Additional OAuthSignatureCalculator tests, backport AsyncHttpClient#823

slandelle · slandelle · commit 692bad165714 · 2015-02-23T10:51:57.000+01:00
diff --git a/src/main/java/com/ning/http/client/oauth/OAuthSignatureCalculator.java b/src/main/java/com/ning/http/client/oauth/OAuthSignatureCalculator.java
@@ -85,7 +85,7 @@ public OAuthSignatureCalculator(ConsumerKey consumerAuth, RequestToken userAuth)
     @Override
     public void calculateAndAddSignature(Request request, RequestBuilderBase<?> requestBuilder) {
         String nonce = generateNonce();
-        long timestamp = System.currentTimeMillis() / 1000L;
+        long timestamp = generateTimestamp();
         String signature = calculateSignature(request.getMethod(), request.getUri(), timestamp, nonce, request.getFormParams(), request.getQueryParams());
         String headerValue = constructAuthHeader(signature, nonce, timestamp);
         requestBuilder.setHeader(HEADER_AUTHORIZATION, headerValue);
@@ -185,7 +185,11 @@ public String constructAuthHeader(String signature, String nonce, long oauthTime
         return sb.toString();
     }
 
-    private synchronized String generateNonce() {
+    protected long generateTimestamp() {
+        return System.currentTimeMillis() / 1000L;
+    }
+    
+    protected synchronized String generateNonce() {
         random.nextBytes(nonceBuffer);
         // let's use base64 encoding over hex, slightly more compact than hex or decimals
         return Base64.encode(nonceBuffer);
diff --git a/src/test/java/com/ning/http/client/oauth/OAuthSignatureCalculatorTest.java b/src/test/java/com/ning/http/client/oauth/OAuthSignatureCalculatorTest.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2010 Ning, Inc.
+ *
+ * Ning licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at:
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package com.ning.http.client.oauth;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.fail;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import com.ning.http.client.Param;
+import com.ning.http.client.Request;
+import com.ning.http.client.RequestBuilder;
+import com.ning.http.client.uri.Uri;
+import org.testng.annotations.Test;
+
+/**
+ * Tests the OAuth signature behavior.
+ *
+ * See <a href="https://oauth.googlecode.com/svn/code/javascript/example/signature.html">Signature Tester</a> for an
+ * online oauth signature checker.
+ *
+ */
+public class OAuthSignatureCalculatorTest {
+    private static final String CONSUMER_KEY = "dpf43f3p2l4k3l03";
+
+    private static final String CONSUMER_SECRET = "kd94hf93k423kf44";
+
+    public static final String TOKEN_KEY = "nnch734d00sl2jdk";
+
+    public static final String TOKEN_SECRET = "pfkkdhi9sl3r4s00";
+
+    public static final String NONCE = "kllo9940pd9333jh";
+
+    final static long TIMESTAMP = 1191242096;
+
+    private static class StaticOAuthSignatureCalculator extends OAuthSignatureCalculator {
+        
+        private final long timestamp;
+        private final String nonce;
+        
+        public StaticOAuthSignatureCalculator(ConsumerKey consumerAuth, RequestToken userAuth, long timestamp, String nonce) {
+            super(consumerAuth, userAuth);
+            this.timestamp = timestamp;   
+            this.nonce = nonce;
+        }
+        
+        @Override
+        protected long generateTimestamp() {
+            return timestamp;
+        }
+
+        @Override
+        protected String generateNonce() {
+            return nonce;
+        }
+    }
+    
+    // based on the reference test case from
+    // http://oauth.pbwiki.com/TestCases
+    @Test(groups = "fast")
+    public void testGetCalculateSignature() {
+        ConsumerKey consumer = new ConsumerKey(CONSUMER_KEY, CONSUMER_SECRET);
+        RequestToken user = new RequestToken(TOKEN_KEY, TOKEN_SECRET);
+        OAuthSignatureCalculator calc = new OAuthSignatureCalculator(consumer, user);
+        List<Param> queryParams = new ArrayList<>();
+        queryParams.add(new Param("file", "vacation.jpg"));
+        queryParams.add(new Param("size", "original"));
+        String url = "http://photos.example.net/photos";
+        String sig = calc.calculateSignature("GET", Uri.create(url), TIMESTAMP, NONCE, null, queryParams);
+
+        assertEquals(sig, "tR3+Ty81lMeYAr/Fid0kMTYa/WM=");
+    }
+
+    @Test(groups = "fast")
+    public void testPostCalculateSignature() {
+        ConsumerKey consumer = new ConsumerKey(CONSUMER_KEY, CONSUMER_SECRET);
+        RequestToken user = new RequestToken(TOKEN_KEY, TOKEN_SECRET);
+        OAuthSignatureCalculator calc = new StaticOAuthSignatureCalculator(consumer, user, TIMESTAMP, NONCE);
+
+        List<Param> formParams = new ArrayList<Param>();
+        formParams.add(new Param("file", "vacation.jpg"));
+        formParams.add(new Param("size", "original"));
+        String url = "http://photos.example.net/photos";
+        final Request req = new RequestBuilder("POST")
+                .setUri(Uri.create(url))
+                .setFormParams(formParams)
+                .setSignatureCalculator(calc).build();
+
+        // From the signature tester, POST should look like:
+        // normalized parameters: file=vacation.jpg&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_nonce=kllo9940pd9333jh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1191242096&oauth_token=nnch734d00sl2jdk&oauth_version=1.0&size=original
+        // signature base string: POST&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal
+        // signature: wPkvxykrw+BTdCcGqKr+3I+PsiM=
+        // header: OAuth realm="",oauth_version="1.0",oauth_consumer_key="dpf43f3p2l4k3l03",oauth_token="nnch734d00sl2jdk",oauth_timestamp="1191242096",oauth_nonce="kllo9940pd9333jh",oauth_signature_method="HMAC-SHA1",oauth_signature="wPkvxykrw%2BBTdCcGqKr%2B3I%2BPsiM%3D"
+
+        String authHeader = req.getHeaders().get("Authorization").get(0);
+        Matcher m = Pattern.compile("oauth_signature=\"(.+?)\"").matcher(authHeader);
+        assertEquals(m.find(), true);
+        String encodedSig = m.group(1);
+        String sig = null;
+        try {
+            sig = URLDecoder.decode(encodedSig, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            fail("bad encoding", e);
+        }
+
+        assertEquals(sig, "wPkvxykrw+BTdCcGqKr+3I+PsiM=");
+    }
+
+    @Test(groups = "fast")
+    public void testGetWithRequestBuilder() {
+        ConsumerKey consumer = new ConsumerKey(CONSUMER_KEY, CONSUMER_SECRET);
+        RequestToken user = new RequestToken(TOKEN_KEY, TOKEN_SECRET);
+        OAuthSignatureCalculator calc = new StaticOAuthSignatureCalculator(consumer, user, TIMESTAMP, NONCE);
+
+        List<Param> queryParams = new ArrayList<Param>();
+        queryParams.add(new Param("file", "vacation.jpg"));
+        queryParams.add(new Param("size", "original"));
+        String url = "http://photos.example.net/photos";
+
+        final Request req = new RequestBuilder("GET")
+                .setUri(Uri.create(url))
+                .setQueryParams(queryParams)
+                .setSignatureCalculator(calc).build();
+
+        final List<Param> params = req.getQueryParams();
+        assertEquals(params.size(), 2);
+        
+        // From the signature tester, the URL should look like:
+        //normalized parameters: file=vacation.jpg&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_nonce=kllo9940pd9333jh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1191242096&oauth_token=nnch734d00sl2jdk&oauth_version=1.0&size=original
+        //signature base string: GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal
+        //signature: tR3+Ty81lMeYAr/Fid0kMTYa/WM=
+        //Authorization header: OAuth realm="",oauth_version="1.0",oauth_consumer_key="dpf43f3p2l4k3l03",oauth_token="nnch734d00sl2jdk",oauth_timestamp="1191242096",oauth_nonce="kllo9940pd9333jh",oauth_signature_method="HMAC-SHA1",oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D"
+
+        String authHeader = req.getHeaders().get("Authorization").get(0);
+        Matcher m = Pattern.compile("oauth_signature=\"(.+?)\"").matcher(authHeader);
+        assertEquals(m.find(), true);
+        String encodedSig = m.group(1);
+        String sig = null;
+        try {
+            sig = URLDecoder.decode(encodedSig, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            fail("bad encoding", e);
+        }
+
+        assertEquals(sig, "tR3+Ty81lMeYAr/Fid0kMTYa/WM=");
+
+    }
+
+}
diff --git a/src/test/java/com/ning/http/client/oauth/TestSignatureCalculator.java b/src/test/java/com/ning/http/client/oauth/TestSignatureCalculator.java
