OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_gssapi_posix.h" | 5 #include "net/http/http_auth_gssapi_posix.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/native_library.h" | 10 #include "base/native_library.h" |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
64 const_cast<char*>(kInitialAuthResponse)}; | 64 const_cast<char*>(kInitialAuthResponse)}; |
65 library->ExpectSecurityContext( | 65 library->ExpectSecurityContext( |
66 "Negotiate", | 66 "Negotiate", |
67 GSS_S_CONTINUE_NEEDED, | 67 GSS_S_CONTINUE_NEEDED, |
68 0, | 68 0, |
69 context_info, | 69 context_info, |
70 in_buffer, | 70 in_buffer, |
71 out_buffer); | 71 out_buffer); |
72 } | 72 } |
73 | 73 |
| 74 void UnexpectedCallback(int result) { |
| 75 // At present getting tokens from gssapi is fully synchronous, so the callback |
| 76 // should never be called. |
| 77 ADD_FAILURE(); |
| 78 } |
| 79 |
74 } // namespace | 80 } // namespace |
75 | 81 |
76 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) { | 82 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) { |
77 // TODO(ahendrickson): Manipulate the libraries and paths to test each of the | 83 // TODO(ahendrickson): Manipulate the libraries and paths to test each of the |
78 // libraries we expect, and also whether or not they have the interface | 84 // libraries we expect, and also whether or not they have the interface |
79 // functions we want. | 85 // functions we want. |
80 scoped_ptr<GSSAPILibrary> gssapi(new GSSAPISharedLibrary(std::string())); | 86 scoped_ptr<GSSAPILibrary> gssapi(new GSSAPISharedLibrary(std::string())); |
81 DCHECK(gssapi.get()); | 87 DCHECK(gssapi.get()); |
82 EXPECT_TRUE(gssapi.get()->Init()); | 88 EXPECT_TRUE(gssapi.get()->Init()); |
83 } | 89 } |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
169 CopyBuffer(&input_token, &output_token); | 175 CopyBuffer(&input_token, &output_token); |
170 ClearBuffer(&output_token); | 176 ClearBuffer(&output_token); |
171 } | 177 } |
172 ClearBuffer(&input_token); | 178 ClearBuffer(&input_token); |
173 major_status = mock_library->delete_sec_context(&minor_status, | 179 major_status = mock_library->delete_sec_context(&minor_status, |
174 &context_handle, | 180 &context_handle, |
175 GSS_C_NO_BUFFER); | 181 GSS_C_NO_BUFFER); |
176 EXPECT_EQ(static_cast<OM_uint32>(GSS_S_COMPLETE), major_status); | 182 EXPECT_EQ(static_cast<OM_uint32>(GSS_S_COMPLETE), major_status); |
177 } | 183 } |
178 | 184 |
179 TEST(HttpAuthGSSAPITest, ParseChallenge_FirstRound) { | |
180 // The first round should just consist of an unadorned "Negotiate" header. | |
181 test::MockGSSAPILibrary mock_library; | |
182 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
183 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
184 std::string challenge_text = "Negotiate"; | |
185 HttpAuthChallengeTokenizer challenge(challenge_text.begin(), | |
186 challenge_text.end()); | |
187 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
188 auth_gssapi.ParseChallenge(&challenge)); | |
189 } | |
190 | |
191 TEST(HttpAuthGSSAPITest, ParseChallenge_TwoRounds) { | |
192 // The first round should just have "Negotiate", and the second round should | |
193 // have a valid base64 token associated with it. | |
194 test::MockGSSAPILibrary mock_library; | |
195 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
196 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
197 std::string first_challenge_text = "Negotiate"; | |
198 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), | |
199 first_challenge_text.end()); | |
200 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
201 auth_gssapi.ParseChallenge(&first_challenge)); | |
202 | |
203 // Generate an auth token and create another thing. | |
204 EstablishInitialContext(&mock_library); | |
205 std::string auth_token; | |
206 EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", | |
207 &auth_token)); | |
208 | |
209 std::string second_challenge_text = "Negotiate Zm9vYmFy"; | |
210 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), | |
211 second_challenge_text.end()); | |
212 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
213 auth_gssapi.ParseChallenge(&second_challenge)); | |
214 } | |
215 | |
216 TEST(HttpAuthGSSAPITest, ParseChallenge_UnexpectedTokenFirstRound) { | |
217 // If the first round challenge has an additional authentication token, it | |
218 // should be treated as an invalid challenge from the server. | |
219 test::MockGSSAPILibrary mock_library; | |
220 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
221 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
222 std::string challenge_text = "Negotiate Zm9vYmFy"; | |
223 HttpAuthChallengeTokenizer challenge(challenge_text.begin(), | |
224 challenge_text.end()); | |
225 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, | |
226 auth_gssapi.ParseChallenge(&challenge)); | |
227 } | |
228 | |
229 TEST(HttpAuthGSSAPITest, ParseChallenge_MissingTokenSecondRound) { | |
230 // If a later-round challenge is simply "Negotiate", it should be treated as | |
231 // an authentication challenge rejection from the server or proxy. | |
232 test::MockGSSAPILibrary mock_library; | |
233 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
234 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
235 std::string first_challenge_text = "Negotiate"; | |
236 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), | |
237 first_challenge_text.end()); | |
238 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
239 auth_gssapi.ParseChallenge(&first_challenge)); | |
240 | |
241 EstablishInitialContext(&mock_library); | |
242 std::string auth_token; | |
243 EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", | |
244 &auth_token)); | |
245 std::string second_challenge_text = "Negotiate"; | |
246 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), | |
247 second_challenge_text.end()); | |
248 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT, | |
249 auth_gssapi.ParseChallenge(&second_challenge)); | |
250 } | |
251 | |
252 TEST(HttpAuthGSSAPITest, ParseChallenge_NonBase64EncodedToken) { | |
253 // If a later-round challenge has an invalid base64 encoded token, it should | |
254 // be treated as an invalid challenge. | |
255 test::MockGSSAPILibrary mock_library; | |
256 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
257 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
258 std::string first_challenge_text = "Negotiate"; | |
259 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), | |
260 first_challenge_text.end()); | |
261 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
262 auth_gssapi.ParseChallenge(&first_challenge)); | |
263 | |
264 EstablishInitialContext(&mock_library); | |
265 std::string auth_token; | |
266 EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", | |
267 &auth_token)); | |
268 std::string second_challenge_text = "Negotiate =happyjoy="; | |
269 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), | |
270 second_challenge_text.end()); | |
271 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, | |
272 auth_gssapi.ParseChallenge(&second_challenge)); | |
273 } | |
274 | |
275 } // namespace net | 185 } // namespace net |
OLD | NEW |