2 * Copyright 2014 The WebRTC Project Authors. All rights reserved.
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
13 #include "webrtc/base/gunit.h"
14 #include "webrtc/base/ipaddress.h"
15 #include "webrtc/base/socketstream.h"
16 #include "webrtc/base/ssladapter.h"
17 #include "webrtc/base/sslstreamadapter.h"
18 #include "webrtc/base/stream.h"
19 #include "webrtc/base/virtualsocketserver.h"
21 static const int kTimeout = 5000;
23 static rtc::AsyncSocket* CreateSocket(const rtc::SSLMode& ssl_mode) {
24 rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0);
26 rtc::AsyncSocket* socket = rtc::Thread::Current()->
27 socketserver()->CreateAsyncSocket(
28 address.family(), (ssl_mode == rtc::SSL_MODE_DTLS) ?
29 SOCK_DGRAM : SOCK_STREAM);
30 socket->Bind(address);
35 static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) {
36 return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS";
39 class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
41 explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode)
42 : ssl_mode_(ssl_mode) {
43 rtc::AsyncSocket* socket = CreateSocket(ssl_mode_);
45 ssl_adapter_.reset(rtc::SSLAdapter::Create(socket));
47 // Ignore any certificate errors for the purpose of testing.
48 // Note: We do this only because we don't have a real certificate.
49 // NEVER USE THIS IN PRODUCTION CODE!
50 ssl_adapter_->set_ignore_bad_cert(true);
52 ssl_adapter_->SignalReadEvent.connect(this,
53 &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent);
54 ssl_adapter_->SignalCloseEvent.connect(this,
55 &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent);
58 rtc::AsyncSocket::ConnState GetState() const {
59 return ssl_adapter_->GetState();
62 const std::string& GetReceivedData() const {
66 int Connect(const std::string& hostname, const rtc::SocketAddress& address) {
67 LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_)
68 << " handshake with " << hostname;
70 if (ssl_adapter_->StartSSL(hostname.c_str(), false) != 0) {
74 LOG(LS_INFO) << "Initiating connection with " << address;
76 return ssl_adapter_->Connect(address);
80 return ssl_adapter_->Close();
83 int Send(const std::string& message) {
84 LOG(LS_INFO) << "Client sending '" << message << "'";
86 return ssl_adapter_->Send(message.data(), message.length());
89 void OnSSLAdapterReadEvent(rtc::AsyncSocket* socket) {
90 char buffer[4096] = "";
92 // Read data received from the server and store it in our internal buffer.
93 int read = socket->Recv(buffer, sizeof(buffer) - 1);
97 LOG(LS_INFO) << "Client received '" << buffer << "'";
103 void OnSSLAdapterCloseEvent(rtc::AsyncSocket* socket, int error) {
104 // OpenSSLAdapter signals handshake failure with a close event, but without
105 // closing the socket! Let's close the socket here. This way GetState() can
106 // return CS_CLOSED after failure.
107 if (socket->GetState() != rtc::AsyncSocket::CS_CLOSED) {
113 const rtc::SSLMode ssl_mode_;
115 rtc::scoped_ptr<rtc::SSLAdapter> ssl_adapter_;
120 class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
122 explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode)
123 : ssl_mode_(ssl_mode) {
124 // Generate a key pair and a certificate for this host.
125 ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname()));
127 server_socket_.reset(CreateSocket(ssl_mode_));
129 server_socket_->SignalReadEvent.connect(this,
130 &SSLAdapterTestDummyServer::OnServerSocketReadEvent);
132 server_socket_->Listen(1);
134 LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP")
135 << " server listening on " << server_socket_->GetLocalAddress();
138 rtc::SocketAddress GetAddress() const {
139 return server_socket_->GetLocalAddress();
142 std::string GetHostname() const {
143 // Since we don't have a real certificate anyway, the value here doesn't
145 return "example.com";
148 const std::string& GetReceivedData() const {
152 int Send(const std::string& message) {
153 if (ssl_stream_adapter_ == NULL
154 || ssl_stream_adapter_->GetState() != rtc::SS_OPEN) {
155 // No connection yet.
159 LOG(LS_INFO) << "Server sending '" << message << "'";
164 rtc::StreamResult r = ssl_stream_adapter_->Write(message.data(),
165 message.length(), &written, &error);
166 if (r == rtc::SR_SUCCESS) {
173 void OnServerSocketReadEvent(rtc::AsyncSocket* socket) {
174 if (ssl_stream_adapter_ != NULL) {
175 // Only a single connection is supported.
179 rtc::SocketAddress address;
180 rtc::AsyncSocket* new_socket = socket->Accept(&address);
181 rtc::SocketStream* stream = new rtc::SocketStream(new_socket);
183 ssl_stream_adapter_.reset(rtc::SSLStreamAdapter::Create(stream));
184 ssl_stream_adapter_->SetServerRole();
186 // SSLStreamAdapter is normally used for peer-to-peer communication, but
187 // here we're testing communication between a client and a server
188 // (e.g. a WebRTC-based application and an RFC 5766 TURN server), where
189 // clients are not required to provide a certificate during handshake.
190 // Accordingly, we must disable client authentication here.
191 ssl_stream_adapter_->set_client_auth_enabled(false);
193 ssl_stream_adapter_->SetIdentity(ssl_identity_->GetReference());
195 // Set a bogus peer certificate digest.
196 unsigned char digest[20];
197 size_t digest_len = sizeof(digest);
198 ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
201 ssl_stream_adapter_->StartSSLWithPeer();
203 ssl_stream_adapter_->SignalEvent.connect(this,
204 &SSLAdapterTestDummyServer::OnSSLStreamAdapterEvent);
207 void OnSSLStreamAdapterEvent(rtc::StreamInterface* stream, int sig, int err) {
208 if (sig & rtc::SE_READ) {
209 char buffer[4096] = "";
214 // Read data received from the client and store it in our internal
216 rtc::StreamResult r = stream->Read(buffer,
217 sizeof(buffer) - 1, &read, &error);
218 if (r == rtc::SR_SUCCESS) {
221 LOG(LS_INFO) << "Server received '" << buffer << "'";
229 const rtc::SSLMode ssl_mode_;
231 rtc::scoped_ptr<rtc::AsyncSocket> server_socket_;
232 rtc::scoped_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_;
234 rtc::scoped_ptr<rtc::SSLIdentity> ssl_identity_;
239 class SSLAdapterTestBase : public testing::Test,
240 public sigslot::has_slots<> {
242 explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode)
243 : ssl_mode_(ssl_mode),
244 ss_scope_(new rtc::VirtualSocketServer(NULL)),
245 server_(new SSLAdapterTestDummyServer(ssl_mode_)),
246 client_(new SSLAdapterTestDummyClient(ssl_mode_)),
247 handshake_wait_(kTimeout) {
250 void SetHandshakeWait(int wait) {
251 handshake_wait_ = wait;
254 void TestHandshake(bool expect_success) {
257 // The initial state is CS_CLOSED
258 ASSERT_EQ(rtc::AsyncSocket::CS_CLOSED, client_->GetState());
260 rv = client_->Connect(server_->GetHostname(), server_->GetAddress());
263 // Now the state should be CS_CONNECTING
264 ASSERT_EQ(rtc::AsyncSocket::CS_CONNECTING, client_->GetState());
266 if (expect_success) {
267 // If expecting success, the client should end up in the CS_CONNECTED
268 // state after handshake.
269 EXPECT_EQ_WAIT(rtc::AsyncSocket::CS_CONNECTED, client_->GetState(),
272 LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake complete.";
275 // On handshake failure the client should end up in the CS_CLOSED state.
276 EXPECT_EQ_WAIT(rtc::AsyncSocket::CS_CLOSED, client_->GetState(),
279 LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed.";
283 void TestTransfer(const std::string& message) {
286 rv = client_->Send(message);
287 ASSERT_EQ(static_cast<int>(message.length()), rv);
289 // The server should have received the client's message.
290 EXPECT_EQ_WAIT(message, server_->GetReceivedData(), kTimeout);
292 rv = server_->Send(message);
293 ASSERT_EQ(static_cast<int>(message.length()), rv);
295 // The client should have received the server's message.
296 EXPECT_EQ_WAIT(message, client_->GetReceivedData(), kTimeout);
298 LOG(LS_INFO) << "Transfer complete.";
302 const rtc::SSLMode ssl_mode_;
304 const rtc::SocketServerScope ss_scope_;
306 rtc::scoped_ptr<SSLAdapterTestDummyServer> server_;
307 rtc::scoped_ptr<SSLAdapterTestDummyClient> client_;
312 class SSLAdapterTestTLS : public SSLAdapterTestBase {
314 SSLAdapterTestTLS() : SSLAdapterTestBase(rtc::SSL_MODE_TLS) {}
322 // Test that handshake works
323 TEST_F(SSLAdapterTestTLS, TestTLSConnect) {
327 // Test transfer between client and server
328 TEST_F(SSLAdapterTestTLS, TestTLSTransfer) {
330 TestTransfer("Hello, world!");
333 #endif // SSL_USE_OPENSSL