1
package oauth.signpost.signature;
3
import static org.junit.Assert.assertEquals;
4
import static org.junit.Assert.assertFalse;
5
import static org.junit.Assert.assertNotNull;
6
import static org.junit.Assert.assertTrue;
7
import static org.mockito.Mockito.mock;
8
import static org.mockito.Mockito.when;
10
import java.io.ByteArrayInputStream;
11
import java.util.HashMap;
12
import java.util.HashSet;
14
import oauth.signpost.OAuth;
15
import oauth.signpost.Parameter;
16
import oauth.signpost.SignpostTestBase;
17
import oauth.signpost.http.HttpRequest;
19
import org.junit.Test;
20
import org.junit.runner.RunWith;
21
import org.mockito.runners.MockitoJUnit44Runner;
23
@RunWith(MockitoJUnit44Runner.class)
24
public class SignatureBaseStringTest extends SignpostTestBase {
27
public void shouldConsistOf3NonEmptyPartsConcatenatedWithAmpersand()
29
SignatureBaseString sbs = new SignatureBaseString(httpPostMock,
31
String result = sbs.compute();
33
String[] parts = result.split("&");
35
assertEquals(3, parts.length);
36
assertNotNull(parts[0]);
37
assertNotNull(parts[1]);
38
assertNotNull(parts[2]);
42
public void shouldStartWithUppercaseHttpMethod() throws Exception {
43
assertTrue(new SignatureBaseString(httpPostMock, OAUTH_PARAMS).compute().split(
44
"&")[0].equals("POST"));
46
assertTrue(new SignatureBaseString(httpGetMock, OAUTH_PARAMS).compute().split(
47
"&")[0].equals("GET"));
51
public void shouldNormalizeRequestUrl() throws Exception {
52
String inputUrl = "HTTP://www.Example.Com:123/test?q=1#fragment";
53
String outputUrl = new SignatureBaseString(httpGetMock, OAUTH_PARAMS).normalizeUrl(inputUrl);
55
// must include scheme and authority in lowercase letters,
56
// plus non HTTP(S) port, plus path,
57
// but must ignore query params and fragment
58
assertTrue(outputUrl.equals("http://www.example.com:123/test"));
60
// must exclude HTTP(S) default ports
61
String expected = "http://example.com";
62
assertFalse(new SignatureBaseString(httpGetMock, OAUTH_PARAMS).normalizeUrl(
63
"http://example.com:80").equals(expected));
64
assertFalse(new SignatureBaseString(httpGetMock, OAUTH_PARAMS).normalizeUrl(
65
"https://example.com:443").equals(expected));
69
public void shouldNormalizeParameters() throws Exception {
71
HashMap<String, String> oauthParams = new HashMap<String, String>();
73
// example from OAuth spec
74
HashSet<Parameter> params = new HashSet<Parameter>();
75
params.add(new Parameter("a", "1"));
76
params.add(new Parameter("c", "hi there"));
77
params.add(new Parameter("f", "25"));
78
params.add(new Parameter("f", "50"));
79
params.add(new Parameter("f", "a"));
80
params.add(new Parameter("z", "p"));
81
params.add(new Parameter("z", "t"));
82
String expected = "a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t";
83
String result = new SignatureBaseString(httpGetMock, oauthParams).normalizeParameters(params);
84
assertEquals(expected, result);
86
// examples from the official test cases on http://oauth.pbwiki.com/TestCases
87
params = new HashSet<Parameter>();
88
params.add(new Parameter("a", "x!y"));
89
params.add(new Parameter("a", "x y"));
90
expected = "a=x%20y&a=x%21y";
91
result = new SignatureBaseString(httpGetMock, oauthParams).normalizeParameters(params);
92
assertEquals(expected, result);
94
params = new HashSet<Parameter>();
95
params.add(new Parameter("name", ""));
97
result = new SignatureBaseString(httpGetMock, oauthParams).normalizeParameters(params);
98
assertEquals(expected, result);
102
public void shouldIncludeOAuthAndQueryAndBodyParams() throws Exception {
104
HttpRequest request = mock(HttpRequest.class);
105
when(request.getRequestUrl()).thenReturn("http://example.com?a=1");
106
ByteArrayInputStream body = new ByteArrayInputStream("b=2".getBytes());
107
when(request.getMessagePayload()).thenReturn(body);
108
when(request.getContentType()).thenReturn(
109
"application/x-www-form-urlencoded");
110
//FIXME: this currently doesn't test anything, since Signpost currently
111
//ignores anything in the Auth header prior to message signing
112
when(request.getHeader("Authorization")).thenReturn(
113
"realm=www.example.com");
115
HashMap<String, String> oauthParams = new HashMap<String, String>(
117
oauthParams.put("oauth_signature", "12345");
119
SignatureBaseString sbs = new SignatureBaseString(request, oauthParams);
120
String result = sbs.compute();
122
assertTrue(result.contains("a%3D1"));
123
assertTrue(result.contains("b%3D2"));
124
assertTrue(result.contains("oauth_consumer_key%3D" + CONSUMER_KEY));
125
assertTrue(result.contains("oauth_signature_method%3D"
126
+ SIGNATURE_METHOD));
127
assertTrue(result.contains("oauth_timestamp%3D" + TIMESTAMP));
128
assertTrue(result.contains("oauth_nonce%3D" + NONCE));
129
assertTrue(result.contains("oauth_version%3D" + OAUTH_VERSION));
130
assertTrue(result.contains("oauth_token%3D" + TOKEN));
132
// should ignore signature and realm params
133
assertFalse(result.contains("oauth_signature%3D12345"));
134
assertFalse(result.contains("realm%3Dwww.example.com"));
136
// should not include the body param if not x-www-form-urlencoded
137
when(request.getContentType()).thenReturn(null);
138
sbs = new SignatureBaseString(request, oauthParams);
139
assertFalse(sbs.compute().contains("b%3D2"));
143
public void shouldAlwaysIncludeTokenParamEvenWhenEmpty() throws Exception {
144
HashMap<String, String> oauthParams = new HashMap<String, String>(
146
oauthParams.put("oauth_token", null);
148
SignatureBaseString sbs = new SignatureBaseString(httpGetMock,
150
String result = sbs.compute();
152
assertTrue(result.contains(OAuth.percentEncode("oauth_token=&")));
156
public void shouldEncodeAndConcatenateAllSignatureParts() throws Exception {
157
HttpRequest request = mock(HttpRequest.class);
158
when(request.getMethod()).thenReturn("GET");
159
when(request.getRequestUrl()).thenReturn("http://example.com?a=1");
160
HashMap<String, String> oauthParams = new HashMap<String, String>();
161
SignatureBaseString sbs = new SignatureBaseString(request, oauthParams);
163
//TODO: Is it correct that a trailing slash is always added to the
164
//request URL authority if the path is empty?
165
assertEquals("GET&http%3A%2F%2Fexample.com%2F&a%3D1", sbs.compute());