| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" | 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/test/scoped_feature_list.h" |
| 10 #include "base/time/time.h" | 11 #include "base/time/time.h" |
| 11 #include "components/cast_certificate/cast_cert_validator.h" | 12 #include "components/cast_certificate/cast_cert_validator.h" |
| 12 #include "components/cast_certificate/cast_cert_validator_test_helpers.h" | 13 #include "components/cast_certificate/cast_cert_validator_test_helpers.h" |
| 13 #include "components/cast_certificate/cast_crl.h" | 14 #include "components/cast_certificate/cast_crl.h" |
| 14 #include "components/cast_certificate/proto/test_suite.pb.h" | 15 #include "components/cast_certificate/proto/test_suite.pb.h" |
| 15 #include "extensions/common/api/cast_channel/cast_channel.pb.h" | 16 #include "extensions/common/api/cast_channel/cast_channel.pb.h" |
| 16 #include "net/cert/internal/trust_store_in_memory.h" | 17 #include "net/cert/internal/trust_store_in_memory.h" |
| 18 #include "net/cert/x509_certificate.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 20 |
| 19 namespace extensions { | 21 namespace extensions { |
| 20 namespace api { | 22 namespace api { |
| 21 namespace cast_channel { | 23 namespace cast_channel { |
| 22 namespace { | 24 namespace { |
| 23 | 25 |
| 24 class CastAuthUtilTest : public testing::Test { | 26 class CastAuthUtilTest : public testing::Test { |
| 25 public: | 27 public: |
| 26 CastAuthUtilTest() {} | 28 CastAuthUtilTest() {} |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 97 | 99 |
| 98 TEST_F(CastAuthUtilTest, VerifyBadPeerCert) { | 100 TEST_F(CastAuthUtilTest, VerifyBadPeerCert) { |
| 99 std::string signed_data; | 101 std::string signed_data; |
| 100 AuthResponse auth_response = CreateAuthResponse(&signed_data); | 102 AuthResponse auth_response = CreateAuthResponse(&signed_data); |
| 101 MangleString(&signed_data); | 103 MangleString(&signed_data); |
| 102 AuthResult result = VerifyCredentials(auth_response, signed_data); | 104 AuthResult result = VerifyCredentials(auth_response, signed_data); |
| 103 EXPECT_FALSE(result.success()); | 105 EXPECT_FALSE(result.success()); |
| 104 EXPECT_EQ(AuthResult::ERROR_SIGNED_BLOBS_MISMATCH, result.error_type); | 106 EXPECT_EQ(AuthResult::ERROR_SIGNED_BLOBS_MISMATCH, result.error_type); |
| 105 } | 107 } |
| 106 | 108 |
| 109 TEST_F(CastAuthUtilTest, VerifySenderNonceMatch) { |
| 110 base::test::ScopedFeatureList scoped_feature_list; |
| 111 scoped_feature_list.InitAndEnableFeature( |
| 112 base::Feature{"CastNonceEnforced", base::FEATURE_DISABLED_BY_DEFAULT}); |
| 113 std::string expected_nonce = "test1"; |
| 114 std::string received_nonce = "test1"; |
| 115 AuthResult result = VerifySenderNonce(expected_nonce, received_nonce); |
| 116 EXPECT_TRUE(result.success()); |
| 117 } |
| 118 |
| 119 TEST_F(CastAuthUtilTest, VerifySenderNonceMismatch) { |
| 120 base::test::ScopedFeatureList scoped_feature_list; |
| 121 scoped_feature_list.InitAndEnableFeature( |
| 122 base::Feature{"CastNonceEnforced", base::FEATURE_DISABLED_BY_DEFAULT}); |
| 123 std::string expected_nonce = "test1"; |
| 124 std::string received_nonce = "test2"; |
| 125 AuthResult result = VerifySenderNonce(expected_nonce, received_nonce); |
| 126 EXPECT_FALSE(result.success()); |
| 127 EXPECT_EQ(AuthResult::ERROR_SENDER_NONCE_MISMATCH, result.error_type); |
| 128 } |
| 129 |
| 130 TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) { |
| 131 base::test::ScopedFeatureList scoped_feature_list; |
| 132 scoped_feature_list.InitAndEnableFeature( |
| 133 base::Feature{"CastNonceEnforced", base::FEATURE_DISABLED_BY_DEFAULT}); |
| 134 std::string expected_nonce = "test1"; |
| 135 std::string received_nonce = ""; |
| 136 AuthResult result = VerifySenderNonce(expected_nonce, received_nonce); |
| 137 EXPECT_FALSE(result.success()); |
| 138 EXPECT_EQ(AuthResult::ERROR_SENDER_NONCE_MISMATCH, result.error_type); |
| 139 } |
| 140 |
| 141 TEST_F(CastAuthUtilTest, VerifyTLSCertificateSuccess) { |
| 142 auto tls_cert_der = cast_certificate::testing::ReadCertificateChainFromFile( |
| 143 "certificates/test_tls_cert.pem"); |
| 144 |
| 145 scoped_refptr<net::X509Certificate> tls_cert = |
| 146 net::X509Certificate::CreateFromBytes(tls_cert_der[0].data(), |
| 147 tls_cert_der[0].size()); |
| 148 std::string peer_cert_der; |
| 149 AuthResult result = |
| 150 VerifyTLSCertificate(*tls_cert, &peer_cert_der, tls_cert->valid_start()); |
| 151 EXPECT_TRUE(result.success()); |
| 152 } |
| 153 |
| 154 TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) { |
| 155 auto tls_cert_der = cast_certificate::testing::ReadCertificateChainFromFile( |
| 156 "certificates/test_tls_cert.pem"); |
| 157 |
| 158 scoped_refptr<net::X509Certificate> tls_cert = |
| 159 net::X509Certificate::CreateFromBytes(tls_cert_der[0].data(), |
| 160 tls_cert_der[0].size()); |
| 161 std::string peer_cert_der; |
| 162 AuthResult result = VerifyTLSCertificate( |
| 163 *tls_cert, &peer_cert_der, |
| 164 tls_cert->valid_start() - base::TimeDelta::FromSeconds(1)); |
| 165 EXPECT_FALSE(result.success()); |
| 166 EXPECT_EQ(AuthResult::ERROR_TLS_CERT_VALID_START_DATE_IN_FUTURE, |
| 167 result.error_type); |
| 168 } |
| 169 |
| 170 TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) { |
| 171 auto tls_cert_der = cast_certificate::testing::ReadCertificateChainFromFile( |
| 172 "certificates/test_tls_cert.pem"); |
| 173 |
| 174 scoped_refptr<net::X509Certificate> tls_cert = |
| 175 net::X509Certificate::CreateFromBytes(tls_cert_der[0].data(), |
| 176 tls_cert_der[0].size()); |
| 177 std::string peer_cert_der; |
| 178 AuthResult result = VerifyTLSCertificate( |
| 179 *tls_cert, &peer_cert_der, |
| 180 tls_cert->valid_expiry() + base::TimeDelta::FromSeconds(2)); |
| 181 EXPECT_FALSE(result.success()); |
| 182 EXPECT_EQ(AuthResult::ERROR_TLS_CERT_EXPIRED, result.error_type); |
| 183 } |
| 184 |
| 107 // Indicates the expected result of test step's verification. | 185 // Indicates the expected result of test step's verification. |
| 108 enum TestStepResult { | 186 enum TestStepResult { |
| 109 RESULT_SUCCESS, | 187 RESULT_SUCCESS, |
| 110 RESULT_FAIL, | 188 RESULT_FAIL, |
| 111 }; | 189 }; |
| 112 | 190 |
| 113 // Verifies that the certificate chain provided is not revoked according to | 191 // Verifies that the certificate chain provided is not revoked according to |
| 114 // the provided Cast CRL at |verification_time|. | 192 // the provided Cast CRL at |verification_time|. |
| 115 // The provided CRL is verified at |verification_time|. | 193 // The provided CRL is verified at |verification_time|. |
| 116 // If |crl_required| is set, then a valid Cast CRL must be provided. | 194 // If |crl_required| is set, then a valid Cast CRL must be provided. |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 251 } | 329 } |
| 252 | 330 |
| 253 TEST_F(CastAuthUtilTest, CRLTestSuite) { | 331 TEST_F(CastAuthUtilTest, CRLTestSuite) { |
| 254 RunTestSuite("testsuite/testsuite1.pb"); | 332 RunTestSuite("testsuite/testsuite1.pb"); |
| 255 } | 333 } |
| 256 | 334 |
| 257 } // namespace | 335 } // namespace |
| 258 } // namespace cast_channel | 336 } // namespace cast_channel |
| 259 } // namespace api | 337 } // namespace api |
| 260 } // namespace extensions | 338 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2709523008:
[Cast Channel] Add support for nonce challenge to Cast channel authentication. (Closed)
