All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.jayway.restassured.internal.http.AuthConfig Maven / Gradle / Ivy

There is a newer version: 2.9.0
Show newest version
/*
 * Copyright 2011 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.jayway.restassured.internal.http;

import com.jayway.restassured.authentication.KeystoreProvider;
import com.jayway.restassured.internal.util.SafeExceptionRethrower;
import oauth.signpost.OAuthConsumer;
import oauth.signpost.commonshttp.CommonsHttpOAuthConsumer;
import oauth.signpost.commonshttp.HttpRequestAdapter;
import oauth.signpost.exception.OAuthException;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.protocol.ExecutionContext;
import org.apache.http.protocol.HttpContext;

import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyStore;

/**
 * Encapsulates all configuration related to HTTP authentication methods.
 *
 * @author Tom Nichols
 * @see HTTPBuilder#getAuth()
 */
public class AuthConfig {
    protected HTTPBuilder builder;

    public AuthConfig(HTTPBuilder builder) {
        this.builder = builder;
    }

    /**
     * Set authentication credentials to be used for the current
     * {@link HTTPBuilder#getUri() default host}.  This method name is a bit of
     * a misnomer, since these credentials will actually work for "digest"
     * authentication as well.
     *
     * @param user
     * @param pass
     */
    public void basic(String user, String pass) {
        URI uri = ((URIBuilder) builder.getUri()).toURI();
        if (uri == null) throw new IllegalStateException("a default URI must be set");
        this.basic(uri.getHost(), uri.getPort(), user, pass);
    }

    /**
     * Set authentication credentials to be used for the given host and port.
     *
     * @param host
     * @param port
     * @param user
     * @param pass
     */
    public void basic(String host, int port, String user, String pass) {
        builder.getClient().getCredentialsProvider().setCredentials(
                new AuthScope(host, port),
                new UsernamePasswordCredentials(user, pass)
        );
    }

    /**
     * Sets a certificate to be used for SSL authentication. See {@link Class#getResource(String)} for how to get a URL from a resource
     * on the classpath.
     *
     * @param certURL            URL to a JKS keystore where the certificate is stored.
     * @param password           password to decrypt the keystore
     * @param certType           The certificate type
     * @param port               The SSL port
     * @param trustStoreProvider The provider
     */
    public void certificate(String certURL, String password, String certType, int port, KeystoreProvider trustStoreProvider) {
        try {
            KeyStore keyStore = KeyStore.getInstance(certType);
            InputStream jksStream = new URL(certURL).openStream();
            try {
                keyStore.load(jksStream, password.toCharArray());
            } finally {
                jksStream.close();
            }

            final SSLSocketFactory ssl;
            if (trustStoreProvider == null || !trustStoreProvider.canBuild()) {
                ssl = new SSLSocketFactory(keyStore, password);
            } else {
                ssl = new SSLSocketFactory(keyStore, password, trustStoreProvider.build());

            }

            ssl.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);

            SchemeRegistry registry = builder.getClient().getConnectionManager().getSchemeRegistry();
            registry.register(new Scheme("https", ssl, port));
        } catch (Exception e) {
            SafeExceptionRethrower.safeRethrow(e);
        }
    }

    /**
     * 

OAuth sign all requests. Note that this currently does not * wait for a WWW-Authenticate challenge before sending the * the OAuth header. All requests to all domains will be signed for this * instance.

*

*

This assumes you've already generated an accessToken and * secretToken for the site you're targeting. For More information * on how to achieve this, see the * Signpost documentation.

* * @param consumerKey null if you want to unset * OAuth handling and stop signing requests. * @param consumerSecret * @param accessToken * @param secretToken * @since 0.5.1 */ public void oauth(String consumerKey, String consumerSecret, String accessToken, String secretToken) { this.builder.client.removeRequestInterceptorByClass(OAuthSigner.class); if (consumerKey != null) this.builder.client.addRequestInterceptor(new OAuthSigner( consumerKey, consumerSecret, accessToken, secretToken)); } /** * This class is used to sign all requests via an {@link HttpRequestInterceptor} * until the context-aware AuthScheme is released in HttpClient 4.1. * * @since 0.5.1 */ static class OAuthSigner implements HttpRequestInterceptor { protected OAuthConsumer oauth; public OAuthSigner(String consumerKey, String consumerSecret, String accessToken, String secretToken) { this.oauth = new CommonsHttpOAuthConsumer(consumerKey, consumerSecret); oauth.setTokenWithSecret(accessToken, secretToken); } public void process(HttpRequest request, HttpContext ctx) { /* The full request URI must be reconstructed between the context and the request URI. * Best we can do until AuthScheme supports HttpContext. See: * https://issues.apache.org/jira/browse/HTTPCLIENT-901 */ try { HttpUriRequest uriRequest = (HttpUriRequest) request; HttpHost host = (HttpHost) ctx.getAttribute(ExecutionContext.HTTP_TARGET_HOST); final URI requestURI = new URI(host.toURI()).resolve(uriRequest.getURI()); HttpRequestAdapter oAuthRequest = new HttpRequestAdapter(uriRequest) { /* @Override */ public String getRequestUrl() { return requestURI.toString(); } }; this.oauth.sign(oAuthRequest); } catch (ClassCastException ex) { SafeExceptionRethrower.safeRethrow(new HttpException("Request must be an instance of HttpUriRequest", ex)); } catch (URISyntaxException ex) { SafeExceptionRethrower.safeRethrow(new HttpException("Error rebuilding request URI", ex)); } catch (OAuthException e) { SafeExceptionRethrower.safeRethrow(new HttpException("OAuth signing error", e)); } } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy