mirror
/
KtIrc
mirror of https://github.com/csmith/KtIrc
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 20 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 Commits
2 Branches
Tree: e91342edc9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e91342edc9'
${ noResults }
KtIrc/src/test/kotlin/com/dmdirc/ktirc/sasl/ScramMechanismTest.kt

ScramMechanismTest.kt 9.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 
  1. package com.dmdirc.ktirc.sasl

  2. 

  3. import com.dmdirc.ktirc.IrcClient

  4. import com.dmdirc.ktirc.SaslConfig

  5. import com.dmdirc.ktirc.model.ServerState

  6. import com.nhaarman.mockitokotlin2.doReturn

  7. import com.nhaarman.mockitokotlin2.mock

  8. import com.nhaarman.mockitokotlin2.verify

  9. import org.junit.jupiter.api.Assertions.assertEquals

  10. import org.junit.jupiter.api.Test

  11. 

  12. internal class ScramMechanismTest {

  13. 

  14.     private val serverState = ServerState("", "")

  15.     private val ircClient = mock<IrcClient> {

  16.         on { serverState } doReturn serverState

  17.     }

  18. 

  19.     @Test

  20.     fun `sends first message when no state is present`() {

  21.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  22.             username = "user"

  23.             password = "pencil"

  24.         })

  25. 

  26.         mechanism.handleAuthenticationEvent(ircClient, "+".toByteArray())

  27. 

  28.         val nonce = (serverState.sasl.mechanismState as ScramState).clientNonce

  29.         verify(ircClient).send("AUTHENTICATE", "n,,n=user,r=$nonce".toByteArray().toBase64())

  30.     }

  31. 

  32.     @Test

  33.     fun `aborts if the server's first message contains extensions`() {

  34.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  35.             username = "user"

  36.             password = "pencil"

  37.         })

  38. 

  39.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage)

  40. 

  41.         mechanism.handleAuthenticationEvent(ircClient, "m=future".toByteArray())

  42. 

  43.         verify(ircClient).send("AUTHENTICATE", "*")

  44.     }

  45. 

  46.     @Test

  47.     fun `aborts if the server's first message contains an error`() {

  48.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  49.             username = "user"

  50.             password = "pencil"

  51.         })

  52. 

  53.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage)

  54. 

  55.         mechanism.handleAuthenticationEvent(ircClient, "e=whoops".toByteArray())

  56. 

  57.         verify(ircClient).send("AUTHENTICATE", "*")

  58.     }

  59. 

  60.     @Test

  61.     fun `aborts if the server's first message lacks an iteration count`() {

  62.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  63.             username = "user"

  64.             password = "pencil"

  65.         })

  66. 

  67.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage)

  68. 

  69.         mechanism.handleAuthenticationEvent(ircClient, "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92".toByteArray())

  70. 

  71.         verify(ircClient).send("AUTHENTICATE", "*")

  72.     }

  73. 

  74.     @Test

  75.     fun `aborts if the server's first message has an invalid iteration count`() {

  76.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  77.             username = "user"

  78.             password = "pencil"

  79.         })

  80. 

  81.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage)

  82. 

  83.         mechanism.handleAuthenticationEvent(ircClient, "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=leet".toByteArray())

  84. 

  85.         verify(ircClient).send("AUTHENTICATE", "*")

  86.     }

  87. 

  88.     @Test

  89.     fun `aborts if the server's first message lacks a nonce`() {

  90.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  91.             username = "user"

  92.             password = "pencil"

  93.         })

  94. 

  95.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage)

  96. 

  97.         mechanism.handleAuthenticationEvent(ircClient, "rs=QSXCR+Q6sek8bf92,i=4096".toByteArray())

  98. 

  99.         verify(ircClient).send("AUTHENTICATE", "*")

  100.     }

  101. 

  102.     @Test

  103.     fun `aborts if the server's first message lacks a salt`() {

  104.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  105.             username = "user"

  106.             password = "pencil"

  107.         })

  108. 

  109.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage)

  110. 

  111.         mechanism.handleAuthenticationEvent(ircClient, "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,i=4096".toByteArray())

  112. 

  113.         verify(ircClient).send("AUTHENTICATE", "*")

  114.     }

  115. 

  116.     @Test

  117.     fun `updates state after receiving server's first message`() {

  118.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  119.             username = "user"

  120.             password = "pencil"

  121.         })

  122. 

  123.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage, clientNonce = "fyko+d2lbbFgONRv9qkxdawL")

  124. 

  125.         mechanism.handleAuthenticationEvent(ircClient, "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".toByteArray())

  126. 

  127.         (serverState.sasl.mechanismState as ScramState).let {

  128.             assertEquals(ScramStage.Finishing, it.scramStage)

  129.             assertEquals("fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j", it.serverNonce)

  130.             assertEquals(4096, it.iterCount)

  131.             assertEquals("QSXCR+Q6sek8bf92", it.salt.toBase64())

  132.             assertEquals("HZbuOlKbWl+eR8AfIposuKbhX30=", it.saltedPassword.toBase64())

  133.             assertEquals("n=user,r=fyko+d2lbbFgONRv9qkxdawL,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096,c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j", String(it.authMessage))

  134.         }

  135.     }

  136. 

  137.     @Test

  138.     fun `responds to server's first message`() {

  139.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  140.             username = "user"

  141.             password = "pencil"

  142.         })

  143. 

  144.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.SendingSecondMessage, clientNonce = "fyko+d2lbbFgONRv9qkxdawL")

  145. 

  146.         mechanism.handleAuthenticationEvent(ircClient, "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".toByteArray())

  147. 

  148.         verify(ircClient).send("AUTHENTICATE", "c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=".toByteArray().toBase64())

  149.     }

  150. 

  151.     @Test

  152.     fun `aborts if the server's final message contains extensions`() {

  153.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  154.             username = "user"

  155.             password = "pencil"

  156.         })

  157. 

  158.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.Finishing)

  159. 

  160.         mechanism.handleAuthenticationEvent(ircClient, "m=future".toByteArray())

  161. 

  162.         verify(ircClient).send("AUTHENTICATE", "*")

  163.     }

  164. 

  165.     @Test

  166.     fun `aborts if the server's final message contains an error`() {

  167.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  168.             username = "user"

  169.             password = "pencil"

  170.         })

  171. 

  172.         serverState.sasl.mechanismState = ScramState(scramStage = ScramStage.Finishing)

  173. 

  174.         mechanism.handleAuthenticationEvent(ircClient, "e=whoops".toByteArray())

  175. 

  176.         verify(ircClient).send("AUTHENTICATE", "*")

  177.     }

  178. 

  179.     @Test

  180.     fun `aborts if the server's final message doesn't contain a verifier`() {

  181.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  182.             username = "user"

  183.             password = "pencil"

  184.         })

  185. 

  186.         serverState.sasl.mechanismState = ScramState(

  187.                 scramStage = ScramStage.Finishing,

  188.                 saltedPassword = "HZbuOlKbWl+eR8AfIposuKbhX30=".fromBase64(),

  189.                 authMessage = "n=user,r=fyko+d2lbbFgONRv9qkxdawL,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096,c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j".toByteArray())

  190. 

  191.         mechanism.handleAuthenticationEvent(ircClient, "".toByteArray())

  192. 

  193.         verify(ircClient).send("AUTHENTICATE", "*")

  194.     }

  195. 

  196.     @Test

  197.     fun `aborts if the server's verifier doesn't match`() {

  198.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  199.             username = "user"

  200.             password = "pencil"

  201.         })

  202. 

  203.         serverState.sasl.mechanismState = ScramState(

  204.                 scramStage = ScramStage.Finishing,

  205.                 saltedPassword = "HZbuOlKbWl+eR8AfIposuKbhX30=".fromBase64(),

  206.                 authMessage = "n=user,r=fyko+d2lbbFgONRv9qkxdawL,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096,c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j".toByteArray())

  207. 

  208.         mechanism.handleAuthenticationEvent(ircClient, "v=rmF9pqV8S7suAoZWja4dJRkF=".toByteArray())

  209. 

  210.         verify(ircClient).send("AUTHENTICATE", "*")

  211.     }

  212. 

  213.     @Test

  214.     fun `sends final message if server's verifier matches`() {

  215.         val mechanism = ScramMechanism("SHA-1", 1, SaslConfig().apply {

  216.             username = "user"

  217.             password = "pencil"

  218.         })

  219. 

  220.         serverState.sasl.mechanismState = ScramState(

  221.                 scramStage = ScramStage.Finishing,

  222.                 saltedPassword = "HZbuOlKbWl+eR8AfIposuKbhX30=".fromBase64(),

  223.                 authMessage = "n=user,r=fyko+d2lbbFgONRv9qkxdawL,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096,c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j".toByteArray())

  224. 

  225.         mechanism.handleAuthenticationEvent(ircClient, "v=rmF9pqV8S7suAoZWja4dJRkFsKQ=".toByteArray())

  226. 

  227.         verify(ircClient).send("AUTHENTICATE", "+")

  228.     }

  229. 

  230. }