| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/internal_auth.h" |
| 6 |
| 7 #include <algorithm> |
| 8 |
| 9 #include "base/lazy_instance.h" |
| 10 #include "base/time.h" |
| 11 #include "content/browser/browser_thread.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" |
| 13 |
| 14 class InternalAuthTest : public ::testing::Test { |
| 15 public: |
| 16 InternalAuthTest() { |
| 17 long_string_ = "seed"; |
| 18 for (int i = 20; i--;) |
| 19 long_string_ += long_string_; |
| 20 } |
| 21 virtual ~InternalAuthTest() {} |
| 22 |
| 23 virtual void SetUp() { |
| 24 } |
| 25 |
| 26 virtual void TearDown() { |
| 27 } |
| 28 |
| 29 MessageLoop message_loop_; |
| 30 std::string long_string_; |
| 31 }; |
| 32 |
| 33 TEST_F(InternalAuthTest, BasicGeneration) { |
| 34 std::map<std::string, std::string> map; |
| 35 map["key"] = "value"; |
| 36 std::string token = browser::InternalAuthGeneration::GenerateToken( |
| 37 "zapata", map); |
| 38 ASSERT_GT(token.size(), 10u); // short token is insecure. |
| 39 |
| 40 map["key2"] = "value2"; |
| 41 token = browser::InternalAuthGeneration::GenerateToken("zapata", map); |
| 42 ASSERT_GT(token.size(), 10u); |
| 43 } |
| 44 |
| 45 TEST_F(InternalAuthTest, DoubleGeneration) { |
| 46 std::map<std::string, std::string> map; |
| 47 map["key"] = "value"; |
| 48 std::string token1 = browser::InternalAuthGeneration::GenerateToken( |
| 49 "zapata", map); |
| 50 ASSERT_GT(token1.size(), 10u); |
| 51 |
| 52 std::string token2 = browser::InternalAuthGeneration::GenerateToken( |
| 53 "zapata", map); |
| 54 ASSERT_GT(token2.size(), 10u); |
| 55 // tokens are different even if credentials coincide. |
| 56 ASSERT_NE(token1, token2); |
| 57 } |
| 58 |
| 59 TEST_F(InternalAuthTest, BadGeneration) { |
| 60 std::map<std::string, std::string> map; |
| 61 map["key"] = "value"; |
| 62 // Trying huge domain. |
| 63 std::string token = browser::InternalAuthGeneration::GenerateToken( |
| 64 long_string_, map); |
| 65 ASSERT_TRUE(token.empty()); |
| 66 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 67 token, long_string_, map)); |
| 68 |
| 69 // Trying empty domain. |
| 70 token = browser::InternalAuthGeneration::GenerateToken("", map); |
| 71 ASSERT_TRUE(token.empty()); |
| 72 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 73 token, "", map)); |
| 74 |
| 75 std::string dummy("abcdefghij"); |
| 76 for (size_t i = 1000; i--;) { |
| 77 std::string key = dummy; |
| 78 std::next_permutation(dummy.begin(), dummy.end()); |
| 79 std::string value = dummy; |
| 80 std::next_permutation(dummy.begin(), dummy.end()); |
| 81 map[key] = value; |
| 82 } |
| 83 // Trying huge var=value map. |
| 84 token = browser::InternalAuthGeneration::GenerateToken("zapata", map); |
| 85 ASSERT_TRUE(token.empty()); |
| 86 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 87 token, "zapata", map)); |
| 88 |
| 89 map.clear(); |
| 90 map[""] = "value"; |
| 91 // Trying empty key. |
| 92 token = browser::InternalAuthGeneration::GenerateToken("zapata", map); |
| 93 ASSERT_TRUE(token.empty()); |
| 94 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 95 token, "zapata", map)); |
| 96 } |
| 97 |
| 98 TEST_F(InternalAuthTest, BasicVerification) { |
| 99 std::map<std::string, std::string> map; |
| 100 map["key"] = "value"; |
| 101 std::string token = browser::InternalAuthGeneration::GenerateToken( |
| 102 "zapata", map); |
| 103 ASSERT_GT(token.size(), 10u); |
| 104 ASSERT_TRUE(browser::InternalAuthVerification::VerifyToken( |
| 105 token, "zapata", map)); |
| 106 // Token can not be reused. |
| 107 for (int i = 10000; i--;) { |
| 108 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 109 token, "zapata", map)); |
| 110 } |
| 111 } |
| 112 |
| 113 TEST_F(InternalAuthTest, BruteForce) { |
| 114 std::map<std::string, std::string> map; |
| 115 map["key"] = "value"; |
| 116 std::string token = browser::InternalAuthGeneration::GenerateToken( |
| 117 "zapata", map); |
| 118 ASSERT_GT(token.size(), 10u); |
| 119 |
| 120 // Trying bruteforce. |
| 121 std::string dummy = token; |
| 122 for (size_t i = 10000; i--;) { |
| 123 std::next_permutation(dummy.begin(), dummy.end()); |
| 124 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 125 dummy, "zapata", map)); |
| 126 } |
| 127 dummy = token; |
| 128 for (size_t i = 10000; i--;) { |
| 129 std::next_permutation(dummy.begin(), dummy.begin() + dummy.size() / 2); |
| 130 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 131 dummy, "zapata", map)); |
| 132 } |
| 133 // We brute forced just too little, so original token must not expire yet. |
| 134 ASSERT_TRUE(browser::InternalAuthVerification::VerifyToken( |
| 135 token, "zapata", map)); |
| 136 } |
| 137 |
| 138 TEST_F(InternalAuthTest, ExpirationAndBruteForce) { |
| 139 int kCustomVerificationWindow = 2; |
| 140 browser::InternalAuthVerification::set_verification_window_seconds( |
| 141 kCustomVerificationWindow); |
| 142 |
| 143 std::map<std::string, std::string> map; |
| 144 map["key"] = "value"; |
| 145 std::string token = browser::InternalAuthGeneration::GenerateToken( |
| 146 "zapata", map); |
| 147 ASSERT_GT(token.size(), 10u); |
| 148 |
| 149 // We want to test token expiration, so we need to wait some amount of time, |
| 150 // so we are brute-forcing during this time. |
| 151 base::Time timestamp = base::Time::Now(); |
| 152 std::string dummy1 = token; |
| 153 std::string dummy2 = token; |
| 154 for (;;) { |
| 155 for (size_t i = 10000; i--;) { |
| 156 std::next_permutation(dummy1.begin(), dummy1.end()); |
| 157 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 158 dummy1, "zapata", map)); |
| 159 } |
| 160 for (size_t i = 10000; i--;) { |
| 161 std::next_permutation(dummy2.begin(), dummy2.begin() + dummy2.size() / 2); |
| 162 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 163 dummy2, "zapata", map)); |
| 164 } |
| 165 if (base::Time::Now() - timestamp > base::TimeDelta::FromSeconds( |
| 166 kCustomVerificationWindow + 1)) { |
| 167 break; |
| 168 } |
| 169 } |
| 170 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 171 token, "zapata", map)); |
| 172 // Reset verification window to default. |
| 173 browser::InternalAuthVerification::set_verification_window_seconds(0); |
| 174 } |
| 175 |
| 176 TEST_F(InternalAuthTest, ChangeKey) { |
| 177 std::map<std::string, std::string> map; |
| 178 map["key"] = "value"; |
| 179 std::string token = browser::InternalAuthGeneration::GenerateToken( |
| 180 "zapata", map); |
| 181 ASSERT_GT(token.size(), 10u); |
| 182 |
| 183 browser::InternalAuthGeneration::GenerateNewKey(); |
| 184 // Token should survive key change. |
| 185 ASSERT_TRUE(browser::InternalAuthVerification::VerifyToken( |
| 186 token, "zapata", map)); |
| 187 |
| 188 token = browser::InternalAuthGeneration::GenerateToken("zapata", map); |
| 189 ASSERT_GT(token.size(), 10u); |
| 190 for (int i = 20; i--;) |
| 191 browser::InternalAuthGeneration::GenerateNewKey(); |
| 192 // Token should not survive series of key changes. |
| 193 ASSERT_FALSE(browser::InternalAuthVerification::VerifyToken( |
| 194 token, "zapata", map)); |
| 195 } |
| 196 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6683060:
Private API for extensions like ssh-client that need access to TCP. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src