Skip to content

Commit

Permalink
Merge pull request #129 from mdsol/feature/MCC-650302-set-default-sig…
Browse files Browse the repository at this point in the history
…ning-to-v1

[MCC-650302] Change the default signing versions to v1 only
  • Loading branch information
jatcwang authored Aug 6, 2020
2 parents 56ed526 + 6e4162a commit b7cc405
Show file tree
Hide file tree
Showing 7 changed files with 52 additions and 37 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]
### Changed
- Change the default signing versions to 'v1' only

## [5.0.0] - 2020-07-14
### Changed
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,22 +66,25 @@ public UUID getAppUuid() {
static public List<MAuthVersion> getSignVersions(String signVersionsStr) {
List<MAuthVersion> signVersions = new ArrayList();
List<String> unrecognizedVersions = new ArrayList();
List<String> versionList = Arrays.asList(signVersionsStr.toLowerCase().split(","));
versionList.forEach(e -> {
switch (e.trim()) {
case "v1":
signVersions.add(MAuthVersion.MWS);
break;
case "v2":
signVersions.add(MAuthVersion.MWSV2);
break;
default:
unrecognizedVersions.add(e.trim());
break;
}
});
if (signVersionsStr != null) {
List<String> versionList = Arrays.asList(signVersionsStr.toLowerCase().split(","));
versionList.forEach(e -> {
switch (e.trim()) {
case "v1":
signVersions.add(MAuthVersion.MWS);
break;
case "v2":
signVersions.add(MAuthVersion.MWSV2);
break;
default:
unrecognizedVersions.add(e.trim());
break;
}
});
}

if (signVersions.isEmpty())
signVersions.add(MAuthVersion.MWSV2);
signVersions.add(MAuthVersion.MWS);

if (!unrecognizedVersions.isEmpty())
logger.warn("unrecognized versions to sign requests: " + unrecognizedVersions.toString());
Expand Down
2 changes: 1 addition & 1 deletion modules/mauth-proxy/src/main/resources/reference.conf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ app {
}

mauth {
sign_versions: "v2" # default value
sign_versions: "v1" # default value
sign_versions: ${?MAUTH_SIGN_VERSIONS}
v2_only_authenticate: false
}
2 changes: 1 addition & 1 deletion modules/mauth-signer-akka-http/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ This is an implementation of Medidata Authentication Client Signer to sign the H
. Configuration

** MAuth uses https://github.com/typesafehub/config[Typesafe Config].
Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v2. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers
Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v1. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers

----
app {
Expand Down
2 changes: 1 addition & 1 deletion modules/mauth-signer-apachehttp/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ This is an implementation of Medidata Authentication Client Signer to sign the H
== Usage
. Configuration
* MAuth uses https://github.com/typesafehub/config[Typesafe Config].
Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v2. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers
Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v1. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers

----
app {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ public class SignerConfiguration implements MAuthConfiguration {
public static final String MAUTH_SIGN_VERSIONS = MAUTH_SECTION_HEADER + ".sign_versions";

public static final List<MAuthVersion> ALL_SIGN_VERSIONS = Arrays.asList(MAuthVersion.values());
public static final List<MAuthVersion> DEFAULT_SIGN_VERSION = Arrays.asList(MAuthVersion.MWSV2);
public static final List<MAuthVersion> DEFAULT_SIGN_VERSION = Arrays.asList(MAuthVersion.MWS);

private final UUID appUUID;
private final transient String privateKey;
Expand Down Expand Up @@ -64,24 +64,26 @@ public List<MAuthVersion> getSignVersions() {
static public List<MAuthVersion> getSignVersions(String signVersionsStr) {
List<MAuthVersion> signVersions = new ArrayList();
List<String> unrecognizedVersions = new ArrayList();
List<String> versionList = Arrays.asList(signVersionsStr.toLowerCase().split(","));
versionList.forEach(e -> {
switch (e.trim()) {
case "v1":
signVersions.add(MAuthVersion.MWS);
break;
case "v2":
signVersions.add(MAuthVersion.MWSV2);
break;
default:
unrecognizedVersions.add(e.trim());
break;
}
});

if (signVersions.isEmpty()) return DEFAULT_SIGN_VERSION;

if (!unrecognizedVersions.isEmpty())
if (signVersionsStr != null) {
List<String> versionList = Arrays.asList(signVersionsStr.toLowerCase().split(","));
versionList.forEach(e -> {
switch (e.trim()) {
case "v1":
signVersions.add(MAuthVersion.MWS);
break;
case "v2":
signVersions.add(MAuthVersion.MWSV2);
break;
default:
unrecognizedVersions.add(e.trim());
break;
}
});
}

if (signVersions.isEmpty()) signVersions.addAll(DEFAULT_SIGN_VERSION);

if (unrecognizedVersions.size() > 0)
logger.warn("unrecognized versions to sign requests: " + unrecognizedVersions.toString());

logger.info("Protocol versions to sign requests: " + signVersions.toString());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -211,4 +211,12 @@ class DefaultSignerSpec extends AnyFlatSpec with Matchers with MockFactory {
headers(MAuthRequest.MCC_AUTHENTICATION_HEADER_NAME) matches AUTHENTICATION_HEADER_PATTERN_V2
headers(MAuthRequest.MCC_TIME_HEADER_NAME) shouldBe String.valueOf(TEST_EPOCH_TIME)
}

it should "be default sign version" in {
val expected_sign_versions = SignerConfiguration.DEFAULT_SIGN_VERSION
SignerConfiguration.getSignVersions(null) shouldBe expected_sign_versions
SignerConfiguration.getSignVersions("") shouldBe expected_sign_versions
SignerConfiguration.getSignVersions("v10, v20, v30") shouldBe expected_sign_versions
}

}

0 comments on commit b7cc405

Please sign in to comment.