1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/test/spawned_test_server/base_test_server.h"
6
7 #include <string>
8 #include <vector>
9
10 #include "base/base64.h"
11 #include "base/file_util.h"
12 #include "base/json/json_reader.h"
13 #include "base/logging.h"
14 #include "base/path_service.h"
15 #include "base/values.h"
16 #include "net/base/address_list.h"
17 #include "net/base/host_port_pair.h"
18 #include "net/base/net_errors.h"
19 #include "net/base/net_log.h"
20 #include "net/base/net_util.h"
21 #include "net/base/test_completion_callback.h"
22 #include "net/cert/test_root_certs.h"
23 #include "net/dns/host_resolver.h"
24 #include "url/gurl.h"
25
26 namespace net {
27
28 namespace {
29
GetHostname(BaseTestServer::Type type,const BaseTestServer::SSLOptions & options)30 std::string GetHostname(BaseTestServer::Type type,
31 const BaseTestServer::SSLOptions& options) {
32 if (BaseTestServer::UsingSSL(type) &&
33 options.server_certificate ==
34 BaseTestServer::SSLOptions::CERT_MISMATCHED_NAME) {
35 // Return a different hostname string that resolves to the same hostname.
36 return "localhost";
37 }
38
39 // Use the 127.0.0.1 as default.
40 return BaseTestServer::kLocalhost;
41 }
42
GetClientCertType(SSLClientCertType type)43 std::string GetClientCertType(SSLClientCertType type) {
44 switch (type) {
45 case CLIENT_CERT_RSA_SIGN:
46 return "rsa_sign";
47 case CLIENT_CERT_DSS_SIGN:
48 return "dss_sign";
49 case CLIENT_CERT_ECDSA_SIGN:
50 return "ecdsa_sign";
51 default:
52 NOTREACHED();
53 return "";
54 }
55 }
56
GetKeyExchangesList(int key_exchange,base::ListValue * values)57 void GetKeyExchangesList(int key_exchange, base::ListValue* values) {
58 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_RSA)
59 values->Append(new base::StringValue("rsa"));
60 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA)
61 values->Append(new base::StringValue("dhe_rsa"));
62 }
63
GetCiphersList(int cipher,base::ListValue * values)64 void GetCiphersList(int cipher, base::ListValue* values) {
65 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_RC4)
66 values->Append(new base::StringValue("rc4"));
67 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES128)
68 values->Append(new base::StringValue("aes128"));
69 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES256)
70 values->Append(new base::StringValue("aes256"));
71 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_3DES)
72 values->Append(new base::StringValue("3des"));
73 }
74
75 } // namespace
76
SSLOptions()77 BaseTestServer::SSLOptions::SSLOptions()
78 : server_certificate(CERT_OK),
79 ocsp_status(OCSP_OK),
80 cert_serial(0),
81 request_client_certificate(false),
82 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
83 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
84 record_resume(false),
85 tls_intolerant(TLS_INTOLERANT_NONE),
86 fallback_scsv_enabled(false),
87 staple_ocsp_response(false),
88 enable_npn(false) {}
89
SSLOptions(BaseTestServer::SSLOptions::ServerCertificate cert)90 BaseTestServer::SSLOptions::SSLOptions(
91 BaseTestServer::SSLOptions::ServerCertificate cert)
92 : server_certificate(cert),
93 ocsp_status(OCSP_OK),
94 cert_serial(0),
95 request_client_certificate(false),
96 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
97 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
98 record_resume(false),
99 tls_intolerant(TLS_INTOLERANT_NONE),
100 fallback_scsv_enabled(false),
101 staple_ocsp_response(false),
102 enable_npn(false) {}
103
~SSLOptions()104 BaseTestServer::SSLOptions::~SSLOptions() {}
105
GetCertificateFile() const106 base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const {
107 switch (server_certificate) {
108 case CERT_OK:
109 case CERT_MISMATCHED_NAME:
110 return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem"));
111 case CERT_EXPIRED:
112 return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem"));
113 case CERT_CHAIN_WRONG_ROOT:
114 // This chain uses its own dedicated test root certificate to avoid
115 // side-effects that may affect testing.
116 return base::FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem"));
117 case CERT_AUTO:
118 return base::FilePath();
119 default:
120 NOTREACHED();
121 }
122 return base::FilePath();
123 }
124
GetOCSPArgument() const125 std::string BaseTestServer::SSLOptions::GetOCSPArgument() const {
126 if (server_certificate != CERT_AUTO)
127 return std::string();
128
129 switch (ocsp_status) {
130 case OCSP_OK:
131 return "ok";
132 case OCSP_REVOKED:
133 return "revoked";
134 case OCSP_INVALID:
135 return "invalid";
136 case OCSP_UNAUTHORIZED:
137 return "unauthorized";
138 case OCSP_UNKNOWN:
139 return "unknown";
140 default:
141 NOTREACHED();
142 return std::string();
143 }
144 }
145
146 const char BaseTestServer::kLocalhost[] = "127.0.0.1";
147
BaseTestServer(Type type,const std::string & host)148 BaseTestServer::BaseTestServer(Type type, const std::string& host)
149 : type_(type),
150 started_(false),
151 log_to_console_(false) {
152 Init(host);
153 }
154
BaseTestServer(Type type,const SSLOptions & ssl_options)155 BaseTestServer::BaseTestServer(Type type, const SSLOptions& ssl_options)
156 : ssl_options_(ssl_options),
157 type_(type),
158 started_(false),
159 log_to_console_(false) {
160 DCHECK(UsingSSL(type));
161 Init(GetHostname(type, ssl_options));
162 }
163
~BaseTestServer()164 BaseTestServer::~BaseTestServer() {}
165
host_port_pair() const166 const HostPortPair& BaseTestServer::host_port_pair() const {
167 DCHECK(started_);
168 return host_port_pair_;
169 }
170
server_data() const171 const base::DictionaryValue& BaseTestServer::server_data() const {
172 DCHECK(started_);
173 DCHECK(server_data_.get());
174 return *server_data_;
175 }
176
GetScheme() const177 std::string BaseTestServer::GetScheme() const {
178 switch (type_) {
179 case TYPE_FTP:
180 return "ftp";
181 case TYPE_HTTP:
182 return "http";
183 case TYPE_HTTPS:
184 return "https";
185 case TYPE_WS:
186 return "ws";
187 case TYPE_WSS:
188 return "wss";
189 case TYPE_TCP_ECHO:
190 case TYPE_UDP_ECHO:
191 default:
192 NOTREACHED();
193 }
194 return std::string();
195 }
196
GetAddressList(AddressList * address_list) const197 bool BaseTestServer::GetAddressList(AddressList* address_list) const {
198 DCHECK(address_list);
199
200 scoped_ptr<HostResolver> resolver(HostResolver::CreateDefaultResolver(NULL));
201 HostResolver::RequestInfo info(host_port_pair_);
202 TestCompletionCallback callback;
203 int rv = resolver->Resolve(info,
204 DEFAULT_PRIORITY,
205 address_list,
206 callback.callback(),
207 NULL,
208 BoundNetLog());
209 if (rv == ERR_IO_PENDING)
210 rv = callback.WaitForResult();
211 if (rv != net::OK) {
212 LOG(ERROR) << "Failed to resolve hostname: " << host_port_pair_.host();
213 return false;
214 }
215 return true;
216 }
217
GetPort()218 uint16 BaseTestServer::GetPort() {
219 return host_port_pair_.port();
220 }
221
SetPort(uint16 port)222 void BaseTestServer::SetPort(uint16 port) {
223 host_port_pair_.set_port(port);
224 }
225
GetURL(const std::string & path) const226 GURL BaseTestServer::GetURL(const std::string& path) const {
227 return GURL(GetScheme() + "://" + host_port_pair_.ToString() + "/" + path);
228 }
229
GetURLWithUser(const std::string & path,const std::string & user) const230 GURL BaseTestServer::GetURLWithUser(const std::string& path,
231 const std::string& user) const {
232 return GURL(GetScheme() + "://" + user + "@" + host_port_pair_.ToString() +
233 "/" + path);
234 }
235
GetURLWithUserAndPassword(const std::string & path,const std::string & user,const std::string & password) const236 GURL BaseTestServer::GetURLWithUserAndPassword(const std::string& path,
237 const std::string& user,
238 const std::string& password) const {
239 return GURL(GetScheme() + "://" + user + ":" + password + "@" +
240 host_port_pair_.ToString() + "/" + path);
241 }
242
243 // static
GetFilePathWithReplacements(const std::string & original_file_path,const std::vector<StringPair> & text_to_replace,std::string * replacement_path)244 bool BaseTestServer::GetFilePathWithReplacements(
245 const std::string& original_file_path,
246 const std::vector<StringPair>& text_to_replace,
247 std::string* replacement_path) {
248 std::string new_file_path = original_file_path;
249 bool first_query_parameter = true;
250 const std::vector<StringPair>::const_iterator end = text_to_replace.end();
251 for (std::vector<StringPair>::const_iterator it = text_to_replace.begin();
252 it != end;
253 ++it) {
254 const std::string& old_text = it->first;
255 const std::string& new_text = it->second;
256 std::string base64_old;
257 std::string base64_new;
258 base::Base64Encode(old_text, &base64_old);
259 base::Base64Encode(new_text, &base64_new);
260 if (first_query_parameter) {
261 new_file_path += "?";
262 first_query_parameter = false;
263 } else {
264 new_file_path += "&";
265 }
266 new_file_path += "replace_text=";
267 new_file_path += base64_old;
268 new_file_path += ":";
269 new_file_path += base64_new;
270 }
271
272 *replacement_path = new_file_path;
273 return true;
274 }
275
Init(const std::string & host)276 void BaseTestServer::Init(const std::string& host) {
277 host_port_pair_ = HostPortPair(host, 0);
278
279 // TODO(battre) Remove this after figuring out why the TestServer is flaky.
280 // http://crbug.com/96594
281 log_to_console_ = true;
282 }
283
SetResourcePath(const base::FilePath & document_root,const base::FilePath & certificates_dir)284 void BaseTestServer::SetResourcePath(const base::FilePath& document_root,
285 const base::FilePath& certificates_dir) {
286 // This method shouldn't get called twice.
287 DCHECK(certificates_dir_.empty());
288 document_root_ = document_root;
289 certificates_dir_ = certificates_dir;
290 DCHECK(!certificates_dir_.empty());
291 }
292
ParseServerData(const std::string & server_data)293 bool BaseTestServer::ParseServerData(const std::string& server_data) {
294 VLOG(1) << "Server data: " << server_data;
295 base::JSONReader json_reader;
296 scoped_ptr<base::Value> value(json_reader.ReadToValue(server_data));
297 if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) {
298 LOG(ERROR) << "Could not parse server data: "
299 << json_reader.GetErrorMessage();
300 return false;
301 }
302
303 server_data_.reset(static_cast<base::DictionaryValue*>(value.release()));
304 int port = 0;
305 if (!server_data_->GetInteger("port", &port)) {
306 LOG(ERROR) << "Could not find port value";
307 return false;
308 }
309 if ((port <= 0) || (port > kuint16max)) {
310 LOG(ERROR) << "Invalid port value: " << port;
311 return false;
312 }
313 host_port_pair_.set_port(port);
314
315 return true;
316 }
317
LoadTestRootCert() const318 bool BaseTestServer::LoadTestRootCert() const {
319 TestRootCerts* root_certs = TestRootCerts::GetInstance();
320 if (!root_certs)
321 return false;
322
323 // Should always use absolute path to load the root certificate.
324 base::FilePath root_certificate_path = certificates_dir_;
325 if (!certificates_dir_.IsAbsolute()) {
326 base::FilePath src_dir;
327 if (!PathService::Get(base::DIR_SOURCE_ROOT, &src_dir))
328 return false;
329 root_certificate_path = src_dir.Append(certificates_dir_);
330 }
331
332 return root_certs->AddFromFile(
333 root_certificate_path.AppendASCII("root_ca_cert.pem"));
334 }
335
SetupWhenServerStarted()336 bool BaseTestServer::SetupWhenServerStarted() {
337 DCHECK(host_port_pair_.port());
338
339 if (UsingSSL(type_) && !LoadTestRootCert())
340 return false;
341
342 started_ = true;
343 allowed_port_.reset(new ScopedPortException(host_port_pair_.port()));
344 return true;
345 }
346
CleanUpWhenStoppingServer()347 void BaseTestServer::CleanUpWhenStoppingServer() {
348 TestRootCerts* root_certs = TestRootCerts::GetInstance();
349 root_certs->Clear();
350
351 host_port_pair_.set_port(0);
352 allowed_port_.reset();
353 started_ = false;
354 }
355
356 // Generates a dictionary of arguments to pass to the Python test server via
357 // the test server spawner, in the form of
358 // { argument-name: argument-value, ... }
359 // Returns false if an invalid configuration is specified.
GenerateArguments(base::DictionaryValue * arguments) const360 bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
361 DCHECK(arguments);
362
363 arguments->SetString("host", host_port_pair_.host());
364 arguments->SetInteger("port", host_port_pair_.port());
365 arguments->SetString("data-dir", document_root_.value());
366
367 if (VLOG_IS_ON(1) || log_to_console_)
368 arguments->Set("log-to-console", base::Value::CreateNullValue());
369
370 if (UsingSSL(type_)) {
371 // Check the certificate arguments of the HTTPS server.
372 base::FilePath certificate_path(certificates_dir_);
373 base::FilePath certificate_file(ssl_options_.GetCertificateFile());
374 if (!certificate_file.value().empty()) {
375 certificate_path = certificate_path.Append(certificate_file);
376 if (certificate_path.IsAbsolute() &&
377 !base::PathExists(certificate_path)) {
378 LOG(ERROR) << "Certificate path " << certificate_path.value()
379 << " doesn't exist. Can't launch https server.";
380 return false;
381 }
382 arguments->SetString("cert-and-key-file", certificate_path.value());
383 }
384
385 // Check the client certificate related arguments.
386 if (ssl_options_.request_client_certificate)
387 arguments->Set("ssl-client-auth", base::Value::CreateNullValue());
388 scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
389
390 std::vector<base::FilePath>::const_iterator it;
391 for (it = ssl_options_.client_authorities.begin();
392 it != ssl_options_.client_authorities.end(); ++it) {
393 if (it->IsAbsolute() && !base::PathExists(*it)) {
394 LOG(ERROR) << "Client authority path " << it->value()
395 << " doesn't exist. Can't launch https server.";
396 return false;
397 }
398 ssl_client_certs->Append(new base::StringValue(it->value()));
399 }
400
401 if (ssl_client_certs->GetSize())
402 arguments->Set("ssl-client-ca", ssl_client_certs.release());
403
404 scoped_ptr<base::ListValue> client_cert_types(new base::ListValue());
405 for (size_t i = 0; i < ssl_options_.client_cert_types.size(); i++) {
406 client_cert_types->Append(new base::StringValue(
407 GetClientCertType(ssl_options_.client_cert_types[i])));
408 }
409 if (client_cert_types->GetSize())
410 arguments->Set("ssl-client-cert-type", client_cert_types.release());
411 }
412
413 if (type_ == TYPE_HTTPS) {
414 arguments->Set("https", base::Value::CreateNullValue());
415
416 std::string ocsp_arg = ssl_options_.GetOCSPArgument();
417 if (!ocsp_arg.empty())
418 arguments->SetString("ocsp", ocsp_arg);
419
420 if (ssl_options_.cert_serial != 0) {
421 arguments->Set("cert-serial",
422 base::Value::CreateIntegerValue(ssl_options_.cert_serial));
423 }
424
425 // Check key exchange argument.
426 scoped_ptr<base::ListValue> key_exchange_values(new base::ListValue());
427 GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get());
428 if (key_exchange_values->GetSize())
429 arguments->Set("ssl-key-exchange", key_exchange_values.release());
430 // Check bulk cipher argument.
431 scoped_ptr<base::ListValue> bulk_cipher_values(new base::ListValue());
432 GetCiphersList(ssl_options_.bulk_ciphers, bulk_cipher_values.get());
433 if (bulk_cipher_values->GetSize())
434 arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release());
435 if (ssl_options_.record_resume)
436 arguments->Set("https-record-resume", base::Value::CreateNullValue());
437 if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) {
438 arguments->Set("tls-intolerant",
439 new base::FundamentalValue(ssl_options_.tls_intolerant));
440 }
441 if (ssl_options_.fallback_scsv_enabled)
442 arguments->Set("fallback-scsv", base::Value::CreateNullValue());
443 if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) {
444 std::string b64_scts_tls_ext;
445 base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext,
446 &b64_scts_tls_ext);
447 arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext);
448 }
449 if (ssl_options_.staple_ocsp_response)
450 arguments->Set("staple-ocsp-response", base::Value::CreateNullValue());
451 if (ssl_options_.enable_npn)
452 arguments->Set("enable-npn", base::Value::CreateNullValue());
453 }
454
455 return GenerateAdditionalArguments(arguments);
456 }
457
GenerateAdditionalArguments(base::DictionaryValue * arguments) const458 bool BaseTestServer::GenerateAdditionalArguments(
459 base::DictionaryValue* arguments) const {
460 return true;
461 }
462
463 } // namespace net
464