Index: remoting/protocol/negotiating_authenticator_unittest.cc |
diff --git a/remoting/protocol/negotiating_authenticator_unittest.cc b/remoting/protocol/negotiating_authenticator_unittest.cc |
index 92047d6688118c153b2899836ffb3a6257af77b0..7714f08fe0558821c0009c40b0b0a5aa63cd976d 100644 |
--- a/remoting/protocol/negotiating_authenticator_unittest.cc |
+++ b/remoting/protocol/negotiating_authenticator_unittest.cc |
@@ -27,10 +27,15 @@ namespace { |
const int kMessageSize = 100; |
const int kMessages = 1; |
+const char kNoClientId[] = ""; |
+const char kNoPairedSecret[] = ""; |
+const char kTestClientId[] = "client-id"; |
const char kTestHostId[] = "12345678910123456"; |
-const char kTestSharedSecret[] = "1234-1234-5678"; |
-const char kTestSharedSecretBad[] = "0000-0000-0001"; |
+const char kTestPairedSecret[] = "1111-2222-3333"; |
+const char kTestPairedSecretBad[] = "4444-5555-6666"; |
+const char kTestPin[] = "1234-1234-5678"; |
rmsousa
2013/05/21 23:17:07
Nit: Since we're fixing this file, might as well u
Jamie
2013/05/22 00:19:14
Done.
|
+const char kTestPinBad[] = "0000-0000-0001"; |
} // namespace |
@@ -43,26 +48,47 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
protected: |
void InitAuthenticators( |
- const std::string& client_secret, |
+ const std::string& client_id, |
+ const std::string& client_paired_secret, |
+ const std::string& client_interactive_pin, |
const std::string& host_secret, |
AuthenticationMethod::HashFunction hash_function, |
- bool client_hmac_only) { |
+ bool client_hmac_only, |
+ scoped_refptr<PairingRegistry> pairing_registry) { |
std::string host_secret_hash = AuthenticationMethod::ApplyHashFunction( |
hash_function, kTestHostId, host_secret); |
host_ = NegotiatingHostAuthenticator::CreateWithSharedSecret( |
- host_cert_, key_pair_, host_secret_hash, hash_function); |
+ host_cert_, key_pair_, host_secret_hash, hash_function, |
+ pairing_registry); |
std::vector<AuthenticationMethod> methods; |
+ methods.push_back(AuthenticationMethod::Spake2Pair()); |
methods.push_back(AuthenticationMethod::Spake2( |
AuthenticationMethod::HMAC_SHA256)); |
if (!client_hmac_only) { |
methods.push_back(AuthenticationMethod::Spake2( |
AuthenticationMethod::NONE)); |
} |
- client_.reset(new NegotiatingClientAuthenticator( |
+ client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
+ client_id, client_paired_secret, |
kTestHostId, base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
- client_secret), |
- scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher>(), methods)); |
+ client_interactive_pin), |
+ scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher>(), methods); |
+ client_.reset(client_as_negotiating_authenticator_); |
+ } |
+ |
+ scoped_refptr<PairingRegistry> CreatePairingRegistry( |
+ PairingRegistry::Pairing* pairings, size_t num_pairings) { |
+ PairingRegistry::PairedClients clients; |
+ for (size_t i = 0; i < num_pairings; ++i) { |
+ clients[pairings[i].client_id] = pairings[i]; |
+ } |
+ scoped_refptr<PairingRegistry> result( |
+ new PairingRegistry( |
+ scoped_ptr<PairingRegistry::Delegate>( |
+ new NotImplementedPairingRegistryDelegate), |
+ clients)); |
+ return result; |
} |
static void FetchSecret( |
@@ -70,14 +96,19 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
const protocol::SecretFetchedCallback& secret_fetched_callback) { |
secret_fetched_callback.Run(client_secret); |
} |
+ |
void VerifyRejected(Authenticator::RejectionReason reason) { |
- ASSERT_TRUE((client_->state() == Authenticator::REJECTED && |
- (client_->rejection_reason() == reason)) || |
- (host_->state() == Authenticator::REJECTED && |
- (host_->rejection_reason() == reason))); |
+ ASSERT_TRUE(client_->state() == Authenticator::REJECTED || |
+ host_->state() == Authenticator::REJECTED); |
+ if (client_->state() == Authenticator::REJECTED) { |
+ ASSERT_EQ(client_->rejection_reason(), reason); |
+ } |
+ if (host_->state() == Authenticator::REJECTED) { |
+ ASSERT_EQ(host_->rejection_reason(), reason); |
+ } |
} |
- void VerifyAccepted() { |
+ void VerifyAccepted(const AuthenticationMethod& expected_method) { |
ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); |
@@ -96,30 +127,36 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
tester.Start(); |
message_loop_.Run(); |
tester.CheckResults(); |
+ EXPECT_EQ(expected_method, |
+ client_as_negotiating_authenticator_->current_method()); |
} |
+ // Use a bare pointer because the storage is managed by the base class. |
+ NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; |
+ |
private: |
DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); |
}; |
TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthHmac) { |
ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
- kTestSharedSecret, kTestSharedSecret, |
- AuthenticationMethod::HMAC_SHA256, false)); |
- VerifyAccepted(); |
+ kNoClientId, kNoPairedSecret, kTestPin, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, NULL)); |
+ VerifyAccepted( |
+ AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256)); |
} |
TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthPlain) { |
ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
- kTestSharedSecret, kTestSharedSecret, |
- AuthenticationMethod::NONE, false)); |
- VerifyAccepted(); |
+ kNoClientId, kNoPairedSecret, kTestPin, kTestPin, |
+ AuthenticationMethod::NONE, false, NULL)); |
+ VerifyAccepted(AuthenticationMethod::Spake2(AuthenticationMethod::NONE)); |
} |
TEST_F(NegotiatingAuthenticatorTest, InvalidSecretHmac) { |
ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
- kTestSharedSecret, kTestSharedSecretBad, |
- AuthenticationMethod::HMAC_SHA256, false)); |
+ kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, NULL)); |
ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
@@ -127,8 +164,8 @@ TEST_F(NegotiatingAuthenticatorTest, InvalidSecretHmac) { |
TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) { |
ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
- kTestSharedSecret, kTestSharedSecretBad, |
- AuthenticationMethod::NONE, false)); |
+ kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, |
+ AuthenticationMethod::NONE, false, NULL)); |
ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
@@ -136,12 +173,84 @@ TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) { |
TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { |
ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
- kTestSharedSecret, kTestSharedSecretBad, |
- AuthenticationMethod::NONE, true)); |
+ kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, |
+ AuthenticationMethod::NONE, true, NULL)); |
ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
VerifyRejected(Authenticator::PROTOCOL_ERROR); |
} |
+TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kTestClientId, kTestPairedSecret, kTestPin, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, NULL)); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyAccepted( |
+ AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256)); |
+} |
+ |
+TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kNoClientId, kNoPairedSecret, kTestPin, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, |
+ CreatePairingRegistry(NULL, 0))); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyAccepted(AuthenticationMethod::Spake2Pair()); |
+} |
+ |
+TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kTestClientId, kTestPairedSecret, kTestPin, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, |
+ CreatePairingRegistry(NULL, 0))); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyAccepted(AuthenticationMethod::Spake2Pair()); |
+} |
+ |
+TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, |
+ CreatePairingRegistry(NULL, 0))); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
+} |
+ |
+TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { |
+ PairingRegistry::Pairing pairing; |
+ pairing.client_id = kTestClientId; |
+ pairing.shared_secret = kTestPairedSecret; |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, |
+ CreatePairingRegistry(&pairing, 1))); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyAccepted(AuthenticationMethod::Spake2Pair()); |
+} |
+ |
+TEST_F(NegotiatingAuthenticatorTest, PairingSucceededInvalidSecretButPinOkay) { |
+ PairingRegistry::Pairing pairing; |
+ pairing.client_id = kTestClientId; |
+ pairing.shared_secret = kTestPairedSecret; |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, |
+ CreatePairingRegistry(&pairing, 1))); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyAccepted(AuthenticationMethod::Spake2Pair()); |
+} |
+ |
+TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
+ PairingRegistry::Pairing pairing; |
+ pairing.client_id = kTestClientId; |
+ pairing.shared_secret = kTestPairedSecret; |
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
+ kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, |
+ AuthenticationMethod::HMAC_SHA256, false, |
+ CreatePairingRegistry(&pairing, 1))); |
+ ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
+ VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
+} |
+ |
} // namespace protocol |
} // namespace remoting |