Blame - rtc_base/ssl_adapter_unittest.cc - src.git

blob: cd63249190e7bf4c13f72d4bfe60c82f6323cfe4 [file] [log] [blame]

tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	1	/*
				2	* Copyright 2014 The WebRTC Project Authors. All rights reserved.
				3	*
				4	* Use of this source code is governed by a BSD-style license
				5	* that can be found in the LICENSE file in the root of the source
				6	* tree. An additional intellectual property rights grant can be found
				7	* in the file PATENTS. All contributing project authors may
				8	* be found in the AUTHORS file in the root of the source tree.
				9	*/
				10
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	11	#include "rtc_base/ssl_adapter.h"
				12
jbauch	555604a	2016-04-26 10:13:22	[diff] [blame]	13	#include <memory>
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	14	#include <string>
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	15	#include <utility>
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	16
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	17	#include "absl/memory/memory.h"
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	18	#include "absl/strings/string_view.h"
Mirko Bonadei	92ea95e	2017-09-15 04:47:31	[diff] [blame]	19	#include "rtc_base/gunit.h"
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	20	#include "rtc_base/ip_address.h"
				21	#include "rtc_base/message_digest.h"
				22	#include "rtc_base/socket_stream.h"
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	23	#include "rtc_base/ssl_identity.h"
				24	#include "rtc_base/ssl_stream_adapter.h"
Mirko Bonadei	92ea95e	2017-09-15 04:47:31	[diff] [blame]	25	#include "rtc_base/stream.h"
Steve Anton	10542f2	2019-01-11 17:11:00	[diff] [blame]	26	#include "rtc_base/string_encode.h"
				27	#include "rtc_base/virtual_socket_server.h"
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	28	#include "test/gmock.h"
				29
				30	using ::testing::_;
				31	using ::testing::Return;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	32
				33	static const int kTimeout = 5000;
				34
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	35	static rtc::Socket* CreateSocket(const rtc::SSLMode& ssl_mode) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	36	rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0);
				37
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	38	rtc::Socket* socket = rtc::Thread::Current()->socketserver()->CreateSocket(
				39	address.family(),
				40	(ssl_mode == rtc::SSL_MODE_DTLS) ? SOCK_DGRAM : SOCK_STREAM);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	41	socket->Bind(address);
				42
				43	return socket;
				44	}
				45
				46	static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) {
				47	return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS";
				48	}
				49
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	50	// Simple mock for the certificate verifier.
				51	class MockCertVerifier : public rtc::SSLCertificateVerifier {
				52	public:
				53	virtual ~MockCertVerifier() = default;
Danil Chapovalov	42748d8	2020-05-14 18:42:41	[diff] [blame]	54	MOCK_METHOD(bool, Verify, (const rtc::SSLCertificate&), (override));
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	55	};
				56
Mirko Bonadei	c84f661	2019-01-31 11:20:57	[diff] [blame]	57	// TODO(benwright) - Move to using INSTANTIATE_TEST_SUITE_P instead of using
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	58	// duplicate test cases for simple parameter changes.
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	59	class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
				60	public:
				61	explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode)
				62	: ssl_mode_(ssl_mode) {
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	63	rtc::Socket* socket = CreateSocket(ssl_mode_);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	64
				65	ssl_adapter_.reset(rtc::SSLAdapter::Create(socket));
				66
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	67	ssl_adapter_->SetMode(ssl_mode_);
				68
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	69	// Ignore any certificate errors for the purpose of testing.
				70	// Note: We do this only because we don't have a real certificate.
				71	// NEVER USE THIS IN PRODUCTION CODE!
Sergey Silkin	9c147dd	2018-09-12 10:45:38	[diff] [blame]	72	ssl_adapter_->SetIgnoreBadCert(true);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	73
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	74	ssl_adapter_->SignalReadEvent.connect(
				75	this, &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent);
				76	ssl_adapter_->SignalCloseEvent.connect(
				77	this, &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	78	}
				79
Sergey Silkin	9c147dd	2018-09-12 10:45:38	[diff] [blame]	80	void SetIgnoreBadCert(bool ignore_bad_cert) {
				81	ssl_adapter_->SetIgnoreBadCert(ignore_bad_cert);
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	82	}
				83
				84	void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
				85	ssl_adapter_->SetCertVerifier(ssl_cert_verifier);
				86	}
				87
Sergey Silkin	9c147dd	2018-09-12 10:45:38	[diff] [blame]	88	void SetAlpnProtocols(const std::vector<std::string>& protos) {
				89	ssl_adapter_->SetAlpnProtocols(protos);
				90	}
				91
				92	void SetEllipticCurves(const std::vector<std::string>& curves) {
				93	ssl_adapter_->SetEllipticCurves(curves);
				94	}
				95
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	96	rtc::SocketAddress GetAddress() const {
				97	return ssl_adapter_->GetLocalAddress();
				98	}
				99
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	100	rtc::Socket::ConnState GetState() const { return ssl_adapter_->GetState(); }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	101
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	102	const std::string& GetReceivedData() const { return data_; }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	103
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	104	int Connect(absl::string_view hostname, const rtc::SocketAddress& address) {
Jonas Olsson	abbe841	2018-04-03 11:40:05	[diff] [blame]	105	RTC_LOG(LS_INFO) << "Initiating connection with " << address.ToString();
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	106
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	107	int rv = ssl_adapter_->Connect(address);
				108
				109	if (rv == 0) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	110	RTC_LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_)
				111	<< " handshake with " << hostname;
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	112
Ali Tofigh	2ab914c	2022-04-13 10:55:15	[diff] [blame]	113	if (ssl_adapter_->StartSSL(hostname) != 0) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	114	return -1;
				115	}
				116	}
				117
				118	return rv;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	119	}
				120
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	121	int Close() { return ssl_adapter_->Close(); }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	122
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	123	int Send(absl::string_view message) {
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	124	RTC_LOG(LS_INFO) << "Client sending '" << message << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	125
				126	return ssl_adapter_->Send(message.data(), message.length());
				127	}
				128
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	129	void OnSSLAdapterReadEvent(rtc::Socket* socket) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	130	char buffer[4096] = "";
				131
				132	// Read data received from the server and store it in our internal buffer.
Stefan Holmer	9131efd	2016-05-23 16:19:26	[diff] [blame]	133	int read = socket->Recv(buffer, sizeof(buffer) - 1, nullptr);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	134	if (read != -1) {
				135	buffer[read] = '\0';
				136
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	137	RTC_LOG(LS_INFO) << "Client received '" << buffer << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	138
				139	data_ += buffer;
				140	}
				141	}
				142
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	143	void OnSSLAdapterCloseEvent(rtc::Socket* socket, int error) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	144	// OpenSSLAdapter signals handshake failure with a close event, but without
				145	// closing the socket! Let's close the socket here. This way GetState() can
				146	// return CS_CLOSED after failure.
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	147	if (socket->GetState() != rtc::Socket::CS_CLOSED) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	148	socket->Close();
				149	}
				150	}
				151
				152	private:
				153	const rtc::SSLMode ssl_mode_;
				154
jbauch	555604a	2016-04-26 10:13:22	[diff] [blame]	155	std::unique_ptr<rtc::SSLAdapter> ssl_adapter_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	156
				157	std::string data_;
				158	};
				159
				160	class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
				161	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	162	explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode,
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	163	const rtc::KeyParams& key_params)
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	164	: ssl_mode_(ssl_mode) {
				165	// Generate a key pair and a certificate for this host.
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	166	ssl_identity_ = rtc::SSLIdentity::Create(GetHostname(), key_params);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	167
				168	server_socket_.reset(CreateSocket(ssl_mode_));
				169
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	170	if (ssl_mode_ == rtc::SSL_MODE_TLS) {
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	171	server_socket_->SignalReadEvent.connect(
				172	this, &SSLAdapterTestDummyServer::OnServerSocketReadEvent);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	173
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	174	server_socket_->Listen(1);
				175	}
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	176
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	177	RTC_LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP")
				178	<< " server listening on "
Jonas Olsson	abbe841	2018-04-03 11:40:05	[diff] [blame]	179	<< server_socket_->GetLocalAddress().ToString();
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	180	}
				181
				182	rtc::SocketAddress GetAddress() const {
				183	return server_socket_->GetLocalAddress();
				184	}
				185
				186	std::string GetHostname() const {
				187	// Since we don't have a real certificate anyway, the value here doesn't
				188	// really matter.
				189	return "example.com";
				190	}
				191
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	192	const std::string& GetReceivedData() const { return data_; }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	193
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	194	int Send(absl::string_view message) {
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	195	if (ssl_stream_adapter_ == nullptr \|\|
				196	ssl_stream_adapter_->GetState() != rtc::SS_OPEN) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	197	// No connection yet.
				198	return -1;
				199	}
				200
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	201	RTC_LOG(LS_INFO) << "Server sending '" << message << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	202
				203	size_t written;
				204	int error;
				205
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	206	rtc::StreamResult r = ssl_stream_adapter_->Write(
				207	message.data(), message.length(), &written, &error);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	208	if (r == rtc::SR_SUCCESS) {
				209	return written;
				210	} else {
				211	return -1;
				212	}
				213	}
				214
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	215	void AcceptConnection(const rtc::SocketAddress& address) {
				216	// Only a single connection is supported.
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	217	ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	218
				219	// This is only for DTLS.
				220	ASSERT_EQ(rtc::SSL_MODE_DTLS, ssl_mode_);
				221
				222	// Transfer ownership of the socket to the SSLStreamAdapter object.
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	223	rtc::Socket* socket = server_socket_.release();
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	224
				225	socket->Connect(address);
				226
				227	DoHandshake(socket);
				228	}
				229
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	230	void OnServerSocketReadEvent(rtc::Socket* socket) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	231	// Only a single connection is supported.
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	232	ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	233
deadbeef	37f5ecf	2017-02-27 22:06:41	[diff] [blame]	234	DoHandshake(server_socket_->Accept(nullptr));
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	235	}
				236
				237	void OnSSLStreamAdapterEvent(rtc::StreamInterface* stream, int sig, int err) {
				238	if (sig & rtc::SE_READ) {
				239	char buffer[4096] = "";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	240	size_t read;
				241	int error;
				242
				243	// Read data received from the client and store it in our internal
				244	// buffer.
deadbeef	ed3b986	2017-06-02 17:33:16	[diff] [blame]	245	rtc::StreamResult r =
				246	stream->Read(buffer, sizeof(buffer) - 1, &read, &error);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	247	if (r == rtc::SR_SUCCESS) {
				248	buffer[read] = '\0';
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	249	RTC_LOG(LS_INFO) << "Server received '" << buffer << "'";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	250	data_ += buffer;
				251	}
				252	}
				253	}
				254
				255	private:
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	256	void DoHandshake(rtc::Socket* socket) {
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	257	ssl_stream_adapter_ = rtc::SSLStreamAdapter::Create(
				258	std::make_unique<rtc::SocketStream>(socket));
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	259
				260	ssl_stream_adapter_->SetMode(ssl_mode_);
				261	ssl_stream_adapter_->SetServerRole();
				262
				263	// SSLStreamAdapter is normally used for peer-to-peer communication, but
				264	// here we're testing communication between a client and a server
				265	// (e.g. a WebRTC-based application and an RFC 5766 TURN server), where
				266	// clients are not required to provide a certificate during handshake.
				267	// Accordingly, we must disable client authentication here.
Benjamin Wright	b19b497	2018-10-25 17:46:49	[diff] [blame]	268	ssl_stream_adapter_->SetClientAuthEnabledForTesting(false);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	269
Harald Alvestrand	8515d5a	2020-03-20 21:51:32	[diff] [blame]	270	ssl_stream_adapter_->SetIdentity(ssl_identity_->Clone());
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	271
				272	// Set a bogus peer certificate digest.
				273	unsigned char digest[20];
				274	size_t digest_len = sizeof(digest);
				275	ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	276	digest_len);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	277
Taylor Brandstetter	c8762a8	2016-08-11 19:01:49	[diff] [blame]	278	ssl_stream_adapter_->StartSSL();
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	279
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	280	ssl_stream_adapter_->SignalEvent.connect(
				281	this, &SSLAdapterTestDummyServer::OnSSLStreamAdapterEvent);
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	282	}
				283
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	284	const rtc::SSLMode ssl_mode_;
				285
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	286	std::unique_ptr<rtc::Socket> server_socket_;
jbauch	555604a	2016-04-26 10:13:22	[diff] [blame]	287	std::unique_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	288
jbauch	555604a	2016-04-26 10:13:22	[diff] [blame]	289	std::unique_ptr<rtc::SSLIdentity> ssl_identity_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	290
				291	std::string data_;
				292	};
				293
Mirko Bonadei	6a489f2	2019-04-09 13:11:12	[diff] [blame]	294	class SSLAdapterTestBase : public ::testing::Test, public sigslot::has_slots<> {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	295	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	296	explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode,
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	297	const rtc::KeyParams& key_params)
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	298	: ssl_mode_(ssl_mode),
deadbeef	98e186c	2017-05-17 01:00:06	[diff] [blame]	299	vss_(new rtc::VirtualSocketServer()),
nisse	7eaa4ea	2017-05-08 12:25:41	[diff] [blame]	300	thread_(vss_.get()),
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	301	server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)),
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	302	client_(new SSLAdapterTestDummyClient(ssl_mode_)),
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	303	handshake_wait_(kTimeout) {}
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	304
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	305	void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	306
Sergey Silkin	9c147dd	2018-09-12 10:45:38	[diff] [blame]	307	void SetIgnoreBadCert(bool ignore_bad_cert) {
				308	client_->SetIgnoreBadCert(ignore_bad_cert);
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	309	}
				310
				311	void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
				312	client_->SetCertVerifier(ssl_cert_verifier);
				313	}
				314
Sergey Silkin	9c147dd	2018-09-12 10:45:38	[diff] [blame]	315	void SetAlpnProtocols(const std::vector<std::string>& protos) {
				316	client_->SetAlpnProtocols(protos);
				317	}
				318
				319	void SetEllipticCurves(const std::vector<std::string>& curves) {
				320	client_->SetEllipticCurves(curves);
				321	}
				322
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	323	void SetMockCertVerifier(bool return_value) {
Mirko Bonadei	317a1f0	2019-09-17 15:06:18	[diff] [blame]	324	auto mock_verifier = std::make_unique<MockCertVerifier>();
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	325	EXPECT_CALL(*mock_verifier, Verify(_)).WillRepeatedly(Return(return_value));
				326	cert_verifier_ =
				327	std::unique_ptr<rtc::SSLCertificateVerifier>(std::move(mock_verifier));
				328
Sergey Silkin	9c147dd	2018-09-12 10:45:38	[diff] [blame]	329	SetIgnoreBadCert(false);
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	330	SetCertVerifier(cert_verifier_.get());
				331	}
				332
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	333	void TestHandshake(bool expect_success) {
				334	int rv;
				335
				336	// The initial state is CS_CLOSED
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	337	ASSERT_EQ(rtc::Socket::CS_CLOSED, client_->GetState());
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	338
				339	rv = client_->Connect(server_->GetHostname(), server_->GetAddress());
				340	ASSERT_EQ(0, rv);
				341
				342	// Now the state should be CS_CONNECTING
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	343	ASSERT_EQ(rtc::Socket::CS_CONNECTING, client_->GetState());
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	344
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	345	if (ssl_mode_ == rtc::SSL_MODE_DTLS) {
				346	// For DTLS, call AcceptConnection() with the client's address.
				347	server_->AcceptConnection(client_->GetAddress());
				348	}
				349
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	350	if (expect_success) {
				351	// If expecting success, the client should end up in the CS_CONNECTED
				352	// state after handshake.
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	353	EXPECT_EQ_WAIT(rtc::Socket::CS_CONNECTED, client_->GetState(),
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	354	handshake_wait_);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	355
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	356	RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_)
				357	<< " handshake complete.";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	358
				359	} else {
				360	// On handshake failure the client should end up in the CS_CLOSED state.
Niels Möller	d0b8879	2021-08-12 08:32:30	[diff] [blame]	361	EXPECT_EQ_WAIT(rtc::Socket::CS_CLOSED, client_->GetState(),
Yves Gerey	665174f	2018-06-19 13:03:05	[diff] [blame]	362	handshake_wait_);
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	363
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	364	RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed.";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	365	}
				366	}
				367
Ali Tofigh	7fa9057	2022-03-17 14:47:49	[diff] [blame]	368	void TestTransfer(absl::string_view message) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	369	int rv;
				370
				371	rv = client_->Send(message);
				372	ASSERT_EQ(static_cast<int>(message.length()), rv);
				373
				374	// The server should have received the client's message.
				375	EXPECT_EQ_WAIT(message, server_->GetReceivedData(), kTimeout);
				376
				377	rv = server_->Send(message);
				378	ASSERT_EQ(static_cast<int>(message.length()), rv);
				379
				380	// The client should have received the server's message.
				381	EXPECT_EQ_WAIT(message, client_->GetReceivedData(), kTimeout);
				382
Mirko Bonadei	675513b	2017-11-09 10:09:25	[diff] [blame]	383	RTC_LOG(LS_INFO) << "Transfer complete.";
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	384	}
				385
deadbeef	ed3b986	2017-06-02 17:33:16	[diff] [blame]	386	protected:
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	387	const rtc::SSLMode ssl_mode_;
				388
nisse	7eaa4ea	2017-05-08 12:25:41	[diff] [blame]	389	std::unique_ptr<rtc::VirtualSocketServer> vss_;
				390	rtc::AutoSocketServerThread thread_;
jbauch	555604a	2016-04-26 10:13:22	[diff] [blame]	391	std::unique_ptr<SSLAdapterTestDummyServer> server_;
				392	std::unique_ptr<SSLAdapterTestDummyClient> client_;
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	393	std::unique_ptr<rtc::SSLCertificateVerifier> cert_verifier_;
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	394
				395	int handshake_wait_;
				396	};
				397
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	398	class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	399	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	400	SSLAdapterTestTLS_RSA()
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	401	: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {}
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	402	};
				403
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	404	class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	405	public:
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	406	SSLAdapterTestTLS_ECDSA()
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	407	: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {}
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	408	};
				409
				410	class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase {
				411	public:
				412	SSLAdapterTestDTLS_RSA()
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	413	: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {}
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	414	};
				415
				416	class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
				417	public:
				418	SSLAdapterTestDTLS_ECDSA()
torbjorng	4e57247	2015-10-08 16:42:49	[diff] [blame]	419	: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	420	};
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	421
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	422	// Basic tests: TLS
				423
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	424	// Test that handshake works, using RSA
				425	TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	426	TestHandshake(true);
				427	}
				428
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	429	// Test that handshake works with a custom verifier that returns true. RSA.
				430	TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierSucceeds) {
				431	SetMockCertVerifier(/return_value=/true);
				432	TestHandshake(/expect_success=/true);
				433	}
				434
				435	// Test that handshake fails with a custom verifier that returns false. RSA.
				436	TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
				437	SetMockCertVerifier(/return_value=/false);
				438	TestHandshake(/expect_success=/false);
				439	}
				440
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	441	// Test that handshake works, using ECDSA
				442	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnect) {
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	443	SetMockCertVerifier(/return_value=/true);
				444	TestHandshake(/expect_success=/true);
				445	}
				446
				447	// Test that handshake works with a custom verifier that returns true. ECDSA.
				448	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierSucceeds) {
				449	SetMockCertVerifier(/return_value=/true);
				450	TestHandshake(/expect_success=/true);
				451	}
				452
				453	// Test that handshake fails with a custom verifier that returns false. ECDSA.
				454	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
				455	SetMockCertVerifier(/return_value=/false);
				456	TestHandshake(/expect_success=/false);
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	457	}
				458
				459	// Test transfer between client and server, using RSA
				460	TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransfer) {
				461	TestHandshake(true);
				462	TestTransfer("Hello, world!");
				463	}
				464
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	465	// Test transfer between client and server, using RSA with custom cert verifier.
				466	TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferCustomCertVerifier) {
				467	SetMockCertVerifier(/return_value=/true);
				468	TestHandshake(/expect_success=/true);
				469	TestTransfer("Hello, world!");
				470	}
				471
deadbeef	ed3b986	2017-06-02 17:33:16	[diff] [blame]	472	TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferWithBlockedSocket) {
				473	TestHandshake(true);
				474
				475	// Tell the underlying socket to simulate being blocked.
				476	vss_->SetSendingBlocked(true);
				477
				478	std::string expected;
				479	int rv;
				480	// Send messages until the SSL socket adapter starts applying backpressure.
				481	// Note that this may not occur immediately since there may be some amount of
				482	// intermediate buffering (either in our code or in BoringSSL).
				483	for (int i = 0; i < 1024; ++i) {
				484	std::string message = "Hello, world: " + rtc::ToString(i);
				485	rv = client_->Send(message);
				486	if (rv != static_cast<int>(message.size())) {
				487	// This test assumes either the whole message or none of it is sent.
				488	ASSERT_EQ(-1, rv);
				489	break;
				490	}
				491	expected += message;
				492	}
				493	// Assert that the loop above exited due to Send returning -1.
				494	ASSERT_EQ(-1, rv);
				495
				496	// Try sending another message while blocked. -1 should be returned again and
				497	// it shouldn't end up received by the server later.
				498	EXPECT_EQ(-1, client_->Send("Never sent"));
				499
				500	// Unblock the underlying socket. All of the buffered messages should be sent
				501	// without any further action.
				502	vss_->SetSendingBlocked(false);
				503	EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
				504
				505	// Send another message. This previously wasn't working
				506	std::string final_message = "Fin.";
				507	expected += final_message;
				508	EXPECT_EQ(static_cast<int>(final_message.size()),
				509	client_->Send(final_message));
				510	EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
				511	}
				512
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	513	// Test transfer between client and server, using ECDSA
				514	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransfer) {
tkchin@webrtc.org	c569a49	2014-09-23 05:56:44	[diff] [blame]	515	TestHandshake(true);
				516	TestTransfer("Hello, world!");
				517	}
				518
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	519	// Test transfer between client and server, using ECDSA with custom cert
				520	// verifier.
				521	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransferCustomCertVerifier) {
				522	SetMockCertVerifier(/return_value=/true);
				523	TestHandshake(/expect_success=/true);
				524	TestTransfer("Hello, world!");
				525	}
				526
Diogo Real	1dca9d5	2017-08-29 19:18:32	[diff] [blame]	527	// Test transfer using ALPN with protos as h2 and http/1.1
				528	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSALPN) {
				529	std::vector<std::string> alpn_protos{"h2", "http/1.1"};
				530	SetAlpnProtocols(alpn_protos);
				531	TestHandshake(true);
				532	TestTransfer("Hello, world!");
				533	}
				534
Diogo Real	7bd1f1b	2017-09-08 19:50:41	[diff] [blame]	535	// Test transfer with TLS Elliptic curves set to "X25519:P-256:P-384:P-521"
				536	TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSEllipticCurves) {
				537	std::vector<std::string> elliptic_curves{"X25519", "P-256", "P-384", "P-521"};
				538	SetEllipticCurves(elliptic_curves);
				539	TestHandshake(true);
				540	TestTransfer("Hello, world!");
				541	}
				542
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	543	// Basic tests: DTLS
				544
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	545	// Test that handshake works, using RSA
				546	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	547	TestHandshake(true);
				548	}
				549
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	550	// Test that handshake works with a custom verifier that returns true. DTLS_RSA.
				551	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnectCustomCertVerifierSucceeds) {
				552	SetMockCertVerifier(/return_value=/true);
				553	TestHandshake(/expect_success=/true);
				554	}
				555
				556	// Test that handshake fails with a custom verifier that returns false.
				557	// DTLS_RSA.
				558	TEST_F(SSLAdapterTestDTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
				559	SetMockCertVerifier(/return_value=/false);
				560	TestHandshake(/expect_success=/false);
				561	}
				562
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	563	// Test that handshake works, using ECDSA
				564	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnect) {
				565	TestHandshake(true);
				566	}
				567
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	568	// Test that handshake works with a custom verifier that returns true.
				569	// DTLS_ECDSA.
				570	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnectCustomCertVerifierSucceeds) {
				571	SetMockCertVerifier(/return_value=/true);
				572	TestHandshake(/expect_success=/true);
				573	}
				574
				575	// Test that handshake fails with a custom verifier that returns false.
				576	// DTLS_ECDSA.
				577	TEST_F(SSLAdapterTestDTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
				578	SetMockCertVerifier(/return_value=/false);
				579	TestHandshake(/expect_success=/false);
				580	}
				581
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	582	// Test transfer between client and server, using RSA
				583	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) {
				584	TestHandshake(true);
				585	TestTransfer("Hello, world!");
				586	}
				587
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	588	// Test transfer between client and server, using RSA with custom cert verifier.
				589	TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransferCustomCertVerifier) {
				590	SetMockCertVerifier(/return_value=/true);
				591	TestHandshake(/expect_success=/true);
				592	TestTransfer("Hello, world!");
				593	}
				594
Torbjorn Granlund	b6d4ec4	2015-08-17 12:08:59	[diff] [blame]	595	// Test transfer between client and server, using ECDSA
				596	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
pthatcher@webrtc.org	a9b1ec0	2014-12-29 23:00:14	[diff] [blame]	597	TestHandshake(true);
				598	TestTransfer("Hello, world!");
				599	}
Benjamin Wright	6e9c3df	2018-05-22 23:11:56	[diff] [blame]	600
				601	// Test transfer between client and server, using ECDSA with custom cert
				602	// verifier.
				603	TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransferCustomCertVerifier) {
				604	SetMockCertVerifier(/return_value=/true);
				605	TestHandshake(/expect_success=/true);
				606	TestTransfer("Hello, world!");
				607	}