OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
11 #include "base/message_loop/message_loop.h" | 11 #include "base/message_loop/message_loop.h" |
12 #include "base/test/test_timeouts.h" | 12 #include "base/test/test_timeouts.h" |
13 #include "base/timer/timer.h" | 13 #include "base/timer/timer.h" |
14 #include "crypto/rsa_private_key.h" | 14 #include "crypto/rsa_private_key.h" |
15 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
16 #include "net/base/test_data_directory.h" | 16 #include "net/base/test_data_directory.h" |
17 #include "net/test/cert_test_util.h" | |
17 #include "remoting/base/rsa_key_pair.h" | 18 #include "remoting/base/rsa_key_pair.h" |
18 #include "remoting/protocol/connection_tester.h" | 19 #include "remoting/protocol/connection_tester.h" |
19 #include "remoting/protocol/fake_session.h" | 20 #include "remoting/protocol/fake_session.h" |
20 #include "testing/gmock/include/gmock/gmock.h" | 21 #include "testing/gmock/include/gmock/gmock.h" |
21 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
22 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" | 23 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" |
23 | 24 |
24 using testing::_; | 25 using testing::_; |
25 using testing::NotNull; | 26 using testing::NotNull; |
26 using testing::SaveArg; | 27 using testing::SaveArg; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
61 | 62 |
62 base::FilePath key_path = certs_dir.AppendASCII("unittest.key.bin"); | 63 base::FilePath key_path = certs_dir.AppendASCII("unittest.key.bin"); |
63 std::string key_string; | 64 std::string key_string; |
64 ASSERT_TRUE(base::ReadFileToString(key_path, &key_string)); | 65 ASSERT_TRUE(base::ReadFileToString(key_path, &key_string)); |
65 std::string key_base64; | 66 std::string key_base64; |
66 base::Base64Encode(key_string, &key_base64); | 67 base::Base64Encode(key_string, &key_base64); |
67 key_pair_ = RsaKeyPair::FromString(key_base64); | 68 key_pair_ = RsaKeyPair::FromString(key_base64); |
68 ASSERT_TRUE(key_pair_.get()); | 69 ASSERT_TRUE(key_pair_.get()); |
69 } | 70 } |
70 | 71 |
71 void RunChannelAuth(bool expected_fail) { | 72 void RunChannelAuth(int expected_client_error, int expected_host_error) { |
72 client_fake_socket_.reset(new FakeStreamSocket()); | 73 client_fake_socket_.reset(new FakeStreamSocket()); |
73 host_fake_socket_.reset(new FakeStreamSocket()); | 74 host_fake_socket_.reset(new FakeStreamSocket()); |
74 client_fake_socket_->PairWith(host_fake_socket_.get()); | 75 client_fake_socket_->PairWith(host_fake_socket_.get()); |
75 | 76 |
76 client_auth_->SecureAndAuthenticate( | 77 client_auth_->SecureAndAuthenticate( |
77 client_fake_socket_.Pass(), | 78 client_fake_socket_.Pass(), |
78 base::Bind(&SslHmacChannelAuthenticatorTest::OnClientConnected, | 79 base::Bind(&SslHmacChannelAuthenticatorTest::OnClientConnected, |
79 base::Unretained(this))); | 80 base::Unretained(this))); |
80 | 81 |
81 host_auth_->SecureAndAuthenticate( | 82 host_auth_->SecureAndAuthenticate( |
82 host_fake_socket_.Pass(), | 83 host_fake_socket_.Pass(), |
83 base::Bind(&SslHmacChannelAuthenticatorTest::OnHostConnected, | 84 base::Bind(&SslHmacChannelAuthenticatorTest::OnHostConnected, |
84 base::Unretained(this), std::string("ref argument value"))); | 85 base::Unretained(this), std::string("ref argument value"))); |
85 | 86 |
86 // Expect two callbacks to be called - the client callback and the host | 87 // Expect two callbacks to be called - the client callback and the host |
87 // callback. | 88 // callback. |
88 int callback_counter = 2; | 89 int callback_counter = 2; |
89 | 90 |
90 if (expected_fail) { | 91 if (expected_client_error != net::OK) { |
91 EXPECT_CALL(client_callback_, OnDone(net::ERR_FAILED, nullptr)) | 92 EXPECT_CALL(client_callback_, OnDone(expected_client_error, nullptr)) |
92 .WillOnce(QuitThreadOnCounter(&callback_counter)); | |
93 EXPECT_CALL(host_callback_, OnDone(net::ERR_FAILED, nullptr)) | |
94 .WillOnce(QuitThreadOnCounter(&callback_counter)); | 93 .WillOnce(QuitThreadOnCounter(&callback_counter)); |
95 } else { | 94 } else { |
96 EXPECT_CALL(client_callback_, OnDone(net::OK, NotNull())) | 95 EXPECT_CALL(client_callback_, OnDone(net::OK, NotNull())) |
97 .WillOnce(QuitThreadOnCounter(&callback_counter)); | 96 .WillOnce(QuitThreadOnCounter(&callback_counter)); |
97 } | |
98 | |
99 if (expected_host_error != net::OK) { | |
100 EXPECT_CALL(host_callback_, OnDone(expected_host_error, nullptr)) | |
101 .WillOnce(QuitThreadOnCounter(&callback_counter)); | |
102 } else { | |
98 EXPECT_CALL(host_callback_, OnDone(net::OK, NotNull())) | 103 EXPECT_CALL(host_callback_, OnDone(net::OK, NotNull())) |
99 .WillOnce(QuitThreadOnCounter(&callback_counter)); | 104 .WillOnce(QuitThreadOnCounter(&callback_counter)); |
100 } | 105 } |
101 | 106 |
102 // Ensure that .Run() does not run unbounded if the callbacks are never | 107 // Ensure that .Run() does not run unbounded if the callbacks are never |
103 // called. | 108 // called. |
104 base::Timer shutdown_timer(false, false); | 109 base::Timer shutdown_timer(false, false); |
105 shutdown_timer.Start(FROM_HERE, | 110 shutdown_timer.Start(FROM_HERE, |
106 TestTimeouts::action_timeout(), | 111 TestTimeouts::action_timeout(), |
107 base::MessageLoop::QuitClosure()); | 112 base::MessageLoop::QuitClosure()); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
142 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticatorTest); | 147 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticatorTest); |
143 }; | 148 }; |
144 | 149 |
145 // Verify that a channel can be connected using a valid shared secret. | 150 // Verify that a channel can be connected using a valid shared secret. |
146 TEST_F(SslHmacChannelAuthenticatorTest, SuccessfulAuth) { | 151 TEST_F(SslHmacChannelAuthenticatorTest, SuccessfulAuth) { |
147 client_auth_ = SslHmacChannelAuthenticator::CreateForClient( | 152 client_auth_ = SslHmacChannelAuthenticator::CreateForClient( |
148 host_cert_, kTestSharedSecret); | 153 host_cert_, kTestSharedSecret); |
149 host_auth_ = SslHmacChannelAuthenticator::CreateForHost( | 154 host_auth_ = SslHmacChannelAuthenticator::CreateForHost( |
150 host_cert_, key_pair_, kTestSharedSecret); | 155 host_cert_, key_pair_, kTestSharedSecret); |
151 | 156 |
152 RunChannelAuth(false); | 157 RunChannelAuth(net::OK, net::OK); |
153 | 158 |
154 ASSERT_TRUE(client_socket_.get() != nullptr); | 159 ASSERT_TRUE(client_socket_.get() != nullptr); |
155 ASSERT_TRUE(host_socket_.get() != nullptr); | 160 ASSERT_TRUE(host_socket_.get() != nullptr); |
156 | 161 |
157 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), | 162 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), |
158 100, 2); | 163 100, 2); |
159 | 164 |
160 tester.Start(); | 165 tester.Start(); |
161 message_loop_.Run(); | 166 message_loop_.Run(); |
162 tester.CheckResults(); | 167 tester.CheckResults(); |
163 } | 168 } |
164 | 169 |
165 // Verify that channels cannot be using invalid shared secret. | 170 // Verify that channels cannot be using invalid shared secret. |
166 TEST_F(SslHmacChannelAuthenticatorTest, InvalidChannelSecret) { | 171 TEST_F(SslHmacChannelAuthenticatorTest, InvalidChannelSecret) { |
167 client_auth_ = SslHmacChannelAuthenticator::CreateForClient( | 172 client_auth_ = SslHmacChannelAuthenticator::CreateForClient( |
168 host_cert_, kTestSharedSecretBad); | 173 host_cert_, kTestSharedSecretBad); |
169 host_auth_ = SslHmacChannelAuthenticator::CreateForHost( | 174 host_auth_ = SslHmacChannelAuthenticator::CreateForHost( |
170 host_cert_, key_pair_, kTestSharedSecret); | 175 host_cert_, key_pair_, kTestSharedSecret); |
171 | 176 |
172 RunChannelAuth(true); | 177 RunChannelAuth(net::ERR_FAILED, net::ERR_FAILED); |
173 | 178 |
174 ASSERT_TRUE(host_socket_.get() == nullptr); | 179 ASSERT_TRUE(host_socket_.get() == nullptr); |
175 } | 180 } |
181 | |
182 // Verify that channels cannot be using invalid certificate. | |
183 TEST_F(SslHmacChannelAuthenticatorTest, InvalidCertificate) { | |
Sergey Ulanov
2015/04/24 00:34:45
This test is not useful - see my previous comment.
davidben
2015/04/24 20:52:44
Leaving as-is per offline discussion.
| |
184 // Import a second certificate for the client to expect. | |
185 scoped_refptr<net::X509Certificate> host_cert2( | |
186 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem")); | |
187 std::string host_cert2_der; | |
188 ASSERT_TRUE(net::X509Certificate::GetDEREncoded(host_cert2->os_cert_handle(), | |
189 &host_cert2_der)); | |
190 | |
191 client_auth_ = SslHmacChannelAuthenticator::CreateForClient( | |
192 host_cert2_der, kTestSharedSecret); | |
193 host_auth_ = SslHmacChannelAuthenticator::CreateForHost( | |
194 host_cert_, key_pair_, kTestSharedSecret); | |
195 | |
196 RunChannelAuth(net::ERR_CERT_INVALID, net::ERR_CONNECTION_CLOSED); | |
197 | |
198 ASSERT_TRUE(host_socket_.get() == nullptr); | |
199 } | |
176 | 200 |
177 } // namespace protocol | 201 } // namespace protocol |
178 } // namespace remoting | 202 } // namespace remoting |
OLD | NEW |