@Test
public void testValidRequest() throws Exception {
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testcredentials1).build();
final String authorizationHeader =
testClient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader);
assertEquals(connection.getResponseCode(), 200);
}
@Test
public void testIncorrectMethod() throws Exception {
// Mismatch of HTTP method
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testcredentials1).build();
final String authorizationHeader =
testClient.generateAuthorizationHeader(this.validuri1, "post", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader);
assertEquals(connection.getResponseCode(), 401);
}
@Test
public void testDuplicateNonce() throws Exception {
// Attempt repeat requests
final HawkClient testClient =
new HawkClient.Builder().credentials(this.testCredentials1).build();
final String authorizationHeader =
testClient.generateAuthorizationHeader(this.validUri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validUri1, authorizationHeader);
assertEquals(connection.getResponseCode(), 200);
final HttpURLConnection connection2 = connect(this.validUri1, authorizationHeader);
assertEquals(connection2.getResponseCode(), 401);
}
@Test
public void testAuthorizationHeader() throws Exception {
// Test correct implementation
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
final String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader8() throws Exception {
// Ensure that invalid timestamps are caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
authorizationHeader = authorizationHeader.replace("ts=\"", "ts=\"x");
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader2() throws Exception {
// Ensure that an authorization header without a nonce is caught
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
authorizationHeader = authorizationHeader.replace("nonce=", "invalid=");
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader7() throws Exception {
// Ensure that bad body hashes are caught
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
final String body = "Body of request";
final String hash = Hawk.calculateMac(this.testcredentials1, "Some other text");
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testAuthorizationHeader2() throws Exception {
// Test correct implementation with body
final SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, null);
final String body = "Body of request";
final String hash = Hawk.calculateMac(this.testcredentials1, body);
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "post", hash, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, body);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
@Test
public void testSkewConfiguration() throws Exception {
// Ensure that timeout is working
HawkServerConfiguration configuration =
new HawkServerConfiguration.Builder().timestampSkew(1L).build();
SimpleHttpServer server = new SimpleHttpServer(this.testcredentials1, configuration);
final String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
Thread.sleep(2000L);
try {
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 401);
} finally {
server.stop();
}
}
@Test
public void testInvalidAuthorizationHeader11() throws Exception {
// Ensure that if payload hash is required that this is enforced, but not if there is no body
final SimpleHttpServer server =
new SimpleHttpServer(
this.testcredentials1,
new HawkServerConfiguration.Builder()
.payloadValidation(PayloadValidation.MANDATORY)
.build());
try {
String authorizationHeader =
testclient.generateAuthorizationHeader(this.validuri1, "get", null, null, null, null);
final HttpURLConnection connection = connect(this.validuri1, authorizationHeader, null);
assertEquals(connection.getResponseCode(), 200);
} finally {
server.stop();
}
}
