converted RequestContent to use RFC1123 in preference to legacy joyent client format. reintroduced support for legacy request-line header on the server side, to support older clients.

Mark Adamcin · Mark Adamcin · commit 1da7070fec9d · 2014-08-05T15:08:19.000-07:00
diff --git a/api/src/main/java/net/adamcin/httpsig/api/Constants.java b/api/src/main/java/net/adamcin/httpsig/api/Constants.java
@@ -80,7 +80,7 @@ public final class Constants {
     /**
      * List of headers to always exclude from signature calculation
      */
-    public static final List<String> IGNORE_HEADERS = Arrays.asList("authorization", HEADER_REQUEST_LINE);
+    public static final List<String> IGNORE_HEADERS = Arrays.asList("authorization");
 
     /**
      * Http request header representing client credentials
diff --git a/api/src/main/java/net/adamcin/httpsig/api/RequestContent.java b/api/src/main/java/net/adamcin/httpsig/api/RequestContent.java
@@ -32,15 +32,7 @@
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Collections;
-import java.util.Date;
-import java.util.GregorianCalendar;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.TimeZone;
+import java.util.*;
 import java.util.logging.Logger;
 
 /**
@@ -49,8 +41,18 @@
  */
 public final class RequestContent implements Serializable {
     private static final Logger LOGGER = Logger.getLogger(RequestContent.class.getName());
+
+    /**
+     * The official format of the Date header value (and other date-type headers) is defined by
+     * RFC 1123 ({@link #DATE_FORMAT_RFC1123})
+     */
+    @Deprecated
     public static final String DATE_FORMAT = "EEE MMM d HH:mm:ss yyyy zzz";
 
+    public static final String DATE_FORMAT_RFC1123 = "EEE, dd MMM yyyy HH:mm:ss zzz";
+
+    private static final List<String> SUPPORTED_DATE_FORMATS = Arrays.asList(DATE_FORMAT_RFC1123, DATE_FORMAT);
+
     private static final long serialVersionUID = -2968642080214687631L;
 
     @Deprecated
@@ -77,14 +79,13 @@ public static final class Builder {
 
         @Deprecated
         public Builder setRequestLine(String requestLine) {
-            LOGGER.warning("[setRequestLine] Use of the request-line header is deprecated. Please use (request-target) instead.");
             this.requestLine = requestLine;
             return this;
         }
 
         public Builder setRequestTarget(String method, String path) {
-            this.method = method.toUpperCase();
-            this.path = path;
+            this.method = method != null ? method.trim().toUpperCase() : null;
+            this.path = path != null ? path.trim() : null;
             return this;
         }
 
@@ -96,23 +97,28 @@ public Builder setRequestTarget(String method, String path) {
          * @return
          */
         public Builder addHeader(final String name, final String value) {
-            final String _name = name.toLowerCase();
-            if (Constants.IGNORE_HEADERS.contains(_name) || _name.startsWith(":")) {
+            if (value != null) {
+                final String _value = value.trim();
+                final String _name = name.trim().toLowerCase();
+                if (Constants.IGNORE_HEADERS.contains(_name) || _name.startsWith(":")) {
                 /* skip ignored headers and names which begin with a colon */
-                return this;
-            } else if (Constants.HEADER_REQUEST_TARGET.equals(_name)) {
-                return this;
-            } else if (!Constants.HEADER_DATE.equals(_name) || tryParseDate(value)) {
-                List<String> values = null;
-                if (headers.containsKey(_name)) {
-                    headers.get(_name);
-                } else {
-                    values = new ArrayList<String>();
-                    headers.put(_name, values);
-                }
+                    return this;
+                } else if (Constants.HEADER_REQUEST_LINE.equals(_name)) {
+                    return this;
+                } else if (Constants.HEADER_REQUEST_TARGET.equals(_name)) {
+                    return this;
+                } else if (!Constants.HEADER_DATE.equals(_name) || tryParseDate(_value) != null) {
+                    List<String> values = null;
+                    if (headers.containsKey(_name)) {
+                        headers.get(_name);
+                    } else {
+                        values = new ArrayList<String>();
+                        headers.put(_name, values);
+                    }
 
-                if (values != null) {
-                    values.add(value);
+                    if (values != null) {
+                        values.add(_value);
+                    }
                 }
             }
             return this;
@@ -128,7 +134,7 @@ public Builder addHeader(final String name, final String value) {
          */
         public Builder addDate(Calendar calendar) {
             if (calendar != null) {
-                DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
+                DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT_RFC1123);
                 dateFormat.setTimeZone(calendar.getTimeZone());
                 this.addHeader(Constants.HEADER_DATE, dateFormat.format(calendar.getTime()));
             }
@@ -186,18 +192,22 @@ public byte[] getContent(List<String> headers, Charset charset) {
      * @return
      */
     public String getContentString(List<String> headers) {
-        StringBuilder hashBuilder = new StringBuilder("");
+        StringBuilder hashBuilder = new StringBuilder();
         if (headers != null) {
             for (String header : headers) {
                 String _header = header.toLowerCase();
                 if (!Constants.IGNORE_HEADERS.contains(_header) && !_header.startsWith(":")) {
-                    if (Constants.HEADER_REQUEST_TARGET.equals(_header)) {
+                    if (Constants.HEADER_REQUEST_LINE.equals(_header)) {
+                        if (this.requestLine != null) {
+                            hashBuilder.append(this.requestLine).append('\n');
+                        }
+                    } else if (Constants.HEADER_REQUEST_TARGET.equals(_header)) {
                         if (this.getRequestTarget() != null) {
-                            hashBuilder.append(this.getRequestTarget()).append("\n");
+                            hashBuilder.append(this.getRequestTarget()).append('\n');
                         }
                     } else {
                         for (String value : this.getHeaderValues(_header)) {
-                            hashBuilder.append(_header).append(": ").append(value).append("\n");
+                            hashBuilder.append(_header).append(": ").append(value).append('\n');
                         }
                     }
                 }
@@ -224,7 +234,6 @@ public List<String> getHeaderNames() {
         return Collections.unmodifiableList(headerNames);
     }
 
-
     /**
      * @return the request-line if set
      */
@@ -258,7 +267,12 @@ public String getDate() {
      */
     public List<String> getHeaderValues(String name) {
         String _name = name.toLowerCase();
-        if (Constants.HEADER_REQUEST_TARGET.equals(_name)) {
+        if (Constants.HEADER_REQUEST_LINE.equals(_name)) {
+            LOGGER.warning("[getHeaderValues] Use of the request-line header is deprecated. Please use (request-target) instead.");
+            return this.requestLine != null ? Collections.singletonList(
+                    this.requestLine
+            ) : Collections.<String>emptyList();
+        } else if (Constants.HEADER_REQUEST_TARGET.equals(_name)) {
             return this.getRequestTarget() != null ? Collections.singletonList(
                     this.getRequestTarget()
             ) : Collections.<String>emptyList();
@@ -272,38 +286,34 @@ public List<String> getHeaderValues(String name) {
     /**
      * Sets the literal date header value.
      *
-     * @param date a date string conforming to {@link #DATE_FORMAT}
+     * @param date a date string conforming to {@link #DATE_FORMAT_RFC1123} or to the deprecated {@link #DATE_FORMAT}
      * @return true if the date header was set successfully. false if the header is already set or the provided
-     *         string does not conform to {@link #DATE_FORMAT}
+     *         string does not conform to {@link #DATE_FORMAT_RFC1123} or to {@link #DATE_FORMAT}
      */
-    private static boolean tryParseDate(String date) {
+    protected static Date tryParseDate(String date) {
         if (date != null) {
-            try {
-                DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
-                dateFormat.parse(date);
-                return true;
-            } catch (ParseException e) {
-                LOGGER.warning("[addDate] date string " + date + " does not match format " + DATE_FORMAT);
+
+            for (String formatString : SUPPORTED_DATE_FORMATS) {
+                try {
+                    DateFormat dateFormat = new SimpleDateFormat(formatString);
+                    dateFormat.setTimeZone(getGMT());
+                    return dateFormat.parse(date);
+                } catch (ParseException e) {
+                    LOGGER.warning("[tryParseDate] date string " + date + " does not match format " + formatString);
+                }
             }
         }
-        return false;
+        return null;
     }
 
-
     /**
      * Returns the currently set date header value converted to a {@link Date} object in the GMT time zone
      *
      * @return a {@link Date} object in GMT or null if header is not set or not valid
      */
     public Date getDateGMT() {
         if (this.getDate() != null) {
-            try {
-                DateFormat dateFormat = new SimpleDateFormat(DATE_FORMAT);
-                dateFormat.setTimeZone(getGMT());
-                return dateFormat.parse(this.getDate());
-            } catch (ParseException e) {
-                LOGGER.warning("[getDateGMT] date string " + this.getDate() + " does not match format " + DATE_FORMAT);
-            }
+            return tryParseDate(this.getDate());
         }
         return null;
     }
@@ -316,8 +326,8 @@ public Date getDateGMT() {
      * @return a {@link Calendar} in the specified time zone or in the default time zone if the timeZone parameter is null
      */
     public Calendar getDateTZ(TimeZone timeZone) {
-        Date dateGMT = this.getDateGMT();
         TimeZone tz = timeZone != null ? timeZone : TimeZone.getDefault();
+        Date dateGMT = this.getDateGMT();
         if (dateGMT != null) {
             Calendar calGMT = new GregorianCalendar(getGMT());
             calGMT.setTime(dateGMT);
diff --git a/api/src/test/java/net/adamcin/httpsig/api/RequestContentTest.java b/api/src/test/java/net/adamcin/httpsig/api/RequestContentTest.java
@@ -0,0 +1,59 @@
+/*
+ * This is free and unencumbered software released into the public domain.
+ *
+ * Anyone is free to copy, modify, publish, use, compile, sell, or
+ * distribute this software, either in source code form or as a compiled
+ * binary, for any purpose, commercial or non-commercial, and by any
+ * means.
+ *
+ * In jurisdictions that recognize copyright laws, the author or authors
+ * of this software dedicate any and all copyright interest in the
+ * software to the public domain. We make this dedication for the benefit
+ * of the public at large and to the detriment of our heirs and
+ * successors. We intend this dedication to be an overt act of
+ * relinquishment in perpetuity of all present and future rights to this
+ * software under copyright law.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * For more information, please refer to <http://unlicense.org/>
+ */
+
+package net.adamcin.httpsig.api;
+
+import org.junit.Test;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.*;
+
+public class RequestContentTest {
+
+    /**
+     * Added for defect-1, provided test case: "Fri Jun 20 10:11:40 2014 GMT"
+     */
+    @Test
+    public void testTryParseDate() {
+        List<String> nonDates = Arrays.asList("not a date", null, "", "Abc Def 20 10:11:40 2014 XUL");
+        for (String nonDate : nonDates) {
+            assertFalse("non-dates should fail the check: " + nonDate, RequestContent.tryParseDate(nonDate) != null);
+        }
+
+        List<String> dates = Arrays.asList(
+                "Fri Jun 1 10:11:40 2014 GMT",
+                "Fri Jun 20 10:11:40 2014 GMT",
+                "Thu, 01 Dec 1994 16:00:00 GMT",
+                "Tue, 07 Jun 2014 20:51:35 GMT"
+        );
+        for (String date : dates) {
+            assertTrue("real dates should pass the check: " + date, RequestContent.tryParseDate(date) != null);
+        }
+    }
+}
diff --git a/http-helpers/src/main/java/net/adamcin/httpsig/http/servlet/ServletUtil.java b/http-helpers/src/main/java/net/adamcin/httpsig/http/servlet/ServletUtil.java
@@ -94,6 +94,7 @@ public static RequestContent getRequestContent(HttpServletRequest request, Colle
         String path = request.getRequestURI() + (request.getQueryString() != null ? "?" + request.getQueryString() : "");
 
         signatureContent.setRequestTarget(request.getMethod(), path);
+        signatureContent.setRequestLine(request.getMethod() + " " + path + " " + request.getProtocol());
 
         Enumeration headerNames = request.getHeaderNames();
 
