More defensive about content type

This commit is contained in:
Dave Syer
2014-09-01 09:18:10 +01:00
parent d684f05f2d
commit fdb6d0e354
5 changed files with 24 additions and 22 deletions

View File

@@ -30,7 +30,7 @@ public class ApplicationTests {
@BeforeClass
public static void startConfigServer() {
ConfigurableApplicationContext context = SpringApplication.run(
org.springframework.cloud.config.server.Application.class,
org.springframework.cloud.config.server.ConfigServerApplication.class,
"--server.port=" + configPort, "--spring.config.name=server");
configPort = ((EmbeddedWebApplicationContext) context).getEmbeddedServletContainer().getPort();
System.setProperty("config.port", "" + configPort);

View File

@@ -6,6 +6,6 @@ import org.springframework.context.annotation.Configuration;
@Configuration
@EnableAutoConfiguration
@EnableConfigServer
public class Application {
public class ConfigServerApplication {
}

View File

@@ -25,12 +25,12 @@ import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.cloud.config.Environment;
import org.springframework.cloud.config.PropertySource;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
@@ -38,6 +38,7 @@ import org.springframework.security.rsa.crypto.RsaKeyHolder;
import org.springframework.security.rsa.crypto.RsaSecretEncryptor;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
@@ -150,21 +151,21 @@ public class EncryptionController {
}
@RequestMapping(value = "encrypt", method = RequestMethod.POST)
public String encrypt(@RequestBody String data) {
public String encrypt(@RequestBody String data, @RequestHeader("Content-Type") MediaType type) {
if (encryptor == null) {
throw new KeyNotInstalledException();
}
data = stripFormData(data);
data = stripFormData(data, type);
return encryptor.encrypt(data);
}
@RequestMapping(value = "decrypt", method = RequestMethod.POST)
public String decrypt(@RequestBody String data) {
public String decrypt(@RequestBody String data, @RequestHeader("Content-Type") MediaType type) {
if (encryptor == null) {
throw new KeyNotInstalledException();
}
try {
data = stripFormData(data);
data = stripFormData(data, type);
return encryptor.decrypt(data);
}
catch (IllegalArgumentException e) {
@@ -172,9 +173,9 @@ public class EncryptionController {
}
}
private String stripFormData(String data) {
private String stripFormData(String data, MediaType type) {
if (data.endsWith("=") && !Base64.isBase64(data.getBytes())) {
if (data.endsWith("=") && !type.equals(MediaType.TEXT_PLAIN)) {
// User posted data with content type form but meant it to be text/plain
data = data.substring(0, data.length() - 1);
}

View File

@@ -13,7 +13,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = Application.class)
@SpringApplicationConfiguration(classes = ConfigServerApplication.class)
@IntegrationTest("server.port:0")
@WebAppConfiguration
public class ApplicationTests {

View File

@@ -24,6 +24,7 @@ import java.util.Collections;
import org.junit.Test;
import org.springframework.cloud.config.Environment;
import org.springframework.cloud.config.PropertySource;
import org.springframework.http.MediaType;
import org.springframework.security.rsa.crypto.RsaSecretEncryptor;
/**
@@ -36,7 +37,7 @@ public class EncryptionControllerTests {
@Test(expected = KeyNotInstalledException.class)
public void cannotDecryptWithoutKey() {
controller.decrypt("foo");
controller.decrypt("foo", MediaType.TEXT_PLAIN);
}
@Test(expected = KeyFormatException.class)
@@ -52,21 +53,21 @@ public class EncryptionControllerTests {
@Test(expected = InvalidCipherException.class)
public void invalidCipher() {
controller.uploadKey("foo");
controller.decrypt("foo");
controller.decrypt("foo", MediaType.TEXT_PLAIN);
}
@Test
public void sunnyDaySymmetricKey() {
controller.uploadKey("foo");
String cipher = controller.encrypt("foo");
assertEquals("foo", controller.decrypt(cipher));
String cipher = controller.encrypt("foo", MediaType.TEXT_PLAIN);
assertEquals("foo", controller.decrypt(cipher, MediaType.TEXT_PLAIN));
}
@Test
public void sunnyDayRsaKey() {
controller.setEncryptor(new RsaSecretEncryptor());
String cipher = controller.encrypt("foo");
assertEquals("foo", controller.decrypt(cipher));
String cipher = controller.encrypt("foo", MediaType.TEXT_PLAIN);
assertEquals("foo", controller.decrypt(cipher, MediaType.TEXT_PLAIN));
}
@Test
@@ -79,7 +80,7 @@ public class EncryptionControllerTests {
@Test
public void decryptEnvironment() {
controller.uploadKey("foo");
String cipher = controller.encrypt("foo");
String cipher = controller.encrypt("foo", MediaType.TEXT_PLAIN);
Environment environment = new Environment("foo", "bar");
environment.add(new PropertySource("spam", Collections
.<Object, Object> singletonMap("my", "{cipher}" + cipher)));
@@ -90,8 +91,8 @@ public class EncryptionControllerTests {
@Test
public void randomizedCipher() {
controller.uploadKey("foo");
String cipher = controller.encrypt("foo");
assertNotEquals(cipher, controller.encrypt("foo"));
String cipher = controller.encrypt("foo", MediaType.TEXT_PLAIN);
assertNotEquals(cipher, controller.encrypt("foo", MediaType.TEXT_PLAIN));
}
}