proxygen
SecondaryAuthManagerTest.cpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree. An additional grant
7  * of patent rights can be found in the PATENTS file in the same directory.
8  *
9  */
10 #include <proxygen/lib/http/session/SecondaryAuthManager.h>
11 #include <fizz/crypto/test/TestUtil.h>
12 #include <fizz/protocol/test/Mocks.h>
13 #include <fizz/record/Extensions.h>
14 #include <fizz/record/Types.h>
15 #include <folly/Conv.h>
16 #include <folly/String.h>
17 #include <folly/ssl/Init.h>
18 
19 #include <folly/portability/GMock.h>
20 #include <folly/portability/GTest.h>
21 
22 using namespace proxygen;
23 using namespace fizz;
24 using namespace fizz::test;
25 using namespace folly;
26 using namespace folly::test;
27 using namespace folly::io;
28 using namespace std;
29 
30 StringPiece expected_auth_request = {
31  "120000303132333435363738396162636465660008000d000400020403"};
32 
33 StringPiece expected_cert = {
34  "308201ee30820195a003020102020900c569eec901ce86d9300a06082a8648ce3d04030230"
35  "54310b3009060355040613025553310b300906035504080c024e59310b300906035504070c"
36  "024e59310d300b060355040a0c0446697a7a310d300b060355040b0c0446697a7a310d300b"
37  "06035504030c0446697a7a301e170d3137303430343138323930395a170d34313131323431"
38  "38323930395a3054310b3009060355040613025553310b300906035504080c024e59310b30"
39  "0906035504070c024e59310d300b060355040a0c0446697a7a310d300b060355040b0c0446"
40  "697a7a310d300b06035504030c0446697a7a3059301306072a8648ce3d020106082a8648ce"
41  "3d030107034200049d87bcaddb65d8dcf6df8b148a9679b5b710db19c95a9badfff13468cb"
42  "358b4e21d24a5c826112658ebb96d64e2985dfb41c1948334391a4aa81b67837e2dbf0a350"
43  "304e301d0603551d0e041604143c5b8ba954d9752faf3c8ad6d1a62449dccaa850301f0603"
44  "551d230418301680143c5b8ba954d9752faf3c8ad6d1a62449dccaa850300c0603551d1304"
45  "0530030101ff300a06082a8648ce3d04030203470030440220349b7d34d7132fb2756576e0"
46  "bfa36cbe1723337a7a6f5ef9c8d3bf1aa7efa4a5022025c50a91e0aa4272f1f52c3d5583a7"
47  "d7cee14b178835273a0bd814303e62d714"};
48 
49 TEST(SecondaryAuthManagerTest, AuthenticatorRequest) {
50  auto certRequestContext = folly::IOBuf::copyBuffer("0123456789abcdef");
51  fizz::SignatureAlgorithms sigAlgs;
52  sigAlgs.supported_signature_algorithms.push_back(
53  SignatureScheme::ecdsa_secp256r1_sha256);
54  std::vector<fizz::Extension> extensions;
55  extensions.push_back(encodeExtension(std::move(sigAlgs)));
56  SecondaryAuthManager authManager;
57  auto authRequestPair = authManager.createAuthRequest(
58  std::move(certRequestContext), std::move(extensions));
59  auto requestId = authRequestPair.first;
60  auto authRequest = std::move(authRequestPair.second);
61  EXPECT_EQ(requestId, 0);
62  EXPECT_EQ(expected_auth_request,
63  StringPiece(hexlify(authRequest->coalesce())));
64 }
65 
66 TEST(SecondaryAuthManagerTest, Authenticator) {
67  folly::ssl::init();
68  // Instantiate a SecondaryAuthManager.
69  auto cert = fizz::test::getCert(kP256Certificate);
70  auto key = fizz::test::getPrivateKey(kP256Key);
71  std::vector<folly::ssl::X509UniquePtr> certs;
72  certs.push_back(std::move(cert));
73  std::unique_ptr<fizz::SelfCert> certPtr =
74  std::make_unique<SelfCertImpl<KeyType::P256>>(std::move(key),
75  std::move(certs));
76  EXPECT_NE(certPtr, nullptr);
77  SecondaryAuthManager authManager(std::move(certPtr));
78  // Genearte an authenticator request.
79  auto certRequestContext = folly::IOBuf::copyBuffer("0123456789abcdef");
80  fizz::SignatureAlgorithms sigAlgs;
81  sigAlgs.supported_signature_algorithms.push_back(
82  SignatureScheme::ecdsa_secp256r1_sha256);
83  std::vector<fizz::Extension> extensions;
84  extensions.push_back(encodeExtension(std::move(sigAlgs)));
85  auto authRequestPair = authManager.createAuthRequest(
86  std::move(certRequestContext), std::move(extensions));
87  auto requestId = authRequestPair.first;
88  auto authRequest = std::move(authRequestPair.second);
89 
90  // Generate an authenticator.
91  MockAsyncFizzBase fizzBase;
92  EXPECT_CALL(fizzBase, getCipher()).WillRepeatedly(InvokeWithoutArgs([]() {
93  folly::Optional<CipherSuite> cipher = CipherSuite::TLS_AES_128_GCM_SHA256;
94  return cipher;
95  }));
96  EXPECT_CALL(fizzBase, getSupportedSigSchemes())
97  .WillRepeatedly(InvokeWithoutArgs([]() {
98  std::vector<SignatureScheme> schemes = {
99  SignatureScheme::ecdsa_secp256r1_sha256};
100  return schemes;
101  }));
102  EXPECT_CALL(fizzBase, getEkm(_, _, _)).WillRepeatedly(InvokeWithoutArgs([]() {
103  return folly::IOBuf::copyBuffer("exportedmaterial");
104  }));
105  auto authenticatorPair =
106  authManager.getAuthenticator(fizzBase,
107  TransportDirection::UPSTREAM,
108  requestId,
109  std::move(authRequest));
110  auto certId = authenticatorPair.first;
111  auto authenticator = std::move(authenticatorPair.second);
112 
113  // Validate the authenticator.
114  auto isValid = authManager.validateAuthenticator(
115  fizzBase, TransportDirection::UPSTREAM, certId, std::move(authenticator));
116  auto cachedCertId = authManager.getCertId(requestId);
117  EXPECT_TRUE(cachedCertId.hasValue());
118  EXPECT_EQ(*cachedCertId, certId);
119  auto peerCert = authManager.getPeerCert(certId);
120  EXPECT_TRUE(peerCert.hasValue());
121  EXPECT_EQ((*peerCert).size(), 1);
122  EXPECT_EQ(expected_cert,
123  StringPiece(hexlify(((*peerCert)[0].cert_data)->coalesce())));
124  EXPECT_TRUE(isValid);
125 }
fizz::test::kP256Key
constexpr folly::StringPiece kP256Key
Definition: TestUtil.h:18
EXPECT_EQ
#define EXPECT_EQ(val1, val2)
Definition: gtest.h:1922
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
std
STL namespace.
folly::ssl::init
void init()
Definition: Init.cpp:54
proxygen::SecondaryAuthManager::getPeerCert
folly::Optional< std::vector< fizz::CertificateEntry > > getPeerCert(uint16_t certId)
Definition: SecondaryAuthManager.cpp:132
fizz::test::getPrivateKey
EvpPkeyUniquePtr getPrivateKey(StringPiece key)
Definition: TestUtil.cpp:21
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
testing::InvokeWithoutArgs
PolymorphicAction< internal::InvokeWithoutArgsAction< FunctionImpl > > InvokeWithoutArgs(FunctionImpl function_impl)
Definition: gmock-actions.h:1168
fizz::test::getCert
folly::ssl::X509UniquePtr getCert(folly::StringPiece cert)
Definition: TestUtil.cpp:48
cipher
CipherSuite cipher
Definition: ClientProtocol.cpp:1006
proxygen::SecondaryAuthManager::getCertId
folly::Optional< uint16_t > getCertId(uint16_t requestId)
Definition: SecondaryAuthManager.cpp:122
expected_cert
StringPiece expected_cert
Definition: SecondaryAuthManagerTest.cpp:33
fizz::SignatureAlgorithms::supported_signature_algorithms
std::vector< SignatureScheme > supported_signature_algorithms
Definition: Extensions.h:17
fizz
Definition: Actions.h:16
proxygen::SecondaryAuthManager::validateAuthenticator
bool validateAuthenticator(const fizz::AsyncFizzBase &transport, TransportDirection dir, uint16_t certId, std::unique_ptr< folly::IOBuf > authenticator) override
Definition: SecondaryAuthManager.cpp:66
TEST
TEST(SecondaryAuthManagerTest, AuthenticatorRequest)
Definition: SecondaryAuthManagerTest.cpp:49
proxygen::SecondaryAuthManager::createAuthRequest
std::pair< uint16_t, std::unique_ptr< folly::IOBuf > > createAuthRequest(std::unique_ptr< folly::IOBuf > certRequestContext, std::vector< fizz::Extension > extensions) override
Definition: SecondaryAuthManager.cpp:27
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition: gtest.h:1859
fizz::test::getCipher
std::unique_ptr< Aead > getCipher(const CipherParams &params)
Definition: OpenSSLEVPCipherTest.cpp:42
proxygen::SecondaryAuthManager::getAuthenticator
std::pair< uint16_t, std::unique_ptr< folly::IOBuf > > getAuthenticator(const fizz::AsyncFizzBase &transport, TransportDirection dir, uint16_t requestId, std::unique_ptr< folly::IOBuf > authRequest) override
Definition: SecondaryAuthManager.cpp:48
EXPECT_NE
#define EXPECT_NE(val1, val2)
Definition: gtest.h:1926
EXPECT_CALL
#define EXPECT_CALL(obj, call)
Definition: gmock-spec-builders.h:1845
testing::_
const internal::AnythingMatcher _
Definition: gmock-matchers.h:3729
fizz::encodeExtension
Extension encodeExtension(const TokenBindingParameters &params)
Definition: Types.cpp:113
folly::StringPiece
Range< const char * > StringPiece
Definition: ScopedEventBaseThread.h:29
folly::hexlify
bool hexlify(const InputString &input, OutputString &output, bool append_output)
Definition: String-inl.h:596
folly::IOBuf::copyBuffer
static std::unique_ptr< IOBuf > copyBuffer(const void *buf, std::size_t size, std::size_t headroom=0, std::size_t minTailroom=0)
Definition: IOBuf.h:1587
expected_auth_request
StringPiece expected_auth_request
Definition: SecondaryAuthManagerTest.cpp:30
fizz::test::kP256Certificate
constexpr folly::StringPiece kP256Certificate
Definition: TestUtil.h:41