1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.http; 18 19 import com.google.mockwebserver.MockResponse; 20 import com.google.mockwebserver.MockWebServer; 21 import com.google.mockwebserver.RecordedRequest; 22 import java.io.ByteArrayOutputStream; 23 import java.io.IOException; 24 import java.net.URISyntaxException; 25 import java.util.List; 26 import java.util.logging.Logger; 27 import java.util.logging.SimpleFormatter; 28 import java.util.logging.StreamHandler; 29 import junit.framework.TestCase; 30 import org.apache.http.HttpHost; 31 import org.apache.http.HttpResponse; 32 import org.apache.http.client.HttpClient; 33 import org.apache.http.client.methods.HttpGet; 34 import org.apache.http.conn.params.ConnRoutePNames; 35 import org.apache.http.impl.client.DefaultHttpClient; 36 37 public final class CookiesTest extends TestCase { 38 39 private MockWebServer server = new MockWebServer(); 40 41 @Override protected void tearDown() throws Exception { 42 server.shutdown(); 43 super.tearDown(); 44 } 45 46 /** 47 * Test that we don't log potentially sensitive cookie values. 48 * http://b/3095990 49 */ 50 public void testCookiesAreNotLogged() throws IOException, URISyntaxException { 51 // enqueue an HTTP response with a cookie that will be rejected 52 server.enqueue(new MockResponse() 53 .addHeader("Set-Cookie: password=secret; Domain=fake.domain")); 54 server.play(); 55 56 ByteArrayOutputStream out = new ByteArrayOutputStream(); 57 Logger logger = Logger.getLogger("org.apache.http"); 58 StreamHandler handler = new StreamHandler(out, new SimpleFormatter()); 59 logger.addHandler(handler); 60 try { 61 HttpClient client = new DefaultHttpClient(); 62 client.execute(new HttpGet(server.getUrl("/").toURI())); 63 handler.close(); 64 65 String log = out.toString("UTF-8"); 66 assertTrue(log, log.contains("password")); 67 assertTrue(log, log.contains("fake.domain")); 68 assertFalse(log, log.contains("secret")); 69 70 } finally { 71 logger.removeHandler(handler); 72 } 73 } 74 75 /** 76 * Test that cookies aren't case-sensitive with respect to hostname. 77 * http://b/3167208 78 */ 79 public void testCookiesWithNonMatchingCase() throws Exception { 80 // use a proxy so we can manipulate the origin server's host name 81 server = new MockWebServer(); 82 server.enqueue(new MockResponse() 83 .addHeader("Set-Cookie: a=first; Domain=my.t-mobile.com") 84 .addHeader("Set-Cookie: b=second; Domain=.T-mobile.com") 85 .addHeader("Set-Cookie: c=third; Domain=.t-mobile.com") 86 .setBody("This response sets some cookies.")); 87 server.enqueue(new MockResponse() 88 .setBody("This response gets those cookies back.")); 89 server.play(); 90 91 HttpClient client = new DefaultHttpClient(); 92 client.getParams().setParameter( 93 ConnRoutePNames.DEFAULT_PROXY, new HttpHost("localhost", server.getPort())); 94 95 HttpResponse getCookies = client.execute(new HttpGet("http://my.t-mobile.com/")); 96 getCookies.getEntity().consumeContent(); 97 server.takeRequest(); 98 99 HttpResponse sendCookies = client.execute(new HttpGet("http://my.t-mobile.com/")); 100 sendCookies.getEntity().consumeContent(); 101 RecordedRequest sendCookiesRequest = server.takeRequest(); 102 assertContains(sendCookiesRequest.getHeaders(), "Cookie: a=first; b=second; c=third"); 103 } 104 105 private void assertContains(List<String> headers, String header) { 106 assertTrue(headers.toString(), headers.contains(header)); 107 } 108 } 109