1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/test/spawned_test_server/base_test_server.h"
6
7 #include <string>
8 #include <vector>
9
10 #include "base/base64.h"
11 #include "base/files/file_util.h"
12 #include "base/json/json_reader.h"
13 #include "base/logging.h"
14 #include "base/path_service.h"
15 #include "base/values.h"
16 #include "net/base/address_list.h"
17 #include "net/base/host_port_pair.h"
18 #include "net/base/net_errors.h"
19 #include "net/base/net_log.h"
20 #include "net/base/net_util.h"
21 #include "net/base/test_completion_callback.h"
22 #include "net/cert/test_root_certs.h"
23 #include "net/dns/host_resolver.h"
24 #include "url/gurl.h"
25
26 namespace net {
27
28 namespace {
29
GetHostname(BaseTestServer::Type type,const BaseTestServer::SSLOptions & options)30 std::string GetHostname(BaseTestServer::Type type,
31 const BaseTestServer::SSLOptions& options) {
32 if (BaseTestServer::UsingSSL(type) &&
33 options.server_certificate ==
34 BaseTestServer::SSLOptions::CERT_MISMATCHED_NAME) {
35 // Return a different hostname string that resolves to the same hostname.
36 return "localhost";
37 }
38
39 // Use the 127.0.0.1 as default.
40 return BaseTestServer::kLocalhost;
41 }
42
GetClientCertType(SSLClientCertType type)43 std::string GetClientCertType(SSLClientCertType type) {
44 switch (type) {
45 case CLIENT_CERT_RSA_SIGN:
46 return "rsa_sign";
47 case CLIENT_CERT_DSS_SIGN:
48 return "dss_sign";
49 case CLIENT_CERT_ECDSA_SIGN:
50 return "ecdsa_sign";
51 default:
52 NOTREACHED();
53 return "";
54 }
55 }
56
GetKeyExchangesList(int key_exchange,base::ListValue * values)57 void GetKeyExchangesList(int key_exchange, base::ListValue* values) {
58 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_RSA)
59 values->Append(new base::StringValue("rsa"));
60 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA)
61 values->Append(new base::StringValue("dhe_rsa"));
62 }
63
GetCiphersList(int cipher,base::ListValue * values)64 void GetCiphersList(int cipher, base::ListValue* values) {
65 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_RC4)
66 values->Append(new base::StringValue("rc4"));
67 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES128)
68 values->Append(new base::StringValue("aes128"));
69 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES256)
70 values->Append(new base::StringValue("aes256"));
71 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_3DES)
72 values->Append(new base::StringValue("3des"));
73 }
74
GetTLSIntoleranceType(BaseTestServer::SSLOptions::TLSIntoleranceType type)75 base::StringValue* GetTLSIntoleranceType(
76 BaseTestServer::SSLOptions::TLSIntoleranceType type) {
77 switch (type) {
78 case BaseTestServer::SSLOptions::TLS_INTOLERANCE_ALERT:
79 return new base::StringValue("alert");
80 case BaseTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE:
81 return new base::StringValue("close");
82 case BaseTestServer::SSLOptions::TLS_INTOLERANCE_RESET:
83 return new base::StringValue("reset");
84 default:
85 NOTREACHED();
86 return new base::StringValue("");
87 }
88 }
89
90 } // namespace
91
SSLOptions()92 BaseTestServer::SSLOptions::SSLOptions()
93 : server_certificate(CERT_OK),
94 ocsp_status(OCSP_OK),
95 cert_serial(0),
96 request_client_certificate(false),
97 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
98 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
99 record_resume(false),
100 tls_intolerant(TLS_INTOLERANT_NONE),
101 tls_intolerance_type(TLS_INTOLERANCE_ALERT),
102 fallback_scsv_enabled(false),
103 staple_ocsp_response(false),
104 enable_npn(false),
105 disable_session_cache(false) {
106 }
107
SSLOptions(BaseTestServer::SSLOptions::ServerCertificate cert)108 BaseTestServer::SSLOptions::SSLOptions(
109 BaseTestServer::SSLOptions::ServerCertificate cert)
110 : server_certificate(cert),
111 ocsp_status(OCSP_OK),
112 cert_serial(0),
113 request_client_certificate(false),
114 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
115 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
116 record_resume(false),
117 tls_intolerant(TLS_INTOLERANT_NONE),
118 tls_intolerance_type(TLS_INTOLERANCE_ALERT),
119 fallback_scsv_enabled(false),
120 staple_ocsp_response(false),
121 enable_npn(false),
122 disable_session_cache(false) {
123 }
124
~SSLOptions()125 BaseTestServer::SSLOptions::~SSLOptions() {}
126
GetCertificateFile() const127 base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const {
128 switch (server_certificate) {
129 case CERT_OK:
130 case CERT_MISMATCHED_NAME:
131 return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem"));
132 case CERT_EXPIRED:
133 return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem"));
134 case CERT_CHAIN_WRONG_ROOT:
135 // This chain uses its own dedicated test root certificate to avoid
136 // side-effects that may affect testing.
137 return base::FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem"));
138 case CERT_AUTO:
139 return base::FilePath();
140 default:
141 NOTREACHED();
142 }
143 return base::FilePath();
144 }
145
GetOCSPArgument() const146 std::string BaseTestServer::SSLOptions::GetOCSPArgument() const {
147 if (server_certificate != CERT_AUTO)
148 return std::string();
149
150 switch (ocsp_status) {
151 case OCSP_OK:
152 return "ok";
153 case OCSP_REVOKED:
154 return "revoked";
155 case OCSP_INVALID:
156 return "invalid";
157 case OCSP_UNAUTHORIZED:
158 return "unauthorized";
159 case OCSP_UNKNOWN:
160 return "unknown";
161 default:
162 NOTREACHED();
163 return std::string();
164 }
165 }
166
167 const char BaseTestServer::kLocalhost[] = "127.0.0.1";
168
BaseTestServer(Type type,const std::string & host)169 BaseTestServer::BaseTestServer(Type type, const std::string& host)
170 : type_(type),
171 started_(false),
172 log_to_console_(false),
173 ws_basic_auth_(false) {
174 Init(host);
175 }
176
BaseTestServer(Type type,const SSLOptions & ssl_options)177 BaseTestServer::BaseTestServer(Type type, const SSLOptions& ssl_options)
178 : ssl_options_(ssl_options),
179 type_(type),
180 started_(false),
181 log_to_console_(false),
182 ws_basic_auth_(false) {
183 DCHECK(UsingSSL(type));
184 Init(GetHostname(type, ssl_options));
185 }
186
~BaseTestServer()187 BaseTestServer::~BaseTestServer() {}
188
host_port_pair() const189 const HostPortPair& BaseTestServer::host_port_pair() const {
190 DCHECK(started_);
191 return host_port_pair_;
192 }
193
server_data() const194 const base::DictionaryValue& BaseTestServer::server_data() const {
195 DCHECK(started_);
196 DCHECK(server_data_.get());
197 return *server_data_;
198 }
199
GetScheme() const200 std::string BaseTestServer::GetScheme() const {
201 switch (type_) {
202 case TYPE_FTP:
203 return "ftp";
204 case TYPE_HTTP:
205 return "http";
206 case TYPE_HTTPS:
207 return "https";
208 case TYPE_WS:
209 return "ws";
210 case TYPE_WSS:
211 return "wss";
212 case TYPE_TCP_ECHO:
213 case TYPE_UDP_ECHO:
214 default:
215 NOTREACHED();
216 }
217 return std::string();
218 }
219
GetAddressList(AddressList * address_list) const220 bool BaseTestServer::GetAddressList(AddressList* address_list) const {
221 DCHECK(address_list);
222
223 scoped_ptr<HostResolver> resolver(HostResolver::CreateDefaultResolver(NULL));
224 HostResolver::RequestInfo info(host_port_pair_);
225 TestCompletionCallback callback;
226 int rv = resolver->Resolve(info,
227 DEFAULT_PRIORITY,
228 address_list,
229 callback.callback(),
230 NULL,
231 BoundNetLog());
232 if (rv == ERR_IO_PENDING)
233 rv = callback.WaitForResult();
234 if (rv != net::OK) {
235 LOG(ERROR) << "Failed to resolve hostname: " << host_port_pair_.host();
236 return false;
237 }
238 return true;
239 }
240
GetPort()241 uint16 BaseTestServer::GetPort() {
242 return host_port_pair_.port();
243 }
244
SetPort(uint16 port)245 void BaseTestServer::SetPort(uint16 port) {
246 host_port_pair_.set_port(port);
247 }
248
GetURL(const std::string & path) const249 GURL BaseTestServer::GetURL(const std::string& path) const {
250 return GURL(GetScheme() + "://" + host_port_pair_.ToString() + "/" + path);
251 }
252
GetURLWithUser(const std::string & path,const std::string & user) const253 GURL BaseTestServer::GetURLWithUser(const std::string& path,
254 const std::string& user) const {
255 return GURL(GetScheme() + "://" + user + "@" + host_port_pair_.ToString() +
256 "/" + path);
257 }
258
GetURLWithUserAndPassword(const std::string & path,const std::string & user,const std::string & password) const259 GURL BaseTestServer::GetURLWithUserAndPassword(const std::string& path,
260 const std::string& user,
261 const std::string& password) const {
262 return GURL(GetScheme() + "://" + user + ":" + password + "@" +
263 host_port_pair_.ToString() + "/" + path);
264 }
265
266 // static
GetFilePathWithReplacements(const std::string & original_file_path,const std::vector<StringPair> & text_to_replace,std::string * replacement_path)267 bool BaseTestServer::GetFilePathWithReplacements(
268 const std::string& original_file_path,
269 const std::vector<StringPair>& text_to_replace,
270 std::string* replacement_path) {
271 std::string new_file_path = original_file_path;
272 bool first_query_parameter = true;
273 const std::vector<StringPair>::const_iterator end = text_to_replace.end();
274 for (std::vector<StringPair>::const_iterator it = text_to_replace.begin();
275 it != end;
276 ++it) {
277 const std::string& old_text = it->first;
278 const std::string& new_text = it->second;
279 std::string base64_old;
280 std::string base64_new;
281 base::Base64Encode(old_text, &base64_old);
282 base::Base64Encode(new_text, &base64_new);
283 if (first_query_parameter) {
284 new_file_path += "?";
285 first_query_parameter = false;
286 } else {
287 new_file_path += "&";
288 }
289 new_file_path += "replace_text=";
290 new_file_path += base64_old;
291 new_file_path += ":";
292 new_file_path += base64_new;
293 }
294
295 *replacement_path = new_file_path;
296 return true;
297 }
298
Init(const std::string & host)299 void BaseTestServer::Init(const std::string& host) {
300 host_port_pair_ = HostPortPair(host, 0);
301
302 // TODO(battre) Remove this after figuring out why the TestServer is flaky.
303 // http://crbug.com/96594
304 log_to_console_ = true;
305 }
306
SetResourcePath(const base::FilePath & document_root,const base::FilePath & certificates_dir)307 void BaseTestServer::SetResourcePath(const base::FilePath& document_root,
308 const base::FilePath& certificates_dir) {
309 // This method shouldn't get called twice.
310 DCHECK(certificates_dir_.empty());
311 document_root_ = document_root;
312 certificates_dir_ = certificates_dir;
313 DCHECK(!certificates_dir_.empty());
314 }
315
ParseServerData(const std::string & server_data)316 bool BaseTestServer::ParseServerData(const std::string& server_data) {
317 VLOG(1) << "Server data: " << server_data;
318 base::JSONReader json_reader;
319 scoped_ptr<base::Value> value(json_reader.ReadToValue(server_data));
320 if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) {
321 LOG(ERROR) << "Could not parse server data: "
322 << json_reader.GetErrorMessage();
323 return false;
324 }
325
326 server_data_.reset(static_cast<base::DictionaryValue*>(value.release()));
327 int port = 0;
328 if (!server_data_->GetInteger("port", &port)) {
329 LOG(ERROR) << "Could not find port value";
330 return false;
331 }
332 if ((port <= 0) || (port > kuint16max)) {
333 LOG(ERROR) << "Invalid port value: " << port;
334 return false;
335 }
336 host_port_pair_.set_port(port);
337
338 return true;
339 }
340
LoadTestRootCert() const341 bool BaseTestServer::LoadTestRootCert() const {
342 TestRootCerts* root_certs = TestRootCerts::GetInstance();
343 if (!root_certs)
344 return false;
345
346 // Should always use absolute path to load the root certificate.
347 base::FilePath root_certificate_path = certificates_dir_;
348 if (!certificates_dir_.IsAbsolute()) {
349 base::FilePath src_dir;
350 if (!PathService::Get(base::DIR_SOURCE_ROOT, &src_dir))
351 return false;
352 root_certificate_path = src_dir.Append(certificates_dir_);
353 }
354
355 return root_certs->AddFromFile(
356 root_certificate_path.AppendASCII("root_ca_cert.pem"));
357 }
358
SetupWhenServerStarted()359 bool BaseTestServer::SetupWhenServerStarted() {
360 DCHECK(host_port_pair_.port());
361
362 if (UsingSSL(type_) && !LoadTestRootCert())
363 return false;
364
365 started_ = true;
366 allowed_port_.reset(new ScopedPortException(host_port_pair_.port()));
367 return true;
368 }
369
CleanUpWhenStoppingServer()370 void BaseTestServer::CleanUpWhenStoppingServer() {
371 TestRootCerts* root_certs = TestRootCerts::GetInstance();
372 root_certs->Clear();
373
374 host_port_pair_.set_port(0);
375 allowed_port_.reset();
376 started_ = false;
377 }
378
379 // Generates a dictionary of arguments to pass to the Python test server via
380 // the test server spawner, in the form of
381 // { argument-name: argument-value, ... }
382 // Returns false if an invalid configuration is specified.
GenerateArguments(base::DictionaryValue * arguments) const383 bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
384 DCHECK(arguments);
385
386 arguments->SetString("host", host_port_pair_.host());
387 arguments->SetInteger("port", host_port_pair_.port());
388 arguments->SetString("data-dir", document_root_.value());
389
390 if (VLOG_IS_ON(1) || log_to_console_)
391 arguments->Set("log-to-console", base::Value::CreateNullValue());
392
393 if (ws_basic_auth_) {
394 DCHECK(type_ == TYPE_WS || type_ == TYPE_WSS);
395 arguments->Set("ws-basic-auth", base::Value::CreateNullValue());
396 }
397
398 if (UsingSSL(type_)) {
399 // Check the certificate arguments of the HTTPS server.
400 base::FilePath certificate_path(certificates_dir_);
401 base::FilePath certificate_file(ssl_options_.GetCertificateFile());
402 if (!certificate_file.value().empty()) {
403 certificate_path = certificate_path.Append(certificate_file);
404 if (certificate_path.IsAbsolute() &&
405 !base::PathExists(certificate_path)) {
406 LOG(ERROR) << "Certificate path " << certificate_path.value()
407 << " doesn't exist. Can't launch https server.";
408 return false;
409 }
410 arguments->SetString("cert-and-key-file", certificate_path.value());
411 }
412
413 // Check the client certificate related arguments.
414 if (ssl_options_.request_client_certificate)
415 arguments->Set("ssl-client-auth", base::Value::CreateNullValue());
416 scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
417
418 std::vector<base::FilePath>::const_iterator it;
419 for (it = ssl_options_.client_authorities.begin();
420 it != ssl_options_.client_authorities.end(); ++it) {
421 if (it->IsAbsolute() && !base::PathExists(*it)) {
422 LOG(ERROR) << "Client authority path " << it->value()
423 << " doesn't exist. Can't launch https server.";
424 return false;
425 }
426 ssl_client_certs->Append(new base::StringValue(it->value()));
427 }
428
429 if (ssl_client_certs->GetSize())
430 arguments->Set("ssl-client-ca", ssl_client_certs.release());
431
432 scoped_ptr<base::ListValue> client_cert_types(new base::ListValue());
433 for (size_t i = 0; i < ssl_options_.client_cert_types.size(); i++) {
434 client_cert_types->Append(new base::StringValue(
435 GetClientCertType(ssl_options_.client_cert_types[i])));
436 }
437 if (client_cert_types->GetSize())
438 arguments->Set("ssl-client-cert-type", client_cert_types.release());
439 }
440
441 if (type_ == TYPE_HTTPS) {
442 arguments->Set("https", base::Value::CreateNullValue());
443
444 std::string ocsp_arg = ssl_options_.GetOCSPArgument();
445 if (!ocsp_arg.empty())
446 arguments->SetString("ocsp", ocsp_arg);
447
448 if (ssl_options_.cert_serial != 0) {
449 arguments->SetInteger("cert-serial", ssl_options_.cert_serial);
450 }
451
452 // Check key exchange argument.
453 scoped_ptr<base::ListValue> key_exchange_values(new base::ListValue());
454 GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get());
455 if (key_exchange_values->GetSize())
456 arguments->Set("ssl-key-exchange", key_exchange_values.release());
457 // Check bulk cipher argument.
458 scoped_ptr<base::ListValue> bulk_cipher_values(new base::ListValue());
459 GetCiphersList(ssl_options_.bulk_ciphers, bulk_cipher_values.get());
460 if (bulk_cipher_values->GetSize())
461 arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release());
462 if (ssl_options_.record_resume)
463 arguments->Set("https-record-resume", base::Value::CreateNullValue());
464 if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) {
465 arguments->SetInteger("tls-intolerant", ssl_options_.tls_intolerant);
466 arguments->Set("tls-intolerance-type", GetTLSIntoleranceType(
467 ssl_options_.tls_intolerance_type));
468 }
469 if (ssl_options_.fallback_scsv_enabled)
470 arguments->Set("fallback-scsv", base::Value::CreateNullValue());
471 if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) {
472 std::string b64_scts_tls_ext;
473 base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext,
474 &b64_scts_tls_ext);
475 arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext);
476 }
477 if (ssl_options_.staple_ocsp_response)
478 arguments->Set("staple-ocsp-response", base::Value::CreateNullValue());
479 if (ssl_options_.enable_npn)
480 arguments->Set("enable-npn", base::Value::CreateNullValue());
481 if (ssl_options_.disable_session_cache)
482 arguments->Set("disable-session-cache", base::Value::CreateNullValue());
483 }
484
485 return GenerateAdditionalArguments(arguments);
486 }
487
GenerateAdditionalArguments(base::DictionaryValue * arguments) const488 bool BaseTestServer::GenerateAdditionalArguments(
489 base::DictionaryValue* arguments) const {
490 return true;
491 }
492
493 } // namespace net
494