Merge branch 'Sparkling18-master'

Author: Mark Adamcin

api/src/main/java/net/adamcin/httpsig/api/Constants.java

@@ -65,16 +65,22 @@ public final class Constants {
      */
     public static final String KEY_ID = "keyId";
 
+    /**
+     * replaced with {@code request-target} in draft-cavage-http-signatures-03
+     */
+    @Deprecated
     public static final String HEADER_REQUEST_LINE = "request-line";
 
+    public static final String HEADER_REQUEST_TARGET = "(request-target)";
+
     public static final String HEADER_DATE = "date";
 
     public static final List<String> DEFAULT_HEADERS = Arrays.asList(HEADER_DATE);
 
     /**
      * List of headers to always exclude from signature calculation
      */
-    public static final List<String> IGNORE_HEADERS = Arrays.asList("authorization");
+    public static final List<String> IGNORE_HEADERS = Arrays.asList("authorization", HEADER_REQUEST_LINE);
 
     /**
      * Http request header representing client credentials

api/src/main/java/net/adamcin/httpsig/api/RequestContent.java

@@ -53,24 +53,41 @@ public final class RequestContent implements Serializable {
 
     private static final long serialVersionUID = -2968642080214687631L;
 
+    @Deprecated
     private final String requestLine;
+    private final String method;
+    private final String path;
     private final Map<String, List<String>> headers;
 
-    private RequestContent(final String requestLine, final Map<String, List<String>> headers) {
+    private RequestContent(final String requestLine, final String method, final String path, final Map<String, List<String>> headers) {
         this.requestLine = requestLine;
+        this.method = method;
+        this.path = path;
         this.headers = headers;
     }
 
     public static final class Builder {
 
+        @Deprecated
         private String requestLine = null;
+
+        private String method = null;
+        private String path = null;
         private final Map<String, List<String>> headers = new LinkedHashMap<String, List<String>>();
 
+        @Deprecated
         public Builder setRequestLine(String requestLine) {
+            LOGGER.warning("[setRequestLine] Use of the request-line header is deprecated. Please use (request-target) instead.");
             this.requestLine = requestLine;
             return this;
         }
 
+        public Builder setRequestTarget(String method, String path) {
+            this.method = method.toUpperCase();
+            this.path = path;
+            return this;
+        }
+
         /**
          * Adds a header name and value pair
          *
@@ -83,7 +100,7 @@ public Builder addHeader(final String name, final String value) {
             if (Constants.IGNORE_HEADERS.contains(_name) || _name.startsWith(":")) {
                 /* skip ignored headers and names which begin with a colon */
                 return this;
-            } else if (Constants.HEADER_REQUEST_LINE.equals(_name)) {
+            } else if (Constants.HEADER_REQUEST_TARGET.equals(_name)) {
                 return this;
             } else if (!Constants.HEADER_DATE.equals(_name) || tryParseDate(value)) {
                 List<String> values = null;
@@ -148,7 +165,7 @@ public Builder addDateNow() {
         }
 
         public RequestContent build() {
-            return new RequestContent(requestLine, Collections.unmodifiableMap(headers));
+            return new RequestContent(requestLine, method, path, Collections.unmodifiableMap(headers));
         }
     }
 
@@ -174,9 +191,9 @@ public String getContentString(List<String> headers) {
             for (String header : headers) {
                 String _header = header.toLowerCase();
                 if (!Constants.IGNORE_HEADERS.contains(_header) && !_header.startsWith(":")) {
-                    if (Constants.HEADER_REQUEST_LINE.equals(_header)) {
-                        if (this.requestLine != null) {
-                            hashBuilder.append(this.requestLine).append("\n");
+                    if (Constants.HEADER_REQUEST_TARGET.equals(_header)) {
+                        if (this.getRequestTarget() != null) {
+                            hashBuilder.append(this.getRequestTarget()).append("\n");
                         }
                     } else {
                         for (String value : this.getHeaderValues(_header)) {
@@ -196,12 +213,12 @@ public String toString() {
 
     /**
      * @return the list of header names contained in this {@link RequestContent}, in the order in which they were added, except
-     *         for request-line, which is listed first if present
+     *         for request-target, which is listed first if present
      */
     public List<String> getHeaderNames() {
         List<String> headerNames = new ArrayList<String>();
-        if (requestLine != null) {
-            headerNames.add(Constants.HEADER_REQUEST_LINE);
+        if (method != null && path != null) {
+            headerNames.add(Constants.HEADER_REQUEST_TARGET);
         }
         headerNames.addAll(this.headers.keySet());
         return Collections.unmodifiableList(headerNames);
@@ -211,10 +228,22 @@ public List<String> getHeaderNames() {
     /**
      * @return the request-line if set
      */
+    @Deprecated
     public String getRequestLine() {
         return requestLine;
     }
 
+    /**
+     * @return the request-target if set
+     */
+    public String getRequestTarget() {
+        if (method == null || path == null) {
+            return null;
+        } else {
+            return method.toLowerCase() + " " + path;
+        }
+    }
+
     /**
      * @return the first date header value if set, null if not
      */
@@ -229,9 +258,9 @@ public String getDate() {
      */
     public List<String> getHeaderValues(String name) {
         String _name = name.toLowerCase();
-        if (Constants.HEADER_REQUEST_LINE.equals(_name)) {
-            return this.requestLine != null ? Collections.singletonList(
-                    this.requestLine
+        if (Constants.HEADER_REQUEST_TARGET.equals(_name)) {
+            return this.getRequestTarget() != null ? Collections.singletonList(
+                    this.getRequestTarget()
             ) : Collections.<String>emptyList();
         } else if (this.headers.containsKey(_name)) {
             return Collections.unmodifiableList(this.headers.get(_name));

http-helpers/src/main/java/net/adamcin/httpsig/http/apache3/Http3SignatureAuthScheme.java

@@ -86,9 +86,8 @@ public String authenticate(Credentials credentials, HttpMethod method) throws Au
                 }
 
                 RequestContent.Builder sigBuilder = new RequestContent.Builder();
-                sigBuilder.setRequestLine(
-                        String.format("%s %s HTTP/1.1", method.getName(),
-                                      method.getPath() + (method.getQueryString() != null ? "?" + method.getQueryString() : "")));
+
+                sigBuilder.setRequestTarget(method.getName(), method.getPath() + (method.getQueryString() != null ? "?" + method.getQueryString() : ""));
 
                 for (Header header : method.getRequestHeaders()) {
                     sigBuilder.addHeader(header.getName(), header.getValue());

http-helpers/src/main/java/net/adamcin/httpsig/http/apache4/Http4SignatureAuthScheme.java

@@ -83,7 +83,8 @@ public Header authenticate(Credentials credentials, HttpRequest request)
             }
 
             RequestContent.Builder sigBuilder = new RequestContent.Builder();
-            sigBuilder.setRequestLine(request.getRequestLine().toString());
+            sigBuilder.setRequestTarget(request.getRequestLine().getMethod(),
+                    request.getRequestLine().getUri());
 
             for (Header header : request.getAllHeaders()) {
                 if (header.getName().toLowerCase().equals("connection")) {

http-helpers/src/main/java/net/adamcin/httpsig/http/ning/AsyncSignatureCalculator.java

@@ -57,6 +57,6 @@ public AsyncSignatureCalculator(Signer signer, SignatureCalculator delegatee) {
      */
     public void calculateAndAddSignature(String url, Request request, RequestBuilderBase<?> requestBuilder) {
         delegatee.calculateAndAddSignature(url, request, requestBuilder);
-        AsyncUtil.calculateSignature(this.signer, request, requestBuilder, AsyncUtil.REQUEST_LINE_FORMAT);
+        AsyncUtil.calculateSignature(this.signer, request, requestBuilder);
     }
 }

http-helpers/src/main/java/net/adamcin/httpsig/http/ning/AsyncUtil.java

@@ -47,8 +47,6 @@
 
 public final class AsyncUtil {
 
-    static final String REQUEST_LINE_FORMAT = "%s %s HTTP/1.1";
-
     /**
      * Attaches the provided {@link Signer} to the {@link AsyncHttpClient} as a signature calculator.
      * It is expected that key rotation and {@link net.adamcin.httpsig.api.Challenge} management is outside the scope
@@ -166,22 +164,21 @@ public static <T> Future<T> login(final AsyncHttpClient client,
         return response;
     }
 
-    public static String getRequestLine(Request request, String requestLineFormat) {
-        String path = "";
+    public static String getRequestPath(Request request) {
         try {
             URL url = new URL(request.getUrl());
-            path = url.getPath() + (url.getQuery() != null ? "?" + url.getQuery() : "");
+            return url.getPath() + (url.getQuery() != null ? "?" + url.getQuery() : "");
         } catch (Exception e) {
             e.printStackTrace(System.err);
         }
 
-        return String.format(requestLineFormat != null ? requestLineFormat : REQUEST_LINE_FORMAT, request.getMethod(), path);
+        return null;
     }
 
-    public static void calculateSignature(Signer signer, Request request, RequestBuilderBase<?> requestBuilder, String requestLineFormat) {
+    public static void calculateSignature(Signer signer, Request request, RequestBuilderBase<?> requestBuilder) {
         RequestContent.Builder sigBuilder = new RequestContent.Builder();
 
-        sigBuilder.setRequestLine(getRequestLine(request, requestLineFormat));
+        sigBuilder.setRequestTarget(request.getMethod(), getRequestPath(request));
         for (FluentCaseInsensitiveStringsMap.Entry<String, List<String>> entry : request.getHeaders().entrySet()) {
             for (String value : entry.getValue()) {
                 sigBuilder.addHeader(entry.getKey(), value);

http-helpers/src/main/java/net/adamcin/httpsig/http/ning/RotateAndReplayResponseFilter.java

@@ -85,7 +85,7 @@ public FilterContext filter(FilterContext ctx) throws FilterException {
                 }
 
                 RequestBuilder builder = new RequestBuilder(request);
-                AsyncUtil.calculateSignature(signer, request, builder, AsyncUtil.REQUEST_LINE_FORMAT);
+                AsyncUtil.calculateSignature(signer, request, builder);
 
                 return new FilterContext.FilterContextBuilder(ctx)
                         .replayRequest(replay)

http-helpers/src/main/java/net/adamcin/httpsig/http/servlet/ServletUtil.java

@@ -93,12 +93,7 @@ public static RequestContent getRequestContent(HttpServletRequest request, Colle
         RequestContent.Builder signatureContent = new RequestContent.Builder();
         String path = request.getRequestURI() + (request.getQueryString() != null ? "?" + request.getQueryString() : "");
 
-        signatureContent.setRequestLine(
-                String.format(
-                        "%s %s %s",
-                        request.getMethod(), path, request.getProtocol()
-                )
-        );
+        signatureContent.setRequestTarget(request.getMethod(), path);
 
         Enumeration headerNames = request.getHeaderNames();
 

http-helpers/src/test/java/net/adamcin/httpsig/http/apache3/Http3UtilTest.java

@@ -58,7 +58,7 @@ public void testLogin() {
 
             @Override protected void execute() throws Exception {
                 List<String> headers = Arrays.asList(
-                        Constants.HEADER_REQUEST_LINE,
+                        Constants.HEADER_REQUEST_TARGET,
                         Constants.HEADER_DATE);
                 setServlet(new AdminServlet(headers));
 
@@ -86,7 +86,7 @@ public void testAllHeaders() {
         TestBody.test(new HttpServerTestBody() {
             @Override protected void execute() throws Exception {
                 List<String> headers = Arrays.asList(
-                        Constants.HEADER_REQUEST_LINE,
+                        Constants.HEADER_REQUEST_TARGET,
                         Constants.HEADER_DATE,
                         "x-test"
                 );

http-helpers/src/test/java/net/adamcin/httpsig/http/apache4/Http4UtilTest.java

@@ -61,7 +61,7 @@ public void testLogin() {
             @Override protected void execute() throws Exception {
 
                 List<String> headers = Arrays.asList(
-                        Constants.HEADER_REQUEST_LINE,
+                        Constants.HEADER_REQUEST_TARGET,
                         Constants.HEADER_DATE);
 
                 setServlet(new AdminServlet(headers));
@@ -89,7 +89,7 @@ public void testAllHeaders() {
             @Override protected void execute() throws Exception {
 
                 List<String> headers = Arrays.asList(
-                        Constants.HEADER_REQUEST_LINE,
+                        Constants.HEADER_REQUEST_TARGET,
                         Constants.HEADER_DATE,
                         "x-test"
                 );