Home | History | Annotate | Download | only in spawned_test_server
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
      6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
      7 
      8 #include <string>
      9 #include <utility>
     10 #include <vector>
     11 
     12 #include "base/compiler_specific.h"
     13 #include "base/files/file_path.h"
     14 #include "base/memory/scoped_ptr.h"
     15 #include "net/base/host_port_pair.h"
     16 #include "net/ssl/ssl_client_cert_type.h"
     17 
     18 class GURL;
     19 
     20 namespace base {
     21 class DictionaryValue;
     22 }
     23 
     24 namespace net {
     25 
     26 class AddressList;
     27 class ScopedPortException;
     28 
     29 // The base class of Test server implementation.
     30 class BaseTestServer {
     31  public:
     32   typedef std::pair<std::string, std::string> StringPair;
     33 
     34   // Following types represent protocol schemes. See also
     35   // http://www.iana.org/assignments/uri-schemes.html
     36   enum Type {
     37     TYPE_BASIC_AUTH_PROXY,
     38     TYPE_FTP,
     39     TYPE_HTTP,
     40     TYPE_HTTPS,
     41     TYPE_WS,
     42     TYPE_WSS,
     43     TYPE_TCP_ECHO,
     44     TYPE_UDP_ECHO,
     45   };
     46 
     47   // Container for various options to control how the HTTPS or WSS server is
     48   // initialized.
     49   struct SSLOptions {
     50     enum ServerCertificate {
     51       CERT_OK,
     52 
     53       // CERT_AUTO causes the testserver to generate a test certificate issued
     54       // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
     55       CERT_AUTO,
     56 
     57       CERT_MISMATCHED_NAME,
     58       CERT_EXPIRED,
     59       // Cross-signed certificate to test PKIX path building. Contains an
     60       // intermediate cross-signed by an unknown root, while the client (via
     61       // TestRootStore) is expected to have a self-signed version of the
     62       // intermediate.
     63       CERT_CHAIN_WRONG_ROOT,
     64     };
     65 
     66     // OCSPStatus enumerates the types of OCSP response that the testserver
     67     // can produce.
     68     enum OCSPStatus {
     69       OCSP_OK,
     70       OCSP_REVOKED,
     71       OCSP_INVALID,
     72       OCSP_UNAUTHORIZED,
     73       OCSP_UNKNOWN,
     74     };
     75 
     76     // Bitmask of key exchange algorithms that the test server supports and that
     77     // can be selectively enabled or disabled.
     78     enum KeyExchange {
     79       // Special value used to indicate that any algorithm the server supports
     80       // is acceptable. Preferred over explicitly OR-ing all key exchange
     81       // algorithms.
     82       KEY_EXCHANGE_ANY     = 0,
     83 
     84       KEY_EXCHANGE_RSA     = (1 << 0),
     85       KEY_EXCHANGE_DHE_RSA = (1 << 1),
     86     };
     87 
     88     // Bitmask of bulk encryption algorithms that the test server supports
     89     // and that can be selectively enabled or disabled.
     90     enum BulkCipher {
     91       // Special value used to indicate that any algorithm the server supports
     92       // is acceptable. Preferred over explicitly OR-ing all ciphers.
     93       BULK_CIPHER_ANY    = 0,
     94 
     95       BULK_CIPHER_RC4    = (1 << 0),
     96       BULK_CIPHER_AES128 = (1 << 1),
     97       BULK_CIPHER_AES256 = (1 << 2),
     98 
     99       // NOTE: 3DES support in the Python test server has external
    100       // dependencies and not be available on all machines. Clients may not
    101       // be able to connect if only 3DES is specified.
    102       BULK_CIPHER_3DES   = (1 << 3),
    103     };
    104 
    105     // NOTE: the values of these enumerators are passed to the the Python test
    106     // server. Do not change them.
    107     enum TLSIntolerantLevel {
    108       TLS_INTOLERANT_NONE = 0,
    109       TLS_INTOLERANT_ALL = 1,  // Intolerant of all TLS versions.
    110       TLS_INTOLERANT_TLS1_1 = 2,  // Intolerant of TLS 1.1 or higher.
    111       TLS_INTOLERANT_TLS1_2 = 3,  // Intolerant of TLS 1.2 or higher.
    112     };
    113 
    114     // Values which control how the server reacts in response to a ClientHello
    115     // it is intolerant of.
    116     enum TLSIntoleranceType {
    117       TLS_INTOLERANCE_ALERT = 0,  // Send a handshake_failure alert.
    118       TLS_INTOLERANCE_CLOSE = 1,  // Close the connection.
    119       TLS_INTOLERANCE_RESET = 2,  // Send a TCP reset.
    120     };
    121 
    122     // Initialize a new SSLOptions using CERT_OK as the certificate.
    123     SSLOptions();
    124 
    125     // Initialize a new SSLOptions that will use the specified certificate.
    126     explicit SSLOptions(ServerCertificate cert);
    127     ~SSLOptions();
    128 
    129     // Returns the relative filename of the file that contains the
    130     // |server_certificate|.
    131     base::FilePath GetCertificateFile() const;
    132 
    133     // GetOCSPArgument returns the value of any OCSP argument to testserver or
    134     // the empty string if there is none.
    135     std::string GetOCSPArgument() const;
    136 
    137     // The certificate to use when serving requests.
    138     ServerCertificate server_certificate;
    139 
    140     // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
    141     // response returned.
    142     OCSPStatus ocsp_status;
    143 
    144     // If not zero, |cert_serial| will be the serial number of the
    145     // auto-generated leaf certificate when |server_certificate==CERT_AUTO|.
    146     uint64 cert_serial;
    147 
    148     // True if a CertificateRequest should be sent to the client during
    149     // handshaking.
    150     bool request_client_certificate;
    151 
    152     // If |request_client_certificate| is true, an optional list of files,
    153     // each containing a single, PEM-encoded X.509 certificates. The subject
    154     // from each certificate will be added to the certificate_authorities
    155     // field of the CertificateRequest.
    156     std::vector<base::FilePath> client_authorities;
    157 
    158     // If |request_client_certificate| is true, an optional list of
    159     // SSLClientCertType values to populate the certificate_types field of the
    160     // CertificateRequest.
    161     std::vector<SSLClientCertType> client_cert_types;
    162 
    163     // A bitwise-OR of KeyExchnage that should be used by the
    164     // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented
    165     // key exchange algorithms are acceptable.
    166     int key_exchanges;
    167 
    168     // A bitwise-OR of BulkCipher that should be used by the
    169     // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
    170     // ciphers are acceptable.
    171     int bulk_ciphers;
    172 
    173     // If true, pass the --https-record-resume argument to testserver.py which
    174     // causes it to log session cache actions and echo the log on
    175     // /ssl-session-cache.
    176     bool record_resume;
    177 
    178     // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
    179     // negotiates an intolerant TLS version in order to test version fallback.
    180     TLSIntolerantLevel tls_intolerant;
    181 
    182     // If |tls_intolerant| is not TLS_INTOLERANT_NONE, how the server reacts to
    183     // an intolerant TLS version.
    184     TLSIntoleranceType tls_intolerance_type;
    185 
    186     // fallback_scsv_enabled, if true, causes the server to process the
    187     // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
    188     // when performing TLS version fallback in response to an SSL handshake
    189     // failure. If this option is enabled then the server will reject fallback
    190     // connections.
    191     bool fallback_scsv_enabled;
    192 
    193     // Temporary glue for testing: validation of SCTs is application-controlled
    194     // and can be appropriately mocked out, so sending fake data here does not
    195     // affect handshaking behaviour.
    196     // TODO(ekasper): replace with valid SCT files for test certs.
    197     // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
    198     // a TLS extension.
    199     std::string signed_cert_timestamps_tls_ext;
    200 
    201     // Whether to staple the OCSP response.
    202     bool staple_ocsp_response;
    203 
    204     // Whether to enable NPN support.
    205     bool enable_npn;
    206 
    207     // Whether to disable TLS session caching. When session caching is
    208     // disabled, the server will use an empty session ID in the
    209     // ServerHello.
    210     bool disable_session_cache;
    211   };
    212 
    213   // Pass as the 'host' parameter during construction to server on 127.0.0.1
    214   static const char kLocalhost[];
    215 
    216   // Initialize a TestServer listening on a specific host (IP or hostname).
    217   BaseTestServer(Type type,  const std::string& host);
    218 
    219   // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS.
    220   BaseTestServer(Type type, const SSLOptions& ssl_options);
    221 
    222   // Returns the host port pair used by current Python based test server only
    223   // if the server is started.
    224   const HostPortPair& host_port_pair() const;
    225 
    226   const base::FilePath& document_root() const { return document_root_; }
    227   const base::DictionaryValue& server_data() const;
    228   std::string GetScheme() const;
    229   bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT;
    230 
    231   GURL GetURL(const std::string& path) const;
    232 
    233   GURL GetURLWithUser(const std::string& path,
    234                       const std::string& user) const;
    235 
    236   GURL GetURLWithUserAndPassword(const std::string& path,
    237                                  const std::string& user,
    238                                  const std::string& password) const;
    239 
    240   static bool GetFilePathWithReplacements(
    241       const std::string& original_path,
    242       const std::vector<StringPair>& text_to_replace,
    243       std::string* replacement_path);
    244 
    245   static bool UsingSSL(Type type) {
    246     return type == BaseTestServer::TYPE_HTTPS ||
    247            type == BaseTestServer::TYPE_WSS;
    248   }
    249 
    250   // Enable HTTP basic authentication. Currently this only works for TYPE_WS and
    251   // TYPE_WSS.
    252   void set_websocket_basic_auth(bool ws_basic_auth) {
    253     ws_basic_auth_ = ws_basic_auth;
    254   }
    255 
    256  protected:
    257   virtual ~BaseTestServer();
    258   Type type() const { return type_; }
    259 
    260   // Gets port currently assigned to host_port_pair_ without checking
    261   // whether it's available (server started) or not.
    262   uint16 GetPort();
    263 
    264   // Sets |port| as the actual port used by Python based test server.
    265   void SetPort(uint16 port);
    266 
    267   // Set up internal status when the server is started.
    268   bool SetupWhenServerStarted() WARN_UNUSED_RESULT;
    269 
    270   // Clean up internal status when starting to stop server.
    271   void CleanUpWhenStoppingServer();
    272 
    273   // Set path of test resources.
    274   void SetResourcePath(const base::FilePath& document_root,
    275                        const base::FilePath& certificates_dir);
    276 
    277   // Parses the server data read from the test server.  Returns true
    278   // on success.
    279   bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT;
    280 
    281   // Generates a DictionaryValue with the arguments for launching the external
    282   // Python test server.
    283   bool GenerateArguments(base::DictionaryValue* arguments) const
    284     WARN_UNUSED_RESULT;
    285 
    286   // Subclasses can override this to add arguments that are specific to their
    287   // own test servers.
    288   virtual bool GenerateAdditionalArguments(
    289       base::DictionaryValue* arguments) const WARN_UNUSED_RESULT;
    290 
    291  private:
    292   void Init(const std::string& host);
    293 
    294   // Marks the root certificate of an HTTPS test server as trusted for
    295   // the duration of tests.
    296   bool LoadTestRootCert() const WARN_UNUSED_RESULT;
    297 
    298   // Document root of the test server.
    299   base::FilePath document_root_;
    300 
    301   // Directory that contains the SSL certificates.
    302   base::FilePath certificates_dir_;
    303 
    304   // Address the test server listens on.
    305   HostPortPair host_port_pair_;
    306 
    307   // Holds the data sent from the server (e.g., port number).
    308   scoped_ptr<base::DictionaryValue> server_data_;
    309 
    310   // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
    311   // server.
    312   SSLOptions ssl_options_;
    313 
    314   Type type_;
    315 
    316   // Has the server been started?
    317   bool started_;
    318 
    319   // Enables logging of the server to the console.
    320   bool log_to_console_;
    321 
    322   // Is WebSocket basic HTTP authentication enabled?
    323   bool ws_basic_auth_;
    324 
    325   scoped_ptr<ScopedPortException> allowed_port_;
    326 
    327   DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
    328 };
    329 
    330 }  // namespace net
    331 
    332 #endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
    333