1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
7 #include "base/base64.h"
9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h"
11 #include "base/message_loop/message_loop.h"
12 #include "base/test/test_timeouts.h"
13 #include "base/timer/timer.h"
14 #include "crypto/rsa_private_key.h"
15 #include "net/base/net_errors.h"
16 #include "net/base/test_data_directory.h"
17 #include "remoting/base/rsa_key_pair.h"
18 #include "remoting/protocol/connection_tester.h"
19 #include "remoting/protocol/fake_session.h"
20 #include "testing/gmock/include/gmock/gmock.h"
21 #include "testing/gtest/include/gtest/gtest.h"
22 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
25 using testing::NotNull
;
26 using testing::SaveArg
;
33 const char kTestSharedSecret
[] = "1234-1234-5678";
34 const char kTestSharedSecretBad
[] = "0000-0000-0001";
36 class MockChannelDoneCallback
{
38 MOCK_METHOD2(OnDone
, void(int error
, net::StreamSocket
* socket
));
41 ACTION_P(QuitThreadOnCounter
, counter
) {
43 EXPECT_GE(*counter
, 0);
45 base::MessageLoop::current()->Quit();
50 class SslHmacChannelAuthenticatorTest
: public testing::Test
{
52 SslHmacChannelAuthenticatorTest() {}
53 ~SslHmacChannelAuthenticatorTest() override
{}
56 void SetUp() override
{
57 base::FilePath
certs_dir(net::GetTestCertsDirectory());
59 base::FilePath cert_path
= certs_dir
.AppendASCII("unittest.selfsigned.der");
60 ASSERT_TRUE(base::ReadFileToString(cert_path
, &host_cert_
));
62 base::FilePath key_path
= certs_dir
.AppendASCII("unittest.key.bin");
63 std::string key_string
;
64 ASSERT_TRUE(base::ReadFileToString(key_path
, &key_string
));
65 std::string key_base64
;
66 base::Base64Encode(key_string
, &key_base64
);
67 key_pair_
= RsaKeyPair::FromString(key_base64
);
68 ASSERT_TRUE(key_pair_
.get());
71 void RunChannelAuth(bool expected_fail
) {
72 client_fake_socket_
.reset(new FakeStreamSocket());
73 host_fake_socket_
.reset(new FakeStreamSocket());
74 client_fake_socket_
->PairWith(host_fake_socket_
.get());
76 client_auth_
->SecureAndAuthenticate(
77 client_fake_socket_
.Pass(),
78 base::Bind(&SslHmacChannelAuthenticatorTest::OnClientConnected
,
79 base::Unretained(this)));
81 host_auth_
->SecureAndAuthenticate(
82 host_fake_socket_
.Pass(),
83 base::Bind(&SslHmacChannelAuthenticatorTest::OnHostConnected
,
84 base::Unretained(this), std::string("ref argument value")));
86 // Expect two callbacks to be called - the client callback and the host
88 int callback_counter
= 2;
91 EXPECT_CALL(client_callback_
, OnDone(net::ERR_FAILED
, nullptr))
92 .WillOnce(QuitThreadOnCounter(&callback_counter
));
93 EXPECT_CALL(host_callback_
, OnDone(net::ERR_FAILED
, nullptr))
94 .WillOnce(QuitThreadOnCounter(&callback_counter
));
96 EXPECT_CALL(client_callback_
, OnDone(net::OK
, NotNull()))
97 .WillOnce(QuitThreadOnCounter(&callback_counter
));
98 EXPECT_CALL(host_callback_
, OnDone(net::OK
, NotNull()))
99 .WillOnce(QuitThreadOnCounter(&callback_counter
));
102 // Ensure that .Run() does not run unbounded if the callbacks are never
104 base::Timer
shutdown_timer(false, false);
105 shutdown_timer
.Start(FROM_HERE
,
106 TestTimeouts::action_timeout(),
107 base::MessageLoop::QuitClosure());
111 void OnHostConnected(const std::string
& ref_argument
,
113 scoped_ptr
<net::StreamSocket
> socket
) {
114 // Try deleting the authenticator and verify that this doesn't destroy
115 // reference parameters.
117 DCHECK_EQ(ref_argument
, "ref argument value");
119 host_callback_
.OnDone(error
, socket
.get());
120 host_socket_
= socket
.Pass();
123 void OnClientConnected(int error
, scoped_ptr
<net::StreamSocket
> socket
) {
124 client_auth_
.reset();
125 client_callback_
.OnDone(error
, socket
.get());
126 client_socket_
= socket
.Pass();
129 base::MessageLoop message_loop_
;
131 scoped_refptr
<RsaKeyPair
> key_pair_
;
132 std::string host_cert_
;
133 scoped_ptr
<FakeStreamSocket
> client_fake_socket_
;
134 scoped_ptr
<FakeStreamSocket
> host_fake_socket_
;
135 scoped_ptr
<ChannelAuthenticator
> client_auth_
;
136 scoped_ptr
<ChannelAuthenticator
> host_auth_
;
137 MockChannelDoneCallback client_callback_
;
138 MockChannelDoneCallback host_callback_
;
139 scoped_ptr
<net::StreamSocket
> client_socket_
;
140 scoped_ptr
<net::StreamSocket
> host_socket_
;
142 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticatorTest
);
145 // Verify that a channel can be connected using a valid shared secret.
146 TEST_F(SslHmacChannelAuthenticatorTest
, SuccessfulAuth
) {
147 client_auth_
= SslHmacChannelAuthenticator::CreateForClient(
148 host_cert_
, kTestSharedSecret
);
149 host_auth_
= SslHmacChannelAuthenticator::CreateForHost(
150 host_cert_
, key_pair_
, kTestSharedSecret
);
152 RunChannelAuth(false);
154 ASSERT_TRUE(client_socket_
.get() != nullptr);
155 ASSERT_TRUE(host_socket_
.get() != nullptr);
157 StreamConnectionTester
tester(host_socket_
.get(), client_socket_
.get(),
162 tester
.CheckResults();
165 // Verify that channels cannot be using invalid shared secret.
166 TEST_F(SslHmacChannelAuthenticatorTest
, InvalidChannelSecret
) {
167 client_auth_
= SslHmacChannelAuthenticator::CreateForClient(
168 host_cert_
, kTestSharedSecretBad
);
169 host_auth_
= SslHmacChannelAuthenticator::CreateForHost(
170 host_cert_
, key_pair_
, kTestSharedSecret
);
172 RunChannelAuth(true);
174 ASSERT_TRUE(host_socket_
.get() == nullptr);
177 } // namespace protocol
178 } // namespace remoting
