Remove third_party/tlslite and SpawnedTestServer::TYPE_HTTPS
SpawnedTestServer::TYPE_HTTPS is now unused and completely migrated
to EmbeddedTestServer. That, in turn, means tlslite is also unused
because SpawnedTestServer::TYPE_WSS uses the built-in Python ssl module.
(SpawnedTestServer is now just TYPE_HTTP, only used by policy_testserver,
and the WebSockets modes because we lack an embedded WebSockets test
server.)
Bug: 492672, 1250903
Change-Id: If221c09671c09495bc5d7b086d0751b639515763
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3286767
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@google.com>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#944238}
NOKEYCHECK=True
GitOrigin-RevId: 878348a2f43e41a1036dc716aacc2e73f2b34815
diff --git a/run_testserver.cc b/run_testserver.cc
index c3ea0e3..3bfabcf 100644
--- a/run_testserver.cc
+++ b/run_testserver.cc
@@ -52,14 +52,13 @@
}
// If populated, EmbeddedTestServer is used instead of the SpawnedTestServer.
- absl::optional<net::test_server::EmbeddedTestServer::Type>
- embedded_test_server_type;
+ absl::optional<net::EmbeddedTestServer::Type> embedded_test_server_type;
net::SpawnedTestServer::Type server_type;
if (command_line->HasSwitch("http")) {
- embedded_test_server_type = net::test_server::EmbeddedTestServer::TYPE_HTTP;
+ embedded_test_server_type = net::EmbeddedTestServer::TYPE_HTTP;
} else if (command_line->HasSwitch("https")) {
- server_type = net::SpawnedTestServer::TYPE_HTTPS;
+ embedded_test_server_type = net::EmbeddedTestServer::TYPE_HTTPS;
} else if (command_line->HasSwitch("ws")) {
server_type = net::SpawnedTestServer::TYPE_WS;
} else if (command_line->HasSwitch("wss")) {
@@ -68,17 +67,19 @@
// If no scheme switch is specified, select http or https scheme.
// TODO(toyoshim): Remove this estimation.
if (command_line->HasSwitch("ssl-cert")) {
- server_type = net::SpawnedTestServer::TYPE_HTTPS;
+ embedded_test_server_type = net::EmbeddedTestServer::TYPE_HTTPS;
} else {
- embedded_test_server_type =
- net::test_server::EmbeddedTestServer::TYPE_HTTP;
+ embedded_test_server_type = net::EmbeddedTestServer::TYPE_HTTP;
}
}
net::SpawnedTestServer::SSLOptions ssl_options;
+ net::EmbeddedTestServer::ServerCertificate server_certificate;
if (command_line->HasSwitch("ssl-cert")) {
- if (!net::SpawnedTestServer::UsingSSL(server_type) ||
- embedded_test_server_type.has_value()) {
+ if ((embedded_test_server_type.has_value() &&
+ *embedded_test_server_type != net::EmbeddedTestServer::TYPE_HTTPS) ||
+ (!embedded_test_server_type.has_value() &&
+ !net::SpawnedTestServer::UsingSSL(server_type))) {
printf("Error: --ssl-cert is specified on non-secure scheme\n");
PrintUsage();
return -1;
@@ -87,12 +88,15 @@
if (cert_option == "ok") {
ssl_options.server_certificate =
net::SpawnedTestServer::SSLOptions::CERT_OK;
+ server_certificate = net::EmbeddedTestServer::CERT_OK;
} else if (cert_option == "mismatched-name") {
ssl_options.server_certificate =
net::SpawnedTestServer::SSLOptions::CERT_MISMATCHED_NAME;
+ server_certificate = net::EmbeddedTestServer::CERT_MISMATCHED_NAME;
} else if (cert_option == "expired") {
ssl_options.server_certificate =
net::SpawnedTestServer::SSLOptions::CERT_EXPIRED;
+ server_certificate = net::EmbeddedTestServer::CERT_EXPIRED;
} else {
printf("Error: --ssl-cert has invalid value %s\n", cert_option.c_str());
PrintUsage();
@@ -118,8 +122,11 @@
// Use EmbeddedTestServer, if it supports the provided configuration.
if (embedded_test_server_type.has_value()) {
- net::test_server::EmbeddedTestServer embedded_test_server(
- *embedded_test_server_type);
+ net::EmbeddedTestServer embedded_test_server(*embedded_test_server_type);
+ if (*embedded_test_server_type == net::EmbeddedTestServer::TYPE_HTTPS) {
+ embedded_test_server.SetSSLConfig(server_certificate);
+ }
+
embedded_test_server.AddDefaultHandlers(doc_root);
if (!embedded_test_server.Start()) {
printf("Error: failed to start embedded test server. Exiting.\n");
diff --git a/testserver.py b/testserver.py
index 594c0f3..ef1b78c 100755
--- a/testserver.py
+++ b/testserver.py
@@ -10,8 +10,6 @@
By default, it listens on an ephemeral port and sends the port number back to
the originating process over a pipe. The originating process can specify an
explicit port if necessary.
-It can use https if you specify the flag --https=CERT where CERT is the path
-to a pem file containing the certificate and private key that should be used.
"""
from __future__ import print_function
@@ -33,16 +31,12 @@
# unconditionally (since they contain modifications from anything that might be
# obtained from e.g. PyPi).
sys.path.insert(0, os.path.join(ROOT_DIR, 'third_party', 'pywebsocket3', 'src'))
-sys.path.insert(0, os.path.join(ROOT_DIR, 'third_party', 'tlslite'))
import mod_pywebsocket.standalone
from mod_pywebsocket.standalone import WebSocketServer
# import manually
mod_pywebsocket.standalone.ssl = ssl
-import tlslite
-import tlslite.api
-
import testserver_base
SERVER_HTTP = 0
@@ -93,64 +87,6 @@
pass
-class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
- testserver_base.ClientRestrictingServerMixIn,
- testserver_base.BrokenPipeHandlerMixIn,
- testserver_base.StoppableHTTPServer):
- """This is a specialization of StoppableHTTPServer that add https support and
- client verification."""
-
- def __init__(self, server_address, request_hander_class, pem_cert_and_key,
- ssl_client_auth, ssl_client_cas):
- self.cert_chain = tlslite.api.X509CertChain()
- self.cert_chain.parsePemList(pem_cert_and_key)
- # Force using only python implementation - otherwise behavior is different
- # depending on whether m2crypto Python module is present (error is thrown
- # when it is). m2crypto uses a C (based on OpenSSL) implementation under
- # the hood.
- self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key,
- private=True,
- implementations=['python'])
- self.ssl_client_auth = ssl_client_auth
- self.ssl_client_cas = []
-
- if ssl_client_auth:
- for ca_file in ssl_client_cas:
- s = open(ca_file).read()
- x509 = tlslite.api.X509()
- x509.parse(s)
- self.ssl_client_cas.append(x509.subject)
-
- self.ssl_handshake_settings = tlslite.api.HandshakeSettings()
- # Enable SSLv3 for testing purposes.
- self.ssl_handshake_settings.minVersion = (3, 0)
-
- self.session_cache = tlslite.api.SessionCache()
- testserver_base.StoppableHTTPServer.__init__(self,
- server_address,
- request_hander_class)
-
- def handshake(self, tlsConnection):
- """Creates the SSL connection."""
-
- try:
- self.tlsConnection = tlsConnection
- tlsConnection.handshakeServer(certChain=self.cert_chain,
- privateKey=self.private_key,
- sessionCache=self.session_cache,
- reqCert=self.ssl_client_auth,
- settings=self.ssl_handshake_settings,
- reqCAs=self.ssl_client_cas)
- tlsConnection.ignoreAbruptClose = True
- return True
- except tlslite.api.TLSAbruptCloseError:
- # Ignore abrupt close.
- return True
- except tlslite.api.TLSError as error:
- print("Handshake failure:", str(error))
- return False
-
-
class TestPageHandler(testserver_base.BasePageHandler):
def __init__(self, request, client_address, socket_server):
connect_handlers = [self.DefaultConnectResponseHandler]
@@ -372,30 +308,9 @@
dns_sans = [host]
if self.options.server_type == SERVER_HTTP:
- if self.options.https:
- if not self.options.cert_and_key_file:
- raise testserver_base.OptionError('server cert file not specified')
- if not os.path.isfile(self.options.cert_and_key_file):
- raise testserver_base.OptionError(
- 'specified server cert file not found: ' +
- self.options.cert_and_key_file + ' exiting...')
- pem_cert_and_key = open(self.options.cert_and_key_file, 'r').read()
-
- for ca_cert in self.options.ssl_client_ca:
- if not os.path.isfile(ca_cert):
- raise testserver_base.OptionError(
- 'specified trusted client CA file not found: ' + ca_cert +
- ' exiting...')
-
- server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key,
- self.options.ssl_client_auth,
- self.options.ssl_client_ca)
- print('HTTPS server started on https://%s:%d...' %
- (host, server.server_port))
- else:
- server = HTTPServer((host, port), TestPageHandler)
- print('HTTP server started on http://%s:%d...' %
- (host, server.server_port))
+ server = HTTPServer((host, port), TestPageHandler)
+ print('HTTP server started on http://%s:%d...' %
+ (host, server.server_port))
server.data_dir = self.__make_data_dir()
server.file_root_url = self.options.file_root_url
@@ -468,9 +383,6 @@
const=SERVER_WEBSOCKET, default=SERVER_HTTP,
dest='server_type',
help='start up a WebSocket server.')
- self.option_parser.add_option('--https', action='store_true',
- dest='https', help='Specify that https '
- 'should be used.')
self.option_parser.add_option('--cert-and-key-file',
dest='cert_and_key_file', help='specify the '
'path to the file containing the certificate '
diff --git a/testserver.pydeps b/testserver.pydeps
index 013a778..a4deed6 100644
--- a/testserver.pydeps
+++ b/testserver.pydeps
@@ -1,5 +1,5 @@
# Generated by running:
-# build/print_python_deps.py --root net/tools/testserver --output net/tools/testserver/testserver.pydeps --allowlist third_party/tlslite/tlslite/utils net/tools/testserver/testserver.py
+# build/print_python_deps.py --root net/tools/testserver --output net/tools/testserver/testserver.pydeps net/tools/testserver/testserver.py
../../../third_party/pywebsocket3/src/mod_pywebsocket/__init__.py
../../../third_party/pywebsocket3/src/mod_pywebsocket/_stream_exceptions.py
../../../third_party/pywebsocket3/src/mod_pywebsocket/common.py
@@ -17,62 +17,5 @@
../../../third_party/pywebsocket3/src/mod_pywebsocket/stream.py
../../../third_party/pywebsocket3/src/mod_pywebsocket/util.py
../../../third_party/pywebsocket3/src/mod_pywebsocket/websocket_server.py
-../../../third_party/tlslite/tlslite/__init__.py
-../../../third_party/tlslite/tlslite/api.py
-../../../third_party/tlslite/tlslite/basedb.py
-../../../third_party/tlslite/tlslite/checker.py
-../../../third_party/tlslite/tlslite/constants.py
-../../../third_party/tlslite/tlslite/errors.py
-../../../third_party/tlslite/tlslite/handshakesettings.py
-../../../third_party/tlslite/tlslite/integration/__init__.py
-../../../third_party/tlslite/tlslite/integration/asyncstatemachine.py
-../../../third_party/tlslite/tlslite/integration/clienthelper.py
-../../../third_party/tlslite/tlslite/integration/httptlsconnection.py
-../../../third_party/tlslite/tlslite/integration/imap4_tls.py
-../../../third_party/tlslite/tlslite/integration/pop3_tls.py
-../../../third_party/tlslite/tlslite/integration/smtp_tls.py
-../../../third_party/tlslite/tlslite/integration/tlsasyncdispatchermixin.py
-../../../third_party/tlslite/tlslite/integration/tlssocketservermixin.py
-../../../third_party/tlslite/tlslite/integration/xmlrpcserver.py
-../../../third_party/tlslite/tlslite/integration/xmlrpctransport.py
-../../../third_party/tlslite/tlslite/mathtls.py
-../../../third_party/tlslite/tlslite/messages.py
-../../../third_party/tlslite/tlslite/session.py
-../../../third_party/tlslite/tlslite/sessioncache.py
-../../../third_party/tlslite/tlslite/tlsconnection.py
-../../../third_party/tlslite/tlslite/tlsrecordlayer.py
-../../../third_party/tlslite/tlslite/utils/__init__.py
-../../../third_party/tlslite/tlslite/utils/aes.py
-../../../third_party/tlslite/tlslite/utils/aesgcm.py
-../../../third_party/tlslite/tlslite/utils/asn1parser.py
-../../../third_party/tlslite/tlslite/utils/cipherfactory.py
-../../../third_party/tlslite/tlslite/utils/codec.py
-../../../third_party/tlslite/tlslite/utils/compat.py
-../../../third_party/tlslite/tlslite/utils/cryptomath.py
-../../../third_party/tlslite/tlslite/utils/datefuncs.py
-../../../third_party/tlslite/tlslite/utils/keyfactory.py
-../../../third_party/tlslite/tlslite/utils/openssl_aes.py
-../../../third_party/tlslite/tlslite/utils/openssl_rc4.py
-../../../third_party/tlslite/tlslite/utils/openssl_rsakey.py
-../../../third_party/tlslite/tlslite/utils/openssl_tripledes.py
-../../../third_party/tlslite/tlslite/utils/p256.py
-../../../third_party/tlslite/tlslite/utils/pem.py
-../../../third_party/tlslite/tlslite/utils/pycrypto_aes.py
-../../../third_party/tlslite/tlslite/utils/pycrypto_aesgcm.py
-../../../third_party/tlslite/tlslite/utils/pycrypto_rc4.py
-../../../third_party/tlslite/tlslite/utils/pycrypto_rsakey.py
-../../../third_party/tlslite/tlslite/utils/pycrypto_tripledes.py
-../../../third_party/tlslite/tlslite/utils/python_aes.py
-../../../third_party/tlslite/tlslite/utils/python_aesgcm.py
-../../../third_party/tlslite/tlslite/utils/python_rc4.py
-../../../third_party/tlslite/tlslite/utils/python_rsakey.py
-../../../third_party/tlslite/tlslite/utils/rc4.py
-../../../third_party/tlslite/tlslite/utils/rijndael.py
-../../../third_party/tlslite/tlslite/utils/rsakey.py
-../../../third_party/tlslite/tlslite/utils/tackwrapper.py
-../../../third_party/tlslite/tlslite/utils/tripledes.py
-../../../third_party/tlslite/tlslite/verifierdb.py
-../../../third_party/tlslite/tlslite/x509.py
-../../../third_party/tlslite/tlslite/x509certchain.py
testserver.py
testserver_base.py
diff --git a/testserver_base.py b/testserver_base.py
index 25cb7af..319afd4 100644
--- a/testserver_base.py
+++ b/testserver_base.py
@@ -14,8 +14,6 @@
import sys
import warnings
-import tlslite.errors
-
# Ignore deprecation warnings, they make our output more cluttered.
warnings.filterwarnings("ignore", category=DeprecationWarning)
@@ -73,9 +71,6 @@
def handle_error(self, request, client_address):
value = sys.exc_info()[1]
- if isinstance(value, tlslite.errors.TLSClosedConnectionError):
- print("testserver.py: Closed connection")
- return
if isinstance(value, socket.error):
err = value.args[0]
if sys.platform in ('win32', 'cygwin'):