| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/basictypes.h" | 5 #include "base/basictypes.h" |
| 6 #include "net/base/net_errors.h" | 6 #include "net/base/net_errors.h" |
| 7 #include "net/http/http_auth_sspi_win.h" | 7 #include "net/http/http_auth_sspi_win.h" |
| 8 #include "net/http/mock_sspi_library_win.h" | 8 #include "net/http/mock_sspi_library_win.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 10 |
| 11 namespace net { | 11 namespace net { |
| 12 | 12 |
| 13 namespace { | 13 namespace { |
| 14 | 14 |
| 15 void MatchDomainUserAfterSplit(const std::wstring& combined, | 15 void MatchDomainUserAfterSplit(const std::wstring& combined, |
| 16 const std::wstring& expected_domain, | 16 const std::wstring& expected_domain, |
| 17 const std::wstring& expected_user) { | 17 const std::wstring& expected_user) { |
| 18 std::wstring actual_domain; | 18 std::wstring actual_domain; |
| 19 std::wstring actual_user; | 19 std::wstring actual_user; |
| 20 SplitDomainAndUser(combined, &actual_domain, &actual_user); | 20 SplitDomainAndUser(combined, &actual_domain, &actual_user); |
| 21 EXPECT_EQ(expected_domain, actual_domain); | 21 EXPECT_EQ(expected_domain, actual_domain); |
| 22 EXPECT_EQ(expected_user, actual_user); | 22 EXPECT_EQ(expected_user, actual_user); |
| 23 } | 23 } |
| 24 | 24 |
| 25 const ULONG kMaxTokenLength = 100; |
| 26 |
| 25 } // namespace | 27 } // namespace |
| 26 | 28 |
| 27 TEST(HttpAuthSSPITest, SplitUserAndDomain) { | 29 TEST(HttpAuthSSPITest, SplitUserAndDomain) { |
| 28 MatchDomainUserAfterSplit(L"foobar", L"", L"foobar"); | 30 MatchDomainUserAfterSplit(L"foobar", L"", L"foobar"); |
| 29 MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar"); | 31 MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar"); |
| 30 } | 32 } |
| 31 | 33 |
| 32 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) { | 34 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) { |
| 33 SecPkgInfoW package_info; | 35 SecPkgInfoW package_info; |
| 34 memset(&package_info, 0x0, sizeof(package_info)); | 36 memset(&package_info, 0x0, sizeof(package_info)); |
| 35 package_info.cbMaxToken = 1337; | 37 package_info.cbMaxToken = 1337; |
| 36 | 38 |
| 37 MockSSPILibrary mock_library; | 39 MockSSPILibrary mock_library; |
| 38 mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info); | 40 mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info); |
| 39 ULONG max_token_length = 100; | 41 ULONG max_token_length = kMaxTokenLength; |
| 40 int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length); | 42 int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length); |
| 41 EXPECT_EQ(OK, rv); | 43 EXPECT_EQ(OK, rv); |
| 42 EXPECT_EQ(1337, max_token_length); | 44 EXPECT_EQ(1337, max_token_length); |
| 43 } | 45 } |
| 44 | 46 |
| 45 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) { | 47 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) { |
| 46 MockSSPILibrary mock_library; | 48 MockSSPILibrary mock_library; |
| 47 mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND, | 49 mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND, |
| 48 NULL); | 50 NULL); |
| 49 ULONG max_token_length = 100; | 51 ULONG max_token_length = kMaxTokenLength; |
| 50 int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length); | 52 int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length); |
| 51 EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv); | 53 EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv); |
| 52 // |DetermineMaxTokenLength()| interface states that |max_token_length| should | 54 // |DetermineMaxTokenLength()| interface states that |max_token_length| should |
| 53 // not change on failure. | 55 // not change on failure. |
| 54 EXPECT_EQ(100, max_token_length); | 56 EXPECT_EQ(100, max_token_length); |
| 55 } | 57 } |
| 56 | 58 |
| 59 TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) { |
| 60 // The first round should just consist of an unadorned "Negotiate" header. |
| 61 MockSSPILibrary mock_library; |
| 62 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", |
| 63 NEGOSSP_NAME, kMaxTokenLength); |
| 64 std::string challenge_text = "Negotiate"; |
| 65 HttpAuth::ChallengeTokenizer challenge(challenge_text.begin(), |
| 66 challenge_text.end()); |
| 67 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, |
| 68 auth_sspi.ParseChallenge(&challenge)); |
| 69 } |
| 70 |
| 71 TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) { |
| 72 // The first round should just have "Negotiate", and the second round should |
| 73 // have a valid base64 token associated with it. |
| 74 MockSSPILibrary mock_library; |
| 75 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", |
| 76 NEGOSSP_NAME, kMaxTokenLength); |
| 77 std::string first_challenge_text = "Negotiate"; |
| 78 HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(), |
| 79 first_challenge_text.end()); |
| 80 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, |
| 81 auth_sspi.ParseChallenge(&first_challenge)); |
| 82 |
| 83 // Generate an auth token and create another thing. |
| 84 std::string auth_token; |
| 85 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, NULL, |
| 86 L"HTTP/intranet.google.com", |
| 87 &auth_token)); |
| 88 |
| 89 std::string second_challenge_text = "Negotiate Zm9vYmFy"; |
| 90 HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(), |
| 91 second_challenge_text.end()); |
| 92 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, |
| 93 auth_sspi.ParseChallenge(&second_challenge)); |
| 94 } |
| 95 |
| 96 TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) { |
| 97 // If the first round challenge has an additional authentication token, it |
| 98 // should be treated as an invalid challenge from the server. |
| 99 MockSSPILibrary mock_library; |
| 100 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", |
| 101 NEGOSSP_NAME, kMaxTokenLength); |
| 102 std::string challenge_text = "Negotiate Zm9vYmFy"; |
| 103 HttpAuth::ChallengeTokenizer challenge(challenge_text.begin(), |
| 104 challenge_text.end()); |
| 105 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, |
| 106 auth_sspi.ParseChallenge(&challenge)); |
| 107 } |
| 108 |
| 109 TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) { |
| 110 // If a later-round challenge is simply "Negotiate", it should be treated as |
| 111 // an authentication challenge rejection from the server or proxy. |
| 112 MockSSPILibrary mock_library; |
| 113 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", |
| 114 NEGOSSP_NAME, kMaxTokenLength); |
| 115 std::string first_challenge_text = "Negotiate"; |
| 116 HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(), |
| 117 first_challenge_text.end()); |
| 118 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, |
| 119 auth_sspi.ParseChallenge(&first_challenge)); |
| 120 |
| 121 std::string auth_token; |
| 122 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, NULL, |
| 123 L"HTTP/intranet.google.com", |
| 124 &auth_token)); |
| 125 std::string second_challenge_text = "Negotiate"; |
| 126 HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(), |
| 127 second_challenge_text.end()); |
| 128 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT, |
| 129 auth_sspi.ParseChallenge(&second_challenge)); |
| 130 } |
| 131 |
| 132 TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) { |
| 133 // If a later-round challenge has an invalid base64 encoded token, it should |
| 134 // be treated as an invalid challenge. |
| 135 MockSSPILibrary mock_library; |
| 136 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", |
| 137 NEGOSSP_NAME, kMaxTokenLength); |
| 138 std::string first_challenge_text = "Negotiate"; |
| 139 HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(), |
| 140 first_challenge_text.end()); |
| 141 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, |
| 142 auth_sspi.ParseChallenge(&first_challenge)); |
| 143 |
| 144 std::string auth_token; |
| 145 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, NULL, |
| 146 L"HTTP/intranet.google.com", |
| 147 &auth_token)); |
| 148 std::string second_challenge_text = "Negotiate =happyjoy="; |
| 149 HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(), |
| 150 second_challenge_text.end()); |
| 151 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, |
| 152 auth_sspi.ParseChallenge(&second_challenge)); |
| 153 } |
| 154 |
| 57 } // namespace net | 155 } // namespace net |
| OLD | NEW |