/** tests getting the signature base string. */
@Test
public void testGetSignatureBaseString() throws Exception {
HttpServletRequest request = createMock(HttpServletRequest.class);
Map<String, Set<CharSequence>> oauthParams = new HashMap<String, Set<CharSequence>>();
oauthParams.put("oauth_consumer_key", Collections.singleton((CharSequence) "dpf43f3p2l4k3l03"));
oauthParams.put("oauth_token", Collections.singleton((CharSequence) "nnch734d00sl2jdk"));
oauthParams.put("oauth_signature_method", Collections.singleton((CharSequence) "HMAC-SHA1"));
oauthParams.put("oauth_timestamp", Collections.singleton((CharSequence) "1191242096"));
oauthParams.put("oauth_nonce", Collections.singleton((CharSequence) "kllo9940pd9333jh"));
oauthParams.put("oauth_version", Collections.singleton((CharSequence) "1.0"));
oauthParams.put("file", Collections.singleton((CharSequence) "vacation.jpg"));
oauthParams.put("size", Collections.singleton((CharSequence) "original"));
CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport();
replay(request);
String baseString =
support.getSignatureBaseString(
oauthParams, new URL("http://photos.example.net/photos"), "geT");
verify(request);
assertEquals(
"GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal",
baseString);
reset(request);
}
/** getTokenFromProvider */
@Test
public void testGetTokenFromProvider() throws Exception {
final ByteArrayInputStream in =
new ByteArrayInputStream(
"oauth_token=mytoken&oauth_token_secret=mytokensecret".getBytes("UTF-8"));
CoreOAuthConsumerSupport support =
new CoreOAuthConsumerSupport() {
@Override
protected InputStream readResource(
ProtectedResourceDetails details,
URL url,
String httpMethod,
OAuthConsumerToken token,
Map<String, String> additionalParameters,
Map<String, String> additionalRequestHeaders) {
return in;
}
};
ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class);
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
expect(details.getId()).andReturn("resourceId");
replay(details);
OAuthConsumerToken token = support.getTokenFromProvider(details, url, "POST", null, null);
verify(details);
reset(details);
assertFalse(token.isAccessToken());
assertEquals("mytoken", token.getValue());
assertEquals("mytokensecret", token.getSecret());
assertEquals("resourceId", token.getResourceId());
}
/** loadOAuthParameters */
@Test
public void testLoadOAuthParameters() throws Exception {
ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class);
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
CoreOAuthConsumerSupport support =
new CoreOAuthConsumerSupport() {
@Override
protected String getSignatureBaseString(
Map<String, Set<CharSequence>> oauthParams, URL requestURL, String httpMethod) {
return "MYSIGBASESTRING";
}
};
OAuthSignatureMethodFactory sigFactory = createMock(OAuthSignatureMethodFactory.class);
support.setSignatureFactory(sigFactory);
OAuthConsumerToken token = new OAuthConsumerToken();
OAuthSignatureMethod sigMethod = createMock(OAuthSignatureMethod.class);
expect(details.getConsumerKey()).andReturn("my-consumer-key");
expect(details.getSignatureMethod()).andReturn(HMAC_SHA1SignatureMethod.SIGNATURE_NAME);
expect(details.getSignatureMethod()).andReturn(HMAC_SHA1SignatureMethod.SIGNATURE_NAME);
SharedConsumerSecret secret = new SharedConsumerSecret("shh!!!");
expect(details.getSharedSecret()).andReturn(secret);
expect(sigFactory.getSignatureMethod(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, secret, null))
.andReturn(sigMethod);
expect(sigMethod.sign("MYSIGBASESTRING")).andReturn("MYSIGNATURE");
replay(details, sigFactory, sigMethod);
Map<String, Set<CharSequence>> params =
support.loadOAuthParameters(details, url, token, "POST", null);
verify(details, sigFactory, sigMethod);
reset(details, sigFactory, sigMethod);
assertEquals("some", params.remove("with").iterator().next().toString());
assertEquals("params", params.remove("query").iterator().next().toString());
assertTrue(params.containsKey("too"));
assertTrue(params.remove("too").isEmpty());
assertNull(params.remove(OAuthConsumerParameter.oauth_token.toString()));
assertNotNull(params.remove(OAuthConsumerParameter.oauth_nonce.toString()).iterator().next());
assertEquals(
"my-consumer-key",
params.remove(OAuthConsumerParameter.oauth_consumer_key.toString()).iterator().next());
assertEquals(
"MYSIGNATURE",
params.remove(OAuthConsumerParameter.oauth_signature.toString()).iterator().next());
assertEquals(
"1.0", params.remove(OAuthConsumerParameter.oauth_version.toString()).iterator().next());
assertEquals(
HMAC_SHA1SignatureMethod.SIGNATURE_NAME,
params.remove(OAuthConsumerParameter.oauth_signature_method.toString()).iterator().next());
assertTrue(
Long.parseLong(
params
.remove(OAuthConsumerParameter.oauth_timestamp.toString())
.iterator()
.next()
.toString())
<= (System.currentTimeMillis() / 1000));
assertTrue(params.isEmpty());
}
/** test getAuthorizationHeader */
@Test
public void testGetAuthorizationHeader() throws Exception {
final TreeMap<String, Set<CharSequence>> params = new TreeMap<String, Set<CharSequence>>();
CoreOAuthConsumerSupport support =
new CoreOAuthConsumerSupport() {
@Override
protected Map<String, Set<CharSequence>> loadOAuthParameters(
ProtectedResourceDetails details,
URL requestURL,
OAuthConsumerToken requestToken,
String httpMethod,
Map<String, String> additionalParameters) {
return params;
}
};
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
OAuthConsumerToken token = new OAuthConsumerToken();
ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class);
expect(details.isAcceptsAuthorizationHeader()).andReturn(false);
replay(details);
assertNull(support.getAuthorizationHeader(details, token, url, "POST", null));
verify(details);
reset(details);
params.put("with", Collections.singleton((CharSequence) "some"));
params.put("query", Collections.singleton((CharSequence) "params"));
params.put("too", null);
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
expect(details.getAuthorizationHeaderRealm()).andReturn("myrealm");
replay(details);
assertEquals(
"OAuth realm=\"myrealm\", query=\"params\", with=\"some\"",
support.getAuthorizationHeader(details, token, url, "POST", null));
verify(details);
reset(details);
params.put(
OAuthConsumerParameter.oauth_consumer_key.toString(),
Collections.singleton((CharSequence) "mykey"));
params.put(
OAuthConsumerParameter.oauth_nonce.toString(),
Collections.singleton((CharSequence) "mynonce"));
params.put(
OAuthConsumerParameter.oauth_timestamp.toString(),
Collections.singleton((CharSequence) "myts"));
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
expect(details.getAuthorizationHeaderRealm()).andReturn("myrealm");
replay(details);
assertEquals(
"OAuth realm=\"myrealm\", oauth_consumer_key=\"mykey\", oauth_nonce=\"mynonce\", oauth_timestamp=\"myts\", query=\"params\", with=\"some\"",
support.getAuthorizationHeader(details, token, url, "POST", null));
verify(details);
reset(details);
}
/** configureURLForProtectedAccess */
@Test
public void testConfigureURLForProtectedAccess() throws Exception {
CoreOAuthConsumerSupport support =
new CoreOAuthConsumerSupport() {
// Inherited.
@Override
public String getOAuthQueryString(
ProtectedResourceDetails details,
OAuthConsumerToken accessToken,
URL url,
String httpMethod,
Map<String, String> additionalParameters) {
return "myquerystring";
}
};
support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class);
OAuthConsumerToken token = new OAuthConsumerToken();
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
replay(details);
assertEquals(
"https://myhost.com/somepath?with=some&query=params&too",
support.configureURLForProtectedAccess(url, token, details, "GET", null).toString());
verify(details);
reset(details);
expect(details.isAcceptsAuthorizationHeader()).andReturn(false);
replay(details);
assertEquals(
"https://myhost.com/somepath?myquerystring",
support.configureURLForProtectedAccess(url, token, details, "GET", null).toString());
verify(details);
reset(details);
replay(details);
assertEquals(
"https://myhost.com/somepath?with=some&query=params&too",
support.configureURLForProtectedAccess(url, token, details, "POST", null).toString());
verify(details);
reset(details);
replay(details);
assertEquals(
"https://myhost.com/somepath?with=some&query=params&too",
support.configureURLForProtectedAccess(url, token, details, "PUT", null).toString());
verify(details);
reset(details);
}
/** readResouce */
@Test
public void testReadResouce() throws Exception {
ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class);
OAuthConsumerToken token = new OAuthConsumerToken();
URL url = new URL("http://myhost.com/resource?with=some&query=params&too");
final ConnectionProps connectionProps = new ConnectionProps();
final ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]);
final HttpURLConnectionForTestingPurposes connectionMock =
new HttpURLConnectionForTestingPurposes(url) {
@Override
public void setRequestMethod(String method) throws ProtocolException {
connectionProps.method = method;
}
@Override
public void setDoOutput(boolean dooutput) {
connectionProps.doOutput = dooutput;
}
@Override
public void connect() throws IOException {
connectionProps.connected = true;
}
@Override
public OutputStream getOutputStream() throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
connectionProps.outputStream = out;
return out;
}
@Override
public int getResponseCode() throws IOException {
return connectionProps.responseCode;
}
@Override
public String getResponseMessage() throws IOException {
return connectionProps.responseMessage;
}
@Override
public InputStream getInputStream() throws IOException {
return inputStream;
}
@Override
public String getHeaderField(String name) {
return connectionProps.headerFields.get(name);
}
};
CoreOAuthConsumerSupport support =
new CoreOAuthConsumerSupport() {
@Override
public URL configureURLForProtectedAccess(
URL url,
OAuthConsumerToken accessToken,
ProtectedResourceDetails details,
String httpMethod,
Map<String, String> additionalParameters)
throws OAuthRequestFailedException {
try {
return new URL(
url.getProtocol(),
url.getHost(),
url.getPort(),
url.getFile(),
new SteamHandlerForTestingPurposes(connectionMock));
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}
@Override
public String getOAuthQueryString(
ProtectedResourceDetails details,
OAuthConsumerToken accessToken,
URL url,
String httpMethod,
Map<String, String> additionalParameters) {
return "POSTBODY";
}
};
support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory());
expect(details.getAuthorizationHeaderRealm()).andReturn("realm1");
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
expect(details.getAdditionalRequestHeaders()).andReturn(null);
replay(details);
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (OAuthRequestFailedException e) {
// fall through...
}
verify(details);
reset(details);
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
expect(details.getAuthorizationHeaderRealm()).andReturn(null);
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
expect(details.getAdditionalRequestHeaders()).andReturn(null);
connectionProps.responseCode = 400;
connectionProps.responseMessage = "Nasty";
replay(details);
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (OAuthRequestFailedException e) {
// fall through...
}
verify(details);
reset(details);
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
expect(details.getAuthorizationHeaderRealm()).andReturn(null);
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
expect(details.getAdditionalRequestHeaders()).andReturn(null);
connectionProps.responseCode = 401;
connectionProps.responseMessage = "Bad Realm";
connectionProps.headerFields.put("WWW-Authenticate", "realm=\"goodrealm\"");
replay(details);
try {
support.readResource(details, url, "POST", token, null, null);
fail("shouldn't have been a valid response code.");
} catch (InvalidOAuthRealmException e) {
// fall through...
}
verify(details);
reset(details);
assertFalse(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
expect(details.getAuthorizationHeaderRealm()).andReturn(null);
expect(details.isAcceptsAuthorizationHeader()).andReturn(true);
expect(details.getAdditionalRequestHeaders()).andReturn(null);
connectionProps.responseCode = 200;
connectionProps.responseMessage = "Congrats";
replay(details);
assertSame(inputStream, support.readResource(details, url, "GET", token, null, null));
verify(details);
reset(details);
assertFalse(connectionProps.doOutput);
assertEquals("GET", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
expect(details.getAuthorizationHeaderRealm()).andReturn(null);
expect(details.isAcceptsAuthorizationHeader()).andReturn(false);
expect(details.getAdditionalRequestHeaders()).andReturn(null);
connectionProps.responseCode = 200;
connectionProps.responseMessage = "Congrats";
replay(details);
assertSame(inputStream, support.readResource(details, url, "POST", token, null, null));
assertEquals(
"POSTBODY",
new String(((ByteArrayOutputStream) connectionProps.outputStream).toByteArray()));
verify(details);
reset(details);
assertTrue(connectionProps.doOutput);
assertEquals("POST", connectionProps.method);
assertTrue(connectionProps.connected);
connectionProps.reset();
}
