Correct tests for new behavior.

Author: MikeNeilson

cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/AuthCodePkceTokenRequestBuilder.java

@@ -50,53 +50,55 @@
 
 /**
  * Use Authorization Code + PKCE method to retrieve initial token set.
- * 
+ *
  * If a desktop is available users's default Browser is opened with the given auth URL
  * To complete the additional requirements.
  */
 public final class AuthCodePkceTokenRequestBuilder extends TokenRequestBuilder<AuthCodePkceTokenRequestBuilder> {
     private static final Logger LOGGER = Logger.getLogger(AuthCodePkceTokenRequestBuilder.class.getName());
     @Override
     OAuth2Token retrieveToken() throws IOException {
-    
+
         OAuth2Token retVal = null;
+        HttpServer server = null;
         // https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
         try {
-            byte[] verifierBytes = new byte[64];
+            byte[] verifierBytes = new byte[128];
             SecureRandom.getInstanceStrong().nextBytes(verifierBytes);
             Base64.Encoder b64encoder = Base64.getUrlEncoder().withoutPadding();
             final String verifier = b64encoder.encodeToString(verifierBytes);
             final String originalState = UUID.randomUUID().toString();
 
             MessageDigest md = MessageDigest.getInstance("SHA-256");
             final String challenge = b64encoder.encodeToString(md.digest(verifier.getBytes(StandardCharsets.US_ASCII)));
-            HttpServer server = HttpServer.create(new InetSocketAddress("localhost", 0), 0);            
+            server = HttpServer.create(new InetSocketAddress("localhost", 0), 0);
             int port = server.getAddress().getPort();
             String host = server.getAddress().getHostName();
 
             final CompletableFuture<Result> future = new CompletableFuture<>();
-            
+
             server.createContext("/", new HttpHandler() {
 
                 @Override
                 public void handle(HttpExchange exchange) throws IOException {
                     Result ret = null;
-                    
+
                     final String query = exchange.getRequestURI().getQuery();
-                    LOGGER.finest("Got auth server response." + query);
+                    LOGGER.fine("Got auth server response." + query);
                     final QueryParameters parameters = QueryParameters.parse(query);
                     if (!parameters.get("error").isEmpty()) {
                         String error = parameters.get("error").get(0);
                         String errorDescription = parameters.get("error_description").get(0);
-                        ret = Result.failure(error, errorDescription);                    
+                        ret = Result.failure(error, errorDescription);
                     } else {
                         String code = parameters.get("code").get(0);
                         String state = parameters.get("state").get(0);
                         String session_state = parameters.get("session_state").get(0);
                         ret = Result.success(code ,state, session_state);
                     }
-                    LOGGER.finest("Returning result back to thread.");
-                    server.stop(0);
+                    LOGGER.fine("Returning result back to thread.");
+                    exchange.sendResponseHeaders(201, 0);
+
                     future.complete(ret);
                 }
 
@@ -117,7 +119,7 @@ public void handle(HttpExchange exchange) throws IOException {
             LOGGER.info("Handling Auth Request");
             LOGGER.finer("Auth Request URL: " + urlStr);
             this.authCallBack.accept(URI.create(urlStr));
-            
+
             Result result = future.get(3, TimeUnit.MINUTES); // The user is now required to perform manual operations.
             LOGGER.info("Retrieving Token.");
             if (result.error != null) {
@@ -155,6 +157,11 @@ public void handle(HttpExchange exchange) throws IOException {
         } catch (InterruptedException | ExecutionException | TimeoutException ex) {
             throw new IOException("Unable to form login sequence.", ex);
         }
+        finally {
+            if (server != null) {
+                server.stop(0);
+            }
+        }
     }
 
     private static class Result {

cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestCwbiTokenProvider.java

@@ -28,6 +28,7 @@
 import java.util.Collections;
 import javax.net.ssl.KeyManager;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 import java.io.File;
 import java.io.IOException;
@@ -99,7 +100,7 @@ private String getResource(String resource) throws IOException {
 
     protected void launchMockServerWithResource(String resource) throws IOException {
         mockHttpServer.getMockServer().setDispatcher(new Dispatcher() {
-            private static final Logger LOGGER = Logger.getLogger(TestOidcTokenProvider.class.getName()+"_dispatcher");
+            private final Logger LOGGER = Logger.getLogger(TestOidcTokenProvider.class.getName());
             @Override
             public MockResponse dispatch(RecordedRequest request) throws InterruptedException {
                 final HttpUrl url = request.getRequestUrl();
@@ -113,7 +114,8 @@ public MockResponse dispatch(RecordedRequest request) throws InterruptedExceptio
                                                 .replace("PORT", ""+mockHttpServer.getPort()));
                     }
                     else if (path.endsWith("/auth")) {
-                        fail("CwbiTokenProvider uses direct grant and should not call the /auth endpoint.");
+                        throw new IOException("Endpoint should not be called. Request was " + url.toString());
+                        //fail("CwbiTokenProvider uses direct grant and should not call the /auth endpoint.");
                     }
                     else if (path.endsWith("/token")) {
                         return new MockResponse().setBody(getResource("oauth2token.json"));
@@ -173,13 +175,7 @@ void testClear() throws IOException {
         String resource = "oauth2token.json";
         launchMockServerWithResource(resource);
         String url = buildConnectionInfo().getApiRoot();
-        MockCwbiAuthTokenProvider tokenProvider = new MockCwbiAuthTokenProvider(url, "cumulus", getTestSslSocketFactory());
-        OAuth2Token token = new OAuth2Token();
-        token.setAccessToken("abc123");
-        token.setTokenType("Bearer");
-        token.setExpiresIn(3600);
-        token.setRefreshToken("123abc");
-        tokenProvider.setOAuth2Token(token);
+        CwbiAuthTokenProvider tokenProvider = new CwbiAuthTokenProvider(url, "cumulus", getTestSslSocketFactory());
         OAuth2Token token1 = tokenProvider.getToken();
         OAuth2Token token2 = tokenProvider.getToken();
         assertSame(token1, token2);
@@ -192,13 +188,9 @@ void testRefreshToken() throws IOException {
         String resource = "oauth2token.json";
         launchMockServerWithResource(resource);
         String url = buildConnectionInfo().getApiRoot();
-        MockCwbiAuthTokenProvider tokenProvider = new MockCwbiAuthTokenProvider(url, "cumulus", getTestSslSocketFactory());
-        OAuth2Token token = new OAuth2Token();
-        token.setAccessToken("abc123");
-        token.setTokenType("Bearer");
-        token.setExpiresIn(3600);
-        token.setRefreshToken("123abc");
-        tokenProvider.setOAuth2Token(token);
+        CwbiAuthTokenProvider tokenProvider = new CwbiAuthTokenProvider(url, "cumulus", getTestSslSocketFactory());
+        OAuth2Token token = tokenProvider.getToken();
+        assertNotNull(token, "Failed to retrieve initial token.");
 
         OAuth2Token refreshedToken = tokenProvider.refreshToken();
         assertEquals("MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3", refreshedToken.getAccessToken());

cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java

@@ -30,6 +30,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.fail;
 
 import java.io.File;
 import java.io.IOException;
@@ -38,10 +39,16 @@
 import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.util.logging.Logger;
+
 import javax.net.ssl.SSLSocketFactory;
 import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
+import okhttp3.HttpUrl;
+import okhttp3.mockwebserver.Dispatcher;
 import okhttp3.mockwebserver.MockResponse;
 import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+
 import org.junit.jupiter.api.Test;
 
 class TestDirectGrantX509TokenRequestBuilder {
@@ -52,7 +59,7 @@ void testRetrieveTokenMissingParams() {
         SslSocketData sslSocketData = new SslSocketData(getTestSslSocketFactory(), CwbiAuthTrustManager.getTrustManager());
         assertThrows(NullPointerException.class, () -> {
             OAuth2Token token = new DirectGrantX509TokenRequestBuilder()
-                .withUrl(new ApiConnectionInfoBuilder("https://test.com")
+                .withUrl(new ApiConnectionInfoBuilder("https://test.com/openid-configuration")
                         .withSslSocketData(sslSocketData)
                         .build())
                 .withClientId(null)
@@ -72,13 +79,36 @@ void testDirectGrantX509TokenRequestBuilder() throws IOException {
         try (MockWebServer mockWebServer = new MockWebServer()) {
             SslSocketData sslSocketData = new SslSocketData(getTestSslSocketFactory(), CwbiAuthTrustManager.getTrustManager());
             String body = readJsonFile();
-            mockWebServer.enqueue(new MockResponse().setBody(body).setResponseCode(200));
+            mockWebServer.setDispatcher(new Dispatcher() {
+                private final Logger LOGGER = Logger.getLogger(TestOidcTokenProvider.class.getName());
+                @Override
+                public MockResponse dispatch(RecordedRequest request) throws InterruptedException {
+                    final HttpUrl url = request.getRequestUrl();
+                    final String path = url.encodedPath();
+                    LOGGER.fine("Request for: " + url.toString());
+                    LOGGER.fine("Path: " + path);
+
+
+                    if (path.endsWith("openid-configuration")) {
+                        fail("Using Direct Grant Request builder directly should not invoke the configuration request");
+                    }
+                    else if (path.endsWith("/auth")) {
+                        fail("CwbiTokenProvider uses direct grant and should not call the /auth endpoint.");
+                    }
+                    else if (path.endsWith("/token")) {
+                        return new MockResponse().setBody(body);
+                    }
+
+                    return new MockResponse().setResponseCode(404).setBody("Request not mocked.");
+                }
+            });
             mockWebServer.start();
-            String baseUrl = String.format("http://localhost:%s", mockWebServer.getPort());
+            String baseUrl = String.format("http://localhost:%s/token", mockWebServer.getPort());
             OAuth2Token token = new DirectGrantX509TokenRequestBuilder()
-                .withUrl(new ApiConnectionInfoBuilder(baseUrl)
+                .withTokenUrl(new ApiConnectionInfoBuilder(baseUrl)
                         .withSslSocketData(sslSocketData)
                         .build())
+                .buildRequest()
                 .withClientId("cumulus")
                 .fetchToken();
             assertNotNull(token);

cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestOidcTokenProvider.java

@@ -60,18 +60,14 @@
 import okhttp3.mockwebserver.RecordedRequest;
 
 import org.junit.jupiter.api.AfterEach;
-import static org.junit.jupiter.api.Assertions.assertNotSame;
-import static org.junit.jupiter.api.Assertions.assertSame;
-import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.fail;
 
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.mockito.Mock;
 
 class TestOidcTokenProvider {
-    
+    private static final Logger LOGGER = Logger.getLogger(TestOidcTokenProvider.class.getName());
     static MockHttpServer mockCdaServer;
     static MockHttpServer mockAuthServer;
 
@@ -118,12 +114,12 @@ protected String getResource(String resource) throws IOException {
     @Test
     void testBuildTokenProvider() throws Exception {
         mockAuthServer.getMockServer().setDispatcher(new Dispatcher() {
-            private static final Logger LOGGER = Logger.getLogger(TestOidcTokenProvider.class.getName()+"_dispatcher");
+            private final Logger LOGGER = Logger.getLogger(TestOidcTokenProvider.class.getName()+"_dispatcher");
             @Override
             public MockResponse dispatch(RecordedRequest request) throws InterruptedException {
                 final HttpUrl url = request.getRequestUrl();
                 final String path = url.encodedPath();
-                LOGGER.fine("Request for: " + url.toString());
+                LOGGER.info("Request for: " + url.toString());
                 LOGGER.fine("Path: " + path);
 
                 try {
@@ -134,8 +130,12 @@ public MockResponse dispatch(RecordedRequest request) throws InterruptedExceptio
                     else if (path.endsWith("/auth")) {
                         final String query = request.getRequestUrl().query();
                         final QueryParameters parameters = QueryParameters.parse(query);
-                        final String loc = String.format("%s?code=test&state=a test", parameters.get("redirect_uri").get(0));
-                        return new MockResponse().setResponseCode(302).setHeader("Location", loc);
+                        String redirect = parameters.get("redirect_uri").get(0);
+                        String state = parameters.get("state").get(0);
+                        final String loc = String.format("%s?code=test&state=%s&session_state=zzz", redirect, state);
+                        MockResponse response = new MockResponse().setResponseCode(302).setHeader("Location", loc).setBody("hello");
+                        LOGGER.info(response.toString());
+                        return response;
                     }
                     else if (path.endsWith("/token")) {
                         return new MockResponse().setBody(getResource("oauth2token.json"));
@@ -152,6 +152,7 @@ else if (path.endsWith("/token")) {
         OidcAuthTokenProvider tokenProvider = new OidcAuthTokenProvider("test", wellKnown);
         tokenProvider.setAuthCallback(u -> {
             try {
+                LOGGER.info("Sending " + u.toString());
                 HttpRequestExecutor executor =
                     new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(u.toString()).build())
                         .get()

cwms-http-client/src/test/java/mil/army/usace/hec/cwms/http/client/TestApiConnectionInfo.java

@@ -233,6 +233,18 @@ public OAuth2Token newToken() {
                 token.setScope("create");
                 return token;
             }
+
+            @Override
+            public ApiConnectionInfo getAuthUrl() {
+                // TODO Auto-generated method stub
+                throw new UnsupportedOperationException("Unimplemented method 'getAuthUrl'");
+            }
+
+            @Override
+            public ApiConnectionInfo getTokenUrl() {
+                // TODO Auto-generated method stub
+                throw new UnsupportedOperationException("Unimplemented method 'getTokenUrl'");
+            }
         };
     }
 
@@ -278,6 +290,18 @@ public OAuth2Token refreshToken() {
             public OAuth2Token newToken() {
                 return null;
             }
+
+            @Override
+            public ApiConnectionInfo getAuthUrl() {
+                // TODO Auto-generated method stub
+                throw new UnsupportedOperationException("Unimplemented method 'getAuthUrl'");
+            }
+
+            @Override
+            public ApiConnectionInfo getTokenUrl() {
+                // TODO Auto-generated method stub
+                throw new UnsupportedOperationException("Unimplemented method 'getTokenUrl'");
+            }
         };
     }
 

cwms-http-client/src/test/java/mil/army/usace/hec/cwms/http/client/TestOAuth2TokenAuthenticator.java

@@ -261,5 +261,17 @@ public OAuth2Token newToken() {
             token.setRefreshToken(ACCESS_TOKEN);
             return token;
         }
+
+        @Override
+        public ApiConnectionInfo getAuthUrl() {
+            // TODO Auto-generated method stub
+            throw new UnsupportedOperationException("Unimplemented method 'getAuthUrl'");
+        }
+
+        @Override
+        public ApiConnectionInfo getTokenUrl() {
+            // TODO Auto-generated method stub
+            throw new UnsupportedOperationException("Unimplemented method 'getTokenUrl'");
+        }
     }
 }

cwms-http-client/src/test/java/mil/army/usace/hec/cwms/http/client/TestOAuth2TokenInterceptor.java

@@ -104,6 +104,18 @@ public OAuth2Token newToken() {
                 return token;
             }
 
+            @Override
+            public ApiConnectionInfo getAuthUrl() {
+                // TODO Auto-generated method stub
+                throw new UnsupportedOperationException("Unimplemented method 'getAuthUrl'");
+            }
+
+            @Override
+            public ApiConnectionInfo getTokenUrl() {
+                // TODO Auto-generated method stub
+                throw new UnsupportedOperationException("Unimplemented method 'getTokenUrl'");
+            }
+
         };
     }
 }