diff options
author | Paul Dumais <paul@itmanager.net> | 2021-10-05 14:22:49 -0400 |
---|---|---|
committer | Paul Dumais <paul@dumaison.com> | 2022-04-04 11:40:19 -0400 |
commit | e21ed2e6898f28f6fb4dc0e94dd3d8e08e99efb0 (patch) | |
tree | 912e2cc4da0ddbfa5d6d65c4eb3791a8a9a194cf /tests | |
parent | a85c85fb5f34a47c0f79865252ef9dad8f257441 (diff) | |
download | novnc-e21ed2e6898f28f6fb4dc0e94dd3d8e08e99efb0.tar.gz |
Added support for Apple Remote Desktop authentication
Fixed eslint warnings
Fixing tests that failed
Added unit tests for ARD authentication
Fixed an issue with the ARD rfb version number in the unit tests
Fixed issue with username/password lengths
Username and password lengths are now capped at 63 characters each. Improved code for sign bit on public key bytes.
UTF Encoder username and password before packing it
Change UTF encoding to encode the username and password before packing it to prevent it from being expanded beyond the allowed size. Public key is truncated to proper key length.
Replaced forge with web crypto for ARD authentication
Changed the way in which the async methods are handled, added unit tests to verify ARD encryption output.
Update .eslintignore
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test.rfb.js | 77 |
1 files changed, 75 insertions, 2 deletions
diff --git a/tests/test.rfb.js b/tests/test.rfb.js index 5f50581..48bac75 100644 --- a/tests/test.rfb.js +++ b/tests/test.rfb.js @@ -945,9 +945,9 @@ describe('Remote Frame Buffer Protocol Client', function () { expect(client._rfbVersion).to.equal(3.3); }); - it('should interpret version 003.889 as version 3.3', function () { + it('should interpret version 003.889 as version 3.8', function () { sendVer('003.889', client); - expect(client._rfbVersion).to.equal(3.3); + expect(client._rfbVersion).to.equal(3.8); }); it('should interpret version 003.007 as version 3.7', function () { @@ -1170,6 +1170,79 @@ describe('Remote Frame Buffer Protocol Client', function () { }); }); + describe('ARD Authentication (type 30) Handler', function () { + + beforeEach(function () { + client._rfbInitState = 'Security'; + client._rfbVersion = 3.8; + }); + + it('should fire the credentialsrequired event if all credentials are missing', function () { + const spy = sinon.spy(); + client.addEventListener("credentialsrequired", spy); + client._rfbCredentials = {}; + sendSecurity(30, client); + + expect(client._rfbCredentials).to.be.empty; + expect(spy).to.have.been.calledOnce; + expect(spy.args[0][0].detail.types).to.have.members(["username", "password"]); + }); + + it('should fire the credentialsrequired event if some credentials are missing', function () { + const spy = sinon.spy(); + client.addEventListener("credentialsrequired", spy); + client._rfbCredentials = { password: 'password'}; + sendSecurity(30, client); + + expect(spy).to.have.been.calledOnce; + expect(spy.args[0][0].detail.types).to.have.members(["username", "password"]); + }); + + it('should return properly encrypted credentials and public key', async function () { + client._rfbCredentials = { username: 'user', + password: 'password' }; + sendSecurity(30, client); + + expect(client._sock).to.have.sent([30]); + + function byteArray(length) { + return Array.from(new Uint8Array(length).keys()); + } + + let generator = [127, 255]; + let prime = byteArray(128); + let serverPrivateKey = byteArray(128); + let serverPublicKey = client._modPow(generator, serverPrivateKey, prime); + + let clientPrivateKey = byteArray(128); + let clientPublicKey = client._modPow(generator, clientPrivateKey, prime); + + let padding = Array.from(byteArray(64), byte => String.fromCharCode(65+byte%26)).join(''); + + await client._negotiateARDAuthAsync(generator, 128, prime, serverPublicKey, clientPrivateKey, padding); + + client._negotiateARDAuth(); + + expect(client._rfbInitState).to.equal('SecurityResult'); + + let expectEncrypted = new Uint8Array([ + 232, 234, 159, 162, 170, 180, 138, 104, 164, 49, 53, 96, 20, 36, 21, 15, + 217, 219, 107, 173, 196, 60, 96, 142, 215, 71, 13, 185, 185, 47, 5, 175, + 151, 30, 194, 55, 173, 214, 141, 161, 36, 138, 146, 3, 178, 89, 43, 248, + 131, 134, 205, 174, 9, 150, 171, 74, 222, 201, 20, 2, 30, 168, 162, 123, + 46, 86, 81, 221, 44, 211, 180, 247, 221, 61, 95, 155, 157, 241, 76, 76, + 49, 217, 234, 75, 147, 237, 199, 159, 93, 140, 191, 174, 52, 90, 133, 58, + 243, 81, 112, 182, 64, 62, 149, 7, 151, 28, 36, 161, 247, 247, 36, 96, + 230, 95, 58, 207, 46, 183, 100, 139, 143, 155, 224, 43, 219, 3, 71, 139]); + + let output = new Uint8Array(256); + output.set(expectEncrypted, 0); + output.set(clientPublicKey, 128); + + expect(client._sock).to.have.sent(output); + }); + }); + describe('XVP Authentication (type 22) Handler', function () { beforeEach(function () { client._rfbInitState = 'Security'; |