@Test
public void testValidRequest() throws Exception {
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testcredentials1).build();
final String authorizationHeader =
testClient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader);
assertEquals(connection.getResponseCode(), 200);
}
@Test
public void testIncorrectMethod() throws Exception {
// Mismatch of HTTP method
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testcredentials1).build();
final String authorizationHeader =
testClient.generateAuthorizationHeader(this.validuri1, "post", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader);
assertEquals(connection.getResponseCode(), 401);
}
@Test
public void testPrefix() throws Exception {
// Check client path prefix
final HawkClient testClient1 =
new HawkClient.Builder().credentials(this.testcredentials1).build();
assertTrue(testClient1.isValidFor("/test/test2"));
assertTrue(testClient1.isValidFor(null));
HawkClientConfiguration clientConfiguration =
new HawkClientConfiguration.Builder().pathPrefix("/foo").build();
final HawkClient testClient2 =
new HawkClient.Builder()
.credentials(this.testcredentials1)
.configuration(clientConfiguration)
.build();
assertTrue(testClient2.isValidFor("/foo"));
assertFalse(testClient2.isValidFor("/test/test2"));
clientConfiguration =
new HawkClientConfiguration.Builder(clientConfiguration).pathPrefix("/test/").build();
final HawkClient testClient3 =
new HawkClient.Builder()
.credentials(this.testcredentials1)
.configuration(clientConfiguration)
.build();
assertTrue(testClient3.isValidFor("/test/test2"));
assertFalse(testClient3.isValidFor("/testtest2"));
}
@Test
public void testDuplicateNonce() throws Exception {
// Attempt repeat requests
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testCredentials1).build();
final String authorizationHeader =
testClient.generateAuthorizationHeader(this.validUri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validUri1, authorizationHeader);
assertEquals(connection.getResponseCode(), 200);
final HttpURLConnection connection2 = connect(this.validUri1, authorizationHeader);
assertEquals(connection2.getResponseCode(), 401);
}
@Test
public void testAuthorizationHeader() throws Exception {
// Test correct implementation
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
final String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader8() throws Exception {
// Ensure that invalid timestamps are caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
authorizationHeader = authorizationHeader.replace("ts=\"", "ts=\"x");
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader2() throws Exception {
// Ensure that an authorization header without a nonce is caught
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
authorizationHeader = authorizationHeader.replace("nonce=", "invalid=");
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader7() throws Exception {
// Ensure that bad body hashes are caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
final String body = "Body of request";
final String hash = Hawk.calculateMac(this.testcredentials1, "Some other text");
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testAuthorizationHeader2() throws Exception {
// Test correct implementation with body
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
final String body = "Body of request";
final String hash = Hawk.calculateMac(this.testcredentials1, body);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testSkewConfiguration() throws Exception {
// Ensure that timeout is working
HawkServerConfiguration configuration =
new HawkServerConfiguration.Builder().timestampSkew(1L).build();
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, configuration);
final String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
Thread.sleep(2000L);
try {
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader11() throws Exception {
// Ensure that if payload hash is required that this is enforced, but not if there is no body
final SimpleHttpServer server =
new SimpleHttpServer(
this.testcredentials1,
new HawkServerConfiguration.Builder()
.payloadValidation(PayloadValidation.MANDATORY)
.build());
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testModel() throws Exception {
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testcredentials1).build();
testClient.toString();
testClient.hashCode();
assertEquals(testClient, testClient);
assertNotEquals(testClient, null);
assertNotEquals(null, testClient);
final HawkClient testClient2 =
new HawkClient.Builder(testClient).credentials(this.testcredentials2).build();
testClient2.toString();
testClient2.hashCode();
assertEquals(testClient2, testClient2);
assertNotEquals(testClient2, testClient);
}