add support for xdate header in signature

ginoaugustine · joshunter · commit 35a7a1432e57 · 2023-11-14T09:08:02.000-08:00
Signed-off-by: Gino Augustine &lt;ginoaugustine@gmail.com&gt;
diff --git a/bmc-common/src/main/java/com/oracle/bmc/http/signing/internal/Constants.java b/bmc-common/src/main/java/com/oracle/bmc/http/signing/internal/Constants.java
@@ -75,7 +75,7 @@ public class Constants {
     public static final List<String> OPTIONAL_HEADERS_NAMES =
             Collections.unmodifiableList(
                     Arrays.asList(
-                            OPC_OBO_TOKEN, CROSS_TENANCY_REQUEST_HEADER_NAME, X_SUBSCRIPTION));
+                            OPC_OBO_TOKEN, CROSS_TENANCY_REQUEST_HEADER_NAME, X_SUBSCRIPTION, X_DATE));
 
     public static final Map<String, List<String>> OPTIONAL_SIGNING_HEADERS_MAP =
             createHeadersToSignForVerbMap(
diff --git a/bmc-common/src/main/java/com/oracle/bmc/http/signing/internal/RequestSignerImpl.java b/bmc-common/src/main/java/com/oracle/bmc/http/signing/internal/RequestSignerImpl.java
@@ -163,6 +163,11 @@ public static Map<String, String> signRequest(
             for (String optionalHeaderName : optionalHeaders) {
                 if (headers.get(optionalHeaderName) != null) {
                     requiredHeaders.add(optionalHeaderName);
+                    //If X-Date is present Date header is skipped
+                    if (Constants.X_DATE.equals(optionalHeaderName)) {
+                        requiredHeaders.remove(Constants.DATE);
+                    }
+
                 }
             }
 
@@ -317,8 +322,7 @@ static Map<String, String> calculateMissingHeaders(
         // all of the required headers that are currently missing
         Map<String, String> missingHeaders = new HashMap<>();
 
-        if (isRequiredHeaderMissing(Constants.DATE, requiredHeaders, existingHeaders) &&
-            !existingHeaders.containsKey(Constants.X_DATE)) {
+        if (isRequiredHeaderMissing(Constants.DATE, requiredHeaders, existingHeaders)) {
             missingHeaders.put(Constants.DATE, createFormatter().format(new Date()));
         }
 
diff --git a/bmc-common/src/test/java/com/oracle/bmc/http/signing/internal/RequestSignerImplTest.java b/bmc-common/src/test/java/com/oracle/bmc/http/signing/internal/RequestSignerImplTest.java
@@ -244,6 +244,86 @@ public void signRequest_withOptionallySignedHeader()
         }
     }
 
+    // Reload the classes so PowerMockito can inject the static mocks.
+    @PrepareForTest({LoggerFactory.class, Serializer.class, RequestSignerImpl.class})
+    @Test
+    public void signRequest_WhenXDateHeaderSkipDateHeaderFromSignature()
+            throws IllegalAccessException, NoSuchFieldException {
+        final Map<String, List<String>> headers = new HashMap<>();
+        headers.put(Constants.X_DATE,Collections.singletonList("Wed, 11 Oct 2023 12:23:17 GMT"));
+        headers.put(Constants.DATE,Collections.singletonList("Wed, 11 Oct 2023 12:23:17 GMT"));
+
+        URI uri = URI.create("https://test.us-phoenix-1.oraclecloud.com/20181016/paths");
+        String keyId = "keyId";
+
+        KeySupplier<RSAPrivateKey> keySupplier =
+                (KeySupplier<RSAPrivateKey>) mock(KeySupplier.class);
+
+        RSAPrivateKey privateKey = mock(RSAPrivateKey.class);
+        when(keySupplier.supplyKey(keyId)).thenReturn(Optional.of(privateKey));
+
+        SignatureSigner signer = mock(SignatureSigner.class);
+
+        Field signerField = RequestSignerImpl.class.getDeclaredField("SIGNER");
+        boolean wasAccessible = signerField.isAccessible();
+        signerField.setAccessible(true);
+        signerField.set(null, signer);
+        if (!wasAccessible) {
+            signerField.setAccessible(false);
+        }
+
+        byte[] signature = new byte[] {1, 2, 3, 4, 5};
+        when(signer.sign(any(RSAPrivateKey.class), any(byte[].class), any(String.class)))
+                .thenReturn(signature);
+
+        RequestSignerImpl.SigningConfiguration signingConfiguration =
+                new RequestSignerImpl.SigningConfiguration(
+                        SigningStrategy.STANDARD.getHeadersToSign(),
+                        SigningStrategy.STANDARD.getOptionalHeadersToSign(),
+                        SigningStrategy.STANDARD.isSkipContentHeadersForStreamingPutRequests());
+        String verb = "get";
+        Map<String, String> authHeaders =
+                RequestSignerImpl.signRequest(
+                        Algorithm.RSAPSS256,
+                        uri,
+                        verb,
+                        headers,
+                        null,
+                        SignedRequestVersion.getLatestVersion().getVersionName(),
+                        keyId,
+                        keySupplier,
+                        signingConfiguration);
+
+        String authorization = authHeaders.get(Constants.AUTHORIZATION_HEADER);
+
+        Pattern headersPattern = Pattern.compile("headers=\"([^\"]*)\"");
+        Matcher matcher = headersPattern.matcher(authorization);
+        assertTrue(matcher.find());
+        Set<String> authorizationHeaders =
+                Collections.unmodifiableSet(
+                        new HashSet<>(Arrays.asList(matcher.group(1).split(" "))));
+        SigningStrategy.STANDARD.getHeadersToSign().get(verb)
+                .stream()
+                .filter(requiredHeader -> !Constants.DATE.equals(requiredHeader))
+                .forEach(requiredHeader -> {
+                    assertTrue(authorizationHeaders.contains(requiredHeader));
+                    if (requiredHeader.equals(Constants.REQUEST_TARGET)) {
+                        // this is only signed, not passed as header
+                        assertFalse(authHeaders.containsKey(requiredHeader));
+                    } else {
+                        assertTrue(authHeaders.containsKey(requiredHeader));
+                        if (headers.containsKey(requiredHeader)) {
+                            // if it exists, it should have the same value
+                            assertEquals(
+                                    headers.get(requiredHeader).get(0), authHeaders.get(requiredHeader));
+                        }
+                    }
+                });
+        assertTrue(authorizationHeaders.contains(Constants.X_DATE));
+        assertFalse(authorizationHeaders.contains(Constants.DATE));
+
+    }
+
     @Test
     public void calculateMissingHeaders_postStringContentAsJson() throws IOException {
         calculateAndVerifyMissingHeaders(
@@ -415,32 +495,6 @@ public void calculateMissingHeaders_headInputStreamBodyWithExcludeBodySigningStr
                 SigningStrategy.EXCLUDE_BODY);
     }
 
-    @Test
-    public void calculateMissingHeaders_whenGetRequestWithXDateHeader()
-            throws IOException {
-        final URI uri = URI.create("https://identity.us-phoenix-1.oraclecloud.com/20160918/users");
-        final Map<String, List<String>> temp = new HashMap<>();
-        temp.put("x-date",Collections.singletonList("Wed, 11 Oct 2023 12:23:17 GMT"));
-        final Map<String, List<String>> existingHeaders = Collections.unmodifiableMap(temp);
-        SigningStrategy signingStrategy = SigningStrategy.STANDARD;
-        final RequestSignerImpl.SigningConfiguration signingConfiguration =
-                new RequestSignerImpl.SigningConfiguration(
-                        signingStrategy.getHeadersToSign(),
-                        signingStrategy.getOptionalHeadersToSign(),
-                        signingStrategy.isSkipContentHeadersForStreamingPutRequests());
-        final Map<String, String> missingHeaders =
-                RequestSignerImpl.calculateMissingHeaders(
-                        "get",
-                        uri,
-                        existingHeaders,
-                        null,
-                        Constants.ALL_HEADERS_LIST,
-                        signingConfiguration);
-        assertNotNull(missingHeaders);
-        assertEquals(1, missingHeaders.size());
-        assertFalse(missingHeaders.containsKey("date"));
-    }
-
     private void calculateAndVerifyMissingHeaders(
             final String httpMethod,
             final String contentType,

Original file line number	Diff line number	Diff line change
`@@ -163,6 +163,11 @@ public static Map<String, String> signRequest(`
`163`	`163`	`for (String optionalHeaderName : optionalHeaders) {`
`164`	`164`	`if (headers.get(optionalHeaderName) != null) {`
`165`	`165`	`requiredHeaders.add(optionalHeaderName);`
	`166`	`+ //If X-Date is present Date header is skipped`
	`167`	`+ if (Constants.X_DATE.equals(optionalHeaderName)) {`
	`168`	`+ requiredHeaders.remove(Constants.DATE);`
	`169`	`+ }`
	`170`	`+`
`166`	`171`	`}`
`167`	`172`	`}`
`168`	`173`
`@@ -317,8 +322,7 @@ static Map<String, String> calculateMissingHeaders(`
`317`	`322`	`// all of the required headers that are currently missing`
`318`	`323`	`Map<String, String> missingHeaders = new HashMap<>();`
`319`	`324`
`320`		`- if (isRequiredHeaderMissing(Constants.DATE, requiredHeaders, existingHeaders) &&`
`321`		`- !existingHeaders.containsKey(Constants.X_DATE)) {`
	`325`	`+ if (isRequiredHeaderMissing(Constants.DATE, requiredHeaders, existingHeaders)) {`
`322`	`326`	`missingHeaders.put(Constants.DATE, createFormatter().format(new Date()));`
`323`	`327`	`}`
`324`	`328`