From 3311b0fe35ca52dc604d21b819692550aab90142 Mon Sep 17 00:00:00 2001
From: Manthan Dave <manthanhd@live.com>
Date: Mon, 30 Apr 2018 11:19:17 +0100
Subject: [PATCH] closes response input stream after use

---
 .../auth/oauth/service/OAuthTokenService.java | 26 +++---
 .../oauth/service/OAuthTokenServiceTest.java  | 79 +++++++++++++++----
 2 files changed, 78 insertions(+), 27 deletions(-)

diff --git a/src/main/java/com/capitalone/auth/oauth/service/OAuthTokenService.java b/src/main/java/com/capitalone/auth/oauth/service/OAuthTokenService.java
index fb02c2d..9ba7b4a 100644
--- a/src/main/java/com/capitalone/auth/oauth/service/OAuthTokenService.java
+++ b/src/main/java/com/capitalone/auth/oauth/service/OAuthTokenService.java
@@ -10,24 +10,28 @@
 import com.capitalone.auth.oauth.framework.OAuthClientCredentials;
 import com.capitalone.auth.oauth.framework.protocol.ServerOAuthToken;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.io.IOUtils;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.message.BasicNameValuePair;
-
 import java.io.IOException;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.*;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 
 /**
  * <p/>
@@ -235,7 +239,7 @@ public OAuthToken call() throws IOException, ClientSecretException {
 
             final HttpResponse httpResponse = httpClient.execute(httpPost);
             final HttpEntity entity = httpResponse.getEntity();
-            final String content = IOUtils.toString(entity.getContent());
+            final String content = EntityUtils.toString(entity);
             final ServerOAuthToken serverToken = this.objectMapper.readValue(content, ServerOAuthToken.class);
             final OAuthToken token = OAuthToken.newBuilder()
                     .accessToken(serverToken.getAccessToken())
diff --git a/src/test/java/com/capitalone/auth/oauth/service/OAuthTokenServiceTest.java b/src/test/java/com/capitalone/auth/oauth/service/OAuthTokenServiceTest.java
index 8556d09..8e54d22 100644
--- a/src/test/java/com/capitalone/auth/oauth/service/OAuthTokenServiceTest.java
+++ b/src/test/java/com/capitalone/auth/oauth/service/OAuthTokenServiceTest.java
@@ -1,5 +1,24 @@
 package com.capitalone.auth.oauth.service;
 
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.notNullValue;
+import static org.hamcrest.CoreMatchers.sameInstance;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.instanceOf;
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+
 import com.capitalone.auth.ClientCredentialsProvider;
 import com.capitalone.auth.Token;
 import com.capitalone.auth.oauth.factory.HttpConnectionConfig;
@@ -8,7 +27,19 @@
 import com.capitalone.auth.oauth.framework.ClientCredentialsNotFoundException;
 import com.capitalone.auth.oauth.framework.OAuthClientCredentials;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Future;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.Lock;
 import junit.framework.TestCase;
+import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.StatusLine;
 import org.apache.http.client.HttpClient;
@@ -21,22 +52,6 @@
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mockito;
 
-import java.io.IOException;
-import java.net.URI;
-import java.util.concurrent.*;
-import java.util.concurrent.locks.Lock;
-
-import static org.hamcrest.CoreMatchers.*;
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.instanceOf;
-import static org.hamcrest.core.Is.is;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.fail;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.eq;
-import static org.mockito.Mockito.*;
-
 /**
  * Copyright [2016] Capital One Services, LLC
  *
@@ -144,6 +159,38 @@ public void testObtainTokenFor_requestNewToken() throws Exception {
         assertThat(cacheAttributes.getToken(), sameInstance(token));
     }
 
+  @Test
+  public void testObtainTokenFor_closesResponseInputStream() throws Exception {
+    final HttpClient mockClient = mock(HttpClient.class);
+    final HttpResponse mockHttpResponse = mock(HttpResponse.class);
+    final HttpEntity mockResponseHttpEntity = mock(HttpEntity.class);
+
+    final OAuthClientCredentials clientCredentials = OAuthClientCredentials.newBuilder()
+        .clientId("xyz").clientSecret("abc").grantType("client_credentials")
+        .authServerURI(new URI("https://my.oauth.club/")).build();
+
+    when(mockProvider.getClientCredentialsFor(any(URI.class))).thenReturn(clientCredentials);
+    when(mockClient.execute(any(HttpPost.class))).thenReturn(mockHttpResponse);
+
+    String dummyData = "{\n" +
+        "  \"access_token\": \"sparkpost-token\",\n" +
+        "  \"token_type\": \"Bearer\",\n" +
+        "  \"expires_in\": 60\n" +
+        "}";
+
+    InputStream inputStream = new ByteArrayInputStream(dummyData.getBytes());
+    InputStream spyInputStream = spy(inputStream);
+
+    when(mockHttpResponse.getEntity()).thenReturn(mockResponseHttpEntity);
+    when(mockResponseHttpEntity.getContent()).thenReturn(spyInputStream);
+    when(mockResponseHttpEntity.isStreaming()).thenReturn(true);
+
+    when(mockPool.getHttpClient()).thenReturn(mockClient);
+    testee.obtainTokenFor(new URI("https://my.service.to.be.authorised.com/"));
+    verify(spyInputStream, times(1)).close();
+  }
+
+
     @Test(expected = IOException.class)
     public void testIOExceptionBubbles() throws Exception {
         when(mockProvider.getClientCredentialsFor(Mockito.any(URI.class))).thenReturn(OAuthClientCredentials.newBuilder().clientId("id").clientSecret("Secret").grantType("grant").build());