1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.http; 18 19 import com.google.mockwebserver.MockResponse; 20 import com.google.mockwebserver.MockWebServer; 21 import com.google.mockwebserver.RecordedRequest; 22 import java.io.ByteArrayOutputStream; 23 import java.io.IOException; 24 import java.net.URISyntaxException; 25 import java.util.List; 26 import java.util.logging.Logger; 27 import java.util.logging.SimpleFormatter; 28 import java.util.logging.StreamHandler; 29 import junit.framework.TestCase; 30 import org.apache.http.HttpHost; 31 import org.apache.http.HttpResponse; 32 import org.apache.http.client.HttpClient; 33 import org.apache.http.client.methods.HttpGet; 34 import org.apache.http.conn.params.ConnRoutePNames; 35 import org.apache.http.impl.client.DefaultHttpClient; 36 37 public final class CookiesTest extends TestCase { 38 39 private MockWebServer server; 40 41 @Override 42 protected void setUp() throws Exception { 43 super.setUp(); 44 server = new MockWebServer(); 45 } 46 47 @Override protected void tearDown() throws Exception { 48 server.shutdown(); 49 super.tearDown(); 50 } 51 52 /** 53 * Test that we don't log potentially sensitive cookie values. 54 * http://b/3095990 55 */ 56 public void testCookiesAreNotLogged() throws IOException, URISyntaxException { 57 // enqueue an HTTP response with a cookie that will be rejected 58 server.enqueue(new MockResponse() 59 .addHeader("Set-Cookie: password=secret; Domain=fake.domain")); 60 server.play(); 61 62 ByteArrayOutputStream out = new ByteArrayOutputStream(); 63 Logger logger = Logger.getLogger("org.apache.http"); 64 StreamHandler handler = new StreamHandler(out, new SimpleFormatter()); 65 logger.addHandler(handler); 66 try { 67 HttpClient client = new DefaultHttpClient(); 68 client.execute(new HttpGet(server.getUrl("/").toURI())); 69 handler.close(); 70 71 String log = out.toString("UTF-8"); 72 assertTrue(log, log.contains("password")); 73 assertTrue(log, log.contains("fake.domain")); 74 assertFalse(log, log.contains("secret")); 75 76 } finally { 77 logger.removeHandler(handler); 78 } 79 } 80 81 /** 82 * Test that cookies aren't case-sensitive with respect to hostname. 83 * http://b/3167208 84 */ 85 public void testCookiesWithNonMatchingCase() throws Exception { 86 // use a proxy so we can manipulate the origin server's host name 87 server = new MockWebServer(); 88 server.enqueue(new MockResponse() 89 .addHeader("Set-Cookie: a=first; Domain=my.t-mobile.com") 90 .addHeader("Set-Cookie: b=second; Domain=.T-mobile.com") 91 .addHeader("Set-Cookie: c=third; Domain=.t-mobile.com") 92 .setBody("This response sets some cookies.")); 93 server.enqueue(new MockResponse() 94 .setBody("This response gets those cookies back.")); 95 server.play(); 96 97 HttpClient client = new DefaultHttpClient(); 98 client.getParams().setParameter( 99 ConnRoutePNames.DEFAULT_PROXY, new HttpHost("localhost", server.getPort())); 100 101 HttpResponse getCookies = client.execute(new HttpGet("http://my.t-mobile.com/")); 102 getCookies.getEntity().consumeContent(); 103 server.takeRequest(); 104 105 HttpResponse sendCookies = client.execute(new HttpGet("http://my.t-mobile.com/")); 106 sendCookies.getEntity().consumeContent(); 107 RecordedRequest sendCookiesRequest = server.takeRequest(); 108 assertContains(sendCookiesRequest.getHeaders(), "Cookie: a=first; b=second; c=third"); 109 } 110 111 private void assertContains(List<String> headers, String header) { 112 assertTrue(headers.toString(), headers.contains(header)); 113 } 114 } 115