| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/bind.h" |
| 6 #include "net/base/net_errors.h" |
| 7 #include "remoting/base/rsa_key_pair.h" |
| 8 #include "remoting/protocol/authenticator_test_base.h" |
| 9 #include "remoting/protocol/channel_authenticator.h" |
| 10 #include "remoting/protocol/connection_tester.h" |
| 11 #include "remoting/protocol/fake_authenticator.h" |
| 12 #include "remoting/protocol/third_party_authenticator_base.h" |
| 13 #include "remoting/protocol/third_party_client_authenticator.h" |
| 14 #include "remoting/protocol/third_party_host_authenticator.h" |
| 15 #include "testing/gmock/include/gmock/gmock.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h" |
| 18 |
| 19 using testing::_; |
| 20 using testing::DeleteArg; |
| 21 using testing::SaveArg; |
| 22 |
| 23 namespace { |
| 24 |
| 25 const int kMessageSize = 100; |
| 26 const int kMessages = 1; |
| 27 |
| 28 const char kTokenUrl[] = "https://example.com/Issue"; |
| 29 const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2"; |
| 30 const char kToken[] = "abc123456xyz789"; |
| 31 const char kSharedSecret[] = "1234-1234-5678"; |
| 32 const char kSharedSecretBad[] = "0000-0000-0001"; |
| 33 |
| 34 } // namespace |
| 35 |
| 36 namespace remoting { |
| 37 namespace protocol { |
| 38 |
| 39 class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase { |
| 40 class FakeTokenFetcher : public ThirdPartyClientAuthenticator::TokenFetcher { |
| 41 public: |
| 42 virtual void FetchThirdPartyToken( |
| 43 const GURL& token_url, |
| 44 const std::string& host_public_key, |
| 45 const std::string& scope, |
| 46 const TokenFetchedCallback& token_fetched_callback) { |
| 47 ASSERT_EQ(token_url.spec(), kTokenUrl); |
| 48 ASSERT_EQ(scope, kTokenScope); |
| 49 ASSERT_FALSE(token_fetched_callback.is_null()); |
| 50 on_token_fetched_ = token_fetched_callback; |
| 51 } |
| 52 |
| 53 void OnTokenFetched(const std::string& token, |
| 54 const std::string& shared_secret) { |
| 55 ASSERT_FALSE(on_token_fetched_.is_null()); |
| 56 TokenFetchedCallback on_token_fetched = on_token_fetched_; |
| 57 on_token_fetched_.Reset(); |
| 58 on_token_fetched.Run(token, shared_secret); |
| 59 } |
| 60 |
| 61 private: |
| 62 TokenFetchedCallback on_token_fetched_; |
| 63 }; |
| 64 |
| 65 class FakeTokenValidator |
| 66 : public ThirdPartyHostAuthenticator::TokenValidator { |
| 67 public: |
| 68 FakeTokenValidator() |
| 69 : token_url_(kTokenUrl), |
| 70 token_scope_(kTokenScope) {} |
| 71 |
| 72 virtual ~FakeTokenValidator() {} |
| 73 |
| 74 virtual void ValidateThirdPartyToken( |
| 75 const std::string& token, |
| 76 const TokenValidatedCallback& token_validated_callback) { |
| 77 ASSERT_FALSE(token_validated_callback.is_null()); |
| 78 on_token_validated_ = token_validated_callback; |
| 79 } |
| 80 |
| 81 void OnTokenValidated(const std::string& shared_secret) { |
| 82 ASSERT_FALSE(on_token_validated_.is_null()); |
| 83 TokenValidatedCallback on_token_validated = on_token_validated_; |
| 84 on_token_validated_.Reset(); |
| 85 on_token_validated.Run(shared_secret); |
| 86 } |
| 87 |
| 88 virtual const GURL& token_url() const OVERRIDE { |
| 89 return token_url_; |
| 90 } |
| 91 |
| 92 virtual const std::string& token_scope() const OVERRIDE { |
| 93 return token_scope_; |
| 94 } |
| 95 |
| 96 private: |
| 97 GURL token_url_; |
| 98 std::string token_scope_; |
| 99 base::Callback<void(const std::string& shared_secret)> on_token_validated_; |
| 100 }; |
| 101 |
| 102 public: |
| 103 ThirdPartyAuthenticatorTest() {} |
| 104 virtual ~ThirdPartyAuthenticatorTest() {} |
| 105 |
| 106 protected: |
| 107 void InitAuthenticators() { |
| 108 scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator> |
| 109 token_validator(new FakeTokenValidator()); |
| 110 token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get()); |
| 111 host_.reset(new ThirdPartyHostAuthenticator( |
| 112 host_cert_, key_pair_, token_validator.Pass())); |
| 113 scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher> |
| 114 token_fetcher(new FakeTokenFetcher()); |
| 115 token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get()); |
| 116 client_.reset(new ThirdPartyClientAuthenticator( |
| 117 host_public_key_, token_fetcher.Pass())); |
| 118 } |
| 119 |
| 120 FakeTokenFetcher* token_fetcher_; |
| 121 FakeTokenValidator* token_validator_; |
| 122 |
| 123 private: |
| 124 DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest); |
| 125 }; |
| 126 |
| 127 TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) { |
| 128 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); |
| 129 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange()); |
| 130 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); |
| 131 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( |
| 132 kToken, kSharedSecret)); |
| 133 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); |
| 134 ASSERT_NO_FATAL_FAILURE( |
| 135 token_validator_->OnTokenValidated(kSharedSecret)); |
| 136 |
| 137 // Both sides have finished. |
| 138 ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); |
| 139 ASSERT_EQ(Authenticator::ACCEPTED, client_->state()); |
| 140 |
| 141 // An authenticated channel can be created after the authentication. |
| 142 client_auth_ = client_->CreateChannelAuthenticator(); |
| 143 host_auth_ = host_->CreateChannelAuthenticator(); |
| 144 RunChannelAuth(false); |
| 145 |
| 146 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), |
| 147 kMessageSize, kMessages); |
| 148 |
| 149 tester.Start(); |
| 150 message_loop_.Run(); |
| 151 tester.CheckResults(); |
| 152 } |
| 153 |
| 154 TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) { |
| 155 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); |
| 156 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange()); |
| 157 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); |
| 158 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(kToken, "")); |
| 159 |
| 160 // The end result is that the client rejected the connection, since it |
| 161 // couldn't fetch the secret. |
| 162 ASSERT_EQ(Authenticator::REJECTED, client_->state()); |
| 163 } |
| 164 |
| 165 TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) { |
| 166 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); |
| 167 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange()); |
| 168 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); |
| 169 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( |
| 170 kToken, kSharedSecret)); |
| 171 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); |
| 172 ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated("")); |
| 173 |
| 174 // The end result is that the host rejected the token. |
| 175 ASSERT_EQ(Authenticator::REJECTED, host_->state()); |
| 176 } |
| 177 |
| 178 TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) { |
| 179 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); |
| 180 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange()); |
| 181 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); |
| 182 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched("", "")); |
| 183 |
| 184 // The end result is that the client rejected the connection, since it |
| 185 // couldn't fetch the token. |
| 186 ASSERT_EQ(Authenticator::REJECTED, client_->state()); |
| 187 } |
| 188 |
| 189 // Test that negotiation stops when the fake authentication is rejected. |
| 190 TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) { |
| 191 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); |
| 192 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange()); |
| 193 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); |
| 194 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched( |
| 195 kToken, kSharedSecret)); |
| 196 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); |
| 197 ASSERT_NO_FATAL_FAILURE( |
| 198 token_validator_->OnTokenValidated(kSharedSecretBad)); |
| 199 |
| 200 // The end result is that the host rejected the fake authentication. |
| 201 ASSERT_EQ(Authenticator::REJECTED, client_->state()); |
| 202 } |
| 203 |
| 204 TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) { |
| 205 ASSERT_NO_FATAL_FAILURE(InitAuthenticators()); |
| 206 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange()); |
| 207 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state()); |
| 208 ASSERT_NO_FATAL_FAILURE( |
| 209 token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad)); |
| 210 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state()); |
| 211 ASSERT_NO_FATAL_FAILURE( |
| 212 token_validator_->OnTokenValidated(kSharedSecret)); |
| 213 |
| 214 // The end result is that the host rejected the fake authentication. |
| 215 ASSERT_EQ(Authenticator::REJECTED, client_->state()); |
| 216 } |
| 217 |
| 218 } // namespace protocol |
| 219 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12326090:
Third Party authentication protocol. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@host_key_pair