Home | History | Annotate | Download | only in http
      1 /*
      2  * Copyright (C) 2010 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     17 package android.net.http;
     19 import com.google.mockwebserver.MockResponse;
     20 import com.google.mockwebserver.MockWebServer;
     21 import com.google.mockwebserver.RecordedRequest;
     22 import java.io.ByteArrayOutputStream;
     23 import java.io.IOException;
     24 import java.net.URISyntaxException;
     25 import java.util.List;
     26 import java.util.logging.Logger;
     27 import java.util.logging.SimpleFormatter;
     28 import java.util.logging.StreamHandler;
     29 import junit.framework.TestCase;
     30 import org.apache.http.HttpHost;
     31 import org.apache.http.HttpResponse;
     32 import org.apache.http.client.HttpClient;
     33 import org.apache.http.client.methods.HttpGet;
     34 import org.apache.http.conn.params.ConnRoutePNames;
     35 import org.apache.http.impl.client.DefaultHttpClient;
     37 public final class CookiesTest extends TestCase {
     39     private MockWebServer server = new MockWebServer();
     41     @Override protected void tearDown() throws Exception {
     42         server.shutdown();
     43         super.tearDown();
     44     }
     46     /**
     47      * Test that we don't log potentially sensitive cookie values.
     48      * http://b/3095990
     49      */
     50     public void testCookiesAreNotLogged() throws IOException, URISyntaxException {
     51         // enqueue an HTTP response with a cookie that will be rejected
     52         server.enqueue(new MockResponse()
     53                 .addHeader("Set-Cookie: password=secret; Domain=fake.domain"));
     54         server.play();
     56         ByteArrayOutputStream out = new ByteArrayOutputStream();
     57         Logger logger = Logger.getLogger("org.apache.http");
     58         StreamHandler handler = new StreamHandler(out, new SimpleFormatter());
     59         logger.addHandler(handler);
     60         try {
     61             HttpClient client = new DefaultHttpClient();
     62             client.execute(new HttpGet(server.getUrl("/").toURI()));
     63             handler.close();
     65             String log = out.toString("UTF-8");
     66             assertTrue(log, log.contains("password"));
     67             assertTrue(log, log.contains("fake.domain"));
     68             assertFalse(log, log.contains("secret"));
     70         } finally {
     71             logger.removeHandler(handler);
     72         }
     73     }
     75     /**
     76      * Test that cookies aren't case-sensitive with respect to hostname.
     77      * http://b/3167208
     78      */
     79     public void testCookiesWithNonMatchingCase() throws Exception {
     80         // use a proxy so we can manipulate the origin server's host name
     81         server = new MockWebServer();
     82         server.enqueue(new MockResponse()
     83                 .addHeader("Set-Cookie: a=first; Domain=my.t-mobile.com")
     84                 .addHeader("Set-Cookie: b=second; Domain=.T-mobile.com")
     85                 .addHeader("Set-Cookie: c=third; Domain=.t-mobile.com")
     86                 .setBody("This response sets some cookies."));
     87         server.enqueue(new MockResponse()
     88                 .setBody("This response gets those cookies back."));
     89         server.play();
     91         HttpClient client = new DefaultHttpClient();
     92         client.getParams().setParameter(
     93                 ConnRoutePNames.DEFAULT_PROXY, new HttpHost("localhost", server.getPort()));
     95         HttpResponse getCookies = client.execute(new HttpGet("http://my.t-mobile.com/"));
     96         getCookies.getEntity().consumeContent();
     97         server.takeRequest();
     99         HttpResponse sendCookies = client.execute(new HttpGet("http://my.t-mobile.com/"));
    100         sendCookies.getEntity().consumeContent();
    101         RecordedRequest sendCookiesRequest = server.takeRequest();
    102         assertContains(sendCookiesRequest.getHeaders(), "Cookie: a=first; b=second; c=third");
    103     }
    105     private void assertContains(List<String> headers, String header) {
    106         assertTrue(headers.toString(), headers.contains(header));
    107     }
    108 }