1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_HTTP_MOCK_SSPI_LIBRARY_WIN_H_
#define NET_HTTP_MOCK_SSPI_LIBRARY_WIN_H_
#include <list>
#include <set>
#include "net/http/http_auth_sspi_win.h"
namespace net {
// The MockSSPILibrary class is intended for unit tests which want to bypass
// the system SSPI library calls.
class MockSSPILibrary : public SSPILibrary {
public:
MockSSPILibrary();
~MockSSPILibrary() override;
// SSPILibrary methods:
// AcquireCredentialsHandle() returns a handle that must be freed using
// FreeCredentialsHandle(). The credentials handle records the principal name.
//
// On return ptsExpiry is set to a constant.
SECURITY_STATUS AcquireCredentialsHandle(LPWSTR pszPrincipal,
LPWSTR pszPackage,
unsigned long fCredentialUse,
void* pvLogonId,
void* pvAuthData,
SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument,
PCredHandle phCredential,
PTimeStamp ptsExpiry) override;
// InitializeSecurityContext() returns a handle in phContext that must be
// freed via FreeContextBuffer() or by passing it into another
// InitializeSecurityContext() call.
//
// On return ptsExpiry is set to a constant.
//
// The output buffer will contain a token consisting of the ASCII string:
//
// "<source principal>'s token #<n> for <target principal>"
//
// <source principal> is the security principal derived from explicit
// credentials that were passed to a prior AcquireCredentialsHandle() call, or
// the string "<Default>" if ambient credentials were requested.
//
// <n> is the 1-based invocation counter for InitializeSecurityContext() for
// the same context.
//
// <target principal> is the contents of the pszTargetName. Note that the
// function expects the same target name on every invocation.
SECURITY_STATUS InitializeSecurityContext(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_WCHAR* pszTargetName,
unsigned long fContextReq,
unsigned long Reserved1,
unsigned long TargetDataRep,
PSecBufferDesc pInput,
unsigned long Reserved2,
PCtxtHandle phNewContext,
PSecBufferDesc pOutput,
unsigned long* contextAttr,
PTimeStamp ptsExpiry) override;
// QueryContextAttributesEx() supports querying the same attributes as
// required by HttpAuthSSPI.
SECURITY_STATUS QueryContextAttributesEx(PCtxtHandle phContext,
ULONG ulAttribute,
PVOID pBuffer,
ULONG cbBuffer) override;
SECURITY_STATUS QuerySecurityPackageInfo(LPWSTR pszPackageName,
PSecPkgInfoW* pkgInfo) override;
SECURITY_STATUS FreeCredentialsHandle(PCredHandle phCredential) override;
SECURITY_STATUS DeleteSecurityContext(PCtxtHandle phContext) override;
SECURITY_STATUS FreeContextBuffer(PVOID pvContextBuffer) override;
// Establishes an expectation for a |QuerySecurityPackageInfo()| call.
//
// Each expectation established by |ExpectSecurityQueryPackageInfo()| must be
// matched by a call to |QuerySecurityPackageInfo()| during the lifetime of
// the MockSSPILibrary. The |expected_package| argument must equal the
// |*pszPackageName| argument to |QuerySecurityPackageInfo()| for there to be
// a match. The expectations also establish an explicit ordering.
//
// For example, this sequence will be successful.
// MockSSPILibrary lib;
// lib.ExpectQuerySecurityPackageInfo(L"NTLM", ...)
// lib.ExpectQuerySecurityPackageInfo(L"Negotiate", ...)
// lib.QuerySecurityPackageInfo(L"NTLM", ...)
// lib.QuerySecurityPackageInfo(L"Negotiate", ...)
//
// This sequence will fail since the queries do not occur in the order
// established by the expectations.
// MockSSPILibrary lib;
// lib.ExpectQuerySecurityPackageInfo(L"NTLM", ...)
// lib.ExpectQuerySecurityPackageInfo(L"Negotiate", ...)
// lib.QuerySecurityPackageInfo(L"Negotiate", ...)
// lib.QuerySecurityPackageInfo(L"NTLM", ...)
//
// This sequence will fail because there were not enough queries.
// MockSSPILibrary lib;
// lib.ExpectQuerySecurityPackageInfo(L"NTLM", ...)
// lib.ExpectQuerySecurityPackageInfo(L"Negotiate", ...)
// lib.QuerySecurityPackageInfo(L"NTLM", ...)
//
// |response_code| is used as the return value for
// |QuerySecurityPackageInfo()|. If |response_code| is SEC_E_OK,
// an expectation is also set for a call to |FreeContextBuffer()| after
// the matching |QuerySecurityPackageInfo()| is called.
//
// |package_info| is assigned to |*pkgInfo| in |QuerySecurityPackageInfo|.
// The lifetime of |*package_info| should last at least until the matching
// |QuerySecurityPackageInfo()| is called.
void ExpectQuerySecurityPackageInfo(const std::wstring& expected_package,
SECURITY_STATUS response_code,
PSecPkgInfoW package_info);
private:
struct PackageQuery {
std::wstring expected_package;
SECURITY_STATUS response_code;
PSecPkgInfoW package_info;
};
// expected_package_queries contains an ordered list of expected
// |QuerySecurityPackageInfo()| calls and the return values for those
// calls.
std::list<PackageQuery> expected_package_queries_;
// Set of packages which should be freed.
std::set<PSecPkgInfoW> expected_freed_packages_;
// These sets keep track of active credentials and contexts.
std::set<CredHandle> active_credentials_;
std::set<CtxtHandle> active_contexts_;
};
using MockAuthLibrary = MockSSPILibrary;
} // namespace net
#endif // NET_HTTP_MOCK_SSPI_LIBRARY_WIN_H_
|
