Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(963)

Unified Diff: remoting/protocol/third_party_authenticator_unittest.cc

Issue 12326090: Third Party authentication protocol. (Closed) Base URL: http://git.chromium.org/chromium/src.git@host_key_pair
Patch Set: Reviewer comments Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: remoting/protocol/third_party_authenticator_unittest.cc
diff --git a/remoting/protocol/third_party_authenticator_unittest.cc b/remoting/protocol/third_party_authenticator_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a7db6c5b7b6208d3ff8c53ccda5039ad458e0c43
--- /dev/null
+++ b/remoting/protocol/third_party_authenticator_unittest.cc
@@ -0,0 +1,214 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/bind.h"
+#include "net/base/net_errors.h"
+#include "remoting/base/rsa_key_pair.h"
+#include "remoting/protocol/authenticator_test_base.h"
+#include "remoting/protocol/channel_authenticator.h"
+#include "remoting/protocol/connection_tester.h"
+#include "remoting/protocol/fake_authenticator.h"
+#include "remoting/protocol/third_party_authenticator_base.h"
+#include "remoting/protocol/third_party_client_authenticator.h"
+#include "remoting/protocol/third_party_host_authenticator.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
+
+using testing::_;
+using testing::DeleteArg;
+using testing::SaveArg;
+
+namespace {
+
+const int kMessageSize = 100;
+const int kMessages = 1;
+
+const char kTokenIssueUrl[] = "https://example.com/Issue";
+const char kTokenVerificationUrl[] = "https://example.com/Verify";
+const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2";
+const char kToken[] = "abc123456xyz789";
+const char kSharedSecret[] = "1234-1234-5678";
+const char kSharedSecretBad[] = "0000-0000-0001";
+
+} // namespace
+
+namespace remoting {
+namespace protocol {
+
+class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase {
+ class FakeTokenFetcher : public ThirdPartyClientAuthenticator::TokenFetcher {
+ public:
+ virtual void FetchThirdPartyToken(
+ const GURL& token_url,
+ const std::string& host_public_key,
+ const std::string& scope,
+ const TokenFetchedCallback& token_fetched_callback) {
Wez 2013/03/22 06:17:01 nit: Is there anything about the other parameters
rmsousa 2013/03/22 21:19:05 Done.
+ on_token_fetched_ = token_fetched_callback;
+ }
+
+ void OnTokenFetched(const std::string& token,
+ const std::string& shared_secret) {
+ on_token_fetched_.Run(token, shared_secret);
Sergey Ulanov 2013/03/22 05:58:43 ASSERT_FALSE(on_token_fetched_.is_null());
rmsousa 2013/03/22 21:19:05 Done.
+ on_token_fetched_.Reset();
Sergey Ulanov 2013/03/22 05:58:43 nit: it's always good idea to call callbacks last.
rmsousa 2013/03/22 21:19:05 Done.
+ }
+
+ private:
+ TokenFetchedCallback on_token_fetched_;
+ };
+
+ class FakeTokenValidator
+ : public ThirdPartyHostAuthenticator::TokenValidator {
+ public:
+ FakeTokenValidator()
+ : token_url_(kTokenIssueUrl),
+ token_scope_(kTokenScope) {}
+
+ virtual ~FakeTokenValidator() {}
+
+ virtual void ValidateThirdPartyToken(
+ const std::string& token,
+ const TokenValidatedCallback& token_validated_callback) {
+ on_token_validated_ = token_validated_callback;
Wez 2013/03/22 06:17:01 nit: indentation
rmsousa 2013/03/22 21:19:05 Done.
+ }
+
+ void OnTokenValidated(const std::string& shared_secret) {
+ on_token_validated_.Run(shared_secret);
Sergey Ulanov 2013/03/22 05:58:43 same as above
rmsousa 2013/03/22 21:19:05 Done.
+ on_token_validated_.Reset();
+ }
+
+ virtual const GURL& token_url() const OVERRIDE {
+ return token_url_;
+ }
+
+ virtual const std::string& token_scope() const OVERRIDE {
+ return token_scope_;
+ }
+
+ private:
+ GURL token_url_;
+ std::string token_scope_;
+ base::Callback<void(const std::string& shared_secret)> on_token_validated_;
+ };
+
+ public:
+ ThirdPartyAuthenticatorTest() {
+ }
Wez 2013/03/22 06:17:01 nit: {} can be on one line since they're empty.
rmsousa 2013/03/22 21:19:05 Done.
+ virtual ~ThirdPartyAuthenticatorTest() {
+ }
+
+ protected:
+ void InitAuthenticators() {
+ scoped_ptr<ThirdPartyHostAuthenticator::TokenValidator>
+ token_validator(new FakeTokenValidator());
+ token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get());
+ host_.reset(new ThirdPartyHostAuthenticator(
+ host_cert_, key_pair_, token_validator.Pass()));
+ scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher>
+ token_fetcher(new FakeTokenFetcher());
+ token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get());
+ client_.reset(new ThirdPartyClientAuthenticator(
+ host_public_key_, token_fetcher.Pass()));
+ }
+
+ FakeTokenFetcher* token_fetcher_;
+ FakeTokenValidator* token_validator_;
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest);
+};
+
+TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) {
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+ ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+ ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
+ kToken, kSharedSecret));
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+ ASSERT_NO_FATAL_FAILURE(
+ token_validator_->OnTokenValidated(kSharedSecret));
Wez 2013/03/22 06:17:01 nit: blank line before the comment below
rmsousa 2013/03/22 21:19:05 Done.
+ // Both sides have finished.
+ ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
+ ASSERT_EQ(Authenticator::ACCEPTED, client_->state());
+
+ // An authenticated channel can be created after the authentication.
+ client_auth_ = client_->CreateChannelAuthenticator();
+ host_auth_ = host_->CreateChannelAuthenticator();
+ RunChannelAuth(false);
+
+ StreamConnectionTester tester(host_socket_.get(), client_socket_.get(),
+ kMessageSize, kMessages);
+
+ tester.Start();
+ message_loop_.Run();
+ tester.CheckResults();
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) {
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+ ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+ ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(kToken, ""));
Wez 2013/03/22 06:17:01 nit: blank line before the comment
rmsousa 2013/03/22 21:19:05 Done.
+ // The end result is that the client rejected the connection, since it
+ // couldn't fetch the secret.
+ ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) {
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+ ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+ ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
+ kToken, kSharedSecret));
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+ ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated(""));
+
+ // The end result is that the host rejected the token.
+ ASSERT_EQ(Authenticator::REJECTED, host_->state());
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) {
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+ ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
+ ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched("", ""));
+
+ // The end result is that the client rejected the connection, since it
+ // couldn't fetch the token.
+ ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+// Test that negotiation stops when the fake authentication is rejected.
+TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) {
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+ ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
Wez 2013/03/22 06:17:01 nit: remove the blank line above, for consistency
rmsousa 2013/03/22 21:19:05 Done.
+ ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
+ kToken, kSharedSecret));
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+ ASSERT_NO_FATAL_FAILURE(
+ token_validator_->OnTokenValidated(kSharedSecretBad));
+
+ // The end result is that the host rejected the fake authentication.
+ ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) {
+ ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
+ ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
+
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
Wez 2013/03/22 06:17:01 nit: as above
rmsousa 2013/03/22 21:19:05 Done.
+ ASSERT_NO_FATAL_FAILURE(
+ token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad));
+ ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
+ ASSERT_NO_FATAL_FAILURE(
+ token_validator_->OnTokenValidated(kSharedSecret));
+
+ // The end result is that the host rejected the fake authentication.
+ ASSERT_EQ(Authenticator::REJECTED, client_->state());
+}
+
+} // namespace protocol
+} // namespace remoting

Powered by Google App Engine
This is Rietveld 408576698