Google Git
Sign in
chromium / chromium / src.git / bc4e551b1f94caa915997d6394f44da58ec146f1 / . / net / http / http_auth_sspi_win_unittest.cc
blob: 09fe6fa25efd35e155bfd92657b6ec320b7ef042 [file] [log] [blame]
[email protected]f3cf9802011-10-28 18:44:58[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]5#include "base/basictypes.h"
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]6#include "net/base/net_errors.h"
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]7#include "net/http/http_auth_sspi_win.h"
[email protected]5c2471b2010-04-20 17:25:09[diff] [blame]8#include "net/http/mock_sspi_library_win.h"
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]9#include "testing/gtest/include/gtest/gtest.h"
10
11namespace net {
12
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]13namespace {
14
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]15void MatchDomainUserAfterSplit(const std::wstring& combined,
16 const std::wstring& expected_domain,
17 const std::wstring& expected_user) {
18 std::wstring actual_domain;
19 std::wstring actual_user;
20 SplitDomainAndUser(combined, &actual_domain, &actual_user);
21 EXPECT_EQ(expected_domain, actual_domain);
22 EXPECT_EQ(expected_user, actual_user);
23}
24
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]25const ULONG kMaxTokenLength = 100;
26
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]27} // namespace
28
29TEST(HttpAuthSSPITest, SplitUserAndDomain) {
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]30 MatchDomainUserAfterSplit(L"foobar", L"", L"foobar");
31 MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar");
32}
33
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]34TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) {
35 SecPkgInfoW package_info;
36 memset(&package_info, 0x0, sizeof(package_info));
37 package_info.cbMaxToken = 1337;
38
[email protected]5c2471b2010-04-20 17:25:09[diff] [blame]39 MockSSPILibrary mock_library;
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]40 mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info);
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]41 ULONG max_token_length = kMaxTokenLength;
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]42 int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length);
43 EXPECT_EQ(OK, rv);
44 EXPECT_EQ(1337, max_token_length);
45}
46
47TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) {
[email protected]5c2471b2010-04-20 17:25:09[diff] [blame]48 MockSSPILibrary mock_library;
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]49 mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND,
50 NULL);
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]51 ULONG max_token_length = kMaxTokenLength;
[email protected]7c46fa572010-02-25 16:05:34[diff] [blame]52 int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length);
53 EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
54 // |DetermineMaxTokenLength()| interface states that |max_token_length| should
55 // not change on failure.
56 EXPECT_EQ(100, max_token_length);
57}
58
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]59TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) {
60 // The first round should just consist of an unadorned "Negotiate" header.
61 MockSSPILibrary mock_library;
62 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
63 NEGOSSP_NAME, kMaxTokenLength);
64 std::string challenge_text = "Negotiate";
65 HttpAuth::ChallengeTokenizer challenge(challenge_text.begin(),
66 challenge_text.end());
67 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
68 auth_sspi.ParseChallenge(&challenge));
69}
70
71TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) {
72 // The first round should just have "Negotiate", and the second round should
73 // have a valid base64 token associated with it.
74 MockSSPILibrary mock_library;
75 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
76 NEGOSSP_NAME, kMaxTokenLength);
77 std::string first_challenge_text = "Negotiate";
78 HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(),
79 first_challenge_text.end());
80 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
81 auth_sspi.ParseChallenge(&first_challenge));
82
83 // Generate an auth token and create another thing.
84 std::string auth_token;
[email protected]bc4e5512013-12-06 07:18:49[diff] [blame^]85 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]86 &auth_token));
87
88 std::string second_challenge_text = "Negotiate Zm9vYmFy";
89 HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(),
90 second_challenge_text.end());
91 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
92 auth_sspi.ParseChallenge(&second_challenge));
93}
94
95TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) {
96 // If the first round challenge has an additional authentication token, it
97 // should be treated as an invalid challenge from the server.
98 MockSSPILibrary mock_library;
99 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
100 NEGOSSP_NAME, kMaxTokenLength);
101 std::string challenge_text = "Negotiate Zm9vYmFy";
102 HttpAuth::ChallengeTokenizer challenge(challenge_text.begin(),
103 challenge_text.end());
104 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
105 auth_sspi.ParseChallenge(&challenge));
106}
107
108TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) {
109 // If a later-round challenge is simply "Negotiate", it should be treated as
110 // an authentication challenge rejection from the server or proxy.
111 MockSSPILibrary mock_library;
112 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
113 NEGOSSP_NAME, kMaxTokenLength);
114 std::string first_challenge_text = "Negotiate";
115 HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(),
116 first_challenge_text.end());
117 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
118 auth_sspi.ParseChallenge(&first_challenge));
119
120 std::string auth_token;
[email protected]bc4e5512013-12-06 07:18:49[diff] [blame^]121 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]122 &auth_token));
123 std::string second_challenge_text = "Negotiate";
124 HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(),
125 second_challenge_text.end());
126 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
127 auth_sspi.ParseChallenge(&second_challenge));
128}
129
130TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) {
131 // If a later-round challenge has an invalid base64 encoded token, it should
132 // be treated as an invalid challenge.
133 MockSSPILibrary mock_library;
134 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
135 NEGOSSP_NAME, kMaxTokenLength);
136 std::string first_challenge_text = "Negotiate";
137 HttpAuth::ChallengeTokenizer first_challenge(first_challenge_text.begin(),
138 first_challenge_text.end());
139 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
140 auth_sspi.ParseChallenge(&first_challenge));
141
142 std::string auth_token;
[email protected]bc4e5512013-12-06 07:18:49[diff] [blame^]143 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
[email protected]eca50e122010-09-11 14:03:30[diff] [blame]144 &auth_token));
145 std::string second_challenge_text = "Negotiate =happyjoy=";
146 HttpAuth::ChallengeTokenizer second_challenge(second_challenge_text.begin(),
147 second_challenge_text.end());
148 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
149 auth_sspi.ParseChallenge(&second_challenge));
150}
151
[email protected]7da0b332010-01-08 14:56:56[diff] [blame]152} // namespace net