Popular sites on the NTP: check that experiment group StartsWith (rather than IS...
[chromium-blink-merge.git] / chrome / browser / internal_auth_unittest.cc
blob6f62104d8a0235dc06d63e3b6e37e658d1ebd3fe
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/internal_auth.h"
7 #include <algorithm>
9 #include "base/lazy_instance.h"
10 #include "base/message_loop/message_loop.h"
11 #include "base/time/time.h"
12 #include "testing/gtest/include/gtest/gtest.h"
14 namespace chrome {
16 class InternalAuthTest : public ::testing::Test {
17 public:
18 InternalAuthTest() {
19 long_string_ = "seed";
20 for (int i = 20; i--;)
21 long_string_ += long_string_;
23 ~InternalAuthTest() override {}
25 void SetUp() override {}
27 void TearDown() override {}
29 base::MessageLoop message_loop_;
30 std::string long_string_;
33 TEST_F(InternalAuthTest, BasicGeneration) {
34 std::map<std::string, std::string> map;
35 map["key"] = "value";
36 std::string token = InternalAuthGeneration::GeneratePassport(
37 "zapata", map);
38 ASSERT_GT(token.size(), 10u); // short token is insecure.
40 map["key2"] = "value2";
41 token = InternalAuthGeneration::GeneratePassport("zapata", map);
42 ASSERT_GT(token.size(), 10u);
45 TEST_F(InternalAuthTest, DoubleGeneration) {
46 std::map<std::string, std::string> map;
47 map["key"] = "value";
48 std::string token1 = InternalAuthGeneration::GeneratePassport(
49 "zapata", map);
50 ASSERT_GT(token1.size(), 10u);
52 std::string token2 = InternalAuthGeneration::GeneratePassport(
53 "zapata", map);
54 ASSERT_GT(token2.size(), 10u);
55 // tokens are different even if credentials coincide.
56 ASSERT_NE(token1, token2);
59 TEST_F(InternalAuthTest, BadGeneration) {
60 std::map<std::string, std::string> map;
61 map["key"] = "value";
62 // Trying huge domain.
63 std::string token = InternalAuthGeneration::GeneratePassport(
64 long_string_, map);
65 ASSERT_TRUE(token.empty());
66 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
67 token, long_string_, map));
69 // Trying empty domain.
70 token = InternalAuthGeneration::GeneratePassport(std::string(), map);
71 ASSERT_TRUE(token.empty());
72 ASSERT_FALSE(
73 InternalAuthVerification::VerifyPassport(token, std::string(), map));
75 std::string dummy("abcdefghij");
76 for (size_t i = 1000; i--;) {
77 std::string key = dummy;
78 std::next_permutation(dummy.begin(), dummy.end());
79 std::string value = dummy;
80 std::next_permutation(dummy.begin(), dummy.end());
81 map[key] = value;
83 // Trying huge var=value map.
84 token = InternalAuthGeneration::GeneratePassport("zapata", map);
85 ASSERT_TRUE(token.empty());
86 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
88 map.clear();
89 map[std::string()] = "value";
90 // Trying empty key.
91 token = InternalAuthGeneration::GeneratePassport("zapata", map);
92 ASSERT_TRUE(token.empty());
93 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
96 TEST_F(InternalAuthTest, BasicVerification) {
97 std::map<std::string, std::string> map;
98 map["key"] = "value";
99 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
100 ASSERT_GT(token.size(), 10u);
101 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
102 // Passport can not be reused.
103 for (int i = 1000; i--;) {
104 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
105 token, "zapata", map));
109 TEST_F(InternalAuthTest, BruteForce) {
110 std::map<std::string, std::string> map;
111 map["key"] = "value";
112 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
113 ASSERT_GT(token.size(), 10u);
115 // Trying bruteforce.
116 std::string dummy = token;
117 for (size_t i = 100; i--;) {
118 std::next_permutation(dummy.begin(), dummy.end());
119 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
120 dummy, "zapata", map));
122 dummy = token;
123 for (size_t i = 100; i--;) {
124 std::next_permutation(dummy.begin(), dummy.begin() + dummy.size() / 2);
125 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
126 dummy, "zapata", map));
128 // We brute forced just too little, so original token must not expire yet.
129 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
132 TEST_F(InternalAuthTest, ExpirationAndBruteForce) {
133 int kCustomVerificationWindow = 2;
134 InternalAuthVerification::set_verification_window_seconds(
135 kCustomVerificationWindow);
137 std::map<std::string, std::string> map;
138 map["key"] = "value";
139 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
140 ASSERT_GT(token.size(), 10u);
142 // We want to test token expiration, so we need to wait some amount of time,
143 // so we are brute-forcing during this time.
144 base::Time timestamp = base::Time::Now();
145 std::string dummy1 = token;
146 std::string dummy2 = token;
147 for (;;) {
148 for (size_t i = 100; i--;) {
149 std::next_permutation(dummy1.begin(), dummy1.end());
150 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
151 dummy1, "zapata", map));
153 for (size_t i = 100; i--;) {
154 std::next_permutation(dummy2.begin(), dummy2.begin() + dummy2.size() / 2);
155 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(
156 dummy2, "zapata", map));
158 if (base::Time::Now() - timestamp > base::TimeDelta::FromSeconds(
159 kCustomVerificationWindow + 1)) {
160 break;
163 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
164 // Reset verification window to default.
165 InternalAuthVerification::set_verification_window_seconds(0);
168 TEST_F(InternalAuthTest, ChangeKey) {
169 std::map<std::string, std::string> map;
170 map["key"] = "value";
171 std::string token = InternalAuthGeneration::GeneratePassport("zapata", map);
172 ASSERT_GT(token.size(), 10u);
174 InternalAuthGeneration::GenerateNewKey();
175 // Passport should survive key change.
176 ASSERT_TRUE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
178 token = InternalAuthGeneration::GeneratePassport("zapata", map);
179 ASSERT_GT(token.size(), 10u);
180 for (int i = 20; i--;)
181 InternalAuthGeneration::GenerateNewKey();
182 // Passport should not survive series of key changes.
183 ASSERT_FALSE(InternalAuthVerification::VerifyPassport(token, "zapata", map));
186 } // namespace chrome