/** tests getting the signature base string. */ @Test public void testGetSignatureBaseString() throws Exception { HttpServletRequest request = createMock(HttpServletRequest.class); Map<String, Set<CharSequence>> oauthParams = new HashMap<String, Set<CharSequence>>(); oauthParams.put("oauth_consumer_key", Collections.singleton((CharSequence) "dpf43f3p2l4k3l03")); oauthParams.put("oauth_token", Collections.singleton((CharSequence) "nnch734d00sl2jdk")); oauthParams.put("oauth_signature_method", Collections.singleton((CharSequence) "HMAC-SHA1")); oauthParams.put("oauth_timestamp", Collections.singleton((CharSequence) "1191242096")); oauthParams.put("oauth_nonce", Collections.singleton((CharSequence) "kllo9940pd9333jh")); oauthParams.put("oauth_version", Collections.singleton((CharSequence) "1.0")); oauthParams.put("file", Collections.singleton((CharSequence) "vacation.jpg")); oauthParams.put("size", Collections.singleton((CharSequence) "original")); CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport(); replay(request); String baseString = support.getSignatureBaseString( oauthParams, new URL("http://photos.example.net/photos"), "geT"); verify(request); assertEquals( "GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal", baseString); reset(request); }
/** getTokenFromProvider */ @Test public void testGetTokenFromProvider() throws Exception { final ByteArrayInputStream in = new ByteArrayInputStream( "oauth_token=mytoken&oauth_token_secret=mytokensecret".getBytes("UTF-8")); CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() { @Override protected InputStream readResource( ProtectedResourceDetails details, URL url, String httpMethod, OAuthConsumerToken token, Map<String, String> additionalParameters, Map<String, String> additionalRequestHeaders) { return in; } }; ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class); URL url = new URL("https://myhost.com/somepath?with=some&query=params&too"); expect(details.getId()).andReturn("resourceId"); replay(details); OAuthConsumerToken token = support.getTokenFromProvider(details, url, "POST", null, null); verify(details); reset(details); assertFalse(token.isAccessToken()); assertEquals("mytoken", token.getValue()); assertEquals("mytokensecret", token.getSecret()); assertEquals("resourceId", token.getResourceId()); }
/** loadOAuthParameters */ @Test public void testLoadOAuthParameters() throws Exception { ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class); URL url = new URL("https://myhost.com/somepath?with=some&query=params&too"); CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() { @Override protected String getSignatureBaseString( Map<String, Set<CharSequence>> oauthParams, URL requestURL, String httpMethod) { return "MYSIGBASESTRING"; } }; OAuthSignatureMethodFactory sigFactory = createMock(OAuthSignatureMethodFactory.class); support.setSignatureFactory(sigFactory); OAuthConsumerToken token = new OAuthConsumerToken(); OAuthSignatureMethod sigMethod = createMock(OAuthSignatureMethod.class); expect(details.getConsumerKey()).andReturn("my-consumer-key"); expect(details.getSignatureMethod()).andReturn(HMAC_SHA1SignatureMethod.SIGNATURE_NAME); expect(details.getSignatureMethod()).andReturn(HMAC_SHA1SignatureMethod.SIGNATURE_NAME); SharedConsumerSecret secret = new SharedConsumerSecret("shh!!!"); expect(details.getSharedSecret()).andReturn(secret); expect(sigFactory.getSignatureMethod(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, secret, null)) .andReturn(sigMethod); expect(sigMethod.sign("MYSIGBASESTRING")).andReturn("MYSIGNATURE"); replay(details, sigFactory, sigMethod); Map<String, Set<CharSequence>> params = support.loadOAuthParameters(details, url, token, "POST", null); verify(details, sigFactory, sigMethod); reset(details, sigFactory, sigMethod); assertEquals("some", params.remove("with").iterator().next().toString()); assertEquals("params", params.remove("query").iterator().next().toString()); assertTrue(params.containsKey("too")); assertTrue(params.remove("too").isEmpty()); assertNull(params.remove(OAuthConsumerParameter.oauth_token.toString())); assertNotNull(params.remove(OAuthConsumerParameter.oauth_nonce.toString()).iterator().next()); assertEquals( "my-consumer-key", params.remove(OAuthConsumerParameter.oauth_consumer_key.toString()).iterator().next()); assertEquals( "MYSIGNATURE", params.remove(OAuthConsumerParameter.oauth_signature.toString()).iterator().next()); assertEquals( "1.0", params.remove(OAuthConsumerParameter.oauth_version.toString()).iterator().next()); assertEquals( HMAC_SHA1SignatureMethod.SIGNATURE_NAME, params.remove(OAuthConsumerParameter.oauth_signature_method.toString()).iterator().next()); assertTrue( Long.parseLong( params .remove(OAuthConsumerParameter.oauth_timestamp.toString()) .iterator() .next() .toString()) <= (System.currentTimeMillis() / 1000)); assertTrue(params.isEmpty()); }
/** test getAuthorizationHeader */ @Test public void testGetAuthorizationHeader() throws Exception { final TreeMap<String, Set<CharSequence>> params = new TreeMap<String, Set<CharSequence>>(); CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() { @Override protected Map<String, Set<CharSequence>> loadOAuthParameters( ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) { return params; } }; URL url = new URL("https://myhost.com/somepath?with=some&query=params&too"); OAuthConsumerToken token = new OAuthConsumerToken(); ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class); expect(details.isAcceptsAuthorizationHeader()).andReturn(false); replay(details); assertNull(support.getAuthorizationHeader(details, token, url, "POST", null)); verify(details); reset(details); params.put("with", Collections.singleton((CharSequence) "some")); params.put("query", Collections.singleton((CharSequence) "params")); params.put("too", null); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); expect(details.getAuthorizationHeaderRealm()).andReturn("myrealm"); replay(details); assertEquals( "OAuth realm=\"myrealm\", query=\"params\", with=\"some\"", support.getAuthorizationHeader(details, token, url, "POST", null)); verify(details); reset(details); params.put( OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) "mykey")); params.put( OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) "mynonce")); params.put( OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) "myts")); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); expect(details.getAuthorizationHeaderRealm()).andReturn("myrealm"); replay(details); assertEquals( "OAuth realm=\"myrealm\", oauth_consumer_key=\"mykey\", oauth_nonce=\"mynonce\", oauth_timestamp=\"myts\", query=\"params\", with=\"some\"", support.getAuthorizationHeader(details, token, url, "POST", null)); verify(details); reset(details); }
/** configureURLForProtectedAccess */ @Test public void testConfigureURLForProtectedAccess() throws Exception { CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() { // Inherited. @Override public String getOAuthQueryString( ProtectedResourceDetails details, OAuthConsumerToken accessToken, URL url, String httpMethod, Map<String, String> additionalParameters) { return "myquerystring"; } }; support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory()); ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class); OAuthConsumerToken token = new OAuthConsumerToken(); URL url = new URL("https://myhost.com/somepath?with=some&query=params&too"); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); replay(details); assertEquals( "https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "GET", null).toString()); verify(details); reset(details); expect(details.isAcceptsAuthorizationHeader()).andReturn(false); replay(details); assertEquals( "https://myhost.com/somepath?myquerystring", support.configureURLForProtectedAccess(url, token, details, "GET", null).toString()); verify(details); reset(details); replay(details); assertEquals( "https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "POST", null).toString()); verify(details); reset(details); replay(details); assertEquals( "https://myhost.com/somepath?with=some&query=params&too", support.configureURLForProtectedAccess(url, token, details, "PUT", null).toString()); verify(details); reset(details); }
/** readResouce */ @Test public void testReadResouce() throws Exception { ProtectedResourceDetails details = createMock(ProtectedResourceDetails.class); OAuthConsumerToken token = new OAuthConsumerToken(); URL url = new URL("http://myhost.com/resource?with=some&query=params&too"); final ConnectionProps connectionProps = new ConnectionProps(); final ByteArrayInputStream inputStream = new ByteArrayInputStream(new byte[0]); final HttpURLConnectionForTestingPurposes connectionMock = new HttpURLConnectionForTestingPurposes(url) { @Override public void setRequestMethod(String method) throws ProtocolException { connectionProps.method = method; } @Override public void setDoOutput(boolean dooutput) { connectionProps.doOutput = dooutput; } @Override public void connect() throws IOException { connectionProps.connected = true; } @Override public OutputStream getOutputStream() throws IOException { ByteArrayOutputStream out = new ByteArrayOutputStream(); connectionProps.outputStream = out; return out; } @Override public int getResponseCode() throws IOException { return connectionProps.responseCode; } @Override public String getResponseMessage() throws IOException { return connectionProps.responseMessage; } @Override public InputStream getInputStream() throws IOException { return inputStream; } @Override public String getHeaderField(String name) { return connectionProps.headerFields.get(name); } }; CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() { @Override public URL configureURLForProtectedAccess( URL url, OAuthConsumerToken accessToken, ProtectedResourceDetails details, String httpMethod, Map<String, String> additionalParameters) throws OAuthRequestFailedException { try { return new URL( url.getProtocol(), url.getHost(), url.getPort(), url.getFile(), new SteamHandlerForTestingPurposes(connectionMock)); } catch (MalformedURLException e) { throw new RuntimeException(e); } } @Override public String getOAuthQueryString( ProtectedResourceDetails details, OAuthConsumerToken accessToken, URL url, String httpMethod, Map<String, String> additionalParameters) { return "POSTBODY"; } }; support.setStreamHandlerFactory(new DefaultOAuthURLStreamHandlerFactory()); expect(details.getAuthorizationHeaderRealm()).andReturn("realm1"); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); expect(details.getAdditionalRequestHeaders()).andReturn(null); replay(details); try { support.readResource(details, url, "POST", token, null, null); fail("shouldn't have been a valid response code."); } catch (OAuthRequestFailedException e) { // fall through... } verify(details); reset(details); assertFalse(connectionProps.doOutput); assertEquals("POST", connectionProps.method); assertTrue(connectionProps.connected); connectionProps.reset(); expect(details.getAuthorizationHeaderRealm()).andReturn(null); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); expect(details.getAdditionalRequestHeaders()).andReturn(null); connectionProps.responseCode = 400; connectionProps.responseMessage = "Nasty"; replay(details); try { support.readResource(details, url, "POST", token, null, null); fail("shouldn't have been a valid response code."); } catch (OAuthRequestFailedException e) { // fall through... } verify(details); reset(details); assertFalse(connectionProps.doOutput); assertEquals("POST", connectionProps.method); assertTrue(connectionProps.connected); connectionProps.reset(); expect(details.getAuthorizationHeaderRealm()).andReturn(null); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); expect(details.getAdditionalRequestHeaders()).andReturn(null); connectionProps.responseCode = 401; connectionProps.responseMessage = "Bad Realm"; connectionProps.headerFields.put("WWW-Authenticate", "realm=\"goodrealm\""); replay(details); try { support.readResource(details, url, "POST", token, null, null); fail("shouldn't have been a valid response code."); } catch (InvalidOAuthRealmException e) { // fall through... } verify(details); reset(details); assertFalse(connectionProps.doOutput); assertEquals("POST", connectionProps.method); assertTrue(connectionProps.connected); connectionProps.reset(); expect(details.getAuthorizationHeaderRealm()).andReturn(null); expect(details.isAcceptsAuthorizationHeader()).andReturn(true); expect(details.getAdditionalRequestHeaders()).andReturn(null); connectionProps.responseCode = 200; connectionProps.responseMessage = "Congrats"; replay(details); assertSame(inputStream, support.readResource(details, url, "GET", token, null, null)); verify(details); reset(details); assertFalse(connectionProps.doOutput); assertEquals("GET", connectionProps.method); assertTrue(connectionProps.connected); connectionProps.reset(); expect(details.getAuthorizationHeaderRealm()).andReturn(null); expect(details.isAcceptsAuthorizationHeader()).andReturn(false); expect(details.getAdditionalRequestHeaders()).andReturn(null); connectionProps.responseCode = 200; connectionProps.responseMessage = "Congrats"; replay(details); assertSame(inputStream, support.readResource(details, url, "POST", token, null, null)); assertEquals( "POSTBODY", new String(((ByteArrayOutputStream) connectionProps.outputStream).toByteArray())); verify(details); reset(details); assertTrue(connectionProps.doOutput); assertEquals("POST", connectionProps.method); assertTrue(connectionProps.connected); connectionProps.reset(); }