1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/basictypes.h" 6 #include "net/base/net_errors.h" 7 #include "net/http/http_auth_challenge_tokenizer.h" 8 #include "net/http/http_auth_sspi_win.h" 9 #include "net/http/mock_sspi_library_win.h" 10 #include "testing/gtest/include/gtest/gtest.h" 11 12 namespace net { 13 14 namespace { 15 16 void MatchDomainUserAfterSplit(const std::wstring& combined, 17 const std::wstring& expected_domain, 18 const std::wstring& expected_user) { 19 std::wstring actual_domain; 20 std::wstring actual_user; 21 SplitDomainAndUser(combined, &actual_domain, &actual_user); 22 EXPECT_EQ(expected_domain, actual_domain); 23 EXPECT_EQ(expected_user, actual_user); 24 } 25 26 const ULONG kMaxTokenLength = 100; 27 28 } // namespace 29 30 TEST(HttpAuthSSPITest, SplitUserAndDomain) { 31 MatchDomainUserAfterSplit(L"foobar", L"", L"foobar"); 32 MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar"); 33 } 34 35 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) { 36 SecPkgInfoW package_info; 37 memset(&package_info, 0x0, sizeof(package_info)); 38 package_info.cbMaxToken = 1337; 39 40 MockSSPILibrary mock_library; 41 mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info); 42 ULONG max_token_length = kMaxTokenLength; 43 int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length); 44 EXPECT_EQ(OK, rv); 45 EXPECT_EQ(1337, max_token_length); 46 } 47 48 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) { 49 MockSSPILibrary mock_library; 50 mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND, 51 NULL); 52 ULONG max_token_length = kMaxTokenLength; 53 int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length); 54 EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv); 55 // |DetermineMaxTokenLength()| interface states that |max_token_length| should 56 // not change on failure. 57 EXPECT_EQ(100, max_token_length); 58 } 59 60 TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) { 61 // The first round should just consist of an unadorned "Negotiate" header. 62 MockSSPILibrary mock_library; 63 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", 64 NEGOSSP_NAME, kMaxTokenLength); 65 std::string challenge_text = "Negotiate"; 66 HttpAuthChallengeTokenizer challenge(challenge_text.begin(), 67 challenge_text.end()); 68 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, 69 auth_sspi.ParseChallenge(&challenge)); 70 } 71 72 TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) { 73 // The first round should just have "Negotiate", and the second round should 74 // have a valid base64 token associated with it. 75 MockSSPILibrary mock_library; 76 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", 77 NEGOSSP_NAME, kMaxTokenLength); 78 std::string first_challenge_text = "Negotiate"; 79 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), 80 first_challenge_text.end()); 81 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, 82 auth_sspi.ParseChallenge(&first_challenge)); 83 84 // Generate an auth token and create another thing. 85 std::string auth_token; 86 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", 87 &auth_token)); 88 89 std::string second_challenge_text = "Negotiate Zm9vYmFy"; 90 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), 91 second_challenge_text.end()); 92 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, 93 auth_sspi.ParseChallenge(&second_challenge)); 94 } 95 96 TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) { 97 // If the first round challenge has an additional authentication token, it 98 // should be treated as an invalid challenge from the server. 99 MockSSPILibrary mock_library; 100 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", 101 NEGOSSP_NAME, kMaxTokenLength); 102 std::string challenge_text = "Negotiate Zm9vYmFy"; 103 HttpAuthChallengeTokenizer challenge(challenge_text.begin(), 104 challenge_text.end()); 105 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, 106 auth_sspi.ParseChallenge(&challenge)); 107 } 108 109 TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) { 110 // If a later-round challenge is simply "Negotiate", it should be treated as 111 // an authentication challenge rejection from the server or proxy. 112 MockSSPILibrary mock_library; 113 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", 114 NEGOSSP_NAME, kMaxTokenLength); 115 std::string first_challenge_text = "Negotiate"; 116 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), 117 first_challenge_text.end()); 118 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, 119 auth_sspi.ParseChallenge(&first_challenge)); 120 121 std::string auth_token; 122 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", 123 &auth_token)); 124 std::string second_challenge_text = "Negotiate"; 125 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), 126 second_challenge_text.end()); 127 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT, 128 auth_sspi.ParseChallenge(&second_challenge)); 129 } 130 131 TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) { 132 // If a later-round challenge has an invalid base64 encoded token, it should 133 // be treated as an invalid challenge. 134 MockSSPILibrary mock_library; 135 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate", 136 NEGOSSP_NAME, kMaxTokenLength); 137 std::string first_challenge_text = "Negotiate"; 138 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(), 139 first_challenge_text.end()); 140 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, 141 auth_sspi.ParseChallenge(&first_challenge)); 142 143 std::string auth_token; 144 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com", 145 &auth_token)); 146 std::string second_challenge_text = "Negotiate =happyjoy="; 147 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), 148 second_challenge_text.end()); 149 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID, 150 auth_sspi.ParseChallenge(&second_challenge)); 151 } 152 153 } // namespace net 154