1*d9f75844SAndroid Build Coastguard Worker /*
2*d9f75844SAndroid Build Coastguard Worker * Copyright 2014 The WebRTC Project Authors. All rights reserved.
3*d9f75844SAndroid Build Coastguard Worker *
4*d9f75844SAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license
5*d9f75844SAndroid Build Coastguard Worker * that can be found in the LICENSE file in the root of the source
6*d9f75844SAndroid Build Coastguard Worker * tree. An additional intellectual property rights grant can be found
7*d9f75844SAndroid Build Coastguard Worker * in the file PATENTS. All contributing project authors may
8*d9f75844SAndroid Build Coastguard Worker * be found in the AUTHORS file in the root of the source tree.
9*d9f75844SAndroid Build Coastguard Worker */
10*d9f75844SAndroid Build Coastguard Worker
11*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_adapter.h"
12*d9f75844SAndroid Build Coastguard Worker
13*d9f75844SAndroid Build Coastguard Worker #include <memory>
14*d9f75844SAndroid Build Coastguard Worker #include <string>
15*d9f75844SAndroid Build Coastguard Worker #include <utility>
16*d9f75844SAndroid Build Coastguard Worker
17*d9f75844SAndroid Build Coastguard Worker #include "absl/memory/memory.h"
18*d9f75844SAndroid Build Coastguard Worker #include "absl/strings/string_view.h"
19*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/gunit.h"
20*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ip_address.h"
21*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/message_digest.h"
22*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/socket_stream.h"
23*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_identity.h"
24*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_stream_adapter.h"
25*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/stream.h"
26*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/string_encode.h"
27*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/virtual_socket_server.h"
28*d9f75844SAndroid Build Coastguard Worker #include "test/gmock.h"
29*d9f75844SAndroid Build Coastguard Worker
30*d9f75844SAndroid Build Coastguard Worker using ::testing::_;
31*d9f75844SAndroid Build Coastguard Worker using ::testing::Return;
32*d9f75844SAndroid Build Coastguard Worker
33*d9f75844SAndroid Build Coastguard Worker static const int kTimeout = 5000;
34*d9f75844SAndroid Build Coastguard Worker
CreateSocket(const rtc::SSLMode & ssl_mode)35*d9f75844SAndroid Build Coastguard Worker static rtc::Socket* CreateSocket(const rtc::SSLMode& ssl_mode) {
36*d9f75844SAndroid Build Coastguard Worker rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0);
37*d9f75844SAndroid Build Coastguard Worker
38*d9f75844SAndroid Build Coastguard Worker rtc::Socket* socket = rtc::Thread::Current()->socketserver()->CreateSocket(
39*d9f75844SAndroid Build Coastguard Worker address.family(),
40*d9f75844SAndroid Build Coastguard Worker (ssl_mode == rtc::SSL_MODE_DTLS) ? SOCK_DGRAM : SOCK_STREAM);
41*d9f75844SAndroid Build Coastguard Worker socket->Bind(address);
42*d9f75844SAndroid Build Coastguard Worker
43*d9f75844SAndroid Build Coastguard Worker return socket;
44*d9f75844SAndroid Build Coastguard Worker }
45*d9f75844SAndroid Build Coastguard Worker
GetSSLProtocolName(const rtc::SSLMode & ssl_mode)46*d9f75844SAndroid Build Coastguard Worker static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) {
47*d9f75844SAndroid Build Coastguard Worker return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS";
48*d9f75844SAndroid Build Coastguard Worker }
49*d9f75844SAndroid Build Coastguard Worker
50*d9f75844SAndroid Build Coastguard Worker // Simple mock for the certificate verifier.
51*d9f75844SAndroid Build Coastguard Worker class MockCertVerifier : public rtc::SSLCertificateVerifier {
52*d9f75844SAndroid Build Coastguard Worker public:
53*d9f75844SAndroid Build Coastguard Worker virtual ~MockCertVerifier() = default;
54*d9f75844SAndroid Build Coastguard Worker MOCK_METHOD(bool, Verify, (const rtc::SSLCertificate&), (override));
55*d9f75844SAndroid Build Coastguard Worker };
56*d9f75844SAndroid Build Coastguard Worker
57*d9f75844SAndroid Build Coastguard Worker // TODO(benwright) - Move to using INSTANTIATE_TEST_SUITE_P instead of using
58*d9f75844SAndroid Build Coastguard Worker // duplicate test cases for simple parameter changes.
59*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
60*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestDummyClient(const rtc::SSLMode & ssl_mode)61*d9f75844SAndroid Build Coastguard Worker explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode)
62*d9f75844SAndroid Build Coastguard Worker : ssl_mode_(ssl_mode) {
63*d9f75844SAndroid Build Coastguard Worker rtc::Socket* socket = CreateSocket(ssl_mode_);
64*d9f75844SAndroid Build Coastguard Worker
65*d9f75844SAndroid Build Coastguard Worker ssl_adapter_.reset(rtc::SSLAdapter::Create(socket));
66*d9f75844SAndroid Build Coastguard Worker
67*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SetMode(ssl_mode_);
68*d9f75844SAndroid Build Coastguard Worker
69*d9f75844SAndroid Build Coastguard Worker // Ignore any certificate errors for the purpose of testing.
70*d9f75844SAndroid Build Coastguard Worker // Note: We do this only because we don't have a real certificate.
71*d9f75844SAndroid Build Coastguard Worker // NEVER USE THIS IN PRODUCTION CODE!
72*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SetIgnoreBadCert(true);
73*d9f75844SAndroid Build Coastguard Worker
74*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SignalReadEvent.connect(
75*d9f75844SAndroid Build Coastguard Worker this, &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent);
76*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SignalCloseEvent.connect(
77*d9f75844SAndroid Build Coastguard Worker this, &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent);
78*d9f75844SAndroid Build Coastguard Worker }
79*d9f75844SAndroid Build Coastguard Worker
SetIgnoreBadCert(bool ignore_bad_cert)80*d9f75844SAndroid Build Coastguard Worker void SetIgnoreBadCert(bool ignore_bad_cert) {
81*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SetIgnoreBadCert(ignore_bad_cert);
82*d9f75844SAndroid Build Coastguard Worker }
83*d9f75844SAndroid Build Coastguard Worker
SetCertVerifier(rtc::SSLCertificateVerifier * ssl_cert_verifier)84*d9f75844SAndroid Build Coastguard Worker void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
85*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SetCertVerifier(ssl_cert_verifier);
86*d9f75844SAndroid Build Coastguard Worker }
87*d9f75844SAndroid Build Coastguard Worker
SetAlpnProtocols(const std::vector<std::string> & protos)88*d9f75844SAndroid Build Coastguard Worker void SetAlpnProtocols(const std::vector<std::string>& protos) {
89*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SetAlpnProtocols(protos);
90*d9f75844SAndroid Build Coastguard Worker }
91*d9f75844SAndroid Build Coastguard Worker
SetEllipticCurves(const std::vector<std::string> & curves)92*d9f75844SAndroid Build Coastguard Worker void SetEllipticCurves(const std::vector<std::string>& curves) {
93*d9f75844SAndroid Build Coastguard Worker ssl_adapter_->SetEllipticCurves(curves);
94*d9f75844SAndroid Build Coastguard Worker }
95*d9f75844SAndroid Build Coastguard Worker
GetAddress() const96*d9f75844SAndroid Build Coastguard Worker rtc::SocketAddress GetAddress() const {
97*d9f75844SAndroid Build Coastguard Worker return ssl_adapter_->GetLocalAddress();
98*d9f75844SAndroid Build Coastguard Worker }
99*d9f75844SAndroid Build Coastguard Worker
GetState() const100*d9f75844SAndroid Build Coastguard Worker rtc::Socket::ConnState GetState() const { return ssl_adapter_->GetState(); }
101*d9f75844SAndroid Build Coastguard Worker
GetReceivedData() const102*d9f75844SAndroid Build Coastguard Worker const std::string& GetReceivedData() const { return data_; }
103*d9f75844SAndroid Build Coastguard Worker
Connect(absl::string_view hostname,const rtc::SocketAddress & address)104*d9f75844SAndroid Build Coastguard Worker int Connect(absl::string_view hostname, const rtc::SocketAddress& address) {
105*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Initiating connection with " << address.ToString();
106*d9f75844SAndroid Build Coastguard Worker
107*d9f75844SAndroid Build Coastguard Worker int rv = ssl_adapter_->Connect(address);
108*d9f75844SAndroid Build Coastguard Worker
109*d9f75844SAndroid Build Coastguard Worker if (rv == 0) {
110*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_)
111*d9f75844SAndroid Build Coastguard Worker << " handshake with " << hostname;
112*d9f75844SAndroid Build Coastguard Worker
113*d9f75844SAndroid Build Coastguard Worker if (ssl_adapter_->StartSSL(hostname) != 0) {
114*d9f75844SAndroid Build Coastguard Worker return -1;
115*d9f75844SAndroid Build Coastguard Worker }
116*d9f75844SAndroid Build Coastguard Worker }
117*d9f75844SAndroid Build Coastguard Worker
118*d9f75844SAndroid Build Coastguard Worker return rv;
119*d9f75844SAndroid Build Coastguard Worker }
120*d9f75844SAndroid Build Coastguard Worker
Close()121*d9f75844SAndroid Build Coastguard Worker int Close() { return ssl_adapter_->Close(); }
122*d9f75844SAndroid Build Coastguard Worker
Send(absl::string_view message)123*d9f75844SAndroid Build Coastguard Worker int Send(absl::string_view message) {
124*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Client sending '" << message << "'";
125*d9f75844SAndroid Build Coastguard Worker
126*d9f75844SAndroid Build Coastguard Worker return ssl_adapter_->Send(message.data(), message.length());
127*d9f75844SAndroid Build Coastguard Worker }
128*d9f75844SAndroid Build Coastguard Worker
OnSSLAdapterReadEvent(rtc::Socket * socket)129*d9f75844SAndroid Build Coastguard Worker void OnSSLAdapterReadEvent(rtc::Socket* socket) {
130*d9f75844SAndroid Build Coastguard Worker char buffer[4096] = "";
131*d9f75844SAndroid Build Coastguard Worker
132*d9f75844SAndroid Build Coastguard Worker // Read data received from the server and store it in our internal buffer.
133*d9f75844SAndroid Build Coastguard Worker int read = socket->Recv(buffer, sizeof(buffer) - 1, nullptr);
134*d9f75844SAndroid Build Coastguard Worker if (read != -1) {
135*d9f75844SAndroid Build Coastguard Worker buffer[read] = '\0';
136*d9f75844SAndroid Build Coastguard Worker
137*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Client received '" << buffer << "'";
138*d9f75844SAndroid Build Coastguard Worker
139*d9f75844SAndroid Build Coastguard Worker data_ += buffer;
140*d9f75844SAndroid Build Coastguard Worker }
141*d9f75844SAndroid Build Coastguard Worker }
142*d9f75844SAndroid Build Coastguard Worker
OnSSLAdapterCloseEvent(rtc::Socket * socket,int error)143*d9f75844SAndroid Build Coastguard Worker void OnSSLAdapterCloseEvent(rtc::Socket* socket, int error) {
144*d9f75844SAndroid Build Coastguard Worker // OpenSSLAdapter signals handshake failure with a close event, but without
145*d9f75844SAndroid Build Coastguard Worker // closing the socket! Let's close the socket here. This way GetState() can
146*d9f75844SAndroid Build Coastguard Worker // return CS_CLOSED after failure.
147*d9f75844SAndroid Build Coastguard Worker if (socket->GetState() != rtc::Socket::CS_CLOSED) {
148*d9f75844SAndroid Build Coastguard Worker socket->Close();
149*d9f75844SAndroid Build Coastguard Worker }
150*d9f75844SAndroid Build Coastguard Worker }
151*d9f75844SAndroid Build Coastguard Worker
152*d9f75844SAndroid Build Coastguard Worker private:
153*d9f75844SAndroid Build Coastguard Worker const rtc::SSLMode ssl_mode_;
154*d9f75844SAndroid Build Coastguard Worker
155*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::SSLAdapter> ssl_adapter_;
156*d9f75844SAndroid Build Coastguard Worker
157*d9f75844SAndroid Build Coastguard Worker std::string data_;
158*d9f75844SAndroid Build Coastguard Worker };
159*d9f75844SAndroid Build Coastguard Worker
160*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
161*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestDummyServer(const rtc::SSLMode & ssl_mode,const rtc::KeyParams & key_params)162*d9f75844SAndroid Build Coastguard Worker explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode,
163*d9f75844SAndroid Build Coastguard Worker const rtc::KeyParams& key_params)
164*d9f75844SAndroid Build Coastguard Worker : ssl_mode_(ssl_mode) {
165*d9f75844SAndroid Build Coastguard Worker // Generate a key pair and a certificate for this host.
166*d9f75844SAndroid Build Coastguard Worker ssl_identity_ = rtc::SSLIdentity::Create(GetHostname(), key_params);
167*d9f75844SAndroid Build Coastguard Worker
168*d9f75844SAndroid Build Coastguard Worker server_socket_.reset(CreateSocket(ssl_mode_));
169*d9f75844SAndroid Build Coastguard Worker
170*d9f75844SAndroid Build Coastguard Worker if (ssl_mode_ == rtc::SSL_MODE_TLS) {
171*d9f75844SAndroid Build Coastguard Worker server_socket_->SignalReadEvent.connect(
172*d9f75844SAndroid Build Coastguard Worker this, &SSLAdapterTestDummyServer::OnServerSocketReadEvent);
173*d9f75844SAndroid Build Coastguard Worker
174*d9f75844SAndroid Build Coastguard Worker server_socket_->Listen(1);
175*d9f75844SAndroid Build Coastguard Worker }
176*d9f75844SAndroid Build Coastguard Worker
177*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP")
178*d9f75844SAndroid Build Coastguard Worker << " server listening on "
179*d9f75844SAndroid Build Coastguard Worker << server_socket_->GetLocalAddress().ToString();
180*d9f75844SAndroid Build Coastguard Worker }
181*d9f75844SAndroid Build Coastguard Worker
GetAddress() const182*d9f75844SAndroid Build Coastguard Worker rtc::SocketAddress GetAddress() const {
183*d9f75844SAndroid Build Coastguard Worker return server_socket_->GetLocalAddress();
184*d9f75844SAndroid Build Coastguard Worker }
185*d9f75844SAndroid Build Coastguard Worker
GetHostname() const186*d9f75844SAndroid Build Coastguard Worker std::string GetHostname() const {
187*d9f75844SAndroid Build Coastguard Worker // Since we don't have a real certificate anyway, the value here doesn't
188*d9f75844SAndroid Build Coastguard Worker // really matter.
189*d9f75844SAndroid Build Coastguard Worker return "example.com";
190*d9f75844SAndroid Build Coastguard Worker }
191*d9f75844SAndroid Build Coastguard Worker
GetReceivedData() const192*d9f75844SAndroid Build Coastguard Worker const std::string& GetReceivedData() const { return data_; }
193*d9f75844SAndroid Build Coastguard Worker
Send(absl::string_view message)194*d9f75844SAndroid Build Coastguard Worker int Send(absl::string_view message) {
195*d9f75844SAndroid Build Coastguard Worker if (ssl_stream_adapter_ == nullptr ||
196*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->GetState() != rtc::SS_OPEN) {
197*d9f75844SAndroid Build Coastguard Worker // No connection yet.
198*d9f75844SAndroid Build Coastguard Worker return -1;
199*d9f75844SAndroid Build Coastguard Worker }
200*d9f75844SAndroid Build Coastguard Worker
201*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Server sending '" << message << "'";
202*d9f75844SAndroid Build Coastguard Worker
203*d9f75844SAndroid Build Coastguard Worker size_t written;
204*d9f75844SAndroid Build Coastguard Worker int error;
205*d9f75844SAndroid Build Coastguard Worker
206*d9f75844SAndroid Build Coastguard Worker rtc::StreamResult r = ssl_stream_adapter_->Write(
207*d9f75844SAndroid Build Coastguard Worker rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(message.data()),
208*d9f75844SAndroid Build Coastguard Worker message.size()),
209*d9f75844SAndroid Build Coastguard Worker written, error);
210*d9f75844SAndroid Build Coastguard Worker if (r == rtc::SR_SUCCESS) {
211*d9f75844SAndroid Build Coastguard Worker return written;
212*d9f75844SAndroid Build Coastguard Worker } else {
213*d9f75844SAndroid Build Coastguard Worker return -1;
214*d9f75844SAndroid Build Coastguard Worker }
215*d9f75844SAndroid Build Coastguard Worker }
216*d9f75844SAndroid Build Coastguard Worker
AcceptConnection(const rtc::SocketAddress & address)217*d9f75844SAndroid Build Coastguard Worker void AcceptConnection(const rtc::SocketAddress& address) {
218*d9f75844SAndroid Build Coastguard Worker // Only a single connection is supported.
219*d9f75844SAndroid Build Coastguard Worker ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
220*d9f75844SAndroid Build Coastguard Worker
221*d9f75844SAndroid Build Coastguard Worker // This is only for DTLS.
222*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(rtc::SSL_MODE_DTLS, ssl_mode_);
223*d9f75844SAndroid Build Coastguard Worker
224*d9f75844SAndroid Build Coastguard Worker // Transfer ownership of the socket to the SSLStreamAdapter object.
225*d9f75844SAndroid Build Coastguard Worker rtc::Socket* socket = server_socket_.release();
226*d9f75844SAndroid Build Coastguard Worker
227*d9f75844SAndroid Build Coastguard Worker socket->Connect(address);
228*d9f75844SAndroid Build Coastguard Worker
229*d9f75844SAndroid Build Coastguard Worker DoHandshake(socket);
230*d9f75844SAndroid Build Coastguard Worker }
231*d9f75844SAndroid Build Coastguard Worker
OnServerSocketReadEvent(rtc::Socket * socket)232*d9f75844SAndroid Build Coastguard Worker void OnServerSocketReadEvent(rtc::Socket* socket) {
233*d9f75844SAndroid Build Coastguard Worker // Only a single connection is supported.
234*d9f75844SAndroid Build Coastguard Worker ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
235*d9f75844SAndroid Build Coastguard Worker
236*d9f75844SAndroid Build Coastguard Worker DoHandshake(server_socket_->Accept(nullptr));
237*d9f75844SAndroid Build Coastguard Worker }
238*d9f75844SAndroid Build Coastguard Worker
OnSSLStreamAdapterEvent(rtc::StreamInterface * stream,int sig,int err)239*d9f75844SAndroid Build Coastguard Worker void OnSSLStreamAdapterEvent(rtc::StreamInterface* stream, int sig, int err) {
240*d9f75844SAndroid Build Coastguard Worker if (sig & rtc::SE_READ) {
241*d9f75844SAndroid Build Coastguard Worker uint8_t buffer[4096] = "";
242*d9f75844SAndroid Build Coastguard Worker size_t read;
243*d9f75844SAndroid Build Coastguard Worker int error;
244*d9f75844SAndroid Build Coastguard Worker
245*d9f75844SAndroid Build Coastguard Worker // Read data received from the client and store it in our internal
246*d9f75844SAndroid Build Coastguard Worker // buffer.
247*d9f75844SAndroid Build Coastguard Worker rtc::StreamResult r = stream->Read(buffer, read, error);
248*d9f75844SAndroid Build Coastguard Worker if (r == rtc::SR_SUCCESS) {
249*d9f75844SAndroid Build Coastguard Worker buffer[read] = '\0';
250*d9f75844SAndroid Build Coastguard Worker // Here we assume that the buffer is interpretable as string.
251*d9f75844SAndroid Build Coastguard Worker char* buffer_as_char = reinterpret_cast<char*>(buffer);
252*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Server received '" << buffer_as_char << "'";
253*d9f75844SAndroid Build Coastguard Worker data_ += buffer_as_char;
254*d9f75844SAndroid Build Coastguard Worker }
255*d9f75844SAndroid Build Coastguard Worker }
256*d9f75844SAndroid Build Coastguard Worker }
257*d9f75844SAndroid Build Coastguard Worker
258*d9f75844SAndroid Build Coastguard Worker private:
DoHandshake(rtc::Socket * socket)259*d9f75844SAndroid Build Coastguard Worker void DoHandshake(rtc::Socket* socket) {
260*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_ = rtc::SSLStreamAdapter::Create(
261*d9f75844SAndroid Build Coastguard Worker std::make_unique<rtc::SocketStream>(socket));
262*d9f75844SAndroid Build Coastguard Worker
263*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->SetMode(ssl_mode_);
264*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->SetServerRole();
265*d9f75844SAndroid Build Coastguard Worker
266*d9f75844SAndroid Build Coastguard Worker // SSLStreamAdapter is normally used for peer-to-peer communication, but
267*d9f75844SAndroid Build Coastguard Worker // here we're testing communication between a client and a server
268*d9f75844SAndroid Build Coastguard Worker // (e.g. a WebRTC-based application and an RFC 5766 TURN server), where
269*d9f75844SAndroid Build Coastguard Worker // clients are not required to provide a certificate during handshake.
270*d9f75844SAndroid Build Coastguard Worker // Accordingly, we must disable client authentication here.
271*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->SetClientAuthEnabledForTesting(false);
272*d9f75844SAndroid Build Coastguard Worker
273*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->SetIdentity(ssl_identity_->Clone());
274*d9f75844SAndroid Build Coastguard Worker
275*d9f75844SAndroid Build Coastguard Worker // Set a bogus peer certificate digest.
276*d9f75844SAndroid Build Coastguard Worker unsigned char digest[20];
277*d9f75844SAndroid Build Coastguard Worker size_t digest_len = sizeof(digest);
278*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
279*d9f75844SAndroid Build Coastguard Worker digest_len);
280*d9f75844SAndroid Build Coastguard Worker
281*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->StartSSL();
282*d9f75844SAndroid Build Coastguard Worker
283*d9f75844SAndroid Build Coastguard Worker ssl_stream_adapter_->SignalEvent.connect(
284*d9f75844SAndroid Build Coastguard Worker this, &SSLAdapterTestDummyServer::OnSSLStreamAdapterEvent);
285*d9f75844SAndroid Build Coastguard Worker }
286*d9f75844SAndroid Build Coastguard Worker
287*d9f75844SAndroid Build Coastguard Worker const rtc::SSLMode ssl_mode_;
288*d9f75844SAndroid Build Coastguard Worker
289*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::Socket> server_socket_;
290*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_;
291*d9f75844SAndroid Build Coastguard Worker
292*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::SSLIdentity> ssl_identity_;
293*d9f75844SAndroid Build Coastguard Worker
294*d9f75844SAndroid Build Coastguard Worker std::string data_;
295*d9f75844SAndroid Build Coastguard Worker };
296*d9f75844SAndroid Build Coastguard Worker
297*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestBase : public ::testing::Test, public sigslot::has_slots<> {
298*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestBase(const rtc::SSLMode & ssl_mode,const rtc::KeyParams & key_params)299*d9f75844SAndroid Build Coastguard Worker explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode,
300*d9f75844SAndroid Build Coastguard Worker const rtc::KeyParams& key_params)
301*d9f75844SAndroid Build Coastguard Worker : ssl_mode_(ssl_mode),
302*d9f75844SAndroid Build Coastguard Worker vss_(new rtc::VirtualSocketServer()),
303*d9f75844SAndroid Build Coastguard Worker thread_(vss_.get()),
304*d9f75844SAndroid Build Coastguard Worker server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)),
305*d9f75844SAndroid Build Coastguard Worker client_(new SSLAdapterTestDummyClient(ssl_mode_)),
306*d9f75844SAndroid Build Coastguard Worker handshake_wait_(kTimeout) {}
307*d9f75844SAndroid Build Coastguard Worker
SetHandshakeWait(int wait)308*d9f75844SAndroid Build Coastguard Worker void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
309*d9f75844SAndroid Build Coastguard Worker
SetIgnoreBadCert(bool ignore_bad_cert)310*d9f75844SAndroid Build Coastguard Worker void SetIgnoreBadCert(bool ignore_bad_cert) {
311*d9f75844SAndroid Build Coastguard Worker client_->SetIgnoreBadCert(ignore_bad_cert);
312*d9f75844SAndroid Build Coastguard Worker }
313*d9f75844SAndroid Build Coastguard Worker
SetCertVerifier(rtc::SSLCertificateVerifier * ssl_cert_verifier)314*d9f75844SAndroid Build Coastguard Worker void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
315*d9f75844SAndroid Build Coastguard Worker client_->SetCertVerifier(ssl_cert_verifier);
316*d9f75844SAndroid Build Coastguard Worker }
317*d9f75844SAndroid Build Coastguard Worker
SetAlpnProtocols(const std::vector<std::string> & protos)318*d9f75844SAndroid Build Coastguard Worker void SetAlpnProtocols(const std::vector<std::string>& protos) {
319*d9f75844SAndroid Build Coastguard Worker client_->SetAlpnProtocols(protos);
320*d9f75844SAndroid Build Coastguard Worker }
321*d9f75844SAndroid Build Coastguard Worker
SetEllipticCurves(const std::vector<std::string> & curves)322*d9f75844SAndroid Build Coastguard Worker void SetEllipticCurves(const std::vector<std::string>& curves) {
323*d9f75844SAndroid Build Coastguard Worker client_->SetEllipticCurves(curves);
324*d9f75844SAndroid Build Coastguard Worker }
325*d9f75844SAndroid Build Coastguard Worker
SetMockCertVerifier(bool return_value)326*d9f75844SAndroid Build Coastguard Worker void SetMockCertVerifier(bool return_value) {
327*d9f75844SAndroid Build Coastguard Worker auto mock_verifier = std::make_unique<MockCertVerifier>();
328*d9f75844SAndroid Build Coastguard Worker EXPECT_CALL(*mock_verifier, Verify(_)).WillRepeatedly(Return(return_value));
329*d9f75844SAndroid Build Coastguard Worker cert_verifier_ =
330*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::SSLCertificateVerifier>(std::move(mock_verifier));
331*d9f75844SAndroid Build Coastguard Worker
332*d9f75844SAndroid Build Coastguard Worker SetIgnoreBadCert(false);
333*d9f75844SAndroid Build Coastguard Worker SetCertVerifier(cert_verifier_.get());
334*d9f75844SAndroid Build Coastguard Worker }
335*d9f75844SAndroid Build Coastguard Worker
TestHandshake(bool expect_success)336*d9f75844SAndroid Build Coastguard Worker void TestHandshake(bool expect_success) {
337*d9f75844SAndroid Build Coastguard Worker int rv;
338*d9f75844SAndroid Build Coastguard Worker
339*d9f75844SAndroid Build Coastguard Worker // The initial state is CS_CLOSED
340*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(rtc::Socket::CS_CLOSED, client_->GetState());
341*d9f75844SAndroid Build Coastguard Worker
342*d9f75844SAndroid Build Coastguard Worker rv = client_->Connect(server_->GetHostname(), server_->GetAddress());
343*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(0, rv);
344*d9f75844SAndroid Build Coastguard Worker
345*d9f75844SAndroid Build Coastguard Worker // Now the state should be CS_CONNECTING
346*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(rtc::Socket::CS_CONNECTING, client_->GetState());
347*d9f75844SAndroid Build Coastguard Worker
348*d9f75844SAndroid Build Coastguard Worker if (ssl_mode_ == rtc::SSL_MODE_DTLS) {
349*d9f75844SAndroid Build Coastguard Worker // For DTLS, call AcceptConnection() with the client's address.
350*d9f75844SAndroid Build Coastguard Worker server_->AcceptConnection(client_->GetAddress());
351*d9f75844SAndroid Build Coastguard Worker }
352*d9f75844SAndroid Build Coastguard Worker
353*d9f75844SAndroid Build Coastguard Worker if (expect_success) {
354*d9f75844SAndroid Build Coastguard Worker // If expecting success, the client should end up in the CS_CONNECTED
355*d9f75844SAndroid Build Coastguard Worker // state after handshake.
356*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ_WAIT(rtc::Socket::CS_CONNECTED, client_->GetState(),
357*d9f75844SAndroid Build Coastguard Worker handshake_wait_);
358*d9f75844SAndroid Build Coastguard Worker
359*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_)
360*d9f75844SAndroid Build Coastguard Worker << " handshake complete.";
361*d9f75844SAndroid Build Coastguard Worker
362*d9f75844SAndroid Build Coastguard Worker } else {
363*d9f75844SAndroid Build Coastguard Worker // On handshake failure the client should end up in the CS_CLOSED state.
364*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ_WAIT(rtc::Socket::CS_CLOSED, client_->GetState(),
365*d9f75844SAndroid Build Coastguard Worker handshake_wait_);
366*d9f75844SAndroid Build Coastguard Worker
367*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed.";
368*d9f75844SAndroid Build Coastguard Worker }
369*d9f75844SAndroid Build Coastguard Worker }
370*d9f75844SAndroid Build Coastguard Worker
TestTransfer(absl::string_view message)371*d9f75844SAndroid Build Coastguard Worker void TestTransfer(absl::string_view message) {
372*d9f75844SAndroid Build Coastguard Worker int rv;
373*d9f75844SAndroid Build Coastguard Worker
374*d9f75844SAndroid Build Coastguard Worker rv = client_->Send(message);
375*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(static_cast<int>(message.length()), rv);
376*d9f75844SAndroid Build Coastguard Worker
377*d9f75844SAndroid Build Coastguard Worker // The server should have received the client's message.
378*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ_WAIT(message, server_->GetReceivedData(), kTimeout);
379*d9f75844SAndroid Build Coastguard Worker
380*d9f75844SAndroid Build Coastguard Worker rv = server_->Send(message);
381*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(static_cast<int>(message.length()), rv);
382*d9f75844SAndroid Build Coastguard Worker
383*d9f75844SAndroid Build Coastguard Worker // The client should have received the server's message.
384*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ_WAIT(message, client_->GetReceivedData(), kTimeout);
385*d9f75844SAndroid Build Coastguard Worker
386*d9f75844SAndroid Build Coastguard Worker RTC_LOG(LS_INFO) << "Transfer complete.";
387*d9f75844SAndroid Build Coastguard Worker }
388*d9f75844SAndroid Build Coastguard Worker
389*d9f75844SAndroid Build Coastguard Worker protected:
390*d9f75844SAndroid Build Coastguard Worker const rtc::SSLMode ssl_mode_;
391*d9f75844SAndroid Build Coastguard Worker
392*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::VirtualSocketServer> vss_;
393*d9f75844SAndroid Build Coastguard Worker rtc::AutoSocketServerThread thread_;
394*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLAdapterTestDummyServer> server_;
395*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<SSLAdapterTestDummyClient> client_;
396*d9f75844SAndroid Build Coastguard Worker std::unique_ptr<rtc::SSLCertificateVerifier> cert_verifier_;
397*d9f75844SAndroid Build Coastguard Worker
398*d9f75844SAndroid Build Coastguard Worker int handshake_wait_;
399*d9f75844SAndroid Build Coastguard Worker };
400*d9f75844SAndroid Build Coastguard Worker
401*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase {
402*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestTLS_RSA()403*d9f75844SAndroid Build Coastguard Worker SSLAdapterTestTLS_RSA()
404*d9f75844SAndroid Build Coastguard Worker : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {}
405*d9f75844SAndroid Build Coastguard Worker };
406*d9f75844SAndroid Build Coastguard Worker
407*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase {
408*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestTLS_ECDSA()409*d9f75844SAndroid Build Coastguard Worker SSLAdapterTestTLS_ECDSA()
410*d9f75844SAndroid Build Coastguard Worker : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {}
411*d9f75844SAndroid Build Coastguard Worker };
412*d9f75844SAndroid Build Coastguard Worker
413*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase {
414*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestDTLS_RSA()415*d9f75844SAndroid Build Coastguard Worker SSLAdapterTestDTLS_RSA()
416*d9f75844SAndroid Build Coastguard Worker : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {}
417*d9f75844SAndroid Build Coastguard Worker };
418*d9f75844SAndroid Build Coastguard Worker
419*d9f75844SAndroid Build Coastguard Worker class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
420*d9f75844SAndroid Build Coastguard Worker public:
SSLAdapterTestDTLS_ECDSA()421*d9f75844SAndroid Build Coastguard Worker SSLAdapterTestDTLS_ECDSA()
422*d9f75844SAndroid Build Coastguard Worker : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
423*d9f75844SAndroid Build Coastguard Worker };
424*d9f75844SAndroid Build Coastguard Worker
425*d9f75844SAndroid Build Coastguard Worker // Basic tests: TLS
426*d9f75844SAndroid Build Coastguard Worker
427*d9f75844SAndroid Build Coastguard Worker // Test that handshake works, using RSA
TEST_F(SSLAdapterTestTLS_RSA,TestTLSConnect)428*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) {
429*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
430*d9f75844SAndroid Build Coastguard Worker }
431*d9f75844SAndroid Build Coastguard Worker
432*d9f75844SAndroid Build Coastguard Worker // Test that handshake works with a custom verifier that returns true. RSA.
TEST_F(SSLAdapterTestTLS_RSA,TestTLSConnectCustomCertVerifierSucceeds)433*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierSucceeds) {
434*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
435*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
436*d9f75844SAndroid Build Coastguard Worker }
437*d9f75844SAndroid Build Coastguard Worker
438*d9f75844SAndroid Build Coastguard Worker // Test that handshake fails with a custom verifier that returns false. RSA.
TEST_F(SSLAdapterTestTLS_RSA,TestTLSConnectCustomCertVerifierFails)439*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
440*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/false);
441*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/false);
442*d9f75844SAndroid Build Coastguard Worker }
443*d9f75844SAndroid Build Coastguard Worker
444*d9f75844SAndroid Build Coastguard Worker // Test that handshake works, using ECDSA
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSConnect)445*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnect) {
446*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
447*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
448*d9f75844SAndroid Build Coastguard Worker }
449*d9f75844SAndroid Build Coastguard Worker
450*d9f75844SAndroid Build Coastguard Worker // Test that handshake works with a custom verifier that returns true. ECDSA.
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSConnectCustomCertVerifierSucceeds)451*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierSucceeds) {
452*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
453*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
454*d9f75844SAndroid Build Coastguard Worker }
455*d9f75844SAndroid Build Coastguard Worker
456*d9f75844SAndroid Build Coastguard Worker // Test that handshake fails with a custom verifier that returns false. ECDSA.
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSConnectCustomCertVerifierFails)457*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
458*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/false);
459*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/false);
460*d9f75844SAndroid Build Coastguard Worker }
461*d9f75844SAndroid Build Coastguard Worker
462*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using RSA
TEST_F(SSLAdapterTestTLS_RSA,TestTLSTransfer)463*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransfer) {
464*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
465*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
466*d9f75844SAndroid Build Coastguard Worker }
467*d9f75844SAndroid Build Coastguard Worker
468*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using RSA with custom cert verifier.
TEST_F(SSLAdapterTestTLS_RSA,TestTLSTransferCustomCertVerifier)469*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferCustomCertVerifier) {
470*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
471*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
472*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
473*d9f75844SAndroid Build Coastguard Worker }
474*d9f75844SAndroid Build Coastguard Worker
TEST_F(SSLAdapterTestTLS_RSA,TestTLSTransferWithBlockedSocket)475*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferWithBlockedSocket) {
476*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
477*d9f75844SAndroid Build Coastguard Worker
478*d9f75844SAndroid Build Coastguard Worker // Tell the underlying socket to simulate being blocked.
479*d9f75844SAndroid Build Coastguard Worker vss_->SetSendingBlocked(true);
480*d9f75844SAndroid Build Coastguard Worker
481*d9f75844SAndroid Build Coastguard Worker std::string expected;
482*d9f75844SAndroid Build Coastguard Worker int rv;
483*d9f75844SAndroid Build Coastguard Worker // Send messages until the SSL socket adapter starts applying backpressure.
484*d9f75844SAndroid Build Coastguard Worker // Note that this may not occur immediately since there may be some amount of
485*d9f75844SAndroid Build Coastguard Worker // intermediate buffering (either in our code or in BoringSSL).
486*d9f75844SAndroid Build Coastguard Worker for (int i = 0; i < 1024; ++i) {
487*d9f75844SAndroid Build Coastguard Worker std::string message = "Hello, world: " + rtc::ToString(i);
488*d9f75844SAndroid Build Coastguard Worker rv = client_->Send(message);
489*d9f75844SAndroid Build Coastguard Worker if (rv != static_cast<int>(message.size())) {
490*d9f75844SAndroid Build Coastguard Worker // This test assumes either the whole message or none of it is sent.
491*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(-1, rv);
492*d9f75844SAndroid Build Coastguard Worker break;
493*d9f75844SAndroid Build Coastguard Worker }
494*d9f75844SAndroid Build Coastguard Worker expected += message;
495*d9f75844SAndroid Build Coastguard Worker }
496*d9f75844SAndroid Build Coastguard Worker // Assert that the loop above exited due to Send returning -1.
497*d9f75844SAndroid Build Coastguard Worker ASSERT_EQ(-1, rv);
498*d9f75844SAndroid Build Coastguard Worker
499*d9f75844SAndroid Build Coastguard Worker // Try sending another message while blocked. -1 should be returned again and
500*d9f75844SAndroid Build Coastguard Worker // it shouldn't end up received by the server later.
501*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ(-1, client_->Send("Never sent"));
502*d9f75844SAndroid Build Coastguard Worker
503*d9f75844SAndroid Build Coastguard Worker // Unblock the underlying socket. All of the buffered messages should be sent
504*d9f75844SAndroid Build Coastguard Worker // without any further action.
505*d9f75844SAndroid Build Coastguard Worker vss_->SetSendingBlocked(false);
506*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
507*d9f75844SAndroid Build Coastguard Worker
508*d9f75844SAndroid Build Coastguard Worker // Send another message. This previously wasn't working
509*d9f75844SAndroid Build Coastguard Worker std::string final_message = "Fin.";
510*d9f75844SAndroid Build Coastguard Worker expected += final_message;
511*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ(static_cast<int>(final_message.size()),
512*d9f75844SAndroid Build Coastguard Worker client_->Send(final_message));
513*d9f75844SAndroid Build Coastguard Worker EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
514*d9f75844SAndroid Build Coastguard Worker }
515*d9f75844SAndroid Build Coastguard Worker
516*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using ECDSA
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSTransfer)517*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransfer) {
518*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
519*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
520*d9f75844SAndroid Build Coastguard Worker }
521*d9f75844SAndroid Build Coastguard Worker
522*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using ECDSA with custom cert
523*d9f75844SAndroid Build Coastguard Worker // verifier.
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSTransferCustomCertVerifier)524*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransferCustomCertVerifier) {
525*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
526*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
527*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
528*d9f75844SAndroid Build Coastguard Worker }
529*d9f75844SAndroid Build Coastguard Worker
530*d9f75844SAndroid Build Coastguard Worker // Test transfer using ALPN with protos as h2 and http/1.1
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSALPN)531*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSALPN) {
532*d9f75844SAndroid Build Coastguard Worker std::vector<std::string> alpn_protos{"h2", "http/1.1"};
533*d9f75844SAndroid Build Coastguard Worker SetAlpnProtocols(alpn_protos);
534*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
535*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
536*d9f75844SAndroid Build Coastguard Worker }
537*d9f75844SAndroid Build Coastguard Worker
538*d9f75844SAndroid Build Coastguard Worker // Test transfer with TLS Elliptic curves set to "X25519:P-256:P-384:P-521"
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSEllipticCurves)539*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSEllipticCurves) {
540*d9f75844SAndroid Build Coastguard Worker std::vector<std::string> elliptic_curves{"X25519", "P-256", "P-384", "P-521"};
541*d9f75844SAndroid Build Coastguard Worker SetEllipticCurves(elliptic_curves);
542*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
543*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
544*d9f75844SAndroid Build Coastguard Worker }
545*d9f75844SAndroid Build Coastguard Worker
546*d9f75844SAndroid Build Coastguard Worker // Basic tests: DTLS
547*d9f75844SAndroid Build Coastguard Worker
548*d9f75844SAndroid Build Coastguard Worker // Test that handshake works, using RSA
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSConnect)549*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) {
550*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
551*d9f75844SAndroid Build Coastguard Worker }
552*d9f75844SAndroid Build Coastguard Worker
553*d9f75844SAndroid Build Coastguard Worker // Test that handshake works with a custom verifier that returns true. DTLS_RSA.
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSConnectCustomCertVerifierSucceeds)554*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnectCustomCertVerifierSucceeds) {
555*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
556*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
557*d9f75844SAndroid Build Coastguard Worker }
558*d9f75844SAndroid Build Coastguard Worker
559*d9f75844SAndroid Build Coastguard Worker // Test that handshake fails with a custom verifier that returns false.
560*d9f75844SAndroid Build Coastguard Worker // DTLS_RSA.
TEST_F(SSLAdapterTestDTLS_RSA,TestTLSConnectCustomCertVerifierFails)561*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
562*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/false);
563*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/false);
564*d9f75844SAndroid Build Coastguard Worker }
565*d9f75844SAndroid Build Coastguard Worker
566*d9f75844SAndroid Build Coastguard Worker // Test that handshake works, using ECDSA
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSConnect)567*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnect) {
568*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
569*d9f75844SAndroid Build Coastguard Worker }
570*d9f75844SAndroid Build Coastguard Worker
571*d9f75844SAndroid Build Coastguard Worker // Test that handshake works with a custom verifier that returns true.
572*d9f75844SAndroid Build Coastguard Worker // DTLS_ECDSA.
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSConnectCustomCertVerifierSucceeds)573*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnectCustomCertVerifierSucceeds) {
574*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
575*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
576*d9f75844SAndroid Build Coastguard Worker }
577*d9f75844SAndroid Build Coastguard Worker
578*d9f75844SAndroid Build Coastguard Worker // Test that handshake fails with a custom verifier that returns false.
579*d9f75844SAndroid Build Coastguard Worker // DTLS_ECDSA.
TEST_F(SSLAdapterTestDTLS_ECDSA,TestTLSConnectCustomCertVerifierFails)580*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
581*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/false);
582*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/false);
583*d9f75844SAndroid Build Coastguard Worker }
584*d9f75844SAndroid Build Coastguard Worker
585*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using RSA
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSTransfer)586*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) {
587*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
588*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
589*d9f75844SAndroid Build Coastguard Worker }
590*d9f75844SAndroid Build Coastguard Worker
591*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using RSA with custom cert verifier.
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSTransferCustomCertVerifier)592*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransferCustomCertVerifier) {
593*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
594*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
595*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
596*d9f75844SAndroid Build Coastguard Worker }
597*d9f75844SAndroid Build Coastguard Worker
598*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using ECDSA
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSTransfer)599*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
600*d9f75844SAndroid Build Coastguard Worker TestHandshake(true);
601*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
602*d9f75844SAndroid Build Coastguard Worker }
603*d9f75844SAndroid Build Coastguard Worker
604*d9f75844SAndroid Build Coastguard Worker // Test transfer between client and server, using ECDSA with custom cert
605*d9f75844SAndroid Build Coastguard Worker // verifier.
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSTransferCustomCertVerifier)606*d9f75844SAndroid Build Coastguard Worker TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransferCustomCertVerifier) {
607*d9f75844SAndroid Build Coastguard Worker SetMockCertVerifier(/*return_value=*/true);
608*d9f75844SAndroid Build Coastguard Worker TestHandshake(/*expect_success=*/true);
609*d9f75844SAndroid Build Coastguard Worker TestTransfer("Hello, world!");
610*d9f75844SAndroid Build Coastguard Worker }
611