Google Git
Sign in
chromium / chromium / src.git / 6846aeff59836d8064ad90a934c60829575a970e / . / chrome / browser / internal_auth_unittest.cc
blob: f9dd9324ee58109ddcc36b5031caf96346161711 [file] [log] [blame]
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/internal_auth.h"
6
avi6846aef2015-12-26 01:09:38[diff] [blame^]7#include <stddef.h>
8
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]9#include <algorithm>
10
11#include "base/lazy_instance.h"
[email protected]467a106e2013-07-18 12:07:19[diff] [blame]12#include "base/message_loop/message_loop.h"
[email protected]0e498482013-06-28 01:53:43[diff] [blame]13#include "base/time/time.h"
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]14#include "testing/gtest/include/gtest/gtest.h"
15
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]16namespace chrome {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]17
18class InternalAuthTest : public ::testing::Test {
19 public:
20 InternalAuthTest() {
21 long_string_ = "seed";
22 for (int i = 20; i--;)
23 long_string_ += long_string_;
24 }
dchenge1bc7982014-10-30 00:32:40[diff] [blame]25 ~InternalAuthTest() override {}
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]26
dchenge1bc7982014-10-30 00:32:40[diff] [blame]27 void SetUp() override {}
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]28
dchenge1bc7982014-10-30 00:32:40[diff] [blame]29 void TearDown() override {}
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]30
[email protected]b3a25092013-05-28 22:08:16[diff] [blame]31 base::MessageLoop message_loop_;
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]32 std::string long_string_;
33};
34
35TEST_F(InternalAuthTest, BasicGeneration) {
36 std::map<std::string, std::string> map;
37 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]38 std::string token = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]39 "zapata", map);
40 ASSERT_GT(token.size(), 10u); // short token is insecure.
41
42 map["key2"] = "value2";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]43 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]44 ASSERT_GT(token.size(), 10u);
45}
46
47TEST_F(InternalAuthTest, DoubleGeneration) {
48 std::map<std::string, std::string> map;
49 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]50 std::string token1 = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]51 "zapata", map);
52 ASSERT_GT(token1.size(), 10u);
53
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]54 std::string token2 = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]55 "zapata", map);
56 ASSERT_GT(token2.size(), 10u);
57 // tokens are different even if credentials coincide.
58 ASSERT_NE(token1, token2);
59}
60
61TEST_F(InternalAuthTest, BadGeneration) {
62 std::map<std::string, std::string> map;
63 map["key"] = "value";
64 // Trying huge domain.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]65 std::string token = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]66 long_string_, map);
67 ASSERT_TRUE(token.empty());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]68 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]69 token, long_string_, map));
70
71 // Trying empty domain.
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]72 token = InternalAuthGeneration::GeneratePassport(std::string(), map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]73 ASSERT_TRUE(token.empty());
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]74 ASSERT_FALSE(
75 InternalAuthVerification::VerifyPassport(token, std::string(), map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]76
77 std::string dummy("abcdefghij");
78 for (size_t i = 1000; i--;) {
79 std::string key = dummy;
80 std::next_permutation(dummy.begin(), dummy.end());
81 std::string value = dummy;
82 std::next_permutation(dummy.begin(), dummy.end());
83 map[key] = value;
84 }
85 // Trying huge var=value map.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]86 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]87 ASSERT_TRUE(token.empty());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]88 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]89
90 map.clear();
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]91 map[std::string()] = "value";
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]92 // Trying empty key.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]93 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]94 ASSERT_TRUE(token.empty());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]95 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]96}
97
98TEST_F(InternalAuthTest, BasicVerification) {
99 std::map<std::string, std::string> map;
100 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]101 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]102 ASSERT_GT(token.size(), 10u);
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]103 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]104 // Passport can not be reused.
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]105 for (int i = 1000; i--;) {
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]106 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]107 token, "zapata", map));
108 }
109}
110
111TEST_F(InternalAuthTest, BruteForce) {
112 std::map<std::string, std::string> map;
113 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]114 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]115 ASSERT_GT(token.size(), 10u);
116
117 // Trying bruteforce.
118 std::string dummy = token;
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]119 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]120 std::next_permutation(dummy.begin(), dummy.end());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]121 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]122 dummy, "zapata", map));
123 }
124 dummy = token;
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]125 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]126 std::next_permutation(dummy.begin(), dummy.begin() + dummy.size() / 2);
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]127 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]128 dummy, "zapata", map));
129 }
130 // We brute forced just too little, so original token must not expire yet.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]131 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]132}
133
134TEST_F(InternalAuthTest, ExpirationAndBruteForce) {
135 int kCustomVerificationWindow = 2;
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]136 InternalAuthVerification::set_verification_window_seconds(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]137 kCustomVerificationWindow);
138
139 std::map<std::string, std::string> map;
140 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]141 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]142 ASSERT_GT(token.size(), 10u);
143
144 // We want to test token expiration, so we need to wait some amount of time,
145 // so we are brute-forcing during this time.
146 base::Time timestamp = base::Time::Now();
147 std::string dummy1 = token;
148 std::string dummy2 = token;
149 for (;;) {
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]150 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]151 std::next_permutation(dummy1.begin(), dummy1.end());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]152 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]153 dummy1, "zapata", map));
154 }
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]155 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]156 std::next_permutation(dummy2.begin(), dummy2.begin() + dummy2.size() / 2);
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]157 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]158 dummy2, "zapata", map));
159 }
160 if (base::Time::Now() - timestamp > base::TimeDelta::FromSeconds(
161 kCustomVerificationWindow + 1)) {
162 break;
163 }
164 }
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]165 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]166 // Reset verification window to default.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]167 InternalAuthVerification::set_verification_window_seconds(0);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]168}
169
170TEST_F(InternalAuthTest, ChangeKey) {
171 std::map<std::string, std::string> map;
172 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]173 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]174 ASSERT_GT(token.size(), 10u);
175
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]176 InternalAuthGeneration::GenerateNewKey();
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]177 // Passport should survive key change.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]178 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]179
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]180 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]181 ASSERT_GT(token.size(), 10u);
182 for (int i = 20; i--;)
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]183 InternalAuthGeneration::GenerateNewKey();
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]184 // Passport should not survive series of key changes.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]185 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]186}
187
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]188} // namespace chrome