Support Kerberos on Android

net/android/http_android_auth_negotiate_unittest.cc

Index: net/android/http_android_auth_negotiate_unittest.cc
diff --git a/net/android/http_android_auth_negotiate_unittest.cc b/net/android/http_android_auth_negotiate_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..f6c8da6c4da6350eb6f7399ad57b19eeb05e0420
--- /dev/null
+++ b/net/android/http_android_auth_negotiate_unittest.cc
@@ -0,0 +1,104 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/message_loop/message_loop.h"
+#include "base/test/test_ui_thread_android.h"
+#include "net/android/http_android_auth_negotiate.h"
+#include "net/base/net_errors.h"
+#include "net/http/http_auth_challenge_tokenizer.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+namespace android {
+namespace {

[Bernhard Bauer, 2015/06/10 17:11:03]

Can you add some empty lines? In particular around the anonymous namespace.

[aberent, 2015/06/15 15:52:19]

Done.

+bool resultReceived = false;

[Bernhard Bauer, 2015/06/10 17:11:03]

This should be unix_hacker_style, no?

[aberent, 2015/06/15 15:52:19]

Done.

+std::string* auth_token = new std::string();

[Bernhard Bauer, 2015/06/10 17:11:03]

It doesn't look like this needs to be global.

[aberent, 2015/06/15 15:52:19]

Done.

+base::MessageLoop* message_loop;
+
+void DummyCallback(int /*result*/) {
+  resultReceived = true;
+  message_loop->Quit();
+}
+
+}  // namespace
+
+TEST(AndroidAuthNegotiateTest, GenerateAuthToken) {
+  AndroidAuthNegotiate auth("org.chromium.test.DummySpnegoAuthenticator",
+                            "Negotiate");
+  EXPECT_TRUE(auth.Init());
+
+  base::StartTestUiThreadLooper();
+
+  EXPECT_EQ(auth.GenerateAuthToken(nullptr, "Dummy", auth_token,
+                                   base::Bind(&DummyCallback)),
+            ERR_IO_PENDING);

[Bernhard Bauer, 2015/06/10 17:11:02]

Put the expected value first for nicer error messages in case of failure.

[aberent, 2015/06/15 15:52:19]

Done.

+
+  message_loop = base::MessageLoop::current();

[Bernhard Bauer, 2015/06/10 17:11:03]

Use base::RunLoop() instead of manually pumping the message loop. As an
additional bonus, because RunLoop requires the same run loop to be quit that was
started, you are guaranteed that the result callback will have been called by
the time the Run() call returns (as opposed to message loop, where anyone could
call MessageLoop::current()->Quit()), so you wouldn't need |result_received|
anymore. You could also bind the RunLoop to quit (or the QuitClosure) directly
into the callback instead of assigning it to a global variable.

[aberent, 2015/06/15 15:52:19]

Done.

+  message_loop->Run();
+
+  EXPECT_TRUE(resultReceived);
+  EXPECT_EQ(*auth_token, "Negotiate DummyToken");
+}
+
+TEST(AndroidAuthNegotiateTest, ParseChallenge_FirstRound) {
+  // The first round should just consist of an unadorned "Negotiate" header.
+  AndroidAuthNegotiate auth("org.chromium.test.DummySpnegoAuthenticator",
+                            "Negotiate");
+  std::string challenge_text = "Negotiate";
+  HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
+                                       challenge_text.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
+            auth.ParseChallenge(&challenge));
+}
+
+TEST(AndroidAuthNegotiateTest, ParseChallenge_UnexpectedTokenFirstRound) {
+  // If the first round challenge has an additional authentication token, it
+  // should be treated as an invalid challenge from the server.
+  AndroidAuthNegotiate auth("org.chromium.test.DummySpnegoAuthenticator",
+                            "Negotiate");
+  std::string challenge_text = "Negotiate Zm9vYmFy";
+  HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
+                                       challenge_text.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
+            auth.ParseChallenge(&challenge));
+}
+
+TEST(AndroidAuthNegotiateTest, ParseChallenge_TwoRounds) {
+  // The first round should just have "Negotiate", and the second round should
+  // have a valid base64 token associated with it.
+  AndroidAuthNegotiate auth("org.chromium.test.DummySpnegoAuthenticator",
+                            "Negotiate");
+  std::string first_challenge_text = "Negotiate";
+  HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
+                                             first_challenge_text.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
+            auth.ParseChallenge(&first_challenge));
+
+  std::string second_challenge_text = "Negotiate Zm9vYmFy";
+  HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
+                                              second_challenge_text.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
+            auth.ParseChallenge(&second_challenge));
+}
+
+TEST(AndroidAuthNegotiateTest, ParseChallenge_MissingTokenSecondRound) {
+  // If a later-round challenge is simply "Negotiate", it should be treated as
+  // an authentication challenge rejection from the server or proxy.
+  AndroidAuthNegotiate auth("org.chromium.test.DummySpnegoAuthenticator",
+                            "Negotiate");
+  std::string first_challenge_text = "Negotiate";
+  HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
+                                             first_challenge_text.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
+            auth.ParseChallenge(&first_challenge));
+
+  std::string second_challenge_text = "Negotiate";
+  HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
+                                              second_challenge_text.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
+            auth.ParseChallenge(&second_challenge));
+}
+
+}  // namespace android
+}  // namespace net