test/jdk/java/net/httpclient/BasicRedirectTest.java
author jboes
Fri, 08 Nov 2019 11:15:16 +0000
changeset 59029 3786a0962570
parent 52121 934969c63223
permissions -rw-r--r--
8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException Summary: Change implementation to use iterator instead of plain LinkedList Reviewed-by: dfuchs, vtewari

/*
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @summary Basic test for redirect and redirect policies
 * @modules java.base/sun.net.www.http
 *          java.net.http/jdk.internal.net.http.common
 *          java.net.http/jdk.internal.net.http.frame
 *          java.net.http/jdk.internal.net.http.hpack
 *          java.logging
 *          jdk.httpserver
 * @library /test/lib http2/server
 * @build Http2TestServer
 * @build jdk.test.lib.net.SimpleSSLContext
 * @run testng/othervm
 *       -Djdk.httpclient.HttpClient.log=trace,headers,requests
 *       BasicRedirectTest
 */

import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpClient.Redirect;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import javax.net.ssl.SSLContext;
import jdk.test.lib.net.SimpleSSLContext;
import org.testng.annotations.AfterTest;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import static java.lang.System.out;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertTrue;

public class BasicRedirectTest implements HttpServerAdapters {

    SSLContext sslContext;
    HttpTestServer httpTestServer;        // HTTP/1.1    [ 4 servers ]
    HttpTestServer httpsTestServer;       // HTTPS/1.1
    HttpTestServer http2TestServer;       // HTTP/2 ( h2c )
    HttpTestServer https2TestServer;      // HTTP/2 ( h2  )
    String httpURI;
    String httpURIToMoreSecure; // redirects HTTP to HTTPS
    String httpsURI;
    String httpsURIToLessSecure; // redirects HTTPS to HTTP
    String http2URI;
    String http2URIToMoreSecure; // redirects HTTP to HTTPS
    String https2URI;
    String https2URIToLessSecure; // redirects HTTPS to HTTP

    static final String MESSAGE = "Is fearr Gaeilge briste, na Bearla cliste";
    static final int ITERATIONS = 3;

    @DataProvider(name = "positive")
    public Object[][] positive() {
        return new Object[][] {
                { httpURI,               Redirect.ALWAYS        },
                { httpsURI,              Redirect.ALWAYS        },
                { http2URI,              Redirect.ALWAYS        },
                { https2URI,             Redirect.ALWAYS        },
                { httpURIToMoreSecure,   Redirect.ALWAYS        },
                { http2URIToMoreSecure,  Redirect.ALWAYS        },
                { httpsURIToLessSecure,  Redirect.ALWAYS        },
                { https2URIToLessSecure, Redirect.ALWAYS        },

                { httpURI,               Redirect.NORMAL        },
                { httpsURI,              Redirect.NORMAL        },
                { http2URI,              Redirect.NORMAL        },
                { https2URI,             Redirect.NORMAL        },
                { httpURIToMoreSecure,   Redirect.NORMAL        },
                { http2URIToMoreSecure,  Redirect.NORMAL        },
        };
    }

    @Test(dataProvider = "positive")
    void test(String uriString, Redirect redirectPolicy) throws Exception {
        out.printf("%n---- starting positive (%s, %s) ----%n", uriString, redirectPolicy);
        HttpClient client = HttpClient.newBuilder()
                .followRedirects(redirectPolicy)
                .sslContext(sslContext)
                .build();

        URI uri = URI.create(uriString);
        HttpRequest request = HttpRequest.newBuilder(uri).build();
        out.println("Initial request: " + request.uri());

        for (int i=0; i< ITERATIONS; i++) {
            out.println("iteration: " + i);
            HttpResponse<String> response = client.send(request, BodyHandlers.ofString());

            out.println("  Got response: " + response);
            out.println("  Got body Path: " + response.body());
            out.println("  Got response.request: " + response.request());

            assertEquals(response.statusCode(), 200);
            assertEquals(response.body(), MESSAGE);
            // asserts redirected URI in response.request().uri()
            assertTrue(response.uri().getPath().endsWith("message"));
            assertPreviousRedirectResponses(request, response);
        }
    }

    static void assertPreviousRedirectResponses(HttpRequest initialRequest,
                                                HttpResponse<?> finalResponse) {
        // there must be at least one previous response
        finalResponse.previousResponse()
                .orElseThrow(() -> new RuntimeException("no previous response"));

        HttpResponse<?> response = finalResponse;
        do {
            URI uri = response.uri();
            response = response.previousResponse().get();
            assertTrue(300 <= response.statusCode() && response.statusCode() <= 309,
                       "Expected 300 <= code <= 309, got:" + response.statusCode());
            assertEquals(response.body(), null, "Unexpected body: " + response.body());
            String locationHeader = response.headers().firstValue("Location")
                      .orElseThrow(() -> new RuntimeException("no previous Location"));
            assertTrue(uri.toString().endsWith(locationHeader),
                      "URI: " + uri + ", Location: " + locationHeader);

        } while (response.previousResponse().isPresent());

        // initial
        assertEquals(initialRequest, response.request(),
                String.format("Expected initial request [%s] to equal last prev req [%s]",
                              initialRequest, response.request()));
    }

    // --  negatives

    @DataProvider(name = "negative")
    public Object[][] negative() {
        return new Object[][] {
                { httpURI,               Redirect.NEVER         },
                { httpsURI,              Redirect.NEVER         },
                { http2URI,              Redirect.NEVER         },
                { https2URI,             Redirect.NEVER         },
                { httpURIToMoreSecure,   Redirect.NEVER         },
                { http2URIToMoreSecure,  Redirect.NEVER         },
                { httpsURIToLessSecure,  Redirect.NEVER         },
                { https2URIToLessSecure, Redirect.NEVER         },

                { httpsURIToLessSecure,  Redirect.NORMAL        },
                { https2URIToLessSecure, Redirect.NORMAL        },
        };
    }

    @Test(dataProvider = "negative")
    void testNegatives(String uriString,Redirect redirectPolicy) throws Exception {
        out.printf("%n---- starting negative (%s, %s) ----%n", uriString, redirectPolicy);
        HttpClient client = HttpClient.newBuilder()
                .followRedirects(redirectPolicy)
                .sslContext(sslContext)
                .build();

        URI uri = URI.create(uriString);
        HttpRequest request = HttpRequest.newBuilder(uri).build();
        out.println("Initial request: " + request.uri());

        for (int i=0; i< ITERATIONS; i++) {
            out.println("iteration: " + i);
            HttpResponse<String> response = client.send(request, BodyHandlers.ofString());

            out.println("  Got response: " + response);
            out.println("  Got body Path: " + response.body());
            out.println("  Got response.request: " + response.request());

            assertEquals(response.statusCode(), 302);
            assertEquals(response.body(), "XY");
            // asserts original URI in response.request().uri()
            assertTrue(response.uri().equals(uri));
            assertFalse(response.previousResponse().isPresent());
        }
    }


    // -- Infrastructure

    @BeforeTest
    public void setup() throws Exception {
        sslContext = new SimpleSSLContext().get();
        if (sslContext == null)
            throw new AssertionError("Unexpected null sslContext");

        InetSocketAddress sa = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);

        httpTestServer = HttpTestServer.of(HttpServer.create(sa, 0));
        httpTestServer.addHandler(new BasicHttpRedirectHandler(), "/http1/same/");
        httpURI = "http://" + httpTestServer.serverAuthority() + "/http1/same/redirect";
        HttpsServer httpsServer = HttpsServer.create(sa, 0);
        httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
        httpsTestServer = HttpTestServer.of(httpsServer);
        httpsTestServer.addHandler(new BasicHttpRedirectHandler(),"/https1/same/");
        httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1/same/redirect";

        http2TestServer = HttpTestServer.of(new Http2TestServer("localhost", false, 0));
        http2TestServer.addHandler(new BasicHttpRedirectHandler(), "/http2/same/");
        http2URI = "http://" + http2TestServer.serverAuthority() + "/http2/same/redirect";
        https2TestServer = HttpTestServer.of(new Http2TestServer("localhost", true, sslContext));
        https2TestServer.addHandler(new BasicHttpRedirectHandler(), "/https2/same/");
        https2URI = "https://" + https2TestServer.serverAuthority() + "/https2/same/redirect";


        // HTTP to HTTPS redirect handler
        httpTestServer.addHandler(new ToSecureHttpRedirectHandler(httpsURI), "/http1/toSecure/");
        httpURIToMoreSecure = "http://" + httpTestServer.serverAuthority()+ "/http1/toSecure/redirect";
        // HTTP2 to HTTP2S redirect handler
        http2TestServer.addHandler(new ToSecureHttpRedirectHandler(https2URI), "/http2/toSecure/");
        http2URIToMoreSecure = "http://" + http2TestServer.serverAuthority() + "/http2/toSecure/redirect";

        // HTTPS to HTTP redirect handler
        httpsTestServer.addHandler(new ToLessSecureRedirectHandler(httpURI), "/https1/toLessSecure/");
        httpsURIToLessSecure = "https://" + httpsTestServer.serverAuthority() + "/https1/toLessSecure/redirect";
        // HTTPS2 to HTTP2 redirect handler
        https2TestServer.addHandler(new ToLessSecureRedirectHandler(http2URI), "/https2/toLessSecure/");
        https2URIToLessSecure = "https://" + https2TestServer.serverAuthority() + "/https2/toLessSecure/redirect";

        httpTestServer.start();
        httpsTestServer.start();
        http2TestServer.start();
        https2TestServer.start();
    }

    @AfterTest
    public void teardown() throws Exception {
        httpTestServer.stop();
        httpsTestServer.stop();
        http2TestServer.stop();
        https2TestServer.stop();
    }

    // Redirects to same protocol
    static class BasicHttpRedirectHandler implements HttpTestHandler {
        // flip-flop between chunked/variable and fixed length redirect responses
        volatile int count;

        @Override
        public void handle(HttpTestExchange t) throws IOException {
            System.out.println("BasicHttpRedirectHandler for: " + t.getRequestURI());
            readAllRequestData(t);

            if (t.getRequestURI().getPath().endsWith("redirect")) {
                String url = t.getRequestURI().resolve("message").toString();
                t.getResponseHeaders().addHeader("Location", url);
                int len = count % 2 == 0 ? 2 : -1;
                t.sendResponseHeaders(302, len);
                try (OutputStream os = t.getResponseBody()) {
                    os.write(new byte[]{'X', 'Y'});  // stuffing some response body
                }
            } else {
                try (OutputStream os = t.getResponseBody()) {
                    byte[] bytes = MESSAGE.getBytes(UTF_8);
                    t.sendResponseHeaders(200, bytes.length);
                    os.write(bytes);
                }
            }
        }
    }

    // Redirects to a, possibly, more secure protocol, (HTTP to HTTPS)
    static class ToSecureHttpRedirectHandler implements HttpTestHandler {
        final String targetURL;
        ToSecureHttpRedirectHandler(String targetURL) {
            this.targetURL = targetURL;
        }
        @Override
        public void handle(HttpTestExchange t) throws IOException {
            System.out.println("ToSecureHttpRedirectHandler for: " + t.getRequestURI());
            readAllRequestData(t);

            if (t.getRequestURI().getPath().endsWith("redirect")) {
                t.getResponseHeaders().addHeader("Location", targetURL);
                System.out.println("ToSecureHttpRedirectHandler redirecting to: " + targetURL);
                t.sendResponseHeaders(302, 2); // fixed-length
                try (OutputStream os = t.getResponseBody()) {
                    os.write(new byte[]{'X', 'Y'});
                }
            } else {
                Throwable ex = new RuntimeException("Unexpected request");
                ex.printStackTrace();
                t.sendResponseHeaders(500, 0);
            }
        }
    }

    // Redirects to a, possibly, less secure protocol (HTTPS to HTTP)
    static class ToLessSecureRedirectHandler implements HttpTestHandler {
        final String targetURL;
        ToLessSecureRedirectHandler(String targetURL) {
            this.targetURL = targetURL;
        }
        @Override
        public void handle(HttpTestExchange t) throws IOException {
            System.out.println("ToLessSecureRedirectHandler for: " + t.getRequestURI());
            readAllRequestData(t);

            if (t.getRequestURI().getPath().endsWith("redirect")) {
                t.getResponseHeaders().addHeader("Location", targetURL);
                System.out.println("ToLessSecureRedirectHandler redirecting to: " + targetURL);
                t.sendResponseHeaders(302, -1);  // chunked/variable
                try (OutputStream os = t.getResponseBody()) {
                    os.write(new byte[]{'X', 'Y'});
                }
            } else {
                Throwable ex = new RuntimeException("Unexpected request");
                ex.printStackTrace();
                t.sendResponseHeaders(500, 0);
            }
        }
    }

    static void readAllRequestData(HttpTestExchange t) throws IOException {
        try (InputStream is = t.getRequestBody()) {
            is.readAllBytes();
        }
    }
}