remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
   6
   7 #include "base/base64.h"
   8 #include "base/bind.h"
   9 #include "base/files/file_path.h"
  10 #include "base/files/file_util.h"
  11 #include "base/message_loop/message_loop.h"
  12 #include "base/test/test_timeouts.h"
  13 #include "base/timer/timer.h"
  14 #include "crypto/rsa_private_key.h"
  15 #include "net/base/net_errors.h"
  16 #include "net/base/test_data_directory.h"
  17 #include "net/test/cert_test_util.h"
  18 #include "remoting/base/rsa_key_pair.h"
  19 #include "remoting/protocol/connection_tester.h"
  20 #include "remoting/protocol/fake_session.h"
  21 #include "testing/gmock/include/gmock/gmock.h"
  22 #include "testing/gtest/include/gtest/gtest.h"
  23 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h"
  24
  25 using testing::_;
  26 using testing::NotNull;
  27 using testing::SaveArg;
  28
  29 namespace remoting {
  30 namespace protocol {
  31
  32 namespace {
  33
  34 const char kTestSharedSecret[] = "1234-1234-5678";
  35 const char kTestSharedSecretBad[] = "0000-0000-0001";
  36
  37 class MockChannelDoneCallback {
  38  public:
  39   MOCK_METHOD2(OnDone, void(int error, net::StreamSocket* socket));
  40 };
  41
  42 ACTION_P(QuitThreadOnCounter, counter) {
  43   --(*counter);
  44   EXPECT_GE(*counter, 0);
  45   if (*counter == 0)
  46     base::MessageLoop::current()->Quit();
  47 }
  48
  49 }  // namespace
  50
  51 class SslHmacChannelAuthenticatorTest : public testing::Test {
  52  public:
  53   SslHmacChannelAuthenticatorTest() {}
  54   ~SslHmacChannelAuthenticatorTest() override {}
  55
  56  protected:
  57   void SetUp() override {
  58     base::FilePath certs_dir(net::GetTestCertsDirectory());
  59
  60     base::FilePath cert_path = certs_dir.AppendASCII("unittest.selfsigned.der");
  61     ASSERT_TRUE(base::ReadFileToString(cert_path, &host_cert_));
  62
  63     base::FilePath key_path = certs_dir.AppendASCII("unittest.key.bin");
  64     std::string key_string;
  65     ASSERT_TRUE(base::ReadFileToString(key_path, &key_string));
  66     std::string key_base64;
  67     base::Base64Encode(key_string, &key_base64);
  68     key_pair_ = RsaKeyPair::FromString(key_base64);
  69     ASSERT_TRUE(key_pair_.get());
  70   }
  71
  72   void RunChannelAuth(int expected_client_error, int expected_host_error) {
  73     client_fake_socket_.reset(new FakeStreamSocket());
  74     host_fake_socket_.reset(new FakeStreamSocket());
  75     client_fake_socket_->PairWith(host_fake_socket_.get());
  76
  77     client_auth_->SecureAndAuthenticate(
  78         client_fake_socket_.Pass(),
  79         base::Bind(&SslHmacChannelAuthenticatorTest::OnClientConnected,
  80                    base::Unretained(this)));
  81
  82     host_auth_->SecureAndAuthenticate(
  83         host_fake_socket_.Pass(),
  84         base::Bind(&SslHmacChannelAuthenticatorTest::OnHostConnected,
  85                    base::Unretained(this), std::string("ref argument value")));
  86
  87     // Expect two callbacks to be called - the client callback and the host
  88     // callback.
  89     int callback_counter = 2;
  90
  91     if (expected_client_error != net::OK) {
  92       EXPECT_CALL(client_callback_, OnDone(expected_client_error, nullptr))
  93           .WillOnce(QuitThreadOnCounter(&callback_counter));
  94     } else {
  95       EXPECT_CALL(client_callback_, OnDone(net::OK, NotNull()))
  96           .WillOnce(QuitThreadOnCounter(&callback_counter));
  97     }
  98
  99     if (expected_host_error != net::OK) {
 100       EXPECT_CALL(host_callback_, OnDone(expected_host_error, nullptr))
 101           .WillOnce(QuitThreadOnCounter(&callback_counter));
 102     } else {
 103       EXPECT_CALL(host_callback_, OnDone(net::OK, NotNull()))
 104           .WillOnce(QuitThreadOnCounter(&callback_counter));
 105     }
 106
 107     // Ensure that .Run() does not run unbounded if the callbacks are never
 108     // called.
 109     base::Timer shutdown_timer(false, false);
 110     shutdown_timer.Start(FROM_HERE,
 111                          TestTimeouts::action_timeout(),
 112                          base::MessageLoop::QuitClosure());
 113     message_loop_.Run();
 114   }
 115
 116   void OnHostConnected(const std::string& ref_argument,
 117                        int error,
 118                        scoped_ptr<net::StreamSocket> socket) {
 119     // Try deleting the authenticator and verify that this doesn't destroy
 120     // reference parameters.
 121     host_auth_.reset();
 122     DCHECK_EQ(ref_argument, "ref argument value");
 123
 124     host_callback_.OnDone(error, socket.get());
 125     host_socket_ = socket.Pass();
 126   }
 127
 128   void OnClientConnected(int error, scoped_ptr<net::StreamSocket> socket) {
 129     client_auth_.reset();
 130     client_callback_.OnDone(error, socket.get());
 131     client_socket_ = socket.Pass();
 132   }
 133
 134   base::MessageLoop message_loop_;
 135
 136   scoped_refptr<RsaKeyPair> key_pair_;
 137   std::string host_cert_;
 138   scoped_ptr<FakeStreamSocket> client_fake_socket_;
 139   scoped_ptr<FakeStreamSocket> host_fake_socket_;
 140   scoped_ptr<ChannelAuthenticator> client_auth_;
 141   scoped_ptr<ChannelAuthenticator> host_auth_;
 142   MockChannelDoneCallback client_callback_;
 143   MockChannelDoneCallback host_callback_;
 144   scoped_ptr<net::StreamSocket> client_socket_;
 145   scoped_ptr<net::StreamSocket> host_socket_;
 146
 147   DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticatorTest);
 148 };
 149
 150 // Verify that a channel can be connected using a valid shared secret.
 151 TEST_F(SslHmacChannelAuthenticatorTest, SuccessfulAuth) {
 152   client_auth_ = SslHmacChannelAuthenticator::CreateForClient(
 153       host_cert_, kTestSharedSecret);
 154   host_auth_ = SslHmacChannelAuthenticator::CreateForHost(
 155       host_cert_, key_pair_, kTestSharedSecret);
 156
 157   RunChannelAuth(net::OK, net::OK);
 158
 159   ASSERT_TRUE(client_socket_.get() != nullptr);
 160   ASSERT_TRUE(host_socket_.get() != nullptr);
 161
 162   StreamConnectionTester tester(host_socket_.get(), client_socket_.get(),
 163                                 100, 2);
 164
 165   tester.Start();
 166   message_loop_.Run();
 167   tester.CheckResults();
 168 }
 169
 170 // Verify that channels cannot be using invalid shared secret.
 171 TEST_F(SslHmacChannelAuthenticatorTest, InvalidChannelSecret) {
 172   client_auth_ = SslHmacChannelAuthenticator::CreateForClient(
 173       host_cert_, kTestSharedSecretBad);
 174   host_auth_ = SslHmacChannelAuthenticator::CreateForHost(
 175       host_cert_, key_pair_, kTestSharedSecret);
 176
 177   RunChannelAuth(net::ERR_FAILED, net::ERR_FAILED);
 178
 179   ASSERT_TRUE(host_socket_.get() == nullptr);
 180 }
 181
 182 // Verify that channels cannot be using invalid certificate.
 183 TEST_F(SslHmacChannelAuthenticatorTest, InvalidCertificate) {
 184   // Import a second certificate for the client to expect.
 185   scoped_refptr<net::X509Certificate> host_cert2(
 186       net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem"));
 187   std::string host_cert2_der;
 188   ASSERT_TRUE(net::X509Certificate::GetDEREncoded(host_cert2->os_cert_handle(),
 189                                                   &host_cert2_der));
 190
 191   client_auth_ = SslHmacChannelAuthenticator::CreateForClient(
 192       host_cert2_der, kTestSharedSecret);
 193   host_auth_ = SslHmacChannelAuthenticator::CreateForHost(
 194       host_cert_, key_pair_, kTestSharedSecret);
 195
 196   RunChannelAuth(net::ERR_CERT_INVALID, net::ERR_CONNECTION_CLOSED);
 197
 198   ASSERT_TRUE(host_socket_.get() == nullptr);
 199 }
 200
 201 }  // namespace protocol
 202 }  // namespace remoting