ssl support without cert - closes #6, implemented accept header, better error reporting for empty request - fixes #5

Author: ptrthomas

README.md

@@ -44,7 +44,7 @@ And you don't need to create Java objects (or POJO-s) for any of the payloads th
 **Variables & Expressions** | [`def`](#def) | [`assert`](#assert) | [`print`](#print) | [Multi-line](#multi-line-expressions)
 **Data Types** | [JSON](#json) | [XML](#xml) | [JS Functions](#javascript-functions) | [Reading Files](#reading-files) 
 **Primary HTTP Keywords** | [`url`](#url) | [`path`](#path) | [`request`](#request) | [`method`](#method) 
- | [`status`](#status) | [`multipart post`](#multipart-post) | [`soap action`](#soap-action)
+ | [`status`](#status) | [`accept`](#accept) | [`multipart post`](#multipart-post) | [`soap action`](#soap-action)
 **Secondary HTTP Keywords** | [`param`](#param) | [`header`](#header) | [`cookie`](#cookie)
  | [`form field`](#form-field) | [`multipart field`](#multipart-field) | [`multipart entity`](#multipart-entity)
 **Set, Match, Assert** | [`set`](#set) | [`match`](#match) | [`contains`](#match-contains) | [Ignore / Vallidate](#ignore-or-validate)
@@ -63,6 +63,7 @@ And you don't need to create Java objects (or POJO-s) for any of the payloads th
 * Invoke and re-use existing Java code if you need to
 * Built-in support for switching configuration across different environments (e.g. dev, QA, pre-prod)
 * Simple plug-in system for handling authentication and setting up HTTP headers
+* Support for data-driven tests and being able to tag (or group) tests is built-in, so you don’t have to rely on TestNG or JUnit for those features any more
 * Comprehensive support for different flavors of HTTP calls
   * SOAP / XML requests
   * URL-encoded HTML-form submits
@@ -159,7 +160,7 @@ This is all that you need within your `<dependencies>`:
 <dependency>
     <groupId>com.intuit.karate</groupId>
     <artifactId>karate-core</artifactId>
-    <version>0.1.3</version>
+    <version>0.1.4</version>
     <scope>test</scope>
 </dependency>
 ```
@@ -175,7 +176,7 @@ You can replace the values of 'com.mycompany' and 'myproject' as per your needs.
 mvn archetype:generate \
 -DarchetypeGroupId=com.intuit.karate \
 -DarchetypeArtifactId=karate-archetype \
--DarchetypeVersion=0.1.3 \
+-DarchetypeVersion=0.1.4 \
 -DgroupId=com.mycompany \
 -DartifactId=myproject
 ```
@@ -768,6 +769,18 @@ Then status 200
 ```
 And this assertion will cause the test to fail if the HTTP response code is something else.
 
+### `accept`
+By default, Karate tries to determine the right `Accept` HTTP header value from the request payload
+data type (JSON / XML / String / Stream).
+
+You can easily set it explicitly as follows:
+```cucumber
+Given request '<html></html>'
+And accept 'text/html'
+When method post
+Then status 200
+```
+
 See also [`responseStatus`](#responsestatus).
 
 ## Keywords that set key-value pairs
@@ -956,6 +969,8 @@ Marker | Description
 #ignore | Skip comparison for this field
 #null | Expects actual value to be null
 #notnull | Expects actual value to be not-null
+#array | Expects actual value to be a JSON array
+#object | Expects actual value to be a JSON object
 #boolean | Expects actual value to be a boolean `true` or `false`
 #number | Expects actual value to be a number
 #string | Expects actual value to be a string
@@ -1281,6 +1296,25 @@ In fact, this is the mechanism used when [`karate-config.js`](#configuration) is
 You can invoke a function in a [re-usable file](#reading-files) using this short-cut.
 ```cucumber
 * call read('my-function.js')
+```
+### HTTP Basic Authentication
+This should make it clear why Karate does not actually come with support for any authentication scheme
+built-in. Things are designed so that you can plug-in what you need, without needing to compile Java code.
+
+First the JavaScript file, `basic-auth.js`:
+```javascript
+function(creds) {
+  var temp = creds.username + ':' + creds.password;
+  var Base64 = Java.type("java.util.Base64");
+  var encoded = Base64.getEncoder().encodeToString(temp.bytes);
+  return 'Basic ' + encoded;
+}
+```
+And here how it works in a test-script. Note that you need to do this only once within a `Scenario:`,
+perhaps at the beginning.
+```cucumber
+* header Authorization = call read('basic-auth.js') { username: 'john', password: 'secret' }
+
 ```
 
 ## Calling Java

karate-archetype/pom.xml

@@ -5,7 +5,7 @@
      <parent>
         <groupId>com.intuit.karate</groupId>
         <artifactId>karate-parent</artifactId>
-        <version>0.1.3</version>
+        <version>0.1.4</version>
     </parent>
     <artifactId>karate-archetype</artifactId>
     <packaging>jar</packaging>

karate-archetype/src/main/resources/archetype-resources/pom.xml

@@ -17,7 +17,7 @@
         <dependency>
             <groupId>com.intuit.karate</groupId>
             <artifactId>karate-core</artifactId>
-            <version>0.1.3</version>
+            <version>0.1.4</version>
             <scope>test</scope>
         </dependency>		
     </dependencies>

karate-core/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.intuit.karate</groupId>
         <artifactId>karate-parent</artifactId>
-        <version>0.1.3</version>
+        <version>0.1.4</version>
     </parent>
     <artifactId>karate-core</artifactId>
     <packaging>jar</packaging>

karate-core/src/main/java/com/intuit/karate/ScriptContext.java

@@ -3,6 +3,7 @@
 import com.intuit.karate.validator.Validator;
 import java.util.Map;
 import java.util.logging.Level;
+import javax.net.ssl.SSLContext;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import jdk.nashorn.api.scripting.ScriptObjectMirror;
@@ -27,11 +28,13 @@ public class ScriptContext {
     protected final String featureDir;
     protected final ClassLoader fileClassLoader;
     protected final String env;
+    protected final ClientBuilder clientBuilder;    
 
+    // needed for 3rd party code
     public ScriptValueMap getVars() {
         return vars;
     }        
-    
+
     public ScriptContext(boolean test, String featureDir, ClassLoader fileClassLoader, String env) {
         this.featureDir = featureDir;
         this.fileClassLoader = fileClassLoader;
@@ -43,17 +46,21 @@ public ScriptContext(boolean test, String featureDir, ClassLoader fileClassLoade
         if (test) {
             logger.trace("karate init in test mode, http client disabled");
             client = null;
+            clientBuilder = null;
             return;
         }
-        ClientBuilder cb = ClientBuilder.newBuilder()
+        clientBuilder = ClientBuilder.newBuilder()
                 .register(MultiPartFeature.class);
         if (logger.isDebugEnabled()) {
-            cb.register(new LoggingFeature(
+            clientBuilder.register(new LoggingFeature(
                     java.util.logging.Logger.getLogger(LoggingFeature.DEFAULT_LOGGER_NAME),
                     Level.SEVERE,
                     LoggingFeature.Verbosity.PAYLOAD_TEXT, null));
-        }
-        client = cb.build();
+        }          
+        SSLContext sslContext =  SslUtils.getSslContext();
+        clientBuilder.sslContext(sslContext);
+        clientBuilder.hostnameVerifier((host, session) -> true);        
+        client = clientBuilder.build();
         client.register(new RequestFilter(this));                     
         // auto config
         try {

karate-core/src/main/java/com/intuit/karate/SslUtils.java

@@ -0,0 +1,52 @@
+package com.intuit.karate;
+
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.CertificateException;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *
+ * @author pthomas3
+ */
+public class SslUtils {
+
+    private static final Logger logger = LoggerFactory.getLogger(SslUtils.class);
+
+    private SslUtils() {
+        // only static methods
+    }
+
+    public static SSLContext getSslContext() {
+        TrustManager[] certs = new TrustManager[]{new X509TrustManager() {
+            @Override
+            public X509Certificate[] getAcceptedIssuers() {
+                logger.trace("get accepted issuers");
+                return new X509Certificate[0];
+            }
+            @Override
+            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+                logger.trace("check server trusted");
+            }
+            @Override
+            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+                logger.trace("check client trusted");
+            }
+        }};
+        SSLContext ctx = null;
+        try {
+            ctx = SSLContext.getInstance("TLS");
+            ctx.init(null, certs, new SecureRandom());
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
+        return ctx;
+    }
+
+}

karate-core/src/main/java/com/intuit/karate/StepDefs.java

@@ -47,15 +47,15 @@ public StepDefs(String featureDir, ClassLoader fileClassLoader, String env) {
     private Response response;
     private String accept;
     private long startTime;
-
+    
     private final ScriptContext context;
 
     public ScriptContext getContext() {
         return context;
-    }        
+    }    
 
     @When("^url (.+)")
-    public void url(String expression) {
+    public void url(String expression) {        
         String temp = Script.preEval(expression, context).getAsString();
         this.url = temp;
         target = context.client.target(temp);
@@ -159,7 +159,7 @@ public void asssertBoolean(String expression) {
         handleFailure(ar);
     }
 
-    private Invocation.Builder prepare() {
+    private Invocation.Builder prepare() {  
         hasUrlBeenSet();        
         Invocation.Builder builder = target.request();
         Map<String, Object> headers = context.vars.get(VAR_HEADERS, Map.class);
@@ -181,8 +181,8 @@ private Invocation.Builder prepare() {
     }
 
     @When("^accept (.+)")
-    public void accept(String expression) {
-        this.accept = expression;
+    public void accept(String exp) {
+        this.accept = Script.preEval(exp, context).getAsString();
     }    
 
     private void startTimer() {
@@ -207,6 +207,11 @@ public void method(String method) {
                 stopTimer();
             } else {
                 ScriptValue sv = context.vars.get(VAR_REQUEST);
+                if (sv == null || sv.isNull()) {
+                    String msg = "request body is requred for a " + method + ", please use the 'request' keyword";
+                    logger.error(msg);
+                    throw new RuntimeException(msg);
+                }
                 Entity entity;
                 switch (sv.getType()) {
                     case JSON:
@@ -253,7 +258,12 @@ private void unprepare() {
         if (Script.isJson(responseBody)) {
             context.vars.put(ScriptValueMap.VAR_RESPONSE, JsonUtils.toJsonDoc(responseBody));
         } else if (Script.isXml(responseBody)) {
-            context.vars.put(ScriptValueMap.VAR_RESPONSE, XmlUtils.toXmlDoc(responseBody));
+            try {
+                context.vars.put(ScriptValueMap.VAR_RESPONSE, XmlUtils.toXmlDoc(responseBody));
+            } catch (Exception e) {
+                logger.warn("xml parsing failed, response data type set to string: {}", e.getMessage());
+                context.vars.put(ScriptValueMap.VAR_RESPONSE, responseBody);
+            }
         } else {
             context.vars.put(ScriptValueMap.VAR_RESPONSE, responseBody);
         }

pom.xml

@@ -4,7 +4,7 @@
 
     <groupId>com.intuit.karate</groupId>
     <artifactId>karate-parent</artifactId>
-    <version>0.1.3</version>
+    <version>0.1.4</version>
     <packaging>pom</packaging>
 
     <name>${project.artifactId}</name>