12102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson/* 22102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * Copyright (C) 2010 The Android Open Source Project 32102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * 42102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * Licensed under the Apache License, Version 2.0 (the "License"); 52102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * you may not use this file except in compliance with the License. 62102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * You may obtain a copy of the License at 72102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * 82102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * http://www.apache.org/licenses/LICENSE-2.0 92102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * 102102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * Unless required by applicable law or agreed to in writing, software 112102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * distributed under the License is distributed on an "AS IS" BASIS, 122102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 132102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * See the License for the specific language governing permissions and 142102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * limitations under the License. 152102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson */ 162102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 172102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonpackage android.net.http; 182102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 197ad00e6f5ccaf975a49870cdd267d28ae144314eJesse Wilsonimport com.google.mockwebserver.MockResponse; 207ad00e6f5ccaf975a49870cdd267d28ae144314eJesse Wilsonimport com.google.mockwebserver.MockWebServer; 217ad00e6f5ccaf975a49870cdd267d28ae144314eJesse Wilsonimport com.google.mockwebserver.RecordedRequest; 222102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport java.io.ByteArrayOutputStream; 232102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport java.io.IOException; 242102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport java.net.URISyntaxException; 2540811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilsonimport java.util.List; 262102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport java.util.logging.Logger; 272102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport java.util.logging.SimpleFormatter; 282102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport java.util.logging.StreamHandler; 292102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport junit.framework.TestCase; 3040811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilsonimport org.apache.http.HttpHost; 3140811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilsonimport org.apache.http.HttpResponse; 322102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport org.apache.http.client.HttpClient; 332102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport org.apache.http.client.methods.HttpGet; 3440811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilsonimport org.apache.http.conn.params.ConnRoutePNames; 352102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonimport org.apache.http.impl.client.DefaultHttpClient; 362102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 372102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilsonpublic final class CookiesTest extends TestCase { 382102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 392102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson private MockWebServer server = new MockWebServer(); 402102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 412102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson @Override protected void tearDown() throws Exception { 422102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson server.shutdown(); 432102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson super.tearDown(); 442102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson } 452102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 462102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson /** 472102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * Test that we don't log potentially sensitive cookie values. 482102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson * http://b/3095990 492102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson */ 502102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson public void testCookiesAreNotLogged() throws IOException, URISyntaxException { 512102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson // enqueue an HTTP response with a cookie that will be rejected 522102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson server.enqueue(new MockResponse() 532102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson .addHeader("Set-Cookie: password=secret; Domain=fake.domain")); 542102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson server.play(); 552102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 562102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson ByteArrayOutputStream out = new ByteArrayOutputStream(); 572102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson Logger logger = Logger.getLogger("org.apache.http"); 582102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson StreamHandler handler = new StreamHandler(out, new SimpleFormatter()); 592102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson logger.addHandler(handler); 602102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson try { 612102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson HttpClient client = new DefaultHttpClient(); 622102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson client.execute(new HttpGet(server.getUrl("/").toURI())); 632102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson handler.close(); 642102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 652102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson String log = out.toString("UTF-8"); 662102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson assertTrue(log, log.contains("password")); 672102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson assertTrue(log, log.contains("fake.domain")); 682102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson assertFalse(log, log.contains("secret")); 692102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson 702102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson } finally { 712102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson logger.removeHandler(handler); 722102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson } 732102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson } 7440811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson 7540811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson /** 7640811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson * Test that cookies aren't case-sensitive with respect to hostname. 7740811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson * http://b/3167208 7840811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson */ 7940811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson public void testCookiesWithNonMatchingCase() throws Exception { 8040811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson // use a proxy so we can manipulate the origin server's host name 8140811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson server = new MockWebServer(); 8240811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson server.enqueue(new MockResponse() 8340811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson .addHeader("Set-Cookie: a=first; Domain=my.t-mobile.com") 8440811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson .addHeader("Set-Cookie: b=second; Domain=.T-mobile.com") 8540811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson .addHeader("Set-Cookie: c=third; Domain=.t-mobile.com") 8640811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson .setBody("This response sets some cookies.")); 8740811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson server.enqueue(new MockResponse() 8840811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson .setBody("This response gets those cookies back.")); 8940811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson server.play(); 9040811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson 9140811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson HttpClient client = new DefaultHttpClient(); 9240811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson client.getParams().setParameter( 9340811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson ConnRoutePNames.DEFAULT_PROXY, new HttpHost("localhost", server.getPort())); 9440811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson 9540811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson HttpResponse getCookies = client.execute(new HttpGet("http://my.t-mobile.com/")); 9640811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson getCookies.getEntity().consumeContent(); 9740811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson server.takeRequest(); 9840811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson 9940811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson HttpResponse sendCookies = client.execute(new HttpGet("http://my.t-mobile.com/")); 10040811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson sendCookies.getEntity().consumeContent(); 10140811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson RecordedRequest sendCookiesRequest = server.takeRequest(); 10240811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson assertContains(sendCookiesRequest.getHeaders(), "Cookie: a=first; b=second; c=third"); 10340811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson } 10440811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson 10540811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson private void assertContains(List<String> headers, String header) { 10640811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson assertTrue(headers.toString(), headers.contains(header)); 10740811b01542cec7a76bdfee79e77d1f684731d37Jesse Wilson } 1082102bde9d4afc2a7246b62ceaab495a8ec7401f3Jesse Wilson} 109