Example 31 with TestHttpClient
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class DigestAuthentication2069TestCase method testNonceReUse.
/**
* Test that in RFC2069 mode nonce re-use is rejected.
*/
@Test
public void testNonceReUse() throws Exception {
TestHttpClient client = new TestHttpClient();
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
assertEquals(1, values.length);
String value = values[0].getValue();
assertTrue(value.startsWith(DIGEST.toString()));
Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
String response = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", nonce);
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
StringBuilder sb = new StringBuilder(DIGEST.toString());
sb.append(" ");
sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\"");
get.addHeader(AUTHORIZATION.toString(), sb.toString());
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
assertSingleNotificationType(EventType.AUTHENTICATED);
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
get.addHeader(AUTHORIZATION.toString(), sb.toString());
result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
values = result.getHeaders(WWW_AUTHENTICATE.toString());
assertEquals(1, values.length);
value = values[0].getValue();
assertTrue(value.startsWith(DIGEST.toString()));
parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
assertEquals("true", parsedHeader.get(DigestWWWAuthenticateToken.STALE));
nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
response = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", nonce);
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
sb = new StringBuilder(DIGEST.toString());
sb.append(" ");
sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\"");
get.addHeader(AUTHORIZATION.toString(), sb.toString());
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
// The additional round trip for the bad nonce should not trigger a security notification.
assertSingleNotificationType(EventType.AUTHENTICATED);
}
Also used :
Header(org.apache.http.Header)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken)
TestHttpClient(io.undertow.testutils.TestHttpClient)
Test(org.junit.Test)
Example 32 with TestHttpClient
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class DigestAuthentication2069TestCase method testBadPassword.
/**
* Test that a request is correctly rejected if a bad password is used to generate the response value.
*/
@Test
public void testBadPassword() throws Exception {
TestHttpClient client = new TestHttpClient();
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
assertEquals(1, values.length);
String value = values[0].getValue();
assertTrue(value.startsWith(DIGEST.toString()));
Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
String response = createResponse("userOne", REALM_NAME, "badPassword", "GET", "/", nonce);
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
StringBuilder sb = new StringBuilder(DIGEST.toString());
sb.append(" ");
sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\"");
get.addHeader(AUTHORIZATION.toString(), sb.toString());
result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
assertSingleNotificationType(EventType.FAILED_AUTHENTICATION);
}
Also used :
Header(org.apache.http.Header)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken)
TestHttpClient(io.undertow.testutils.TestHttpClient)
Test(org.junit.Test)
Example 33 with TestHttpClient
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class DigestAuthentication2069TestCase method testDigestSuccess.
/**
* Test for a successful authentication.
*/
@Test
public void testDigestSuccess() throws Exception {
TestHttpClient client = new TestHttpClient();
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
assertEquals(1, values.length);
String value = values[0].getValue();
assertTrue(value.startsWith(DIGEST.toString()));
Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
assertFalse(parsedHeader.containsKey(DigestWWWAuthenticateToken.MESSAGE_QOP));
String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
String response = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", nonce);
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
StringBuilder sb = new StringBuilder(DIGEST.toString());
sb.append(" ");
sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\"");
get.addHeader(AUTHORIZATION.toString(), sb.toString());
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
values = result.getHeaders("Authentication-Info");
assertEquals(1, values.length);
Map<AuthenticationInfoToken, String> parsedAuthInfo = AuthenticationInfoToken.parseHeader(values[0].getValue());
nonce = parsedAuthInfo.get(AuthenticationInfoToken.NEXT_NONCE);
response = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", nonce);
assertSingleNotificationType(EventType.AUTHENTICATED);
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
sb = new StringBuilder(DIGEST.toString());
sb.append(" ");
sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\"");
get.addHeader(AUTHORIZATION.toString(), sb.toString());
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
assertSingleNotificationType(EventType.AUTHENTICATED);
}
Also used :
Header(org.apache.http.Header)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken)
AuthenticationInfoToken(io.undertow.security.impl.AuthenticationInfoToken)
TestHttpClient(io.undertow.testutils.TestHttpClient)
Test(org.junit.Test)
Example 34 with TestHttpClient
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class DigestAuthenticationAuthTestCase method _testDigestSuccess.
static void _testDigestSuccess() throws Exception {
TestHttpClient client = new TestHttpClient();
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
HttpResponse result = client.execute(get);
assertEquals(StatusCodes.UNAUTHORIZED, result.getStatusLine().getStatusCode());
Header[] values = result.getHeaders(WWW_AUTHENTICATE.toString());
String value = getAuthHeader(DIGEST, values);
Map<DigestWWWAuthenticateToken, String> parsedHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
assertEquals(REALM_NAME, parsedHeader.get(DigestWWWAuthenticateToken.REALM));
assertEquals(DigestAlgorithm.MD5.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
assertEquals(DigestQop.AUTH.getToken(), parsedHeader.get(DigestWWWAuthenticateToken.MESSAGE_QOP));
String clientNonce = createNonce();
int nonceCount = 1;
String nonce = parsedHeader.get(DigestWWWAuthenticateToken.NONCE);
String opaque = parsedHeader.get(DigestWWWAuthenticateToken.OPAQUE);
assertNotNull(opaque);
// Send 5 requests with an incrementing nonce count on each call.
for (int i = 0; i < 5; i++) {
client = new TestHttpClient();
get = new HttpGet(DefaultServer.getDefaultServerURL());
int thisNonceCount = nonceCount++;
String authorization = createAuthorizationLine("userOne", "passwordOne", "GET", "/", nonce, thisNonceCount, clientNonce, opaque);
get.addHeader(AUTHORIZATION.toString(), authorization);
result = client.execute(get);
assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
values = result.getHeaders("ProcessedBy");
assertEquals(1, values.length);
assertEquals("ResponseHandler", values[0].getValue());
assertSingleNotificationType(EventType.AUTHENTICATED);
values = result.getHeaders("Authentication-Info");
assertEquals(1, values.length);
Map<AuthenticationInfoToken, String> parsedAuthInfo = AuthenticationInfoToken.parseHeader(values[0].getValue());
assertEquals("Didn't expect a new nonce.", nonce, parsedAuthInfo.get(AuthenticationInfoToken.NEXT_NONCE));
assertEquals(DigestQop.AUTH.getToken(), parsedAuthInfo.get(AuthenticationInfoToken.MESSAGE_QOP));
String nonceCountString = toHex(thisNonceCount);
assertEquals(createRspAuth("userOne", REALM_NAME, "passwordOne", "/", nonce, nonceCountString, clientNonce), parsedAuthInfo.get(AuthenticationInfoToken.RESPONSE_AUTH));
assertEquals(clientNonce, parsedAuthInfo.get(AuthenticationInfoToken.CNONCE));
assertEquals(nonceCountString, parsedAuthInfo.get(AuthenticationInfoToken.NONCE_COUNT));
}
}
Also used :
Header(org.apache.http.Header)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
DigestWWWAuthenticateToken(io.undertow.security.impl.DigestWWWAuthenticateToken)
AuthenticationInfoToken(io.undertow.security.impl.AuthenticationInfoToken)
TestHttpClient(io.undertow.testutils.TestHttpClient)
Example 35 with TestHttpClient
use of io.undertow.testutils.TestHttpClient in project undertow by undertow-io.
the class URLRewritingSessionTestCase method testURLRewritingWithQueryParameters.
@Test
public void testURLRewritingWithQueryParameters() throws IOException {
TestHttpClient client = new TestHttpClient();
client.setCookieStore(new BasicCookieStore());
try {
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/notamatchingpath?a=b;c");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
String url = HttpClientUtils.readResponse(result);
Header[] header = result.getHeaders(COUNT);
Assert.assertEquals("0", header[0].getValue());
Assert.assertEquals("b;c", result.getHeaders("a")[0].getValue());
get = new HttpGet(url);
result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
url = HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("1", header[0].getValue());
Assert.assertEquals("b;c", result.getHeaders("a")[0].getValue());
get = new HttpGet(url);
result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
url = HttpClientUtils.readResponse(result);
header = result.getHeaders(COUNT);
Assert.assertEquals("2", header[0].getValue());
Assert.assertEquals("b;c", result.getHeaders("a")[0].getValue());
} finally {
client.getConnectionManager().shutdown();
}
}
Also used :
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
Header(org.apache.http.Header)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
HttpString(io.undertow.util.HttpString)
TestHttpClient(io.undertow.testutils.TestHttpClient)
Test(org.junit.Test)
Aggregations
TestHttpClient (io.undertow.testutils.TestHttpClient)302
HttpResponse (org.apache.http.HttpResponse)290
Test (org.junit.Test)269
HttpGet (org.apache.http.client.methods.HttpGet)239
Header (org.apache.http.Header)66
HttpPost (org.apache.http.client.methods.HttpPost)54
IOException (java.io.IOException)38
StringEntity (org.apache.http.entity.StringEntity)30
Path (java.nio.file.Path)29
PathHandler (io.undertow.server.handlers.PathHandler)28
HttpHandler (io.undertow.server.HttpHandler)20
CanonicalPathHandler (io.undertow.server.handlers.CanonicalPathHandler)20
PathResourceManager (io.undertow.server.handlers.resource.PathResourceManager)20
ResourceHandler (io.undertow.server.handlers.resource.ResourceHandler)20
ArrayList (java.util.ArrayList)20
HttpServerExchange (io.undertow.server.HttpServerExchange)19
BasicNameValuePair (org.apache.http.message.BasicNameValuePair)16
UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)14
NameValuePair (org.apache.http.NameValuePair)13
DigestWWWAuthenticateToken (io.undertow.security.impl.DigestWWWAuthenticateToken)11
