@Test
public void testInvalidBewit4() throws Exception {
// Test an invalid bewit due to missing mac
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
// Calculate expiry from ttl and current time
Long expiry = System.currentTimeMillis() / 1000L + 120L;
// final String mac = Hawk.calculateMAC(this.testcredentials1, Hawk.AuthType.BEWIT, expiry,
// new URI(BASEBEWITURI), null, null, null, null);
final StringBuffer sb = new StringBuffer(256);
sb.append(this.testcredentials1.getKeyId());
sb.append('\\');
sb.append(String.valueOf(expiry));
sb.append('\\');
sb.append('\\');
final String bewit = BaseEncoding.base64().encode(sb.toString().getBytes());
try {
URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit);
final HttpURLConnection connection = connect(testUri, null, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testMissingAuthorizationHeader() throws Exception {
// Ensure that a missing authorization header is caught
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
final HttpURLConnection connection = connect(this.validuri1, null, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader9() throws Exception {
// Ensure that a blank Hawk authorization header is caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader = "Hawk";
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidBewit1() throws Exception {
// Test an invalid bewit due to mismatched URIs
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
final String bewit = Hawk.generateBewit(this.testcredentials1, this.validuri1, 120L, null);
URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit);
final HttpURLConnection connection = connect(testUri, null, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testAuthorizationHeader() throws Exception {
// Test correct implementation
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
final String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testBewit() throws Exception {
// Test a valid bewit
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
final String bewit =
Hawk.generateBewit(this.testcredentials1, new URI(BASEBEWITURI), 600L, null);
URI testUri = new URI(BASEBEWITURI + "?bewit=" + bewit);
final HttpURLConnection connection = connect(testUri, null, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader8() throws Exception {
// Ensure that invalid timestamps are caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
authorizationHeader = authorizationHeader.replace("ts=\"", "ts=\"x");
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader2() throws Exception {
// Ensure that an authorization header without a nonce is caught
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
authorizationHeader = authorizationHeader.replace("nonce=", "invalid=");
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader7() throws Exception {
// Ensure that bad body hashes are caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
final String body = "Body of request";
final String hash = Hawk.calculateMac(this.testcredentials1, "Some other text");
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testAuthorizationHeader2() throws Exception {
// Test correct implementation with body
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
final String body = "Body of request";
final String hash = Hawk.calculateMac(this.testcredentials1, body);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testSkewConfiguration() throws Exception {
// Ensure that timeout is working
HawkServerConfiguration configuration =
new HawkServerConfiguration.Builder().timestampSkew(1L).build();
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, configuration);
final String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
Thread.sleep(2000L);
try {
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader11() throws Exception {
// Ensure that if payload hash is required that this is enforced, but not if there is no body
final SimpleHttpServer server =
new SimpleHttpServer(
this.testcredentials1,
new HawkServerConfiguration.Builder()
.payloadValidation(PayloadValidation.MANDATORY)
.build());
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
