diff options
Diffstat (limited to 'qpid/dotnet/Qpid.Sasl.Tests/Mechanisms/DigestSaslClientTests.cs')
-rw-r--r-- | qpid/dotnet/Qpid.Sasl.Tests/Mechanisms/DigestSaslClientTests.cs | 249 |
1 files changed, 249 insertions, 0 deletions
diff --git a/qpid/dotnet/Qpid.Sasl.Tests/Mechanisms/DigestSaslClientTests.cs b/qpid/dotnet/Qpid.Sasl.Tests/Mechanisms/DigestSaslClientTests.cs new file mode 100644 index 0000000000..5a18ebaefd --- /dev/null +++ b/qpid/dotnet/Qpid.Sasl.Tests/Mechanisms/DigestSaslClientTests.cs @@ -0,0 +1,249 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +using System; +using System.Collections; +using System.Collections.Specialized; +using System.Text; + +using NUnit.Framework; +using Apache.Qpid.Sasl; +using Apache.Qpid.Sasl.Mechanisms; + +namespace Apache.Qpid.Sasl.Tests.Mechanisms +{ + [TestFixture] + public class DigestSaslClientTests : ISaslCallbackHandler + { + private const string USERNAME = "chris"; + private const string PASSWORD = "secret"; + private const string AUTHID = null; + private const string PROTOCOL = "IMAP"; + private const string SERVERNAME = "elwood.innosoft.com"; + + #region Digest Challenge Parsing Tests + // + // Digest Challenge Parsing Tests + // + + [Test] + public void CanParseSimpleString() + { + string challenge = "realm=\"elwood.innosoft.com\", algorithm=md5-sess"; + StringDictionary values = DigestChallenge.ParseParameters(challenge); + Assert.AreEqual(2, values.Count); + Assert.AreEqual("elwood.innosoft.com", values["realm"]); + Assert.AreEqual("md5-sess", values["algorithm"]); + } + + [Test] + public void CanParseEscapedQuotes() + { + string challenge = "realm=\"elwood\\\".innosoft.com\", algorithm=md5-sess"; + StringDictionary values = DigestChallenge.ParseParameters(challenge); + Assert.AreEqual(2, values.Count); + Assert.AreEqual("elwood\\\".innosoft.com", values["realm"]); + Assert.AreEqual("md5-sess", values["algorithm"]); + } + + [Test] + public void CanParseEmbeddedDelimiter() + { + string challenge = "realm=\"elwood,innosoft.com\", algorithm=md5-sess"; + StringDictionary values = DigestChallenge.ParseParameters(challenge); + Assert.AreEqual(2, values.Count); + Assert.AreEqual("elwood,innosoft.com", values["realm"]); + Assert.AreEqual("md5-sess", values["algorithm"]); + } + + [Test] + public void CanParse1() + { + string challenge = "realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"; + DigestChallenge parsed = DigestChallenge.Parse(challenge); + + Assert.AreEqual("elwood.innosoft.com", parsed.Realm); + Assert.AreEqual("OA6MG9tEQGm2hh", parsed.Nonce); + Assert.Contains("auth", parsed.QopOptions); + Assert.AreEqual("md5-sess", parsed.Algorithm); + Assert.AreEqual("utf-8", parsed.Charset); + } + + #endregion // Digest Challenge Parsing Tests + + + #region Digest Response Tests + // + // Digest Response Tests + // + + [Test] + public void CanWriteResponse() + { + DigestResponse resp = new DigestResponse(); + resp.Username = "user"; + resp.Realm = "nowhere.com"; + resp.Nonce = "OA9BSXrbuRhWay"; + resp.Cnonce = "OA9BSuZWMSpW8m"; + resp.NonceCount = 16; + resp.DigestUri = "acap/elwood.innosoft.com"; + resp.Response = "6084c6db3fede7352c551284490fd0fc"; + resp.Qop = "auth"; + resp.MaxBuffer = 65536; + resp.Cipher = "3des"; + resp.Authzid = "user2"; + resp.AuthParam = "ap"; + resp.Charset = "utf-8"; + + string expected = "username=\"user\",realm=\"nowhere.com\",nonce=\"OA9BSXrbuRhWay\",cnonce=\"OA9BSuZWMSpW8m\",nc=00000010,qop=auth,digest-uri=\"acap/elwood.innosoft.com\",response=\"6084c6db3fede7352c551284490fd0fc\",maxbuf=65536,charset=utf-8,cipher=3des,authzid=\"user2\",auth-param=\"ap\""; + Assert.AreEqual(expected, resp.ToString()); + } + + [Test] + public void CanWriteEscapedSecuence() + { + DigestResponse resp = new DigestResponse(); + resp.Username = "us\"er"; + + string expected = "username=\"us\\\"er\",nc=00000000,maxbuf=0"; + Assert.AreEqual(expected, resp.ToString()); + } + + #endregion // Digest Response Tests + + + #region Authentication Tests + // + // Authentication Tests + // + + [Test] + public void ReturnsRightMechanismName() + { + ISaslClient client = CreateClient(); + + Assert.AreEqual("DIGEST-MD5", client.MechanismName); + } + + [Test] + public void HasInitialResponseReturnsFalse() + { + ISaslClient client = CreateClient(); + + Assert.IsFalse(client.HasInitialResponse); + } + + [Test] + public void CanAuthenticate() + { + string challenge = "realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"; + DigestSaslClient client = CreateClient(); + client.Cnonce = "OA6MHXh6VqTrRk"; + + byte[] bresp = client.EvaluateChallenge(Encoding.UTF8.GetBytes(challenge)); + string response = Encoding.UTF8.GetString(bresp); + string expectedResp = "username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",cnonce=\"" + + client.Cnonce + "\",nc=00000001,qop=auth,digest-uri=\"imap/elwood.innosoft.com\",response=\"d388dad90d4bbd760a152321f2143af7\",maxbuf=65536,charset=utf-8"; + + Assert.AreEqual(expectedResp, response); + Assert.IsFalse(client.IsComplete); + + string challenge2 = "rspauth=ea40f60335c427b5527b84dbabcdfffd"; + bresp = client.EvaluateChallenge(Encoding.UTF8.GetBytes(challenge2)); + // client responds with zero-length array + Assert.AreEqual(0, bresp.Length); + Assert.IsTrue(client.IsComplete); + } + + [Test] + [ExpectedException(typeof(ArgumentNullException))] + public void ThrowsExceptionWhenChallengeIsMissing() + { + DigestSaslClient client = CreateClient(); + client.EvaluateChallenge(null); + } + + + [Test] + [ExpectedException(typeof(SaslException))] + public void ThrowsExceptionWhenNonceMissing() + { + string challenge = "realm=\"elwood.innosoft.com\""; + DigestSaslClient client = CreateClient(); + + client.EvaluateChallenge(Encoding.UTF8.GetBytes(challenge)); + } + + [Test] + [ExpectedException(typeof(SaslException))] + public void ThrowsExceptionWhenAlgorithmMissing() + { + string challenge = "realm=\"elwood.innosoft.com\",nonce=\"asdasadsad\""; + DigestSaslClient client = CreateClient(); + + client.EvaluateChallenge(Encoding.UTF8.GetBytes(challenge)); + } + + [Test] + [ExpectedException(typeof(SaslException))] + public void ThrowsExceptionWhenSecondChallengeInvalid() + { + string challenge = "realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8"; + DigestSaslClient client = CreateClient(); + + byte[] bresp = client.EvaluateChallenge(Encoding.UTF8.GetBytes(challenge)); + Encoding.UTF8.GetString(bresp); + + // repeat challenge 1, which is incorrect + client.EvaluateChallenge(Encoding.UTF8.GetBytes(challenge)); + } + + private DigestSaslClient CreateClient() + { + return new DigestSaslClient( + AUTHID, SERVERNAME, PROTOCOL, + new Hashtable(), this + ); + } + + void ISaslCallbackHandler.Handle(ISaslCallback[] callbacks) + { + foreach ( ISaslCallback cb in callbacks ) + { + if ( cb is NameCallback ) + { + ((NameCallback)cb).Text = USERNAME; + } else if ( cb is PasswordCallback ) + { + ((PasswordCallback)cb).Text = PASSWORD; + } else if ( cb is RealmCallback ) + { + ((RealmCallback)cb).Text = SERVERNAME; + } + } + } + + #endregion // Authentication Tests + + + } // class DigestSaslClientTests + +} // namespace Apache.Qpid.Sasl.Tests.Mechanisms |