Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / net / http / http_auth_sspi_win_unittest.cc
blob586822d2ef774862c5317300a433813a90252e12
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/basictypes.h"
6 #include "net/base/net_errors.h"
7 #include "net/http/http_auth_challenge_tokenizer.h"
8 #include "net/http/http_auth_sspi_win.h"
9 #include "net/http/mock_sspi_library_win.h"
10 #include "testing/gtest/include/gtest/gtest.h"
12 namespace net {
14 namespace {
16 void MatchDomainUserAfterSplit(const std::wstring& combined,
17 const std::wstring& expected_domain,
18 const std::wstring& expected_user) {
19 std::wstring actual_domain;
20 std::wstring actual_user;
21 SplitDomainAndUser(combined, &actual_domain, &actual_user);
22 EXPECT_EQ(expected_domain, actual_domain);
23 EXPECT_EQ(expected_user, actual_user);
26 const ULONG kMaxTokenLength = 100;
28 } // namespace
30 TEST(HttpAuthSSPITest, SplitUserAndDomain) {
31 MatchDomainUserAfterSplit(L"foobar", L"", L"foobar");
32 MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar");
35 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) {
36 SecPkgInfoW package_info;
37 memset(&package_info, 0x0, sizeof(package_info));
38 package_info.cbMaxToken = 1337;
40 MockSSPILibrary mock_library;
41 mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info);
42 ULONG max_token_length = kMaxTokenLength;
43 int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length);
44 EXPECT_EQ(OK, rv);
45 EXPECT_EQ(1337, max_token_length);
48 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) {
49 MockSSPILibrary mock_library;
50 mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND,
51 NULL);
52 ULONG max_token_length = kMaxTokenLength;
53 int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length);
54 EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
55 // |DetermineMaxTokenLength()| interface states that |max_token_length| should
56 // not change on failure.
57 EXPECT_EQ(100, max_token_length);
60 TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) {
61 // The first round should just consist of an unadorned "Negotiate" header.
62 MockSSPILibrary mock_library;
63 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
64 NEGOSSP_NAME, kMaxTokenLength);
65 std::string challenge_text = "Negotiate";
66 HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
67 challenge_text.end());
68 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
69 auth_sspi.ParseChallenge(&challenge));
72 TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) {
73 // The first round should just have "Negotiate", and the second round should
74 // have a valid base64 token associated with it.
75 MockSSPILibrary mock_library;
76 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
77 NEGOSSP_NAME, kMaxTokenLength);
78 std::string first_challenge_text = "Negotiate";
79 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
80 first_challenge_text.end());
81 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
82 auth_sspi.ParseChallenge(&first_challenge));
84 // Generate an auth token and create another thing.
85 std::string auth_token;
86 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
87 &auth_token));
89 std::string second_challenge_text = "Negotiate Zm9vYmFy";
90 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
91 second_challenge_text.end());
92 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
93 auth_sspi.ParseChallenge(&second_challenge));
96 TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) {
97 // If the first round challenge has an additional authentication token, it
98 // should be treated as an invalid challenge from the server.
99 MockSSPILibrary mock_library;
100 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
101 NEGOSSP_NAME, kMaxTokenLength);
102 std::string challenge_text = "Negotiate Zm9vYmFy";
103 HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
104 challenge_text.end());
105 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
106 auth_sspi.ParseChallenge(&challenge));
109 TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) {
110 // If a later-round challenge is simply "Negotiate", it should be treated as
111 // an authentication challenge rejection from the server or proxy.
112 MockSSPILibrary mock_library;
113 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
114 NEGOSSP_NAME, kMaxTokenLength);
115 std::string first_challenge_text = "Negotiate";
116 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
117 first_challenge_text.end());
118 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
119 auth_sspi.ParseChallenge(&first_challenge));
121 std::string auth_token;
122 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
123 &auth_token));
124 std::string second_challenge_text = "Negotiate";
125 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
126 second_challenge_text.end());
127 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
128 auth_sspi.ParseChallenge(&second_challenge));
131 TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) {
132 // If a later-round challenge has an invalid base64 encoded token, it should
133 // be treated as an invalid challenge.
134 MockSSPILibrary mock_library;
135 HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
136 NEGOSSP_NAME, kMaxTokenLength);
137 std::string first_challenge_text = "Negotiate";
138 HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
139 first_challenge_text.end());
140 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
141 auth_sspi.ParseChallenge(&first_challenge));
143 std::string auth_token;
144 EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
145 &auth_token));
146 std::string second_challenge_text = "Negotiate =happyjoy=";
147 HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
148 second_challenge_text.end());
149 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
150 auth_sspi.ParseChallenge(&second_challenge));
153 } // namespace net