Bugfix MD5KnownUserHash when safetynet is activated

malaqueueit · malaqueueit · commit 0fb09c42cef9 · 2014-06-24T11:10:24.000+02:00
diff --git a/QueueIT.Security/src/queueit/security/CookieValidateResultRepository.java b/QueueIT.Security/src/queueit/security/CookieValidateResultRepository.java
@@ -74,7 +74,7 @@ public IValidateResult getValidationResult(IQueue queue) {
             return null;
         }
             
-        String expectedHash = generateHash(queueId, originalUrl, placeInQueue.toString(), redirectType, timeStamp);
+        String expectedHash = generateHash(queueId, originalUrl, placeInQueue, redirectType, timeStamp);
         
         if (!expectedHash.equals(actualHash))
             return null;
@@ -107,7 +107,7 @@ public void setValidationResult(IQueue queue, IValidateResult validationResult)
             String redirectType = confirmedResult.getKnownUser().getRedirectType().toString();
             Long timeStamp = confirmedResult.getKnownUser().getTimeStamp().getTime() / 1000;
             
-            String hash = generateHash(queueId, originalUrl, placeInQueue.toString(), redirectType, timeStamp.toString());
+            String hash = generateHash(queueId, originalUrl, placeInQueue, redirectType, timeStamp.toString());
 
             setCookie(queue, queueId, originalUrl, placeInQueue, redirectType, timeStamp.toString(), hash);
         }                
@@ -136,10 +136,10 @@ private void addCookie(Cookie cookie, HttpServletResponse response)
         response.addCookie(cookie);
     }
 
-    private String generateHash(String queueId, String originalUrl, String placeInQueue, String redirectType, String timeStamp) {
+    private String generateHash(String queueId, String originalUrl, Integer placeInQueue, String redirectType, String timeStamp) {
         try {
             StringBuilder sb = new StringBuilder();
-            sb.append(queueId).append(originalUrl).append(placeInQueue).append(redirectType).append(timeStamp).append(KnownUserFactory.getSecretKey());
+            sb.append(queueId).append(originalUrl).append(placeInQueue != null ? placeInQueue.toString() : "0").append(redirectType).append(timeStamp).append(KnownUserFactory.getSecretKey());
                     
             MessageDigest digest = MessageDigest.getInstance("SHA-256");
             byte[] hash = digest.digest(sb.toString().getBytes("UTF-8"));
diff --git a/QueueIT.Security/src/queueit/security/Hashing.java b/QueueIT.Security/src/queueit/security/Hashing.java
@@ -21,8 +21,7 @@ public static Integer decryptPlaceInQueue(String encryptedPlaceInQueue) {
     }
     
     public static String encryptPlaceInQueue(Integer placeInQueue) {
-        
-        char[] placeInQueueChars = String.format("%07d", placeInQueue).toCharArray();
+        char[] placeInQueueChars = String.format("%07d", placeInQueue != null ? placeInQueue : 0).toCharArray();
         
         char[] encryptedPlaceInQueue = UUID.randomUUID().toString().toCharArray();
         encryptedPlaceInQueue[9] = placeInQueueChars[6];
diff --git a/QueueIT.Security/src/queueit/security/KnownUserBase.java b/QueueIT.Security/src/queueit/security/KnownUserBase.java
@@ -54,7 +54,9 @@ public RedirectType getRedirectType() {
     }   
     
     void setPlaceInQueue(Integer value) {
-        if (value <= 0 || value >= 9999999) {
+        if (value == null)
+            this.placeInQueue = null;
+        else if (value <= 0 || value >= 9999999) {
             this.placeInQueue = null;
         } else {
             this.placeInQueue = value;
diff --git a/QueueIT.Security/src/queueit/security/Md5KnownUser.java b/QueueIT.Security/src/queueit/security/Md5KnownUser.java
@@ -10,7 +10,7 @@
  * last update: 2012-10-25
  */
 class Md5KnownUser extends KnownUserBase {
-    Md5KnownUser(UUID queueId, int placeInQueue, Date timeStamp, String customerId, String eventId, RedirectType redirectType, URI originalUrl) {
+    Md5KnownUser(UUID queueId, Integer placeInQueue, Date timeStamp, String customerId, String eventId, RedirectType redirectType, URI originalUrl) {
         this.queueId = queueId;
         this.setPlaceInQueue(placeInQueue);
         this.timeStamp = timeStamp;
diff --git a/QueueIT.Security/test/queueit/security/HashingTest.java b/QueueIT.Security/test/queueit/security/HashingTest.java
@@ -39,7 +39,6 @@ public void tearDown() {
      */
     @Test
     public void testDecryptPlaceInQueue() {
-        System.out.println("DecryptPlaceInQueue");
         String encryptedPlaceInQueue = "21206da6-3f0a-468d-9325-471d070bbbfd";
         Integer expResult = 3613;
         Integer result = Hashing.decryptPlaceInQueue(encryptedPlaceInQueue);
@@ -48,7 +47,6 @@ public void testDecryptPlaceInQueue() {
     
     @Test (expected=InvalidKnownUserUrlException.class)
     public void testDecryptPlaceInQueue_null_arg() {
-        System.out.println("DecryptPlaceInQueue");
         String encryptedPlaceInQueue = null;
         Integer expResult = 7;
         Integer result = Hashing.decryptPlaceInQueue(encryptedPlaceInQueue);
@@ -57,12 +55,24 @@ public void testDecryptPlaceInQueue_null_arg() {
     
     @Test (expected=InvalidKnownUserUrlException.class)
     public void testDecryptPlaceInQueue_empty_arg() {
-        System.out.println("DecryptPlaceInQueue");
         String encryptedPlaceInQueue = "";
         Integer expResult = 7;
         Integer result = Hashing.decryptPlaceInQueue(encryptedPlaceInQueue);
         assertEquals(expResult, result);
     }
     
+    @Test
+    public void encryptPlaceInQueue_null_arg() {
+        Integer placeInQueue = null;
+        String result = Hashing.encryptPlaceInQueue(placeInQueue);
+        char[] resultChars = result.toCharArray();
+        assertEquals('0', resultChars[9]);
+        assertEquals('0', resultChars[26]);
+        assertEquals('0', resultChars[7]);
+        assertEquals('0', resultChars[20]);
+        assertEquals('0', resultChars[11]);
+        assertEquals('0', resultChars[3]);
+        assertEquals('0', resultChars[30]);
+    }
     
 }
diff --git a/QueueIT.Security/test/queueit/security/Md5KnownUserTest.java b/QueueIT.Security/test/queueit/security/Md5KnownUserTest.java
@@ -49,6 +49,21 @@ public void Md5KnownUser_Constructor_PlaceInQueueNotKnown_Test() {
         //Act
         Md5KnownUser knownUser = new Md5KnownUser(expectedQueueId, 9999999, expectedTimeStamp, null, null, RedirectType.Unknown, null);
 
+        //Assert        
+        assertEquals(expectedQueueId, knownUser.getQueueId());
+        assertEquals(null, knownUser.getPlaceInQueue());
+        assertEquals(expectedTimeStamp, knownUser.getTimeStamp());
+    }
+    
+        @Test
+    public void Md5KnownUser_Constructor_PlaceInQueueIsNull_Test() {
+        //Arrange
+        UUID expectedQueueId = UUID.randomUUID();
+        Date expectedTimeStamp = Calendar.getInstance().getTime();
+
+        //Act
+        Md5KnownUser knownUser = new Md5KnownUser(expectedQueueId, null, expectedTimeStamp, null, null, RedirectType.Unknown, null);
+
         //Assert        
         assertEquals(expectedQueueId, knownUser.getQueueId());
         assertEquals(null, knownUser.getPlaceInQueue());

Original file line number	Diff line number	Diff line change
`@@ -21,8 +21,7 @@ public static Integer decryptPlaceInQueue(String encryptedPlaceInQueue) {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`public static String encryptPlaceInQueue(Integer placeInQueue) {`
`24`		`-`
`25`		`- char[] placeInQueueChars = String.format("%07d", placeInQueue).toCharArray();`
	`24`	`+ char[] placeInQueueChars = String.format("%07d", placeInQueue != null ? placeInQueue : 0).toCharArray();`
`26`	`25`
`27`	`26`	`char[] encryptedPlaceInQueue = UUID.randomUUID().toString().toCharArray();`
`28`	`27`	`encryptedPlaceInQueue[9] = placeInQueueChars[6];`