View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.hc.client5.http.impl.cache;
28  
29  import java.io.IOException;
30  import java.util.Date;
31  import java.util.Random;
32  
33  import org.apache.hc.client5.http.ClientProtocolException;
34  import org.apache.hc.client5.http.HttpRoute;
35  import org.apache.hc.client5.http.cache.HttpCacheContext;
36  import org.apache.hc.client5.http.classic.ExecChain;
37  import org.apache.hc.client5.http.classic.ExecChainHandler;
38  import org.apache.hc.client5.http.classic.ExecRuntime;
39  import org.apache.hc.client5.http.utils.DateUtils;
40  import org.apache.hc.core5.http.ClassicHttpRequest;
41  import org.apache.hc.core5.http.ClassicHttpResponse;
42  import org.apache.hc.core5.http.HttpEntity;
43  import org.apache.hc.core5.http.HttpException;
44  import org.apache.hc.core5.http.HttpHost;
45  import org.apache.hc.core5.http.HttpRequest;
46  import org.apache.hc.core5.http.HttpResponse;
47  import org.apache.hc.core5.http.HttpStatus;
48  import org.apache.hc.core5.http.io.entity.ByteArrayEntity;
49  import org.apache.hc.core5.http.message.BasicClassicHttpRequest;
50  import org.apache.hc.core5.http.message.BasicClassicHttpResponse;
51  import org.easymock.Capture;
52  import org.easymock.EasyMock;
53  import org.junit.Assert;
54  import org.junit.Before;
55  import org.junit.Ignore;
56  import org.junit.Test;
57  
58  /**
59   * We are a conditionally-compliant HTTP/1.1 client with a cache. However, a lot
60   * of the rules for proxies apply to us, as far as proper operation of the
61   * requests that pass through us. Generally speaking, we want to make sure that
62   * any response returned from our HttpClient.execute() methods is conditionally
63   * compliant with the rules for an HTTP/1.1 server, and that any requests we
64   * pass downstream to the backend HttpClient are are conditionally compliant
65   * with the rules for an HTTP/1.1 client.
66   *
67   * There are some cases where strictly behaving as a compliant caching proxy
68   * would result in strange behavior, since we're attached as part of a client
69   * and are expected to be a drop-in replacement. The test cases captured here
70   * document the places where we differ from the HTTP RFC.
71   */
72  @SuppressWarnings("boxing") // test code
73  public class TestProtocolDeviations {
74  
75      private static final int MAX_BYTES = 1024;
76      private static final int MAX_ENTRIES = 100;
77  
78      private HttpHost host;
79      private HttpRoute route;
80      private HttpEntity mockEntity;
81      private ExecRuntime mockEndpoint;
82      private ExecChain mockExecChain;
83      private HttpCache mockCache;
84      private ClassicHttpRequest request;
85      private HttpCacheContext context;
86      private ClassicHttpResponse originResponse;
87  
88      private ExecChainHandler impl;
89  
90      @Before
91      public void setUp() {
92          host = new HttpHost("foo.example.com", 80);
93  
94          route = new HttpRoute(host);
95  
96          request = new BasicClassicHttpRequest("GET", "/foo");
97  
98          context = HttpCacheContext.create();
99  
100         originResponse = make200Response();
101 
102         final CacheConfig config = CacheConfig.custom()
103                 .setMaxCacheEntries(MAX_ENTRIES)
104                 .setMaxObjectSize(MAX_BYTES)
105                 .build();
106 
107         final HttpCache cache = new BasicHttpCache(config);
108         mockEndpoint = EasyMock.createNiceMock(ExecRuntime.class);
109         mockExecChain = EasyMock.createNiceMock(ExecChain.class);
110         mockEntity = EasyMock.createNiceMock(HttpEntity.class);
111         mockCache = EasyMock.createNiceMock(HttpCache.class);
112 
113         impl = createCachingExecChain(cache, config);
114     }
115 
116     private ClassicHttpResponse execute(final ClassicHttpRequest request) throws IOException, HttpException {
117         return impl.execute(request,
118                 new ExecChain.Scope("test", route, request, mockEndpoint, context),
119                 mockExecChain);
120     }
121 
122     protected ExecChainHandler createCachingExecChain(final HttpCache cache, final CacheConfig config) {
123         return new CachingExec(cache, null, config);
124     }
125 
126     private ClassicHttpResponse make200Response() {
127         final ClassicHttpResponse out = new BasicClassicHttpResponse(HttpStatus.SC_OK, "OK");
128         out.setHeader("Date", DateUtils.formatDate(new Date()));
129         out.setHeader("Server", "MockOrigin/1.0");
130         out.setEntity(makeBody(128));
131         return out;
132     }
133 
134     private void replayMocks() {
135         EasyMock.replay(mockExecChain);
136         EasyMock.replay(mockCache);
137         EasyMock.replay(mockEntity);
138     }
139 
140     private void verifyMocks() {
141         EasyMock.verify(mockExecChain);
142         EasyMock.verify(mockCache);
143         EasyMock.verify(mockEntity);
144     }
145 
146     private HttpEntity makeBody(final int nbytes) {
147         final byte[] bytes = new byte[nbytes];
148         new Random().nextBytes(bytes);
149         return new ByteArrayEntity(bytes, null);
150     }
151 
152     public static HttpRequest eqRequest(final HttpRequest in) {
153         org.easymock.EasyMock.reportMatcher(new RequestEquivalent(in));
154         return null;
155     }
156 
157     /*
158      * "For compatibility with HTTP/1.0 applications, HTTP/1.1 requests
159      * containing a message-body MUST include a valid Content-Length header
160      * field unless the server is known to be HTTP/1.1 compliant. If a request
161      * contains a message-body and a Content-Length is not given, the server
162      * SHOULD respond with 400 (bad request) if it cannot determine the length
163      * of the message, or with 411 (length required) if it wishes to insist on
164      * receiving a valid Content-Length."
165      *
166      * http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4
167      *
168      * 8/23/2010 JRC - This test has been moved to Ignore.  The caching client
169      * was set to return status code 411 on a missing content-length header when
170      * a request had a body.  It seems that somewhere deeper in the client stack
171      * this header is added automatically for us - so the caching client shouldn't
172      * specifically be worried about this requirement.
173      */
174     @Ignore
175     public void testHTTP1_1RequestsWithBodiesOfKnownLengthMustHaveContentLength() throws Exception {
176         final ClassicHttpRequest post = new BasicClassicHttpRequest("POST", "/");
177         post.setEntity(mockEntity);
178 
179         replayMocks();
180 
181         final HttpResponse response = execute(post);
182 
183         verifyMocks();
184 
185         Assert.assertEquals(HttpStatus.SC_LENGTH_REQUIRED, response.getCode());
186     }
187 
188     /*
189      * Discussion: if an incoming request has a body, but the HttpEntity
190      * attached has an unknown length (meaning entity.getContentLength() is
191      * negative), we have two choices if we want to be conditionally compliant.
192      * (1) we can slurp the whole body into a bytearray and compute its length
193      * before sending; or (2) we can push responsibility for (1) back onto the
194      * client by just generating a 411 response
195      *
196      * There is a third option, which is that we delegate responsibility for (1)
197      * onto the backend HttpClient, but because that is an injected dependency,
198      * we can't rely on it necessarily being conditionally compliant with
199      * HTTP/1.1. Currently, option (2) seems like the safest bet, as this
200      * exposes to the client application that the slurping required for (1)
201      * needs to happen in order to compute the content length.
202      *
203      * In any event, this test just captures the behavior required.
204      *
205      * 8/23/2010 JRC - This test has been moved to Ignore.  The caching client
206      * was set to return status code 411 on a missing content-length header when
207      * a request had a body.  It seems that somewhere deeper in the client stack
208      * this header is added automatically for us - so the caching client shouldn't
209      * specifically be worried about this requirement.
210      */
211     @Ignore
212     public void testHTTP1_1RequestsWithUnknownBodyLengthAreRejectedOrHaveContentLengthAdded()
213             throws Exception {
214         final ClassicHttpRequest post = new BasicClassicHttpRequest("POST", "/");
215 
216         final byte[] bytes = new byte[128];
217         new Random().nextBytes(bytes);
218 
219         final HttpEntity mockBody = EasyMock.createMockBuilder(ByteArrayEntity.class).withConstructor(
220                 new Object[] { bytes }).addMockedMethods("getContentLength").createNiceMock();
221         org.easymock.EasyMock.expect(mockBody.getContentLength()).andReturn(-1L).anyTimes();
222         post.setEntity(mockBody);
223 
224         final Capture<ClassicHttpRequest> reqCap = EasyMock.newCapture();
225         EasyMock.expect(
226                 mockExecChain.proceed(
227                         EasyMock.capture(reqCap),
228                         EasyMock.isA(ExecChain.Scope.class))).andReturn(
229                                 originResponse).times(0, 1);
230 
231         replayMocks();
232         EasyMock.replay(mockBody);
233 
234         final HttpResponse result = execute(post);
235 
236         verifyMocks();
237         EasyMock.verify(mockBody);
238 
239         if (reqCap.hasCaptured()) {
240             // backend request was made
241             final HttpRequest forwarded = reqCap.getValue();
242             Assert.assertNotNull(forwarded.getFirstHeader("Content-Length"));
243         } else {
244             final int status = result.getCode();
245             Assert.assertTrue(HttpStatus.SC_LENGTH_REQUIRED == status
246                     || HttpStatus.SC_BAD_REQUEST == status);
247         }
248     }
249 
250     /*
251      * "10.2.7 206 Partial Content ... The request MUST have included a Range
252      * header field (section 14.35) indicating the desired range, and MAY have
253      * included an If-Range header field (section 14.27) to make the request
254      * conditional."
255      *
256      * http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.7
257      */
258     @Test
259     public void testPartialContentIsNotReturnedToAClientThatDidNotAskForIt() throws Exception {
260 
261         // tester's note: I don't know what the cache will *do* in
262         // this situation, but it better not just pass the response
263         // on.
264         request.removeHeaders("Range");
265         originResponse = new BasicClassicHttpResponse(HttpStatus.SC_PARTIAL_CONTENT, "Partial Content");
266         originResponse.setHeader("Content-Range", "bytes 0-499/1234");
267         originResponse.setEntity(makeBody(500));
268 
269         EasyMock.expect(
270                 mockExecChain.proceed(
271                         EasyMock.isA(ClassicHttpRequest.class),
272                         EasyMock.isA(ExecChain.Scope.class))).andReturn(originResponse);
273 
274         replayMocks();
275         try {
276             final HttpResponse result = execute(request);
277             Assert.assertTrue(HttpStatus.SC_PARTIAL_CONTENT != result.getCode());
278         } catch (final ClientProtocolException acceptableBehavior) {
279             // this is probably ok
280         }
281     }
282 
283     /*
284      * "10.4.2 401 Unauthorized ... The response MUST include a WWW-Authenticate
285      * header field (section 14.47) containing a challenge applicable to the
286      * requested resource."
287      *
288      * http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
289      */
290     @Test
291     public void testPassesOnOrigin401ResponseWithoutWWWAuthenticateHeader() throws Exception {
292 
293         originResponse = new BasicClassicHttpResponse(401, "Unauthorized");
294 
295         EasyMock.expect(
296                 mockExecChain.proceed(
297                         EasyMock.isA(ClassicHttpRequest.class),
298                         EasyMock.isA(ExecChain.Scope.class))).andReturn(originResponse);
299         replayMocks();
300         final HttpResponse result = execute(request);
301         verifyMocks();
302         Assert.assertSame(originResponse, result);
303     }
304 
305     /*
306      * "10.4.6 405 Method Not Allowed ... The response MUST include an Allow
307      * header containing a list of valid methods for the requested resource.
308      *
309      * http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
310      */
311     @Test
312     public void testPassesOnOrigin405WithoutAllowHeader() throws Exception {
313         originResponse = new BasicClassicHttpResponse(405, "Method Not Allowed");
314 
315         EasyMock.expect(
316                 mockExecChain.proceed(
317                         EasyMock.isA(ClassicHttpRequest.class),
318                         EasyMock.isA(ExecChain.Scope.class))).andReturn(originResponse);
319         replayMocks();
320         final HttpResponse result = execute(request);
321         verifyMocks();
322         Assert.assertSame(originResponse, result);
323     }
324 
325     /*
326      * "10.4.8 407 Proxy Authentication Required ... The proxy MUST return a
327      * Proxy-Authenticate header field (section 14.33) containing a challenge
328      * applicable to the proxy for the requested resource."
329      *
330      * http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.8
331      */
332     @Test
333     public void testPassesOnOrigin407WithoutAProxyAuthenticateHeader() throws Exception {
334         originResponse = new BasicClassicHttpResponse(407, "Proxy Authentication Required");
335 
336         EasyMock.expect(
337                 mockExecChain.proceed(
338                         EasyMock.isA(ClassicHttpRequest.class),
339                         EasyMock.isA(ExecChain.Scope.class))).andReturn(originResponse);
340         replayMocks();
341         final HttpResponse result = execute(request);
342         verifyMocks();
343         Assert.assertSame(originResponse, result);
344     }
345 
346 }