Add more checks to investigate SupervisedUserPrefStore crash at startup.
[chromium-blink-merge.git] / net / test / spawned_test_server / base_test_server.h
bloba43df110a7c55bf275829f15b22b468ff3a441fc
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
6 #define NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_
8 #include <string>
9 #include <utility>
10 #include <vector>
12 #include "base/compiler_specific.h"
13 #include "base/files/file_path.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "net/base/host_port_pair.h"
16 #include "net/ssl/ssl_client_cert_type.h"
18 class GURL;
20 namespace base {
21 class DictionaryValue;
24 namespace net {
26 class AddressList;
27 class ScopedPortException;
29 // The base class of Test server implementation.
30 class BaseTestServer {
31 public:
32 typedef std::pair<std::string, std::string> StringPair;
34 // Following types represent protocol schemes. See also
35 // http://www.iana.org/assignments/uri-schemes.html
36 enum Type {
37 TYPE_BASIC_AUTH_PROXY,
38 TYPE_FTP,
39 TYPE_HTTP,
40 TYPE_HTTPS,
41 TYPE_WS,
42 TYPE_WSS,
43 TYPE_TCP_ECHO,
44 TYPE_UDP_ECHO,
47 // Container for various options to control how the HTTPS or WSS server is
48 // initialized.
49 struct SSLOptions {
50 enum ServerCertificate {
51 CERT_OK,
53 // CERT_AUTO causes the testserver to generate a test certificate issued
54 // by "Testing CA" (see net/data/ssl/certificates/ocsp-test-root.pem).
55 CERT_AUTO,
57 CERT_MISMATCHED_NAME,
58 CERT_EXPIRED,
59 // Cross-signed certificate to test PKIX path building. Contains an
60 // intermediate cross-signed by an unknown root, while the client (via
61 // TestRootStore) is expected to have a self-signed version of the
62 // intermediate.
63 CERT_CHAIN_WRONG_ROOT,
66 // OCSPStatus enumerates the types of OCSP response that the testserver
67 // can produce.
68 enum OCSPStatus {
69 OCSP_OK,
70 OCSP_REVOKED,
71 OCSP_INVALID,
72 OCSP_UNAUTHORIZED,
73 OCSP_UNKNOWN,
76 // Bitmask of key exchange algorithms that the test server supports and that
77 // can be selectively enabled or disabled.
78 enum KeyExchange {
79 // Special value used to indicate that any algorithm the server supports
80 // is acceptable. Preferred over explicitly OR-ing all key exchange
81 // algorithms.
82 KEY_EXCHANGE_ANY = 0,
84 KEY_EXCHANGE_RSA = (1 << 0),
85 KEY_EXCHANGE_DHE_RSA = (1 << 1),
88 // Bitmask of bulk encryption algorithms that the test server supports
89 // and that can be selectively enabled or disabled.
90 enum BulkCipher {
91 // Special value used to indicate that any algorithm the server supports
92 // is acceptable. Preferred over explicitly OR-ing all ciphers.
93 BULK_CIPHER_ANY = 0,
95 BULK_CIPHER_RC4 = (1 << 0),
96 BULK_CIPHER_AES128 = (1 << 1),
97 BULK_CIPHER_AES256 = (1 << 2),
99 // NOTE: 3DES support in the Python test server has external
100 // dependencies and not be available on all machines. Clients may not
101 // be able to connect if only 3DES is specified.
102 BULK_CIPHER_3DES = (1 << 3),
104 BULK_CIPHER_AES128GCM = (1 << 4),
107 // NOTE: the values of these enumerators are passed to the the Python test
108 // server. Do not change them.
109 enum TLSIntolerantLevel {
110 TLS_INTOLERANT_NONE = 0,
111 TLS_INTOLERANT_ALL = 1, // Intolerant of all TLS versions.
112 TLS_INTOLERANT_TLS1_1 = 2, // Intolerant of TLS 1.1 or higher.
113 TLS_INTOLERANT_TLS1_2 = 3, // Intolerant of TLS 1.2 or higher.
116 // Values which control how the server reacts in response to a ClientHello
117 // it is intolerant of.
118 enum TLSIntoleranceType {
119 TLS_INTOLERANCE_ALERT = 0, // Send a handshake_failure alert.
120 TLS_INTOLERANCE_CLOSE = 1, // Close the connection.
121 TLS_INTOLERANCE_RESET = 2, // Send a TCP reset.
124 // Initialize a new SSLOptions using CERT_OK as the certificate.
125 SSLOptions();
127 // Initialize a new SSLOptions that will use the specified certificate.
128 explicit SSLOptions(ServerCertificate cert);
129 ~SSLOptions();
131 // Returns the relative filename of the file that contains the
132 // |server_certificate|.
133 base::FilePath GetCertificateFile() const;
135 // GetOCSPArgument returns the value of any OCSP argument to testserver or
136 // the empty string if there is none.
137 std::string GetOCSPArgument() const;
139 // The certificate to use when serving requests.
140 ServerCertificate server_certificate;
142 // If |server_certificate==CERT_AUTO| then this determines the type of OCSP
143 // response returned.
144 OCSPStatus ocsp_status;
146 // If not zero, |cert_serial| will be the serial number of the
147 // auto-generated leaf certificate when |server_certificate==CERT_AUTO|.
148 uint64 cert_serial;
150 // True if a CertificateRequest should be sent to the client during
151 // handshaking.
152 bool request_client_certificate;
154 // If |request_client_certificate| is true, an optional list of files,
155 // each containing a single, PEM-encoded X.509 certificates. The subject
156 // from each certificate will be added to the certificate_authorities
157 // field of the CertificateRequest.
158 std::vector<base::FilePath> client_authorities;
160 // If |request_client_certificate| is true, an optional list of
161 // SSLClientCertType values to populate the certificate_types field of the
162 // CertificateRequest.
163 std::vector<SSLClientCertType> client_cert_types;
165 // A bitwise-OR of KeyExchnage that should be used by the
166 // HTTPS server, or KEY_EXCHANGE_ANY to indicate that all implemented
167 // key exchange algorithms are acceptable.
168 int key_exchanges;
170 // A bitwise-OR of BulkCipher that should be used by the
171 // HTTPS server, or BULK_CIPHER_ANY to indicate that all implemented
172 // ciphers are acceptable.
173 int bulk_ciphers;
175 // If true, pass the --https-record-resume argument to testserver.py which
176 // causes it to log session cache actions and echo the log on
177 // /ssl-session-cache.
178 bool record_resume;
180 // If not TLS_INTOLERANT_NONE, the server will abort any handshake that
181 // negotiates an intolerant TLS version in order to test version fallback.
182 TLSIntolerantLevel tls_intolerant;
184 // If |tls_intolerant| is not TLS_INTOLERANT_NONE, how the server reacts to
185 // an intolerant TLS version.
186 TLSIntoleranceType tls_intolerance_type;
188 // fallback_scsv_enabled, if true, causes the server to process the
189 // TLS_FALLBACK_SCSV cipher suite. This cipher suite is sent by Chrome
190 // when performing TLS version fallback in response to an SSL handshake
191 // failure. If this option is enabled then the server will reject fallback
192 // connections.
193 bool fallback_scsv_enabled;
195 // Temporary glue for testing: validation of SCTs is application-controlled
196 // and can be appropriately mocked out, so sending fake data here does not
197 // affect handshaking behaviour.
198 // TODO(ekasper): replace with valid SCT files for test certs.
199 // (Fake) SignedCertificateTimestampList (as a raw binary string) to send in
200 // a TLS extension.
201 std::string signed_cert_timestamps_tls_ext;
203 // Whether to staple the OCSP response.
204 bool staple_ocsp_response;
206 // Whether to make the OCSP server unavailable. This does not affect the
207 // stapled OCSP response.
208 bool ocsp_server_unavailable;
210 // Whether to enable NPN support.
211 bool enable_npn;
213 // Whether to disable TLS session caching. When session caching is
214 // disabled, the server will use an empty session ID in the
215 // ServerHello.
216 bool disable_session_cache;
219 // Pass as the 'host' parameter during construction to server on 127.0.0.1
220 static const char kLocalhost[];
222 // Initialize a TestServer listening on a specific host (IP or hostname).
223 BaseTestServer(Type type, const std::string& host);
225 // Initialize a TestServer with a specific set of SSLOptions for HTTPS or WSS.
226 BaseTestServer(Type type, const SSLOptions& ssl_options);
228 // Returns the host port pair used by current Python based test server only
229 // if the server is started.
230 const HostPortPair& host_port_pair() const;
232 const base::FilePath& document_root() const { return document_root_; }
233 const base::DictionaryValue& server_data() const;
234 std::string GetScheme() const;
235 bool GetAddressList(AddressList* address_list) const WARN_UNUSED_RESULT;
237 GURL GetURL(const std::string& path) const;
239 GURL GetURLWithUser(const std::string& path,
240 const std::string& user) const;
242 GURL GetURLWithUserAndPassword(const std::string& path,
243 const std::string& user,
244 const std::string& password) const;
246 static bool GetFilePathWithReplacements(
247 const std::string& original_path,
248 const std::vector<StringPair>& text_to_replace,
249 std::string* replacement_path);
251 static bool UsingSSL(Type type) {
252 return type == BaseTestServer::TYPE_HTTPS ||
253 type == BaseTestServer::TYPE_WSS;
256 // Enable HTTP basic authentication. Currently this only works for TYPE_WS and
257 // TYPE_WSS.
258 void set_websocket_basic_auth(bool ws_basic_auth) {
259 ws_basic_auth_ = ws_basic_auth;
262 protected:
263 virtual ~BaseTestServer();
264 Type type() const { return type_; }
266 // Gets port currently assigned to host_port_pair_ without checking
267 // whether it's available (server started) or not.
268 uint16 GetPort();
270 // Sets |port| as the actual port used by Python based test server.
271 void SetPort(uint16 port);
273 // Set up internal status when the server is started.
274 bool SetupWhenServerStarted() WARN_UNUSED_RESULT;
276 // Clean up internal status when starting to stop server.
277 void CleanUpWhenStoppingServer();
279 // Set path of test resources.
280 void SetResourcePath(const base::FilePath& document_root,
281 const base::FilePath& certificates_dir);
283 // Parses the server data read from the test server. Returns true
284 // on success.
285 bool ParseServerData(const std::string& server_data) WARN_UNUSED_RESULT;
287 // Generates a DictionaryValue with the arguments for launching the external
288 // Python test server.
289 bool GenerateArguments(base::DictionaryValue* arguments) const
290 WARN_UNUSED_RESULT;
292 // Subclasses can override this to add arguments that are specific to their
293 // own test servers.
294 virtual bool GenerateAdditionalArguments(
295 base::DictionaryValue* arguments) const WARN_UNUSED_RESULT;
297 private:
298 void Init(const std::string& host);
300 // Marks the root certificate of an HTTPS test server as trusted for
301 // the duration of tests.
302 bool LoadTestRootCert() const WARN_UNUSED_RESULT;
304 // Document root of the test server.
305 base::FilePath document_root_;
307 // Directory that contains the SSL certificates.
308 base::FilePath certificates_dir_;
310 // Address the test server listens on.
311 HostPortPair host_port_pair_;
313 // Holds the data sent from the server (e.g., port number).
314 scoped_ptr<base::DictionaryValue> server_data_;
316 // If |type_| is TYPE_HTTPS or TYPE_WSS, the TLS settings to use for the test
317 // server.
318 SSLOptions ssl_options_;
320 Type type_;
322 // Has the server been started?
323 bool started_;
325 // Enables logging of the server to the console.
326 bool log_to_console_;
328 // Is WebSocket basic HTTP authentication enabled?
329 bool ws_basic_auth_;
331 scoped_ptr<ScopedPortException> allowed_port_;
333 DISALLOW_COPY_AND_ASSIGN(BaseTestServer);
336 } // namespace net
338 #endif // NET_TEST_SPAWNED_TEST_SERVER_BASE_TEST_SERVER_H_