[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "chrome/browser/internal_auth.h" |
| 6 | |
| 7 | #include <algorithm> |
| 8 | |
| 9 | #include "base/lazy_instance.h" |
[email protected] | 3fc40c14 | 2011-12-01 13:09:04 | [diff] [blame] | 10 | #include "base/message_loop.h" |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 11 | #include "base/time.h" |
[email protected] | e97882f | 2012-06-04 02:23:17 | [diff] [blame] | 12 | #include "content/public/test/test_browser_thread.h" |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 13 | #include "testing/gtest/include/gtest/gtest.h" |
| 14 | |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 15 | namespace chrome { |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 16 | |
| 17 | class InternalAuthTest : public ::testing::Test { |
| 18 | public: |
| 19 | InternalAuthTest() { |
| 20 | long_string_ = "seed"; |
| 21 | for (int i = 20; i--;) |
| 22 | long_string_ += long_string_; |
| 23 | } |
| 24 | virtual ~InternalAuthTest() {} |
| 25 | |
| 26 | virtual void SetUp() { |
| 27 | } |
| 28 | |
| 29 | virtual void TearDown() { |
| 30 | } |
| 31 | |
| 32 | MessageLoop message_loop_; |
| 33 | std::string long_string_; |
| 34 | }; |
| 35 | |
| 36 | TEST_F(InternalAuthTest, BasicGeneration) { |
| 37 | std::map<std::string, std::string> map; |
| 38 | map["key"] = "value"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 39 | std::string token = InternalAuthGeneration::GeneratePassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 40 | "zapata", map); |
| 41 | ASSERT_GT(token.size(), 10u); // short token is insecure. |
| 42 | |
| 43 | map["key2"] = "value2"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 44 | token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 45 | ASSERT_GT(token.size(), 10u); |
| 46 | } |
| 47 | |
| 48 | TEST_F(InternalAuthTest, DoubleGeneration) { |
| 49 | std::map<std::string, std::string> map; |
| 50 | map["key"] = "value"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 51 | std::string token1 = InternalAuthGeneration::GeneratePassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 52 | "zapata", map); |
| 53 | ASSERT_GT(token1.size(), 10u); |
| 54 | |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 55 | std::string token2 = InternalAuthGeneration::GeneratePassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 56 | "zapata", map); |
| 57 | ASSERT_GT(token2.size(), 10u); |
| 58 | // tokens are different even if credentials coincide. |
| 59 | ASSERT_NE(token1, token2); |
| 60 | } |
| 61 | |
| 62 | TEST_F(InternalAuthTest, BadGeneration) { |
| 63 | std::map<std::string, std::string> map; |
| 64 | map["key"] = "value"; |
| 65 | // Trying huge domain. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 66 | std::string token = InternalAuthGeneration::GeneratePassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 67 | long_string_, map); |
| 68 | ASSERT_TRUE(token.empty()); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 69 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 70 | token, long_string_, map)); |
| 71 | |
| 72 | // Trying empty domain. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 73 | token = InternalAuthGeneration::GeneratePassport("", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 74 | ASSERT_TRUE(token.empty()); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 75 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 76 | |
| 77 | std::string dummy("abcdefghij"); |
| 78 | for (size_t i = 1000; i--;) { |
| 79 | std::string key = dummy; |
| 80 | std::next_permutation(dummy.begin(), dummy.end()); |
| 81 | std::string value = dummy; |
| 82 | std::next_permutation(dummy.begin(), dummy.end()); |
| 83 | map[key] = value; |
| 84 | } |
| 85 | // Trying huge var=value map. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 86 | token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 87 | ASSERT_TRUE(token.empty()); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 88 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 89 | |
| 90 | map.clear(); |
| 91 | map[""] = "value"; |
| 92 | // Trying empty key. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 93 | token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 94 | ASSERT_TRUE(token.empty()); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 95 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 96 | } |
| 97 | |
| 98 | TEST_F(InternalAuthTest, BasicVerification) { |
| 99 | std::map<std::string, std::string> map; |
| 100 | map["key"] = "value"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 101 | std::string token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 102 | ASSERT_GT(token.size(), 10u); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 103 | ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 104 | // Passport can not be reused. |
[email protected] | 8212d2c | 2011-05-19 11:01:19 | [diff] [blame] | 105 | for (int i = 1000; i--;) { |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 106 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 107 | token, "zapata", map)); |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | TEST_F(InternalAuthTest, BruteForce) { |
| 112 | std::map<std::string, std::string> map; |
| 113 | map["key"] = "value"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 114 | std::string token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 115 | ASSERT_GT(token.size(), 10u); |
| 116 | |
| 117 | // Trying bruteforce. |
| 118 | std::string dummy = token; |
[email protected] | 8212d2c | 2011-05-19 11:01:19 | [diff] [blame] | 119 | for (size_t i = 100; i--;) { |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 120 | std::next_permutation(dummy.begin(), dummy.end()); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 121 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 122 | dummy, "zapata", map)); |
| 123 | } |
| 124 | dummy = token; |
[email protected] | 8212d2c | 2011-05-19 11:01:19 | [diff] [blame] | 125 | for (size_t i = 100; i--;) { |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 126 | std::next_permutation(dummy.begin(), dummy.begin() + dummy.size() / 2); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 127 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 128 | dummy, "zapata", map)); |
| 129 | } |
| 130 | // We brute forced just too little, so original token must not expire yet. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 131 | ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 132 | } |
| 133 | |
| 134 | TEST_F(InternalAuthTest, ExpirationAndBruteForce) { |
| 135 | int kCustomVerificationWindow = 2; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 136 | InternalAuthVerification::set_verification_window_seconds( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 137 | kCustomVerificationWindow); |
| 138 | |
| 139 | std::map<std::string, std::string> map; |
| 140 | map["key"] = "value"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 141 | std::string token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 142 | ASSERT_GT(token.size(), 10u); |
| 143 | |
| 144 | // We want to test token expiration, so we need to wait some amount of time, |
| 145 | // so we are brute-forcing during this time. |
| 146 | base::Time timestamp = base::Time::Now(); |
| 147 | std::string dummy1 = token; |
| 148 | std::string dummy2 = token; |
| 149 | for (;;) { |
[email protected] | 8212d2c | 2011-05-19 11:01:19 | [diff] [blame] | 150 | for (size_t i = 100; i--;) { |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 151 | std::next_permutation(dummy1.begin(), dummy1.end()); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 152 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 153 | dummy1, "zapata", map)); |
| 154 | } |
[email protected] | 8212d2c | 2011-05-19 11:01:19 | [diff] [blame] | 155 | for (size_t i = 100; i--;) { |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 156 | std::next_permutation(dummy2.begin(), dummy2.begin() + dummy2.size() / 2); |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 157 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport( |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 158 | dummy2, "zapata", map)); |
| 159 | } |
| 160 | if (base::Time::Now() - timestamp > base::TimeDelta::FromSeconds( |
| 161 | kCustomVerificationWindow + 1)) { |
| 162 | break; |
| 163 | } |
| 164 | } |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 165 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 166 | // Reset verification window to default. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 167 | InternalAuthVerification::set_verification_window_seconds(0); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 168 | } |
| 169 | |
| 170 | TEST_F(InternalAuthTest, ChangeKey) { |
| 171 | std::map<std::string, std::string> map; |
| 172 | map["key"] = "value"; |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 173 | std::string token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 174 | ASSERT_GT(token.size(), 10u); |
| 175 | |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 176 | InternalAuthGeneration::GenerateNewKey(); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 177 | // Passport should survive key change. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 178 | ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 179 | |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 180 | token = InternalAuthGeneration::GeneratePassport("zapata", map); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 181 | ASSERT_GT(token.size(), 10u); |
| 182 | for (int i = 20; i--;) |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 183 | InternalAuthGeneration::GenerateNewKey(); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 184 | // Passport should not survive series of key changes. |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 185 | ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map)); |
[email protected] | c6e584c | 2011-05-18 11:58:44 | [diff] [blame] | 186 | } |
| 187 | |
[email protected] | 08b14a5 | 2012-07-02 23:30:36 | [diff] [blame^] | 188 | } // namespace chrome |