Added in a URL encoding for the Base64 output of the HMAC authentication URL

e45efa0e · Derek Hudson · Yunhua Koglin · 4d77e39e · e45efa0e · e45efa0e
Commit e45efa0e authored 1 year ago by Derek Hudson Committed by Yunhua Koglin 1 year ago
--- a/NOTICE
+++ b/NOTICE
@@ -608,7 +608,6 @@ The following software have components provided under the terms of this license:
 - Animal Sniffer Annotations (from https://repo1.maven.org/maven2/org/codehaus/mojo/animal-sniffer-annotations)
 - Apache HttpClient Cache (from http://hc.apache.org/httpcomponents-client, http://hc.apache.org/httpcomponents-client-ga)
 - Apache Log4j API (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api)
- Apache Log4j Core (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core)
 - Apache Log4j SLF4J Binding (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl)
 - Apache Log4j to SLF4J Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-to-slf4j)
 - Azure Java Client Authentication Library for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)

--- a/notification-core/NOTICE.txt
+++ b/notification-core/NOTICE.txt
--- a/notification-core/src/main/java/org/opengroup/osdu/notification/auth/HmacAuth.java
+++ b/notification-core/src/main/java/org/opengroup/osdu/notification/auth/HmacAuth.java
@@ -23,6 +23,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.Map;
@@ -42,10 +44,8 @@ public class HmacAuth implements SecretAuth {
    }
    public String getPushUrl(String endpoint) throws Exception {
-        String pushUrl = endpoint;
        String signedjwt = this.signatureService.getSignedSignature(endpoint, hmacSecret.getValue());
-        pushUrl += "?hmac=" + signedjwt;
+        return String.format("%s?hmac=%s", endpoint, URLEncoder.encode(signedjwt, StandardCharsets.UTF_8));
-        return pushUrl;
    }
    public Map<String, String> getRequestHeaders() {

--- a/notification-core/src/test/java/org/opengroup/osdu/notification/auth/HmacAuthTest.java
+++ b/notification-core/src/test/java/org/opengroup/osdu/notification/auth/HmacAuthTest.java
@@ -27,6 +27,8 @@ import org.opengroup.osdu.core.common.model.notification.HmacSecret;
 import org.opengroup.osdu.core.common.model.notification.Subscription;
 import org.powermock.modules.junit4.PowerMockRunner;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.Map;
 import static org.junit.Assert.fail;
@@ -63,6 +65,17 @@ public class HmacAuthTest {
        hmac_subscription.setSecret(secret);
    }
+    @Test
+    public void should_return_valid_URLEncodeQueryString() throws Exception {
+        String signedSignatureWithEquals = "someValidBase64=";
+        HmacSecret secret = (HmacSecret) hmac_subscription.getSecret();
+        when(this.signatureService.getSignedSignature(hmac_subscription.getPushEndpoint(), secret.getValue())).thenReturn(signedSignatureWithEquals);
+        sut.setSecret(hmac_subscription.getSecret());
+        String pushUrl = sut.getPushUrl(hmac_subscription.getPushEndpoint());
+        String expected = hmac_subscription.getPushEndpoint() + "?hmac=" + URLEncoder.encode(signedSignatureWithEquals, StandardCharsets.UTF_8);
+        Assert.assertTrue(expected.equalsIgnoreCase(pushUrl));
+    }
    @Test
    public void should_return_valid_EndpointAndHeaders() throws Exception {
        HmacSecret secret = (HmacSecret) hmac_subscription.getSecret();