• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
7 
8 #include <string>
9 #include <utility>
10 #include <vector>
11 
12 #include "base/compiler_specific.h"
13 #include "base/files/file_path.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "net/base/host_port_pair.h"
16 #include "net/ssl/ssl_client_cert_type.h"
17 
18 class GURL;
19 
20 namespace base {
21 class DictionaryValue;
22 }
23 
24 namespace net {
25 
26 class AddressList;
27 class ScopedPortException;
28 
29 // The base class of Test server implementation.
30 class BaseTestServer {
31  public:
32   typedef std::pair<std::string, std::string> StringPair;
33 
34   // Following types represent protocol schemes. See also
35   // http://www.iana.org/assignments/uri-schemes.html
36   enum Type {
37     TYPE_BASIC_AUTH_PROXY,
38     TYPE_FTP,
39     TYPE_HTTP,
40     TYPE_HTTPS,
41     TYPE_WS,
42     TYPE_WSS,
43     TYPE_TCP_ECHO,
44     TYPE_UDP_ECHO,
45   };
46 
47   // Container for various options to control how the HTTPS or WSS server is
48   // initialized.
49   struct SSLOptions {
50     enum ServerCertificate {
51       CERT_OK,
52 
53       // CERT_AUTO causes the testserver to generate a test certificate issued
54       // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
55       CERT_AUTO,
56 
57       CERT_MISMATCHED_NAME,
58       CERT_EXPIRED,
59       // Cross-signed certificate to test PKIX path building. Contains an
60       // intermediate cross-signed by an unknown root, while the client (via
61       // TestRootStore) is expected to have a self-signed version of the
62       // intermediate.
63       CERT_CHAIN_WRONG_ROOT,
64     };
65 
66     // OCSPStatus enumerates the types of OCSP response that the testserver
67     // can produce.
68     enum OCSPStatus {
69       OCSP_OK,
70       OCSP_REVOKED,
71       OCSP_INVALID,
72       OCSP_UNAUTHORIZED,
73       OCSP_UNKNOWN,
74     };
75 
76     // Bitmask of key exchange algorithms that the test server supports and that
77     // can be selectively enabled or disabled.
78     enum KeyExchange {
79       // Special value used to indicate that any algorithm the server supports
80       // is acceptable. Preferred over explicitly OR-ing all key exchange
81       // algorithms.
82       KEY_EXCHANGE_ANY     = 0,
83 
84       KEY_EXCHANGE_RSA     = (1 << 0),
85       KEY_EXCHANGE_DHE_RSA = (1 << 1),
86     };
87 
88     // Bitmask of bulk encryption algorithms that the test server supports
89     // and that can be selectively enabled or disabled.
90     enum BulkCipher {
91       // Special value used to indicate that any algorithm the server supports
92       // is acceptable. Preferred over explicitly OR-ing all ciphers.
93       BULK_CIPHER_ANY    = 0,
94 
95       BULK_CIPHER_RC4    = (1 << 0),
96       BULK_CIPHER_AES128 = (1 << 1),
97       BULK_CIPHER_AES256 = (1 << 2),
98 
99       // NOTE: 3DES support in the Python test server has external
100       // dependencies and not be available on all machines. Clients may not
101       // be able to connect if only 3DES is specified.
102       BULK_CIPHER_3DES   = (1 << 3),
103     };
104 
105     // NOTE: the values of these enumerators are passed to the the Python test
106     // server. Do not change them.
107     enum TLSIntolerantLevel {
108       TLS_INTOLERANT_NONE = 0,
109       TLS_INTOLERANT_ALL = 1,  // Intolerant of all TLS versions.
110       TLS_INTOLERANT_TLS1_1 = 2,  // Intolerant of TLS 1.1 or higher.
111       TLS_INTOLERANT_TLS1_2 = 3,  // Intolerant of TLS 1.2 or higher.
112     };
113 
114     // Initialize a new SSLOptions using CERT_OK as the certificate.
115     SSLOptions();
116 
117     // Initialize a new SSLOptions that will use the specified certificate.
118     explicit SSLOptions(ServerCertificate cert);
119     ~SSLOptions();
120 
121     // Returns the relative filename of the file that contains the
122     // |server_certificate|.
123     base::FilePath GetCertificateFile() const;
124 
125     // GetOCSPArgument returns the value of any OCSP argument to testserver or
126     // the empty string if there is none.
127     std::string GetOCSPArgument() const;
128 
129     // The certificate to use when serving requests.
130     ServerCertificate server_certificate;
131 
132     // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
133     // response returned.
134     OCSPStatus ocsp_status;
135 
136     // If not zero, |cert_serial| will be the serial number of the
137     // auto-generated leaf certificate when |server_certificate==CERT_AUTO|.
138     uint64 cert_serial;
139 
140     // True if a CertificateRequest should be sent to the client during
141     // handshaking.
142     bool request_client_certificate;
143 
144     // If |request_client_certificate| is true, an optional list of files,
145     // each containing a single, PEM-encoded X.509 certificates. The subject
146     // from each certificate will be added to the certificate_authorities
147     // field of the CertificateRequest.
148     std::vector<base::FilePath> client_authorities;
149 
150     // If |request_client_certificate| is true, an optional list of
151     // SSLClientCertType values to populate the certificate_types field of the
152     // CertificateRequest.
153     std::vector<SSLClientCertType> client_cert_types;
154 
155     // A bitwise-OR of KeyExchnage that should be used by the
156     // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented
157     // key exchange algorithms are acceptable.
158     int key_exchanges;
159 
160     // A bitwise-OR of BulkCipher that should be used by the
161     // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
162     // ciphers are acceptable.
163     int bulk_ciphers;
164 
165     // If true, pass the --https-record-resume argument to testserver.py which
166     // causes it to log session cache actions and echo the log on
167     // /ssl-session-cache.
168     bool record_resume;
169 
170     // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
171     // negotiates an intolerant TLS version in order to test version fallback.
172     TLSIntolerantLevel tls_intolerant;
173 
174     // fallback_scsv_enabled, if true, causes the server to process the
175     // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
176     // when performing TLS version fallback in response to an SSL handshake
177     // failure. If this option is enabled then the server will reject fallback
178     // connections.
179     bool fallback_scsv_enabled;
180 
181     // Temporary glue for testing: validation of SCTs is application-controlled
182     // and can be appropriately mocked out, so sending fake data here does not
183     // affect handshaking behaviour.
184     // TODO(ekasper): replace with valid SCT files for test certs.
185     // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
186     // a TLS extension.
187     std::string signed_cert_timestamps_tls_ext;
188 
189     // Whether to staple the OCSP response.
190     bool staple_ocsp_response;
191 
192     // Whether to enable NPN support.
193     bool enable_npn;
194   };
195 
196   // Pass as the 'host' parameter during construction to server on 127.0.0.1
197   static const char kLocalhost[];
198 
199   // Initialize a TestServer listening on a specific host (IP or hostname).
200   BaseTestServer(Type type,  const std::string& host);
201 
202   // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS.
203   BaseTestServer(Type type, const SSLOptions& ssl_options);
204 
205   // Returns the host port pair used by current Python based test server only
206   // if the server is started.
207   const HostPortPair& host_port_pair() const;
208 
document_root()209   const base::FilePath& document_root() const { return document_root_; }
210   const base::DictionaryValue& server_data() const;
211   std::string GetScheme() const;
212   bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT;
213 
214   GURL GetURL(const std::string& path) const;
215 
216   GURL GetURLWithUser(const std::string& path,
217                       const std::string& user) const;
218 
219   GURL GetURLWithUserAndPassword(const std::string& path,
220                                  const std::string& user,
221                                  const std::string& password) const;
222 
223   static bool GetFilePathWithReplacements(
224       const std::string& original_path,
225       const std::vector<StringPair>& text_to_replace,
226       std::string* replacement_path);
227 
UsingSSL(Type type)228   static bool UsingSSL(Type type) {
229     return type == BaseTestServer::TYPE_HTTPS ||
230            type == BaseTestServer::TYPE_WSS;
231   }
232 
233  protected:
234   virtual ~BaseTestServer();
type()235   Type type() const { return type_; }
236 
237   // Gets port currently assigned to host_port_pair_ without checking
238   // whether it's available (server started) or not.
239   uint16 GetPort();
240 
241   // Sets |port| as the actual port used by Python based test server.
242   void SetPort(uint16 port);
243 
244   // Set up internal status when the server is started.
245   bool SetupWhenServerStarted() WARN_UNUSED_RESULT;
246 
247   // Clean up internal status when starting to stop server.
248   void CleanUpWhenStoppingServer();
249 
250   // Set path of test resources.
251   void SetResourcePath(const base::FilePath& document_root,
252                        const base::FilePath& certificates_dir);
253 
254   // Parses the server data read from the test server.  Returns true
255   // on success.
256   bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT;
257 
258   // Generates a DictionaryValue with the arguments for launching the external
259   // Python test server.
260   bool GenerateArguments(base::DictionaryValue* arguments) const
261     WARN_UNUSED_RESULT;
262 
263   // Subclasses can override this to add arguments that are specific to their
264   // own test servers.
265   virtual bool GenerateAdditionalArguments(
266       base::DictionaryValue* arguments) const WARN_UNUSED_RESULT;
267 
268  private:
269   void Init(const std::string& host);
270 
271   // Marks the root certificate of an HTTPS test server as trusted for
272   // the duration of tests.
273   bool LoadTestRootCert() const WARN_UNUSED_RESULT;
274 
275   // Document root of the test server.
276   base::FilePath document_root_;
277 
278   // Directory that contains the SSL certificates.
279   base::FilePath certificates_dir_;
280 
281   // Address the test server listens on.
282   HostPortPair host_port_pair_;
283 
284   // Holds the data sent from the server (e.g., port number).
285   scoped_ptr<base::DictionaryValue> server_data_;
286 
287   // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
288   // server.
289   SSLOptions ssl_options_;
290 
291   Type type_;
292 
293   // Has the server been started?
294   bool started_;
295 
296   // Enables logging of the server to the console.
297   bool log_to_console_;
298 
299   scoped_ptr<ScopedPortException> allowed_port_;
300 
301   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
302 };
303 
304 }  // namespace net
305 
306 #endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
307