|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 /* |
|
25 * @test |
|
26 * @summary Basic test for redirect and redirect policies |
|
27 * @modules java.base/sun.net.www.http |
|
28 * java.net.http/jdk.internal.net.http.common |
|
29 * java.net.http/jdk.internal.net.http.frame |
|
30 * java.net.http/jdk.internal.net.http.hpack |
|
31 * java.logging |
|
32 * jdk.httpserver |
|
33 * @library /lib/testlibrary /test/lib http2/server |
|
34 * @build Http2TestServer |
|
35 * @build jdk.testlibrary.SimpleSSLContext |
|
36 * @run testng/othervm |
|
37 * -Djdk.httpclient.HttpClient.log=trace,headers,requests |
|
38 * BasicRedirectTest |
|
39 */ |
|
40 |
|
41 import com.sun.net.httpserver.HttpServer; |
|
42 import com.sun.net.httpserver.HttpsConfigurator; |
|
43 import com.sun.net.httpserver.HttpsServer; |
|
44 import java.io.IOException; |
|
45 import java.io.InputStream; |
|
46 import java.io.OutputStream; |
|
47 import java.net.InetSocketAddress; |
|
48 import java.net.URI; |
|
49 import java.net.http.HttpClient; |
|
50 import java.net.http.HttpClient.Redirect; |
|
51 import java.net.http.HttpRequest; |
|
52 import java.net.http.HttpResponse; |
|
53 import java.net.http.HttpResponse.BodyHandlers; |
|
54 import javax.net.ssl.SSLContext; |
|
55 import jdk.testlibrary.SimpleSSLContext; |
|
56 import org.testng.annotations.AfterTest; |
|
57 import org.testng.annotations.BeforeTest; |
|
58 import org.testng.annotations.DataProvider; |
|
59 import org.testng.annotations.Test; |
|
60 import static java.lang.System.out; |
|
61 import static java.nio.charset.StandardCharsets.UTF_8; |
|
62 import static org.testng.Assert.assertEquals; |
|
63 import static org.testng.Assert.assertFalse; |
|
64 import static org.testng.Assert.assertTrue; |
|
65 |
|
66 public class BasicRedirectTest implements HttpServerAdapters { |
|
67 |
|
68 SSLContext sslContext; |
|
69 HttpTestServer httpTestServer; // HTTP/1.1 [ 4 servers ] |
|
70 HttpTestServer httpsTestServer; // HTTPS/1.1 |
|
71 HttpTestServer http2TestServer; // HTTP/2 ( h2c ) |
|
72 HttpTestServer https2TestServer; // HTTP/2 ( h2 ) |
|
73 String httpURI; |
|
74 String httpURIToMoreSecure; // redirects HTTP to HTTPS |
|
75 String httpsURI; |
|
76 String httpsURIToLessSecure; // redirects HTTPS to HTTP |
|
77 String http2URI; |
|
78 String http2URIToMoreSecure; // redirects HTTP to HTTPS |
|
79 String https2URI; |
|
80 String https2URIToLessSecure; // redirects HTTPS to HTTP |
|
81 |
|
82 static final String MESSAGE = "Is fearr Gaeilge briste, na Bearla cliste"; |
|
83 static final int ITERATIONS = 3; |
|
84 |
|
85 @DataProvider(name = "positive") |
|
86 public Object[][] positive() { |
|
87 return new Object[][] { |
|
88 { httpURI, Redirect.ALWAYS }, |
|
89 { httpsURI, Redirect.ALWAYS }, |
|
90 { http2URI, Redirect.ALWAYS }, |
|
91 { https2URI, Redirect.ALWAYS }, |
|
92 { httpURIToMoreSecure, Redirect.ALWAYS }, |
|
93 { http2URIToMoreSecure, Redirect.ALWAYS }, |
|
94 { httpsURIToLessSecure, Redirect.ALWAYS }, |
|
95 { https2URIToLessSecure, Redirect.ALWAYS }, |
|
96 |
|
97 { httpURI, Redirect.SAME_PROTOCOL }, |
|
98 { httpsURI, Redirect.SAME_PROTOCOL }, |
|
99 { http2URI, Redirect.SAME_PROTOCOL }, |
|
100 { https2URI, Redirect.SAME_PROTOCOL }, |
|
101 |
|
102 { httpURI, Redirect.SECURE }, |
|
103 { httpsURI, Redirect.SECURE }, |
|
104 { http2URI, Redirect.SECURE }, |
|
105 { https2URI, Redirect.SECURE }, |
|
106 { httpURIToMoreSecure, Redirect.SECURE }, |
|
107 { http2URIToMoreSecure, Redirect.SECURE }, |
|
108 }; |
|
109 } |
|
110 |
|
111 @Test(dataProvider = "positive") |
|
112 void test(String uriString, Redirect redirectPolicy) throws Exception { |
|
113 out.printf("%n---- starting positive (%s, %s) ----%n", uriString, redirectPolicy); |
|
114 HttpClient client = HttpClient.newBuilder() |
|
115 .followRedirects(redirectPolicy) |
|
116 .sslContext(sslContext) |
|
117 .build(); |
|
118 |
|
119 URI uri = URI.create(uriString); |
|
120 HttpRequest request = HttpRequest.newBuilder(uri).build(); |
|
121 out.println("Initial request: " + request.uri()); |
|
122 |
|
123 for (int i=0; i< ITERATIONS; i++) { |
|
124 out.println("iteration: " + i); |
|
125 HttpResponse<String> response = client.send(request, BodyHandlers.ofString()); |
|
126 |
|
127 out.println(" Got response: " + response); |
|
128 out.println(" Got body Path: " + response.body()); |
|
129 out.println(" Got response.request: " + response.request()); |
|
130 |
|
131 assertEquals(response.statusCode(), 200); |
|
132 assertEquals(response.body(), MESSAGE); |
|
133 // asserts redirected URI in response.request().uri() |
|
134 assertTrue(response.uri().getPath().endsWith("message")); |
|
135 assertPreviousRedirectResponses(request, response); |
|
136 } |
|
137 } |
|
138 |
|
139 static void assertPreviousRedirectResponses(HttpRequest initialRequest, |
|
140 HttpResponse<?> finalResponse) { |
|
141 // there must be at least one previous response |
|
142 finalResponse.previousResponse() |
|
143 .orElseThrow(() -> new RuntimeException("no previous response")); |
|
144 |
|
145 HttpResponse<?> response = finalResponse; |
|
146 do { |
|
147 URI uri = response.uri(); |
|
148 response = response.previousResponse().get(); |
|
149 assertTrue(300 <= response.statusCode() && response.statusCode() <= 309, |
|
150 "Expected 300 <= code <= 309, got:" + response.statusCode()); |
|
151 assertEquals(response.body(), null, "Unexpected body: " + response.body()); |
|
152 String locationHeader = response.headers().firstValue("Location") |
|
153 .orElseThrow(() -> new RuntimeException("no previous Location")); |
|
154 assertTrue(uri.toString().endsWith(locationHeader), |
|
155 "URI: " + uri + ", Location: " + locationHeader); |
|
156 |
|
157 } while (response.previousResponse().isPresent()); |
|
158 |
|
159 // initial |
|
160 assertEquals(initialRequest, response.request(), |
|
161 String.format("Expected initial request [%s] to equal last prev req [%s]", |
|
162 initialRequest, response.request())); |
|
163 } |
|
164 |
|
165 // -- negatives |
|
166 |
|
167 @DataProvider(name = "negative") |
|
168 public Object[][] negative() { |
|
169 return new Object[][] { |
|
170 { httpURI, Redirect.NEVER }, |
|
171 { httpsURI, Redirect.NEVER }, |
|
172 { http2URI, Redirect.NEVER }, |
|
173 { https2URI, Redirect.NEVER }, |
|
174 { httpURIToMoreSecure, Redirect.NEVER }, |
|
175 { http2URIToMoreSecure, Redirect.NEVER }, |
|
176 { httpsURIToLessSecure, Redirect.NEVER }, |
|
177 { https2URIToLessSecure, Redirect.NEVER }, |
|
178 |
|
179 { httpURIToMoreSecure, Redirect.SAME_PROTOCOL }, |
|
180 { http2URIToMoreSecure, Redirect.SAME_PROTOCOL }, |
|
181 { httpsURIToLessSecure, Redirect.SAME_PROTOCOL }, |
|
182 { https2URIToLessSecure, Redirect.SAME_PROTOCOL }, |
|
183 |
|
184 { httpsURIToLessSecure, Redirect.SECURE }, |
|
185 { https2URIToLessSecure, Redirect.SECURE }, |
|
186 }; |
|
187 } |
|
188 |
|
189 @Test(dataProvider = "negative") |
|
190 void testNegatives(String uriString,Redirect redirectPolicy) throws Exception { |
|
191 out.printf("%n---- starting negative (%s, %s) ----%n", uriString, redirectPolicy); |
|
192 HttpClient client = HttpClient.newBuilder() |
|
193 .followRedirects(redirectPolicy) |
|
194 .sslContext(sslContext) |
|
195 .build(); |
|
196 |
|
197 URI uri = URI.create(uriString); |
|
198 HttpRequest request = HttpRequest.newBuilder(uri).build(); |
|
199 out.println("Initial request: " + request.uri()); |
|
200 |
|
201 for (int i=0; i< ITERATIONS; i++) { |
|
202 out.println("iteration: " + i); |
|
203 HttpResponse<String> response = client.send(request, BodyHandlers.ofString()); |
|
204 |
|
205 out.println(" Got response: " + response); |
|
206 out.println(" Got body Path: " + response.body()); |
|
207 out.println(" Got response.request: " + response.request()); |
|
208 |
|
209 assertEquals(response.statusCode(), 302); |
|
210 assertEquals(response.body(), "XY"); |
|
211 // asserts original URI in response.request().uri() |
|
212 assertTrue(response.uri().equals(uri)); |
|
213 assertFalse(response.previousResponse().isPresent()); |
|
214 } |
|
215 } |
|
216 |
|
217 |
|
218 // -- Infrastructure |
|
219 |
|
220 @BeforeTest |
|
221 public void setup() throws Exception { |
|
222 sslContext = new SimpleSSLContext().get(); |
|
223 if (sslContext == null) |
|
224 throw new AssertionError("Unexpected null sslContext"); |
|
225 |
|
226 InetSocketAddress sa = new InetSocketAddress(0); |
|
227 |
|
228 httpTestServer = HttpTestServer.of(HttpServer.create(sa, 0)); |
|
229 httpTestServer.addHandler(new BasicHttpRedirectHandler(), "/http1/same/"); |
|
230 httpURI = "http://127.0.0.1:" + httpTestServer.getAddress().getPort() + "/http1/same/redirect"; |
|
231 HttpsServer httpsServer = HttpsServer.create(sa, 0); |
|
232 httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext)); |
|
233 httpsTestServer = HttpTestServer.of(httpsServer); |
|
234 httpsTestServer.addHandler(new BasicHttpRedirectHandler(),"/https1/same/"); |
|
235 httpsURI = "https://127.0.0.1:" + httpsTestServer.getAddress().getPort() + "/https1/same/redirect"; |
|
236 |
|
237 http2TestServer = HttpTestServer.of(new Http2TestServer("127.0.0.1", false, 0)); |
|
238 http2TestServer.addHandler(new BasicHttpRedirectHandler(), "/http2/same/"); |
|
239 http2URI = "http://127.0.0.1:" + http2TestServer.getAddress().getPort() + "/http2/same/redirect"; |
|
240 https2TestServer = HttpTestServer.of(new Http2TestServer("127.0.0.1", true, 0)); |
|
241 https2TestServer.addHandler(new BasicHttpRedirectHandler(), "/https2/same/"); |
|
242 https2URI = "https://127.0.0.1:" + https2TestServer.getAddress().getPort() + "/https2/same/redirect"; |
|
243 |
|
244 |
|
245 // HTTP to HTTPS redirect handler |
|
246 httpTestServer.addHandler(new ToSecureHttpRedirectHandler(httpsURI), "/http1/toSecure/"); |
|
247 httpURIToMoreSecure = "http://127.0.0.1:" + httpTestServer.getAddress().getPort() + "/http1/toSecure/redirect"; |
|
248 // HTTP2 to HTTP2S redirect handler |
|
249 http2TestServer.addHandler(new ToSecureHttpRedirectHandler(https2URI), "/http2/toSecure/"); |
|
250 http2URIToMoreSecure = "http://127.0.0.1:" + http2TestServer.getAddress().getPort() + "/http2/toSecure/redirect"; |
|
251 |
|
252 // HTTPS to HTTP redirect handler |
|
253 httpsTestServer.addHandler(new ToLessSecureRedirectHandler(httpURI), "/https1/toLessSecure/"); |
|
254 httpsURIToLessSecure = "https://127.0.0.1:" + httpsTestServer.getAddress().getPort() + "/https1/toLessSecure/redirect"; |
|
255 // HTTPS2 to HTTP2 redirect handler |
|
256 https2TestServer.addHandler(new ToLessSecureRedirectHandler(http2URI), "/https2/toLessSecure/"); |
|
257 https2URIToLessSecure = "https://127.0.0.1:" + https2TestServer.getAddress().getPort() + "/https2/toLessSecure/redirect"; |
|
258 |
|
259 httpTestServer.start(); |
|
260 httpsTestServer.start(); |
|
261 http2TestServer.start(); |
|
262 https2TestServer.start(); |
|
263 } |
|
264 |
|
265 @AfterTest |
|
266 public void teardown() throws Exception { |
|
267 httpTestServer.stop(); |
|
268 httpsTestServer.stop(); |
|
269 http2TestServer.stop(); |
|
270 https2TestServer.stop(); |
|
271 } |
|
272 |
|
273 // Redirects to same protocol |
|
274 static class BasicHttpRedirectHandler implements HttpTestHandler { |
|
275 // flip-flop between chunked/variable and fixed length redirect responses |
|
276 volatile int count; |
|
277 |
|
278 @Override |
|
279 public void handle(HttpTestExchange t) throws IOException { |
|
280 System.out.println("BasicHttpRedirectHandler for: " + t.getRequestURI()); |
|
281 readAllRequestData(t); |
|
282 |
|
283 if (t.getRequestURI().getPath().endsWith("redirect")) { |
|
284 String url = t.getRequestURI().resolve("message").toString(); |
|
285 t.getResponseHeaders().addHeader("Location", url); |
|
286 int len = count % 2 == 0 ? 2 : -1; |
|
287 t.sendResponseHeaders(302, len); |
|
288 try (OutputStream os = t.getResponseBody()) { |
|
289 os.write(new byte[]{'X', 'Y'}); // stuffing some response body |
|
290 } |
|
291 } else { |
|
292 try (OutputStream os = t.getResponseBody()) { |
|
293 byte[] bytes = MESSAGE.getBytes(UTF_8); |
|
294 t.sendResponseHeaders(200, bytes.length); |
|
295 os.write(bytes); |
|
296 } |
|
297 } |
|
298 } |
|
299 } |
|
300 |
|
301 // Redirects to a, possibly, more secure protocol, (HTTP to HTTPS) |
|
302 static class ToSecureHttpRedirectHandler implements HttpTestHandler { |
|
303 final String targetURL; |
|
304 ToSecureHttpRedirectHandler(String targetURL) { |
|
305 this.targetURL = targetURL; |
|
306 } |
|
307 @Override |
|
308 public void handle(HttpTestExchange t) throws IOException { |
|
309 System.out.println("ToSecureHttpRedirectHandler for: " + t.getRequestURI()); |
|
310 readAllRequestData(t); |
|
311 |
|
312 if (t.getRequestURI().getPath().endsWith("redirect")) { |
|
313 t.getResponseHeaders().addHeader("Location", targetURL); |
|
314 System.out.println("ToSecureHttpRedirectHandler redirecting to: " + targetURL); |
|
315 t.sendResponseHeaders(302, 2); // fixed-length |
|
316 try (OutputStream os = t.getResponseBody()) { |
|
317 os.write(new byte[]{'X', 'Y'}); |
|
318 } |
|
319 } else { |
|
320 Throwable ex = new RuntimeException("Unexpected request"); |
|
321 ex.printStackTrace(); |
|
322 t.sendResponseHeaders(500, 0); |
|
323 } |
|
324 } |
|
325 } |
|
326 |
|
327 // Redirects to a, possibly, less secure protocol (HTTPS to HTTP) |
|
328 static class ToLessSecureRedirectHandler implements HttpTestHandler { |
|
329 final String targetURL; |
|
330 ToLessSecureRedirectHandler(String targetURL) { |
|
331 this.targetURL = targetURL; |
|
332 } |
|
333 @Override |
|
334 public void handle(HttpTestExchange t) throws IOException { |
|
335 System.out.println("ToLessSecureRedirectHandler for: " + t.getRequestURI()); |
|
336 readAllRequestData(t); |
|
337 |
|
338 if (t.getRequestURI().getPath().endsWith("redirect")) { |
|
339 t.getResponseHeaders().addHeader("Location", targetURL); |
|
340 System.out.println("ToLessSecureRedirectHandler redirecting to: " + targetURL); |
|
341 t.sendResponseHeaders(302, -1); // chunked/variable |
|
342 try (OutputStream os = t.getResponseBody()) { |
|
343 os.write(new byte[]{'X', 'Y'}); |
|
344 } |
|
345 } else { |
|
346 Throwable ex = new RuntimeException("Unexpected request"); |
|
347 ex.printStackTrace(); |
|
348 t.sendResponseHeaders(500, 0); |
|
349 } |
|
350 } |
|
351 } |
|
352 |
|
353 static void readAllRequestData(HttpTestExchange t) throws IOException { |
|
354 try (InputStream is = t.getRequestBody()) { |
|
355 is.readAllBytes(); |
|
356 } |
|
357 } |
|
358 } |