From 61c862d29699d1fea8c59d6d6bfce8e6e443a696 Mon Sep 17 00:00:00 2001 From: Kai Zimmermann Date: Mon, 5 Feb 2018 11:59:20 +0100 Subject: [PATCH] Security header filter support additional separator and is case (#625) insensitive. Signed-off-by: kaizimmerm --- .../ControllerPreAuthenticatedSecurityHeaderFilter.java | 4 ++-- ...ontrollerPreAuthenticatedSecurityHeaderFilterTest.java | 8 +++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java index 86f4b34b0..a25e628cc 100644 --- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java +++ b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java @@ -128,7 +128,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont int iHeader = 1; String foundHash; while ((foundHash = secruityToken.getHeader(String.format(sslIssuerHashBasicHeader, iHeader))) != null) { - if (knownHashes.contains(foundHash)) { + if (knownHashes.contains(foundHash.toLowerCase())) { if (LOGGER.isTraceEnabled()) { LOGGER.trace("Found matching ssl issuer hash at position {}", iHeader); } @@ -156,6 +156,6 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont } private static List splitMultiHashBySemicolon(final String knownIssuerHashes) { - return Arrays.asList(knownIssuerHashes.split(";")); + return Arrays.stream(knownIssuerHashes.split(";|,")).map(String::toLowerCase).collect(Collectors.toList()); } } diff --git a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java b/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java index ab521ae89..5a14f1227 100644 --- a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java +++ b/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java @@ -51,9 +51,10 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { private static final String SINGLE_HASH = "hash1"; private static final String SECOND_HASH = "hash2"; + private static final String THIRD_HASH = "hash3"; private static final String UNKNOWN_HASH = "unknown"; - private static final String MULTI_HASH = "hash1;hash2;hash3"; + private static final String MULTI_HASH = "HASH1;hash2,HASH3,HASH1"; private static final TenantConfigurationValue CONFIG_VALUE_SINGLE_HASH = TenantConfigurationValue . builder().value(SINGLE_HASH).build(); @@ -81,12 +82,13 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { @Test @Description("Tests the filter for issuer hash based authentication with multiple known hashes") public void testIssuerHashBasedAuthenticationWithMultipleKnownHashes() { - final DmfTenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH); // use multiple known hashes when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) .thenReturn(CONFIG_VALUE_MULTI_HASH); - assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull(); + assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(SINGLE_HASH))).isNotNull(); + assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(SECOND_HASH))).isNotNull(); + assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(THIRD_HASH))).isNotNull(); } @Test