base_test_server.cc revision cedac228d2dd51db4b79ea1e72c7f249408ee061 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/test/spawned_test_server/base_test_server.h"
6
7#include <string>
8#include <vector>
9
10#include "base/base64.h"
11#include "base/file_util.h"
12#include "base/json/json_reader.h"
13#include "base/logging.h"
14#include "base/path_service.h"
15#include "base/values.h"
16#include "net/base/address_list.h"
17#include "net/base/host_port_pair.h"
18#include "net/base/net_errors.h"
19#include "net/base/net_log.h"
20#include "net/base/net_util.h"
21#include "net/base/test_completion_callback.h"
22#include "net/cert/test_root_certs.h"
23#include "net/dns/host_resolver.h"
24#include "url/gurl.h"
25
26namespace net {
27
28namespace {
29
30std::string GetHostname(BaseTestServer::Type type,
31                        const BaseTestServer::SSLOptions& options) {
32  if (BaseTestServer::UsingSSL(type) &&
33      options.server_certificate ==
34          BaseTestServer::SSLOptions::CERT_MISMATCHED_NAME) {
35    // Return a different hostname string that resolves to the same hostname.
36    return "localhost";
37  }
38
39  // Use the 127.0.0.1 as default.
40  return BaseTestServer::kLocalhost;
41}
42
43std::string GetClientCertType(SSLClientCertType type) {
44  switch (type) {
45    case CLIENT_CERT_RSA_SIGN:
46      return "rsa_sign";
47    case CLIENT_CERT_DSS_SIGN:
48      return "dss_sign";
49    case CLIENT_CERT_ECDSA_SIGN:
50      return "ecdsa_sign";
51    default:
52      NOTREACHED();
53      return "";
54  }
55}
56
57void GetKeyExchangesList(int key_exchange, base::ListValue* values) {
58  if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_RSA)
59    values->Append(new base::StringValue("rsa"));
60  if (key_exchange & BaseTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA)
61    values->Append(new base::StringValue("dhe_rsa"));
62}
63
64void GetCiphersList(int cipher, base::ListValue* values) {
65  if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_RC4)
66    values->Append(new base::StringValue("rc4"));
67  if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES128)
68    values->Append(new base::StringValue("aes128"));
69  if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_AES256)
70    values->Append(new base::StringValue("aes256"));
71  if (cipher & BaseTestServer::SSLOptions::BULK_CIPHER_3DES)
72    values->Append(new base::StringValue("3des"));
73}
74
75}  // namespace
76
77BaseTestServer::SSLOptions::SSLOptions()
78    : server_certificate(CERT_OK),
79      ocsp_status(OCSP_OK),
80      cert_serial(0),
81      request_client_certificate(false),
82      key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
83      bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
84      record_resume(false),
85      tls_intolerant(TLS_INTOLERANT_NONE),
86      fallback_scsv_enabled(false),
87      staple_ocsp_response(false),
88      enable_npn(false) {}
89
90BaseTestServer::SSLOptions::SSLOptions(
91    BaseTestServer::SSLOptions::ServerCertificate cert)
92    : server_certificate(cert),
93      ocsp_status(OCSP_OK),
94      cert_serial(0),
95      request_client_certificate(false),
96      key_exchanges(SSLOptions::KEY_EXCHANGE_ANY),
97      bulk_ciphers(SSLOptions::BULK_CIPHER_ANY),
98      record_resume(false),
99      tls_intolerant(TLS_INTOLERANT_NONE),
100      fallback_scsv_enabled(false),
101      staple_ocsp_response(false),
102      enable_npn(false) {}
103
104BaseTestServer::SSLOptions::~SSLOptions() {}
105
106base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const {
107  switch (server_certificate) {
108    case CERT_OK:
109    case CERT_MISMATCHED_NAME:
110      return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem"));
111    case CERT_EXPIRED:
112      return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem"));
113    case CERT_CHAIN_WRONG_ROOT:
114      // This chain uses its own dedicated test root certificate to avoid
115      // side-effects that may affect testing.
116      return base::FilePath(FILE_PATH_LITERAL("redundant-server-chain.pem"));
117    case CERT_AUTO:
118      return base::FilePath();
119    default:
120      NOTREACHED();
121  }
122  return base::FilePath();
123}
124
125std::string BaseTestServer::SSLOptions::GetOCSPArgument() const {
126  if (server_certificate != CERT_AUTO)
127    return std::string();
128
129  switch (ocsp_status) {
130    case OCSP_OK:
131      return "ok";
132    case OCSP_REVOKED:
133      return "revoked";
134    case OCSP_INVALID:
135      return "invalid";
136    case OCSP_UNAUTHORIZED:
137      return "unauthorized";
138    case OCSP_UNKNOWN:
139      return "unknown";
140    default:
141      NOTREACHED();
142      return std::string();
143  }
144}
145
146const char BaseTestServer::kLocalhost[] = "127.0.0.1";
147
148BaseTestServer::BaseTestServer(Type type, const std::string& host)
149    : type_(type),
150      started_(false),
151      log_to_console_(false) {
152  Init(host);
153}
154
155BaseTestServer::BaseTestServer(Type type, const SSLOptions& ssl_options)
156    : ssl_options_(ssl_options),
157      type_(type),
158      started_(false),
159      log_to_console_(false) {
160  DCHECK(UsingSSL(type));
161  Init(GetHostname(type, ssl_options));
162}
163
164BaseTestServer::~BaseTestServer() {}
165
166const HostPortPair& BaseTestServer::host_port_pair() const {
167  DCHECK(started_);
168  return host_port_pair_;
169}
170
171const base::DictionaryValue& BaseTestServer::server_data() const {
172  DCHECK(started_);
173  DCHECK(server_data_.get());
174  return *server_data_;
175}
176
177std::string BaseTestServer::GetScheme() const {
178  switch (type_) {
179    case TYPE_FTP:
180      return "ftp";
181    case TYPE_HTTP:
182      return "http";
183    case TYPE_HTTPS:
184      return "https";
185    case TYPE_WS:
186      return "ws";
187    case TYPE_WSS:
188      return "wss";
189    case TYPE_TCP_ECHO:
190    case TYPE_UDP_ECHO:
191    default:
192      NOTREACHED();
193  }
194  return std::string();
195}
196
197bool BaseTestServer::GetAddressList(AddressList* address_list) const {
198  DCHECK(address_list);
199
200  scoped_ptr<HostResolver> resolver(HostResolver::CreateDefaultResolver(NULL));
201  HostResolver::RequestInfo info(host_port_pair_);
202  TestCompletionCallback callback;
203  int rv = resolver->Resolve(info,
204                             DEFAULT_PRIORITY,
205                             address_list,
206                             callback.callback(),
207                             NULL,
208                             BoundNetLog());
209  if (rv == ERR_IO_PENDING)
210    rv = callback.WaitForResult();
211  if (rv != net::OK) {
212    LOG(ERROR) << "Failed to resolve hostname: " << host_port_pair_.host();
213    return false;
214  }
215  return true;
216}
217
218uint16 BaseTestServer::GetPort() {
219  return host_port_pair_.port();
220}
221
222void BaseTestServer::SetPort(uint16 port) {
223  host_port_pair_.set_port(port);
224}
225
226GURL BaseTestServer::GetURL(const std::string& path) const {
227  return GURL(GetScheme() + "://" + host_port_pair_.ToString() + "/" + path);
228}
229
230GURL BaseTestServer::GetURLWithUser(const std::string& path,
231                                const std::string& user) const {
232  return GURL(GetScheme() + "://" + user + "@" + host_port_pair_.ToString() +
233              "/" + path);
234}
235
236GURL BaseTestServer::GetURLWithUserAndPassword(const std::string& path,
237                                           const std::string& user,
238                                           const std::string& password) const {
239  return GURL(GetScheme() + "://" + user + ":" + password + "@" +
240              host_port_pair_.ToString() + "/" + path);
241}
242
243// static
244bool BaseTestServer::GetFilePathWithReplacements(
245    const std::string& original_file_path,
246    const std::vector<StringPair>& text_to_replace,
247    std::string* replacement_path) {
248  std::string new_file_path = original_file_path;
249  bool first_query_parameter = true;
250  const std::vector<StringPair>::const_iterator end = text_to_replace.end();
251  for (std::vector<StringPair>::const_iterator it = text_to_replace.begin();
252       it != end;
253       ++it) {
254    const std::string& old_text = it->first;
255    const std::string& new_text = it->second;
256    std::string base64_old;
257    std::string base64_new;
258    base::Base64Encode(old_text, &base64_old);
259    base::Base64Encode(new_text, &base64_new);
260    if (first_query_parameter) {
261      new_file_path += "?";
262      first_query_parameter = false;
263    } else {
264      new_file_path += "&";
265    }
266    new_file_path += "replace_text=";
267    new_file_path += base64_old;
268    new_file_path += ":";
269    new_file_path += base64_new;
270  }
271
272  *replacement_path = new_file_path;
273  return true;
274}
275
276void BaseTestServer::Init(const std::string& host) {
277  host_port_pair_ = HostPortPair(host, 0);
278
279  // TODO(battre) Remove this after figuring out why the TestServer is flaky.
280  // http://crbug.com/96594
281  log_to_console_ = true;
282}
283
284void BaseTestServer::SetResourcePath(const base::FilePath& document_root,
285                                     const base::FilePath& certificates_dir) {
286  // This method shouldn't get called twice.
287  DCHECK(certificates_dir_.empty());
288  document_root_ = document_root;
289  certificates_dir_ = certificates_dir;
290  DCHECK(!certificates_dir_.empty());
291}
292
293bool BaseTestServer::ParseServerData(const std::string& server_data) {
294  VLOG(1) << "Server data: " << server_data;
295  base::JSONReader json_reader;
296  scoped_ptr<base::Value> value(json_reader.ReadToValue(server_data));
297  if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) {
298    LOG(ERROR) << "Could not parse server data: "
299               << json_reader.GetErrorMessage();
300    return false;
301  }
302
303  server_data_.reset(static_cast<base::DictionaryValue*>(value.release()));
304  int port = 0;
305  if (!server_data_->GetInteger("port", &port)) {
306    LOG(ERROR) << "Could not find port value";
307    return false;
308  }
309  if ((port <= 0) || (port > kuint16max)) {
310    LOG(ERROR) << "Invalid port value: " << port;
311    return false;
312  }
313  host_port_pair_.set_port(port);
314
315  return true;
316}
317
318bool BaseTestServer::LoadTestRootCert() const {
319  TestRootCerts* root_certs = TestRootCerts::GetInstance();
320  if (!root_certs)
321    return false;
322
323  // Should always use absolute path to load the root certificate.
324  base::FilePath root_certificate_path = certificates_dir_;
325  if (!certificates_dir_.IsAbsolute()) {
326    base::FilePath src_dir;
327    if (!PathService::Get(base::DIR_SOURCE_ROOT, &src_dir))
328      return false;
329    root_certificate_path = src_dir.Append(certificates_dir_);
330  }
331
332  return root_certs->AddFromFile(
333      root_certificate_path.AppendASCII("root_ca_cert.pem"));
334}
335
336bool BaseTestServer::SetupWhenServerStarted() {
337  DCHECK(host_port_pair_.port());
338
339  if (UsingSSL(type_) && !LoadTestRootCert())
340      return false;
341
342  started_ = true;
343  allowed_port_.reset(new ScopedPortException(host_port_pair_.port()));
344  return true;
345}
346
347void BaseTestServer::CleanUpWhenStoppingServer() {
348  TestRootCerts* root_certs = TestRootCerts::GetInstance();
349  root_certs->Clear();
350
351  host_port_pair_.set_port(0);
352  allowed_port_.reset();
353  started_ = false;
354}
355
356// Generates a dictionary of arguments to pass to the Python test server via
357// the test server spawner, in the form of
358// { argument-name: argument-value, ... }
359// Returns false if an invalid configuration is specified.
360bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const {
361  DCHECK(arguments);
362
363  arguments->SetString("host", host_port_pair_.host());
364  arguments->SetInteger("port", host_port_pair_.port());
365  arguments->SetString("data-dir", document_root_.value());
366
367  if (VLOG_IS_ON(1) || log_to_console_)
368    arguments->Set("log-to-console", base::Value::CreateNullValue());
369
370  if (UsingSSL(type_)) {
371    // Check the certificate arguments of the HTTPS server.
372    base::FilePath certificate_path(certificates_dir_);
373    base::FilePath certificate_file(ssl_options_.GetCertificateFile());
374    if (!certificate_file.value().empty()) {
375      certificate_path = certificate_path.Append(certificate_file);
376      if (certificate_path.IsAbsolute() &&
377          !base::PathExists(certificate_path)) {
378        LOG(ERROR) << "Certificate path " << certificate_path.value()
379                   << " doesn't exist. Can't launch https server.";
380        return false;
381      }
382      arguments->SetString("cert-and-key-file", certificate_path.value());
383    }
384
385    // Check the client certificate related arguments.
386    if (ssl_options_.request_client_certificate)
387      arguments->Set("ssl-client-auth", base::Value::CreateNullValue());
388    scoped_ptr<base::ListValue> ssl_client_certs(new base::ListValue());
389
390    std::vector<base::FilePath>::const_iterator it;
391    for (it = ssl_options_.client_authorities.begin();
392         it != ssl_options_.client_authorities.end(); ++it) {
393      if (it->IsAbsolute() && !base::PathExists(*it)) {
394        LOG(ERROR) << "Client authority path " << it->value()
395                   << " doesn't exist. Can't launch https server.";
396        return false;
397      }
398      ssl_client_certs->Append(new base::StringValue(it->value()));
399    }
400
401    if (ssl_client_certs->GetSize())
402      arguments->Set("ssl-client-ca", ssl_client_certs.release());
403
404    scoped_ptr<base::ListValue> client_cert_types(new base::ListValue());
405    for (size_t i = 0; i < ssl_options_.client_cert_types.size(); i++) {
406      client_cert_types->Append(new base::StringValue(
407          GetClientCertType(ssl_options_.client_cert_types[i])));
408    }
409    if (client_cert_types->GetSize())
410      arguments->Set("ssl-client-cert-type", client_cert_types.release());
411  }
412
413  if (type_ == TYPE_HTTPS) {
414    arguments->Set("https", base::Value::CreateNullValue());
415
416    std::string ocsp_arg = ssl_options_.GetOCSPArgument();
417    if (!ocsp_arg.empty())
418      arguments->SetString("ocsp", ocsp_arg);
419
420    if (ssl_options_.cert_serial != 0) {
421      arguments->Set("cert-serial",
422                     base::Value::CreateIntegerValue(ssl_options_.cert_serial));
423    }
424
425    // Check key exchange argument.
426    scoped_ptr<base::ListValue> key_exchange_values(new base::ListValue());
427    GetKeyExchangesList(ssl_options_.key_exchanges, key_exchange_values.get());
428    if (key_exchange_values->GetSize())
429      arguments->Set("ssl-key-exchange", key_exchange_values.release());
430    // Check bulk cipher argument.
431    scoped_ptr<base::ListValue> bulk_cipher_values(new base::ListValue());
432    GetCiphersList(ssl_options_.bulk_ciphers, bulk_cipher_values.get());
433    if (bulk_cipher_values->GetSize())
434      arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release());
435    if (ssl_options_.record_resume)
436      arguments->Set("https-record-resume", base::Value::CreateNullValue());
437    if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) {
438      arguments->Set("tls-intolerant",
439                     new base::FundamentalValue(ssl_options_.tls_intolerant));
440    }
441    if (ssl_options_.fallback_scsv_enabled)
442      arguments->Set("fallback-scsv", base::Value::CreateNullValue());
443    if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) {
444      std::string b64_scts_tls_ext;
445      base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext,
446                         &b64_scts_tls_ext);
447      arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext);
448    }
449    if (ssl_options_.staple_ocsp_response)
450      arguments->Set("staple-ocsp-response", base::Value::CreateNullValue());
451    if (ssl_options_.enable_npn)
452      arguments->Set("enable-npn", base::Value::CreateNullValue());
453  }
454
455  return GenerateAdditionalArguments(arguments);
456}
457
458bool BaseTestServer::GenerateAdditionalArguments(
459    base::DictionaryValue* arguments) const {
460  return true;
461}
462
463}  // namespace net
464