| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_gssapi_posix.h" | 5 #include "net/http/http_auth_gssapi_posix.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/native_library.h" | 10 #include "base/native_library.h" |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 const_cast<char*>(kInitialAuthResponse)}; | 64 const_cast<char*>(kInitialAuthResponse)}; |
| 65 library->ExpectSecurityContext( | 65 library->ExpectSecurityContext( |
| 66 "Negotiate", | 66 "Negotiate", |
| 67 GSS_S_CONTINUE_NEEDED, | 67 GSS_S_CONTINUE_NEEDED, |
| 68 0, | 68 0, |
| 69 context_info, | 69 context_info, |
| 70 in_buffer, | 70 in_buffer, |
| 71 out_buffer); | 71 out_buffer); |
| 72 } | 72 } |
| 73 | 73 |
| 74 void UnexpectedCallback(int result) { |
| 75 // At present getting tokens from gssapi is fully synchronous, so the callback |
| 76 // should never be called. |
| 77 ADD_FAILURE(); |
| 78 } |
| 79 |
| 74 } // namespace | 80 } // namespace |
| 75 | 81 |
| 76 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) { | 82 TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) { |
| 77 // TODO(ahendrickson): Manipulate the libraries and paths to test each of the | 83 // TODO(ahendrickson): Manipulate the libraries and paths to test each of the |
| 78 // libraries we expect, and also whether or not they have the interface | 84 // libraries we expect, and also whether or not they have the interface |
| 79 // functions we want. | 85 // functions we want. |
| 80 scoped_ptr<GSSAPILibrary> gssapi(new GSSAPISharedLibrary(std::string())); | 86 scoped_ptr<GSSAPILibrary> gssapi(new GSSAPISharedLibrary(std::string())); |
| 81 DCHECK(gssapi.get()); | 87 DCHECK(gssapi.get()); |
| 82 EXPECT_TRUE(gssapi.get()->Init()); | 88 EXPECT_TRUE(gssapi.get()->Init()); |
| 83 } | 89 } |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 CopyBuffer(&input_token, &output_token); | 175 CopyBuffer(&input_token, &output_token); |
| 170 ClearBuffer(&output_token); | 176 ClearBuffer(&output_token); |
| 171 } | 177 } |
| 172 ClearBuffer(&input_token); | 178 ClearBuffer(&input_token); |
| 173 major_status = mock_library->delete_sec_context(&minor_status, | 179 major_status = mock_library->delete_sec_context(&minor_status, |
| 174 &context_handle, | 180 &context_handle, |
| 175 GSS_C_NO_BUFFER); | 181 GSS_C_NO_BUFFER); |
| 176 EXPECT_EQ(static_cast<OM_uint32>(GSS_S_COMPLETE), major_status); | 182 EXPECT_EQ(static_cast<OM_uint32>(GSS_S_COMPLETE), major_status); |
| 177 } | 183 } |
| 178 | 184 |
| 179 TEST(HttpAuthGSSAPITest, ParseChallenge_FirstRound) { | |
| 180 // The first round should just consist of an unadorned "Negotiate" header. | |
| 181 test::MockGSSAPILibrary mock_library; | |
| 182 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
| 183 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
| 184 std::string challenge_text = "Negotiate"; | |
| 185 HttpAuthChallengeTokenizer challenge(challenge_text.begin(), | |
| 186 challenge_text.end()); | |
| 187 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
| 188 auth_gssapi.ParseChallenge(&challenge)); | |
| 189 } | |
| 190 | |
| 191 TEST(HttpAuthGSSAPITest, ParseChallenge_TwoRounds) { | |
| 192 // The first round should just have "Negotiate", and the second round should | |
| 193 // have a valid base64 token associated with it. | |
| 194 test::MockGSSAPILibrary mock_library; | |
| 195 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
| 196 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
| 197 std::string first_challenge_text = "Negotiate"; | |
| 198 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), | |
| 199 first_challenge_text.end()); | |
| 200 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
| 201 auth_gssapi.ParseChallenge(&first_challenge)); | |
| 202 | |
| 203 // Generate an auth token and create another thing. | |
| 204 EstablishInitialContext(&mock_library); | |
| 205 std::string auth_token; | |
| 206 EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", | |
| 207 &auth_token)); | |
| 208 | |
| 209 std::string second_challenge_text = "Negotiate Zm9vYmFy"; | |
| 210 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), | |
| 211 second_challenge_text.end()); | |
| 212 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
| 213 auth_gssapi.ParseChallenge(&second_challenge)); | |
| 214 } | |
| 215 | |
| 216 TEST(HttpAuthGSSAPITest, ParseChallenge_UnexpectedTokenFirstRound) { | |
| 217 // If the first round challenge has an additional authentication token, it | |
| 218 // should be treated as an invalid challenge from the server. | |
| 219 test::MockGSSAPILibrary mock_library; | |
| 220 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
| 221 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
| 222 std::string challenge_text = "Negotiate Zm9vYmFy"; | |
| 223 HttpAuthChallengeTokenizer challenge(challenge_text.begin(), | |
| 224 challenge_text.end()); | |
| 225 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, | |
| 226 auth_gssapi.ParseChallenge(&challenge)); | |
| 227 } | |
| 228 | |
| 229 TEST(HttpAuthGSSAPITest, ParseChallenge_MissingTokenSecondRound) { | |
| 230 // If a later-round challenge is simply "Negotiate", it should be treated as | |
| 231 // an authentication challenge rejection from the server or proxy. | |
| 232 test::MockGSSAPILibrary mock_library; | |
| 233 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
| 234 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
| 235 std::string first_challenge_text = "Negotiate"; | |
| 236 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), | |
| 237 first_challenge_text.end()); | |
| 238 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
| 239 auth_gssapi.ParseChallenge(&first_challenge)); | |
| 240 | |
| 241 EstablishInitialContext(&mock_library); | |
| 242 std::string auth_token; | |
| 243 EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", | |
| 244 &auth_token)); | |
| 245 std::string second_challenge_text = "Negotiate"; | |
| 246 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), | |
| 247 second_challenge_text.end()); | |
| 248 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT, | |
| 249 auth_gssapi.ParseChallenge(&second_challenge)); | |
| 250 } | |
| 251 | |
| 252 TEST(HttpAuthGSSAPITest, ParseChallenge_NonBase64EncodedToken) { | |
| 253 // If a later-round challenge has an invalid base64 encoded token, it should | |
| 254 // be treated as an invalid challenge. | |
| 255 test::MockGSSAPILibrary mock_library; | |
| 256 HttpAuthGSSAPI auth_gssapi(&mock_library, "Negotiate", | |
| 257 CHROME_GSS_SPNEGO_MECH_OID_DESC); | |
| 258 std::string first_challenge_text = "Negotiate"; | |
| 259 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), | |
| 260 first_challenge_text.end()); | |
| 261 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, | |
| 262 auth_gssapi.ParseChallenge(&first_challenge)); | |
| 263 | |
| 264 EstablishInitialContext(&mock_library); | |
| 265 std::string auth_token; | |
| 266 EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", | |
| 267 &auth_token)); | |
| 268 std::string second_challenge_text = "Negotiate =happyjoy="; | |
| 269 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), | |
| 270 second_challenge_text.end()); | |
| 271 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, | |
| 272 auth_gssapi.ParseChallenge(&second_challenge)); | |
| 273 } | |
| 274 | |
| 275 } // namespace net | 185 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1128043007:
Support Kerberos on Android (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master