|
| 1 | +package com.retailsvc.http.internal; |
| 2 | + |
| 3 | +import static org.assertj.core.api.Assertions.assertThat; |
| 4 | +import static org.mockito.Mockito.mock; |
| 5 | +import static org.mockito.Mockito.when; |
| 6 | + |
| 7 | +import com.retailsvc.http.Credential; |
| 8 | +import com.retailsvc.http.spec.security.SecurityScheme.ApiKey; |
| 9 | +import com.retailsvc.http.spec.security.SecurityScheme.ApiKey.Location; |
| 10 | +import com.retailsvc.http.spec.security.SecurityScheme.HttpBasic; |
| 11 | +import com.retailsvc.http.spec.security.SecurityScheme.HttpBearer; |
| 12 | +import com.sun.net.httpserver.Headers; |
| 13 | +import com.sun.net.httpserver.HttpExchange; |
| 14 | +import java.net.URI; |
| 15 | +import java.util.Base64; |
| 16 | +import java.util.Optional; |
| 17 | +import org.junit.jupiter.api.Test; |
| 18 | + |
| 19 | +class CredentialExtractorTest { |
| 20 | + |
| 21 | + private HttpExchange exchangeWithHeader(String key, String value, String query) { |
| 22 | + HttpExchange ex = mock(HttpExchange.class); |
| 23 | + Headers h = new Headers(); |
| 24 | + if (value != null) { |
| 25 | + h.add(key, value); |
| 26 | + } |
| 27 | + when(ex.getRequestHeaders()).thenReturn(h); |
| 28 | + when(ex.getRequestURI()) |
| 29 | + .thenReturn(URI.create("http://h/x" + (query == null ? "" : "?" + query))); |
| 30 | + return ex; |
| 31 | + } |
| 32 | + |
| 33 | + @Test |
| 34 | + void apiKeyHeaderPresentExtracts() { |
| 35 | + var scheme = new ApiKey("X-API-Key", Location.HEADER); |
| 36 | + var ex = exchangeWithHeader("X-API-Key", "abc123", null); |
| 37 | + assertThat(CredentialExtractor.extract(scheme, ex)) |
| 38 | + .isEqualTo(ExtractionResult.found(new Credential.ApiKeyCredential("abc123"))); |
| 39 | + } |
| 40 | + |
| 41 | + @Test |
| 42 | + void apiKeyHeaderMissingReturnsMissing() { |
| 43 | + var scheme = new ApiKey("X-API-Key", Location.HEADER); |
| 44 | + var ex = exchangeWithHeader("Other", "irrelevant", null); |
| 45 | + assertThat(CredentialExtractor.extract(scheme, ex)).isEqualTo(ExtractionResult.missing()); |
| 46 | + } |
| 47 | + |
| 48 | + @Test |
| 49 | + void apiKeyQueryExtracts() { |
| 50 | + var scheme = new ApiKey("k", Location.QUERY); |
| 51 | + var ex = exchangeWithHeader("Ignored", null, "k=v1&other=v2"); |
| 52 | + assertThat(CredentialExtractor.extract(scheme, ex)) |
| 53 | + .isEqualTo(ExtractionResult.found(new Credential.ApiKeyCredential("v1"))); |
| 54 | + } |
| 55 | + |
| 56 | + @Test |
| 57 | + void httpBearerPresentExtracts() { |
| 58 | + var scheme = new HttpBearer(Optional.empty()); |
| 59 | + var ex = exchangeWithHeader("Authorization", "Bearer abc.def.ghi", null); |
| 60 | + assertThat(CredentialExtractor.extract(scheme, ex)) |
| 61 | + .isEqualTo(ExtractionResult.found(new Credential.BearerCredential("abc.def.ghi"))); |
| 62 | + } |
| 63 | + |
| 64 | + @Test |
| 65 | + void httpBearerCaseInsensitive() { |
| 66 | + var scheme = new HttpBearer(Optional.empty()); |
| 67 | + var ex = exchangeWithHeader("Authorization", "bEaReR token", null); |
| 68 | + assertThat(CredentialExtractor.extract(scheme, ex)) |
| 69 | + .isEqualTo(ExtractionResult.found(new Credential.BearerCredential("token"))); |
| 70 | + } |
| 71 | + |
| 72 | + @Test |
| 73 | + void httpBasicValidBase64Extracts() { |
| 74 | + var scheme = new HttpBasic(); |
| 75 | + String creds = Base64.getEncoder().encodeToString("alice:s3cret".getBytes()); |
| 76 | + var ex = exchangeWithHeader("Authorization", "Basic " + creds, null); |
| 77 | + assertThat(CredentialExtractor.extract(scheme, ex)) |
| 78 | + .isEqualTo(ExtractionResult.found(new Credential.BasicCredential("alice", "s3cret"))); |
| 79 | + } |
| 80 | + |
| 81 | + @Test |
| 82 | + void httpBasicMalformedBase64ReturnsMalformed() { |
| 83 | + var scheme = new HttpBasic(); |
| 84 | + var ex = exchangeWithHeader("Authorization", "Basic !!!not-base64", null); |
| 85 | + assertThat(CredentialExtractor.extract(scheme, ex)).isEqualTo(ExtractionResult.malformed()); |
| 86 | + } |
| 87 | +} |
0 commit comments