diff options
Diffstat (limited to 'src/tests/cmocka/test_krb5_passkey_plugin.c')
-rw-r--r-- | src/tests/cmocka/test_krb5_passkey_plugin.c | 470 |
1 files changed, 470 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_krb5_passkey_plugin.c b/src/tests/cmocka/test_krb5_passkey_plugin.c new file mode 100644 index 0000000..9593a65 --- /dev/null +++ b/src/tests/cmocka/test_krb5_passkey_plugin.c @@ -0,0 +1,470 @@ +/* + Copyright (C) 2023 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "config.h" + +#include <popt.h> + +#include "tests/cmocka/common_mock.h" +#include "krb5_plugin/passkey/passkey.h" + +void test_sss_passkey_message_encode__null(void **state) +{ + char *str; + + str = sss_passkey_message_encode(NULL); + assert_null(str); +} + +void test_sss_passkey_message_encode__invalid(void **state) +{ + struct sss_passkey_message message = {0}; + char *str; + + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + str = sss_passkey_message_encode(&message); + assert_null(str); + + message.phase = SSS_PASSKEY_PHASE_REPLY; + str = sss_passkey_message_encode(&message); + assert_null(str); +} + +void test_sss_passkey_message_encode__init(void **state) +{ + struct sss_passkey_message message = {0}; + char *str; + + message.phase = SSS_PASSKEY_PHASE_INIT; + str = sss_passkey_message_encode(&message); + assert_non_null(str); + assert_string_equal(str, "passkey {\"phase\":0}"); + free(str); + + message.phase = SSS_PASSKEY_PHASE_INIT; + message.state = discard_const("abcd"); + str = sss_passkey_message_encode(&message); + assert_null(str); +} + +void test_sss_passkey_message_encode__challenge(void **state) +{ + struct sss_passkey_message message = {0}; + struct sss_passkey_challenge challenge = {0}; + const char *id_list[] = {"a", "b", NULL}; + char *str; + + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = NULL; + message.data.challenge = NULL; + str = sss_passkey_message_encode(&message); + assert_null(str); + + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = discard_const("abcd"); + message.data.challenge = NULL; + str = sss_passkey_message_encode(&message); + assert_null(str); + + challenge.domain = discard_const("domain"); + challenge.credential_id_list = discard_const(id_list); + challenge.user_verification = 1; + challenge.cryptographic_challenge = discard_const("crypto-challenge"); + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = NULL; + message.data.challenge = &challenge; + str = sss_passkey_message_encode(&message); + assert_null(str); + + challenge.domain = NULL; + challenge.credential_id_list = NULL; + challenge.user_verification = 0; + challenge.cryptographic_challenge = NULL; + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = NULL; + message.data.challenge = &challenge; + str = sss_passkey_message_encode(&message); + assert_null(str); + + challenge.domain = NULL; + challenge.credential_id_list = discard_const(id_list); + challenge.user_verification = 1; + challenge.cryptographic_challenge = discard_const("crypto-challenge"); + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = discard_const("abcd"); + message.data.challenge = &challenge; + str = sss_passkey_message_encode(&message); + assert_null(str); + + challenge.domain = discard_const("domain"); + challenge.credential_id_list = NULL; + challenge.user_verification = 1; + challenge.cryptographic_challenge = discard_const("crypto-challenge"); + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = discard_const("abcd"); + message.data.challenge = &challenge; + str = sss_passkey_message_encode(&message); + assert_null(str); + + challenge.domain = discard_const("domain"); + challenge.credential_id_list = discard_const(id_list); + challenge.user_verification = 1; + challenge.cryptographic_challenge = NULL; + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = discard_const("abcd"); + message.data.challenge = &challenge; + str = sss_passkey_message_encode(&message); + assert_null(str); + + challenge.domain = discard_const("domain"); + challenge.credential_id_list = discard_const(id_list); + challenge.user_verification = 1; + challenge.cryptographic_challenge = discard_const("crypto-challenge"); + message.phase = SSS_PASSKEY_PHASE_CHALLENGE; + message.state = discard_const("abcd"); + message.data.challenge = &challenge; + str = sss_passkey_message_encode(&message); + assert_non_null(str); + assert_string_equal(str, "passkey {\"phase\":1,\"state\":\"abcd\",\"data\":{\"domain\":\"domain\",\"credential_id_list\":[\"a\",\"b\"],\"user_verification\":1,\"cryptographic_challenge\":\"crypto-challenge\"}}"); + free(str); +} + +void test_sss_passkey_message_encode__reply(void **state) +{ + struct sss_passkey_message message = {0}; + struct sss_passkey_reply reply = {0}; + char *str; + + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = NULL; + message.data.reply = NULL; + str = sss_passkey_message_encode(&message); + assert_null(str); + + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = NULL; + str = sss_passkey_message_encode(&message); + assert_null(str); + + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = NULL; + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_null(str); + + reply.credential_id = discard_const("id"); + reply.cryptographic_challenge = discard_const("crypto-challenge"); + reply.authenticator_data = discard_const("auth-data"); + reply.assertion_signature = discard_const("assertion-sig"); + reply.user_id = NULL; + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = NULL; + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_null(str); + + reply.credential_id = NULL; + reply.cryptographic_challenge = discard_const("crypto-challenge"); + reply.authenticator_data = discard_const("auth-data"); + reply.assertion_signature = discard_const("assertion-sig"); + reply.user_id = NULL; + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_null(str); + + reply.credential_id = discard_const("id"); + reply.cryptographic_challenge = NULL; + reply.authenticator_data = discard_const("auth-data"); + reply.assertion_signature = discard_const("assertion-sig"); + reply.user_id = NULL; + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_null(str); + + reply.credential_id = discard_const("id"); + reply.cryptographic_challenge = discard_const("crypto-challenge"); + reply.authenticator_data = NULL; + reply.assertion_signature = discard_const("assertion-sig"); + reply.user_id = NULL; + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_null(str); + + reply.credential_id = discard_const("id"); + reply.cryptographic_challenge = discard_const("crypto-challenge"); + reply.authenticator_data = discard_const("auth-data"); + reply.assertion_signature = NULL; + reply.user_id = NULL; + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_null(str); + + reply.credential_id = discard_const("id"); + reply.cryptographic_challenge = discard_const("crypto-challenge"); + reply.authenticator_data = discard_const("auth-data"); + reply.assertion_signature = discard_const("assertion-sig"); + reply.user_id = NULL; + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_non_null(str); + assert_string_equal(str, "passkey {\"phase\":2,\"state\":\"abcd\",\"data\":{\"credential_id\":\"id\",\"cryptographic_challenge\":\"crypto-challenge\",\"authenticator_data\":\"auth-data\",\"assertion_signature\":\"assertion-sig\"}}"); + free(str); + + reply.credential_id = discard_const("id"); + reply.cryptographic_challenge = discard_const("crypto-challenge"); + reply.authenticator_data = discard_const("auth-data"); + reply.assertion_signature = discard_const("assertion-sig"); + reply.user_id = discard_const("user-id"); + message.phase = SSS_PASSKEY_PHASE_REPLY; + message.state = discard_const("abcd"); + message.data.reply = &reply; + str = sss_passkey_message_encode(&message); + assert_non_null(str); + assert_string_equal(str, "passkey {\"phase\":2,\"state\":\"abcd\",\"data\":{\"credential_id\":\"id\",\"cryptographic_challenge\":\"crypto-challenge\",\"authenticator_data\":\"auth-data\",\"assertion_signature\":\"assertion-sig\",\"user_id\":\"user-id\"}}"); + free(str); +} + +void test_sss_passkey_message_decode__null(void **state) +{ + struct sss_passkey_message *message; + + message = sss_passkey_message_decode(NULL); + assert_null(message); +} + +void test_sss_passkey_message_decode__invalid(void **state) +{ + struct sss_passkey_message *message; + const char *str; + + str = ""; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "oauth2"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":10}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":1, \"state\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":1, \"state\":\"abcd\", \"data\":{\"test\":\"test\"}}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":2, \"state\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":2, \"state\":\"abcd\", \"data\":{\"test\":\"test\"}}"; + message = sss_passkey_message_decode(str); + assert_null(message); +} + +void test_sss_passkey_message_decode__init(void **state) +{ + struct sss_passkey_message *message; + const char *str; + + str = "passkey {\"phase\":0,\"state\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":0,\"data\":{\"test\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":0,\"state\":\"abcd\",\"data\":{\"test\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":0}"; + message = sss_passkey_message_decode(str); + assert_non_null(message); + assert_int_equal(message->phase, SSS_PASSKEY_PHASE_INIT); + assert_null(message->state); + assert_null(message->data.ptr); + sss_passkey_message_free(message); +} + +void test_sss_passkey_message_decode__challenge(void **state) +{ + struct sss_passkey_message *message; + const char *str; + + str = "passkey {\"phase\":1}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":1,\"state\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":1,\"data\":{\"test\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":1,\"state\":\"abcd\",\"data\":{\"domain\":\"domain\",\"credential_id_list\":[\"a\",\"b\"],\"user_verification\":1,\"cryptographic_challenge\":\"crypto-challenge\"}}"; + message = sss_passkey_message_decode(str); + assert_non_null(message); + assert_int_equal(message->phase, SSS_PASSKEY_PHASE_CHALLENGE); + assert_non_null(message->state); + assert_string_equal(message->state, "abcd"); + assert_non_null(message->data.challenge); + assert_non_null(message->data.challenge->domain); + assert_string_equal(message->data.challenge->domain, "domain"); + assert_non_null(message->data.challenge->credential_id_list); + assert_string_equal(message->data.challenge->credential_id_list[0], "a"); + assert_string_equal(message->data.challenge->credential_id_list[1], "b"); + assert_null(message->data.challenge->credential_id_list[2]); + assert_int_equal(message->data.challenge->user_verification, 1); + assert_non_null(message->data.challenge->cryptographic_challenge); + assert_string_equal(message->data.challenge->cryptographic_challenge, "crypto-challenge"); + sss_passkey_message_free(message); +} + +void test_sss_passkey_message_decode__reply(void **state) +{ + struct sss_passkey_message *message; + const char *str; + + str = "passkey {\"phase\":2}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":2,\"state\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":2,\"data\":{\"test\":\"abcd\"}"; + message = sss_passkey_message_decode(str); + assert_null(message); + + str = "passkey {\"phase\":2,\"state\":\"abcd\",\"data\":{\"credential_id\":\"id\",\"cryptographic_challenge\":\"crypto-challenge\",\"authenticator_data\":\"auth-data\",\"assertion_signature\":\"assertion-sig\"}}"; + message = sss_passkey_message_decode(str); + assert_non_null(message); + assert_int_equal(message->phase, SSS_PASSKEY_PHASE_REPLY); + assert_non_null(message->state); + assert_string_equal(message->state, "abcd"); + assert_non_null(message->data.reply); + assert_non_null(message->data.reply->credential_id); + assert_string_equal(message->data.reply->credential_id, "id"); + assert_non_null(message->data.reply->cryptographic_challenge); + assert_string_equal(message->data.reply->cryptographic_challenge, "crypto-challenge"); + assert_non_null(message->data.reply->authenticator_data); + assert_string_equal(message->data.reply->authenticator_data, "auth-data"); + assert_non_null(message->data.reply->assertion_signature); + assert_string_equal(message->data.reply->assertion_signature, "assertion-sig"); + sss_passkey_message_free(message); +} + +void test_sss_passkey_config_init__invalid(void **state) +{ + struct sss_passkey_config *passkeycfg; + krb5_error_code ret; + + ret = sss_passkey_config_init("not-json", &passkeycfg); + assert_int_equal(ret, EINVAL); + + ret = sss_passkey_config_init("", &passkeycfg); + assert_int_equal(ret, EINVAL); + + ret = sss_passkey_config_init("[]", &passkeycfg); + assert_int_equal(ret, EINVAL); + + ret = sss_passkey_config_init("[{\"indicators\": \"test\"}]", &passkeycfg); + assert_int_equal(ret, EINVAL); + + ret = sss_passkey_config_init("{\"indicators\": \"test\"}", &passkeycfg); + assert_int_equal(ret, EINVAL); +} + +void test_sss_passkey_config_init__ok(void **state) +{ + struct sss_passkey_config *passkeycfg; + krb5_error_code ret; + + ret = sss_passkey_config_init("[{}]", &passkeycfg); + assert_int_equal(ret, 0); + assert_non_null(passkeycfg); + assert_null(passkeycfg->indicators); + sss_passkey_config_free(passkeycfg); + + ret = sss_passkey_config_init("[{\"indicators\": [\"i1\"]}]", &passkeycfg); + assert_int_equal(ret, 0); + assert_non_null(passkeycfg); + assert_non_null(passkeycfg->indicators); + assert_non_null(passkeycfg->indicators[0]); + assert_null(passkeycfg->indicators[1]); + assert_string_equal(passkeycfg->indicators[0], "i1"); + sss_passkey_config_free(passkeycfg); + + ret = sss_passkey_config_init("[{\"indicators\": [\"i1\", \"i2\"]}]", &passkeycfg); + assert_int_equal(ret, 0); + assert_non_null(passkeycfg); + assert_non_null(passkeycfg->indicators); + assert_non_null(passkeycfg->indicators[0]); + assert_non_null(passkeycfg->indicators[1]); + assert_null(passkeycfg->indicators[2]); + assert_string_equal(passkeycfg->indicators[0], "i1"); + assert_string_equal(passkeycfg->indicators[1], "i2"); + sss_passkey_config_free(passkeycfg); +} + +int main(int argc, const char *argv[]) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_sss_passkey_message_encode__null), + cmocka_unit_test(test_sss_passkey_message_encode__invalid), + cmocka_unit_test(test_sss_passkey_message_encode__init), + cmocka_unit_test(test_sss_passkey_message_encode__challenge), + cmocka_unit_test(test_sss_passkey_message_encode__reply), + cmocka_unit_test(test_sss_passkey_message_decode__null), + cmocka_unit_test(test_sss_passkey_message_decode__invalid), + cmocka_unit_test(test_sss_passkey_message_decode__init), + cmocka_unit_test(test_sss_passkey_message_decode__challenge), + cmocka_unit_test(test_sss_passkey_message_decode__reply), + cmocka_unit_test(test_sss_passkey_config_init__invalid), + cmocka_unit_test(test_sss_passkey_config_init__ok), + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +} |