Chromium Code Reviews Chromium Code Reviews
Issue 12326090:
Third Party authentication protocol. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@host_key_pair| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "remoting/protocol/third_party_authenticator.h" | |
| 6 | |
| 7 #include "base/bind.h" | |
| 8 #include "net/base/net_errors.h" | |
| 9 #include "remoting/base/rsa_key_pair.h" | |
| 10 #include "remoting/protocol/authenticator_test_base.h" | |
| 11 #include "remoting/protocol/channel_authenticator.h" | |
| 12 #include "remoting/protocol/connection_tester.h" | |
| 13 #include "remoting/protocol/fake_authenticator.h" | |
| 14 #include "testing/gmock/include/gmock/gmock.h" | |
| 15 #include "testing/gtest/include/gtest/gtest.h" | |
| 16 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" | |
| 17 | |
| 18 using testing::_; | |
| 19 using testing::DeleteArg; | |
| 20 using testing::SaveArg; | |
| 21 | |
| 22 namespace { | |
| 23 | |
| 24 const int kMessageSize = 100; | |
| 25 const int kMessages = 1; | |
| 26 | |
| 27 const char kTokenIssueUrl[] = "https://example.com/Issue"; | |
| 28 const char kTokenVerificationUrl[] = "https://example.com/Verify"; | |
| 29 const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2"; | |
| 30 const char kToken[] = "abc123456xyz789"; | |
| 31 const char kSharedSecret[] = "1234-1234-5678"; | |
| 32 const char kSharedSecretBad[] = "0000-0000-0001"; | |
| 33 | |
| 34 } // namespace | |
| 35 | |
| 36 namespace remoting { | |
| 37 namespace protocol { | |
| 38 | |
| 39 class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase { | |
| 40 class FakeTokenFetcher | |
|
Wez
2013/03/05 22:55:53
nit: Specify visibility explicitly.
| |
| 41 : public protocol::ThirdPartyAuthenticator::TokenFetcher { | |
| 42 public: | |
| 43 virtual void FetchThirdPartyToken( | |
| 44 const std::string& token_url, | |
| 45 const std::string& host_public_key, | |
| 46 const std::string& scope, | |
| 47 const TokenFetchedCallback& token_fetched_callback) { | |
| 48 on_token_fetched_ = token_fetched_callback; | |
| 49 } | |
| 50 | |
| 51 void OnTokenFetched(const std::string& token, | |
| 52 const std::string& shared_secret) { | |
| 53 on_token_fetched_.Run(token, shared_secret); | |
| 54 on_token_fetched_.Reset(); | |
| 55 } | |
| 56 | |
| 57 private: | |
| 58 TokenFetchedCallback on_token_fetched_; | |
| 59 }; | |
| 60 | |
| 61 class FakeTokenValidator | |
| 62 : public protocol::ThirdPartyAuthenticator::TokenValidator { | |
| 63 public: | |
| 64 FakeTokenValidator() | |
| 65 : token_url_(kTokenIssueUrl), | |
| 66 token_scope_(kTokenScope) {} | |
| 67 | |
| 68 virtual ~FakeTokenValidator() {} | |
|
Wez
2013/03/05 22:55:53
Indentation here & below.
| |
| 69 | |
| 70 virtual void ValidateThirdPartyToken( | |
| 71 const std::string& token, | |
| 72 const TokenValidatedCallback& token_validated_callback) { | |
| 73 on_token_validated_ = token_validated_callback; | |
| 74 } | |
| 75 | |
| 76 void OnTokenValidated(const std::string& shared_secret) { | |
| 77 on_token_validated_.Run(shared_secret); | |
| 78 on_token_validated_.Reset(); | |
| 79 } | |
| 80 | |
| 81 virtual const GURL& token_url() const OVERRIDE { | |
| 82 return token_url_; | |
| 83 } | |
| 84 | |
| 85 virtual const std::string& token_scope() const OVERRIDE { | |
| 86 return token_scope_; | |
| 87 } | |
| 88 | |
| 89 private: | |
| 90 GURL token_url_; | |
| 91 std::string token_scope_; | |
| 92 base::Callback<void(const std::string& shared_secret)> on_token_validated_; | |
| 93 }; | |
| 94 | |
| 95 public: | |
| 96 ThirdPartyAuthenticatorTest() { | |
| 97 } | |
| 98 virtual ~ThirdPartyAuthenticatorTest() { | |
| 99 } | |
| 100 | |
| 101 protected: | |
| 102 void InitAuthenticators() { | |
| 103 scoped_ptr<protocol::ThirdPartyAuthenticator::TokenValidator> | |
| 104 token_validator(new FakeTokenValidator()); | |
| 105 token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get()); | |
|
Wez
2013/03/05 22:55:53
nit: You could new & assign straight to the bare p
| |
| 106 host_ = ThirdPartyAuthenticator::CreateForHost( | |
| 107 host_cert_, key_pair_, | |
| 108 token_validator.Pass(), Authenticator::WAITING_MESSAGE); | |
| 109 scoped_ptr<protocol::ThirdPartyAuthenticator::TokenFetcher> | |
|
Wez
2013/03/05 22:55:53
nit: Blank line here to separate host & client set
| |
| 110 token_fetcher(new FakeTokenFetcher()); | |
| 111 token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get()); | |
| 112 client_ = ThirdPartyAuthenticator::CreateForClient( | |
| 113 host_public_key_, token_fetcher.Pass(), Authenticator::MESSAGE_READY); | |
| 114 } | |
| 115 | |
| 116 FakeTokenFetcher* token_fetcher_; | |
|
Wez
2013/03/05 22:55:53
nit: Add a comment to explain that these are owned
| |
| 117 FakeTokenValidator* token_validator_; | |
| 118 | |
| 119 private: | |
| 120 DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest); | |
| 121 }; | |
| 122 | |
| 123 TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) { | |
| 124 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 125 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 126 // ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
|
Wez
2013/03/05 22:55:53
Why are these commented out?
| |
| 127 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( | |
| 128 kToken, kSharedSecret)); | |
| 129 // ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 130 ASSERT_NO_FATAL_FAILURE( | |
| 131 token_validator_->OnTokenValidated(kSharedSecret)); | |
|
Wez
2013/03/05 22:55:53
nit: Blank line after this
| |
| 132 // Both sides have finished. | |
| 133 ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); | |
| 134 ASSERT_EQ(Authenticator::ACCEPTED, client_->state()); | |
| 135 | |
| 136 // An authenticated channel can be created after the authentication. | |
| 137 client_auth_ = client_->CreateChannelAuthenticator(); | |
| 138 host_auth_ = host_->CreateChannelAuthenticator(); | |
| 139 RunChannelAuth(false); | |
| 140 | |
| 141 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), | |
| 142 kMessageSize, kMessages); | |
| 143 | |
| 144 tester.Start(); | |
| 145 message_loop_.Run(); | |
| 146 tester.CheckResults(); | |
| 147 } | |
| 148 | |
| 149 TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) { | |
| 150 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 151 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 152 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 153 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(kToken, "")); | |
| 154 // The end result is that the client rejected the connection, since it | |
|
Wez
2013/03/05 22:55:53
nit: Blank line before this comment.
| |
| 155 // couldn't fetch the secret. | |
|
Wez
2013/03/05 22:55:53
nit: Suggest: "The client must reject the connecti
| |
| 156 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 157 } | |
| 158 | |
| 159 TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) { | |
| 160 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 161 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 162 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 163 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( | |
| 164 kToken, kSharedSecret)); | |
| 165 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 166 ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated("")); | |
| 167 | |
| 168 // The end result is that the host rejected the token. | |
|
Wez
2013/03/05 22:55:53
nit: Suggest "The host must reject the connection,
| |
| 169 ASSERT_EQ(Authenticator::REJECTED, host_->state()); | |
| 170 } | |
| 171 | |
| 172 TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) { | |
| 173 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 174 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 175 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 176 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched("", "")); | |
| 177 | |
| 178 // The end result is that the client rejected the connection, since it | |
| 179 // couldn't fetch the token. | |
|
Wez
2013/03/05 22:55:53
See suggestions above re wording.
| |
| 180 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 181 } | |
| 182 | |
| 183 // Test that negotiation stops when the fake authentication is rejected. | |
| 184 TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) { | |
| 185 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 186 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 187 | |
| 188 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 189 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( | |
| 190 kToken, kSharedSecret)); | |
| 191 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 192 ASSERT_NO_FATAL_FAILURE( | |
| 193 token_validator_->OnTokenValidated(kSharedSecretBad)); | |
| 194 | |
| 195 // The end result is that the host rejected the fake authentication. | |
|
Wez
2013/03/05 22:55:53
Ditto
| |
| 196 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 197 } | |
| 198 | |
| 199 TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) { | |
| 200 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); | |
| 201 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 202 | |
| 203 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); | |
| 204 ASSERT_NO_FATAL_FAILURE( | |
| 205 token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad)); | |
| 206 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); | |
| 207 ASSERT_NO_FATAL_FAILURE( | |
| 208 token_validator_->OnTokenValidated(kSharedSecret)); | |
| 209 | |
| 210 // The end result is that the host rejected the fake authentication. | |
|
Wez
2013/03/05 22:55:53
Ditto
| |
| 211 ASSERT_EQ(Authenticator::REJECTED, client_->state()); | |
| 212 } | |
| 213 | |
| 214 } // namespace protocol | |
| 215 } // namespace remoting | |
| OLD | NEW |
