com.jayway.restassured.internal.http.AuthConfig Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of rest-assured Show documentation
Show all versions of rest-assured Show documentation
Java DSL for easy testing of REST services
/*
* Copyright 2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.jayway.restassured.internal.http;
import com.jayway.restassured.authentication.OAuthSignature;
import com.jayway.restassured.internal.KeystoreSpecImpl;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.RequestWrapper;
import org.apache.http.protocol.ExecutionContext;
import org.apache.http.protocol.HttpContext;
import org.scribe.builder.api.DefaultApi10a;
import org.scribe.builder.api.DefaultApi20;
import org.scribe.model.*;
import org.scribe.oauth.OAuth10aServiceImpl;
import org.scribe.oauth.OAuth20ServiceImpl;
import org.scribe.oauth.OAuthService;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.util.Map;
/**
* Encapsulates all configuration related to HTTP authentication methods.
*
* @author Tom Nichols
* @author johanhaleby
*/
public class AuthConfig {
private static final int UNDEFINED_PORT = -1;
private static final int DEFAULT_HTTPS_PORT = 443;
protected HTTPBuilder builder;
public AuthConfig(HTTPBuilder builder) {
this.builder = builder;
}
/**
* Set authentication credentials to be used for the current
* {@link HTTPBuilder#getUri() default host}. This method name is a bit of
* a misnomer, since these credentials will actually work for "digest"
* authentication as well.
*
* @param user
* @param pass
*/
public void basic(String user, String pass) {
URI uri = ((URIBuilder) builder.getUri()).toURI();
if (uri == null) throw new IllegalStateException("a default URI must be set");
this.basic(uri.getHost(), uri.getPort(), user, pass);
}
/**
* Set authentication credentials to be used for the given host and port.
*
* @param host
* @param port
* @param user
* @param pass
*/
public void basic(String host, int port, String user, String pass) {
builder.getClient().getCredentialsProvider().setCredentials(
new AuthScope(host, port),
new UsernamePasswordCredentials(user, pass)
);
}
/**
* Sets a certificate to be used for SSL authentication. See {@link Class#getResource(String)} for how to get a URL from a resource
* on the classpath.
*
* @param certURL URL to a JKS keystore where the certificate is stored.
* @param password password to decrypt the keystore
* @param certType The certificate type
* @param port The SSL port
* @param trustStore The trust store
* @param x509HostnameVerifier The X509HostnameVerifier to use
* @param sslSocketFactory The SSLSocketFactory to use
*/
public void certificate(String certURL, String password, String certType, int port, KeyStore trustStore, X509HostnameVerifier x509HostnameVerifier,
SSLSocketFactory sslSocketFactory) {
KeystoreSpecImpl keystoreSpec = new KeystoreSpecImpl();
URI uri = ((URIBuilder) builder.getUri()).toURI();
if (uri == null) throw new IllegalStateException("a default URI must be set");
keystoreSpec.setKeyStoreType(certType);
keystoreSpec.setPassword(password);
keystoreSpec.setPath(certURL);
keystoreSpec.setTrustStore(trustStore);
keystoreSpec.setPort(port);
keystoreSpec.setX509HostnameVerifier(x509HostnameVerifier);
keystoreSpec.setFactory(sslSocketFactory);
int portSpecifiedInUri = uri.getPort();
keystoreSpec.apply(builder, portSpecifiedInUri == UNDEFINED_PORT ? DEFAULT_HTTPS_PORT : portSpecifiedInUri);
}
/**
* OAuth sign all requests. Note that this currently does not
* wait for a WWW-Authenticate challenge before sending the
* the OAuth header. All requests to all domains will be signed for this
* instance.
*
* This assumes you've already generated an accessToken and
* secretToken for the site you're targeting. For More information
* on how to achieve this, see the
* Scribe documentation.
*
* @param consumerKey null if you want to unset
* OAuth handling and stop signing requests.
* @param consumerSecret
* @param accessToken
* @param secretToken
* @since 0.5.1
*/
public void oauth(String consumerKey, String consumerSecret,
String accessToken, String secretToken) {
this.builder.client.removeRequestInterceptorByClass(OAuthSigner.class);
if (consumerKey != null) {
this.builder.client.addRequestInterceptor(new OAuthSigner(
consumerKey, consumerSecret, accessToken, secretToken, OAuthSignature.HEADER));
}
}
public void oauth(String consumerKey, String consumerSecret,
String accessToken, String secretToken, OAuthSignature signature) {
this.builder.client.removeRequestInterceptorByClass(OAuthSigner.class);
if (consumerKey != null) {
this.builder.client.addRequestInterceptor(new OAuthSigner(
consumerKey, consumerSecret, accessToken, secretToken,
signature));
}
}
/**
* OAuth2 sign all requests. Note that this currently does not
* wait for a WWW-Authenticate challenge before sending the
* the OAuth header. All requests to all domains will be signed for this
* instance.
*
* This assumes you've already generated an accessToken
* for the site you're targeting. For More information
* on how to achieve this, see the
* Scribe documentation.
*
* @param accessToken
* @since 0.5.1
*/
public void oauth2(String accessToken) {
this.builder.client.removeRequestInterceptorByClass(OAuthSigner.class);
if (accessToken != null) {
this.builder.client.addRequestInterceptor(new OAuthSigner(accessToken, OAuthSignature.HEADER));
}
}
public void oauth2(String accessToken, OAuthSignature signature) {
this.builder.client.removeRequestInterceptorByClass(OAuthSigner.class);
if (accessToken != null) {
this.builder.client.addRequestInterceptor(new OAuthSigner(
accessToken, signature));
}
}
static class OAuthSigner implements HttpRequestInterceptor {
protected OAuthConfig oauthConfig;
protected Token token;
protected OAuthService service;
protected SignatureType type = SignatureType.Header;
protected OAuthSignature signature;
protected boolean oauth1 = true;
public OAuthSigner(String consumerKey, String consumerSecret,
String accessToken, String secretToken, OAuthSignature signature) {
this.oauthConfig = new OAuthConfig(consumerKey, consumerSecret,
null, getOAuthSigntureType(signature), null, null);
this.token = new Token(accessToken, secretToken);
this.signature = signature;
}
public OAuthSigner(String accessToken, OAuthSignature signature) {
this.token = new Token(accessToken, "");
this.signature = signature;
oauth1 = false;
}
public void process(HttpRequest request, HttpContext ctx) throws HttpException, IOException {
try {
HttpHost host = (HttpHost) ctx
.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
final URI requestURI = new URI(host.toURI()).resolve(request
.getRequestLine().getUri());
Verb verb = Verb.valueOf(request.getRequestLine().getMethod().toUpperCase());
OAuthRequest oauthRequest = new OAuthRequest(verb,
requestURI.toString());
this.service = getOauthService(oauth1);
service.signRequest(token, oauthRequest);
if (signature == OAuthSignature.HEADER) {
//If signature is to be added as header
for (Map.Entry entry : oauthRequest.getHeaders().entrySet()) {
request.setHeader(entry.getKey(), entry.getValue());
}
} else {
//If signature is to be added as query param
URI uri = new URI(oauthRequest.getCompleteUrl());
((RequestWrapper) request).setURI(uri);
}
} catch (URISyntaxException ex) {
throw new HttpException("Error rebuilding request URI", ex);
}
}
private OAuthService getOauthService(boolean oauth1) {
OAuthService service = null;
if (oauth1) {
DefaultApi10a api = new DefaultApi10a() {
@Override
public String getRequestTokenEndpoint() {
return null;
}
@Override
public String getAuthorizationUrl(Token arg0) {
return null;
}
@Override
public String getAccessTokenEndpoint() {
return null;
}
};
service = new OAuth10aServiceImpl(api, oauthConfig);
} else {
DefaultApi20 api = new DefaultApi20() {
@Override
public String getAuthorizationUrl(OAuthConfig arg0) {
return null;
}
@Override
public String getAccessTokenEndpoint() {
return null;
}
};
service = new OAuth20ServiceImpl(api, oauthConfig);
}
return service;
}
private static SignatureType getOAuthSigntureType(OAuthSignature signature) {
SignatureType signatureType;
if (signature == OAuthSignature.HEADER)
signatureType = SignatureType.Header;
else
signatureType = SignatureType.QueryString;
return signatureType;
}
}
} © 2015 - 2025 Weber Informatics LLC | Privacy Policy