Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(25)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/cast_channel/cast_auth_util_unittest.cc

Issue 2709523008: [Cast Channel] Add support for nonce challenge to Cast channel authentication. (Closed)
Patch Set: Rebase-only Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_util.cc ('k') | extensions/browser/api/cast_channel/cast_message_util.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/cast_channel/cast_auth_util_unittest.cc
diff --git a/extensions/browser/api/cast_channel/cast_auth_util_unittest.cc b/extensions/browser/api/cast_channel/cast_auth_util_unittest.cc
index 819daaf4b0d976764f29769c4bb0854cd7481ba1..b658068558b4e3f9daeb7218df6c955f73aa24be 100644
--- a/extensions/browser/api/cast_channel/cast_auth_util_unittest.cc
+++ b/extensions/browser/api/cast_channel/cast_auth_util_unittest.cc
@@ -7,6 +7,7 @@
#include <string>
#include "base/macros.h"
+#include "base/test/scoped_feature_list.h"
#include "base/time/time.h"
#include "components/cast_certificate/cast_cert_validator.h"
#include "components/cast_certificate/cast_cert_validator_test_helpers.h"
@@ -14,6 +15,7 @@
#include "components/cast_certificate/proto/test_suite.pb.h"
#include "extensions/common/api/cast_channel/cast_channel.pb.h"
#include "net/cert/internal/trust_store_in_memory.h"
+#include "net/cert/x509_certificate.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace extensions {
@@ -104,6 +106,83 @@ TEST_F(CastAuthUtilTest, VerifyBadPeerCert) {
EXPECT_EQ(AuthResult::ERROR_SIGNED_BLOBS_MISMATCH, result.error_type);
}
+TEST_F(CastAuthUtilTest, VerifySenderNonceMatch) {
+ base::test::ScopedFeatureList scoped_feature_list;
+ scoped_feature_list.InitAndEnableFeature(
+ base::Feature{"CastNonceEnforced", base::FEATURE_DISABLED_BY_DEFAULT});
+ AuthContext context = AuthContext::Create();
+ AuthResult result = context.VerifySenderNonce(context.nonce());
+ EXPECT_TRUE(result.success());
+}
+
+TEST_F(CastAuthUtilTest, VerifySenderNonceMismatch) {
+ base::test::ScopedFeatureList scoped_feature_list;
+ scoped_feature_list.InitAndEnableFeature(
+ base::Feature{"CastNonceEnforced", base::FEATURE_DISABLED_BY_DEFAULT});
+ AuthContext context = AuthContext::Create();
+ std::string received_nonce = "test2";
+ EXPECT_NE(received_nonce, context.nonce());
+ AuthResult result = context.VerifySenderNonce(received_nonce);
+ EXPECT_FALSE(result.success());
+ EXPECT_EQ(AuthResult::ERROR_SENDER_NONCE_MISMATCH, result.error_type);
+}
+
+TEST_F(CastAuthUtilTest, VerifySenderNonceMissing) {
+ base::test::ScopedFeatureList scoped_feature_list;
+ scoped_feature_list.InitAndEnableFeature(
+ base::Feature{"CastNonceEnforced", base::FEATURE_DISABLED_BY_DEFAULT});
+ AuthContext context = AuthContext::Create();
+ std::string received_nonce = "";
+ EXPECT_FALSE(context.nonce().empty());
+ AuthResult result = context.VerifySenderNonce(received_nonce);
+ EXPECT_FALSE(result.success());
+ EXPECT_EQ(AuthResult::ERROR_SENDER_NONCE_MISMATCH, result.error_type);
+}
+
+TEST_F(CastAuthUtilTest, VerifyTLSCertificateSuccess) {
+ auto tls_cert_der = cast_certificate::testing::ReadCertificateChainFromFile(
+ "certificates/test_tls_cert.pem");
+
+ scoped_refptr<net::X509Certificate> tls_cert =
+ net::X509Certificate::CreateFromBytes(tls_cert_der[0].data(),
+ tls_cert_der[0].size());
+ std::string peer_cert_der;
+ AuthResult result =
+ VerifyTLSCertificate(*tls_cert, &peer_cert_der, tls_cert->valid_start());
+ EXPECT_TRUE(result.success());
+}
+
+TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooEarly) {
+ auto tls_cert_der = cast_certificate::testing::ReadCertificateChainFromFile(
+ "certificates/test_tls_cert.pem");
+
+ scoped_refptr<net::X509Certificate> tls_cert =
+ net::X509Certificate::CreateFromBytes(tls_cert_der[0].data(),
+ tls_cert_der[0].size());
+ std::string peer_cert_der;
+ AuthResult result = VerifyTLSCertificate(
+ *tls_cert, &peer_cert_der,
+ tls_cert->valid_start() - base::TimeDelta::FromSeconds(1));
+ EXPECT_FALSE(result.success());
+ EXPECT_EQ(AuthResult::ERROR_TLS_CERT_VALID_START_DATE_IN_FUTURE,
+ result.error_type);
+}
+
+TEST_F(CastAuthUtilTest, VerifyTLSCertificateTooLate) {
+ auto tls_cert_der = cast_certificate::testing::ReadCertificateChainFromFile(
+ "certificates/test_tls_cert.pem");
+
+ scoped_refptr<net::X509Certificate> tls_cert =
+ net::X509Certificate::CreateFromBytes(tls_cert_der[0].data(),
+ tls_cert_der[0].size());
+ std::string peer_cert_der;
+ AuthResult result = VerifyTLSCertificate(
+ *tls_cert, &peer_cert_der,
+ tls_cert->valid_expiry() + base::TimeDelta::FromSeconds(2));
+ EXPECT_FALSE(result.success());
+ EXPECT_EQ(AuthResult::ERROR_TLS_CERT_EXPIRED, result.error_type);
+}
+
// Indicates the expected result of test step's verification.
enum TestStepResult {
RESULT_SUCCESS,
« no previous file with comments | « extensions/browser/api/cast_channel/cast_auth_util.cc ('k') | extensions/browser/api/cast_channel/cast_message_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698