1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/test/spawned_test_server/base_test_server.h" 6 7 #include <string> 8 #include <vector> 9 10 #include "base/base64.h" 11 #include "base/file_util.h" 12 #include "base/json/json_reader.h" 13 #include "base/logging.h" 14 #include "base/path_service.h" 15 #include "base/values.h" 16 #include "net/base/address_list.h" 17 #include "net/base/host_port_pair.h" 18 #include "net/base/net_errors.h" 19 #include "net/base/net_log.h" 20 #include "net/base/net_util.h" 21 #include "net/base/test_completion_callback.h" 22 #include "net/cert/test_root_certs.h" 23 #include "net/dns/host_resolver.h" 24 #include "url/gurl.h" 25 26 namespace net { 27 28 namespace { 29 30 std::string GetHostname(BaseTestServer::Type type, 31 const BaseTestServer::SSLOptions& options) { 32 if (BaseTestServer::UsingSSL(type) && 33 options.server_certificate == 34 BaseTestServer::SSLOptions::CERT_MISMATCHED_NAME) { 35 // Return a different hostname string that resolves to the same hostname. 36 return "localhost"; 37 } 38 39 // Use the 127.0.0.1 as default. 40 return BaseTestServer::kLocalhost; 41 } 42 43 std::string GetClientCertType(SSLClientCertType type) { 44 switch (type) { 45 case CLIENT_CERT_RSA_SIGN: 46 return "rsa_sign"; 47 case CLIENT_CERT_DSS_SIGN: 48 return "dss_sign"; 49 case CLIENT_CERT_ECDSA_SIGN: 50 return "ecdsa_sign"; 51 default: 52 NOTREACHED(); 53 return ""; 54 } 55 } 56 57 void GetKeyExchangesList(int key_exchange, base::ListValue* values) { 58 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_RSA) 59 values->Append(new base::StringValue("rsa")); 60 if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA) 61 values->Append(new base::StringValue("dhe_rsa")); 62 } 63 64 void GetCiphersList(int cipher, base::ListValue* values) { 65 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_RC4) 66 values->Append(new base::StringValue("rc4")); 67 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES128) 68 values->Append(new base::StringValue("aes128")); 69 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES256) 70 values->Append(new base::StringValue("aes256")); 71 if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_3DES) 72 values->Append(new base::StringValue("3des")); 73 } 74 75 } // namespace 76 77 BaseTestServer::SSLOptions::SSLOptions() 78 : server_certificate(CERT_OK), 79 ocsp_status(OCSP_OK), 80 cert_serial(0), 81 request_client_certificate(false), 82 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY), 83 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), 84 record_resume(false), 85 tls_intolerant(TLS_INTOLERANT_NONE), 86 fallback_scsv_enabled(false), 87 staple_ocsp_response(false), 88 enable_npn(false) {} 89 90 BaseTestServer::SSLOptions::SSLOptions( 91 BaseTestServer::SSLOptions::ServerCertificate cert) 92 : server_certificate(cert), 93 ocsp_status(OCSP_OK), 94 cert_serial(0), 95 request_client_certificate(false), 96 key_exchanges(SSLOptions::KEY_EXCHANGE_ANY), 97 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), 98 record_resume(false), 99 tls_intolerant(TLS_INTOLERANT_NONE), 100 fallback_scsv_enabled(false), 101 staple_ocsp_response(false), 102 enable_npn(false) {} 103 104 BaseTestServer::SSLOptions::~SSLOptions() {} 105 106 base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const { 107 switch (server_certificate) { 108 case CERT_OK: 109 case CERT_MISMATCHED_NAME: 110 return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem")); 111 case CERT_EXPIRED: 112 return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem")); 113 case CERT_CHAIN_WRONG_ROOT: 114 // This chain uses its own dedicated test root certificate to avoid 115 // side-effects that may affect testing. 116 return base::FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem")); 117 case CERT_AUTO: 118 return base::FilePath(); 119 default: 120 NOTREACHED(); 121 } 122 return base::FilePath(); 123 } 124 125 std::string BaseTestServer::SSLOptions::GetOCSPArgument() const { 126 if (server_certificate != CERT_AUTO) 127 return std::string(); 128 129 switch (ocsp_status) { 130 case OCSP_OK: 131 return "ok"; 132 case OCSP_REVOKED: 133 return "revoked"; 134 case OCSP_INVALID: 135 return "invalid"; 136 case OCSP_UNAUTHORIZED: 137 return "unauthorized"; 138 case OCSP_UNKNOWN: 139 return "unknown"; 140 default: 141 NOTREACHED(); 142 return std::string(); 143 } 144 } 145 146 const char BaseTestServer::kLocalhost[] = "127.0.0.1"; 147 148 BaseTestServer::BaseTestServer(Type type, const std::string& host) 149 : type_(type), 150 started_(false), 151 log_to_console_(false) { 152 Init(host); 153 } 154 155 BaseTestServer::BaseTestServer(Type type, const SSLOptions& ssl_options) 156 : ssl_options_(ssl_options), 157 type_(type), 158 started_(false), 159 log_to_console_(false) { 160 DCHECK(UsingSSL(type)); 161 Init(GetHostname(type, ssl_options)); 162 } 163 164 BaseTestServer::~BaseTestServer() {} 165 166 const HostPortPair& BaseTestServer::host_port_pair() const { 167 DCHECK(started_); 168 return host_port_pair_; 169 } 170 171 const base::DictionaryValue& BaseTestServer::server_data() const { 172 DCHECK(started_); 173 DCHECK(server_data_.get()); 174 return *server_data_; 175 } 176 177 std::string BaseTestServer::GetScheme() const { 178 switch (type_) { 179 case TYPE_FTP: 180 return "ftp"; 181 case TYPE_HTTP: 182 return "http"; 183 case TYPE_HTTPS: 184 return "https"; 185 case TYPE_WS: 186 return "ws"; 187 case TYPE_WSS: 188 return "wss"; 189 case TYPE_TCP_ECHO: 190 case TYPE_UDP_ECHO: 191 default: 192 NOTREACHED(); 193 } 194 return std::string(); 195 } 196 197 bool BaseTestServer::GetAddressList(AddressList* address_list) const { 198 DCHECK(address_list); 199 200 scoped_ptr<HostResolver> resolver(HostResolver::CreateDefaultResolver(NULL)); 201 HostResolver::RequestInfo info(host_port_pair_); 202 TestCompletionCallback callback; 203 int rv = resolver->Resolve(info, 204 DEFAULT_PRIORITY, 205 address_list, 206 callback.callback(), 207 NULL, 208 BoundNetLog()); 209 if (rv == ERR_IO_PENDING) 210 rv = callback.WaitForResult(); 211 if (rv != net::OK) { 212 LOG(ERROR) << "Failed to resolve hostname: " << host_port_pair_.host(); 213 return false; 214 } 215 return true; 216 } 217 218 uint16 BaseTestServer::GetPort() { 219 return host_port_pair_.port(); 220 } 221 222 void BaseTestServer::SetPort(uint16 port) { 223 host_port_pair_.set_port(port); 224 } 225 226 GURL BaseTestServer::GetURL(const std::string& path) const { 227 return GURL(GetScheme() + "://" + host_port_pair_.ToString() + "/" + path); 228 } 229 230 GURL BaseTestServer::GetURLWithUser(const std::string& path, 231 const std::string& user) const { 232 return GURL(GetScheme() + "://" + user + "@" + host_port_pair_.ToString() + 233 "/" + path); 234 } 235 236 GURL BaseTestServer::GetURLWithUserAndPassword(const std::string& path, 237 const std::string& user, 238 const std::string& password) const { 239 return GURL(GetScheme() + "://" + user + ":" + password + "@" + 240 host_port_pair_.ToString() + "/" + path); 241 } 242 243 // static 244 bool BaseTestServer::GetFilePathWithReplacements( 245 const std::string& original_file_path, 246 const std::vector<StringPair>& text_to_replace, 247 std::string* replacement_path) { 248 std::string new_file_path = original_file_path; 249 bool first_query_parameter = true; 250 const std::vector<StringPair>::const_iterator end = text_to_replace.end(); 251 for (std::vector<StringPair>::const_iterator it = text_to_replace.begin(); 252 it != end; 253 ++it) { 254 const std::string& old_text = it->first; 255 const std::string& new_text = it->second; 256 std::string base64_old; 257 std::string base64_new; 258 base::Base64Encode(old_text, &base64_old); 259 base::Base64Encode(new_text, &base64_new); 260 if (first_query_parameter) { 261 new_file_path += "?"; 262 first_query_parameter = false; 263 } else { 264 new_file_path += "&"; 265 } 266 new_file_path += "replace_text="; 267 new_file_path += base64_old; 268 new_file_path += ":"; 269 new_file_path += base64_new; 270 } 271 272 *replacement_path = new_file_path; 273 return true; 274 } 275 276 void BaseTestServer::Init(const std::string& host) { 277 host_port_pair_ = HostPortPair(host, 0); 278 279 // TODO(battre) Remove this after figuring out why the TestServer is flaky. 280 // http://crbug.com/96594 281 log_to_console_ = true; 282 } 283 284 void BaseTestServer::SetResourcePath(const base::FilePath& document_root, 285 const base::FilePath& certificates_dir) { 286 // This method shouldn't get called twice. 287 DCHECK(certificates_dir_.empty()); 288 document_root_ = document_root; 289 certificates_dir_ = certificates_dir; 290 DCHECK(!certificates_dir_.empty()); 291 } 292 293 bool BaseTestServer::ParseServerData(const std::string& server_data) { 294 VLOG(1) << "Server data: " << server_data; 295 base::JSONReader json_reader; 296 scoped_ptr<base::Value> value(json_reader.ReadToValue(server_data)); 297 if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) { 298 LOG(ERROR) << "Could not parse server data: " 299 << json_reader.GetErrorMessage(); 300 return false; 301 } 302 303 server_data_.reset(static_cast<base::DictionaryValue*>(value.release())); 304 int port = 0; 305 if (!server_data_->GetInteger("port", &port)) { 306 LOG(ERROR) << "Could not find port value"; 307 return false; 308 } 309 if ((port <= 0) || (port > kuint16max)) { 310 LOG(ERROR) << "Invalid port value: " << port; 311 return false; 312 } 313 host_port_pair_.set_port(port); 314 315 return true; 316 } 317 318 bool BaseTestServer::LoadTestRootCert() const { 319 TestRootCerts* root_certs = TestRootCerts::GetInstance(); 320 if (!root_certs) 321 return false; 322 323 // Should always use absolute path to load the root certificate. 324 base::FilePath root_certificate_path = certificates_dir_; 325 if (!certificates_dir_.IsAbsolute()) { 326 base::FilePath src_dir; 327 if (!PathService::Get(base::DIR_SOURCE_ROOT, &src_dir)) 328 return false; 329 root_certificate_path = src_dir.Append(certificates_dir_); 330 } 331 332 return root_certs->AddFromFile( 333 root_certificate_path.AppendASCII("root_ca_cert.pem")); 334 } 335 336 bool BaseTestServer::SetupWhenServerStarted() { 337 DCHECK(host_port_pair_.port()); 338 339 if (UsingSSL(type_) && !LoadTestRootCert()) 340 return false; 341 342 started_ = true; 343 allowed_port_.reset(new ScopedPortException(host_port_pair_.port())); 344 return true; 345 } 346 347 void BaseTestServer::CleanUpWhenStoppingServer() { 348 TestRootCerts* root_certs = TestRootCerts::GetInstance(); 349 root_certs->Clear(); 350 351 host_port_pair_.set_port(0); 352 allowed_port_.reset(); 353 started_ = false; 354 } 355 356 // Generates a dictionary of arguments to pass to the Python test server via 357 // the test server spawner, in the form of 358 // { argument-name: argument-value, ... } 359 // Returns false if an invalid configuration is specified. 360 bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { 361 DCHECK(arguments); 362 363 arguments->SetString("host", host_port_pair_.host()); 364 arguments->SetInteger("port", host_port_pair_.port()); 365 arguments->SetString("data-dir", document_root_.value()); 366 367 if (VLOG_IS_ON(1) || log_to_console_) 368 arguments->Set("log-to-console", base::Value::CreateNullValue()); 369 370 if (UsingSSL(type_)) { 371 // Check the certificate arguments of the HTTPS server. 372 base::FilePath certificate_path(certificates_dir_); 373 base::FilePath certificate_file(ssl_options_.GetCertificateFile()); 374 if (!certificate_file.value().empty()) { 375 certificate_path = certificate_path.Append(certificate_file); 376 if (certificate_path.IsAbsolute() && 377 !base::PathExists(certificate_path)) { 378 LOG(ERROR) << "Certificate path " << certificate_path.value() 379 << " doesn't exist. Can't launch https server."; 380 return false; 381 } 382 arguments->SetString("cert-and-key-file", certificate_path.value()); 383 } 384 385 // Check the client certificate related arguments. 386 if (ssl_options_.request_client_certificate) 387 arguments->Set("ssl-client-auth", base::Value::CreateNullValue()); 388 scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue()); 389 390 std::vector<base::FilePath>::const_iterator it; 391 for (it = ssl_options_.client_authorities.begin(); 392 it != ssl_options_.client_authorities.end(); ++it) { 393 if (it->IsAbsolute() && !base::PathExists(*it)) { 394 LOG(ERROR) << "Client authority path " << it->value() 395 << " doesn't exist. Can't launch https server."; 396 return false; 397 } 398 ssl_client_certs->Append(new base::StringValue(it->value())); 399 } 400 401 if (ssl_client_certs->GetSize()) 402 arguments->Set("ssl-client-ca", ssl_client_certs.release()); 403 404 scoped_ptr<base::ListValue> client_cert_types(new base::ListValue()); 405 for (size_t i = 0; i < ssl_options_.client_cert_types.size(); i++) { 406 client_cert_types->Append(new base::StringValue( 407 GetClientCertType(ssl_options_.client_cert_types[i]))); 408 } 409 if (client_cert_types->GetSize()) 410 arguments->Set("ssl-client-cert-type", client_cert_types.release()); 411 } 412 413 if (type_ == TYPE_HTTPS) { 414 arguments->Set("https", base::Value::CreateNullValue()); 415 416 std::string ocsp_arg = ssl_options_.GetOCSPArgument(); 417 if (!ocsp_arg.empty()) 418 arguments->SetString("ocsp", ocsp_arg); 419 420 if (ssl_options_.cert_serial != 0) { 421 arguments->Set("cert-serial", 422 base::Value::CreateIntegerValue(ssl_options_.cert_serial)); 423 } 424 425 // Check key exchange argument. 426 scoped_ptr<base::ListValue> key_exchange_values(new base::ListValue()); 427 GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get()); 428 if (key_exchange_values->GetSize()) 429 arguments->Set("ssl-key-exchange", key_exchange_values.release()); 430 // Check bulk cipher argument. 431 scoped_ptr<base::ListValue> bulk_cipher_values(new base::ListValue()); 432 GetCiphersList(ssl_options_.bulk_ciphers, bulk_cipher_values.get()); 433 if (bulk_cipher_values->GetSize()) 434 arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release()); 435 if (ssl_options_.record_resume) 436 arguments->Set("https-record-resume", base::Value::CreateNullValue()); 437 if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) { 438 arguments->Set("tls-intolerant", 439 new base::FundamentalValue(ssl_options_.tls_intolerant)); 440 } 441 if (ssl_options_.fallback_scsv_enabled) 442 arguments->Set("fallback-scsv", base::Value::CreateNullValue()); 443 if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) { 444 std::string b64_scts_tls_ext; 445 base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext, 446 &b64_scts_tls_ext); 447 arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext); 448 } 449 if (ssl_options_.staple_ocsp_response) 450 arguments->Set("staple-ocsp-response", base::Value::CreateNullValue()); 451 if (ssl_options_.enable_npn) 452 arguments->Set("enable-npn", base::Value::CreateNullValue()); 453 } 454 455 return GenerateAdditionalArguments(arguments); 456 } 457 458 bool BaseTestServer::GenerateAdditionalArguments( 459 base::DictionaryValue* arguments) const { 460 return true; 461 } 462 463 } // namespace net 464
