• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "base/basictypes.h"
6 #include "net/base/net_errors.h"
7 #include "net/http/http_auth_challenge_tokenizer.h"
8 #include "net/http/http_auth_sspi_win.h"
9 #include "net/http/mock_sspi_library_win.h"
10 #include "testing/gtest/include/gtest/gtest.h"
11 
12 namespace net {
13 
14 namespace {
15 
MatchDomainUserAfterSplit(const std::wstring & combined,const std::wstring & expected_domain,const std::wstring & expected_user)16 void MatchDomainUserAfterSplit(const std::wstring& combined,
17                                const std::wstring& expected_domain,
18                                const std::wstring& expected_user) {
19   std::wstring actual_domain;
20   std::wstring actual_user;
21   SplitDomainAndUser(combined, &actual_domain, &actual_user);
22   EXPECT_EQ(expected_domain, actual_domain);
23   EXPECT_EQ(expected_user, actual_user);
24 }
25 
26 const ULONG kMaxTokenLength = 100;
27 
28 }  // namespace
29 
TEST(HttpAuthSSPITest,SplitUserAndDomain)30 TEST(HttpAuthSSPITest, SplitUserAndDomain) {
31   MatchDomainUserAfterSplit(L"foobar", L"", L"foobar");
32   MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar");
33 }
34 
TEST(HttpAuthSSPITest,DetermineMaxTokenLength_Normal)35 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) {
36   SecPkgInfoW package_info;
37   memset(&package_info, 0x0, sizeof(package_info));
38   package_info.cbMaxToken = 1337;
39 
40   MockSSPILibrary mock_library;
41   mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info);
42   ULONG max_token_length = kMaxTokenLength;
43   int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length);
44   EXPECT_EQ(OK, rv);
45   EXPECT_EQ(1337, max_token_length);
46 }
47 
TEST(HttpAuthSSPITest,DetermineMaxTokenLength_InvalidPackage)48 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) {
49   MockSSPILibrary mock_library;
50   mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND,
51                                               NULL);
52   ULONG max_token_length = kMaxTokenLength;
53   int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length);
54   EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
55   // |DetermineMaxTokenLength()| interface states that |max_token_length| should
56   // not change on failure.
57   EXPECT_EQ(100, max_token_length);
58 }
59 
TEST(HttpAuthSSPITest,ParseChallenge_FirstRound)60 TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) {
61   // The first round should just consist of an unadorned "Negotiate" header.
62   MockSSPILibrary mock_library;
63   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
64                          NEGOSSP_NAME, kMaxTokenLength);
65   std::string challenge_text = "Negotiate";
66   HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
67                                        challenge_text.end());
68   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
69             auth_sspi.ParseChallenge(&challenge));
70 }
71 
TEST(HttpAuthSSPITest,ParseChallenge_TwoRounds)72 TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) {
73   // The first round should just have "Negotiate", and the second round should
74   // have a valid base64 token associated with it.
75   MockSSPILibrary mock_library;
76   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
77                          NEGOSSP_NAME, kMaxTokenLength);
78   std::string first_challenge_text = "Negotiate";
79   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
80                                              first_challenge_text.end());
81   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
82             auth_sspi.ParseChallenge(&first_challenge));
83 
84   // Generate an auth token and create another thing.
85   std::string auth_token;
86   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
87                                             &auth_token));
88 
89   std::string second_challenge_text = "Negotiate Zm9vYmFy";
90   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
91                                               second_challenge_text.end());
92   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
93             auth_sspi.ParseChallenge(&second_challenge));
94 }
95 
TEST(HttpAuthSSPITest,ParseChallenge_UnexpectedTokenFirstRound)96 TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) {
97   // If the first round challenge has an additional authentication token, it
98   // should be treated as an invalid challenge from the server.
99   MockSSPILibrary mock_library;
100   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
101                          NEGOSSP_NAME, kMaxTokenLength);
102   std::string challenge_text = "Negotiate Zm9vYmFy";
103   HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
104                                        challenge_text.end());
105   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
106             auth_sspi.ParseChallenge(&challenge));
107 }
108 
TEST(HttpAuthSSPITest,ParseChallenge_MissingTokenSecondRound)109 TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) {
110   // If a later-round challenge is simply "Negotiate", it should be treated as
111   // an authentication challenge rejection from the server or proxy.
112   MockSSPILibrary mock_library;
113   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
114                          NEGOSSP_NAME, kMaxTokenLength);
115   std::string first_challenge_text = "Negotiate";
116   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
117                                              first_challenge_text.end());
118   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
119             auth_sspi.ParseChallenge(&first_challenge));
120 
121   std::string auth_token;
122   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
123                                             &auth_token));
124   std::string second_challenge_text = "Negotiate";
125   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
126                                               second_challenge_text.end());
127   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
128             auth_sspi.ParseChallenge(&second_challenge));
129 }
130 
TEST(HttpAuthSSPITest,ParseChallenge_NonBase64EncodedToken)131 TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) {
132   // If a later-round challenge has an invalid base64 encoded token, it should
133   // be treated as an invalid challenge.
134   MockSSPILibrary mock_library;
135   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
136                          NEGOSSP_NAME, kMaxTokenLength);
137   std::string first_challenge_text = "Negotiate";
138   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
139                                              first_challenge_text.end());
140   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
141             auth_sspi.ParseChallenge(&first_challenge));
142 
143   std::string auth_token;
144   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
145                                             &auth_token));
146   std::string second_challenge_text = "Negotiate =happyjoy=";
147   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
148                                               second_challenge_text.end());
149   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
150             auth_sspi.ParseChallenge(&second_challenge));
151 }
152 
153 }  // namespace net
154