Search in sources :

Example 16 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class HttpContinueAcceptingHandlerTestCase method testHttpContinueRejected.

@Test
public void testHttpContinueRejected() throws IOException {
    accept = false;
    String message = "My HTTP Request!";
    HttpParams httpParams = new BasicHttpParams();
    httpParams.setParameter("http.protocol.wait-for-continue", Integer.MAX_VALUE);
    TestHttpClient client = new TestHttpClient();
    client.setParams(httpParams);
    try {
        HttpPost post = new HttpPost(DefaultServer.getDefaultServerURL() + "/path");
        post.addHeader("Expect", "100-continue");
        post.setEntity(new StringEntity(message));
        HttpResponse result = client.execute(post);
        Assert.assertEquals(StatusCodes.EXPECTATION_FAILED, result.getStatusLine().getStatusCode());
    } finally {
        client.getConnectionManager().shutdown();
    }
}
Also used : HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) BasicHttpParams(org.apache.http.params.BasicHttpParams) HttpParams(org.apache.http.params.HttpParams) HttpResponse(org.apache.http.HttpResponse) BasicHttpParams(org.apache.http.params.BasicHttpParams) TestHttpClient(io.undertow.testutils.TestHttpClient) Test(org.junit.Test)

Example 17 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class DigestAuthenticationAuthTestCase method _testNonceCountReUse.

static void _testNonceCountReUse() throws Exception {
    TestHttpClient client = new TestHttpClient();
    HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
    HttpResponse result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
    String value = getAuthHeader(DIGEST, values);
    Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
    assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
    assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
    assertEquals(DigestQop.AUTH.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.MESSAGE_QOP));
    String clientNonce = createNonce();
    int nonceCount = 1;
    String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
    String opaque = parsedHeader.get(DigestWWWAuthenticateToken.OPAQUE);
    assertNotNull(opaque);
    // Send 5 requests with an incrementing nonce count on each call.
    for (int i = 0; i < 2; i++) {
        client = new TestHttpClient();
        get = new HttpGet(DefaultServer.getDefaultServerURL());
        // Note - No increment
        int thisNonceCount = nonceCount;
        String authorization = createAuthorizationLine("userOne", "passwordOne", "GET", "/", nonce, thisNonceCount, clientNonce, opaque);
        get.addHeader(AUTHORIZATION.toString(), authorization);
        result = client.execute(get);
        if (i == 0) {
            assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
            assertSingleNotificationType(EventType.AUTHENTICATED);
            values = result.getHeaders("ProcessedBy");
            assertEquals(1, values.length);
            assertEquals("ResponseHandler", values[0].getValue());
            values = result.getHeaders("Authentication-Info");
            assertEquals(1, values.length);
            Map<AuthenticationInfoToken, String> parsedAuthInfo = AuthenticationInfoToken.parseHeader(values[0].getValue());
            assertEquals("Didn't expect a new nonce.", nonce, parsedAuthInfo.get(AuthenticationInfoToken.NEXT_NONCE));
            assertEquals(DigestQop.AUTH.getToken(), parsedAuthInfo.get(AuthenticationInfoToken.MESSAGE_QOP));
            String nonceCountString = toHex(thisNonceCount);
            assertEquals(createRspAuth("userOne", REALM_NAME, "passwordOne", "/", nonce, nonceCountString, clientNonce), parsedAuthInfo.get(AuthenticationInfoToken.RESPONSE_AUTH));
            assertEquals(clientNonce, parsedAuthInfo.get(AuthenticationInfoToken.CNONCE));
            assertEquals(nonceCountString, parsedAuthInfo.get(AuthenticationInfoToken.NONCE_COUNT));
        } else {
            assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
        }
    }
}
Also used : Header(org.apache.http.Header) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken) AuthenticationInfoToken(io.undertow.security.impl.AuthenticationInfoToken) TestHttpClient(io.undertow.testutils.TestHttpClient)

Example 18 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class DigestAuthenticationAuthTestCase method _testBadUsername.

static void _testBadUsername() throws Exception {
    TestHttpClient client = new TestHttpClient();
    HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
    HttpResponse result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
    String value = getAuthHeader(DIGEST, values);
    Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
    assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
    assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
    assertEquals(DigestQop.AUTH.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.MESSAGE_QOP));
    String clientNonce = createNonce();
    int nonceCount = 1;
    String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
    String opaque = parsedHeader.get(DigestWWWAuthenticateToken.OPAQUE);
    assertNotNull(opaque);
    client = new TestHttpClient();
    get = new HttpGet(DefaultServer.getDefaultServerURL());
    int thisNonceCount = nonceCount++;
    String authorization = createAuthorizationLine("noUser", "passwordOne", "GET", "/", nonce, thisNonceCount, clientNonce, opaque);
    get.addHeader(AUTHORIZATION.toString(), authorization);
    result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    assertSingleNotificationType(EventType.FAILED_AUTHENTICATION);
}
Also used : Header(org.apache.http.Header) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken) TestHttpClient(io.undertow.testutils.TestHttpClient)

Example 19 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class DigestAuthenticationAuthTestCase method _testBadPassword.

static void _testBadPassword() throws Exception {
    TestHttpClient client = new TestHttpClient();
    HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
    HttpResponse result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
    String value = getAuthHeader(DIGEST, values);
    Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
    assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
    assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
    assertEquals(DigestQop.AUTH.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.MESSAGE_QOP));
    String clientNonce = createNonce();
    int nonceCount = 1;
    String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
    String opaque = parsedHeader.get(DigestWWWAuthenticateToken.OPAQUE);
    assertNotNull(opaque);
    client = new TestHttpClient();
    get = new HttpGet(DefaultServer.getDefaultServerURL());
    int thisNonceCount = nonceCount++;
    String authorization = createAuthorizationLine("userOne", "badPassword", "GET", "/", nonce, thisNonceCount, clientNonce, opaque);
    get.addHeader(AUTHORIZATION.toString(), authorization);
    result = client.execute(get);
    assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
    assertSingleNotificationType(EventType.FAILED_AUTHENTICATION);
}
Also used : Header(org.apache.http.Header) HttpGet(org.apache.http.client.methods.HttpGet) HttpResponse(org.apache.http.HttpResponse) DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken) TestHttpClient(io.undertow.testutils.TestHttpClient)

Example 20 with TestHttpClient

use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.

the class SimpleConfidentialRedirectTestCase method simpleRedirectTestCase.

@Test
public void simpleRedirectTestCase() throws IOException, GeneralSecurityException {
    TestHttpClient client = new TestHttpClient();
    client.setSSLContext(DefaultServer.getClientSSLContext());
    try {
        sendRequest(client, "/foo");
        sendRequest(client, "/foo+bar");
        sendRequest(client, "/foo+bar;aa");
    } finally {
        client.getConnectionManager().shutdown();
    }
}
Also used : TestHttpClient(io.undertow.testutils.TestHttpClient) Test(org.junit.Test)

Aggregations

TestHttpClient (io.undertow.testutils.TestHttpClient)302 HttpResponse (org.apache.http.HttpResponse)290 Test (org.junit.Test)269 HttpGet (org.apache.http.client.methods.HttpGet)239 Header (org.apache.http.Header)66 HttpPost (org.apache.http.client.methods.HttpPost)54 IOException (java.io.IOException)38 StringEntity (org.apache.http.entity.StringEntity)30 Path (java.nio.file.Path)29 PathHandler (io.undertow.server.handlers.PathHandler)28 HttpHandler (io.undertow.server.HttpHandler)20 CanonicalPathHandler (io.undertow.server.handlers.CanonicalPathHandler)20 PathResourceManager (io.undertow.server.handlers.resource.PathResourceManager)20 ResourceHandler (io.undertow.server.handlers.resource.ResourceHandler)20 ArrayList (java.util.ArrayList)20 HttpServerExchange (io.undertow.server.HttpServerExchange)19 BasicNameValuePair (org.apache.http.message.BasicNameValuePair)16 UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)14 NameValuePair (org.apache.http.NameValuePair)13 DigestWWWAuthenticateToken (io.undertow.security.impl.DigestWWWAuthenticateToken)11