public void Requires_full_Signature_to_Authenticate()
{
var client = GetClientWithBasicAuthCredentials();
var authResponse = client.Post(new Authenticate());
Assert.That(authResponse.BearerToken, Is.Not.Null);
var jwtProvider = (JwtAuthProvider)AuthenticateService.GetJwtAuthProvider();
// Ensure minimum signature example
// jwtProvider.ValidateToken = (js,req) =>
// req.GetJwtToken().LastRightPart('.').FromBase64UrlSafe().Length >= 32;
var req = new BasicHttpRequest {
Headers = { [HttpHeaders.Authorization] = "Bearer " + authResponse.BearerToken }
};
Assert.That(jwtProvider.IsJwtValid(req));
var startSigPos = authResponse.BearerToken.LastIndexOf('.') + 1;
for (var i = startSigPos; i < authResponse.BearerToken.Length; i++)
{
req.Headers[HttpHeaders.Authorization] = "Bearer " + authResponse.BearerToken.Substring(0, i);
Assert.That(jwtProvider.IsJwtValid(req), Is.False);
}
}
private IHttpRequest ConfigureRequest(string path)
{
var request = new BasicHttpRequest {
PathInfo = path
};
return(request);
}
public void HtmlAcceptTypesReturnsFalse()
{
string[] acceptTypes = new string[] { "text/html", "application/xhtml+xml", "application/xml", "*/*", };
var request = new BasicHttpRequest();
request.AcceptTypesCollection = acceptTypes;
Assert.IsFalse(SrkRequestExtensions.PrefersJson(request));
}
public void EmptyAcceptTypesReturnsFalse()
{
string[] acceptTypes = new string[0];
var request = new BasicHttpRequest();
request.AcceptTypesCollection = acceptTypes;
Assert.IsFalse(SrkRequestExtensions.PrefersJson(request));
}
public void Resolves_the_right_handler_for_expexted_paths()
{
foreach (var item in pathInfoMap)
{
var expectedType = item.Value;
var httpReq = new BasicHttpRequest
{
PathInfo = item.Key,
};
var handler = HttpHandlerFactory.GetHandlerForPathInfo(httpReq, null);
Assert.That(handler.GetType(), Is.EqualTo(expectedType));
}
}
private string buildAuthorizationHeader(Response response)
{
DigestScheme scheme = new DigestScheme();
scheme.ProcessChallenge(new BasicHeader("WWW-Authenticate", response.Header("WWW-Authenticate")));
BasicHttpRequest request = new BasicHttpRequest(
response.Request().Method(),
response.Request().Uri().ToString());
string uriString = response.Request().Uri().ToString();
var username = credentials.GetCredential(new Uri(uriString), "Digest").UserName;
var password = credentials.GetCredential(new Uri(uriString), "Digest").Password;
Org.Apache.Http.Authentication.ICredentials javaCredentials = new UsernamePasswordCredentials(username, password);
return(scheme.Authenticate(javaCredentials, request).Value);
}
public void Resolves_the_right_handler_for_case_insensitive_expected_paths()
{
foreach (var item in pathInfoMap)
{
var expectedType = item.Value;
var lowerPathInfo = item.Key.ToLower();
lowerPathInfo.Print();
var httpReq = new BasicHttpRequest
{
PathInfo = lowerPathInfo,
};
var handler = HttpHandlerFactory.GetHandlerForPathInfo(httpReq, null);
Assert.That(handler?.GetType(), Is.EqualTo(expectedType));
}
}
public void ArgNullThrows()
{
BasicHttpRequest request = null;
SrkRequestExtensions.PrefersJson(request);
}
/// <exception cref="System.IO.IOException"></exception>
/// <exception cref="Apache.Http.HttpException"></exception>
public virtual Socket Tunnel(HttpHost proxy, HttpHost target, Credentials credentials
)
{
Args.NotNull(proxy, "Proxy host");
Args.NotNull(target, "Target host");
Args.NotNull(credentials, "Credentials");
HttpHost host = target;
if (host.GetPort() <= 0)
{
host = new HttpHost(host.GetHostName(), 80, host.GetSchemeName());
}
HttpRoute route = new HttpRoute(host, this.requestConfig.GetLocalAddress(), proxy
, false, RouteInfo.TunnelType.Tunnelled, RouteInfo.LayerType.Plain);
ManagedHttpClientConnection conn = this.connFactory.Create(route, this.connectionConfig
);
HttpContext context = new BasicHttpContext();
HttpResponse response;
IHttpRequest connect = new BasicHttpRequest("CONNECT", host.ToHostString(), HttpVersion
.Http11);
BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.SetCredentials(new AuthScope(proxy), credentials);
// Populate the execution context
context.SetAttribute(HttpCoreContext.HttpTargetHost, target);
context.SetAttribute(HttpCoreContext.HttpConnection, conn);
context.SetAttribute(HttpCoreContext.HttpRequest, connect);
context.SetAttribute(HttpClientContext.HttpRoute, route);
context.SetAttribute(HttpClientContext.ProxyAuthState, this.proxyAuthState);
context.SetAttribute(HttpClientContext.CredsProvider, credsProvider);
context.SetAttribute(HttpClientContext.AuthschemeRegistry, this.authSchemeRegistry
);
context.SetAttribute(HttpClientContext.RequestConfig, this.requestConfig);
this.requestExec.PreProcess(connect, this.httpProcessor, context);
for (; ;)
{
if (!conn.IsOpen())
{
Socket socket = Sharpen.Extensions.CreateSocket(proxy.GetHostName(), proxy.GetPort
());
conn.Bind(socket);
}
this.authenticator.GenerateAuthResponse(connect, this.proxyAuthState, context);
response = this.requestExec.Execute(connect, conn, context);
int status = response.GetStatusLine().GetStatusCode();
if (status < 200)
{
throw new HttpException("Unexpected response to CONNECT request: " + response.GetStatusLine
());
}
if (this.authenticator.IsAuthenticationRequested(proxy, response, this.proxyAuthStrategy
, this.proxyAuthState, context))
{
if (this.authenticator.HandleAuthChallenge(proxy, response, this.proxyAuthStrategy
, this.proxyAuthState, context))
{
// Retry request
if (this.reuseStrategy.KeepAlive(response, context))
{
// Consume response content
HttpEntity entity = response.GetEntity();
EntityUtils.Consume(entity);
}
else
{
conn.Close();
}
// discard previous auth header
connect.RemoveHeaders(AUTH.ProxyAuthResp);
}
else
{
break;
}
}
else
{
break;
}
}
int status_1 = response.GetStatusLine().GetStatusCode();
if (status_1 > 299)
{
// Buffer response content
HttpEntity entity = response.GetEntity();
if (entity != null)
{
response.SetEntity(new BufferedHttpEntity(entity));
}
conn.Close();
throw new TunnelRefusedException("CONNECT refused by proxy: " + response.GetStatusLine
(), response);
}
return(conn.GetSocket());
}
/// <summary>Creates a tunnel to the target server.</summary>
/// <remarks>
/// Creates a tunnel to the target server.
/// The connection must be established to the (last) proxy.
/// A CONNECT request for tunnelling through the proxy will
/// be created and sent, the response received and checked.
/// This method does <i>not</i> update the connection with
/// information about the tunnel, that is left to the caller.
/// </remarks>
/// <exception cref="Apache.Http.HttpException"></exception>
/// <exception cref="System.IO.IOException"></exception>
private bool CreateTunnelToTarget(AuthState proxyAuthState, HttpClientConnection
managedConn, HttpRoute route, IHttpRequest request, HttpClientContext context)
{
RequestConfig config = context.GetRequestConfig();
int timeout = config.GetConnectTimeout();
HttpHost target = route.GetTargetHost();
HttpHost proxy = route.GetProxyHost();
HttpResponse response;
string authority = target.ToHostString();
IHttpRequest connect = new BasicHttpRequest("CONNECT", authority, request.GetProtocolVersion
());
this.requestExecutor.PreProcess(connect, this.proxyHttpProcessor, context);
for (; ;)
{
if (!managedConn.IsOpen())
{
this.connManager.Connect(managedConn, route, timeout > 0 ? timeout : 0, context);
}
connect.RemoveHeaders(AUTH.ProxyAuthResp);
this.authenticator.GenerateAuthResponse(connect, proxyAuthState, context);
response = this.requestExecutor.Execute(connect, managedConn, context);
int status = response.GetStatusLine().GetStatusCode();
if (status < 200)
{
throw new HttpException("Unexpected response to CONNECT request: " + response.GetStatusLine
());
}
if (config.IsAuthenticationEnabled())
{
if (this.authenticator.IsAuthenticationRequested(proxy, response, this.proxyAuthStrategy
, proxyAuthState, context))
{
if (this.authenticator.HandleAuthChallenge(proxy, response, this.proxyAuthStrategy
, proxyAuthState, context))
{
// Retry request
if (this.reuseStrategy.KeepAlive(response, context))
{
this.log.Debug("Connection kept alive");
// Consume response content
HttpEntity entity = response.GetEntity();
EntityUtils.Consume(entity);
}
else
{
managedConn.Close();
}
}
else
{
break;
}
}
else
{
break;
}
}
}
int status_1 = response.GetStatusLine().GetStatusCode();
if (status_1 > 299)
{
// Buffer response content
HttpEntity entity = response.GetEntity();
if (entity != null)
{
response.SetEntity(new BufferedHttpEntity(entity));
}
managedConn.Close();
throw new TunnelRefusedException("CONNECT refused by proxy: " + response.GetStatusLine
(), response);
}
// How to decide on security of the tunnelled connection?
// The socket factory knows only about the segment to the proxy.
// Even if that is secure, the hop to the target may be insecure.
// Leave it to derived classes, consider insecure by default here.
return(false);
}
