Home | History | Annotate | Download | only in http 
      1 /*
      2  * Copyright (C) 2010 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package android.net.http;
     18 
     19 import com.google.mockwebserver.MockResponse;
     20 import com.google.mockwebserver.MockWebServer;
     21 import com.google.mockwebserver.RecordedRequest;
     22 import java.io.ByteArrayOutputStream;
     23 import java.io.IOException;
     24 import java.net.URISyntaxException;
     25 import java.util.List;
     26 import java.util.logging.Logger;
     27 import java.util.logging.SimpleFormatter;
     28 import java.util.logging.StreamHandler;
     29 import junit.framework.TestCase;
     30 import org.apache.http.HttpHost;
     31 import org.apache.http.HttpResponse;
     32 import org.apache.http.client.HttpClient;
     33 import org.apache.http.client.methods.HttpGet;
     34 import org.apache.http.conn.params.ConnRoutePNames;
     35 import org.apache.http.impl.client.DefaultHttpClient;
     36 
     37 public final class CookiesTest extends TestCase {
     38 
     39     private MockWebServer server;
     40 
     41     @Override
     42     protected void setUp() throws Exception {
     43         super.setUp();
     44         server = new MockWebServer();
     45     }
     46 
     47     @Override protected void tearDown() throws Exception {
     48         server.shutdown();
     49         super.tearDown();
     50     }
     51 
     52     /**
     53      * Test that we don't log potentially sensitive cookie values.
     54      * http://b/3095990
     55      */
     56     public void testCookiesAreNotLogged() throws IOException, URISyntaxException {
     57         // enqueue an HTTP response with a cookie that will be rejected
     58         server.enqueue(new MockResponse()
     59                 .addHeader("Set-Cookie: password=secret; Domain=fake.domain"));
     60         server.play();
     61 
     62         ByteArrayOutputStream out = new ByteArrayOutputStream();
     63         Logger logger = Logger.getLogger("org.apache.http");
     64         StreamHandler handler = new StreamHandler(out, new SimpleFormatter());
     65         logger.addHandler(handler);
     66         try {
     67             HttpClient client = new DefaultHttpClient();
     68             client.execute(new HttpGet(server.getUrl("/").toURI()));
     69             handler.close();
     70 
     71             String log = out.toString("UTF-8");
     72             assertTrue(log, log.contains("password"));
     73             assertTrue(log, log.contains("fake.domain"));
     74             assertFalse(log, log.contains("secret"));
     75 
     76         } finally {
     77             logger.removeHandler(handler);
     78         }
     79     }
     80 
     81     /**
     82      * Test that cookies aren't case-sensitive with respect to hostname.
     83      * http://b/3167208
     84      */
     85     public void testCookiesWithNonMatchingCase() throws Exception {
     86         // use a proxy so we can manipulate the origin server's host name
     87         server = new MockWebServer();
     88         server.enqueue(new MockResponse()
     89                 .addHeader("Set-Cookie: a=first; Domain=my.t-mobile.com")
     90                 .addHeader("Set-Cookie: b=second; Domain=.T-mobile.com")
     91                 .addHeader("Set-Cookie: c=third; Domain=.t-mobile.com")
     92                 .setBody("This response sets some cookies."));
     93         server.enqueue(new MockResponse()
     94                 .setBody("This response gets those cookies back."));
     95         server.play();
     96 
     97         HttpClient client = new DefaultHttpClient();
     98         client.getParams().setParameter(
     99                 ConnRoutePNames.DEFAULT_PROXY, new HttpHost("localhost", server.getPort()));
    100 
    101         HttpResponse getCookies = client.execute(new HttpGet("http://my.t-mobile.com/"));
    102         getCookies.getEntity().consumeContent();
    103         server.takeRequest();
    104 
    105         HttpResponse sendCookies = client.execute(new HttpGet("http://my.t-mobile.com/"));
    106         sendCookies.getEntity().consumeContent();
    107         RecordedRequest sendCookiesRequest = server.takeRequest();
    108         assertContains(sendCookiesRequest.getHeaders(), "Cookie: a=first; b=second; c=third");
    109     }
    110 
    111     private void assertContains(List<String> headers, String header) {
    112         assertTrue(headers.toString(), headers.contains(header));
    113     }
    114 }
    115