Example #1
0
 @Test
 public void testValidRequest() throws Exception {
   final HawkClient testClient =
       new HawkClient.Builder().credentials(this.testcredentials1).build();
   final String authorizationHeader =
       testClient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
   final HttpURLConnection connection = connect(this.validuri1, authorizationHeader);
   assertEquals(connection.getResponseCode(), 200);
 }
Example #2
0
 @Test
 public void testIncorrectMethod() throws Exception {
   // Mismatch of HTTP method
   final HawkClient testClient =
       new HawkClient.Builder().credentials(this.testcredentials1).build();
   final String authorizationHeader =
       testClient.generateAuthorizationHeader(this.validuri1, "post", null, null, null, null);
   final HttpURLConnection connection = connect(this.validuri1, authorizationHeader);
   assertEquals(connection.getResponseCode(), 401);
 }
Example #3
0
 @Test
 public void testDuplicateNonce() throws Exception {
   // Attempt repeat requests
   final HawkClient testClient =
       new HawkClient.Builder().credentials(this.testCredentials1).build();
   final String authorizationHeader =
       testClient.generateAuthorizationHeader(this.validUri1, "get", null, null, null, null);
   final HttpURLConnection connection = connect(this.validUri1, authorizationHeader);
   assertEquals(connection.getResponseCode(), 200);
   final HttpURLConnection connection2 = connect(this.validUri1, authorizationHeader);
   assertEquals(connection2.getResponseCode(), 401);
 }
Example #4
0
  @Test
  public void testAuthorizationHeader() throws Exception {
    // Test correct implementation
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      final String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }
Example #5
0
  @Test
  public void testInvalidAuthorizationHeader8() throws Exception {
    // Ensure that invalid timestamps are caught
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      authorizationHeader = authorizationHeader.replace("ts=\"", "ts=\"x");
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Example #6
0
  @Test
  public void testInvalidAuthorizationHeader2() throws Exception {
    // Ensure that an authorization header without a nonce is caught
    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      authorizationHeader = authorizationHeader.replace("nonce=", "invalid=");
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Example #7
0
  @Test
  public void testInvalidAuthorizationHeader7() throws Exception {
    // Ensure that bad body hashes are caught
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    final String body = "Body of request";
    final String hash = Hawk.calculateMac(this.testcredentials1, "Some other text");
    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Example #8
0
  @Test
  public void testAuthorizationHeader2() throws Exception {
    // Test correct implementation with body
    final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);

    final String body = "Body of request";
    final String hash = Hawk.calculateMac(this.testcredentials1, body);
    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }
Example #9
0
  @Test
  public void testSkewConfiguration() throws Exception {
    // Ensure that timeout is working
    HawkServerConfiguration configuration =
        new HawkServerConfiguration.Builder().timestampSkew(1L).build();

    SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, configuration);

    final String authorizationHeader =
        testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
    Thread.sleep(2000L);
    try {
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 401);
    } finally {
      server.stop();
    }
  }
Example #10
0
  @Test
  public void testInvalidAuthorizationHeader11() throws Exception {
    // Ensure that if payload hash is required that this is enforced, but not if there is no body
    final SimpleHttpServer server =
        new SimpleHttpServer(
            this.testcredentials1,
            new HawkServerConfiguration.Builder()
                .payloadValidation(PayloadValidation.MANDATORY)
                .build());

    try {
      String authorizationHeader =
          testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
      final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
      assertEquals(connection.getResponseCode(), 200);
    } finally {
      server.stop();
    }
  }