Chromium Code Reviews Chromium Code Reviews
Issue 12326090:
Third Party authentication protocol. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@host_key_pair| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "remoting/protocol/third_party_authenticator_base.h" | |
| 6 | |
| 7 #include "base/bind.h" | |
| 8 #include "net/base/net_errors.h" | |
| 9 #include "remoting/base/rsa_key_pair.h" | |
| 10 #include "remoting/protocol/authenticator_test_base.h" | |
| 11 #include "remoting/protocol/channel_authenticator.h" | |
| 12 #include "remoting/protocol/connection_tester.h" | |
| 13 #include "remoting/protocol/fake_authenticator.h" | |
| 14 #include "remoting/protocol/third_party_client_authenticator.h" | |
| 15 #include "remoting/protocol/third_party_host_authenticator.h" | |
| 16 #include "testing/gmock/include/gmock/gmock.h" | |
| 17 #include "testing/gtest/include/gtest/gtest.h" | |
| 18 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" | |
| 19 | |
| 20 using testing::_; | |
| 21 using testing::DeleteArg; | |
| 22 using testing::SaveArg; | |
| 23 | |
| 24 namespace { | |
| 25 | |
| 26 const int kMessageSize = 100; | |
| 27 const int kMessages = 1; | |
| 28 | |
| 29 const char kTokenIssueUrl[] = "https://example.com/Issue"; | |
| 30 const char kTokenVerificationUrl[] = "https://example.com/Verify"; | |
| 31 const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2"; | |
| 32 const char kToken[] = "abc123456xyz789"; | |
| 33 const char kSharedSecret[] = "1234-1234-5678"; | |
| 34 const char kSharedSecretBad[] = "0000-0000-0001"; | |
| 35 | |
| 36 } // namespace | |
| 37 | |
| 38 namespace remoting { | |
| 39 namespace protocol { | |
| 40 | |
| 41 class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase { | |
|
Sergey Ulanov
2013/03/07 21:20:41
This file should be called third_party_authenticat
rmsousa
2013/03/20 01:30:16
Done.
| |
| 42 class FakeTokenFetcher : public ThirdPartyClientAuthenticator::TokenFetcher { | |
| 43 public: | |
| 44 virtual void FetchThirdPartyToken( | |
| 45 const GURL& token_url, | |
| 46 const std::string& host_public_key, | |
| 47 const std::string& scope, | |
| 48 const TokenFetchedCallback& token_fetched_callback) { | |
| 49 on_token_fetched_ = token_fetched_callback; | |
| 50 } | |
| 51 | |
| 52 void OnTokenFetched(const std::string& token, | |
| 53 const std::string& shared_secret) { | |
| 54 on_token_fetched_.Run(token, shared_secret); | |
| 55 on_token_fetched_.Reset(); | |
| 56 } | |
| 57 | |
| 58 private: | |
| 59 TokenFetchedCallback on_token_fetched_; | |
| 60 }; | |
| 61 | |
| 62 class FakeTokenValidator | |
| 63 : public ThirdPartyHostAuthenticator::TokenValidator { | |
| 64 public: | |
| 65 FakeTokenValidator() | |
| 66 : token_url_(kTokenIssueUrl), | |
| 67 token_scope_(kTokenScope) {} | |
| 68 | |
| 69 virtual ~FakeTokenValidator() {} | |
| 70 | |
| 71 virtual void ValidateThirdPartyToken( | |
| 72 const std::string& token, | |
| 73 const TokenValidatedCallback& token_validated_callback) { | |
| 74 on_token_validated_ = token_validated_callback; | |
| 75 } | |
| 76 | |
| 77 void OnTokenValidated(const std::string& shared_secret) { | |
| 78 on_token_validated_.Run(shared_secret); | |
| 79 on_token_validated_.Reset(); | |
| 80 } | |
| 81 | |
| 82 virtual const GURL& token_url() const OVERRIDE { | |
| 83 return token_url_; | |
| 84 } | |
| 85 | |
| 86 virtual const std::string& token_scope() const OVERRIDE { | |
| 87 return token_scope_; | |
| 88 } | |
| 89 | |
| 90 private: | |
| 91 GURL token_url_; | |
| 92 std::string token_scope_; | |
| 93 base::Callback<void(const std::string& shared_secret)> on_token_validated_; | |
| 94 }; | |
| 95 | |
| 96 public: | |
| 97 ThirdPartyAuthenticatorTest() { | |
| 98 } | |
| 99 virtual ~ThirdPartyAuthenticatorTest() { | |
| 100 } | |
| 101 | |
| 102 protected: | |
| 103 void InitAuthenticators() { | |
| 104 scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator> | |
| 105 token_validator(new FakeTokenValidator()); | |
| 106 token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get()); | |
| 107 host_.reset(new ThirdPartyHostAuthenticator( | |
| 108 host_cert_, key_pair_, token_validator.Pass(), | |
| 109 Authenticator::WAITING_MESSAGE)); | |
| 110 scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher> | |
| 111 token_fetcher(new FakeTokenFetcher()); | |
| 112 token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get()); | |
| 113 client_.reset(new ThirdPartyClientAuthenticator( | |
| 114 host_public_key_, token_fetcher.Pass(), Authenticator::MESSAGE_READY)); | |
| 115 } | |
| 116 | |
| 117 FakeTokenFetcher* token_fetcher_; | |
| 118 FakeTokenValidator* token_validator_; | |
| 119 | |
| 120 private: | |
| 121 DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest); | |
| 122 }; | |
| 123 | |
| 124 TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) { | |
| 125 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 126 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 127 // ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
|
Sergey Ulanov
2013/03/07 21:20:41
remove commented code?
rmsousa
2013/03/20 01:30:16
Uncommented
| |
| 128 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( | |
| 129 kToken, kSharedSecret)); | |
| 130 // ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 131 ASSERT_NO_FATAL_FAILURE( | |
| 132 token_validator_->OnTokenValidated(kSharedSecret)); | |
| 133 // Both sides have finished. | |
| 134 ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); | |
| 135 ASSERT_EQ(Authenticator::ACCEPTED, client_->state()); | |
| 136 | |
| 137 // An authenticated channel can be created after the authentication. | |
| 138 client_auth_ = client_->CreateChannelAuthenticator(); | |
| 139 host_auth_ = host_->CreateChannelAuthenticator(); | |
| 140 RunChannelAuth(false); | |
| 141 | |
| 142 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), | |
| 143 kMessageSize, kMessages); | |
| 144 | |
| 145 tester.Start(); | |
| 146 message_loop_.Run(); | |
| 147 tester.CheckResults(); | |
| 148 } | |
| 149 | |
| 150 TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) { | |
| 151 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 152 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 153 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 154 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(kToken, "")); | |
| 155 // The end result is that the client rejected the connection, since it | |
| 156 // couldn't fetch the secret. | |
| 157 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 158 } | |
| 159 | |
| 160 TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) { | |
| 161 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 162 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 163 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 164 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( | |
| 165 kToken, kSharedSecret)); | |
| 166 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 167 ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated("")); | |
| 168 | |
| 169 // The end result is that the host rejected the token. | |
| 170 ASSERT_EQ(Authenticator::REJECTED, host_->state()); | |
| 171 } | |
| 172 | |
| 173 TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) { | |
| 174 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 175 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 176 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 177 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched("", "")); | |
| 178 | |
| 179 // The end result is that the client rejected the connection, since it | |
| 180 // couldn't fetch the token. | |
| 181 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 182 } | |
| 183 | |
| 184 // Test that negotiation stops when the fake authentication is rejected. | |
| 185 TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) { | |
| 186 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 187 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 188 | |
| 189 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 190 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( | |
| 191 kToken, kSharedSecret)); | |
| 192 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 193 ASSERT_NO_FATAL_FAILURE( | |
| 194 token_validator_->OnTokenValidated(kSharedSecretBad)); | |
| 195 | |
| 196 // The end result is that the host rejected the fake authentication. | |
| 197 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 198 } | |
| 199 | |
| 200 TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) { | |
| 201 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 202 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 203 | |
| 204 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 205 ASSERT_NO_FATAL_FAILURE( | |
| 206 token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad)); | |
| 207 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 208 ASSERT_NO_FATAL_FAILURE( | |
| 209 token_validator_->OnTokenValidated(kSharedSecret)); | |
| 210 | |
| 211 // The end result is that the host rejected the fake authentication. | |
| 212 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 213 } | |
| 214 | |
| 215 } // namespace protocol | |
| 216 } // namespace remoting | |
| OLD | NEW |
