Consolidate duplicated test logic into RequestInterceptorHeaderUtilsTest

Move shared merge logic tests (reserved filtering, case-insensitive merge,
overwrite protection, URL passthrough, null/empty interceptor) out of
individual interactor tests into RequestInterceptorHeaderUtilsTest.

Each interactor test now only verifies wiring: that the interceptor is
called for each public method and that null interceptor passes through
unchanged. This eliminates ~370 lines of duplicated test code.

Test distribution:
- RequestInterceptorHeaderUtilsTest: 9 tests (shared merge contract)
- NativeAuthHeaderValidatorTest: 12 tests (validation rules)
- 4 interactor tests: 24 tests total (per-method wiring)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: spetrescu84

common4j/src/test/com/microsoft/identity/common/java/nativeauth/providers/interactors/JITInteractorRequestInterceptorTest.kt

@@ -44,8 +44,9 @@ import org.junit.Test
 import java.net.URL
 
 /**
- * Tests verifying that [JITInteractor] correctly applies custom headers
- * from a [NativeAuthRequestInterceptor] to outgoing HTTP requests.
+ * Tests verifying that [JITInteractor] correctly wires the request interceptor
+ * to each public method. Merge logic, filtering, and edge cases are covered by
+ * [RequestInterceptorHeaderUtilsTest] and [com.microsoft.identity.common.java.nativeauth.providers.NativeAuthHeaderValidatorTest].
  */
 class JITInteractorRequestInterceptorTest {
 
@@ -63,10 +64,7 @@ class JITInteractorRequestInterceptorTest {
 
     private val testInterceptor = object : NativeAuthRequestInterceptor {
         override fun additionalHeaders(requestUrl: URL): Map<String, String>? {
-            return mapOf(
-                "x-akamai-sensor" to "sensor-data-123",
-                "x-fraud-signal" to "signal-abc"
-            )
+            return mapOf("x-akamai-sensor" to "sensor-data-123")
         }
     }
 
@@ -136,7 +134,6 @@ class JITInteractorRequestInterceptorTest {
 
         assertTrue(capturedHeaders.isCaptured)
         assertEquals("sensor-data-123", capturedHeaders.captured["x-akamai-sensor"])
-        assertEquals("signal-abc", capturedHeaders.captured["x-fraud-signal"])
         assertEquals("MSAL.Android", capturedHeaders.captured["x-client-SKU"])
     }
 
@@ -196,42 +193,4 @@ class JITInteractorRequestInterceptorTest {
         assertEquals("sensor-data-123", capturedHeaders.captured["x-akamai-sensor"])
     }
     // endregion
-
-    // region reserved header filtering
-    @Test
-    fun testInterceptorReservedHeadersAreFilteredInJIT() {
-        val filteringInterceptor = object : NativeAuthRequestInterceptor {
-            override fun additionalHeaders(requestUrl: URL): Map<String, String>? {
-                return mapOf(
-                    "x-akamai-sensor" to "valid",
-                    "x-ms-evil" to "should-be-filtered",
-                    "x-client-override" to "should-be-filtered",
-                    "x-app-secret" to "should-be-filtered",
-                    "x-broker-bypass" to "should-be-filtered",
-                    "Authorization" to "should-be-filtered"
-                )
-            }
-        }
-
-        val mockRequest = mockk<JITIntrospectRequest>(relaxed = true)
-        every { mockRequest.requestUrl } returns testUrl
-        every { mockRequest.headers } returns baseHeaders
-        every { mockRequestProvider.createJITIntrospectRequest(any(), any()) } returns mockRequest
-        every { mockResponseHandler.getJITIntrospectApiResponseFromHttpResponse(any(), any()) } returns mockk(relaxed = true)
-
-        val capturedHeaders = setupHttpClientCapture()
-        val interactor = createInteractor(interceptor = filteringInterceptor)
-
-        interactor.performIntrospect(createJITIntrospectParams())
-
-        assertTrue(capturedHeaders.isCaptured)
-        val headers = capturedHeaders.captured
-        assertTrue(headers.containsKey("x-akamai-sensor"))
-        assertFalse("x-ms- prefix should be filtered", headers.containsKey("x-ms-evil"))
-        assertFalse("x-client- prefix should be filtered", headers.containsKey("x-client-override"))
-        assertFalse("x-app- prefix should be filtered", headers.containsKey("x-app-secret"))
-        assertFalse("x-broker- prefix should be filtered", headers.containsKey("x-broker-bypass"))
-        assertFalse("Non x- prefix should be filtered", headers.containsKey("Authorization"))
-    }
-    // endregion
 }

common4j/src/test/com/microsoft/identity/common/java/nativeauth/providers/interactors/RequestInterceptorHeaderUtilsTest.kt

@@ -1,25 +1,25 @@
-// Copyright (c) Microsoft Corporation.
-// All rights reserved.
+//  Copyright (c) Microsoft Corporation.
+//  All rights reserved.
 //
-// This code is licensed under the MIT License.
+//  This code is licensed under the MIT License.
 //
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files(the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions :
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files(the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions :
 //
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
+//  The above copyright notice and this permission notice shall be included in
+//  all copies or substantial portions of the Software.
 //
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+//  THE SOFTWARE.
 package com.microsoft.identity.common.java.nativeauth.providers.interactors
 
 import com.microsoft.identity.common.java.nativeauth.providers.NativeAuthRequestInterceptor
@@ -30,91 +30,197 @@ import org.junit.Assert.assertTrue
 import org.junit.Test
 import java.net.URL
 
+/**
+ * Unit tests for [applyInterceptorHeaders], the shared helper that merges
+ * interceptor-provided custom headers into base request headers.
+ *
+ * These tests cover the helper's contract directly, so interactor-level tests
+ * only need to verify that each interactor method passes headers through
+ * to the HTTP client (i.e., the wiring, not the merge logic).
+ */
 class RequestInterceptorHeaderUtilsTest {
 
-    private val requestUrl = URL("https://contoso.ciamlogin.com/oauth2/v2.0/initiate")
+    private val testUrl = URL("https://contoso.ciamlogin.com/oauth2/v2.0/initiate")
+
+    private val baseHeaders = mapOf<String, String?>(
+        "Content-Type" to "application/x-www-form-urlencoded",
+        "x-client-SKU" to "MSAL.Android",
+        "Accept" to "application/json"
+    )
+
+    // region null / empty interceptor scenarios
 
     @Test
-    fun testApplyInterceptorHeadersReturnsOriginalMapWhenInterceptorIsNull() {
-        val headers = mapOf("Content-Type" to "application/x-www-form-urlencoded")
+    fun testNullInterceptorReturnsSameHeaders() {
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, null)
+        assertSame("Null interceptor should return the exact same map instance", baseHeaders, result)
+    }
 
-        val result = applyInterceptorHeaders(requestUrl, headers, null)
+    @Test
+    fun testInterceptorReturningNullReturnsSameHeaders() {
+        val interceptor = object : NativeAuthRequestInterceptor {
+            override fun additionalHeaders(requestUrl: URL): Map<String, String>? = null
+        }
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
+        assertSame("Interceptor returning null should return the exact same map instance", baseHeaders, result)
+    }
 
-        assertSame(headers, result)
+    @Test
+    fun testInterceptorReturningEmptyMapReturnsSameHeaders() {
+        val interceptor = object : NativeAuthRequestInterceptor {
+            override fun additionalHeaders(requestUrl: URL): Map<String, String>? = emptyMap()
+        }
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
+        assertSame("Interceptor returning empty map should return the exact same map instance", baseHeaders, result)
     }
 
+    // endregion
+
+    // region valid header merge
+
     @Test
-    fun testApplyInterceptorHeadersMergesValidCustomHeaders() {
-        val headers = mapOf("Content-Type" to "application/x-www-form-urlencoded")
+    fun testValidCustomHeadersAreMergedWithBaseHeaders() {
         val interceptor = object : NativeAuthRequestInterceptor {
             override fun additionalHeaders(requestUrl: URL): Map<String, String> {
-                return mapOf("x-test-header" to "value")
+                return mapOf(
+                    "x-akamai-sensor" to "sensor-data-123",
+                    "x-fraud-signal" to "signal-abc"
+                )
             }
         }
 
-        val result = applyInterceptorHeaders(requestUrl, headers, interceptor)
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
 
-        assertEquals(2, result.size)
+        assertEquals(5, result.size)
+        assertEquals("sensor-data-123", result["x-akamai-sensor"])
+        assertEquals("signal-abc", result["x-fraud-signal"])
         assertEquals("application/x-www-form-urlencoded", result["Content-Type"])
-        assertEquals("value", result["x-test-header"])
+        assertEquals("MSAL.Android", result["x-client-SKU"])
+        assertEquals("application/json", result["Accept"])
     }
 
+    // endregion
+
+    // region reserved header filtering (integration with NativeAuthHeaderValidator)
+
     @Test
-    fun testApplyInterceptorHeadersFiltersReservedAndNonCustomHeaders() {
-        val headers = mapOf("Content-Type" to "application/x-www-form-urlencoded")
+    fun testReservedPrefixHeadersAreFiltered() {
         val interceptor = object : NativeAuthRequestInterceptor {
             override fun additionalHeaders(requestUrl: URL): Map<String, String> {
                 return mapOf(
-                    "x-ms-client-request-id" to "reserved",
-                    "Authorization" to "rejected",
-                    "x-valid" to "kept"
+                    "x-akamai-sensor" to "valid",
+                    "x-ms-evil" to "should-be-filtered",
+                    "x-client-override" to "should-be-filtered",
+                    "x-app-secret" to "should-be-filtered",
+                    "x-broker-bypass" to "should-be-filtered",
+                    "Authorization" to "should-be-filtered"
                 )
             }
         }
 
-        val result = applyInterceptorHeaders(requestUrl, headers, interceptor)
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
 
-        assertEquals(2, result.size)
-        assertTrue(result.containsKey("x-valid"))
-        assertFalse(result.containsKey("Authorization"))
-        assertFalse(result.containsKey("x-ms-client-request-id"))
+        assertTrue(result.containsKey("x-akamai-sensor"))
+        assertFalse("x-ms- prefix should be filtered", result.containsKey("x-ms-evil"))
+        assertFalse("x-client- prefix should be filtered", result.containsKey("x-client-override"))
+        assertFalse("x-app- prefix should be filtered", result.containsKey("x-app-secret"))
+        assertFalse("x-broker- prefix should be filtered", result.containsKey("x-broker-bypass"))
+        assertFalse("Non x- prefix should be filtered", result.containsKey("authorization"))
     }
 
     @Test
-    fun testApplyInterceptorHeadersMergesCaseInsensitiveWithBaseHeaders() {
-        val headers = mapOf(
-            "X-Custom-Header" to "base",
-            "Content-Type" to "application/x-www-form-urlencoded"
+    fun testInterceptorCannotOverwriteReservedBaseHeaders() {
+        val interceptor = object : NativeAuthRequestInterceptor {
+            override fun additionalHeaders(requestUrl: URL): Map<String, String> {
+                return mapOf(
+                    "x-client-SKU" to "Evil.SDK",
+                    "x-ms-request-id" to "fake-id",
+                    "x-akamai-sensor" to "valid-data"
+                )
+            }
+        }
+
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
+
+        // Reserved prefix headers from interceptor should be filtered, preserving base values
+        assertEquals("MSAL.Android", result["x-client-SKU"])
+        assertFalse("x-ms- prefix should be filtered", result.containsKey("x-ms-request-id"))
+        // Valid custom header should be merged
+        assertEquals("valid-data", result["x-akamai-sensor"])
+    }
+
+    @Test
+    fun testAllInvalidHeadersReturnsSameBaseSize() {
+        val interceptor = object : NativeAuthRequestInterceptor {
+            override fun additionalHeaders(requestUrl: URL): Map<String, String> {
+                return mapOf(
+                    "x-ms-evil" to "filtered",
+                    "Authorization" to "filtered",
+                    "Content-Type" to "filtered"
+                )
+            }
+        }
+
+        val result = applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
+
+        assertEquals(baseHeaders.size, result.size)
+        assertEquals("application/x-www-form-urlencoded", result["Content-Type"])
+        assertEquals("MSAL.Android", result["x-client-SKU"])
+        assertEquals("application/json", result["Accept"])
+    }
+
+    // endregion
+
+    // region case-insensitive merge
+
+    @Test
+    fun testCaseInsensitiveHeaderMerge() {
+        val baseHeadersWithCustom = mapOf<String, String?>(
+            "Content-Type" to "application/x-www-form-urlencoded",
+            "x-client-SKU" to "MSAL.Android",
+            "x-existing-custom" to "old-value"
         )
+
         val interceptor = object : NativeAuthRequestInterceptor {
             override fun additionalHeaders(requestUrl: URL): Map<String, String> {
-                return mapOf("x-custom-header" to "override")
+                return mapOf(
+                    "X-Existing-Custom" to "new-value",
+                    "x-new-header" to "new-data"
+                )
             }
         }
 
-        val result = applyInterceptorHeaders(requestUrl, headers, interceptor)
+        val result = applyInterceptorHeaders(testUrl, baseHeadersWithCustom, interceptor)
 
-        assertEquals(2, result.size)
-        assertEquals("override", result["x-custom-header"])
-        assertFalse(result.containsKey("X-Custom-Header"))
+        // Original casing key should be replaced by the normalized (lowercase) key from validator
+        assertFalse(
+            "Original and new casing keys should not both exist",
+            result.containsKey("x-existing-custom") && result.containsKey("X-Existing-Custom")
+        )
+        assertEquals("new-value", result["x-existing-custom"])
+        assertEquals("new-data", result["x-new-header"])
+        assertEquals("MSAL.Android", result["x-client-SKU"])
     }
 
+    // endregion
+
+    // region URL passthrough
+
     @Test
-    fun testApplyInterceptorHeadersPassesRequestUrlToInterceptor() {
-        var capturedUrl: URL? = null
+    fun testInterceptorReceivesCorrectRequestUrl() {
+        val capturedUrls = mutableListOf<URL>()
         val interceptor = object : NativeAuthRequestInterceptor {
             override fun additionalHeaders(requestUrl: URL): Map<String, String>? {
-                capturedUrl = requestUrl
-                return emptyMap()
+                capturedUrls.add(requestUrl)
+                return mapOf("x-test" to "value")
             }
         }
 
-        applyInterceptorHeaders(
-            requestUrl = requestUrl,
-            headers = mapOf("Content-Type" to "application/x-www-form-urlencoded"),
-            requestInterceptor = interceptor
-        )
+        applyInterceptorHeaders(testUrl, baseHeaders, interceptor)
 
-        assertEquals(requestUrl, capturedUrl)
+        assertEquals(1, capturedUrls.size)
+        assertEquals(testUrl, capturedUrls[0])
     }
+
+    // endregion
 }