Home | History | Annotate | Download | only in http 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "base/basictypes.h"
      6 #include "net/base/net_errors.h"
      7 #include "net/http/http_auth_challenge_tokenizer.h"
      8 #include "net/http/http_auth_sspi_win.h"
      9 #include "net/http/mock_sspi_library_win.h"
     10 #include "testing/gtest/include/gtest/gtest.h"
     11 
     12 namespace net {
     13 
     14 namespace {
     15 
     16 void MatchDomainUserAfterSplit(const std::wstring& combined,
     17                                const std::wstring& expected_domain,
     18                                const std::wstring& expected_user) {
     19   std::wstring actual_domain;
     20   std::wstring actual_user;
     21   SplitDomainAndUser(combined, &actual_domain, &actual_user);
     22   EXPECT_EQ(expected_domain, actual_domain);
     23   EXPECT_EQ(expected_user, actual_user);
     24 }
     25 
     26 const ULONG kMaxTokenLength = 100;
     27 
     28 }  // namespace
     29 
     30 TEST(HttpAuthSSPITest, SplitUserAndDomain) {
     31   MatchDomainUserAfterSplit(L"foobar", L"", L"foobar");
     32   MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar");
     33 }
     34 
     35 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) {
     36   SecPkgInfoW package_info;
     37   memset(&package_info, 0x0, sizeof(package_info));
     38   package_info.cbMaxToken = 1337;
     39 
     40   MockSSPILibrary mock_library;
     41   mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info);
     42   ULONG max_token_length = kMaxTokenLength;
     43   int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length);
     44   EXPECT_EQ(OK, rv);
     45   EXPECT_EQ(1337, max_token_length);
     46 }
     47 
     48 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) {
     49   MockSSPILibrary mock_library;
     50   mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND,
     51                                               NULL);
     52   ULONG max_token_length = kMaxTokenLength;
     53   int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length);
     54   EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
     55   // |DetermineMaxTokenLength()| interface states that |max_token_length| should
     56   // not change on failure.
     57   EXPECT_EQ(100, max_token_length);
     58 }
     59 
     60 TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) {
     61   // The first round should just consist of an unadorned "Negotiate" header.
     62   MockSSPILibrary mock_library;
     63   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
     64                          NEGOSSP_NAME, kMaxTokenLength);
     65   std::string challenge_text = "Negotiate";
     66   HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
     67                                        challenge_text.end());
     68   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
     69             auth_sspi.ParseChallenge(&challenge));
     70 }
     71 
     72 TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) {
     73   // The first round should just have "Negotiate", and the second round should
     74   // have a valid base64 token associated with it.
     75   MockSSPILibrary mock_library;
     76   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
     77                          NEGOSSP_NAME, kMaxTokenLength);
     78   std::string first_challenge_text = "Negotiate";
     79   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
     80                                              first_challenge_text.end());
     81   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
     82             auth_sspi.ParseChallenge(&first_challenge));
     83 
     84   // Generate an auth token and create another thing.
     85   std::string auth_token;
     86   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
     87                                             &auth_token));
     88 
     89   std::string second_challenge_text = "Negotiate Zm9vYmFy";
     90   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
     91                                               second_challenge_text.end());
     92   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
     93             auth_sspi.ParseChallenge(&second_challenge));
     94 }
     95 
     96 TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) {
     97   // If the first round challenge has an additional authentication token, it
     98   // should be treated as an invalid challenge from the server.
     99   MockSSPILibrary mock_library;
    100   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
    101                          NEGOSSP_NAME, kMaxTokenLength);
    102   std::string challenge_text = "Negotiate Zm9vYmFy";
    103   HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
    104                                        challenge_text.end());
    105   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
    106             auth_sspi.ParseChallenge(&challenge));
    107 }
    108 
    109 TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) {
    110   // If a later-round challenge is simply "Negotiate", it should be treated as
    111   // an authentication challenge rejection from the server or proxy.
    112   MockSSPILibrary mock_library;
    113   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
    114                          NEGOSSP_NAME, kMaxTokenLength);
    115   std::string first_challenge_text = "Negotiate";
    116   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
    117                                              first_challenge_text.end());
    118   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
    119             auth_sspi.ParseChallenge(&first_challenge));
    120 
    121   std::string auth_token;
    122   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
    123                                             &auth_token));
    124   std::string second_challenge_text = "Negotiate";
    125   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
    126                                               second_challenge_text.end());
    127   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
    128             auth_sspi.ParseChallenge(&second_challenge));
    129 }
    130 
    131 TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) {
    132   // If a later-round challenge has an invalid base64 encoded token, it should
    133   // be treated as an invalid challenge.
    134   MockSSPILibrary mock_library;
    135   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
    136                          NEGOSSP_NAME, kMaxTokenLength);
    137   std::string first_challenge_text = "Negotiate";
    138   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
    139                                              first_challenge_text.end());
    140   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
    141             auth_sspi.ParseChallenge(&first_challenge));
    142 
    143   std::string auth_token;
    144   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
    145                                             &auth_token));
    146   std::string second_challenge_text = "Negotiate =happyjoy=";
    147   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
    148                                               second_challenge_text.end());
    149   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
    150             auth_sspi.ParseChallenge(&second_challenge));
    151 }
    152 
    153 }  // namespace net
    154