View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2024 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.util;
25  
26  import org.assertj.core.api.BDDSoftAssertions;
27  import org.junit.jupiter.api.Assertions;
28  import org.junit.jupiter.api.Test;
29  
30  import waffle.mock.http.SimpleHttpRequest;
31  
32  /**
33   * The Class AuthorizationHeaderTest.
34   */
35  class AuthorizationHeaderTest {
36  
37      /** The Constant DIGEST_HEADER. */
38      private static final String DIGEST_HEADER = "Digest username=\"admin\", realm=\"milton\", nonce=\"YjNjZDgxNDYtOGIwMS00NDk0LTlkMTItYzExMGJkNTcxZjli\", uri=\"/case-user-data/431b971d9e1441d381adb277de4f39f8/test\", response=\"30d2d15e89e0b7596325a12852ae6ca5\", qop=auth, nc=00000025, cnonce=\"fb2f97a275d3d9cb\"";
39  
40      /**
41       * Test is null.
42       */
43      @Test
44      void testIsNull() {
45          final SimpleHttpRequest request = new SimpleHttpRequest();
46          final AuthorizationHeader header = new AuthorizationHeader(request);
47          Assertions.assertTrue(header.isNull());
48          request.addHeader("Authorization", "");
49          Assertions.assertTrue(header.isNull());
50          request.addHeader("Authorization", "12344234");
51          Assertions.assertFalse(header.isNull());
52      }
53  
54      /**
55       * Test get security package.
56       */
57      @Test
58      void testGetSecurityPackage() {
59          final SimpleHttpRequest request = new SimpleHttpRequest();
60          final AuthorizationHeader header = new AuthorizationHeader(request);
61          request.addHeader("Authorization", "NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==");
62          Assertions.assertEquals("NTLM", header.getSecurityPackage());
63          request.addHeader("Authorization",
64                  "Negotiate TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==");
65          Assertions.assertEquals("Negotiate", header.getSecurityPackage());
66      }
67  
68      /**
69       * Test is ntlm type1 message.
70       */
71      @Test
72      void testIsNtlmType1Message() {
73          final SimpleHttpRequest request = new SimpleHttpRequest();
74          final AuthorizationHeader header = new AuthorizationHeader(request);
75          Assertions.assertFalse(header.isNtlmType1Message());
76          request.addHeader("Authorization", "");
77          Assertions.assertFalse(header.isNtlmType1Message());
78          request.addHeader("Authorization", "NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==");
79          Assertions.assertTrue(header.isNtlmType1Message());
80      }
81  
82      /**
83       * Test is ntlm type1 post authorization header.
84       */
85      @Test
86      void testIsNtlmType1PostAuthorizationHeader() {
87          final SimpleHttpRequest request = new SimpleHttpRequest();
88          request.setContentLength(0);
89          request.addHeader("Authorization", "NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==");
90          // GET
91          request.setMethod("GET");
92          final AuthorizationHeader header = new AuthorizationHeader(request);
93          Assertions.assertFalse(header.isNtlmType1PostAuthorizationHeader());
94          // POST
95          request.setMethod("POST");
96          Assertions.assertTrue(header.isNtlmType1PostAuthorizationHeader());
97          // PUT
98          request.setMethod("PUT");
99          Assertions.assertTrue(header.isNtlmType1PostAuthorizationHeader());
100     }
101 
102     /**
103      * Test is sp nego message.
104      */
105     @Test
106     void testIsSPNegTokenInitMessage() {
107         final SimpleHttpRequest request = new SimpleHttpRequest();
108         final AuthorizationHeader header = new AuthorizationHeader(request);
109         Assertions.assertFalse(header.isSPNegTokenInitMessage());
110         request.addHeader("Authorization", "");
111         Assertions.assertFalse(header.isSPNegTokenInitMessage());
112         request.addHeader("Authorization",
113                 "Negotiate YHYGBisGAQUFAqBsMGqgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI2BDROVExNU1NQAAEAAACXsgjiAwADADEAAAAJAAkAKAAAAAYBsR0AAAAPR0xZQ0VSSU5FU0FE");
114         Assertions.assertTrue(header.isSPNegTokenInitMessage());
115     }
116 
117     /**
118      * Test is sp nego post authorization header.
119      */
120     @Test
121     void testIsSPNegoPostAuthorizationHeader() {
122         final SimpleHttpRequest request = new SimpleHttpRequest();
123         request.setContentLength(0);
124         request.addHeader("Authorization",
125                 "Negotiate YHYGBisGAQUFAqBsMGqgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI2BDROVExNU1NQAAEAAACXsgjiAwADADEAAAAJAAkAKAAAAAYBsR0AAAAPR0xZQ0VSSU5FU0FE");
126         // GET
127         request.setMethod("GET");
128         final AuthorizationHeader header = new AuthorizationHeader(request);
129         Assertions.assertFalse(header.isNtlmType1PostAuthorizationHeader());
130         // POST
131         request.setMethod("POST");
132         Assertions.assertTrue(header.isNtlmType1PostAuthorizationHeader());
133         // PUT
134         request.setMethod("PUT");
135         Assertions.assertTrue(header.isNtlmType1PostAuthorizationHeader());
136     }
137 
138     /**
139      * This test was designed to specifically test a try/catch that was added around base64 processing to ensure that we
140      * push out a more readable error condition when unsupported type is sent in. Specifically, this is testing the
141      * Digest which is closely related to NTLM but not supported in Waffle.
142      */
143     @Test
144     void testIsDigestAuthorizationHeaderFailure() {
145         final SimpleHttpRequest request = new SimpleHttpRequest();
146         final AuthorizationHeader header = new AuthorizationHeader(request);
147         request.addHeader("Authorization", AuthorizationHeaderTest.DIGEST_HEADER);
148 
149         final BDDSoftAssertions softly = new BDDSoftAssertions();
150         softly.thenThrownBy(() -> header.getTokenBytes()).isInstanceOf(RuntimeException.class)
151                 .hasMessageContaining("Invalid authorization header");
152     }
153 }