001/* 002 * acme4j - Java ACME client 003 * 004 * Copyright (C) 2019 Richard "Shred" Körber 005 * http://acme4j.shredzone.org 006 * 007 * Licensed under the Apache License, Version 2.0 (the "License"); 008 * you may not use this file except in compliance with the License. 009 * 010 * This program is distributed in the hope that it will be useful, 011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 013 */ 014package org.shredzone.acme4j.challenge; 015 016import static org.junit.jupiter.api.Assertions.assertThrows; 017 018import java.io.IOException; 019 020import org.junit.jupiter.api.Test; 021import org.shredzone.acme4j.exception.AcmeProtocolException; 022import org.shredzone.acme4j.provider.TestableConnectionProvider; 023import org.shredzone.acme4j.toolbox.JSONBuilder; 024 025/** 026 * Unit tests for {@link TokenChallenge}. 027 */ 028public class TokenChallengeTest { 029 030 /** 031 * Test that invalid tokens are detected. 032 */ 033 @Test 034 public void testInvalidToken() throws IOException { 035 var provider = new TestableConnectionProvider(); 036 var login = provider.createLogin(); 037 038 var jb = new JSONBuilder(); 039 jb.put("url", "https://example.com/acme/1234"); 040 jb.put("type", "generic"); 041 jb.put("token", "<script>someMaliciousCode()</script>"); 042 043 var challenge = new TokenChallenge(login, jb.toJSON()); 044 assertThrows(AcmeProtocolException.class, challenge::getToken); 045 provider.close(); 046 } 047 048}