3DES)
72 values->Append(new base::StringValue("3des"));
73 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES128GCM)
74 values->Append(new base::StringValue("aes128gcm"));
75 }
76
77 base::StringValue* GetTLSIntoleranceType(
78 BaseTestServer::SSLOptions::TLSIntoleranceType type) {
79 switch (type) {
80 case BaseTestServer::SSLOptions::TLS_INTOLERANCE_ALERT:
81 return new base::StringValue("alert");
82 case BaseTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE:
83 return new base::StringValue("close");
84 case BaseTestServer::SSLOptions::TLS_INTOLERANCE_RESET:
85 return new base::StringValue("reset");
86 default:
87 NOTREACHED();
88 return new base::StringValue("");
89 }
90 }
91
92 } // namespace
93
94 BaseTestServer::SSLOptions::SSLOptions()
95 : server_certificate(CERT_OK),
96 ocsp_status(OCSP_OK),
97 cert_serial(0),
98 request_client_certificate(false),
99 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
100 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
101 record_resume(false),
102 tls_intolerant(TLS_INTOLERANT_NONE),
103 tls_intolerance_type(TLS_INTOLERANCE_ALERT),
104 fallback_scsv_enabled(false),
105 staple_ocsp_response(false),
106 ocsp_server_unavailable(false),
107 enable_npn(false),
108 alert_after_handshake(false) {
109 }
110
111 BaseTestServer::SSLOptions::SSLOptions(
112 BaseTestServer::SSLOptions::ServerCertificate cert)
113 : server_certificate(cert),
114 ocsp_status(OCSP_OK),
115 cert_serial(0),
116 request_client_certificate(false),
117 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
118 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
119 record_resume(false),
120 tls_intolerant(TLS_INTOLERANT_NONE),
121 tls_intolerance_type(TLS_INTOLERANCE_ALERT),
122 fallback_scsv_enabled(false),
123 staple_ocsp_response(false),
124 ocsp_server_unavailable(false),
125 enable_npn(false),
126 alert_after_handshake(false) {
127 }
128
129 BaseTestServer::SSLOptions::~SSLOptions() {}
130
131 base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const {
132 switch (server_certificate) {
133 case CERT_OK:
134 case CERT_MISMATCHED_NAME:
135 return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem"));
136 case CERT_EXPIRED:
137 return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem"));
138 case CERT_CHAIN_WRONG_ROOT:
139 // This chain uses its own dedicated test root certificate to avoid
140 // side-effects that may affect testing.
141 return base::FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem"));
142 case CERT_AUTO:
143 return base::FilePath();
144 default:
145 NOTREACHED();
146 }
147 return base::FilePath();
148 }
149
150 std::string BaseTestServer::SSLOptions::GetOCSPArgument() const {
151 if (server_certificate != CERT_AUTO)
152 return std::string();
153
154 switch (ocsp_status) {
155 case OCSP_OK:
156 return "ok";
157 case OCSP_REVOKED:
158 return "revoked";
159 case OCSP_INVALID:
160 return "invalid";
161 case OCSP_UNAUTHORIZED:
162 return "unauthorized";
163 case OCSP_UNKNOWN:
164 return "unknown";
165 default:
166 NOTREACHED();
167 return std::string();
168 }
169 }
170
171 const char BaseTestServer::kLocalhost[] = "127.0.0.1";
172
173 BaseTestServer::BaseTestServer(Type type, const std::string& host)
174 : type_(type),
175 started_(false),
176 log_to_console_(false),
177 ws_basic_auth_(false) {
178 Init(host);
179 }
180
181 BaseTestServer::BaseTestServer(Type type, const SSLOptions& ssl_options)
182 : ssl_options_(ssl_options),
183 type_(type),
184 started_(false),
185 log_to_console_(false),
186 ws_basic_auth_(false) {
187 DCHECK(UsingSSL(type));
188 Init(GetHostname(type, ssl_options));
189 }
190
191 BaseTestServer::~BaseTestServer() {}
192
193 const HostPortPair& BaseTestServer::host_port_pair() const {
194 DCHECK(started_);
195 return host_port_pair_;
196 }
197
198 const base::DictionaryValue& BaseTestServer::server_data() const {
199 DCHECK(started_);
200 DCHECK(server_data_.get());
201 return *server_data_;
202 }
203
204 std::string BaseTestServer::GetScheme() const {
205 switch (type_) {
206 case TYPE_FTP:
207 return "ftp";
208 case TYPE_HTTP:
209 return "http";
210 case TYPE_HTTPS:
211 return "https";
212 case TYPE_WS:
213 return "ws";
214 case TYPE_WSS:
215 return "wss";
216 case TYPE_TCP_ECHO:
217 case TYPE_UDP_ECHO:
218 default:
219 NOTREACHED();
220 }
221 return std::string();
222 }
223
224 bool BaseTestServer::GetAddressList(AddressList* address_list) const {
225 DCHECK(address_list);
226
227 scoped_ptr<HostResolver> resolver(HostResolver::CreateDefaultResolver(NULL));
228 HostResolver::RequestInfo info(host_port_pair_);
229 TestCompletionCallback callback;
230 int rv = resolver->Resolve(info,
231 DEFAULT_PRIORITY,
232 address_list,
233 callback.callback(),
234 NULL,
235 BoundNetLog());
236 if (rv == ERR_IO_PENDING)
237 rv = callback.WaitForResult();
238 if (rv != net::OK) {
239 LOG(ERROR) << "Failed to resolve hostname: " << host_port_pair_.host();
240 return false;
241 }
242 return true;
243 }
244
245 uint16 BaseTestServer::GetPort() {
246 return host_port_pair_.port();
247 }
248
249 void BaseTestServer::SetPort(uint16 port) {
250 host_port_pair_.set_port(port);
251 }
252
253 GURL BaseTestServer::GetURL(const std::string& path) const {
254 return GURL(GetScheme() + "://" + host_port_pair_.ToString() + "/" + path);
255 }
256
257 GURL BaseTestServer::GetURLWithUser(const std::string& path,
258 const std::string& user) const {
259 return GURL(GetScheme() + "://" + user + "@" + host_port_pair_.ToString() +
260 "/" + path);
261 }
262
263 GURL BaseTestServer::GetURLWithUserAndPassword(const std::string& path,
264 const std::string& user,
265 const std::string& password) const {
266 return GURL(GetScheme() + "://" + user + ":" + password + "@" +
267 host_port_pair_.ToString() + "/" + path);
268 }
269
270 // static
271 bool BaseTestServer::GetFilePathWithReplacements(
272 const std::string& original_file_path,
273 const std::vector<StringPair>& text_to_replace,
274 std::string* replacement_path) {
275 std::string new_file_path = original_file_path;
276 bool first_query_parameter = true;
277 const std::vector<StringPair>::const_iterator end = text_to_replace.end();
278 for (std::vector<StringPair>::const_iterator it = text_to_replace.begin();
279 it != end;
280 ++it) {
281 const std::string& old_text = it->first;
282 const std::string& new_text = it->second;
283 std::string base64_old;
284 std::string base64_new;
285 base::Base64Encode(old_text, &base64_old);
286 base::Base64Encode(new_text, &base64_new);
287 if (first_query_parameter) {
288 new_file_path += "?";
289 first_query_parameter = false;
290 } else {
291 new_file_path += "&";
292 }
293 new_file_path += "replace_text=";
294 new_file_path += base64_old;
295 new_file_path += ":";
296 new_file_path += base64_new;
297 }
298
299 *replacement_path = new_file_path;
300 return true;
301 }
302
303 void BaseTestServer::Init(const std::string& host) {
304 host_port_pair_ = HostPortPair(host, 0);
305
306 // TODO(battre) Remove this after figuring out why the TestServer is flaky.
307 // http://crbug.com/96594
308 log_to_console_ = true;
309 }
310
311 void BaseTestServer::SetResourcePath(const base::FilePath& document_root,
312 const base::FilePath& certificates_dir) {
313 // This method shouldn't get called twice.
314 DCHECK(certificates_dir_.empty());
315 document_root_ = document_root;
316 certificates_dir_ = certificates_dir;
317 DCHECK(!certificates_dir_.empty());
318 }
319
320 bool BaseTestServer::ParseServerData(const std::string& server_data) {
321 VLOG(1) << "Server data: " << server_data;
322 base::JSONReader json_reader;
323 scoped_ptr<base::Value> value(json_reader.ReadToValue(server_data));
324 if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) {
325 LOG(ERROR) << "Could not parse server data: "
326 << json_reader.GetErrorMessage();
327 return false;
328 }
329
330 server_data_.reset(static_cast<base::DictionaryValue*>(value.release()));
331 int port = 0;
332 if (!server_data_->GetInteger("port", &port)) {
333 LOG(ERROR) << "Could not find port value";
334 return false;
335 }
336 if ((port <= 0) || (port > kuint16max)) {
337 LOG(ERROR) << "Invalid port value: " << port;
338 return false;
339 }
340 host_port_pair_.set_port(port);
341
342 return true;
343 }
344
345 bool BaseTestServer::LoadTestRootCert() const {
346 TestRootCerts* root_certs = TestRootCerts::GetInstance();
347 if (!root_certs)
348 return false;
349
350 // Should always use absolute path to load the root certificate.
351 base::FilePath root_certificate_path = certificates_dir_;
352 if (!certificates_dir_.IsAbsolute()) {
353 base::FilePath src_dir;
354 if (!PathService::Get(base::DIR_SOURCE_ROOT, &src_dir))
355 return false;
356 root_certificate_path = src_dir.Append(certificates_dir_);
357 }
358
359 return root_certs->AddFromFile(
360 root_certificate_path.AppendASCII("root_ca_cert.pem"));
361 }
362
363 bool BaseTestServer::SetupWhenServerStarted() {
364 DCHECK(host_port_pair_.port());
365
366 if (UsingSSL(type_) && !LoadTestRootCert())
367 return false;
368
369 started_ = true;
370 allowed_port_.reset(new ScopedPortException(host_port_pair_.port()));
371 return true;
372 }
373
374 void BaseTestServer::CleanUpWhenStoppingServer() {
375 TestRootCerts* root_certs = TestRootCerts::GetInstance();
376 root_certs->Clear();
377
378 host_port_pair_.set_port(0);
379 allowed_port_.reset();
380 started_ = false;
381 }
382
383 // Generates a dictionary of arguments to pass to the Python test server via
384 // the test server spawner, in the form of
385 // { argument-name: argument-value, ... }
386 // Returns false if an invalid configuration is specified.
387 bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
388 DCHECK(arguments);
389
390 arguments->SetString("host", host_port_pair_.host());
391 arguments->SetInteger("port", host_port_pair_.port());
392 arguments->SetString("data-dir", document_root_.value());
393
394 if (VLOG_IS_ON(1) || log_to_console_)
395 arguments->Set("log-to-console", base::Value::CreateNullValue());
396
397 if (ws_basic_auth_) {
398 DCHECK(type_ == TYPE_WS || type_ == TYPE_WSS);
399 arguments->Set("ws-basic-auth", base::Value::CreateNullValue());
400 }
401
402 if (UsingSSL(type_)) {
403 // Check the certificate arguments of the HTTPS server.
404 base::FilePath certificate_path(certificates_dir_);
405 base::FilePath certificate_file(ssl_options_.GetCertificateFile());
406 if (!certificate_file.value().empty()) {
407 certificate_path = certificate_path.Append(certificate_file);
408 if (certificate_path.IsAbsolute() &&
409 !base::PathExists(certificate_path)) {
410 LOG(ERROR) << "Certificate path " << certificate_path.value()
411 << " doesn't exist. Can't launch https server.";
412 return false;
413 }
414 arguments->SetString("cert-and-key-file", certificate_path.value());
415 }
416
417 // Check the client certificate related arguments.
418 if (ssl_options_.request_client_certificate)
419 arguments->Set("ssl-client-auth", base::Value::CreateNullValue());
420 scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
421
422 std::vector<base::FilePath>::const_iterator it;
423 for (it = ssl_options_.client_authorities.begin();
424 it != ssl_options_.client_authorities.end(); ++it) {
425 if (it->IsAbsolute() && !base::PathExists(*it)) {
426 LOG(ERROR) << "Client authority path " << it->value()
427 << " doesn't exist. Can't launch https server.";
428 return false;
429 }
430 ssl_client_certs->Append(new base::StringValue(it->value()));
431 }
432
433 if (ssl_client_certs->GetSize())
434 arguments->Set("ssl-client-ca", ssl_client_certs.release());
435
436 scoped_ptr<base::ListValue> client_cert_types(new base::ListValue());
437 for (size_t i = 0; i < ssl_options_.client_cert_types.size(); i++) {
438 client_cert_types->Append(new base::StringValue(
439 GetClientCertType(ssl_options_.client_cert_types[i])));
440 }
441 if (client_cert_types->GetSize())
442 arguments->Set("ssl-client-cert-type", client_cert_types.release());
443 }
444
445 if (type_ == TYPE_HTTPS) {
446 arguments->Set("https", base::Value::CreateNullValue());
447
448 std::string ocsp_arg = ssl_options_.GetOCSPArgument();
449 if (!ocsp_arg.empty())
450 arguments->SetString("ocsp", ocsp_arg);
451
452 if (ssl_options_.cert_serial != 0) {
453 arguments->SetInteger("cert-serial", ssl_options_.cert_serial);
454 }
455
456 // Check key exchange argument.
457 scoped_ptr<base::ListValue> key_exchange_values(new base::ListValue());
458 GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get());
459 if (key_exchange_values->GetSize())
460 arguments->Set("ssl-key-exchange", key_exchange_values.release());
461 // Check bulk cipher argument.
462 scoped_ptr<base::ListValue> bulk_cipher_values(new base::ListValue());
463 GetCiphersList(ssl_options_.bulk_ciphers, bulk_cipher_values.get());
464 if (bulk_cipher_values->GetSize())
465 arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release());
466 if (ssl_options_.record_resume)
467 arguments->Set("https-record-resume", base::Value::CreateNullValue());
468 if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) {
469 arguments->SetInteger("tls-intolerant", ssl_options_.tls_intolerant);
470 arguments->Set("tls-intolerance-type", GetTLSIntoleranceType(
471 ssl_options_.tls_intolerance_type));
472 }
473 if (ssl_options_.fallback_scsv_enabled)
474 arguments->Set("fallback-scsv", base::Value::CreateNullValue());
475 if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) {
476 std::string b64_scts_tls_ext;
477 base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext,
478 &b64_scts_tls_ext);
479 arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext);
480 }
481 if (ssl_options_.staple_ocsp_response)
482 arguments->Set("staple-ocsp-response", base::Value::CreateNullValue());
483 if (ssl_options_.ocsp_server_unavailable) {
484 arguments->Set("ocsp-server-unavailable",
485 base::Value::CreateNullValue());
486 }
487 if (ssl_options_.enable_npn)
488 arguments->Set("enable-npn", base::Value::CreateNullValue());
489 if (ssl_options_.alert_after_handshake)
490 arguments->Set("alert-after-handshake", base::Value::CreateNullValue());
491 }
492
493 return GenerateAdditionalArguments(arguments);
494 }
495
496 bool BaseTestServer::GenerateAdditionalArguments(
497 base::DictionaryValue* arguments) const {
498 return true;
499 }
500
501 } // namespace net