Beispiel #1
0
  @Test
  public void testInvalidBewit4() throws Exception {
    // Test an invalid bewit due to missing mac
    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    // Calculate expiry from ttl and current time
    Long expiry = System.currentTimeMillis() / 1000L + 120L;
    //    final String mac = Hawk.calculateMAC(this.testcredentials1, Hawk.AuthType.BEWIT, expiry,
    // new URI(BASEBEWITURI), null, null, null, null);

    final StringBuffer sb = new StringBuffer(256);
    sb.append(this.testcredentials1.getKeyId());
    sb.append('\\');
    sb.append(String.valueOf(expiry));
    sb.append('\\');
    sb.append('\\');
    final String bewit = BaseEncoding.base64().encode(sb.toString().getBytes());

    try {
      URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit);
      final HttpURLConnection connection = connect(testUri, null, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #2
0
  @Test
  public void testMissingAuthorizationHeader() throws Exception {
    // Ensure that a missing authorization header is caught
    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      final HttpURLConnection connection = connect(this.validuri1, null, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #3
0
  @Test
  public void testInvalidAuthorizationHeader9() throws Exception {
    // Ensure that a blank Hawk authorization header is caught
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      String authorizationHeader = "Hawk";
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #4
0
  @Test
  public void testInvalidBewit1() throws Exception {
    // Test an invalid bewit due to mismatched URIs
    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      final String bewit = Hawk.generateBewit(this.testcredentials1, this.validuri1, 120L, null);
      URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit);
      final HttpURLConnection connection = connect(testUri, null, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #5
0
  @Test
  public void testAuthorizationHeader() throws Exception {
    // Test correct implementation
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      final String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }
Beispiel #6
0
  @Test
  public void testBewit() throws Exception {
    // Test a valid bewit
    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      final String bewit =
          Hawk.generateBewit(this.testcredentials1, new URI(BASEBEWITURI), 600L, null);
      URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit);
      final HttpURLConnection connection = connect(testUri, null, null);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }
Beispiel #7
0
  @Test
  public void testInvalidAuthorizationHeader8() throws Exception {
    // Ensure that invalid timestamps are caught
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      authorizationHeader = authorizationHeader.replace("ts=\"", "ts=\"x");
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #8
0
  @Test
  public void testInvalidAuthorizationHeader2() throws Exception {
    // Ensure that an authorization header without a nonce is caught
    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      authorizationHeader = authorizationHeader.replace("nonce=", "invalid=");
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #9
0
  @Test
  public void testInvalidAuthorizationHeader7() throws Exception {
    // Ensure that bad body hashes are caught
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    final String body = "Body of request";
    final String hash = Hawk.calculateMac(this.testcredentials1, "Some other text");
    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #10
0
  @Test
  public void testAuthorizationHeader2() throws Exception {
    // Test correct implementation with body
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    final String body = "Body of request";
    final String hash = Hawk.calculateMac(this.testcredentials1, body);
    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }
Beispiel #11
0
  @Test
  public void testSkewConfiguration() throws Exception {
    // Ensure that timeout is working
    HawkServerConfiguration configuration =
        new HawkServerConfiguration.Builder().timestampSkew(1L).build();

    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, configuration);

    final String authorizationHeader =
        testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
    Thread.sleep(2000L);
    try {
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Beispiel #12
0
  @Test
  public void testInvalidAuthorizationHeader11() throws Exception {
    // Ensure that if payload hash is required that this is enforced, but not if there is no body
    final SimpleHttpServer server =
        new SimpleHttpServer(
            this.testcredentials1,
            new HawkServerConfiguration.Builder()
                .payloadValidation(PayloadValidation.MANDATORY)
                .build());

    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }