Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
/**
* Copyright 2005-2026 Qlik
*<p>
* The content of this file is subject to the terms of the Apache 2.0 open
* source license available at https://www.opensource.org/licenses/apache-2.0
*<p>
* Restlet is a registered trademark of QlikTech International AB.
*/
package org.restlet.ext.crypto;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import org.junit.jupiter.api.Test;
import org.restlet.Context;
import org.restlet.data.ChallengeScheme;
import org.restlet.ext.crypto.internal.AwsVerifier;
import org.restlet.security.MapVerifier;
import org.restlet.security.Verifier;

/** Unit tests for {@link AwsAuthenticator}. */
class AwsAuthenticatorTestCase {

@Test
void constructor_withContextAndRealm_isNotOptional() {
AwsAuthenticator authenticator = new AwsAuthenticator(new Context(), "realm");
assertFalse(authenticator.isOptional());
assertEquals(ChallengeScheme.HTTP_AWS_S3, authenticator.getScheme());
assertNotNull(authenticator.getVerifier());
}

@Test
void constructor_withOptionalFlag_setsOptional() {
AwsAuthenticator authenticator = new AwsAuthenticator(new Context(), true, "realm");
assertTrue(authenticator.isOptional());
}

@Test
void constructor_withExplicitVerifier_usesIt() {
AwsVerifier verifier = new AwsVerifier(null);
AwsAuthenticator authenticator =
new AwsAuthenticator(new Context(), false, "realm", verifier);
assertSame(verifier, authenticator.getVerifier());
}

@Test
void maxRequestAge_getterAndSetter_delegateToVerifier() {
AwsAuthenticator authenticator = new AwsAuthenticator(new Context(), "realm");
authenticator.setMaxRequestAge(1000L);
assertEquals(1000L, authenticator.getMaxRequestAge());
}

@Test
void wrappedVerifier_getterAndSetter_delegateToVerifier() {
AwsAuthenticator authenticator = new AwsAuthenticator(new Context(), "realm");
MapVerifier wrapped = new MapVerifier();
authenticator.setWrappedVerifier(wrapped);
assertSame(wrapped, authenticator.getWrappedVerifier());
}

@Test
void setVerifier_withNonAwsVerifier_throwsIllegalArgumentException() {
AwsAuthenticator authenticator = new AwsAuthenticator(new Context(), "realm");
Verifier notAnAwsVerifier = new MapVerifier();
assertThrows(
IllegalArgumentException.class, () -> authenticator.setVerifier(notAnAwsVerifier));
}

@Test
void setVerifier_withAwsVerifier_replacesIt() {
AwsAuthenticator authenticator = new AwsAuthenticator(new Context(), "realm");
AwsVerifier newVerifier = new AwsVerifier(null);
authenticator.setVerifier(newVerifier);
assertSame(newVerifier, authenticator.getVerifier());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
/**
* Copyright 2005-2026 Qlik
*<p>
* The content of this file is subject to the terms of the Apache 2.0 open
* source license available at https://www.opensource.org/licenses/apache-2.0
*<p>
* Restlet is a registered trademark of QlikTech International AB.
*/
package org.restlet.ext.crypto;

import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;

import java.util.Base64;
import org.junit.jupiter.api.Test;
import org.restlet.data.Digest;

/** Unit tests for {@link DigestUtils}. */
class DigestUtilsTestCase {

@Test
void toMd5_string_matchesKnownVector() {
assertEquals("68e109f0f40ca72a15e05cc22786f8e6", DigestUtils.toMd5("HelloWorld"));
}

@Test
void toMd5_withCharset_matchesKnownVector() throws Exception {
assertEquals("68e109f0f40ca72a15e05cc22786f8e6", DigestUtils.toMd5("HelloWorld", "UTF-8"));
}

@Test
void toSha1_string_isDeterministicBase64() {
String result = DigestUtils.toSha1("HelloWorld");
assertEquals(result, DigestUtils.toSha1("HelloWorld"));
assertEquals(28, result.length());
}

@Test
void toSha1_withCharset_isDeterministic() throws Exception {
assertEquals(
DigestUtils.toSha1("HelloWorld", "UTF-8"),
DigestUtils.toSha1("HelloWorld", "UTF-8"));
}

@Test
void digest_md5Algorithm_delegatesToToMd5() {
assertEquals(
DigestUtils.toMd5("HelloWorld"),
DigestUtils.digest("HelloWorld", Digest.ALGORITHM_MD5));
}

@Test
void digest_sha1Algorithm_delegatesToToSha1() {
assertEquals(
DigestUtils.toSha1("HelloWorld"),
DigestUtils.digest("HelloWorld", Digest.ALGORITHM_SHA_1));
}

@Test
void digest_unsupportedAlgorithm_throwsIllegalArgumentException() {
assertThrows(
IllegalArgumentException.class,
() -> DigestUtils.digest("HelloWorld", "unsupported"));
}

@Test
void digest_charArrayOverload_matchesStringOverload() {
assertArrayEquals(
DigestUtils.digest("HelloWorld", Digest.ALGORITHM_MD5).toCharArray(),
DigestUtils.digest("HelloWorld".toCharArray(), Digest.ALGORITHM_MD5));
}

@Test
void toHMacSha256_bytesKey_matchesKnownVector() {
byte[] result = DigestUtils.toHMacSha256("hello", "secret-key".getBytes());
assertEquals(
"mOf/uWS7Wj+QLbH8EBpbqpi28s1WhYIQydcPJqx2L8c=",
Base64.getEncoder().encodeToString(result));
}

@Test
void toHMacSha256_stringKey_matchesBytesKeyOverload() {
assertArrayEquals(
DigestUtils.toHMacSha256("hello", "secret-key".getBytes()),
DigestUtils.toHMacSha256("hello", "secret-key"));
}

@Test
void toHMacSha1_bytesKey_matchesKnownVector() {
byte[] result = DigestUtils.toHMacSha1("hello", "secret-key".getBytes());
assertEquals("J5rb+6R5G3Md2aC4ofFuty27aR0=", Base64.getEncoder().encodeToString(result));
}

@Test
void toHMacSha1_stringKey_matchesBytesKeyOverload() {
assertArrayEquals(
DigestUtils.toHMacSha1("hello", "secret-key".getBytes()),
DigestUtils.toHMacSha1("hello", "secret-key"));
}

@Test
void toHttpDigest_withSecret_hashesIdentifierRealmAndSecret() {
String expected = DigestUtils.toMd5("user:realm:pass");
assertEquals(expected, DigestUtils.toHttpDigest("user", "pass".toCharArray(), "realm"));
}

@Test
void toHttpDigest_withNullSecret_returnsNull() {
assertNull(DigestUtils.toHttpDigest("user", null, "realm"));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
/**
* Copyright 2005-2026 Qlik
*<p>
* The content of this file is subject to the terms of the Apache 2.0 open
* source license available at https://www.opensource.org/licenses/apache-2.0
*<p>
* Restlet is a registered trademark of QlikTech International AB.
*/
package org.restlet.ext.crypto.internal;

import static org.junit.jupiter.api.Assertions.assertEquals;

import java.util.ArrayList;
import java.util.List;
import org.junit.jupiter.api.Test;
import org.restlet.data.Method;
import org.restlet.data.Parameter;
import org.restlet.data.Reference;

/** Unit tests for the query-signature related methods of {@link AwsUtils}. */
class AwsUtilsQueryTestCase {

private List<Parameter> params() {
List<Parameter> params = new ArrayList<>();
params.add(new Parameter("Version", "2009-04-15"));
params.add(new Parameter("Action", "ListDomains"));
return params;
}

@Test
void getQueryStringToSign_sortsParametersAndConcatenatesFields() {
Reference resourceRef = new Reference("http://sdb.amazonaws.com/");

String result = AwsUtils.getQueryStringToSign(Method.GET, resourceRef, params());

assertEquals("GET\nsdb.amazonaws.com\n/\nAction=ListDomains&Version=2009-04-15", result);
}

@Test
void getQueryStringToSign_nullMethod_omitsMethodName() {
Reference resourceRef = new Reference("http://sdb.amazonaws.com/");

String result = AwsUtils.getQueryStringToSign(null, resourceRef, new ArrayList<>());

assertEquals("\nsdb.amazonaws.com\n/\n", result);
}

@Test
void getQuerySignature_matchesKnownVector() {
Reference resourceRef = new Reference("http://sdb.amazonaws.com/");

String signature =
AwsUtils.getQuerySignature(
Method.GET, resourceRef, params(), "mysecret".toCharArray());

assertEquals("DG2zC7EgmtLBDdwPHV71VBw4mPpvIl1zymtFXAl/trQ=", signature);
}

@Test
void getHmacSha256Signature_isDeterministic() {
String signature1 = AwsUtils.getHmacSha256Signature("hello", "secret".toCharArray());
String signature2 = AwsUtils.getHmacSha256Signature("hello", "secret".toCharArray());
assertEquals(signature1, signature2);
}

@Test
void getHmacSha1Signature_isDeterministic() {
String signature1 = AwsUtils.getHmacSha1Signature("hello", "secret".toCharArray());
String signature2 = AwsUtils.getHmacSha1Signature("hello", "secret".toCharArray());
assertEquals(signature1, signature2);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
/**
* Copyright 2005-2026 Qlik
*<p>
* The content of this file is subject to the terms of the Apache 2.0 open
* source license available at https://www.opensource.org/licenses/apache-2.0
*<p>
* Restlet is a registered trademark of QlikTech International AB.
*/
package org.restlet.ext.crypto.internal;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotSame;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertTrue;

import org.junit.jupiter.api.Test;
import org.restlet.Request;
import org.restlet.data.ChallengeResponse;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Method;
import org.restlet.data.Reference;

/** Unit tests for {@link HttpAwsQueryHelper}. */
class HttpAwsQueryHelperTestCase {

@Test
void constructor_registersAwsQueryScheme() {
HttpAwsQueryHelper helper = new HttpAwsQueryHelper();
assertEquals(ChallengeScheme.HTTP_AWS_QUERY, helper.getChallengeScheme());
}

@Test
void updateReference_withoutActionParameter_returnsSameReference() {
HttpAwsQueryHelper helper = new HttpAwsQueryHelper();
Request request = new Request(Method.GET, "http://sdb.amazonaws.com/");
Reference resourceRef = new Reference("http://sdb.amazonaws.com/");

Reference result = helper.updateReference(resourceRef, null, request);

assertSame(resourceRef, result);
}

@Test
void updateReference_withActionParameter_signsAndAppendsParameters() {
HttpAwsQueryHelper helper = new HttpAwsQueryHelper();
ChallengeResponse challengeResponse =
new ChallengeResponse(
ChallengeScheme.HTTP_AWS_QUERY, "myaccesskey", "mysecret".toCharArray());
Request request = new Request(Method.GET, "http://sdb.amazonaws.com/?Action=ListDomains");
request.setChallengeResponse(challengeResponse);
Reference resourceRef = new Reference("http://sdb.amazonaws.com/?Action=ListDomains");

Reference result = helper.updateReference(resourceRef, challengeResponse, request);

assertNotSame(resourceRef, result);
String query = result.getQuery();
assertTrue(query.contains("AWSAccessKeyId=myaccesskey"));
assertTrue(query.contains("SignatureMethod=HmacSHA256"));
assertTrue(query.contains("SignatureVersion=2"));
assertTrue(query.contains("Version=2009-04-15"));
assertTrue(query.contains("Timestamp="));
assertTrue(query.contains("Signature="));
}
}
Loading
Loading