Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / remoting / protocol / third_party_authenticator_unittest.cc
blob9f6dde1dee4a98ba3670b6ae3d604c88d916ddcd
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/bind.h"
6 #include "base/callback_helpers.h"
7 #include "net/base/net_errors.h"
8 #include "remoting/base/rsa_key_pair.h"
9 #include "remoting/protocol/authenticator_test_base.h"
10 #include "remoting/protocol/channel_authenticator.h"
11 #include "remoting/protocol/connection_tester.h"
12 #include "remoting/protocol/fake_authenticator.h"
13 #include "remoting/protocol/third_party_authenticator_base.h"
14 #include "remoting/protocol/third_party_client_authenticator.h"
15 #include "remoting/protocol/third_party_host_authenticator.h"
16 #include "remoting/protocol/token_validator.h"
17 #include "testing/gmock/include/gmock/gmock.h"
18 #include "testing/gtest/include/gtest/gtest.h"
19 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
21 using testing::_;
22 using testing::DeleteArg;
23 using testing::SaveArg;
25 namespace {
27 const int kMessageSize = 100;
28 const int kMessages = 1;
30 const char kTokenUrl[] = "https://example.com/Issue";
31 const char kTokenScope[] = "host:a@b.com/1 client:a@b.com/2";
32 const char kToken[] = "abc123456xyz789";
33 const char kSharedSecret[] = "1234-1234-5678";
34 const char kSharedSecretBad[] = "0000-0000-0001";
36 } // namespace
38 namespace remoting {
39 namespace protocol {
41 class ThirdPartyAuthenticatorTest : public AuthenticatorTestBase {
42 class FakeTokenFetcher : public ThirdPartyClientAuthenticator::TokenFetcher {
43 public:
44 void FetchThirdPartyToken(
45 const GURL& token_url,
46 const std::string& scope,
47 const TokenFetchedCallback& token_fetched_callback) override {
48 ASSERT_EQ(token_url.spec(), kTokenUrl);
49 ASSERT_EQ(scope, kTokenScope);
50 ASSERT_FALSE(token_fetched_callback.is_null());
51 on_token_fetched_ = token_fetched_callback;
54 void OnTokenFetched(const std::string& token,
55 const std::string& shared_secret) {
56 ASSERT_FALSE(on_token_fetched_.is_null());
57 base::ResetAndReturn(&on_token_fetched_).Run(token, shared_secret);
60 private:
61 TokenFetchedCallback on_token_fetched_;
64 class FakeTokenValidator : public TokenValidator {
65 public:
66 FakeTokenValidator()
67 : token_url_(kTokenUrl),
68 token_scope_(kTokenScope) {}
70 ~FakeTokenValidator() override {}
72 void ValidateThirdPartyToken(
73 const std::string& token,
74 const TokenValidatedCallback& token_validated_callback) override {
75 ASSERT_FALSE(token_validated_callback.is_null());
76 on_token_validated_ = token_validated_callback;
79 void OnTokenValidated(const std::string& shared_secret) {
80 ASSERT_FALSE(on_token_validated_.is_null());
81 base::ResetAndReturn(&on_token_validated_).Run(shared_secret);
84 const GURL& token_url() const override { return token_url_; }
86 const std::string& token_scope() const override { return token_scope_; }
88 private:
89 GURL token_url_;
90 std::string token_scope_;
91 base::Callback<void(const std::string& shared_secret)> on_token_validated_;
94 public:
95 ThirdPartyAuthenticatorTest() {}
96 ~ThirdPartyAuthenticatorTest() override {}
98 protected:
99 void InitAuthenticators() {
100 scoped_ptr<TokenValidator> token_validator(new FakeTokenValidator());
101 token_validator_ = static_cast<FakeTokenValidator*>(token_validator.get());
102 host_.reset(new ThirdPartyHostAuthenticator(
103 host_cert_, key_pair_, token_validator.Pass()));
104 scoped_ptr<ThirdPartyClientAuthenticator::TokenFetcher>
105 token_fetcher(new FakeTokenFetcher());
106 token_fetcher_ = static_cast<FakeTokenFetcher*>(token_fetcher.get());
107 client_.reset(new ThirdPartyClientAuthenticator(token_fetcher.Pass()));
110 FakeTokenFetcher* token_fetcher_;
111 FakeTokenValidator* token_validator_;
113 private:
114 DISALLOW_COPY_AND_ASSIGN(ThirdPartyAuthenticatorTest);
117 TEST_F(ThirdPartyAuthenticatorTest, SuccessfulAuth) {
118 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
119 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
120 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
121 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
122 kToken, kSharedSecret));
123 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
124 ASSERT_NO_FATAL_FAILURE(
125 token_validator_->OnTokenValidated(kSharedSecret));
127 // Both sides have finished.
128 ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
129 ASSERT_EQ(Authenticator::ACCEPTED, client_->state());
131 // An authenticated channel can be created after the authentication.
132 client_auth_ = client_->CreateChannelAuthenticator();
133 host_auth_ = host_->CreateChannelAuthenticator();
134 RunChannelAuth(false);
136 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(),
137 kMessageSize, kMessages);
139 tester.Start();
140 message_loop_.Run();
141 tester.CheckResults();
144 TEST_F(ThirdPartyAuthenticatorTest, ClientNoSecret) {
145 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
146 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
147 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
148 ASSERT_NO_FATAL_FAILURE(
149 token_fetcher_->OnTokenFetched(kToken, std::string()));
151 // The end result is that the client rejected the connection, since it
152 // couldn't fetch the secret.
153 ASSERT_EQ(Authenticator::REJECTED, client_->state());
156 TEST_F(ThirdPartyAuthenticatorTest, InvalidToken) {
157 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
158 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
159 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
160 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
161 kToken, kSharedSecret));
162 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
163 ASSERT_NO_FATAL_FAILURE(token_validator_->OnTokenValidated(std::string()));
165 // The end result is that the host rejected the token.
166 ASSERT_EQ(Authenticator::REJECTED, host_->state());
169 TEST_F(ThirdPartyAuthenticatorTest, CannotFetchToken) {
170 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
171 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
172 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
173 ASSERT_NO_FATAL_FAILURE(
174 token_fetcher_->OnTokenFetched(std::string(), std::string()));
176 // The end result is that the client rejected the connection, since it
177 // couldn't fetch the token.
178 ASSERT_EQ(Authenticator::REJECTED, client_->state());
181 // Test that negotiation stops when the fake authentication is rejected.
182 TEST_F(ThirdPartyAuthenticatorTest, HostBadSecret) {
183 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
184 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
185 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
186 ASSERT_NO_FATAL_FAILURE(token_fetcher_->OnTokenFetched(
187 kToken, kSharedSecret));
188 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
189 ASSERT_NO_FATAL_FAILURE(
190 token_validator_->OnTokenValidated(kSharedSecretBad));
192 // The end result is that the host rejected the fake authentication.
193 ASSERT_EQ(Authenticator::REJECTED, client_->state());
196 TEST_F(ThirdPartyAuthenticatorTest, ClientBadSecret) {
197 ASSERT_NO_FATAL_FAILURE(InitAuthenticators());
198 ASSERT_NO_FATAL_FAILURE(RunHostInitiatedAuthExchange());
199 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, client_->state());
200 ASSERT_NO_FATAL_FAILURE(
201 token_fetcher_->OnTokenFetched(kToken, kSharedSecretBad));
202 ASSERT_EQ(Authenticator::PROCESSING_MESSAGE, host_->state());
203 ASSERT_NO_FATAL_FAILURE(
204 token_validator_->OnTokenValidated(kSharedSecret));
206 // The end result is that the host rejected the fake authentication.
207 ASSERT_EQ(Authenticator::REJECTED, client_->state());
210 } // namespace protocol
211 } // namespace remoting