1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/basictypes.h"
6 #include "net/base/net_errors.h"
7 #include "net/http/http_auth_challenge_tokenizer.h"
8 #include "net/http/http_auth_sspi_win.h"
9 #include "net/http/mock_sspi_library_win.h"
10 #include "testing/gtest/include/gtest/gtest.h"
16 void MatchDomainUserAfterSplit(const std::wstring
& combined
,
17 const std::wstring
& expected_domain
,
18 const std::wstring
& expected_user
) {
19 std::wstring actual_domain
;
20 std::wstring actual_user
;
21 SplitDomainAndUser(combined
, &actual_domain
, &actual_user
);
22 EXPECT_EQ(expected_domain
, actual_domain
);
23 EXPECT_EQ(expected_user
, actual_user
);
26 const ULONG kMaxTokenLength
= 100;
30 TEST(HttpAuthSSPITest
, SplitUserAndDomain
) {
31 MatchDomainUserAfterSplit(L
"foobar", L
"", L
"foobar");
32 MatchDomainUserAfterSplit(L
"FOO\\bar", L
"FOO", L
"bar");
35 TEST(HttpAuthSSPITest
, DetermineMaxTokenLength_Normal
) {
36 SecPkgInfoW package_info
;
37 memset(&package_info
, 0x0, sizeof(package_info
));
38 package_info
.cbMaxToken
= 1337;
40 MockSSPILibrary mock_library
;
41 mock_library
.ExpectQuerySecurityPackageInfo(L
"NTLM", SEC_E_OK
, &package_info
);
42 ULONG max_token_length
= kMaxTokenLength
;
43 int rv
= DetermineMaxTokenLength(&mock_library
, L
"NTLM", &max_token_length
);
45 EXPECT_EQ(1337, max_token_length
);
48 TEST(HttpAuthSSPITest
, DetermineMaxTokenLength_InvalidPackage
) {
49 MockSSPILibrary mock_library
;
50 mock_library
.ExpectQuerySecurityPackageInfo(L
"Foo", SEC_E_SECPKG_NOT_FOUND
,
52 ULONG max_token_length
= kMaxTokenLength
;
53 int rv
= DetermineMaxTokenLength(&mock_library
, L
"Foo", &max_token_length
);
54 EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME
, rv
);
55 // |DetermineMaxTokenLength()| interface states that |max_token_length| should
56 // not change on failure.
57 EXPECT_EQ(100, max_token_length
);
60 TEST(HttpAuthSSPITest
, ParseChallenge_FirstRound
) {
61 // The first round should just consist of an unadorned "Negotiate" header.
62 MockSSPILibrary mock_library
;
63 HttpAuthSSPI
auth_sspi(&mock_library
, "Negotiate",
64 NEGOSSP_NAME
, kMaxTokenLength
);
65 std::string challenge_text
= "Negotiate";
66 HttpAuthChallengeTokenizer
challenge(challenge_text
.begin(),
67 challenge_text
.end());
68 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT
,
69 auth_sspi
.ParseChallenge(&challenge
));
72 TEST(HttpAuthSSPITest
, ParseChallenge_TwoRounds
) {
73 // The first round should just have "Negotiate", and the second round should
74 // have a valid base64 token associated with it.
75 MockSSPILibrary mock_library
;
76 HttpAuthSSPI
auth_sspi(&mock_library
, "Negotiate",
77 NEGOSSP_NAME
, kMaxTokenLength
);
78 std::string first_challenge_text
= "Negotiate";
79 HttpAuthChallengeTokenizer
first_challenge(first_challenge_text
.begin(),
80 first_challenge_text
.end());
81 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT
,
82 auth_sspi
.ParseChallenge(&first_challenge
));
84 // Generate an auth token and create another thing.
85 std::string auth_token
;
86 EXPECT_EQ(OK
, auth_sspi
.GenerateAuthToken(NULL
, "HTTP/intranet.google.com",
89 std::string second_challenge_text
= "Negotiate Zm9vYmFy";
90 HttpAuthChallengeTokenizer
second_challenge(second_challenge_text
.begin(),
91 second_challenge_text
.end());
92 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT
,
93 auth_sspi
.ParseChallenge(&second_challenge
));
96 TEST(HttpAuthSSPITest
, ParseChallenge_UnexpectedTokenFirstRound
) {
97 // If the first round challenge has an additional authentication token, it
98 // should be treated as an invalid challenge from the server.
99 MockSSPILibrary mock_library
;
100 HttpAuthSSPI
auth_sspi(&mock_library
, "Negotiate",
101 NEGOSSP_NAME
, kMaxTokenLength
);
102 std::string challenge_text
= "Negotiate Zm9vYmFy";
103 HttpAuthChallengeTokenizer
challenge(challenge_text
.begin(),
104 challenge_text
.end());
105 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID
,
106 auth_sspi
.ParseChallenge(&challenge
));
109 TEST(HttpAuthSSPITest
, ParseChallenge_MissingTokenSecondRound
) {
110 // If a later-round challenge is simply "Negotiate", it should be treated as
111 // an authentication challenge rejection from the server or proxy.
112 MockSSPILibrary mock_library
;
113 HttpAuthSSPI
auth_sspi(&mock_library
, "Negotiate",
114 NEGOSSP_NAME
, kMaxTokenLength
);
115 std::string first_challenge_text
= "Negotiate";
116 HttpAuthChallengeTokenizer
first_challenge(first_challenge_text
.begin(),
117 first_challenge_text
.end());
118 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT
,
119 auth_sspi
.ParseChallenge(&first_challenge
));
121 std::string auth_token
;
122 EXPECT_EQ(OK
, auth_sspi
.GenerateAuthToken(NULL
, "HTTP/intranet.google.com",
124 std::string second_challenge_text
= "Negotiate";
125 HttpAuthChallengeTokenizer
second_challenge(second_challenge_text
.begin(),
126 second_challenge_text
.end());
127 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_REJECT
,
128 auth_sspi
.ParseChallenge(&second_challenge
));
131 TEST(HttpAuthSSPITest
, ParseChallenge_NonBase64EncodedToken
) {
132 // If a later-round challenge has an invalid base64 encoded token, it should
133 // be treated as an invalid challenge.
134 MockSSPILibrary mock_library
;
135 HttpAuthSSPI
auth_sspi(&mock_library
, "Negotiate",
136 NEGOSSP_NAME
, kMaxTokenLength
);
137 std::string first_challenge_text
= "Negotiate";
138 HttpAuthChallengeTokenizer
first_challenge(first_challenge_text
.begin(),
139 first_challenge_text
.end());
140 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT
,
141 auth_sspi
.ParseChallenge(&first_challenge
));
143 std::string auth_token
;
144 EXPECT_EQ(OK
, auth_sspi
.GenerateAuthToken(NULL
, "HTTP/intranet.google.com",
146 std::string second_challenge_text
= "Negotiate =happyjoy=";
147 HttpAuthChallengeTokenizer
second_challenge(second_challenge_text
.begin(),
148 second_challenge_text
.end());
149 EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_INVALID
,
150 auth_sspi
.ParseChallenge(&second_challenge
));
