Examples with CookieEncryption - ninja.utils.CookieEncryption

Example 1 with CookieEncryption

use of ninja.utils.CookieEncryption in project ninja by ninjaframework.

the class SessionImplTest method setUp.

@Before
public void setUp() {
    MockitoAnnotations.initMocks(this);
    when(ninjaProperties.getInteger(NinjaConstant.sessionExpireTimeInSeconds)).thenReturn(10000);
    when(ninjaProperties.getBooleanWithDefault(NinjaConstant.sessionSendOnlyIfChanged, true)).thenReturn(true);
    when(ninjaProperties.getBooleanWithDefault(NinjaConstant.sessionTransferredOverHttpsOnly, true)).thenReturn(true);
    when(ninjaProperties.getBooleanWithDefault(NinjaConstant.sessionHttpOnly, true)).thenReturn(true);
    when(ninjaProperties.getOrDie(NinjaConstant.applicationSecret)).thenReturn(SecretGenerator.generateSecret());
    when(ninjaProperties.getOrDie(NinjaConstant.applicationCookiePrefix)).thenReturn("NINJA");
    when(clock.currentTimeMillis()).thenReturn(System.currentTimeMillis());
    when(ninjaProperties.getBooleanWithDefault(NinjaConstant.applicationCookieEncrypted, false)).thenReturn(encrypted);
    encryption = new CookieEncryption(ninjaProperties);
    crypto = new Crypto(ninjaProperties);
}

Also used : Crypto(ninja.utils.Crypto) CookieEncryption(ninja.utils.CookieEncryption) Before(org.junit.Before)

Example 2 with CookieEncryption

use of ninja.utils.CookieEncryption in project ninja by ninjaframework.

the class SessionImplTest method testSessionEncryptionKeysMismatch.

@Test
public void testSessionEncryptionKeysMismatch() {
    if (!encrypted) {
        assertTrue("N/A for plain session cookies without encryption", true);
        return;
    }
    // (1) create session with some data and save
    Session session_1 = createNewSession();
    session_1.init(context);
    session_1.put("key", "value");
    session_1.save(context);
    // (2) verify that cookie with our data is created and added to context
    verify(context).addCookie(cookieCaptor.capture());
    assertEquals("value", session_1.get("key"));
    // save reference to our cookie - we will use it to init sessions below
    Cookie cookie = cookieCaptor.getValue();
    // (3) create new session with the same cookie and assert that it still has our data
    Session session_2 = createNewSession();
    when(context.getCookie("NINJA_SESSION")).thenReturn(cookie);
    session_2.init(context);
    assertFalse(session_2.isEmpty());
    assertEquals("value", session_2.get("key"));
    // (4) now we change our application secret and thus our encryption key is modified
    when(ninjaProperties.getOrDie(NinjaConstant.applicationSecret)).thenReturn(SecretGenerator.generateSecret());
    encryption = new CookieEncryption(ninjaProperties);
    // (5) creating new session with the same cookie above would result in clean session
    // because that cookie was encrypted with another key and decryption with the new key
    // is not possible; usually such a case throws `javax.crypto.BadPaddingException`
    Session session_3 = createNewSession();
    session_3.init(context);
    assertTrue(session_3.isEmpty());
}

Also used : Cookie(ninja.Cookie) CookieEncryption(ninja.utils.CookieEncryption) Test(org.junit.Test)

Aggregations

CookieEncryption (ninja.utils.CookieEncryption)2 Cookie (ninja.Cookie)1 Crypto (ninja.utils.Crypto)1 Before (org.junit.Before)1 Test (org.junit.Test)1