base_test_server.h revision 6e8cce623b6e4fe0c9e4af605d675dd9d0338c38 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
6#define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
7
8#include <string>
9#include <utility>
10#include <vector>
11
12#include "base/compiler_specific.h"
13#include "base/files/file_path.h"
14#include "base/memory/scoped_ptr.h"
15#include "net/base/host_port_pair.h"
16#include "net/ssl/ssl_client_cert_type.h"
17
18class GURL;
19
20namespace base {
21class DictionaryValue;
22}
23
24namespace net {
25
26class AddressList;
27class ScopedPortException;
28
29// The base class of Test server implementation.
30class BaseTestServer {
31 public:
32  typedef std::pair<std::string, std::string> StringPair;
33
34  // Following types represent protocol schemes. See also
35  // http://www.iana.org/assignments/uri-schemes.html
36  enum Type {
37    TYPE_BASIC_AUTH_PROXY,
38    TYPE_FTP,
39    TYPE_HTTP,
40    TYPE_HTTPS,
41    TYPE_WS,
42    TYPE_WSS,
43    TYPE_TCP_ECHO,
44    TYPE_UDP_ECHO,
45  };
46
47  // Container for various options to control how the HTTPS or WSS server is
48  // initialized.
49  struct SSLOptions {
50    enum ServerCertificate {
51      CERT_OK,
52
53      // CERT_AUTO causes the testserver to generate a test certificate issued
54      // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
55      CERT_AUTO,
56
57      CERT_MISMATCHED_NAME,
58      CERT_EXPIRED,
59      // Cross-signed certificate to test PKIX path building. Contains an
60      // intermediate cross-signed by an unknown root, while the client (via
61      // TestRootStore) is expected to have a self-signed version of the
62      // intermediate.
63      CERT_CHAIN_WRONG_ROOT,
64    };
65
66    // OCSPStatus enumerates the types of OCSP response that the testserver
67    // can produce.
68    enum OCSPStatus {
69      OCSP_OK,
70      OCSP_REVOKED,
71      OCSP_INVALID,
72      OCSP_UNAUTHORIZED,
73      OCSP_UNKNOWN,
74    };
75
76    // Bitmask of key exchange algorithms that the test server supports and that
77    // can be selectively enabled or disabled.
78    enum KeyExchange {
79      // Special value used to indicate that any algorithm the server supports
80      // is acceptable. Preferred over explicitly OR-ing all key exchange
81      // algorithms.
82      KEY_EXCHANGE_ANY     = 0,
83
84      KEY_EXCHANGE_RSA     = (1 << 0),
85      KEY_EXCHANGE_DHE_RSA = (1 << 1),
86    };
87
88    // Bitmask of bulk encryption algorithms that the test server supports
89    // and that can be selectively enabled or disabled.
90    enum BulkCipher {
91      // Special value used to indicate that any algorithm the server supports
92      // is acceptable. Preferred over explicitly OR-ing all ciphers.
93      BULK_CIPHER_ANY    = 0,
94
95      BULK_CIPHER_RC4    = (1 << 0),
96      BULK_CIPHER_AES128 = (1 << 1),
97      BULK_CIPHER_AES256 = (1 << 2),
98
99      // NOTE: 3DES support in the Python test server has external
100      // dependencies and not be available on all machines. Clients may not
101      // be able to connect if only 3DES is specified.
102      BULK_CIPHER_3DES   = (1 << 3),
103    };
104
105    // NOTE: the values of these enumerators are passed to the the Python test
106    // server. Do not change them.
107    enum TLSIntolerantLevel {
108      TLS_INTOLERANT_NONE = 0,
109      TLS_INTOLERANT_ALL = 1,  // Intolerant of all TLS versions.
110      TLS_INTOLERANT_TLS1_1 = 2,  // Intolerant of TLS 1.1 or higher.
111      TLS_INTOLERANT_TLS1_2 = 3,  // Intolerant of TLS 1.2 or higher.
112    };
113
114    // Values which control how the server reacts in response to a ClientHello
115    // it is intolerant of.
116    enum TLSIntoleranceType {
117      TLS_INTOLERANCE_ALERT = 0,  // Send a handshake_failure alert.
118      TLS_INTOLERANCE_CLOSE = 1,  // Close the connection.
119      TLS_INTOLERANCE_RESET = 2,  // Send a TCP reset.
120    };
121
122    // Initialize a new SSLOptions using CERT_OK as the certificate.
123    SSLOptions();
124
125    // Initialize a new SSLOptions that will use the specified certificate.
126    explicit SSLOptions(ServerCertificate cert);
127    ~SSLOptions();
128
129    // Returns the relative filename of the file that contains the
130    // |server_certificate|.
131    base::FilePath GetCertificateFile() const;
132
133    // GetOCSPArgument returns the value of any OCSP argument to testserver or
134    // the empty string if there is none.
135    std::string GetOCSPArgument() const;
136
137    // The certificate to use when serving requests.
138    ServerCertificate server_certificate;
139
140    // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
141    // response returned.
142    OCSPStatus ocsp_status;
143
144    // If not zero, |cert_serial| will be the serial number of the
145    // auto-generated leaf certificate when |server_certificate==CERT_AUTO|.
146    uint64 cert_serial;
147
148    // True if a CertificateRequest should be sent to the client during
149    // handshaking.
150    bool request_client_certificate;
151
152    // If |request_client_certificate| is true, an optional list of files,
153    // each containing a single, PEM-encoded X.509 certificates. The subject
154    // from each certificate will be added to the certificate_authorities
155    // field of the CertificateRequest.
156    std::vector<base::FilePath> client_authorities;
157
158    // If |request_client_certificate| is true, an optional list of
159    // SSLClientCertType values to populate the certificate_types field of the
160    // CertificateRequest.
161    std::vector<SSLClientCertType> client_cert_types;
162
163    // A bitwise-OR of KeyExchnage that should be used by the
164    // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented
165    // key exchange algorithms are acceptable.
166    int key_exchanges;
167
168    // A bitwise-OR of BulkCipher that should be used by the
169    // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
170    // ciphers are acceptable.
171    int bulk_ciphers;
172
173    // If true, pass the --https-record-resume argument to testserver.py which
174    // causes it to log session cache actions and echo the log on
175    // /ssl-session-cache.
176    bool record_resume;
177
178    // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
179    // negotiates an intolerant TLS version in order to test version fallback.
180    TLSIntolerantLevel tls_intolerant;
181
182    // If |tls_intolerant| is not TLS_INTOLERANT_NONE, how the server reacts to
183    // an intolerant TLS version.
184    TLSIntoleranceType tls_intolerance_type;
185
186    // fallback_scsv_enabled, if true, causes the server to process the
187    // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
188    // when performing TLS version fallback in response to an SSL handshake
189    // failure. If this option is enabled then the server will reject fallback
190    // connections.
191    bool fallback_scsv_enabled;
192
193    // Temporary glue for testing: validation of SCTs is application-controlled
194    // and can be appropriately mocked out, so sending fake data here does not
195    // affect handshaking behaviour.
196    // TODO(ekasper): replace with valid SCT files for test certs.
197    // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
198    // a TLS extension.
199    std::string signed_cert_timestamps_tls_ext;
200
201    // Whether to staple the OCSP response.
202    bool staple_ocsp_response;
203
204    // Whether to enable NPN support.
205    bool enable_npn;
206
207    // Whether to disable TLS session caching. When session caching is
208    // disabled, the server will use an empty session ID in the
209    // ServerHello.
210    bool disable_session_cache;
211  };
212
213  // Pass as the 'host' parameter during construction to server on 127.0.0.1
214  static const char kLocalhost[];
215
216  // Initialize a TestServer listening on a specific host (IP or hostname).
217  BaseTestServer(Type type,  const std::string& host);
218
219  // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS.
220  BaseTestServer(Type type, const SSLOptions& ssl_options);
221
222  // Returns the host port pair used by current Python based test server only
223  // if the server is started.
224  const HostPortPair& host_port_pair() const;
225
226  const base::FilePath& document_root() const { return document_root_; }
227  const base::DictionaryValue& server_data() const;
228  std::string GetScheme() const;
229  bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT;
230
231  GURL GetURL(const std::string& path) const;
232
233  GURL GetURLWithUser(const std::string& path,
234                      const std::string& user) const;
235
236  GURL GetURLWithUserAndPassword(const std::string& path,
237                                 const std::string& user,
238                                 const std::string& password) const;
239
240  static bool GetFilePathWithReplacements(
241      const std::string& original_path,
242      const std::vector<StringPair>& text_to_replace,
243      std::string* replacement_path);
244
245  static bool UsingSSL(Type type) {
246    return type == BaseTestServer::TYPE_HTTPS ||
247           type == BaseTestServer::TYPE_WSS;
248  }
249
250  // Enable HTTP basic authentication. Currently this only works for TYPE_WS and
251  // TYPE_WSS.
252  void set_websocket_basic_auth(bool ws_basic_auth) {
253    ws_basic_auth_ = ws_basic_auth;
254  }
255
256 protected:
257  virtual ~BaseTestServer();
258  Type type() const { return type_; }
259
260  // Gets port currently assigned to host_port_pair_ without checking
261  // whether it's available (server started) or not.
262  uint16 GetPort();
263
264  // Sets |port| as the actual port used by Python based test server.
265  void SetPort(uint16 port);
266
267  // Set up internal status when the server is started.
268  bool SetupWhenServerStarted() WARN_UNUSED_RESULT;
269
270  // Clean up internal status when starting to stop server.
271  void CleanUpWhenStoppingServer();
272
273  // Set path of test resources.
274  void SetResourcePath(const base::FilePath& document_root,
275                       const base::FilePath& certificates_dir);
276
277  // Parses the server data read from the test server.  Returns true
278  // on success.
279  bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT;
280
281  // Generates a DictionaryValue with the arguments for launching the external
282  // Python test server.
283  bool GenerateArguments(base::DictionaryValue* arguments) const
284    WARN_UNUSED_RESULT;
285
286  // Subclasses can override this to add arguments that are specific to their
287  // own test servers.
288  virtual bool GenerateAdditionalArguments(
289      base::DictionaryValue* arguments) const WARN_UNUSED_RESULT;
290
291 private:
292  void Init(const std::string& host);
293
294  // Marks the root certificate of an HTTPS test server as trusted for
295  // the duration of tests.
296  bool LoadTestRootCert() const WARN_UNUSED_RESULT;
297
298  // Document root of the test server.
299  base::FilePath document_root_;
300
301  // Directory that contains the SSL certificates.
302  base::FilePath certificates_dir_;
303
304  // Address the test server listens on.
305  HostPortPair host_port_pair_;
306
307  // Holds the data sent from the server (e.g., port number).
308  scoped_ptr<base::DictionaryValue> server_data_;
309
310  // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
311  // server.
312  SSLOptions ssl_options_;
313
314  Type type_;
315
316  // Has the server been started?
317  bool started_;
318
319  // Enables logging of the server to the console.
320  bool log_to_console_;
321
322  // Is WebSocket basic HTTP authentication enabled?
323  bool ws_basic_auth_;
324
325  scoped_ptr<ScopedPortException> allowed_port_;
326
327  DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
328};
329
330}  // namespace net
331
332#endif  // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
333