remoting/protocol/third_party_authenticator_unittest.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/bind.h"
   6 #include "net/base/net_errors.h"
   7 #include "remoting/base/rsa_key_pair.h"
   8 #include "remoting/protocol/authenticator_test_base.h"
   9 #include "remoting/protocol/channel_authenticator.h"
  10 #include "remoting/protocol/connection_tester.h"
  11 #include "remoting/protocol/fake_authenticator.h"
  12 #include "remoting/protocol/third_party_authenticator_base.h"
  13 #include "remoting/protocol/third_party_client_authenticator.h"
  14 #include "remoting/protocol/third_party_host_authenticator.h"
  15 #include "remoting/protocol/token_validator.h"
  16 #include "testing/gmock/include/gmock/gmock.h"
  17 #include "testing/gtest/include/gtest/gtest.h"
  18 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"
  19
  20 using testing::_;
  21 using testing::DeleteArg;
  22 using testing::SaveArg;
  23
  24 namespace {
  25
  26 const int kMessageSize = 100;
  27 const int kMessages = 1;
  28
  29 const char kTokenUrl[] = "https://example.com/Issue";
  30 const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2";
  31 const char kToken[] = "abc123456xyz789";
  32 const char kSharedSecret[] = "1234-1234-5678";
  33 const char kSharedSecretBad[] = "0000-0000-0001";
  34
  35 }  // namespace
  36
  37 namespace remoting {
  38 namespace protocol {
  39
  40 class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase {
  41   class FakeTokenFetcher : public ThirdPartyClientAuthenticator::TokenFetcher {
  42    public:
  43     virtual void FetchThirdPartyToken(
  44         const GURL& token_url,
  45         const std::string& scope,
  46         const TokenFetchedCallback& token_fetched_callback) OVERRIDE {
  47      ASSERT_EQ(token_url.spec(), kTokenUrl);
  48      ASSERT_EQ(scope, kTokenScope);
  49      ASSERT_FALSE(token_fetched_callback.is_null());
  50      on_token_fetched_ = token_fetched_callback;
  51     }
  52
  53     void OnTokenFetched(const std::string& token,
  54                         const std::string& shared_secret) {
  55       ASSERT_FALSE(on_token_fetched_.is_null());
  56       TokenFetchedCallback on_token_fetched = on_token_fetched_;
  57       on_token_fetched_.Reset();
  58       on_token_fetched.Run(token, shared_secret);
  59     }
  60
  61    private:
  62     TokenFetchedCallback on_token_fetched_;
  63   };
  64
  65   class FakeTokenValidator : public TokenValidator {
  66    public:
  67     FakeTokenValidator()
  68      : token_url_(kTokenUrl),
  69        token_scope_(kTokenScope) {}
  70
  71     virtual ~FakeTokenValidator() {}
  72
  73     virtual void ValidateThirdPartyToken(
  74         const std::string& token,
  75         const TokenValidatedCallback& token_validated_callback) OVERRIDE {
  76       ASSERT_FALSE(token_validated_callback.is_null());
  77       on_token_validated_ = token_validated_callback;
  78     }
  79
  80     void OnTokenValidated(const std::string& shared_secret) {
  81       ASSERT_FALSE(on_token_validated_.is_null());
  82       TokenValidatedCallback on_token_validated = on_token_validated_;
  83       on_token_validated_.Reset();
  84       on_token_validated.Run(shared_secret);
  85     }
  86
  87     virtual const GURL& token_url() const OVERRIDE {
  88       return token_url_;
  89     }
  90
  91     virtual const std::string& token_scope() const OVERRIDE {
  92       return token_scope_;
  93     }
  94
  95    private:
  96     GURL token_url_;
  97     std::string token_scope_;
  98     base::Callback<void(const std::string& shared_secret)> on_token_validated_;
  99   };
 100
 101  public:
 102   ThirdPartyAuthenticatorTest() {}
 103   virtual ~ThirdPartyAuthenticatorTest() {}
 104
 105  protected:
 106   void InitAuthenticators() {
 107     scoped_ptr<TokenValidator> token_validator(new FakeTokenValidator());
 108     token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get());
 109     host_.reset(new ThirdPartyHostAuthenticator(
 110         host_cert_, key_pair_, token_validator.Pass()));
 111     scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher>
 112         token_fetcher(new FakeTokenFetcher());
 113     token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get());
 114     client_.reset(new ThirdPartyClientAuthenticator(token_fetcher.Pass()));
 115   }
 116
 117   FakeTokenFetcher* token_fetcher_;
 118   FakeTokenValidator* token_validator_;
 119
 120  private:
 121   DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest);
 122 };
 123
 124 // These tests use net::SSLServerSocket which is not implemented for OpenSSL.
 125 #if defined(USE_OPENSSL)
 126 #define MAYBE(x) DISABLED_##x
 127 #else
 128 #define MAYBE(x) x
 129 #endif
 130
 131 TEST_F(ThirdPartyAuthenticatorTest, MAYBE(SuccessfulAuth)) {
 132   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
 133   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
 134   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
 135   ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
 136       kToken, kSharedSecret));
 137   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
 138   ASSERT_NO_FATAL_FAILURE(
 139       token_validator_->OnTokenValidated(kSharedSecret));
 140
 141   // Both sides have finished.
 142   ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
 143   ASSERT_EQ(Authenticator::ACCEPTED, client_->state());
 144
 145   // An authenticated channel can be created after the authentication.
 146   client_auth_ = client_->CreateChannelAuthenticator();
 147   host_auth_ = host_->CreateChannelAuthenticator();
 148   RunChannelAuth(false);
 149
 150   StreamConnectionTester tester(host_socket_.get(), client_socket_.get(),
 151                                 kMessageSize, kMessages);
 152
 153   tester.Start();
 154   message_loop_.Run();
 155   tester.CheckResults();
 156 }
 157
 158 TEST_F(ThirdPartyAuthenticatorTest, MAYBE(ClientNoSecret)) {
 159   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
 160   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
 161   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
 162   ASSERT_NO_FATAL_FAILURE(
 163       token_fetcher_->OnTokenFetched(kToken, std::string()));
 164
 165   // The end result is that the client rejected the connection, since it
 166   // couldn't fetch the secret.
 167   ASSERT_EQ(Authenticator::REJECTED, client_->state());
 168 }
 169
 170 TEST_F(ThirdPartyAuthenticatorTest, MAYBE(InvalidToken)) {
 171   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
 172   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
 173   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
 174   ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
 175       kToken, kSharedSecret));
 176   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
 177   ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated(std::string()));
 178
 179   // The end result is that the host rejected the token.
 180   ASSERT_EQ(Authenticator::REJECTED, host_->state());
 181 }
 182
 183 TEST_F(ThirdPartyAuthenticatorTest, MAYBE(CannotFetchToken)) {
 184   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
 185   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
 186   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
 187   ASSERT_NO_FATAL_FAILURE(
 188       token_fetcher_->OnTokenFetched(std::string(), std::string()));
 189
 190   // The end result is that the client rejected the connection, since it
 191   // couldn't fetch the token.
 192   ASSERT_EQ(Authenticator::REJECTED, client_->state());
 193 }
 194
 195 // Test that negotiation stops when the fake authentication is rejected.
 196 TEST_F(ThirdPartyAuthenticatorTest, MAYBE(HostBadSecret)) {
 197   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
 198   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
 199   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
 200   ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
 201       kToken, kSharedSecret));
 202   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
 203   ASSERT_NO_FATAL_FAILURE(
 204       token_validator_->OnTokenValidated(kSharedSecretBad));
 205
 206   // The end result is that the host rejected the fake authentication.
 207   ASSERT_EQ(Authenticator::REJECTED, client_->state());
 208 }
 209
 210 TEST_F(ThirdPartyAuthenticatorTest, MAYBE(ClientBadSecret)) {
 211   ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
 212   ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
 213   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
 214   ASSERT_NO_FATAL_FAILURE(
 215       token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad));
 216   ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
 217   ASSERT_NO_FATAL_FAILURE(
 218       token_validator_->OnTokenValidated(kSharedSecret));
 219
 220   // The end result is that the host rejected the fake authentication.
 221   ASSERT_EQ(Authenticator::REJECTED, client_->state());
 222 }
 223
 224 }  // namespace protocol
 225 }  // namespace remoting