1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
7 #include "base/base64.h"
9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h"
11 #include "base/message_loop/message_loop.h"
12 #include "base/path_service.h"
13 #include "base/test/test_timeouts.h"
14 #include "base/timer/timer.h"
15 #include "crypto/rsa_private_key.h"
16 #include "net/base/net_errors.h"
17 #include "net/base/test_data_directory.h"
18 #include "remoting/base/rsa_key_pair.h"
19 #include "remoting/protocol/connection_tester.h"
20 #include "remoting/protocol/fake_session.h"
21 #include "testing/gmock/include/gmock/gmock.h"
22 #include "testing/gtest/include/gtest/gtest.h"
23 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
26 using testing::NotNull
;
27 using testing::SaveArg
;
34 const char kTestSharedSecret
[] = "1234-1234-5678";
35 const char kTestSharedSecretBad
[] = "0000-0000-0001";
37 class MockChannelDoneCallback
{
39 MOCK_METHOD2(OnDone
, void(int error
, net::StreamSocket
* socket
));
42 ACTION_P(QuitThreadOnCounter
, counter
) {
44 EXPECT_GE(*counter
, 0);
46 base::MessageLoop::current()->Quit();
51 class SslHmacChannelAuthenticatorTest
: public testing::Test
{
53 SslHmacChannelAuthenticatorTest() {}
54 virtual ~SslHmacChannelAuthenticatorTest() {}
57 virtual void SetUp() override
{
58 base::FilePath
certs_dir(net::GetTestCertsDirectory());
60 base::FilePath cert_path
= certs_dir
.AppendASCII("unittest.selfsigned.der");
61 ASSERT_TRUE(base::ReadFileToString(cert_path
, &host_cert_
));
63 base::FilePath key_path
= certs_dir
.AppendASCII("unittest.key.bin");
64 std::string key_string
;
65 ASSERT_TRUE(base::ReadFileToString(key_path
, &key_string
));
66 std::string key_base64
;
67 base::Base64Encode(key_string
, &key_base64
);
68 key_pair_
= RsaKeyPair::FromString(key_base64
);
69 ASSERT_TRUE(key_pair_
.get());
72 void RunChannelAuth(bool expected_fail
) {
73 client_fake_socket_
.reset(new FakeStreamSocket());
74 host_fake_socket_
.reset(new FakeStreamSocket());
75 client_fake_socket_
->PairWith(host_fake_socket_
.get());
77 client_auth_
->SecureAndAuthenticate(
78 client_fake_socket_
.Pass(),
79 base::Bind(&SslHmacChannelAuthenticatorTest::OnClientConnected
,
80 base::Unretained(this)));
82 host_auth_
->SecureAndAuthenticate(
83 host_fake_socket_
.Pass(),
84 base::Bind(&SslHmacChannelAuthenticatorTest::OnHostConnected
,
85 base::Unretained(this), std::string("ref argument value")));
87 // Expect two callbacks to be called - the client callback and the host
89 int callback_counter
= 2;
92 EXPECT_CALL(client_callback_
, OnDone(net::ERR_FAILED
, NULL
))
93 .WillOnce(QuitThreadOnCounter(&callback_counter
));
94 EXPECT_CALL(host_callback_
, OnDone(net::ERR_FAILED
, NULL
))
95 .WillOnce(QuitThreadOnCounter(&callback_counter
));
97 EXPECT_CALL(client_callback_
, OnDone(net::OK
, NotNull()))
98 .WillOnce(QuitThreadOnCounter(&callback_counter
));
99 EXPECT_CALL(host_callback_
, OnDone(net::OK
, NotNull()))
100 .WillOnce(QuitThreadOnCounter(&callback_counter
));
103 // Ensure that .Run() does not run unbounded if the callbacks are never
105 base::Timer
shutdown_timer(false, false);
106 shutdown_timer
.Start(FROM_HERE
,
107 TestTimeouts::action_timeout(),
108 base::MessageLoop::QuitClosure());
112 void OnHostConnected(const std::string
& ref_argument
,
114 scoped_ptr
<net::StreamSocket
> socket
) {
115 // Try deleting the authenticator and verify that this doesn't destroy
116 // reference parameters.
118 DCHECK_EQ(ref_argument
, "ref argument value");
120 host_callback_
.OnDone(error
, socket
.get());
121 host_socket_
= socket
.Pass();
124 void OnClientConnected(int error
, scoped_ptr
<net::StreamSocket
> socket
) {
125 client_auth_
.reset();
126 client_callback_
.OnDone(error
, socket
.get());
127 client_socket_
= socket
.Pass();
130 base::MessageLoop message_loop_
;
132 scoped_refptr
<RsaKeyPair
> key_pair_
;
133 std::string host_cert_
;
134 scoped_ptr
<FakeStreamSocket
> client_fake_socket_
;
135 scoped_ptr
<FakeStreamSocket
> host_fake_socket_
;
136 scoped_ptr
<ChannelAuthenticator
> client_auth_
;
137 scoped_ptr
<ChannelAuthenticator
> host_auth_
;
138 MockChannelDoneCallback client_callback_
;
139 MockChannelDoneCallback host_callback_
;
140 scoped_ptr
<net::StreamSocket
> client_socket_
;
141 scoped_ptr
<net::StreamSocket
> host_socket_
;
143 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticatorTest
);
146 // Verify that a channel can be connected using a valid shared secret.
147 TEST_F(SslHmacChannelAuthenticatorTest
, SuccessfulAuth
) {
148 client_auth_
= SslHmacChannelAuthenticator::CreateForClient(
149 host_cert_
, kTestSharedSecret
);
150 host_auth_
= SslHmacChannelAuthenticator::CreateForHost(
151 host_cert_
, key_pair_
, kTestSharedSecret
);
153 RunChannelAuth(false);
155 ASSERT_TRUE(client_socket_
.get() != NULL
);
156 ASSERT_TRUE(host_socket_
.get() != NULL
);
158 StreamConnectionTester
tester(host_socket_
.get(), client_socket_
.get(),
163 tester
.CheckResults();
166 // Verify that channels cannot be using invalid shared secret.
167 TEST_F(SslHmacChannelAuthenticatorTest
, InvalidChannelSecret
) {
168 client_auth_
= SslHmacChannelAuthenticator::CreateForClient(
169 host_cert_
, kTestSharedSecretBad
);
170 host_auth_
= SslHmacChannelAuthenticator::CreateForHost(
171 host_cert_
, key_pair_
, kTestSharedSecret
);
173 RunChannelAuth(true);
175 ASSERT_TRUE(host_socket_
.get() == NULL
);
178 } // namespace protocol
179 } // namespace remoting
