base_test_server.h revision 0529e5d033099cbfc42635f6f6183833b09dff6e
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ 6#define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ 7 8#include <string> 9#include <utility> 10#include <vector> 11 12#include "base/compiler_specific.h" 13#include "base/files/file_path.h" 14#include "base/memory/scoped_ptr.h" 15#include "net/base/host_port_pair.h" 16 17class GURL; 18 19namespace base { 20class DictionaryValue; 21} 22 23namespace net { 24 25class AddressList; 26class ScopedPortException; 27 28// The base class of Test server implementation. 29class BaseTestServer { 30 public: 31 typedef std::pair<std::string, std::string> StringPair; 32 33 // Following types represent protocol schemes. See also 34 // http://www.iana.org/assignments/uri-schemes.html 35 enum Type { 36 TYPE_BASIC_AUTH_PROXY, 37 TYPE_FTP, 38 TYPE_HTTP, 39 TYPE_HTTPS, 40 TYPE_WS, 41 TYPE_WSS, 42 TYPE_TCP_ECHO, 43 TYPE_UDP_ECHO, 44 }; 45 46 // Container for various options to control how the HTTPS or WSS server is 47 // initialized. 48 struct SSLOptions { 49 enum ServerCertificate { 50 CERT_OK, 51 52 // CERT_AUTO causes the testserver to generate a test certificate issued 53 // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem). 54 CERT_AUTO, 55 56 CERT_MISMATCHED_NAME, 57 CERT_EXPIRED, 58 // Cross-signed certificate to test PKIX path building. Contains an 59 // intermediate cross-signed by an unknown root, while the client (via 60 // TestRootStore) is expected to have a self-signed version of the 61 // intermediate. 62 CERT_CHAIN_WRONG_ROOT, 63 }; 64 65 // OCSPStatus enumerates the types of OCSP response that the testserver 66 // can produce. 67 enum OCSPStatus { 68 OCSP_OK, 69 OCSP_REVOKED, 70 OCSP_INVALID, 71 OCSP_UNAUTHORIZED, 72 OCSP_UNKNOWN, 73 }; 74 75 // Bitmask of key exchange algorithms that the test server supports and that 76 // can be selectively enabled or disabled. 77 enum KeyExchange { 78 // Special value used to indicate that any algorithm the server supports 79 // is acceptable. Preferred over explicitly OR-ing all key exchange 80 // algorithms. 81 KEY_EXCHANGE_ANY = 0, 82 83 KEY_EXCHANGE_RSA = (1 << 0), 84 KEY_EXCHANGE_DHE_RSA = (1 << 1), 85 }; 86 87 // Bitmask of bulk encryption algorithms that the test server supports 88 // and that can be selectively enabled or disabled. 89 enum BulkCipher { 90 // Special value used to indicate that any algorithm the server supports 91 // is acceptable. Preferred over explicitly OR-ing all ciphers. 92 BULK_CIPHER_ANY = 0, 93 94 BULK_CIPHER_RC4 = (1 << 0), 95 BULK_CIPHER_AES128 = (1 << 1), 96 BULK_CIPHER_AES256 = (1 << 2), 97 98 // NOTE: 3DES support in the Python test server has external 99 // dependencies and not be available on all machines. Clients may not 100 // be able to connect if only 3DES is specified. 101 BULK_CIPHER_3DES = (1 << 3), 102 }; 103 104 // NOTE: the values of these enumerators are passed to the the Python test 105 // server. Do not change them. 106 enum TLSIntolerantLevel { 107 TLS_INTOLERANT_NONE = 0, 108 TLS_INTOLERANT_ALL = 1, // Intolerant of all TLS versions. 109 TLS_INTOLERANT_TLS1_1 = 2, // Intolerant of TLS 1.1 or higher. 110 TLS_INTOLERANT_TLS1_2 = 3, // Intolerant of TLS 1.2 or higher. 111 }; 112 113 // Initialize a new SSLOptions using CERT_OK as the certificate. 114 SSLOptions(); 115 116 // Initialize a new SSLOptions that will use the specified certificate. 117 explicit SSLOptions(ServerCertificate cert); 118 ~SSLOptions(); 119 120 // Returns the relative filename of the file that contains the 121 // |server_certificate|. 122 base::FilePath GetCertificateFile() const; 123 124 // GetOCSPArgument returns the value of any OCSP argument to testserver or 125 // the empty string if there is none. 126 std::string GetOCSPArgument() const; 127 128 // The certificate to use when serving requests. 129 ServerCertificate server_certificate; 130 131 // If |server_certificate==CERT_AUTO| then this determines the type of OCSP 132 // response returned. 133 OCSPStatus ocsp_status; 134 135 // If not zero, |cert_serial| will be the serial number of the 136 // auto-generated leaf certificate when |server_certificate==CERT_AUTO|. 137 uint64 cert_serial; 138 139 // True if a CertificateRequest should be sent to the client during 140 // handshaking. 141 bool request_client_certificate; 142 143 // If |request_client_certificate| is true, an optional list of files, 144 // each containing a single, PEM-encoded X.509 certificates. The subject 145 // from each certificate will be added to the certificate_authorities 146 // field of the CertificateRequest. 147 std::vector<base::FilePath> client_authorities; 148 149 // A bitwise-OR of KeyExchnage that should be used by the 150 // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented 151 // key exchange algorithms are acceptable. 152 int key_exchanges; 153 154 // A bitwise-OR of BulkCipher that should be used by the 155 // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented 156 // ciphers are acceptable. 157 int bulk_ciphers; 158 159 // If true, pass the --https-record-resume argument to testserver.py which 160 // causes it to log session cache actions and echo the log on 161 // /ssl-session-cache. 162 bool record_resume; 163 164 // If not TLS_INTOLERANT_NONE, the server will abort any handshake that 165 // negotiates an intolerant TLS version in order to test version fallback. 166 TLSIntolerantLevel tls_intolerant; 167 168 // fallback_scsv_enabled, if true, causes the server to process the 169 // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome 170 // when performing TLS version fallback in response to an SSL handshake 171 // failure. If this option is enabled then the server will reject fallback 172 // connections. 173 bool fallback_scsv_enabled; 174 175 // Temporary glue for testing: validation of SCTs is application-controlled 176 // and can be appropriately mocked out, so sending fake data here does not 177 // affect handshaking behaviour. 178 // TODO(ekasper): replace with valid SCT files for test certs. 179 // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in 180 // a TLS extension. 181 std::string signed_cert_timestamps_tls_ext; 182 183 // Whether to staple the OCSP response. 184 bool staple_ocsp_response; 185 186 // Whether to enable NPN support. 187 bool enable_npn; 188 }; 189 190 // Pass as the 'host' parameter during construction to server on 127.0.0.1 191 static const char kLocalhost[]; 192 193 // Initialize a TestServer listening on a specific host (IP or hostname). 194 BaseTestServer(Type type, const std::string& host); 195 196 // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS. 197 BaseTestServer(Type type, const SSLOptions& ssl_options); 198 199 // Returns the host port pair used by current Python based test server only 200 // if the server is started. 201 const HostPortPair& host_port_pair() const; 202 203 const base::FilePath& document_root() const { return document_root_; } 204 const base::DictionaryValue& server_data() const; 205 std::string GetScheme() const; 206 bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT; 207 208 GURL GetURL(const std::string& path) const; 209 210 GURL GetURLWithUser(const std::string& path, 211 const std::string& user) const; 212 213 GURL GetURLWithUserAndPassword(const std::string& path, 214 const std::string& user, 215 const std::string& password) const; 216 217 static bool GetFilePathWithReplacements( 218 const std::string& original_path, 219 const std::vector<StringPair>& text_to_replace, 220 std::string* replacement_path); 221 222 static bool UsingSSL(Type type) { 223 return type == BaseTestServer::TYPE_HTTPS || 224 type == BaseTestServer::TYPE_WSS; 225 } 226 227 protected: 228 virtual ~BaseTestServer(); 229 Type type() const { return type_; } 230 231 // Gets port currently assigned to host_port_pair_ without checking 232 // whether it's available (server started) or not. 233 uint16 GetPort(); 234 235 // Sets |port| as the actual port used by Python based test server. 236 void SetPort(uint16 port); 237 238 // Set up internal status when the server is started. 239 bool SetupWhenServerStarted() WARN_UNUSED_RESULT; 240 241 // Clean up internal status when starting to stop server. 242 void CleanUpWhenStoppingServer(); 243 244 // Set path of test resources. 245 void SetResourcePath(const base::FilePath& document_root, 246 const base::FilePath& certificates_dir); 247 248 // Parses the server data read from the test server. Returns true 249 // on success. 250 bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT; 251 252 // Generates a DictionaryValue with the arguments for launching the external 253 // Python test server. 254 bool GenerateArguments(base::DictionaryValue* arguments) const 255 WARN_UNUSED_RESULT; 256 257 // Subclasses can override this to add arguments that are specific to their 258 // own test servers. 259 virtual bool GenerateAdditionalArguments( 260 base::DictionaryValue* arguments) const WARN_UNUSED_RESULT; 261 262 private: 263 void Init(const std::string& host); 264 265 // Marks the root certificate of an HTTPS test server as trusted for 266 // the duration of tests. 267 bool LoadTestRootCert() const WARN_UNUSED_RESULT; 268 269 // Document root of the test server. 270 base::FilePath document_root_; 271 272 // Directory that contains the SSL certificates. 273 base::FilePath certificates_dir_; 274 275 // Address the test server listens on. 276 HostPortPair host_port_pair_; 277 278 // Holds the data sent from the server (e.g., port number). 279 scoped_ptr<base::DictionaryValue> server_data_; 280 281 // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test 282 // server. 283 SSLOptions ssl_options_; 284 285 Type type_; 286 287 // Has the server been started? 288 bool started_; 289 290 // Enables logging of the server to the console. 291 bool log_to_console_; 292 293 scoped_ptr<ScopedPortException> allowed_port_; 294 295 DISALLOW_COPY_AND_ASSIGN(BaseTestServer); 296}; 297 298} // namespace net 299 300#endif // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_ 301