1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ 6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ 7 8 #include <string> 9 #include <utility> 10 #include <vector> 11 12 #include "base/compiler_specific.h" 13 #include "base/files/file_path.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "net/base/host_port_pair.h" 16 17 class GURL; 18 19 namespace base { 20 class DictionaryValue; 21 } 22 23 namespace net { 24 25 class AddressList; 26 class ScopedPortException; 27 28 // The base class of Test server implementation. 29 class BaseTestServer { 30 public: 31 typedef std::pair<std::string, std::string> StringPair; 32 33 // Following types represent protocol schemes. See also 34 // http://www.iana.org/assignments/uri-schemes.html 35 enum Type { 36 TYPE_BASIC_AUTH_PROXY, 37 TYPE_FTP, 38 TYPE_HTTP, 39 TYPE_HTTPS, 40 TYPE_WS, 41 TYPE_WSS, 42 TYPE_TCP_ECHO, 43 TYPE_UDP_ECHO, 44 }; 45 46 // Container for various options to control how the HTTPS or WSS server is 47 // initialized. 48 struct SSLOptions { 49 enum ServerCertificate { 50 CERT_OK, 51 52 // CERT_AUTO causes the testserver to generate a test certificate issued 53 // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem). 54 CERT_AUTO, 55 56 CERT_MISMATCHED_NAME, 57 CERT_EXPIRED, 58 // Cross-signed certificate to test PKIX path building. Contains an 59 // intermediate cross-signed by an unknown root, while the client (via 60 // TestRootStore) is expected to have a self-signed version of the 61 // intermediate. 62 CERT_CHAIN_WRONG_ROOT, 63 }; 64 65 // OCSPStatus enumerates the types of OCSP response that the testserver 66 // can produce. 67 enum OCSPStatus { 68 OCSP_OK, 69 OCSP_REVOKED, 70 OCSP_INVALID, 71 OCSP_UNAUTHORIZED, 72 OCSP_UNKNOWN, 73 }; 74 75 // Bitmask of bulk encryption algorithms that the test server supports 76 // and that can be selectively enabled or disabled. 77 enum BulkCipher { 78 // Special value used to indicate that any algorithm the server supports 79 // is acceptable. Preferred over explicitly OR-ing all ciphers. 80 BULK_CIPHER_ANY = 0, 81 82 BULK_CIPHER_RC4 = (1 << 0), 83 BULK_CIPHER_AES128 = (1 << 1), 84 BULK_CIPHER_AES256 = (1 << 2), 85 86 // NOTE: 3DES support in the Python test server has external 87 // dependencies and not be available on all machines. Clients may not 88 // be able to connect if only 3DES is specified. 89 BULK_CIPHER_3DES = (1 << 3), 90 }; 91 92 // NOTE: the values of these enumerators are passed to the the Python test 93 // server. Do not change them. 94 enum TLSIntolerantLevel { 95 TLS_INTOLERANT_NONE = 0, 96 TLS_INTOLERANT_ALL = 1, // Intolerant of all TLS versions. 97 TLS_INTOLERANT_TLS1_1 = 2, // Intolerant of TLS 1.1 or higher. 98 TLS_INTOLERANT_TLS1_2 = 3, // Intolerant of TLS 1.2 or higher. 99 }; 100 101 // Initialize a new SSLOptions using CERT_OK as the certificate. 102 SSLOptions(); 103 104 // Initialize a new SSLOptions that will use the specified certificate. 105 explicit SSLOptions(ServerCertificate cert); 106 ~SSLOptions(); 107 108 // Returns the relative filename of the file that contains the 109 // |server_certificate|. 110 base::FilePath GetCertificateFile() const; 111 112 // GetOCSPArgument returns the value of any OCSP argument to testserver or 113 // the empty string if there is none. 114 std::string GetOCSPArgument() const; 115 116 // The certificate to use when serving requests. 117 ServerCertificate server_certificate; 118 119 // If |server_certificate==CERT_AUTO| then this determines the type of OCSP 120 // response returned. 121 OCSPStatus ocsp_status; 122 123 // If not zero, |cert_serial| will be the serial number of the 124 // auto-generated leaf certificate when |server_certificate==CERT_AUTO|. 125 uint64 cert_serial; 126 127 // True if a CertificateRequest should be sent to the client during 128 // handshaking. 129 bool request_client_certificate; 130 131 // If |request_client_certificate| is true, an optional list of files, 132 // each containing a single, PEM-encoded X.509 certificates. The subject 133 // from each certificate will be added to the certificate_authorities 134 // field of the CertificateRequest. 135 std::vector<base::FilePath> client_authorities; 136 137 // A bitwise-OR of BulkCipher that should be used by the 138 // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented 139 // ciphers are acceptable. 140 int bulk_ciphers; 141 142 // If true, pass the --https-record-resume argument to testserver.py which 143 // causes it to log session cache actions and echo the log on 144 // /ssl-session-cache. 145 bool record_resume; 146 147 // If not TLS_INTOLERANT_NONE, the server will abort any handshake that 148 // negotiates an intolerant TLS version in order to test version fallback. 149 TLSIntolerantLevel tls_intolerant; 150 151 // fallback_scsv_enabled, if true, causes the server to process the 152 // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome 153 // when performing TLS version fallback in response to an SSL handshake 154 // failure. If this option is enabled then the server will reject fallback 155 // connections. 156 bool fallback_scsv_enabled; 157 158 // Temporary glue for testing: validation of SCTs is application-controlled 159 // and can be appropriately mocked out, so sending fake data here does not 160 // affect handshaking behaviour. 161 // TODO(ekasper): replace with valid SCT files for test certs. 162 // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in 163 // a TLS extension. 164 std::string signed_cert_timestamps_tls_ext; 165 166 // Whether to staple the OCSP response. 167 bool staple_ocsp_response; 168 }; 169 170 // Pass as the 'host' parameter during construction to server on 127.0.0.1 171 static const char kLocalhost[]; 172 173 // Initialize a TestServer listening on a specific host (IP or hostname). 174 BaseTestServer(Type type, const std::string& host); 175 176 // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS. 177 BaseTestServer(Type type, const SSLOptions& ssl_options); 178 179 // Returns the host port pair used by current Python based test server only 180 // if the server is started. 181 const HostPortPair& host_port_pair() const; 182 183 const base::FilePath& document_root() const { return document_root_; } 184 const base::DictionaryValue& server_data() const; 185 std::string GetScheme() const; 186 bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT; 187 188 GURL GetURL(const std::string& path) const; 189 190 GURL GetURLWithUser(const std::string& path, 191 const std::string& user) const; 192 193 GURL GetURLWithUserAndPassword(const std::string& path, 194 const std::string& user, 195 const std::string& password) const; 196 197 static bool GetFilePathWithReplacements( 198 const std::string& original_path, 199 const std::vector<StringPair>& text_to_replace, 200 std::string* replacement_path); 201 202 static bool UsingSSL(Type type) { 203 return type == BaseTestServer::TYPE_HTTPS || 204 type == BaseTestServer::TYPE_WSS; 205 } 206 207 protected: 208 virtual ~BaseTestServer(); 209 Type type() const { return type_; } 210 211 // Gets port currently assigned to host_port_pair_ without checking 212 // whether it's available (server started) or not. 213 uint16 GetPort(); 214 215 // Sets |port| as the actual port used by Python based test server. 216 void SetPort(uint16 port); 217 218 // Set up internal status when the server is started. 219 bool SetupWhenServerStarted() WARN_UNUSED_RESULT; 220 221 // Clean up internal status when starting to stop server. 222 void CleanUpWhenStoppingServer(); 223 224 // Set path of test resources. 225 void SetResourcePath(const base::FilePath& document_root, 226 const base::FilePath& certificates_dir); 227 228 // Parses the server data read from the test server. Returns true 229 // on success. 230 bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT; 231 232 // Generates a DictionaryValue with the arguments for launching the external 233 // Python test server. 234 bool GenerateArguments(base::DictionaryValue* arguments) const 235 WARN_UNUSED_RESULT; 236 237 // Subclasses can override this to add arguments that are specific to their 238 // own test servers. 239 virtual bool GenerateAdditionalArguments( 240 base::DictionaryValue* arguments) const WARN_UNUSED_RESULT; 241 242 private: 243 void Init(const std::string& host); 244 245 // Marks the root certificate of an HTTPS test server as trusted for 246 // the duration of tests. 247 bool LoadTestRootCert() const WARN_UNUSED_RESULT; 248 249 // Document root of the test server. 250 base::FilePath document_root_; 251 252 // Directory that contains the SSL certificates. 253 base::FilePath certificates_dir_; 254 255 // Address the test server listens on. 256 HostPortPair host_port_pair_; 257 258 // Holds the data sent from the server (e.g., port number). 259 scoped_ptr<base::DictionaryValue> server_data_; 260 261 // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test 262 // server. 263 SSLOptions ssl_options_; 264 265 Type type_; 266 267 // Has the server been started? 268 bool started_; 269 270 // Enables logging of the server to the console. 271 bool log_to_console_; 272 273 scoped_ptr<ScopedPortException> allowed_port_; 274 275 DISALLOW_COPY_AND_ASSIGN(BaseTestServer); 276 }; 277 278 } // namespace net 279 280 #endif // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ 281
