SPDY proxy authentication support.

chrome/browser/spdyproxy/http_auth_handler_spdyproxy_unittest.cc

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/string_util.h"
+#include "base/utf_string_conversions.h"
+#include "chrome/browser/spdyproxy/http_auth_handler_spdyproxy.h"
+#include "net/base/net_errors.h"
+#include "net/http/http_request_info.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+const char kValidOrigin[] = "https://www.proxy.com/";
+const char kValidChallenge[] = "SpdyProxy realm=\"SpdyProxy\", "
+    "ps=\"1-2-3-4\"";
+
+}  // namespace
+
+namespace spdyproxy {
+
+using net::ERR_INVALID_RESPONSE;
+using net::ERR_UNSUPPORTED_AUTH_SCHEME;
+using net::OK;
+using net::AuthCredentials;
+using net::BoundNetLog;
+using net::CompletionCallback;
+using net::Error;
+using net::HttpAuth;
+using net::HttpAuthHandler;
+using net::HttpRequestInfo;
+
+TEST(HttpAuthHandlerSpdyProxyTest, GenerateAuthToken) {
+  // Verifies that challenge parsing is expected as described in individual
+  // cases below.
+  static const struct {
+    Error err1, err2;
+    const char* origin;
+    const char* challenge;
+    const char* username;
+    const char* sid;
+    const char* expected_credentials;
+  } tests[] = {
+      // A well-formed challenge where a sid is provided produces a valid
+      // response header echoing the sid and ps token.
+      { OK, OK,
+        kValidOrigin,
+        kValidChallenge,
+        "",
+        "sid-string",
+        "SpdyProxy ps=\"1-2-3-4\", sid=\"sid-string\"",},
+
+      // A non-SSL origin returns ERR_UNSUPPORTED_AUTH_SCHEME.
+      { ERR_UNSUPPORTED_AUTH_SCHEME, OK,
+        "http://www.proxy.com/", "", "", "", "",},
+
+      // An SSL origin not matching the authorized origin returns
+      // ERR_UNSUPPORTED_AUTH_SCHEME.
+      { ERR_UNSUPPORTED_AUTH_SCHEME, OK,
+        "https://www.unconfigured.com/", "", "", "", "",},
+
+      // Absent ps token yields ERR_INVALID_RESPONSE.
+      { ERR_INVALID_RESPONSE, OK,
+        kValidOrigin, "SpdyProxy realm=\"SpdyProxy\"", "", "", "",},
+  };
+  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
+    GURL origin(tests[i].origin);
+    GURL authorized_origin(kValidOrigin);
+    HttpAuthHandlerSpdyProxy::Factory factory(authorized_origin);
+    scoped_ptr<HttpAuthHandler> spdyproxy;
+    EXPECT_EQ(tests[i].err1, factory.CreateAuthHandlerFromString(
+        tests[i].challenge, HttpAuth::AUTH_PROXY, origin, BoundNetLog(),
+        &spdyproxy));
+    if (tests[i].err1 != OK) {
+      continue;
+    }
+    AuthCredentials credentials(ASCIIToUTF16(tests[i].username),
+                                ASCIIToUTF16(tests[i].sid));
+    HttpRequestInfo request_info;
+    std::string auth_token;
+    int rv = spdyproxy->GenerateAuthToken(&credentials, &request_info,
+                                          CompletionCallback(), &auth_token);
+    EXPECT_EQ(tests[i].err2, rv);
+    if (tests[i].err2 != OK) {
+      continue;
+    }
+    EXPECT_STREQ(tests[i].expected_credentials, auth_token.c_str());
+  }
+}
+
+TEST(HttpAuthHandlerSpdyProxyTest, NonProxyAuthTypeFails) {
+  // Verifies that an authorization request fails if requested by an ordinary
+  // site. (i.e., HttpAuth::AUTH_SERVER)
+  GURL origin(kValidOrigin);
+  GURL accepted_origin(kValidOrigin);
+  HttpAuthHandlerSpdyProxy::Factory factory(accepted_origin);
+  scoped_ptr<HttpAuthHandler> spdyproxy;
+  EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, factory.CreateAuthHandlerFromString(
+      kValidChallenge, HttpAuth::AUTH_SERVER, origin,
+      BoundNetLog(), &spdyproxy));
+}
+
+TEST(HttpAuthHandlerSpdyProxyTest, HandleAnotherChallenge) {
+  // Verifies that any repeat challenge is treated as a failure.
+  GURL origin(kValidOrigin);
+  GURL accepted_origin(kValidOrigin);
+  HttpAuthHandlerSpdyProxy::Factory factory(accepted_origin);
+  scoped_ptr<HttpAuthHandler> spdyproxy;
+  EXPECT_EQ(OK, factory.CreateAuthHandlerFromString(
+      kValidChallenge, HttpAuth::AUTH_PROXY, origin,
+      BoundNetLog(), &spdyproxy));
+  std::string challenge(kValidChallenge);
+  HttpAuth::ChallengeTokenizer tok(challenge.begin(),
+                                   challenge.end());
+  EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
+            spdyproxy->HandleAnotherChallenge(&tok));
+}
+
+TEST(HttpAuthHandlerSpdyProxyTest, ParseChallenge) {

[cbentzel, 2012/09/18 15:30:52]

This is mainly covered by the GenerateAuthToken test, but I'm fine with this as
well.

[Michael Piatek, 2012/09/18 20:32:05]

Ack.

+  // Verifies that various challenge strings are parsed appropriately as
+  // described below.
+  static const struct {
+    const char* challenge;
+    int expected_rv;
+    const char* expected_ps;
+    const char* expected_realm;
+  } tests[] = {
+    // Absent parameters fails.
+    { "SpdyProxy", ERR_INVALID_RESPONSE, "", "", },
+
+    // Empty parameters fails.
+    { "SpdyProxy ps=\"\"", ERR_INVALID_RESPONSE, "", "", },
+
+    // Valid challenge parses successfully.
+    { kValidChallenge, OK, "1-2-3-4", "SpdyProxy", },
+  };
+  GURL origin(kValidOrigin);
+  GURL accepted_origin(kValidOrigin);
+  HttpAuthHandlerSpdyProxy::Factory factory(accepted_origin);
+  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
+    std::string challenge = tests[i].challenge;
+    scoped_ptr<HttpAuthHandler> spdyproxy;
+    int rv = factory.CreateAuthHandlerFromString(
+        challenge, HttpAuth::AUTH_PROXY, origin, BoundNetLog(), &spdyproxy);
+    EXPECT_EQ(tests[i].expected_rv, rv);
+    if (rv == OK) {
+      EXPECT_EQ(tests[i].expected_realm, spdyproxy->realm());
+      HttpAuthHandlerSpdyProxy* as_spdyproxy =
+          static_cast<HttpAuthHandlerSpdyProxy*>(spdyproxy.get());
+      EXPECT_EQ(tests[i].expected_ps,
+                as_spdyproxy->ps_token());
+    }
+  }
+}
+
+}  // namespace spdyproxy