1 package com.atlassian.sal.core.net;
2
3 import com.atlassian.sal.core.net.auth.TrustedTokenAuthenticator;
4 import com.atlassian.sal.core.trusted.CertificateFactory;
5 import com.atlassian.security.auth.trustedapps.EncryptedCertificate;
6 import com.atlassian.security.auth.trustedapps.TrustedApplicationUtils;
7
8 import org.apache.commons.httpclient.HttpClient;
9 import org.apache.commons.httpclient.HttpMethod;
10 import org.apache.commons.httpclient.methods.GetMethod;
11 import org.junit.Before;
12 import org.junit.Test;
13 import org.junit.runner.RunWith;
14 import org.mockito.Mock;
15 import org.mockito.runners.MockitoJUnitRunner;
16
17 import static org.hamcrest.CoreMatchers.is;
18 import static org.junit.Assert.assertNull;
19 import static org.junit.Assert.assertThat;
20 import static org.mockito.Mockito.when;
21
22 @RunWith(MockitoJUnitRunner.class)
23 public class TestTrustedTokenAuthenticator
24 {
25 private HttpClient client;
26
27 private final String userName = "bob";
28 private final String url = "http://foo.bar/";
29 private final String id = "12345";
30 private final String secret = "WheelOfDeath";
31 private final String magic = "TonyLamezma";
32 private final String certificate = "gcse";
33 private final String signature = "x";
34 private final Integer version = 2;
35
36 private @Mock CertificateFactory certificateFactory;
37 private @Mock EncryptedCertificate encryptedCertificate;
38
39 @Before
40 public void createClient()
41 {
42 client = new HttpClient();
43
44 when(encryptedCertificate.getID()).thenReturn(id);
45 when(encryptedCertificate.getCertificate()).thenReturn(certificate);
46 when(encryptedCertificate.getMagicNumber()).thenReturn(null);
47 when(encryptedCertificate.getSecretKey()).thenReturn(null);
48 when(encryptedCertificate.getProtocolVersion()).thenReturn(version);
49 when(encryptedCertificate.getSignature()).thenReturn(signature);
50
51 when(certificateFactory.createCertificate(userName, url)).thenReturn(encryptedCertificate);
52 }
53
54 @Test
55 public void verifyThatNullUsernameErrors()
56 {
57
58 HttpMethod method = new GetMethod(this.url);
59 TrustedTokenAuthenticator auth = new TrustedTokenAuthenticator(null, url, certificateFactory);
60 auth.process(client, method);
61
62 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.ID));
63 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.CERTIFICATE));
64 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SECRET_KEY));
65 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.VERSION));
66 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.MAGIC));
67 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SIGNATURE));
68 }
69
70 @Test
71 public void verifyThatNullUrlErrors()
72 {
73
74 HttpMethod method = new GetMethod(this.url);
75 TrustedTokenAuthenticator auth = new TrustedTokenAuthenticator(userName, null, certificateFactory);
76 auth.process(client, method);
77
78 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.ID));
79 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.CERTIFICATE));
80 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SECRET_KEY));
81 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.VERSION));
82 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.MAGIC));
83 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SIGNATURE));
84 }
85
86 @Test
87 public void verifyThatHeadersAreSetForValidV2ProtocolCertificate()
88 {
89 when(encryptedCertificate.getMagicNumber()).thenReturn(magic);
90 when(encryptedCertificate.getSecretKey()).thenReturn(secret);
91
92 HttpMethod method = new GetMethod(this.url);
93 TrustedTokenAuthenticator auth = new TrustedTokenAuthenticator(userName, url, certificateFactory);
94 auth.process(client, method);
95
96 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.ID).getValue(), is(id));
97 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.CERTIFICATE).getValue(), is(certificate));
98 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SECRET_KEY).getValue(), is(secret));
99 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.VERSION).getValue(), is(version.toString()));
100 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.MAGIC).getValue(), is(magic));
101 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SIGNATURE).getValue(), is(signature));
102 }
103
104 @Test
105 public void verifyThatHeadersAreSetForValidV3ProtocolCertificate()
106 {
107 when(encryptedCertificate.getProtocolVersion()).thenReturn(3);
108
109 HttpMethod method = new GetMethod(this.url);
110 TrustedTokenAuthenticator auth = new TrustedTokenAuthenticator(userName, url, certificateFactory);
111 auth.process(client, method);
112
113 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.ID).getValue(), is(id));
114 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.CERTIFICATE).getValue(), is(certificate));
115 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SECRET_KEY).getValue());
116 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.VERSION).getValue(), is("3"));
117 assertNull(method.getRequestHeader(TrustedApplicationUtils.Header.Request.MAGIC).getValue());
118 assertThat(method.getRequestHeader(TrustedApplicationUtils.Header.Request.SIGNATURE).getValue(), is(signature));
119 }
120 }