Blame - rtc_base/ssl_adapter_unittest.cc - webrtc.googlesource.com/src

blob: 9774c0a5d9d72f625e3a5108fcd51598f1fe7e66 [file] [log] [blame]

tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	1	/*
				2	* Copyright 2014 The WebRTC Project Authors. All rights reserved.
				3	*
				4	* Use of this source code is governed by a BSD-style license
				5	* that can be found in the LICENSE file in the root of the source
				6	* tree. An additional intellectual property rights grant can be found
				7	* in the file PATENTS. All contributing project authors may
				8	* be found in the AUTHORS file in the root of the source tree.
				9	*/
				10
jbauch	555604a	2016-04-26 03:13:22 -0700	[diff] [blame]	11	#include <memory>
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	12	#include <string>
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	13	#include <utility>
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	14
Karl Wiberg	918f50c	2018-07-05 11:40:33 +0200	[diff] [blame]	15	#include "absl/memory/memory.h"
Mirko Bonadei	92ea95e	2017-09-15 06:47:31 +0200	[diff] [blame]	16	#include "rtc_base/gunit.h"
Steve Anton	10542f2	2019-01-11 09:11:00 -0800	[diff] [blame^]	17	#include "rtc_base/ip_address.h"
				18	#include "rtc_base/message_digest.h"
				19	#include "rtc_base/socket_stream.h"
				20	#include "rtc_base/ssl_adapter.h"
				21	#include "rtc_base/ssl_identity.h"
				22	#include "rtc_base/ssl_stream_adapter.h"
Mirko Bonadei	92ea95e	2017-09-15 06:47:31 +0200	[diff] [blame]	23	#include "rtc_base/stream.h"
Steve Anton	10542f2	2019-01-11 09:11:00 -0800	[diff] [blame^]	24	#include "rtc_base/string_encode.h"
				25	#include "rtc_base/virtual_socket_server.h"
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	26	#include "test/gmock.h"
				27
				28	using ::testing::_;
				29	using ::testing::Return;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	30
				31	static const int kTimeout = 5000;
				32
				33	static rtc::AsyncSocket* CreateSocket(const rtc::SSLMode& ssl_mode) {
				34	rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0);
				35
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	36	rtc::AsyncSocket* socket =
				37	rtc::Thread::Current()->socketserver()->CreateAsyncSocket(
				38	address.family(),
				39	(ssl_mode == rtc::SSL_MODE_DTLS) ? SOCK_DGRAM : SOCK_STREAM);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	40	socket->Bind(address);
				41
				42	return socket;
				43	}
				44
				45	static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) {
				46	return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS";
				47	}
				48
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	49	// Simple mock for the certificate verifier.
				50	class MockCertVerifier : public rtc::SSLCertificateVerifier {
				51	public:
				52	virtual ~MockCertVerifier() = default;
				53	MOCK_METHOD1(Verify, bool(const rtc::SSLCertificate&));
				54	};
				55
				56	// TODO(benwright) - Move to using INSTANTIATE_TEST_CASE_P instead of using
				57	// duplicate test cases for simple parameter changes.
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	58	class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
				59	public:
				60	explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode)
				61	: ssl_mode_(ssl_mode) {
				62	rtc::AsyncSocket* socket = CreateSocket(ssl_mode_);
				63
				64	ssl_adapter_.reset(rtc::SSLAdapter::Create(socket));
				65
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	66	ssl_adapter_->SetMode(ssl_mode_);
				67
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	68	// Ignore any certificate errors for the purpose of testing.
				69	// Note: We do this only because we don't have a real certificate.
				70	// NEVER USE THIS IN PRODUCTION CODE!
Sergey Silkin	9c147dd	2018-09-12 10:45:38 +0000	[diff] [blame]	71	ssl_adapter_->SetIgnoreBadCert(true);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	72
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	73	ssl_adapter_->SignalReadEvent.connect(
				74	this, &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent);
				75	ssl_adapter_->SignalCloseEvent.connect(
				76	this, &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	77	}
				78
Sergey Silkin	9c147dd	2018-09-12 10:45:38 +0000	[diff] [blame]	79	void SetIgnoreBadCert(bool ignore_bad_cert) {
				80	ssl_adapter_->SetIgnoreBadCert(ignore_bad_cert);
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	81	}
				82
				83	void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
				84	ssl_adapter_->SetCertVerifier(ssl_cert_verifier);
				85	}
				86
Sergey Silkin	9c147dd	2018-09-12 10:45:38 +0000	[diff] [blame]	87	void SetAlpnProtocols(const std::vector<std::string>& protos) {
				88	ssl_adapter_->SetAlpnProtocols(protos);
				89	}
				90
				91	void SetEllipticCurves(const std::vector<std::string>& curves) {
				92	ssl_adapter_->SetEllipticCurves(curves);
				93	}
				94
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	95	rtc::SocketAddress GetAddress() const {
				96	return ssl_adapter_->GetLocalAddress();
				97	}
				98
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	99	rtc::AsyncSocket::ConnState GetState() const {
				100	return ssl_adapter_->GetState();
				101	}
				102
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	103	const std::string& GetReceivedData() const { return data_; }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	104
				105	int Connect(const std::string& hostname, const rtc::SocketAddress& address) {
Jonas Olsson	abbe841	2018-04-03 13:40:05 +0200	[diff] [blame]	106	RTC_LOG(LS_INFO) << "Initiating connection with " << address.ToString();
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	107
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	108	int rv = ssl_adapter_->Connect(address);
				109
				110	if (rv == 0) {
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	111	RTC_LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_)
				112	<< " handshake with " << hostname;
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	113
				114	if (ssl_adapter_->StartSSL(hostname.c_str(), false) != 0) {
				115	return -1;
				116	}
				117	}
				118
				119	return rv;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	120	}
				121
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	122	int Close() { return ssl_adapter_->Close(); }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	123
				124	int Send(const std::string& message) {
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	125	RTC_LOG(LS_INFO) << "Client sending '" << message << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	126
				127	return ssl_adapter_->Send(message.data(), message.length());
				128	}
				129
				130	void OnSSLAdapterReadEvent(rtc::AsyncSocket* socket) {
				131	char buffer[4096] = "";
				132
				133	// Read data received from the server and store it in our internal buffer.
Stefan Holmer	9131efd	2016-05-23 18:19:26 +0200	[diff] [blame]	134	int read = socket->Recv(buffer, sizeof(buffer) - 1, nullptr);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	135	if (read != -1) {
				136	buffer[read] = '\0';
				137
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	138	RTC_LOG(LS_INFO) << "Client received '" << buffer << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	139
				140	data_ += buffer;
				141	}
				142	}
				143
				144	void OnSSLAdapterCloseEvent(rtc::AsyncSocket* socket, int error) {
				145	// OpenSSLAdapter signals handshake failure with a close event, but without
				146	// closing the socket! Let's close the socket here. This way GetState() can
				147	// return CS_CLOSED after failure.
				148	if (socket->GetState() != rtc::AsyncSocket::CS_CLOSED) {
				149	socket->Close();
				150	}
				151	}
				152
				153	private:
				154	const rtc::SSLMode ssl_mode_;
				155
jbauch	555604a	2016-04-26 03:13:22 -0700	[diff] [blame]	156	std::unique_ptr<rtc::SSLAdapter> ssl_adapter_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	157
				158	std::string data_;
				159	};
				160
				161	class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
				162	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	163	explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode,
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	164	const rtc::KeyParams& key_params)
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	165	: ssl_mode_(ssl_mode) {
				166	// Generate a key pair and a certificate for this host.
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	167	ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname(), key_params));
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	168
				169	server_socket_.reset(CreateSocket(ssl_mode_));
				170
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	171	if (ssl_mode_ == rtc::SSL_MODE_TLS) {
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	172	server_socket_->SignalReadEvent.connect(
				173	this, &SSLAdapterTestDummyServer::OnServerSocketReadEvent);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	174
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	175	server_socket_->Listen(1);
				176	}
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	177
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	178	RTC_LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP")
				179	<< " server listening on "
Jonas Olsson	abbe841	2018-04-03 13:40:05 +0200	[diff] [blame]	180	<< server_socket_->GetLocalAddress().ToString();
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	181	}
				182
				183	rtc::SocketAddress GetAddress() const {
				184	return server_socket_->GetLocalAddress();
				185	}
				186
				187	std::string GetHostname() const {
				188	// Since we don't have a real certificate anyway, the value here doesn't
				189	// really matter.
				190	return "example.com";
				191	}
				192
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	193	const std::string& GetReceivedData() const { return data_; }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	194
				195	int Send(const std::string& message) {
deadbeef	37f5ecf	2017-02-27 14:06:41 -0800	[diff] [blame]	196	if (ssl_stream_adapter_ == nullptr \|\|
				197	ssl_stream_adapter_->GetState() != rtc::SS_OPEN) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	198	// No connection yet.
				199	return -1;
				200	}
				201
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	202	RTC_LOG(LS_INFO) << "Server sending '" << message << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	203
				204	size_t written;
				205	int error;
				206
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	207	rtc::StreamResult r = ssl_stream_adapter_->Write(
				208	message.data(), message.length(), &written, &error);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	209	if (r == rtc::SR_SUCCESS) {
				210	return written;
				211	} else {
				212	return -1;
				213	}
				214	}
				215
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	216	void AcceptConnection(const rtc::SocketAddress& address) {
				217	// Only a single connection is supported.
deadbeef	37f5ecf	2017-02-27 14:06:41 -0800	[diff] [blame]	218	ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	219
				220	// This is only for DTLS.
				221	ASSERT_EQ(rtc::SSL_MODE_DTLS, ssl_mode_);
				222
				223	// Transfer ownership of the socket to the SSLStreamAdapter object.
				224	rtc::AsyncSocket* socket = server_socket_.release();
				225
				226	socket->Connect(address);
				227
				228	DoHandshake(socket);
				229	}
				230
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	231	void OnServerSocketReadEvent(rtc::AsyncSocket* socket) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	232	// Only a single connection is supported.
deadbeef	37f5ecf	2017-02-27 14:06:41 -0800	[diff] [blame]	233	ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	234
deadbeef	37f5ecf	2017-02-27 14:06:41 -0800	[diff] [blame]	235	DoHandshake(server_socket_->Accept(nullptr));
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	236	}
				237
				238	void OnSSLStreamAdapterEvent(rtc::StreamInterface* stream, int sig, int err) {
				239	if (sig & rtc::SE_READ) {
				240	char buffer[4096] = "";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	241	size_t read;
				242	int error;
				243
				244	// Read data received from the client and store it in our internal
				245	// buffer.
deadbeef	ed3b986	2017-06-02 10:33:16 -0700	[diff] [blame]	246	rtc::StreamResult r =
				247	stream->Read(buffer, sizeof(buffer) - 1, &read, &error);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	248	if (r == rtc::SR_SUCCESS) {
				249	buffer[read] = '\0';
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	250	RTC_LOG(LS_INFO) << "Server received '" << buffer << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	251	data_ += buffer;
				252	}
				253	}
				254	}
				255
				256	private:
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	257	void DoHandshake(rtc::AsyncSocket* socket) {
				258	rtc::SocketStream* stream = new rtc::SocketStream(socket);
				259
				260	ssl_stream_adapter_.reset(rtc::SSLStreamAdapter::Create(stream));
				261
				262	ssl_stream_adapter_->SetMode(ssl_mode_);
				263	ssl_stream_adapter_->SetServerRole();
				264
				265	// SSLStreamAdapter is normally used for peer-to-peer communication, but
				266	// here we're testing communication between a client and a server
				267	// (e.g. a WebRTC-based application and an RFC 5766 TURN server), where
				268	// clients are not required to provide a certificate during handshake.
				269	// Accordingly, we must disable client authentication here.
Benjamin Wright	b19b497	2018-10-25 10:46:49 -0700	[diff] [blame]	270	ssl_stream_adapter_->SetClientAuthEnabledForTesting(false);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	271
				272	ssl_stream_adapter_->SetIdentity(ssl_identity_->GetReference());
				273
				274	// Set a bogus peer certificate digest.
				275	unsigned char digest[20];
				276	size_t digest_len = sizeof(digest);
				277	ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	278	digest_len);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	279
Taylor Brandstetter	c8762a8	2016-08-11 12:01:49 -0700	[diff] [blame]	280	ssl_stream_adapter_->StartSSL();
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	281
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	282	ssl_stream_adapter_->SignalEvent.connect(
				283	this, &SSLAdapterTestDummyServer::OnSSLStreamAdapterEvent);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	284	}
				285
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	286	const rtc::SSLMode ssl_mode_;
				287
jbauch	555604a	2016-04-26 03:13:22 -0700	[diff] [blame]	288	std::unique_ptr<rtc::AsyncSocket> server_socket_;
				289	std::unique_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	290
jbauch	555604a	2016-04-26 03:13:22 -0700	[diff] [blame]	291	std::unique_ptr<rtc::SSLIdentity> ssl_identity_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	292
				293	std::string data_;
				294	};
				295
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	296	class SSLAdapterTestBase : public testing::Test, public sigslot::has_slots<> {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	297	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	298	explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode,
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	299	const rtc::KeyParams& key_params)
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	300	: ssl_mode_(ssl_mode),
deadbeef	98e186c	2017-05-16 18:00:06 -0700	[diff] [blame]	301	vss_(new rtc::VirtualSocketServer()),
nisse	7eaa4ea	2017-05-08 05:25:41 -0700	[diff] [blame]	302	thread_(vss_.get()),
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	303	server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)),
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	304	client_(new SSLAdapterTestDummyClient(ssl_mode_)),
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	305	handshake_wait_(kTimeout) {}
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	306
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	307	void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	308
Sergey Silkin	9c147dd	2018-09-12 10:45:38 +0000	[diff] [blame]	309	void SetIgnoreBadCert(bool ignore_bad_cert) {
				310	client_->SetIgnoreBadCert(ignore_bad_cert);
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	311	}
				312
				313	void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
				314	client_->SetCertVerifier(ssl_cert_verifier);
				315	}
				316
Sergey Silkin	9c147dd	2018-09-12 10:45:38 +0000	[diff] [blame]	317	void SetAlpnProtocols(const std::vector<std::string>& protos) {
				318	client_->SetAlpnProtocols(protos);
				319	}
				320
				321	void SetEllipticCurves(const std::vector<std::string>& curves) {
				322	client_->SetEllipticCurves(curves);
				323	}
				324
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	325	void SetMockCertVerifier(bool return_value) {
Karl Wiberg	918f50c	2018-07-05 11:40:33 +0200	[diff] [blame]	326	auto mock_verifier = absl::make_unique<MockCertVerifier>();
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	327	EXPECT_CALL(*mock_verifier, Verify(_)).WillRepeatedly(Return(return_value));
				328	cert_verifier_ =
				329	std::unique_ptr<rtc::SSLCertificateVerifier>(std::move(mock_verifier));
				330
Sergey Silkin	9c147dd	2018-09-12 10:45:38 +0000	[diff] [blame]	331	SetIgnoreBadCert(false);
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	332	SetCertVerifier(cert_verifier_.get());
				333	}
				334
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	335	void TestHandshake(bool expect_success) {
				336	int rv;
				337
				338	// The initial state is CS_CLOSED
				339	ASSERT_EQ(rtc::AsyncSocket::CS_CLOSED, client_->GetState());
				340
				341	rv = client_->Connect(server_->GetHostname(), server_->GetAddress());
				342	ASSERT_EQ(0, rv);
				343
				344	// Now the state should be CS_CONNECTING
				345	ASSERT_EQ(rtc::AsyncSocket::CS_CONNECTING, client_->GetState());
				346
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	347	if (ssl_mode_ == rtc::SSL_MODE_DTLS) {
				348	// For DTLS, call AcceptConnection() with the client's address.
				349	server_->AcceptConnection(client_->GetAddress());
				350	}
				351
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	352	if (expect_success) {
				353	// If expecting success, the client should end up in the CS_CONNECTED
				354	// state after handshake.
				355	EXPECT_EQ_WAIT(rtc::AsyncSocket::CS_CONNECTED, client_->GetState(),
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	356	handshake_wait_);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	357
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	358	RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_)
				359	<< " handshake complete.";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	360
				361	} else {
				362	// On handshake failure the client should end up in the CS_CLOSED state.
				363	EXPECT_EQ_WAIT(rtc::AsyncSocket::CS_CLOSED, client_->GetState(),
Yves Gerey	665174f	2018-06-19 15:03:05 +0200	[diff] [blame]	364	handshake_wait_);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	365
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	366	RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed.";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	367	}
				368	}
				369
				370	void TestTransfer(const std::string& message) {
				371	int rv;
				372
				373	rv = client_->Send(message);
				374	ASSERT_EQ(static_cast<int>(message.length()), rv);
				375
				376	// The server should have received the client's message.
				377	EXPECT_EQ_WAIT(message, server_->GetReceivedData(), kTimeout);
				378
				379	rv = server_->Send(message);
				380	ASSERT_EQ(static_cast<int>(message.length()), rv);
				381
				382	// The client should have received the server's message.
				383	EXPECT_EQ_WAIT(message, client_->GetReceivedData(), kTimeout);
				384
Mirko Bonadei	675513b	2017-11-09 11:09:25 +0100	[diff] [blame]	385	RTC_LOG(LS_INFO) << "Transfer complete.";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	386	}
				387
deadbeef	ed3b986	2017-06-02 10:33:16 -0700	[diff] [blame]	388	protected:
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	389	const rtc::SSLMode ssl_mode_;
				390
nisse	7eaa4ea	2017-05-08 05:25:41 -0700	[diff] [blame]	391	std::unique_ptr<rtc::VirtualSocketServer> vss_;
				392	rtc::AutoSocketServerThread thread_;
jbauch	555604a	2016-04-26 03:13:22 -0700	[diff] [blame]	393	std::unique_ptr<SSLAdapterTestDummyServer> server_;
				394	std::unique_ptr<SSLAdapterTestDummyClient> client_;
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	395	std::unique_ptr<rtc::SSLCertificateVerifier> cert_verifier_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	396
				397	int handshake_wait_;
				398	};
				399
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	400	class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	401	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	402	SSLAdapterTestTLS_RSA()
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	403	: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {}
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	404	};
				405
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	406	class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	407	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	408	SSLAdapterTestTLS_ECDSA()
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	409	: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {}
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	410	};
				411
				412	class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase {
				413	public:
				414	SSLAdapterTestDTLS_RSA()
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	415	: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {}
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	416	};
				417
				418	class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
				419	public:
				420	SSLAdapterTestDTLS_ECDSA()
torbjorng	4e57247	2015-10-08 09:42:49 -0700	[diff] [blame]	421	: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	422	};
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	423
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	424	// Basic tests: TLS
				425
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	426	// Test that handshake works, using RSA
				427	TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	428	TestHandshake(true);
				429	}
				430
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	431	// Test that handshake works with a custom verifier that returns true. RSA.
				432	TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierSucceeds) {
				433	SetMockCertVerifier(/return_value=/true);
				434	TestHandshake(/expect_success=/true);
				435	}
				436
				437	// Test that handshake fails with a custom verifier that returns false. RSA.
				438	TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
				439	SetMockCertVerifier(/return_value=/false);
				440	TestHandshake(/expect_success=/false);
				441	}
				442
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	443	// Test that handshake works, using ECDSA
				444	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnect) {
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	445	SetMockCertVerifier(/return_value=/true);
				446	TestHandshake(/expect_success=/true);
				447	}
				448
				449	// Test that handshake works with a custom verifier that returns true. ECDSA.
				450	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierSucceeds) {
				451	SetMockCertVerifier(/return_value=/true);
				452	TestHandshake(/expect_success=/true);
				453	}
				454
				455	// Test that handshake fails with a custom verifier that returns false. ECDSA.
				456	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
				457	SetMockCertVerifier(/return_value=/false);
				458	TestHandshake(/expect_success=/false);
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	459	}
				460
				461	// Test transfer between client and server, using RSA
				462	TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransfer) {
				463	TestHandshake(true);
				464	TestTransfer("Hello, world!");
				465	}
				466
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	467	// Test transfer between client and server, using RSA with custom cert verifier.
				468	TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferCustomCertVerifier) {
				469	SetMockCertVerifier(/return_value=/true);
				470	TestHandshake(/expect_success=/true);
				471	TestTransfer("Hello, world!");
				472	}
				473
deadbeef	ed3b986	2017-06-02 10:33:16 -0700	[diff] [blame]	474	TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferWithBlockedSocket) {
				475	TestHandshake(true);
				476
				477	// Tell the underlying socket to simulate being blocked.
				478	vss_->SetSendingBlocked(true);
				479
				480	std::string expected;
				481	int rv;
				482	// Send messages until the SSL socket adapter starts applying backpressure.
				483	// Note that this may not occur immediately since there may be some amount of
				484	// intermediate buffering (either in our code or in BoringSSL).
				485	for (int i = 0; i < 1024; ++i) {
				486	std::string message = "Hello, world: " + rtc::ToString(i);
				487	rv = client_->Send(message);
				488	if (rv != static_cast<int>(message.size())) {
				489	// This test assumes either the whole message or none of it is sent.
				490	ASSERT_EQ(-1, rv);
				491	break;
				492	}
				493	expected += message;
				494	}
				495	// Assert that the loop above exited due to Send returning -1.
				496	ASSERT_EQ(-1, rv);
				497
				498	// Try sending another message while blocked. -1 should be returned again and
				499	// it shouldn't end up received by the server later.
				500	EXPECT_EQ(-1, client_->Send("Never sent"));
				501
				502	// Unblock the underlying socket. All of the buffered messages should be sent
				503	// without any further action.
				504	vss_->SetSendingBlocked(false);
				505	EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
				506
				507	// Send another message. This previously wasn't working
				508	std::string final_message = "Fin.";
				509	expected += final_message;
				510	EXPECT_EQ(static_cast<int>(final_message.size()),
				511	client_->Send(final_message));
				512	EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
				513	}
				514
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	515	// Test transfer between client and server, using ECDSA
				516	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransfer) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44 +0000	[diff] [blame]	517	TestHandshake(true);
				518	TestTransfer("Hello, world!");
				519	}
				520
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	521	// Test transfer between client and server, using ECDSA with custom cert
				522	// verifier.
				523	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransferCustomCertVerifier) {
				524	SetMockCertVerifier(/return_value=/true);
				525	TestHandshake(/expect_success=/true);
				526	TestTransfer("Hello, world!");
				527	}
				528
Diogo Real	1dca9d5	2017-08-29 12:18:32 -0700	[diff] [blame]	529	// Test transfer using ALPN with protos as h2 and http/1.1
				530	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSALPN) {
				531	std::vector<std::string> alpn_protos{"h2", "http/1.1"};
				532	SetAlpnProtocols(alpn_protos);
				533	TestHandshake(true);
				534	TestTransfer("Hello, world!");
				535	}
				536
Diogo Real	7bd1f1b	2017-09-08 12:50:41 -0700	[diff] [blame]	537	// Test transfer with TLS Elliptic curves set to "X25519:P-256:P-384:P-521"
				538	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSEllipticCurves) {
				539	std::vector<std::string> elliptic_curves{"X25519", "P-256", "P-384", "P-521"};
				540	SetEllipticCurves(elliptic_curves);
				541	TestHandshake(true);
				542	TestTransfer("Hello, world!");
				543	}
				544
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	545	// Basic tests: DTLS
				546
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	547	// Test that handshake works, using RSA
				548	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	549	TestHandshake(true);
				550	}
				551
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	552	// Test that handshake works with a custom verifier that returns true. DTLS_RSA.
				553	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnectCustomCertVerifierSucceeds) {
				554	SetMockCertVerifier(/return_value=/true);
				555	TestHandshake(/expect_success=/true);
				556	}
				557
				558	// Test that handshake fails with a custom verifier that returns false.
				559	// DTLS_RSA.
				560	TEST_F(SSLAdapterTestDTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
				561	SetMockCertVerifier(/return_value=/false);
				562	TestHandshake(/expect_success=/false);
				563	}
				564
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	565	// Test that handshake works, using ECDSA
				566	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnect) {
				567	TestHandshake(true);
				568	}
				569
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	570	// Test that handshake works with a custom verifier that returns true.
				571	// DTLS_ECDSA.
				572	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnectCustomCertVerifierSucceeds) {
				573	SetMockCertVerifier(/return_value=/true);
				574	TestHandshake(/expect_success=/true);
				575	}
				576
				577	// Test that handshake fails with a custom verifier that returns false.
				578	// DTLS_ECDSA.
				579	TEST_F(SSLAdapterTestDTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
				580	SetMockCertVerifier(/return_value=/false);
				581	TestHandshake(/expect_success=/false);
				582	}
				583
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	584	// Test transfer between client and server, using RSA
				585	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) {
				586	TestHandshake(true);
				587	TestTransfer("Hello, world!");
				588	}
				589
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	590	// Test transfer between client and server, using RSA with custom cert verifier.
				591	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransferCustomCertVerifier) {
				592	SetMockCertVerifier(/return_value=/true);
				593	TestHandshake(/expect_success=/true);
				594	TestTransfer("Hello, world!");
				595	}
				596
Torbjorn Granlund	b6d4ec4	2015-08-17 14:08:59 +0200	[diff] [blame]	597	// Test transfer between client and server, using ECDSA
				598	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14 +0000	[diff] [blame]	599	TestHandshake(true);
				600	TestTransfer("Hello, world!");
				601	}
Benjamin Wright	6e9c3df	2018-05-22 16:11:56 -0700	[diff] [blame]	602
				603	// Test transfer between client and server, using ECDSA with custom cert
				604	// verifier.
				605	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransferCustomCertVerifier) {
				606	SetMockCertVerifier(/return_value=/true);
				607	TestHandshake(/expect_success=/true);
				608	TestTransfer("Hello, world!");
				609	}