1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
6 #include "net/base/net_errors.h"
7 #include "remoting/base/rsa_key_pair.h"
8 #include "remoting/protocol/authenticator_test_base.h"
9 #include "remoting/protocol/channel_authenticator.h"
10 #include "remoting/protocol/connection_tester.h"
11 #include "remoting/protocol/fake_authenticator.h"
12 #include "remoting/protocol/third_party_authenticator_base.h"
13 #include "remoting/protocol/third_party_client_authenticator.h"
14 #include "remoting/protocol/third_party_host_authenticator.h"
15 #include "remoting/protocol/token_validator.h"
16 #include "testing/gmock/include/gmock/gmock.h"
17 #include "testing/gtest/include/gtest/gtest.h"
18 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
21 using testing::DeleteArg
;
22 using testing::SaveArg
;
26 const int kMessageSize
= 100;
27 const int kMessages
= 1;
29 const char kTokenUrl
[] = "https://example.com/Issue";
30 const char kTokenScope
[] = "host:a@b.com/1 client:a@b.com/2";
31 const char kToken
[] = "abc123456xyz789";
32 const char kSharedSecret
[] = "1234-1234-5678";
33 const char kSharedSecretBad
[] = "0000-0000-0001";
40 class ThirdPartyAuthenticatorTest
: public AuthenticatorTestBase
{
41 class FakeTokenFetcher
: public ThirdPartyClientAuthenticator::TokenFetcher
{
43 void FetchThirdPartyToken(
44 const GURL
& token_url
,
45 const std::string
& scope
,
46 const TokenFetchedCallback
& token_fetched_callback
) override
{
47 ASSERT_EQ(token_url
.spec(), kTokenUrl
);
48 ASSERT_EQ(scope
, kTokenScope
);
49 ASSERT_FALSE(token_fetched_callback
.is_null());
50 on_token_fetched_
= token_fetched_callback
;
53 void OnTokenFetched(const std::string
& token
,
54 const std::string
& shared_secret
) {
55 ASSERT_FALSE(on_token_fetched_
.is_null());
56 TokenFetchedCallback on_token_fetched
= on_token_fetched_
;
57 on_token_fetched_
.Reset();
58 on_token_fetched
.Run(token
, shared_secret
);
62 TokenFetchedCallback on_token_fetched_
;
65 class FakeTokenValidator
: public TokenValidator
{
68 : token_url_(kTokenUrl
),
69 token_scope_(kTokenScope
) {}
71 ~FakeTokenValidator() override
{}
73 void ValidateThirdPartyToken(
74 const std::string
& token
,
75 const TokenValidatedCallback
& token_validated_callback
) override
{
76 ASSERT_FALSE(token_validated_callback
.is_null());
77 on_token_validated_
= token_validated_callback
;
80 void OnTokenValidated(const std::string
& shared_secret
) {
81 ASSERT_FALSE(on_token_validated_
.is_null());
82 TokenValidatedCallback on_token_validated
= on_token_validated_
;
83 on_token_validated_
.Reset();
84 on_token_validated
.Run(shared_secret
);
87 const GURL
& token_url() const override
{ return token_url_
; }
89 const std::string
& token_scope() const override
{ return token_scope_
; }
93 std::string token_scope_
;
94 base::Callback
<void(const std::string
& shared_secret
)> on_token_validated_
;
98 ThirdPartyAuthenticatorTest() {}
99 ~ThirdPartyAuthenticatorTest() override
{}
102 void InitAuthenticators() {
103 scoped_ptr
<TokenValidator
> token_validator(new FakeTokenValidator());
104 token_validator_
= static_cast<FakeTokenValidator
*>(token_validator
.get());
105 host_
.reset(new ThirdPartyHostAuthenticator(
106 host_cert_
, key_pair_
, token_validator
.Pass()));
107 scoped_ptr
<ThirdPartyClientAuthenticator::TokenFetcher
>
108 token_fetcher(new FakeTokenFetcher());
109 token_fetcher_
= static_cast<FakeTokenFetcher
*>(token_fetcher
.get());
110 client_
.reset(new ThirdPartyClientAuthenticator(token_fetcher
.Pass()));
113 FakeTokenFetcher
* token_fetcher_
;
114 FakeTokenValidator
* token_validator_
;
117 DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest
);
120 TEST_F(ThirdPartyAuthenticatorTest
, SuccessfulAuth
) {
121 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
122 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
123 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, client_
->state());
124 ASSERT_NO_FATAL_FAILURE(token_fetcher_
->OnTokenFetched(
125 kToken
, kSharedSecret
));
126 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, host_
->state());
127 ASSERT_NO_FATAL_FAILURE(
128 token_validator_
->OnTokenValidated(kSharedSecret
));
130 // Both sides have finished.
131 ASSERT_EQ(Authenticator::ACCEPTED
, host_
->state());
132 ASSERT_EQ(Authenticator::ACCEPTED
, client_
->state());
134 // An authenticated channel can be created after the authentication.
135 client_auth_
= client_
->CreateChannelAuthenticator();
136 host_auth_
= host_
->CreateChannelAuthenticator();
137 RunChannelAuth(false);
139 StreamConnectionTester
tester(host_socket_
.get(), client_socket_
.get(),
140 kMessageSize
, kMessages
);
144 tester
.CheckResults();
147 TEST_F(ThirdPartyAuthenticatorTest
, ClientNoSecret
) {
148 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
149 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
150 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, client_
->state());
151 ASSERT_NO_FATAL_FAILURE(
152 token_fetcher_
->OnTokenFetched(kToken
, std::string()));
154 // The end result is that the client rejected the connection, since it
155 // couldn't fetch the secret.
156 ASSERT_EQ(Authenticator::REJECTED
, client_
->state());
159 TEST_F(ThirdPartyAuthenticatorTest
, InvalidToken
) {
160 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
161 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
162 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, client_
->state());
163 ASSERT_NO_FATAL_FAILURE(token_fetcher_
->OnTokenFetched(
164 kToken
, kSharedSecret
));
165 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, host_
->state());
166 ASSERT_NO_FATAL_FAILURE(token_validator_
->OnTokenValidated(std::string()));
168 // The end result is that the host rejected the token.
169 ASSERT_EQ(Authenticator::REJECTED
, host_
->state());
172 TEST_F(ThirdPartyAuthenticatorTest
, CannotFetchToken
) {
173 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
174 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
175 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, client_
->state());
176 ASSERT_NO_FATAL_FAILURE(
177 token_fetcher_
->OnTokenFetched(std::string(), std::string()));
179 // The end result is that the client rejected the connection, since it
180 // couldn't fetch the token.
181 ASSERT_EQ(Authenticator::REJECTED
, client_
->state());
184 // Test that negotiation stops when the fake authentication is rejected.
185 TEST_F(ThirdPartyAuthenticatorTest
, HostBadSecret
) {
186 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
187 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
188 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, client_
->state());
189 ASSERT_NO_FATAL_FAILURE(token_fetcher_
->OnTokenFetched(
190 kToken
, kSharedSecret
));
191 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, host_
->state());
192 ASSERT_NO_FATAL_FAILURE(
193 token_validator_
->OnTokenValidated(kSharedSecretBad
));
195 // The end result is that the host rejected the fake authentication.
196 ASSERT_EQ(Authenticator::REJECTED
, client_
->state());
199 TEST_F(ThirdPartyAuthenticatorTest
, ClientBadSecret
) {
200 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
201 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
202 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, client_
->state());
203 ASSERT_NO_FATAL_FAILURE(
204 token_fetcher_
->OnTokenFetched(kToken
, kSharedSecretBad
));
205 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE
, host_
->state());
206 ASSERT_NO_FATAL_FAILURE(
207 token_validator_
->OnTokenValidated(kSharedSecret
));
209 // The end result is that the host rejected the fake authentication.
210 ASSERT_EQ(Authenticator::REJECTED
, client_
->state());
213 } // namespace protocol
214 } // namespace remoting
