net/http/http_auth_sspi_win_unittest.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/basictypes.h"
   6 #include "net/base/net_errors.h"
   7 #include "net/http/http_auth_challenge_tokenizer.h"
   8 #include "net/http/http_auth_sspi_win.h"
   9 #include "net/http/mock_sspi_library_win.h"
  10 #include "testing/gtest/include/gtest/gtest.h"
  11
  12 namespace net {
  13
  14 namespace {
  15
  16 void MatchDomainUserAfterSplit(const std::wstring& combined,
  17                                const std::wstring& expected_domain,
  18                                const std::wstring& expected_user) {
  19   std::wstring actual_domain;
  20   std::wstring actual_user;
  21   SplitDomainAndUser(combined, &actual_domain, &actual_user);
  22   EXPECT_EQ(expected_domain, actual_domain);
  23   EXPECT_EQ(expected_user, actual_user);
  24 }
  25
  26 const ULONG kMaxTokenLength = 100;
  27
  28 }  // namespace
  29
  30 TEST(HttpAuthSSPITest, SplitUserAndDomain) {
  31   MatchDomainUserAfterSplit(L"foobar", L"", L"foobar");
  32   MatchDomainUserAfterSplit(L"FOO\\bar", L"FOO", L"bar");
  33 }
  34
  35 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_Normal) {
  36   SecPkgInfoW package_info;
  37   memset(&package_info, 0x0, sizeof(package_info));
  38   package_info.cbMaxToken = 1337;
  39
  40   MockSSPILibrary mock_library;
  41   mock_library.ExpectQuerySecurityPackageInfo(L"NTLM", SEC_E_OK, &package_info);
  42   ULONG max_token_length = kMaxTokenLength;
  43   int rv = DetermineMaxTokenLength(&mock_library, L"NTLM", &max_token_length);
  44   EXPECT_EQ(OK, rv);
  45   EXPECT_EQ(1337, max_token_length);
  46 }
  47
  48 TEST(HttpAuthSSPITest, DetermineMaxTokenLength_InvalidPackage) {
  49   MockSSPILibrary mock_library;
  50   mock_library.ExpectQuerySecurityPackageInfo(L"Foo", SEC_E_SECPKG_NOT_FOUND,
  51                                               NULL);
  52   ULONG max_token_length = kMaxTokenLength;
  53   int rv = DetermineMaxTokenLength(&mock_library, L"Foo", &max_token_length);
  54   EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
  55   // |DetermineMaxTokenLength()| interface states that |max_token_length| should
  56   // not change on failure.
  57   EXPECT_EQ(100, max_token_length);
  58 }
  59
  60 TEST(HttpAuthSSPITest, ParseChallenge_FirstRound) {
  61   // The first round should just consist of an unadorned "Negotiate" header.
  62   MockSSPILibrary mock_library;
  63   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
  64                          NEGOSSP_NAME, kMaxTokenLength);
  65   std::string challenge_text = "Negotiate";
  66   HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
  67                                        challenge_text.end());
  68   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
  69             auth_sspi.ParseChallenge(&challenge));
  70 }
  71
  72 TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) {
  73   // The first round should just have "Negotiate", and the second round should
  74   // have a valid base64 token associated with it.
  75   MockSSPILibrary mock_library;
  76   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
  77                          NEGOSSP_NAME, kMaxTokenLength);
  78   std::string first_challenge_text = "Negotiate";
  79   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
  80                                              first_challenge_text.end());
  81   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
  82             auth_sspi.ParseChallenge(&first_challenge));
  83
  84   // Generate an auth token and create another thing.
  85   std::string auth_token;
  86   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
  87                                             &auth_token));
  88
  89   std::string second_challenge_text = "Negotiate Zm9vYmFy";
  90   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
  91                                               second_challenge_text.end());
  92   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
  93             auth_sspi.ParseChallenge(&second_challenge));
  94 }
  95
  96 TEST(HttpAuthSSPITest, ParseChallenge_UnexpectedTokenFirstRound) {
  97   // If the first round challenge has an additional authentication token, it
  98   // should be treated as an invalid challenge from the server.
  99   MockSSPILibrary mock_library;
 100   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
 101                          NEGOSSP_NAME, kMaxTokenLength);
 102   std::string challenge_text = "Negotiate Zm9vYmFy";
 103   HttpAuthChallengeTokenizer challenge(challenge_text.begin(),
 104                                        challenge_text.end());
 105   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
 106             auth_sspi.ParseChallenge(&challenge));
 107 }
 108
 109 TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) {
 110   // If a later-round challenge is simply "Negotiate", it should be treated as
 111   // an authentication challenge rejection from the server or proxy.
 112   MockSSPILibrary mock_library;
 113   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
 114                          NEGOSSP_NAME, kMaxTokenLength);
 115   std::string first_challenge_text = "Negotiate";
 116   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
 117                                              first_challenge_text.end());
 118   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
 119             auth_sspi.ParseChallenge(&first_challenge));
 120
 121   std::string auth_token;
 122   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
 123                                             &auth_token));
 124   std::string second_challenge_text = "Negotiate";
 125   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
 126                                               second_challenge_text.end());
 127   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT,
 128             auth_sspi.ParseChallenge(&second_challenge));
 129 }
 130
 131 TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) {
 132   // If a later-round challenge has an invalid base64 encoded token, it should
 133   // be treated as an invalid challenge.
 134   MockSSPILibrary mock_library;
 135   HttpAuthSSPI auth_sspi(&mock_library, "Negotiate",
 136                          NEGOSSP_NAME, kMaxTokenLength);
 137   std::string first_challenge_text = "Negotiate";
 138   HttpAuthChallengeTokenizer first_challenge(first_challenge_text.begin(),
 139                                              first_challenge_text.end());
 140   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT,
 141             auth_sspi.ParseChallenge(&first_challenge));
 142
 143   std::string auth_token;
 144   EXPECT_EQ(OK, auth_sspi.GenerateAuthToken(NULL, "HTTP/intranet.google.com",
 145                                             &auth_token));
 146   std::string second_challenge_text = "Negotiate =happyjoy=";
 147   HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(),
 148                                               second_challenge_text.end());
 149   EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID,
 150             auth_sspi.ParseChallenge(&second_challenge));
 151 }
 152
 153 }  // namespace net