| Index: net/http/http_auth_sspi_win_unittest.cc
|
| ===================================================================
|
| --- net/http/http_auth_sspi_win_unittest.cc (revision 59119)
|
| +++ net/http/http_auth_sspi_win_unittest.cc (working copy)
|
| @@ -22,6 +22,8 @@
|
| EXPECT_EQ(expected_user, actual_user);
|
| }
|
|
|
| +const ULONG kMaxTokenLength = 100;
|
| +
|
| } // namespace
|
|
|
| TEST(HttpAuthSSPITest, SplitUserAndDomain) {
|
| @@ -36,7 +38,7 @@
|
|
|
| MockSSPILibrary mock_library;
|
| mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info);
|
| - ULONG max_token_length = 100;
|
| + ULONG max_token_length = kMaxTokenLength;
|
| int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length);
|
| EXPECT_EQ(OK, rv);
|
| EXPECT_EQ(1337, max_token_length);
|
| @@ -46,7 +48,7 @@
|
| MockSSPILibrary mock_library;
|
| mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND,
|
| NULL);
|
| - ULONG max_token_length = 100;
|
| + ULONG max_token_length = kMaxTokenLength;
|
| int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length);
|
| EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
|
| // |DetermineMaxTokenLength()| interface states that |max_token_length| should
|
| @@ -54,4 +56,100 @@
|
| EXPECT_EQ(100, max_token_length);
|
| }
|
|
|
| +TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) {
|
| + // The first round should just consist of an unadorned "Negotiate" header.
|
| + MockSSPILibrary mock_library;
|
| + HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
|
| + NEGOSSP_NAME, kMaxTokenLength);
|
| + std::string challenge_text = "Negotiate";
|
| + HttpAuth::ChallengeTokenizer challenge(challenge_text.begin(),
|
| + challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
|
| + auth_sspi.ParseChallenge(&challenge));
|
| +}
|
| +
|
| +TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) {
|
| + // The first round should just have "Negotiate", and the second round should
|
| + // have a valid base64 token associated with it.
|
| + MockSSPILibrary mock_library;
|
| + HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
|
| + NEGOSSP_NAME, kMaxTokenLength);
|
| + std::string first_challenge_text = "Negotiate";
|
| + HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(),
|
| + first_challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
|
| + auth_sspi.ParseChallenge(&first_challenge));
|
| +
|
| + // Generate an auth token and create another thing.
|
| + std::string auth_token;
|
| + EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, NULL,
|
| + L"HTTP/intranet.google.com",
|
| + &auth_token));
|
| +
|
| + std::string second_challenge_text = "Negotiate Zm9vYmFy";
|
| + HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(),
|
| + second_challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
|
| + auth_sspi.ParseChallenge(&second_challenge));
|
| +}
|
| +
|
| +TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) {
|
| + // If the first round challenge has an additional authentication token, it
|
| + // should be treated as an invalid challenge from the server.
|
| + MockSSPILibrary mock_library;
|
| + HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
|
| + NEGOSSP_NAME, kMaxTokenLength);
|
| + std::string challenge_text = "Negotiate Zm9vYmFy";
|
| + HttpAuth::ChallengeTokenizer challenge(challenge_text.begin(),
|
| + challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
|
| + auth_sspi.ParseChallenge(&challenge));
|
| +}
|
| +
|
| +TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) {
|
| + // If a later-round challenge is simply "Negotiate", it should be treated as
|
| + // an authentication challenge rejection from the server or proxy.
|
| + MockSSPILibrary mock_library;
|
| + HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
|
| + NEGOSSP_NAME, kMaxTokenLength);
|
| + std::string first_challenge_text = "Negotiate";
|
| + HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(),
|
| + first_challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
|
| + auth_sspi.ParseChallenge(&first_challenge));
|
| +
|
| + std::string auth_token;
|
| + EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, NULL,
|
| + L"HTTP/intranet.google.com",
|
| + &auth_token));
|
| + std::string second_challenge_text = "Negotiate";
|
| + HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(),
|
| + second_challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
|
| + auth_sspi.ParseChallenge(&second_challenge));
|
| +}
|
| +
|
| +TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) {
|
| + // If a later-round challenge has an invalid base64 encoded token, it should
|
| + // be treated as an invalid challenge.
|
| + MockSSPILibrary mock_library;
|
| + HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
|
| + NEGOSSP_NAME, kMaxTokenLength);
|
| + std::string first_challenge_text = "Negotiate";
|
| + HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(),
|
| + first_challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
|
| + auth_sspi.ParseChallenge(&first_challenge));
|
| +
|
| + std::string auth_token;
|
| + EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, NULL,
|
| + L"HTTP/intranet.google.com",
|
| + &auth_token));
|
| + std::string second_challenge_text = "Negotiate =happyjoy=";
|
| + HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(),
|
| + second_challenge_text.end());
|
| + EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
|
| + auth_sspi.ParseChallenge(&second_challenge));
|
| +}
|
| +
|
| } // namespace net
|
|
|