Third Party authentication protocol.

remoting/protocol/third_party_authenticator_unittest.cc

Index: remoting/protocol/third_party_authenticator_unittest.cc
diff --git a/remoting/protocol/third_party_authenticator_unittest.cc b/remoting/protocol/third_party_authenticator_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a7db6c5b7b6208d3ff8c53ccda5039ad458e0c43
--- /dev/null
+++ b/remoting/protocol/third_party_authenticator_unittest.cc
@@ -0,0 +1,214 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/bind.h"
+#include "net/base/net_errors.h"
+#include "remoting/base/rsa_key_pair.h"
+#include "remoting/protocol/authenticator_test_base.h"
+#include "remoting/protocol/channel_authenticator.h"
+#include "remoting/protocol/connection_tester.h"
+#include "remoting/protocol/fake_authenticator.h"
+#include "remoting/protocol/third_party_authenticator_base.h"
+#include "remoting/protocol/third_party_client_authenticator.h"
+#include "remoting/protocol/third_party_host_authenticator.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+using testing::_;
+using testing::DeleteArg;
+using testing::SaveArg;
+
+namespace {
+
+const int kMessageSize = 100;
+const int kMessages = 1;
+
+const char kTokenIssueUrl[] = "https://example.com/Issue";
+const char kTokenVerificationUrl[] = "https://example.com/Verify";
+const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2";
+const char kToken[] = "abc123456xyz789";
+const char kSharedSecret[] = "1234-1234-5678";
+const char kSharedSecretBad[] = "0000-0000-0001";
+
+}  // namespace
+
+namespace remoting {
+namespace protocol {
+
+class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase {
+  class FakeTokenFetcher : public ThirdPartyClientAuthenticator::TokenFetcher {
+   public:
+    virtual void FetchThirdPartyToken(
+        const GURL& token_url,
+        const std::string& host_public_key,
+        const std::string& scope,
+        const TokenFetchedCallback& token_fetched_callback) {

[Wez, 2013/03/22 06:17:01]

nit: Is there anything about the other parameters that you can EXPECT here?

[rmsousa, 2013/03/22 21:19:05]

Done.

+      on_token_fetched_ = token_fetched_callback;
+    }
+
+    void OnTokenFetched(const std::string& token,
+                        const std::string& shared_secret) {
+      on_token_fetched_.Run(token, shared_secret);

[Sergey Ulanov, 2013/03/22 05:58:43]

ASSERT_FALSE(on_token_fetched_.is_null());

[rmsousa, 2013/03/22 21:19:05]

Done.

+      on_token_fetched_.Reset();

[Sergey Ulanov, 2013/03/22 05:58:43]

nit: it's always good idea to call callbacks last. Here the callback may
potentially delete the token fetcher object, and then Reset() would crash. The
usual way to handle call and reset is to save the callback, reset it and only
than call the saved one. 

[rmsousa, 2013/03/22 21:19:05]

Done.

+    }
+
+   private:
+    TokenFetchedCallback on_token_fetched_;
+  };
+
+  class FakeTokenValidator
+      : public ThirdPartyHostAuthenticator::TokenValidator {
+   public:
+    FakeTokenValidator()
+     : token_url_(kTokenIssueUrl),
+       token_scope_(kTokenScope) {}
+
+    virtual ~FakeTokenValidator() {}
+
+    virtual void ValidateThirdPartyToken(
+        const std::string& token,
+        const TokenValidatedCallback& token_validated_callback) {
+     on_token_validated_ = token_validated_callback;

[Wez, 2013/03/22 06:17:01]

nit: indentation

[rmsousa, 2013/03/22 21:19:05]

Done.

+    }
+
+    void OnTokenValidated(const std::string& shared_secret) {
+      on_token_validated_.Run(shared_secret);

[Sergey Ulanov, 2013/03/22 05:58:43]

same as above

[rmsousa, 2013/03/22 21:19:05]

Done.

+      on_token_validated_.Reset();
+    }
+
+    virtual const GURL& token_url() const OVERRIDE {
+      return token_url_;
+    }
+
+    virtual const std::string& token_scope() const OVERRIDE {
+      return token_scope_;
+    }
+
+   private:
+    GURL token_url_;
+    std::string token_scope_;
+    base::Callback<void(const std::string& shared_secret)> on_token_validated_;
+  };
+
+ public:
+  ThirdPartyAuthenticatorTest() {
+  }

[Wez, 2013/03/22 06:17:01]

nit: {} can be on one line since they're empty.

[rmsousa, 2013/03/22 21:19:05]

Done.

+  virtual ~ThirdPartyAuthenticatorTest() {
+  }
+
+ protected:
+  void InitAuthenticators() {
+    scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator>
+        token_validator(new FakeTokenValidator());
+    token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get());
+    host_.reset(new ThirdPartyHostAuthenticator(
+        host_cert_, key_pair_, token_validator.Pass()));
+    scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher>
+        token_fetcher(new FakeTokenFetcher());
+    token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get());
+    client_.reset(new ThirdPartyClientAuthenticator(
+        host_public_key_, token_fetcher.Pass()));
+  }
+
+  FakeTokenFetcher* token_fetcher_;
+  FakeTokenValidator* token_validator_;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest);
+};
+
+TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) {
+  ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+  ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+  ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
+      kToken, kSharedSecret));
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+  ASSERT_NO_FATAL_FAILURE(
+      token_validator_->OnTokenValidated(kSharedSecret));

[Wez, 2013/03/22 06:17:01]

nit: blank line before the comment below

[rmsousa, 2013/03/22 21:19:05]

Done.

+  // Both sides have finished.
+  ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
+  ASSERT_EQ(Authenticator::ACCEPTED, client_->state());
+
+  // An authenticated channel can be created after the authentication.
+  client_auth_ = client_->CreateChannelAuthenticator();
+  host_auth_ = host_->CreateChannelAuthenticator();
+  RunChannelAuth(false);
+
+  StreamConnectionTester tester(host_socket_.get(), client_socket_.get(),
+                                kMessageSize, kMessages);
+
+  tester.Start();
+  message_loop_.Run();
+  tester.CheckResults();
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) {
+  ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+  ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+  ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(kToken, ""));

[Wez, 2013/03/22 06:17:01]

nit: blank line before the comment

[rmsousa, 2013/03/22 21:19:05]

Done.

+  // The end result is that the client rejected the connection, since it
+  // couldn't fetch the secret.
+  ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) {
+  ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+  ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+  ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
+      kToken, kSharedSecret));
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+  ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated(""));
+
+  // The end result is that the host rejected the token.
+  ASSERT_EQ(Authenticator::REJECTED, host_->state());
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) {
+  ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+  ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+  ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched("", ""));
+
+  // The end result is that the client rejected the connection, since it
+  // couldn't fetch the token.
+  ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+// Test that negotiation stops when the fake authentication is rejected.
+TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) {
+  ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+  ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());

[Wez, 2013/03/22 06:17:01]

nit: remove the blank line above, for consistency with other cases

[rmsousa, 2013/03/22 21:19:05]

Done.

+  ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
+      kToken, kSharedSecret));
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+  ASSERT_NO_FATAL_FAILURE(
+      token_validator_->OnTokenValidated(kSharedSecretBad));
+
+  // The end result is that the host rejected the fake authentication.
+  ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) {
+  ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+  ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());

[Wez, 2013/03/22 06:17:01]

nit: as above

[rmsousa, 2013/03/22 21:19:05]

Done.

+  ASSERT_NO_FATAL_FAILURE(
+      token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad));
+  ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+  ASSERT_NO_FATAL_FAILURE(
+      token_validator_->OnTokenValidated(kSharedSecret));
+
+  // The end result is that the host rejected the fake authentication.
+  ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+}  // namespace protocol
+}  // namespace remoting