Support configuration of the CefTestServer certificate type (see issue #3348)

2025-06-05 21:39:12 +02:00 · 2022-08-04 12:37:12 -04:00
parent dcd4a0077c
commit 18dac30874
13 changed files with 86 additions and 28 deletions
--- a/cef_paths2.gypi
+++ b/cef_paths2.gypi
@ -457,7 +457,9 @@
      'tests/cefsimple/simple_handler_linux.cc',
    ],
    'ceftests_data_resources': [
      'tests/ceftests/resources/net/data/ssl/certificates/expired_cert.pem',
      'tests/ceftests/resources/net/data/ssl/certificates/localhost_cert.pem',
      'tests/ceftests/resources/net/data/ssl/certificates/ok_cert.pem',
      'tests/ceftests/resources/net/data/ssl/certificates/root_ca_cert.pem',
    ],
    'ceftests_sources_common': [
--- a/include/capi/test/cef_test_server_capi.h
+++ b/include/capi/test/cef_test_server_capi.h
@ -33,7 +33,7 @@
 // by hand. See the translator.README.txt file in the tools directory for
 // more information.
 //
-// $hash=e95435aed845767b3c7253547d253cabe44f88cb$
+// $hash=25eed585e3c8deea88f194fbfb8aca923c778892$
 //
 #ifndef CEF_INCLUDE_CAPI_TEST_CEF_TEST_SERVER_CAPI_H_
@ -90,8 +90,10 @@ typedef struct _cef_test_server_t {
 ///
 // Create and start a new test server that binds to |port|. If |port| is 0 an
 // available port number will be selected. If |https_server| is true (1) the
-// server will be HTTPS, otherwise it will be HTTP. Returns the newly created
+// server will be HTTPS, otherwise it will be HTTP. When |https_server| is true
-// server object on success, or nullptr if the server cannot be started.
+// (1) the |https_cert_type| value is used to configure the certificate type.
 // Returns the newly created server object on success, or nullptr if the server
 // cannot be started.
 //
 // A new thread will be created for each CreateAndStart call (the "dedicated
 // server thread"). It is therefore recommended to use a different
@ -104,6 +106,7 @@ typedef struct _cef_test_server_t {
 CEF_EXPORT cef_test_server_t* cef_test_server_create_and_start(
    uint16 port,
    int https_server,
    cef_test_cert_type_t https_cert_type,
    struct _cef_test_server_handler_t* handler);
 ///
--- a/include/cef_api_hash.h
+++ b/include/cef_api_hash.h
@ -42,13 +42,13 @@
 // way that may cause binary incompatibility with other builds. The universal
 // hash value will change if any platform is affected whereas the platform hash
 // values will change only if that particular platform is affected.
-#define CEF_API_HASH_UNIVERSAL "44bd5636f7e831a459d22b9b28ed8bfe233e88b2"
+#define CEF_API_HASH_UNIVERSAL "44197292401010f8fce5b053733edd8642d01095"
 #if defined(OS_WIN)
-#define CEF_API_HASH_PLATFORM "31c7becd3dfaad2dd49331127ae3b15cf20677d8"
+#define CEF_API_HASH_PLATFORM "95bf7fa1356070be95b7a6fee958355c6619fb63"
 #elif defined(OS_MAC)
-#define CEF_API_HASH_PLATFORM "33a65ab4d7adf95184cfc6216d9101360ec55d07"
+#define CEF_API_HASH_PLATFORM "8ec5426d7aa0418fca147380e97623a49cd8eaf4"
 #elif defined(OS_LINUX)
-#define CEF_API_HASH_PLATFORM "1bae56c928de4d52851dc312cde21d31b776dcfb"
+#define CEF_API_HASH_PLATFORM "b2cbc2e6a3048d2415566d35ba434967fd796491"
 #endif
 #ifdef __cplusplus
--- a/include/internal/cef_types.h
+++ b/include/internal/cef_types.h
@ -3371,6 +3371,23 @@ typedef enum {
  CEF_PERMISSION_RESULT_IGNORE,
 } cef_permission_request_result_t;
 ///
 // Certificate types supported by CefTestServer::CreateAndStart. The matching
 // certificate file must exist in the "net/data/ssl/certificates" directory.
 // See CefSetDataDirectoryForTests() for related configuration.
 ///
 typedef enum {
  // Valid certificate using the IP (127.0.0.1). Loads the "ok_cert.pem" file.
  CEF_TEST_CERT_OK_IP,
  // Valid certificate using the domain ("localhost"). Loads the
  // "localhost_cert.pem" file.
  CEF_TEST_CERT_OK_DOMAIN,
  // Expired certificate. Loads the "expired_cert.pem" file.
  CEF_TEST_CERT_EXPIRED,
 } cef_test_cert_type_t;
 #ifdef __cplusplus
 }
 #endif
--- a/include/test/cef_test_server.h
+++ b/include/test/cef_test_server.h
@ -71,8 +71,10 @@ class CefTestServer : public CefBaseRefCounted {
  ///
  // Create and start a new test server that binds to |port|. If |port| is 0 an
  // available port number will be selected. If |https_server| is true the
-  // server will be HTTPS, otherwise it will be HTTP. Returns the newly created
+  // server will be HTTPS, otherwise it will be HTTP. When |https_server| is
-  // server object on success, or nullptr if the server cannot be started.
+  // true the |https_cert_type| value is used to configure the certificate type.
  // Returns the newly created server object on success, or nullptr if the
  // server cannot be started.
  //
  // A new thread will be created for each CreateAndStart call (the "dedicated
  // server thread"). It is therefore recommended to use a different
@ -86,6 +88,7 @@ class CefTestServer : public CefBaseRefCounted {
  static CefRefPtr<CefTestServer> CreateAndStart(
      uint16 port,
      bool https_server,
      cef_test_cert_type_t https_cert_type,
      CefRefPtr<CefTestServerHandler> handler);
  ///
--- a/libcef/browser/test/test_server_impl.cc
+++ b/libcef/browser/test/test_server_impl.cc
@ -172,7 +172,9 @@ class CefTestServerImpl::Context {
    DCHECK(!test_server_);
  }
-  bool Start(uint16 port, bool https_server) {
+  bool Start(uint16 port,
             bool https_server,
             cef_test_cert_type_t https_cert_type) {
    DCHECK(thread_checker_.CalledOnValidThread());
    DCHECK(!test_server_);
@ -185,10 +187,18 @@ class CefTestServerImpl::Context {
        base::BindRepeating(&Context::HandleRequest, base::Unretained(this)));
    if (https_server) {
-      // Use a "localhost" domain certificate instead of IP address. This is
+      switch (https_cert_type) {
-      // required for HSTS tests (see https://crbug.com/456712).
+        case CEF_TEST_CERT_OK_IP:
          // Default value.
          break;
        case CEF_TEST_CERT_OK_DOMAIN:
          test_server_->SetSSLConfig(
              EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
          break;
        case CEF_TEST_CERT_EXPIRED:
          test_server_->SetSSLConfig(EmbeddedTestServer::CERT_EXPIRED);
          break;
      }
    }
    test_server_handle_ =
@ -241,10 +251,11 @@ class CefTestServerImpl::Context {
 bool CefTestServerImpl::Start(uint16 port,
                              bool https_server,
                              cef_test_cert_type_t https_cert_type,
                              CefRefPtr<CefTestServerHandler> handler) {
  DCHECK(!context_);
  context_ = std::make_unique<CefTestServerImpl::Context>(this, handler);
-  if (context_->Start(port, https_server)) {
+  if (context_->Start(port, https_server, https_cert_type)) {
    const auto& origin = context_->origin().spec();
    // Remove the trailing '/'
    origin_ = origin.substr(0, origin.length() - 1);
@ -269,9 +280,11 @@ CefString CefTestServerImpl::GetOrigin() {
 CefRefPtr<CefTestServer> CefTestServer::CreateAndStart(
    uint16 port,
    bool https_server,
    cef_test_cert_type_t https_cert_type,
    CefRefPtr<CefTestServerHandler> handler) {
  CefRefPtr<CefTestServerImpl> server(new CefTestServerImpl());
-  if (server->Start(port, https_server, handler))
+  if (server->Start(port, https_server, https_cert_type, handler)) {
    return server;
  }
  return nullptr;
 }
--- a/libcef/browser/test/test_server_impl.h
+++ b/libcef/browser/test/test_server_impl.h
@ -19,6 +19,7 @@ class CefTestServerImpl : public CefTestServer {
  bool Start(uint16 port,
             bool https_server,
             cef_test_cert_type_t https_cert_type,
             CefRefPtr<CefTestServerHandler> handler);
  // CefTestServer methods:
--- a/libcef_dll/cpptoc/test/test_server_cpptoc.cc
+++ b/libcef_dll/cpptoc/test/test_server_cpptoc.cc
@ -9,7 +9,7 @@
 // implementations. See the translator.README.txt file in the tools directory
 // for more information.
 //
-// $hash=ff1da376e035d2eda9050f4d68b39b9e7e7d368e$
+// $hash=77804eaa33c7102c39f0748006ecc52d97b7265b$
 //
 #include "libcef_dll/cpptoc/test/test_server_cpptoc.h"
@ -21,6 +21,7 @@
 CEF_EXPORT cef_test_server_t* cef_test_server_create_and_start(
    uint16 port,
    int https_server,
    cef_test_cert_type_t https_cert_type,
    struct _cef_test_server_handler_t* handler) {
  shutdown_checker::AssertNotShutdown();
@ -32,8 +33,8 @@ CEF_EXPORT cef_test_server_t* cef_test_server_create_and_start(
    return NULL;
  // Execute
-  CefRefPtr<CefTestServer> _retval =
+  CefRefPtr<CefTestServer> _retval = CefTestServer::CreateAndStart(
-      CefTestServer::CreateAndStart(port, https_server ? true : false,
+      port, https_server ? true : false, https_cert_type,
      CefTestServerHandlerCToCpp::Wrap(handler));
  // Return type: refptr_same
--- a/libcef_dll/ctocpp/test/test_server_ctocpp.cc
+++ b/libcef_dll/ctocpp/test/test_server_ctocpp.cc
@ -9,7 +9,7 @@
 // implementations. See the translator.README.txt file in the tools directory
 // for more information.
 //
-// $hash=3cb71639ce1fb2986ca0d8ff437b0264d550d784$
+// $hash=b1e385f731e29be4d248472e9d3b86e84ef29136$
 //
 #include "libcef_dll/ctocpp/test/test_server_ctocpp.h"
@ -22,6 +22,7 @@ NO_SANITIZE("cfi-icall")
 CefRefPtr<CefTestServer> CefTestServer::CreateAndStart(
    uint16 port,
    bool https_server,
    cef_test_cert_type_t https_cert_type,
    CefRefPtr<CefTestServerHandler> handler) {
  shutdown_checker::AssertNotShutdown();
@ -34,7 +35,8 @@ CefRefPtr<CefTestServer> CefTestServer::CreateAndStart(
  // Execute
  cef_test_server_t* _retval = cef_test_server_create_and_start(
-      port, https_server, CefTestServerHandlerCppToC::Wrap(handler));
+      port, https_server, https_cert_type,
      CefTestServerHandlerCppToC::Wrap(handler));
  // Return type: refptr_same
  return CefTestServerCToCpp::Wrap(_retval);
--- a/libcef_dll/wrapper/libcef_dll_dylib.cc
+++ b/libcef_dll/wrapper/libcef_dll_dylib.cc
@ -9,7 +9,7 @@
 // implementations. See the translator.README.txt file in the tools directory
 // for more information.
 //
-// $hash=b0d09c42b0c401cc3e9a8f0cfe93e464c6b7b34c$
+// $hash=93d56886080f7dc864034a17ce1f794198b14259$
 //
 #include <dlfcn.h>
@ -1154,9 +1154,10 @@ NO_SANITIZE("cfi-icall")
 struct _cef_test_server_t* cef_test_server_create_and_start(
    uint16 port,
    int https_server,
    cef_test_cert_type_t https_cert_type,
    struct _cef_test_server_handler_t* handler) {
-  return g_libcef_pointers.cef_test_server_create_and_start(port, https_server,
+  return g_libcef_pointers.cef_test_server_create_and_start(
-                                                            handler);
+      port, https_server, https_cert_type, handler);
 }
 NO_SANITIZE("cfi-icall")
--- a/tests/ceftests/test_server_runner_test.cc
+++ b/tests/ceftests/test_server_runner_test.cc
@ -31,8 +31,14 @@ class ServerHandler : public CefTestServerHandler {
    // Use any available port number for HTTPS and the legacy port number for
    // HTTP.
-    server_ = CefTestServer::CreateAndStart(https_server_ ? 0 : kHttpServerPort,
+    const uint16 port = https_server_ ? 0 : kHttpServerPort;
-                                            https_server_, this);
+
    // Use a "localhost" domain certificate instead of IP address. This is
    // required for HSTS tests (see https://crbug.com/456712).
    const auto cert_type = CEF_TEST_CERT_OK_DOMAIN;
    server_ =
        CefTestServer::CreateAndStart(port, https_server_, cert_type, this);
    // Always execute asynchronously.
    CefPostTask(TID_UI, base::BindOnce(&ServerHandler::NotifyServerCreated,
--- a/tests/ceftests/test_server_unittest.cc
+++ b/tests/ceftests/test_server_unittest.cc
@ -81,7 +81,8 @@ class TestServerHandler : public CefTestServerHandler {
    https_server_ = https_server;
    // Blocks until the server is created.
-    server_ = CefTestServer::CreateAndStart(/*port=*/0, https_server, this);
+    server_ = CefTestServer::CreateAndStart(/*port=*/0, https_server,
                                            CEF_TEST_CERT_OK_DOMAIN, this);
    origin_ = server_->GetOrigin();
    EXPECT_TRUE(VerifyOrigin(origin_));
--- a/tools/distrib/transfer.cfg
+++ b/tools/distrib/transfer.cfg
@ -14,10 +14,18 @@
    'source' : '../net/base/net_error_list.h',
    'target' : 'include/base/internal/cef_net_error_list.h',
  },
  {
    'source' : '../net/data/ssl/certificates/expired_cert.pem',
    'target' : 'tests/ceftests/resources/net/data/ssl/certificates/expired_cert.pem',
  },
  {
    'source' : '../net/data/ssl/certificates/localhost_cert.pem',
    'target' : 'tests/ceftests/resources/net/data/ssl/certificates/localhost_cert.pem',
  },
  {
    'source' : '../net/data/ssl/certificates/ok_cert.pem',
    'target' : 'tests/ceftests/resources/net/data/ssl/certificates/ok_cert.pem',
  },
  {
    'source' : '../net/data/ssl/certificates/root_ca_cert.pem',
    'target' : 'tests/ceftests/resources/net/data/ssl/certificates/root_ca_cert.pem',