Google Git
Sign in
chromium / chromium / src.git / e2b6e5ffe666bd4c7fcb9b6ba2ebb175c0df97f4 / . / chrome / browser / internal_auth_unittest.cc
blob: 450992e18cdf6aaca6669a3e0efd222e6d454b21 [file] [log] [blame]
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/internal_auth.h"
6
avi6846aef2015-12-26 01:09:38[diff] [blame]7#include <stddef.h>
8
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]9#include <algorithm>
10
11#include "base/lazy_instance.h"
[email protected]467a106e2013-07-18 12:07:19[diff] [blame]12#include "base/message_loop/message_loop.h"
[email protected]0e498482013-06-28 01:53:43[diff] [blame]13#include "base/time/time.h"
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]14#include "testing/gtest/include/gtest/gtest.h"
15
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]16class InternalAuthTest : public ::testing::Test {
17 public:
18 InternalAuthTest() {
19 long_string_ = "seed";
20 for (int i = 20; i--;)
21 long_string_ += long_string_;
22 }
dchenge1bc7982014-10-30 00:32:40[diff] [blame]23 ~InternalAuthTest() override {}
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]24
dchenge1bc7982014-10-30 00:32:40[diff] [blame]25 void SetUp() override {}
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]26
dchenge1bc7982014-10-30 00:32:40[diff] [blame]27 void TearDown() override {}
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]28
[email protected]b3a25092013-05-28 22:08:16[diff] [blame]29 base::MessageLoop message_loop_;
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]30 std::string long_string_;
31};
32
33TEST_F(InternalAuthTest, BasicGeneration) {
34 std::map<std::string, std::string> map;
35 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]36 std::string token = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]37 "zapata", map);
38 ASSERT_GT(token.size(), 10u); // short token is insecure.
39
40 map["key2"] = "value2";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]41 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]42 ASSERT_GT(token.size(), 10u);
43}
44
45TEST_F(InternalAuthTest, DoubleGeneration) {
46 std::map<std::string, std::string> map;
47 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]48 std::string token1 = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]49 "zapata", map);
50 ASSERT_GT(token1.size(), 10u);
51
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]52 std::string token2 = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]53 "zapata", map);
54 ASSERT_GT(token2.size(), 10u);
55 // tokens are different even if credentials coincide.
56 ASSERT_NE(token1, token2);
57}
58
59TEST_F(InternalAuthTest, BadGeneration) {
60 std::map<std::string, std::string> map;
61 map["key"] = "value";
62 // Trying huge domain.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]63 std::string token = InternalAuthGeneration::GeneratePassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]64 long_string_, map);
65 ASSERT_TRUE(token.empty());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]66 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]67 token, long_string_, map));
68
69 // Trying empty domain.
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]70 token = InternalAuthGeneration::GeneratePassport(std::string(), map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]71 ASSERT_TRUE(token.empty());
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]72 ASSERT_FALSE(
73 InternalAuthVerification::VerifyPassport(token, std::string(), map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]74
75 std::string dummy("abcdefghij");
76 for (size_t i = 1000; i--;) {
77 std::string key = dummy;
78 std::next_permutation(dummy.begin(), dummy.end());
79 std::string value = dummy;
80 std::next_permutation(dummy.begin(), dummy.end());
81 map[key] = value;
82 }
83 // Trying huge var=value map.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]84 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]85 ASSERT_TRUE(token.empty());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]86 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]87
88 map.clear();
[email protected]007b3f82013-04-09 08:46:45[diff] [blame]89 map[std::string()] = "value";
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]90 // Trying empty key.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]91 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]92 ASSERT_TRUE(token.empty());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]93 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]94}
95
96TEST_F(InternalAuthTest, BasicVerification) {
97 std::map<std::string, std::string> map;
98 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]99 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]100 ASSERT_GT(token.size(), 10u);
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]101 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]102 // Passport can not be reused.
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]103 for (int i = 1000; i--;) {
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]104 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]105 token, "zapata", map));
106 }
107}
108
109TEST_F(InternalAuthTest, BruteForce) {
110 std::map<std::string, std::string> map;
111 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]112 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]113 ASSERT_GT(token.size(), 10u);
114
115 // Trying bruteforce.
116 std::string dummy = token;
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]117 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]118 std::next_permutation(dummy.begin(), dummy.end());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]119 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]120 dummy, "zapata", map));
121 }
122 dummy = token;
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]123 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]124 std::next_permutation(dummy.begin(), dummy.begin() + dummy.size() / 2);
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]125 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]126 dummy, "zapata", map));
127 }
128 // We brute forced just too little, so original token must not expire yet.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]129 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]130}
131
132TEST_F(InternalAuthTest, ExpirationAndBruteForce) {
133 int kCustomVerificationWindow = 2;
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]134 InternalAuthVerification::set_verification_window_seconds(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]135 kCustomVerificationWindow);
136
137 std::map<std::string, std::string> map;
138 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]139 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]140 ASSERT_GT(token.size(), 10u);
141
142 // We want to test token expiration, so we need to wait some amount of time,
143 // so we are brute-forcing during this time.
144 base::Time timestamp = base::Time::Now();
145 std::string dummy1 = token;
146 std::string dummy2 = token;
147 for (;;) {
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]148 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]149 std::next_permutation(dummy1.begin(), dummy1.end());
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]150 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]151 dummy1, "zapata", map));
152 }
[email protected]8212d2c2011-05-19 11:01:19[diff] [blame]153 for (size_t i = 100; i--;) {
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]154 std::next_permutation(dummy2.begin(), dummy2.begin() + dummy2.size() / 2);
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]155 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]156 dummy2, "zapata", map));
157 }
158 if (base::Time::Now() - timestamp > base::TimeDelta::FromSeconds(
159 kCustomVerificationWindow + 1)) {
160 break;
161 }
162 }
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]163 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]164 // Reset verification window to default.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]165 InternalAuthVerification::set_verification_window_seconds(0);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]166}
167
168TEST_F(InternalAuthTest, ChangeKey) {
169 std::map<std::string, std::string> map;
170 map["key"] = "value";
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]171 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]172 ASSERT_GT(token.size(), 10u);
173
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]174 InternalAuthGeneration::GenerateNewKey();
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]175 // Passport should survive key change.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]176 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]177
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]178 token = InternalAuthGeneration::GeneratePassport("zapata", map);
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]179 ASSERT_GT(token.size(), 10u);
180 for (int i = 20; i--;)
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]181 InternalAuthGeneration::GenerateNewKey();
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]182 // Passport should not survive series of key changes.
[email protected]08b14a52012-07-02 23:30:36[diff] [blame]183 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
[email protected]c6e584c2011-05-18 11:58:44[diff] [blame]184}