@Test public void testInvalidBewit4() throws Exception { // Test an invalid bewit due to missing mac SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); // Calculate expiry from ttl and current time Long expiry = System.currentTimeMillis() / 1000L + 120L; // final String mac = Hawk.calculateMAC(this.testcredentials1, Hawk.AuthType.BEWIT, expiry, // new URI(BASEBEWITURI), null, null, null, null); final StringBuffer sb = new StringBuffer(256); sb.append(this.testcredentials1.getKeyId()); sb.append('\\'); sb.append(String.valueOf(expiry)); sb.append('\\'); sb.append('\\'); final String bewit = BaseEncoding.base64().encode(sb.toString().getBytes()); try { URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit); final HttpURLConnection connection = connect(testUri, null, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testMissingAuthorizationHeader() throws Exception { // Ensure that a missing authorization header is caught SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { final HttpURLConnection connection = connect(this.validuri1, null, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testInvalidAuthorizationHeader9() throws Exception { // Ensure that a blank Hawk authorization header is caught final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { String authorizationHeader = "Hawk"; final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testInvalidBewit1() throws Exception { // Test an invalid bewit due to mismatched URIs SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { final String bewit = Hawk.generateBewit(this.testcredentials1, this.validuri1, 120L, null); URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit); final HttpURLConnection connection = connect(testUri, null, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testAuthorizationHeader() throws Exception { // Test correct implementation final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { final String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null); final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null); assertEquals(connection.getResponseCode(), 200); } finally { server.stop(); } }
@Test public void testBewit() throws Exception { // Test a valid bewit SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { final String bewit = Hawk.generateBewit(this.testcredentials1, new URI(BASEBEWITURI), 600L, null); URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit); final HttpURLConnection connection = connect(testUri, null, null); assertEquals(connection.getResponseCode(), 200); } finally { server.stop(); } }
@Test public void testInvalidAuthorizationHeader8() throws Exception { // Ensure that invalid timestamps are caught final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null); authorizationHeader = authorizationHeader.replace("ts=\"", "ts=\"x"); final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testInvalidAuthorizationHeader2() throws Exception { // Ensure that an authorization header without a nonce is caught SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); try { String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null); authorizationHeader = authorizationHeader.replace("nonce=", "invalid="); final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testInvalidAuthorizationHeader7() throws Exception { // Ensure that bad body hashes are caught final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); final String body = "Body of request"; final String hash = Hawk.calculateMac(this.testcredentials1, "Some other text"); try { String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null); final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testAuthorizationHeader2() throws Exception { // Test correct implementation with body final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null); final String body = "Body of request"; final String hash = Hawk.calculateMac(this.testcredentials1, body); try { String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null); final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body); assertEquals(connection.getResponseCode(), 200); } finally { server.stop(); } }
@Test public void testSkewConfiguration() throws Exception { // Ensure that timeout is working HawkServerConfiguration configuration = new HawkServerConfiguration.Builder().timestampSkew(1L).build(); SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, configuration); final String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null); Thread.sleep(2000L); try { final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null); assertEquals(connection.getResponseCode(), 401); } finally { server.stop(); } }
@Test public void testInvalidAuthorizationHeader11() throws Exception { // Ensure that if payload hash is required that this is enforced, but not if there is no body final SimpleHttpServer server = new SimpleHttpServer( this.testcredentials1, new HawkServerConfiguration.Builder() .payloadValidation(PayloadValidation.MANDATORY) .build()); try { String authorizationHeader = testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null); final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null); assertEquals(connection.getResponseCode(), 200); } finally { server.stop(); } }