|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 /* |
|
25 * @test |
|
26 * @summary Basic test for redirect and redirect policies |
|
27 * @modules java.base/sun.net.www.http |
|
28 * java.net.http/jdk.internal.net.http.common |
|
29 * java.net.http/jdk.internal.net.http.frame |
|
30 * java.net.http/jdk.internal.net.http.hpack |
|
31 * java.logging |
|
32 * jdk.httpserver |
|
33 * @library /lib/testlibrary /test/lib http2/server |
|
34 * @build Http2TestServer |
|
35 * @build jdk.testlibrary.SimpleSSLContext |
|
36 * @run testng/othervm |
|
37 * -Djdk.httpclient.HttpClient.log=trace,headers,requests |
|
38 * BasicRedirectTest |
|
39 */ |
|
40 |
|
41 import com.sun.net.httpserver.HttpServer; |
|
42 import com.sun.net.httpserver.HttpsConfigurator; |
|
43 import com.sun.net.httpserver.HttpsServer; |
|
44 import java.io.IOException; |
|
45 import java.io.InputStream; |
|
46 import java.io.OutputStream; |
|
47 import java.net.InetAddress; |
|
48 import java.net.InetSocketAddress; |
|
49 import java.net.URI; |
|
50 import java.net.http.HttpClient; |
|
51 import java.net.http.HttpClient.Redirect; |
|
52 import java.net.http.HttpRequest; |
|
53 import java.net.http.HttpResponse; |
|
54 import java.net.http.HttpResponse.BodyHandlers; |
|
55 import javax.net.ssl.SSLContext; |
|
56 import jdk.testlibrary.SimpleSSLContext; |
|
57 import org.testng.annotations.AfterTest; |
|
58 import org.testng.annotations.BeforeTest; |
|
59 import org.testng.annotations.DataProvider; |
|
60 import org.testng.annotations.Test; |
|
61 import static java.lang.System.out; |
|
62 import static java.nio.charset.StandardCharsets.UTF_8; |
|
63 import static org.testng.Assert.assertEquals; |
|
64 import static org.testng.Assert.assertFalse; |
|
65 import static org.testng.Assert.assertTrue; |
|
66 |
|
67 public class BasicRedirectTest implements HttpServerAdapters { |
|
68 |
|
69 SSLContext sslContext; |
|
70 HttpTestServer httpTestServer; // HTTP/1.1 [ 4 servers ] |
|
71 HttpTestServer httpsTestServer; // HTTPS/1.1 |
|
72 HttpTestServer http2TestServer; // HTTP/2 ( h2c ) |
|
73 HttpTestServer https2TestServer; // HTTP/2 ( h2 ) |
|
74 String httpURI; |
|
75 String httpURIToMoreSecure; // redirects HTTP to HTTPS |
|
76 String httpsURI; |
|
77 String httpsURIToLessSecure; // redirects HTTPS to HTTP |
|
78 String http2URI; |
|
79 String http2URIToMoreSecure; // redirects HTTP to HTTPS |
|
80 String https2URI; |
|
81 String https2URIToLessSecure; // redirects HTTPS to HTTP |
|
82 |
|
83 static final String MESSAGE = "Is fearr Gaeilge briste, na Bearla cliste"; |
|
84 static final int ITERATIONS = 3; |
|
85 |
|
86 @DataProvider(name = "positive") |
|
87 public Object[][] positive() { |
|
88 return new Object[][] { |
|
89 { httpURI, Redirect.ALWAYS }, |
|
90 { httpsURI, Redirect.ALWAYS }, |
|
91 { http2URI, Redirect.ALWAYS }, |
|
92 { https2URI, Redirect.ALWAYS }, |
|
93 { httpURIToMoreSecure, Redirect.ALWAYS }, |
|
94 { http2URIToMoreSecure, Redirect.ALWAYS }, |
|
95 { httpsURIToLessSecure, Redirect.ALWAYS }, |
|
96 { https2URIToLessSecure, Redirect.ALWAYS }, |
|
97 |
|
98 { httpURI, Redirect.NORMAL }, |
|
99 { httpsURI, Redirect.NORMAL }, |
|
100 { http2URI, Redirect.NORMAL }, |
|
101 { https2URI, Redirect.NORMAL }, |
|
102 { httpURIToMoreSecure, Redirect.NORMAL }, |
|
103 { http2URIToMoreSecure, Redirect.NORMAL }, |
|
104 }; |
|
105 } |
|
106 |
|
107 @Test(dataProvider = "positive") |
|
108 void test(String uriString, Redirect redirectPolicy) throws Exception { |
|
109 out.printf("%n---- starting positive (%s, %s) ----%n", uriString, redirectPolicy); |
|
110 HttpClient client = HttpClient.newBuilder() |
|
111 .followRedirects(redirectPolicy) |
|
112 .sslContext(sslContext) |
|
113 .build(); |
|
114 |
|
115 URI uri = URI.create(uriString); |
|
116 HttpRequest request = HttpRequest.newBuilder(uri).build(); |
|
117 out.println("Initial request: " + request.uri()); |
|
118 |
|
119 for (int i=0; i< ITERATIONS; i++) { |
|
120 out.println("iteration: " + i); |
|
121 HttpResponse<String> response = client.send(request, BodyHandlers.ofString()); |
|
122 |
|
123 out.println(" Got response: " + response); |
|
124 out.println(" Got body Path: " + response.body()); |
|
125 out.println(" Got response.request: " + response.request()); |
|
126 |
|
127 assertEquals(response.statusCode(), 200); |
|
128 assertEquals(response.body(), MESSAGE); |
|
129 // asserts redirected URI in response.request().uri() |
|
130 assertTrue(response.uri().getPath().endsWith("message")); |
|
131 assertPreviousRedirectResponses(request, response); |
|
132 } |
|
133 } |
|
134 |
|
135 static void assertPreviousRedirectResponses(HttpRequest initialRequest, |
|
136 HttpResponse<?> finalResponse) { |
|
137 // there must be at least one previous response |
|
138 finalResponse.previousResponse() |
|
139 .orElseThrow(() -> new RuntimeException("no previous response")); |
|
140 |
|
141 HttpResponse<?> response = finalResponse; |
|
142 do { |
|
143 URI uri = response.uri(); |
|
144 response = response.previousResponse().get(); |
|
145 assertTrue(300 <= response.statusCode() && response.statusCode() <= 309, |
|
146 "Expected 300 <= code <= 309, got:" + response.statusCode()); |
|
147 assertEquals(response.body(), null, "Unexpected body: " + response.body()); |
|
148 String locationHeader = response.headers().firstValue("Location") |
|
149 .orElseThrow(() -> new RuntimeException("no previous Location")); |
|
150 assertTrue(uri.toString().endsWith(locationHeader), |
|
151 "URI: " + uri + ", Location: " + locationHeader); |
|
152 |
|
153 } while (response.previousResponse().isPresent()); |
|
154 |
|
155 // initial |
|
156 assertEquals(initialRequest, response.request(), |
|
157 String.format("Expected initial request [%s] to equal last prev req [%s]", |
|
158 initialRequest, response.request())); |
|
159 } |
|
160 |
|
161 // -- negatives |
|
162 |
|
163 @DataProvider(name = "negative") |
|
164 public Object[][] negative() { |
|
165 return new Object[][] { |
|
166 { httpURI, Redirect.NEVER }, |
|
167 { httpsURI, Redirect.NEVER }, |
|
168 { http2URI, Redirect.NEVER }, |
|
169 { https2URI, Redirect.NEVER }, |
|
170 { httpURIToMoreSecure, Redirect.NEVER }, |
|
171 { http2URIToMoreSecure, Redirect.NEVER }, |
|
172 { httpsURIToLessSecure, Redirect.NEVER }, |
|
173 { https2URIToLessSecure, Redirect.NEVER }, |
|
174 |
|
175 { httpsURIToLessSecure, Redirect.NORMAL }, |
|
176 { https2URIToLessSecure, Redirect.NORMAL }, |
|
177 }; |
|
178 } |
|
179 |
|
180 @Test(dataProvider = "negative") |
|
181 void testNegatives(String uriString,Redirect redirectPolicy) throws Exception { |
|
182 out.printf("%n---- starting negative (%s, %s) ----%n", uriString, redirectPolicy); |
|
183 HttpClient client = HttpClient.newBuilder() |
|
184 .followRedirects(redirectPolicy) |
|
185 .sslContext(sslContext) |
|
186 .build(); |
|
187 |
|
188 URI uri = URI.create(uriString); |
|
189 HttpRequest request = HttpRequest.newBuilder(uri).build(); |
|
190 out.println("Initial request: " + request.uri()); |
|
191 |
|
192 for (int i=0; i< ITERATIONS; i++) { |
|
193 out.println("iteration: " + i); |
|
194 HttpResponse<String> response = client.send(request, BodyHandlers.ofString()); |
|
195 |
|
196 out.println(" Got response: " + response); |
|
197 out.println(" Got body Path: " + response.body()); |
|
198 out.println(" Got response.request: " + response.request()); |
|
199 |
|
200 assertEquals(response.statusCode(), 302); |
|
201 assertEquals(response.body(), "XY"); |
|
202 // asserts original URI in response.request().uri() |
|
203 assertTrue(response.uri().equals(uri)); |
|
204 assertFalse(response.previousResponse().isPresent()); |
|
205 } |
|
206 } |
|
207 |
|
208 |
|
209 // -- Infrastructure |
|
210 |
|
211 @BeforeTest |
|
212 public void setup() throws Exception { |
|
213 sslContext = new SimpleSSLContext().get(); |
|
214 if (sslContext == null) |
|
215 throw new AssertionError("Unexpected null sslContext"); |
|
216 |
|
217 InetSocketAddress sa = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0); |
|
218 |
|
219 httpTestServer = HttpTestServer.of(HttpServer.create(sa, 0)); |
|
220 httpTestServer.addHandler(new BasicHttpRedirectHandler(), "/http1/same/"); |
|
221 httpURI = "http://" + httpTestServer.serverAuthority() + "/http1/same/redirect"; |
|
222 HttpsServer httpsServer = HttpsServer.create(sa, 0); |
|
223 httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext)); |
|
224 httpsTestServer = HttpTestServer.of(httpsServer); |
|
225 httpsTestServer.addHandler(new BasicHttpRedirectHandler(),"/https1/same/"); |
|
226 httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1/same/redirect"; |
|
227 |
|
228 http2TestServer = HttpTestServer.of(new Http2TestServer("localhost", false, 0)); |
|
229 http2TestServer.addHandler(new BasicHttpRedirectHandler(), "/http2/same/"); |
|
230 http2URI = "http://" + http2TestServer.serverAuthority() + "/http2/same/redirect"; |
|
231 https2TestServer = HttpTestServer.of(new Http2TestServer("localhost", true, 0)); |
|
232 https2TestServer.addHandler(new BasicHttpRedirectHandler(), "/https2/same/"); |
|
233 https2URI = "https://" + https2TestServer.serverAuthority() + "/https2/same/redirect"; |
|
234 |
|
235 |
|
236 // HTTP to HTTPS redirect handler |
|
237 httpTestServer.addHandler(new ToSecureHttpRedirectHandler(httpsURI), "/http1/toSecure/"); |
|
238 httpURIToMoreSecure = "http://" + httpTestServer.serverAuthority()+ "/http1/toSecure/redirect"; |
|
239 // HTTP2 to HTTP2S redirect handler |
|
240 http2TestServer.addHandler(new ToSecureHttpRedirectHandler(https2URI), "/http2/toSecure/"); |
|
241 http2URIToMoreSecure = "http://" + http2TestServer.serverAuthority() + "/http2/toSecure/redirect"; |
|
242 |
|
243 // HTTPS to HTTP redirect handler |
|
244 httpsTestServer.addHandler(new ToLessSecureRedirectHandler(httpURI), "/https1/toLessSecure/"); |
|
245 httpsURIToLessSecure = "https://" + httpsTestServer.serverAuthority() + "/https1/toLessSecure/redirect"; |
|
246 // HTTPS2 to HTTP2 redirect handler |
|
247 https2TestServer.addHandler(new ToLessSecureRedirectHandler(http2URI), "/https2/toLessSecure/"); |
|
248 https2URIToLessSecure = "https://" + https2TestServer.serverAuthority() + "/https2/toLessSecure/redirect"; |
|
249 |
|
250 httpTestServer.start(); |
|
251 httpsTestServer.start(); |
|
252 http2TestServer.start(); |
|
253 https2TestServer.start(); |
|
254 } |
|
255 |
|
256 @AfterTest |
|
257 public void teardown() throws Exception { |
|
258 httpTestServer.stop(); |
|
259 httpsTestServer.stop(); |
|
260 http2TestServer.stop(); |
|
261 https2TestServer.stop(); |
|
262 } |
|
263 |
|
264 // Redirects to same protocol |
|
265 static class BasicHttpRedirectHandler implements HttpTestHandler { |
|
266 // flip-flop between chunked/variable and fixed length redirect responses |
|
267 volatile int count; |
|
268 |
|
269 @Override |
|
270 public void handle(HttpTestExchange t) throws IOException { |
|
271 System.out.println("BasicHttpRedirectHandler for: " + t.getRequestURI()); |
|
272 readAllRequestData(t); |
|
273 |
|
274 if (t.getRequestURI().getPath().endsWith("redirect")) { |
|
275 String url = t.getRequestURI().resolve("message").toString(); |
|
276 t.getResponseHeaders().addHeader("Location", url); |
|
277 int len = count % 2 == 0 ? 2 : -1; |
|
278 t.sendResponseHeaders(302, len); |
|
279 try (OutputStream os = t.getResponseBody()) { |
|
280 os.write(new byte[]{'X', 'Y'}); // stuffing some response body |
|
281 } |
|
282 } else { |
|
283 try (OutputStream os = t.getResponseBody()) { |
|
284 byte[] bytes = MESSAGE.getBytes(UTF_8); |
|
285 t.sendResponseHeaders(200, bytes.length); |
|
286 os.write(bytes); |
|
287 } |
|
288 } |
|
289 } |
|
290 } |
|
291 |
|
292 // Redirects to a, possibly, more secure protocol, (HTTP to HTTPS) |
|
293 static class ToSecureHttpRedirectHandler implements HttpTestHandler { |
|
294 final String targetURL; |
|
295 ToSecureHttpRedirectHandler(String targetURL) { |
|
296 this.targetURL = targetURL; |
|
297 } |
|
298 @Override |
|
299 public void handle(HttpTestExchange t) throws IOException { |
|
300 System.out.println("ToSecureHttpRedirectHandler for: " + t.getRequestURI()); |
|
301 readAllRequestData(t); |
|
302 |
|
303 if (t.getRequestURI().getPath().endsWith("redirect")) { |
|
304 t.getResponseHeaders().addHeader("Location", targetURL); |
|
305 System.out.println("ToSecureHttpRedirectHandler redirecting to: " + targetURL); |
|
306 t.sendResponseHeaders(302, 2); // fixed-length |
|
307 try (OutputStream os = t.getResponseBody()) { |
|
308 os.write(new byte[]{'X', 'Y'}); |
|
309 } |
|
310 } else { |
|
311 Throwable ex = new RuntimeException("Unexpected request"); |
|
312 ex.printStackTrace(); |
|
313 t.sendResponseHeaders(500, 0); |
|
314 } |
|
315 } |
|
316 } |
|
317 |
|
318 // Redirects to a, possibly, less secure protocol (HTTPS to HTTP) |
|
319 static class ToLessSecureRedirectHandler implements HttpTestHandler { |
|
320 final String targetURL; |
|
321 ToLessSecureRedirectHandler(String targetURL) { |
|
322 this.targetURL = targetURL; |
|
323 } |
|
324 @Override |
|
325 public void handle(HttpTestExchange t) throws IOException { |
|
326 System.out.println("ToLessSecureRedirectHandler for: " + t.getRequestURI()); |
|
327 readAllRequestData(t); |
|
328 |
|
329 if (t.getRequestURI().getPath().endsWith("redirect")) { |
|
330 t.getResponseHeaders().addHeader("Location", targetURL); |
|
331 System.out.println("ToLessSecureRedirectHandler redirecting to: " + targetURL); |
|
332 t.sendResponseHeaders(302, -1); // chunked/variable |
|
333 try (OutputStream os = t.getResponseBody()) { |
|
334 os.write(new byte[]{'X', 'Y'}); |
|
335 } |
|
336 } else { |
|
337 Throwable ex = new RuntimeException("Unexpected request"); |
|
338 ex.printStackTrace(); |
|
339 t.sendResponseHeaders(500, 0); |
|
340 } |
|
341 } |
|
342 } |
|
343 |
|
344 static void readAllRequestData(HttpTestExchange t) throws IOException { |
|
345 try (InputStream is = t.getRequestBody()) { |
|
346 is.readAllBytes(); |
|
347 } |
|
348 } |
|
349 } |