@Test(expected=BlobExpiredException.class) public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); // one hour plus clock skew timeSource.incrementSeconds(3600 + 181); String[] fields = StringUtils.split(token, ':'); // expect an exception BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); } }
@Test(expected=BlobExpiredException.class) public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); // one hour plus clock skew timeSource.incrementSeconds(3600 + 181); String[] fields = StringUtils.split(token, ':'); // expect an exception BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); } }
@Test public void testTimeStamping() throws Exception { long start = 1201917724000L; long skew = 180000; int maxAge = 300; // 5 minutes int realAge = 600; // 10 minutes try { timeSource.setCurrentTimeMillis(start); Map<String, String> in = ImmutableMap.of("a","b"); String blob = crypter.wrap(in); timeSource.incrementSeconds(realAge); crypter.unwrap(blob, maxAge); fail("Blob should have expired"); } catch (BlobExpiredException e) { assertEquals(start-skew, e.minDate.getTime()); assertEquals(start+realAge*1000L, e.used.getTime()); assertEquals(start+skew+maxAge*1000L, e.maxDate.getTime()); } }
@Test public void testTimeStamping() throws Exception { long start = 1201917724000L; long skew = 180000; int maxAge = 300; // 5 minutes int realAge = 600; // 10 minutes try { timeSource.setCurrentTimeMillis(start); Map<String, String> in = ImmutableMap.of("a","b"); String blob = crypter.wrap(in); timeSource.incrementSeconds(realAge); crypter.unwrap(blob, maxAge); fail("Blob should have expired"); } catch (BlobExpiredException e) { assertEquals(start-skew, e.minDate.getTime()); assertEquals(start+realAge*1000L, e.used.getTime()); assertEquals(start+skew+maxAge*1000L, e.maxDate.getTime()); } }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testExpired() throws Exception { OAuthClientState state = new OAuthClientState(crypter); state.setRequestToken("reqtoken"); String encrypted = state.getEncryptedState(); // expiry time + skew. timeSource.incrementSeconds(3600 + 180 + 1); state = new OAuthClientState(crypter, encrypted); assertNull(state.getRequestToken()); }
@Test public void testExpired() throws Exception { OAuthClientState state = new OAuthClientState(crypter); timeSource.incrementSeconds(-1 * (3600 + 180 + 1)); // expiry time + skew. state.setTimeSource(timeSource); state.setRequestToken("reqtoken"); String encrypted = state.getEncryptedState(); state = new OAuthClientState(crypter, encrypted); assertNull(state.getRequestToken()); }
@Test public void testExpired() throws Exception { OAuthClientState state = new OAuthClientState(crypter); timeSource.incrementSeconds(-1 * (3600 + 180 + 1)); // expiry time + skew. state.setTimeSource(timeSource); state.setRequestToken("reqtoken"); String encrypted = state.getEncryptedState(); state = new OAuthClientState(crypter, encrypted); assertNull(state.getRequestToken()); }
@Test public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); timeSource.incrementSeconds(3600 + 181); // one hour plus clock skew try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken( getBlobCrypter(getContainerKey("container")), "container", null); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String encrypted = t.encrypt(); timeSource.incrementSeconds(3600 + 181); // one hour plus clock skew try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Test public void loadFileUpdateIgnoredIfUpdatesDisabled() throws Exception { Pair<Uri, File> optUri = makeFile(".opt.js", FILE_JS); FeatureResource resource = loader.load(optUri.one, null); assertEquals(FILE_JS, resource.getContent()); assertEquals(FILE_JS, resource.getDebugContent()); assertFalse(resource.isExternal()); assertTrue(resource.isProxyCacheable()); setFileContent(optUri.two, UPDATED_FILE_JS); // Advance the time. Update checks disabled by default. timeSource.incrementSeconds(10); // Same asserts. assertEquals(FILE_JS, resource.getContent()); assertEquals(FILE_JS, resource.getDebugContent()); assertFalse(resource.isExternal()); assertTrue(resource.isProxyCacheable()); }
@Test public void loadFileUpdateIgnoredIfUpdatesDisabled() throws Exception { Pair<Uri, File> optUri = makeFile(".opt.js", FILE_JS); FeatureResource resource = loader.load(optUri.one, null); assertEquals(FILE_JS, resource.getContent()); assertEquals(FILE_JS, resource.getDebugContent()); assertFalse(resource.isExternal()); assertTrue(resource.isProxyCacheable()); setFileContent(optUri.two, UPDATED_FILE_JS); // Advance the time. Update checks disabled by default. timeSource.incrementSeconds(10); // Same asserts. assertEquals(FILE_JS, resource.getContent()); assertEquals(FILE_JS, resource.getDebugContent()); assertFalse(resource.isExternal()); assertTrue(resource.isProxyCacheable()); }
@Test public void loadFileUpdateIgnoredIfUpdatesDisabled() throws Exception { Pair<Uri, File> optUri = makeFile(".opt.js", FILE_JS); FeatureResource resource = loader.load(optUri.one, null); assertEquals(FILE_JS, resource.getContent()); assertEquals(FILE_JS, resource.getDebugContent()); assertFalse(resource.isExternal()); assertTrue(resource.isProxyCacheable()); setFileContent(optUri.two, UPDATED_FILE_JS); // Advance the time. Update checks disabled by default. timeSource.incrementSeconds(10); // Same asserts. assertEquals(FILE_JS, resource.getContent()); assertEquals(FILE_JS, resource.getDebugContent()); assertFalse(resource.isExternal()); assertTrue(resource.isProxyCacheable()); }
@Test public void testAccessTokenExpires_onServer() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); // clears oauthState client = makeNonSocialClient("owner", "owner", GADGET_URL); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); }
@Test public void testAccessTokenExpires_onServer() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); // clears oauthState client = makeNonSocialClient("owner", "owner", GADGET_URL); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); }
@Test public void testAccessTokenExpires_onServer() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); // clears oauthState client = makeNonSocialClient("owner", "owner", GADGET_URL); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); }
@Test public void testBadSessionHandle() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); serviceProvider.changeAllSessionHandles(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=renewed"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(3, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); assertEquals("User data is renewed", response.getResponseAsString()); checkLogContains("oauth_session_handle=REMOVED"); }
@Test public void testBadSessionHandle() throws Exception { serviceProvider.setSessionExtension(true); MakeRequestClient client = makeNonSocialClient("owner", "owner", GADGET_URL); HttpResponse response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("", response.getResponseAsString()); client.approveToken("user_data=hello-oauth"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); assertEquals("User data is hello-oauth", response.getResponseAsString()); assertEquals(1, serviceProvider.getRequestTokenCount()); assertEquals(1, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); clock.incrementSeconds(FakeOAuthServiceProvider.TOKEN_EXPIRATION_SECONDS + 1); serviceProvider.changeAllSessionHandles(); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals("", response.getResponseAsString()); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(2, serviceProvider.getAccessTokenCount()); assertEquals(1, serviceProvider.getResourceAccessCount()); client.approveToken("user_data=renewed"); response = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL + "?cb=1"); assertEquals(2, serviceProvider.getRequestTokenCount()); assertEquals(3, serviceProvider.getAccessTokenCount()); assertEquals(2, serviceProvider.getResourceAccessCount()); assertEquals("User data is renewed", response.getResponseAsString()); checkLogContains("oauth_session_handle=REMOVED"); }