File: spnego_transport_test.go

package info (click to toggle)
gitlab-shell 14.35.0%2Bds1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 23,652 kB
  • sloc: ruby: 1,129; makefile: 583; sql: 391; sh: 384
file content (121 lines) | stat: -rw-r--r-- 3,374 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
package spnego

import (
	"net/http"
	"testing"

	"github.com/apcera/gssapi"
)

func TestCheckSPNEGONegotiate(t *testing.T) {
	lib, err := gssapi.Load(nil)
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}

	name := "WWW-Authenticate"
	canonicalName := http.CanonicalHeaderKey(name)

	testcases := map[string]struct {
		Headers         http.Header
		Name            string
		ExpectedPresent bool
		ExpectedToken   string
	}{
		"empty": {
			Headers:         http.Header{},
			Name:            name,
			ExpectedPresent: false,
			ExpectedToken:   "",
		},

		"non-negotiate": {
			Headers:         http.Header{canonicalName: []string{"Basic"}},
			Name:            name,
			ExpectedPresent: false,
			ExpectedToken:   "",
		},

		"negotiate, no token": {
			Headers:         http.Header{canonicalName: []string{"Negotiate"}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "",
		},
		"negotiate, case-insensitive": {
			Headers:         http.Header{canonicalName: []string{"negotiate"}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "",
		},
		"negotiate, fallback from basic-auth": {
			Headers:         http.Header{canonicalName: []string{"Basic", "Negotiate"}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "",
		},

		"negotiate, with token": {
			Headers:         http.Header{canonicalName: []string{"Negotiate aGVsbG8="}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "hello",
		},
		"negotiate, with token with whitespace": {
			Headers:         http.Header{canonicalName: []string{"Negotiate    aGVs bG8="}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "hello",
		},

		"negotiate, with token needing no padding": {
			Headers:         http.Header{canonicalName: []string{"Negotiate cGFk"}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "pad",
		},
		"negotiate, with token with 1 end-padding =": {
			Headers:         http.Header{canonicalName: []string{"Negotiate cGFkXzE="}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "pad_1",
		},
		"negotiate, with token missing 1 end-padding =": {
			Headers:         http.Header{canonicalName: []string{"Negotiate cGFkXzE"}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "pad_1",
		},
		"negotiate, with token with 2 end-padding =": {
			Headers:         http.Header{canonicalName: []string{"Negotiate cGFkX19fMg=="}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "pad___2",
		},
		"negotiate, with token missing 2 end-padding =": {
			Headers:         http.Header{canonicalName: []string{"Negotiate cGFkX19fMg"}},
			Name:            name,
			ExpectedPresent: true,
			ExpectedToken:   "pad___2",
		},

		"negotiate, with invalid token": {
			Headers:         http.Header{canonicalName: []string{"Negotiate !@#$%"}},
			Name:            name,
			ExpectedPresent: false,
			ExpectedToken:   "",
		},
	}

	for k, tc := range testcases {
		present, token := CheckSPNEGONegotiate(lib, tc.Headers, tc.Name)
		if present != tc.ExpectedPresent {
			t.Errorf("%s: expected present=%v, got %v", k, tc.ExpectedPresent, present)
			continue
		}
		if token.String() != tc.ExpectedToken {
			t.Errorf("%s: expected token=%q, got %q", k, tc.ExpectedToken, token)
			continue
		}
	}
}