tests for bad sessionIds in generateToken #11

aoberoi · aoberoi · commit 9d259e4abf5e · 2014-04-15T03:33:51.000-04:00
diff --git a/src/main/java/com/opentok/OpenTok.java b/src/main/java/com/opentok/OpenTok.java
@@ -11,7 +11,9 @@
 package com.opentok;
 
 import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
 
 import javax.xml.xpath.XPath;
@@ -20,6 +22,7 @@
 
 import com.opentok.exception.OpenTokException;
 import com.opentok.exception.InvalidArgumentException;
+import com.opentok.util.Crypto;
 import com.opentok.util.HttpClient;
 import org.xml.sax.InputSource;
 
@@ -138,30 +141,19 @@ public OpenTok(int apiKey, String apiSecret, String apiUrl) {
      * @return The token string.
      */
     public String generateToken(String sessionId, TokenOptions tokenOptions) throws OpenTokException {
-
+        List<String> sessionIdParts = null;
         if(sessionId == null || sessionId == "") {
             throw new InvalidArgumentException("Session not valid");
         }
 
-        // TODO: use more succinct codec routines
-//        String decodedSessionId = "";
-//        try {
-//            String subSessionId = sessionId.substring(2);
-//            for (int i = 0; i<3; i++){
-//                String newSessionId = subSessionId.concat(repeatString("=",i));
-//                decodedSessionId = new String(DatatypeConverter.parseBase64Binary(
-//                        newSessionId.replace('-', '+').replace('_', '/')), "ISO8859_1");
-//                if (decodedSessionId.contains("~")){
-//                    break;
-//                }
-//            }
-//        } catch (UnsupportedEncodingException e) {
-//            throw new SessionNotFoundException("Session not found");
-//        }
-//
-//        if(!decodedSessionId.split("~")[1].equals(String.valueOf(apiKey))) {
-//            throw new SessionNotFoundException("Session not found");
-//        }
+        try {
+            sessionIdParts = Crypto.decodeSessionId(sessionId);
+        } catch (UnsupportedEncodingException e) {
+            throw new InvalidArgumentException("Session ID was not valid");
+        }
+        if (!sessionIdParts.contains(Integer.toString(this.apiKey))) {
+            throw new InvalidArgumentException("Session ID was not valid");
+        }
         
         Session session = new Session(sessionId, apiKey, apiSecret);
         return session.generateToken(tokenOptions);
diff --git a/src/main/java/com/opentok/util/Crypto.java b/src/main/java/com/opentok/util/Crypto.java
@@ -1,11 +1,16 @@
 package com.opentok.util;
 
+import java.io.UnsupportedEncodingException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SignatureException;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Formatter;
+import java.util.List;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
+import org.apache.commons.codec.binary.Base64;
 
 public class Crypto {
 	private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
@@ -28,4 +33,12 @@ public static String signData(String data, String key)
         mac.init(signingKey);
         return toHexString(mac.doFinal(data.getBytes()));
     }
+
+    public static List<String> decodeSessionId(String sessionId) throws UnsupportedEncodingException {
+        sessionId = sessionId.substring(2);
+        sessionId = sessionId.replaceAll("-", "+").replaceAll("_", "/");
+        byte[] buffer = Base64.decodeBase64(sessionId);
+        sessionId = new String(buffer, "UTF-8");
+        return new ArrayList<String>(Arrays.asList(sessionId.split("~")));
+    }
 }
diff --git a/src/test/java/com/opentok/test/OpenTokTest.java b/src/test/java/com/opentok/test/OpenTokTest.java
@@ -155,6 +155,29 @@ public void testCreateBadSession() throws OpenTokException {
     }
 
     // TODO: test session creation conditions that result in errors
+//    @Test
+//    public void testRoleGarbageInput() {
+//        OpenTokException expected = null;
+//        try {
+//            Session s= sdk.createSession();
+//            s.generateToken("asdfasdf");
+//        } catch (OpenTokException e) {
+//            expected = e;
+//        }
+//        Assert.assertNotNull("Java SDK tests: exception should be thrown for role asdfasdf", expected);
+//    }
+//
+//    @Test
+//    public void testRoleNull() {
+//        OpenTokException expected = null;
+//        try {
+//            Session s= sdk.createSession();
+//            s.generateToken(null);
+//        } catch (OpenTokException e) {
+//            expected = e;
+//        }
+//        Assert.assertNotNull("Java SDK tests: exception should be thrown for role null", expected);
+//    }
 
     @Test
     public void testTokenDefault() throws
@@ -248,6 +271,7 @@ public void testTokenExpireTime() throws
         assertEquals(Double.toString(inOneDay), defaultTokenData.get("expire_time"));
         Map<String, String> oneHourTokenData = Helpers.decodeToken(oneHourToken);
         assertEquals(Double.toString(inOneHour), oneHourTokenData.get("expire_time"));
+        assertEquals(2, exceptions.size());
         for (Exception e : exceptions) {
             assertEquals(InvalidArgumentException.class, e.getClass());
         }
@@ -291,31 +315,34 @@ public void testTokenConnectionData() throws
         assertEquals(InvalidArgumentException.class, tooLongException.getClass());
     }
 
-//
-//    @Test
-//    public void testRoleGarbageInput() {
-//        OpenTokException expected = null;
-//        try {
-//            Session s= sdk.createSession();
-//            s.generateToken("asdfasdf");
-//        } catch (OpenTokException e) {
-//            expected = e;
-//        }
-//        Assert.assertNotNull("Java SDK tests: exception should be thrown for role asdfasdf", expected);
-//    }
-//
-//    @Test
-//    public void testRoleNull() {
-//        OpenTokException expected = null;
-//        try {
-//            Session s= sdk.createSession();
-//            s.generateToken(null);
-//        } catch (OpenTokException e) {
-//            expected = e;
-//        }
-//        Assert.assertNotNull("Java SDK tests: exception should be thrown for role null", expected);
-//    }
-//
+    @Test
+    public void testTokenBadSessionId() throws OpenTokException {
+        int apiKey = 123456;
+        String apiSecret = "1234567890abcdef1234567890abcdef1234567890";
+        OpenTok opentok = new OpenTok(apiKey, apiSecret);
+        ArrayList<Exception> exceptions = new ArrayList<Exception>();
+
+        try {
+            String nullSessionToken = opentok.generateToken(null);
+        } catch (Exception e) {
+            exceptions.add(e);
+        }
+        try {
+            String emptySessionToken = opentok.generateToken("");
+        } catch (Exception e) {
+            exceptions.add(e);
+        }
+        try {
+            String invalidSessionToken = opentok.generateToken("NOT A VALID SESSION ID");
+        } catch (Exception e) {
+            exceptions.add(e);
+        }
+
+        assertEquals(3, exceptions.size());
+        for (Exception e : exceptions) {
+            assertEquals(InvalidArgumentException.class, e.getClass());
+        }
+    }
 //    @Test
 //    public void testTokenNullSessionId() throws OpenTokException {
 //        OpenTokException expected = null;
@@ -348,103 +375,5 @@ public void testTokenConnectionData() throws
 //        }
 //        Assert.assertNotNull("Java SDK tests: exception should be thrown for invalid sessionId", expected);
 //    }
-//
-//    @Test
-//    public void testTokenExpireTimeDefault() throws OpenTokException {
-//        Session s= sdk.createSession();
-//        String t = s.generateToken(Role.MODERATOR);
-//        TokBoxXML xml = get_token_info(t);
-//        Assert.assertFalse("Java SDK tests: expire_time should not exist for default", xml.hasElement("expire_time", "token"));
-//    }
-//
-//    @Test
-//    public void testTokenExpireTimePast() {
-//        OpenTokException expected = null;
-//        try {
-//            Session s= sdk.createSession();
-//            s.generateToken(Role.MODERATOR, new Date().getTime() / 1000 - 100);
-//        } catch (OpenTokException e) {
-//            expected = e;
-//        }
-//        Assert.assertNotNull("Java SDK tests: exception should be thrown for expire time in past", expected);
-//    }
-//
-//    @Test
-//    public void testTokenExpireTimeNow() throws OpenTokException {
-//        long expireTime = new Date().getTime() / 1000;
-//        String expected = "Token expired on " + expireTime;
-//        Session s = sdk.createSession();
-//        String t = s.generateToken(Role.MODERATOR, expireTime);
-//        // Allow the token to expire.
-//        try {
-//            Thread.sleep(1000);
-//        } catch (InterruptedException e) {
-//            // do nothing
-//        }
-//        TokBoxXML xml = get_token_info(t);
-//        String actual = xml.getElementValue("invalid", "token");
-//        Assert.assertEquals("Java SDK tests: unexpected invalid token message", expected, actual);
-//    }
-//
-//    @Test
-//    public void testTokenExpireTimeNearFuture() throws OpenTokException {
-//        long expected = new Date().getTime() / 1000 + 34200;
-//        Session s= sdk.createSession();
-//        String t = s.generateToken(Role.MODERATOR, expected);
-//        TokBoxXML xml = get_token_info(t);
-//        long actual = new Long(xml.getElementValue("expire_time", "token").trim());
-//        Assert.assertEquals("Java SDK tests: expire time not set to expected time", expected, actual);
-//    }
-//
-//    @Test
-//    public void testTokenExpireTimeFarFuture() {
-//        OpenTokException expected = null;
-//        try {
-//            Session s= sdk.createSession();
-//            s.generateToken(Role.MODERATOR, new Date().getTime() + 604800000);
-//        } catch (OpenTokException e) {
-//            expected = e;
-//        }
-//        Assert.assertNotNull("Java SDK tests: exception should be thrown for expire time more than 7 days in future", expected);
-//    }
-//
-//    @Test
-//    public void testConnectionData() throws OpenTokException {
-//        String expected = "test string";
-//        String actual = null;
-//        Session s= sdk.createSession();
-//        String t = s.generateToken(Role.PUBLISHER, 0, expected);
-//        TokBoxXML xml = get_token_info(t);
-//        actual = xml.getElementValue("connection_data", "token").trim();
-//        Assert.assertEquals("Java SDK tests: connection data not set", expected, actual);
-//    }
-//
-//    @Test
-//    public void testConnectionDataTooLarge() {
-//        OpenTokException expected = null;
-//        String test_string = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
-//                "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" +
-//                "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc" +
-//                "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd" +
-//                "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" +
-//                "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" +
-//                "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" +
-//                "gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg" +
-//                "hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh" +
-//                "iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii" +
-//                "jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj" +
-//                "kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk" +
-//                "llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll" +
-//                "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm" +
-//                "nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn" +
-//                "oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo";
-//        try {
-//            Session s= sdk.createSession();
-//            s.generateToken(Role.PUBLISHER, new Date().getTime(), test_string);
-//        } catch (OpenTokException e) {
-//            expected = e;
-//        }
-//        Assert.assertNotNull("Java SDK tests: connection data over 1000 characters should not be accepted. Test String: " + test_string , expected);
-//    }
 
 }
