@Test(expected=RuntimeException.class) public void testPostTamperedRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("yo momma".getBytes()); return serviceProvider.fetch(request); } }); client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with oauth_body_hash mismatch"); }
@Test(expected=RuntimeException.class) public void testPostTamperedRemoveRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY); request.setHeader("Content-Type", "application/x-www-form-urlencoded"); return serviceProvider.fetch(request); } }); client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with body hash in form encoded request"); }
@Test(expected=RuntimeException.class) public void testPostTamperedRemoveRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY); request.setHeader("Content-Type", "application/x-www-form-urlencoded"); return serviceProvider.fetch(request); } }); client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with body hash in form encoded request"); }
@Test(expected=RuntimeException.class) public void testPostTamperedRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("yo momma".getBytes()); return serviceProvider.fetch(request); } }); client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with oauth_body_hash mismatch"); }
@Test(expected=RuntimeException.class) public void testPostTamperedRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody("yo momma".getBytes()); return serviceProvider.fetch(request); } }); client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with oauth_body_hash mismatch"); }
@Test(expected=RuntimeException.class) public void testPostTamperedRemoveRawContent() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); // Tamper with the body before it hits the service provider client.setNextFetcher(new HttpFetcher() { public HttpResponse fetch(HttpRequest request) throws GadgetException { request.setPostBody(ArrayUtils.EMPTY_BYTE_ARRAY); request.setHeader("Content-Type", "application/x-www-form-urlencoded"); return serviceProvider.fetch(request); } }); client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); fail("Should have thrown with body hash in form encoded request"); }
@Test public void testPostBinaryData() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, null, raw); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER); byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed)); assertTrue(Arrays.equals(raw, echoedBytes)); }
@Test public void testPostWeirdContentType() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER); byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed)); assertTrue(Arrays.equals(raw, echoedBytes)); }
@Test public void testPostBinaryData() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, null, raw); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER); byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed)); assertTrue(Arrays.equals(raw, echoedBytes)); }
@Test public void testPostBinaryData() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, null, raw); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER); byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed)); assertTrue(Arrays.equals(raw, echoedBytes)); }
@Test public void testPostWeirdContentType() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER); byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed)); assertTrue(Arrays.equals(raw, echoedBytes)); }
@Test public void testPostWeirdContentType() throws Exception { byte[] raw = { 0, 1, 2, 3, 4, 5 }; MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendRawPost(FakeOAuthServiceProvider.RESOURCE_URL, "funky-content", raw); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "signedfetch")); String echoed = resp.getHeader(FakeOAuthServiceProvider.RAW_BODY_ECHO_HEADER); byte[] echoedBytes = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(echoed)); assertTrue(Arrays.equals(raw, echoedBytes)); }