diff options
author | asanka <asanka@chromium.org> | 2016-03-23 09:20:49 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-23 16:22:04 +0000 |
commit | 5ffd5d79244e6c9928ed465fcfed8a136d04140a (patch) | |
tree | 61b94a189d803d0d262244654252bf8fec7fb691 /net/http/http_auth_handler_factory_unittest.cc | |
parent | da4111853b1da632bf7566e3505f40ef9cca1a66 (diff) | |
download | chromium_src-5ffd5d79244e6c9928ed465fcfed8a136d04140a.zip chromium_src-5ffd5d79244e6c9928ed465fcfed8a136d04140a.tar.gz chromium_src-5ffd5d79244e6c9928ed465fcfed8a136d04140a.tar.bz2 |
[net/http auth] Support channel bindings for HTTP authentication.
Start using tls-server-end-point channel bindings for HTTP
authentication if a certificate is available. The current implementation
should work on Windows and Posix. Currently only SHA-256, SHA-384, and
SHA-512 are supported for generating channel bindings.
BUG=270219
R=rsleevi@chromium.org,davidben@chromium.org
Review URL: https://codereview.chromium.org/1408433006
Cr-Commit-Position: refs/heads/master@{#382858}
Diffstat (limited to 'net/http/http_auth_handler_factory_unittest.cc')
-rw-r--r-- | net/http/http_auth_handler_factory_unittest.cc | 78 |
1 files changed, 34 insertions, 44 deletions
diff --git a/net/http/http_auth_handler_factory_unittest.cc b/net/http/http_auth_handler_factory_unittest.cc index b73e47b..6d85121 100644 --- a/net/http/http_auth_handler_factory_unittest.cc +++ b/net/http/http_auth_handler_factory_unittest.cc @@ -10,6 +10,7 @@ #include "net/http/http_auth_scheme.h" #include "net/http/mock_allow_http_auth_preferences.h" #include "net/http/url_security_manager.h" +#include "net/ssl/ssl_info.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -24,6 +25,7 @@ class MockHttpAuthHandlerFactory : public HttpAuthHandlerFactory { int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, HttpAuth::Target target, + const SSLInfo& ssl_info, const GURL& origin, CreateReason reason, int nonce_count, @@ -40,6 +42,7 @@ class MockHttpAuthHandlerFactory : public HttpAuthHandlerFactory { } // namespace TEST(HttpAuthHandlerFactoryTest, RegistryFactory) { + SSLInfo null_ssl_info; HttpAuthHandlerRegistryFactory registry_factory; GURL gurl("www.google.com"); const int kBasicReturnCode = ERR_INVALID_SPDY_STREAM; @@ -59,42 +62,43 @@ TEST(HttpAuthHandlerFactoryTest, RegistryFactory) { // No schemes should be supported in the beginning. EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, registry_factory.CreateAuthHandlerFromString( - "Basic", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), &handler)); + "Basic", HttpAuth::AUTH_SERVER, null_ssl_info, gurl, + BoundNetLog(), &handler)); // Test what happens with a single scheme. registry_factory.RegisterSchemeFactory("Basic", mock_factory_basic); - EXPECT_EQ(kBasicReturnCode, - registry_factory.CreateAuthHandlerFromString( - "Basic", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), &handler)); + EXPECT_EQ(kBasicReturnCode, registry_factory.CreateAuthHandlerFromString( + "Basic", HttpAuth::AUTH_SERVER, null_ssl_info, + gurl, BoundNetLog(), &handler)); EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, registry_factory.CreateAuthHandlerFromString( - "Digest", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), - &handler)); + "Digest", HttpAuth::AUTH_SERVER, null_ssl_info, gurl, + BoundNetLog(), &handler)); // Test multiple schemes registry_factory.RegisterSchemeFactory("Digest", mock_factory_digest); - EXPECT_EQ(kBasicReturnCode, - registry_factory.CreateAuthHandlerFromString( - "Basic", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), &handler)); + EXPECT_EQ(kBasicReturnCode, registry_factory.CreateAuthHandlerFromString( + "Basic", HttpAuth::AUTH_SERVER, null_ssl_info, + gurl, BoundNetLog(), &handler)); EXPECT_EQ(kDigestReturnCode, registry_factory.CreateAuthHandlerFromString( - "Digest", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), - &handler)); + "Digest", HttpAuth::AUTH_SERVER, null_ssl_info, gurl, + BoundNetLog(), &handler)); // Test case-insensitivity - EXPECT_EQ(kBasicReturnCode, - registry_factory.CreateAuthHandlerFromString( - "basic", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), &handler)); + EXPECT_EQ(kBasicReturnCode, registry_factory.CreateAuthHandlerFromString( + "basic", HttpAuth::AUTH_SERVER, null_ssl_info, + gurl, BoundNetLog(), &handler)); // Test replacement of existing auth scheme registry_factory.RegisterSchemeFactory("Digest", mock_factory_digest_replace); - EXPECT_EQ(kBasicReturnCode, - registry_factory.CreateAuthHandlerFromString( - "Basic", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), &handler)); + EXPECT_EQ(kBasicReturnCode, registry_factory.CreateAuthHandlerFromString( + "Basic", HttpAuth::AUTH_SERVER, null_ssl_info, + gurl, BoundNetLog(), &handler)); EXPECT_EQ(kDigestReturnCodeReplace, registry_factory.CreateAuthHandlerFromString( - "Digest", HttpAuth::AUTH_SERVER, gurl, BoundNetLog(), - &handler)); + "Digest", HttpAuth::AUTH_SERVER, null_ssl_info, gurl, + BoundNetLog(), &handler)); } TEST(HttpAuthHandlerFactoryTest, DefaultFactory) { @@ -106,14 +110,12 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) { &http_auth_preferences); GURL server_origin("http://www.example.com"); GURL proxy_origin("http://cache.example.com:3128"); + SSLInfo null_ssl_info; { scoped_ptr<HttpAuthHandler> handler; int rv = http_auth_handler_factory->CreateAuthHandlerFromString( - "Basic realm=\"FooBar\"", - HttpAuth::AUTH_SERVER, - server_origin, - BoundNetLog(), - &handler); + "Basic realm=\"FooBar\"", HttpAuth::AUTH_SERVER, null_ssl_info, + server_origin, BoundNetLog(), &handler); EXPECT_EQ(OK, rv); ASSERT_FALSE(handler.get() == NULL); EXPECT_EQ(HttpAuth::AUTH_SCHEME_BASIC, handler->auth_scheme()); @@ -125,22 +127,16 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) { { scoped_ptr<HttpAuthHandler> handler; int rv = http_auth_handler_factory->CreateAuthHandlerFromString( - "UNSUPPORTED realm=\"FooBar\"", - HttpAuth::AUTH_SERVER, - server_origin, - BoundNetLog(), - &handler); + "UNSUPPORTED realm=\"FooBar\"", HttpAuth::AUTH_SERVER, null_ssl_info, + server_origin, BoundNetLog(), &handler); EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv); EXPECT_TRUE(handler.get() == NULL); } { scoped_ptr<HttpAuthHandler> handler; int rv = http_auth_handler_factory->CreateAuthHandlerFromString( - "Digest realm=\"FooBar\", nonce=\"xyz\"", - HttpAuth::AUTH_PROXY, - proxy_origin, - BoundNetLog(), - &handler); + "Digest realm=\"FooBar\", nonce=\"xyz\"", HttpAuth::AUTH_PROXY, + null_ssl_info, proxy_origin, BoundNetLog(), &handler); EXPECT_EQ(OK, rv); ASSERT_FALSE(handler.get() == NULL); EXPECT_EQ(HttpAuth::AUTH_SCHEME_DIGEST, handler->auth_scheme()); @@ -152,11 +148,8 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) { { scoped_ptr<HttpAuthHandler> handler; int rv = http_auth_handler_factory->CreateAuthHandlerFromString( - "NTLM", - HttpAuth::AUTH_SERVER, - server_origin, - BoundNetLog(), - &handler); + "NTLM", HttpAuth::AUTH_SERVER, null_ssl_info, server_origin, + BoundNetLog(), &handler); EXPECT_EQ(OK, rv); ASSERT_FALSE(handler.get() == NULL); EXPECT_EQ(HttpAuth::AUTH_SCHEME_NTLM, handler->auth_scheme()); @@ -168,11 +161,8 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) { { scoped_ptr<HttpAuthHandler> handler; int rv = http_auth_handler_factory->CreateAuthHandlerFromString( - "Negotiate", - HttpAuth::AUTH_SERVER, - server_origin, - BoundNetLog(), - &handler); + "Negotiate", HttpAuth::AUTH_SERVER, null_ssl_info, server_origin, + BoundNetLog(), &handler); // Note the default factory doesn't support Kerberos on Android #if defined(USE_KERBEROS) && !defined(OS_ANDROID) EXPECT_EQ(OK, rv); |