You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by ja...@apache.org on 2016/02/22 22:21:14 UTC
svn commit: r1731742 - in /oltu/trunk/oauth-2.0/common/src:
main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java
test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java
Author: jasha
Date: Mon Feb 22 21:21:14 2016
New Revision: 1731742
URL: http://svn.apache.org/viewvc?rev=1731742&view=rev
Log:
OLTU-182 Password can contain colon : characters. Thanks Adam Campbell for the initial patch.
Modified:
oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java
oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java
Modified: oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java?rev=1731742&r1=1731741&r2=1731742&view=diff
==============================================================================
--- oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java (original)
+++ oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java Mon Feb 22 21:21:14 2016
@@ -368,28 +368,29 @@ public final class OAuthUtils {
* @return a {@link String[]} if the header could be decoded into a non null username and password or null.
*/
public static String[] decodeClientAuthenticationHeader(String authenticationHeader) {
- if (authenticationHeader == null || "".equals(authenticationHeader)) {
+ if (isEmpty(authenticationHeader)) {
return null;
}
String[] tokens = authenticationHeader.split(" ");
if (tokens.length != 2) {
return null;
}
- if (tokens[0] != null && !"".equals(tokens[0])) {
- String authType = tokens[0];
- if (!authType.equalsIgnoreCase("basic")) {
- return null;
- }
+ String authType = tokens[0];
+ if (!"basic".equalsIgnoreCase(authType)) {
+ return null;
+ }
+ String encodedCreds = tokens[1];
+ return decodeBase64EncodedCredentials(encodedCreds);
+ }
+
+ private static String[] decodeBase64EncodedCredentials(String encodedCreds) {
+ String decodedCreds = new String(Base64.decodeBase64(encodedCreds));
+ String[] creds = decodedCreds.split(":", 2);
+ if (creds.length != 2) {
+ return null;
}
- if (tokens[1] != null && !"".equals(tokens[1])) {
- String encodedCreds = tokens[1];
- String decodedCreds = new String(Base64.decodeBase64(encodedCreds));
- if (decodedCreds.contains(":") && decodedCreds.split(":").length == 2) {
- String[] creds = decodedCreds.split(":");
- if (!OAuthUtils.isEmpty(creds[0]) && !OAuthUtils.isEmpty(creds[1])) {
- return decodedCreds.split(":");
- }
- }
+ if (!OAuthUtils.isEmpty(creds[0]) && !OAuthUtils.isEmpty(creds[1])) {
+ return creds;
}
return null;
}
Modified: oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java?rev=1731742&r1=1731741&r2=1731742&view=diff
==============================================================================
--- oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java (original)
+++ oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java Mon Feb 22 21:21:14 2016
@@ -21,12 +21,9 @@
package org.apache.oltu.oauth2.common.utils;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.oltu.oauth2.common.OAuth;
-import org.apache.oltu.oauth2.common.error.OAuthError;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.junit.Ignore;
-import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
@@ -35,8 +32,12 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.oltu.oauth2.common.OAuth;
+import org.apache.oltu.oauth2.common.error.OAuthError;
+import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.junit.Ignore;
+import org.junit.Test;
/**
*
@@ -45,6 +46,8 @@ import static org.junit.Assert.assertNul
*/
public class OAuthUtilsTest {
+ private static final String BASIC_PREFIX = "Basic ";
+
@Test
@Ignore
// TODO what are testing here?
@@ -234,27 +237,69 @@ public class OAuthUtilsTest {
@Test
public void testDecodeValidClientAuthnHeader() throws Exception {
String header = "clientId:secret";
- String encodedHeader = "Basic " + new String(Base64.encodeBase64(header.getBytes()));
+ String encodedHeader = BASIC_PREFIX + encodeHeader(header);
+
String[] credentials = OAuthUtils.decodeClientAuthenticationHeader(encodedHeader);
+
+ assertNotNull(credentials);
assertEquals("clientId", credentials[0]);
assertEquals("secret", credentials[1]);
}
@Test
- public void testDecodeInvalidClientAuthnHeader() throws Exception {
+ public void testDecodeValidClientAuthnHeaderWithColonInPassword() throws Exception {
+ String header = "clientId:sec:re:t";
+ String encodedHeader = BASIC_PREFIX + encodeHeader(header);
+
+ String[] credentials = OAuthUtils.decodeClientAuthenticationHeader(encodedHeader);
+
+ assertNotNull(credentials);
+ assertEquals("clientId", credentials[0]);
+ assertEquals("sec:re:t", credentials[1]);
+ }
+
+ @Test
+ public void testDecodeEmptyClientAuthnHeader() throws Exception {
assertNull(OAuthUtils.decodeClientAuthenticationHeader(null));
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader(""));
+ }
+
+ @Test
+ public void testDecodeInvalidClientAuthnHeader() throws Exception {
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader(BASIC_PREFIX));
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader("invalid_header"));
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader("Authorization dXNlcm5hbWU6cGFzc3dvcmQ="));
+ }
+ @Test
+ public void testDecodeClientAuthnHeaderNoClientIdOrSecret() throws Exception {
+ String header = ":";
+ String encodedHeader = BASIC_PREFIX + encodeHeader(header);
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader));
+ }
+
+ @Test
+ public void testDecodeClientAuthnHeaderNoClientId() throws Exception {
String header = ":secret";
- String encodedHeader = "Basic " + new String(Base64.encodeBase64(header.getBytes()));
+ String encodedHeader = BASIC_PREFIX + encodeHeader(header);
assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader));
+ }
- String header2 = "clientId:";
- String encodedHeader2 = "Basic " + new String(Base64.encodeBase64(header2.getBytes()));
- assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader2));
+ @Test
+ public void testDecodeClientAuthnHeaderNoSecret() throws Exception {
+ String header = "clientId:";
+ String encodedHeader = BASIC_PREFIX + encodeHeader(header);
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader));
+ }
- String encodedHeader3 = "invalid_header";
- assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader3));
+ @Test
+ public void testDecodeClientAuthnHeaderNoSeparator() throws Exception {
+ String header = "clientId";
+ String encodedHeader = BASIC_PREFIX + encodeHeader(header);
+ assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader));
+ }
- assertNull(OAuthUtils.decodeClientAuthenticationHeader("Authorization dXNlcm5hbWU6cGFzc3dvcmQ="));
+ private String encodeHeader(String header) {
+ return new String(Base64.encodeBase64(header.getBytes()));
}
}