diff options
Diffstat (limited to 'security/nss/gtests/ssl_gtest/tls_agent.h')
| -rw-r--r-- | security/nss/gtests/ssl_gtest/tls_agent.h | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h index 020221868..4b6cce8e0 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.h +++ b/security/nss/gtests/ssl_gtest/tls_agent.h @@ -76,6 +76,8 @@ class TlsAgent : public PollTarget { static const std::string kServerEcdhEcdsa; static const std::string kServerEcdhRsa; static const std::string kServerDsa; + static const std::string kDelegatorEcdsa256; // draft-ietf-tls-subcerts + static const std::string kDelegatorRsae2048; // draft-ietf-tls-subcerts TlsAgent(const std::string& name, Role role, SSLProtocolVariant variant); virtual ~TlsAgent(); @@ -108,9 +110,32 @@ class TlsAgent : public PollTarget { void PrepareForRenegotiate(); // Prepares for renegotiation, then actually triggers it. void StartRenegotiate(); + void SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx); + static bool LoadCertificate(const std::string& name, ScopedCERTCertificate* cert, ScopedSECKEYPrivateKey* priv); + static bool LoadKeyPairFromCert(const std::string& name, + ScopedSECKEYPublicKey* pub, + ScopedSECKEYPrivateKey* priv); + + // Delegated credentials. + // + // Generate a delegated credential and sign it using the certificate + // associated with |name|. + static void DelegateCredential(const std::string& name, + const ScopedSECKEYPublicKey& dcPub, + SSLSignatureScheme dcCertVerifyAlg, + PRUint32 dcValidFor, PRTime now, SECItem* dc); + // Indicate support for the delegated credentials extension. + void EnableDelegatedCredentials(); + // Generate and configure a delegated credential to use in the handshake with + // clients that support this extension.. + void AddDelegatedCredential(const std::string& dc_name, + SSLSignatureScheme dcCertVerifyAlg, + PRUint32 dcValidFor, PRTime now); + void UpdatePreliminaryChannelInfo(); + bool ConfigServerCert(const std::string& name, bool updateKeyBits = false, const SSLExtraServerCertData* serverCertData = nullptr); bool ConfigServerCertWithChain(const std::string& name); @@ -139,6 +164,7 @@ class TlsAgent : public PollTarget { const std::string& expected = "") const; void EnableSrtp(); void CheckSrtp() const; + void CheckEpochs(uint16_t expected_read, uint16_t expected_write) const; void CheckErrorCode(int32_t expected) const; void WaitForErrorCode(int32_t expected, uint32_t delay) const; // Send data on the socket, encrypting it. @@ -199,16 +225,20 @@ class TlsAgent : public PollTarget { PRFileDesc* ssl_fd() const { return ssl_fd_.get(); } std::shared_ptr<DummyPrSocket>& adapter() { return adapter_; } + const SSLChannelInfo& info() const { + EXPECT_EQ(STATE_CONNECTED, state_); + return info_; + } + + const SSLPreliminaryChannelInfo& pre_info() const { return pre_info_; } + bool is_compressed() const { - return info_.compressionMethod != ssl_compression_null; + return info().compressionMethod != ssl_compression_null; } uint16_t server_key_bits() const { return server_key_bits_; } uint16_t min_version() const { return vrange_.min; } uint16_t max_version() const { return vrange_.max; } - uint16_t version() const { - EXPECT_EQ(STATE_CONNECTED, state_); - return info_.protocolVersion; - } + uint16_t version() const { return info().protocolVersion; } bool cipher_suite(uint16_t* suite) const { if (state_ != STATE_CONNECTED) return false; @@ -399,6 +429,7 @@ class TlsAgent : public PollTarget { bool handshake_callback_called_; bool resumption_callback_called_; SSLChannelInfo info_; + SSLPreliminaryChannelInfo pre_info_; SSLCipherSuiteInfo csinfo_; SSLVersionRange vrange_; PRErrorCode error_code_; |