From 6e4162a88fdee9ac3016156badc8436b72e87828 Mon Sep 17 00:00:00 2001 From: bgong Date: Wed, 5 Aug 2020 13:48:08 -0400 Subject: [PATCH] set the default signing versions to v1 only --- CHANGELOG.md | 2 + .../com/mdsol/mauth/proxy/ProxyConfig.java | 33 ++++++++------- .../src/main/resources/reference.conf | 2 +- modules/mauth-signer-akka-http/README.adoc | 2 +- modules/mauth-signer-apachehttp/README.adoc | 2 +- .../com/mdsol/mauth/SignerConfiguration.java | 40 ++++++++++--------- .../com/mdsol/mauth/DefaultSignerSpec.scala | 8 ++++ 7 files changed, 52 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b20593b..69aa0e7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Changed +- Change the default signing versions to 'v1' only ## [5.0.0] - 2020-07-14 ### Changed diff --git a/modules/mauth-proxy/src/main/java/com/mdsol/mauth/proxy/ProxyConfig.java b/modules/mauth-proxy/src/main/java/com/mdsol/mauth/proxy/ProxyConfig.java index 748ef19f..135727e2 100644 --- a/modules/mauth-proxy/src/main/java/com/mdsol/mauth/proxy/ProxyConfig.java +++ b/modules/mauth-proxy/src/main/java/com/mdsol/mauth/proxy/ProxyConfig.java @@ -66,22 +66,25 @@ public UUID getAppUuid() { static public List getSignVersions(String signVersionsStr) { List signVersions = new ArrayList(); List unrecognizedVersions = new ArrayList(); - List versionList = Arrays.asList(signVersionsStr.toLowerCase().split(",")); - versionList.forEach(e -> { - switch (e.trim()) { - case "v1": - signVersions.add(MAuthVersion.MWS); - break; - case "v2": - signVersions.add(MAuthVersion.MWSV2); - break; - default: - unrecognizedVersions.add(e.trim()); - break; - } - }); + if (signVersionsStr != null) { + List versionList = Arrays.asList(signVersionsStr.toLowerCase().split(",")); + versionList.forEach(e -> { + switch (e.trim()) { + case "v1": + signVersions.add(MAuthVersion.MWS); + break; + case "v2": + signVersions.add(MAuthVersion.MWSV2); + break; + default: + unrecognizedVersions.add(e.trim()); + break; + } + }); + } + if (signVersions.isEmpty()) - signVersions.add(MAuthVersion.MWSV2); + signVersions.add(MAuthVersion.MWS); if (!unrecognizedVersions.isEmpty()) logger.warn("unrecognized versions to sign requests: " + unrecognizedVersions.toString()); diff --git a/modules/mauth-proxy/src/main/resources/reference.conf b/modules/mauth-proxy/src/main/resources/reference.conf index 7e594ee5..8ea94988 100644 --- a/modules/mauth-proxy/src/main/resources/reference.conf +++ b/modules/mauth-proxy/src/main/resources/reference.conf @@ -11,7 +11,7 @@ app { } mauth { - sign_versions: "v2" # default value + sign_versions: "v1" # default value sign_versions: ${?MAUTH_SIGN_VERSIONS} v2_only_authenticate: false } \ No newline at end of file diff --git a/modules/mauth-signer-akka-http/README.adoc b/modules/mauth-signer-akka-http/README.adoc index 3344d129..d76a0878 100644 --- a/modules/mauth-signer-akka-http/README.adoc +++ b/modules/mauth-signer-akka-http/README.adoc @@ -7,7 +7,7 @@ This is an implementation of Medidata Authentication Client Signer to sign the H . Configuration ** MAuth uses https://github.com/typesafehub/config[Typesafe Config]. - Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v2. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers + Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v1. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers ---- app { diff --git a/modules/mauth-signer-apachehttp/README.adoc b/modules/mauth-signer-apachehttp/README.adoc index ed57a24d..5c166f78 100644 --- a/modules/mauth-signer-apachehttp/README.adoc +++ b/modules/mauth-signer-apachehttp/README.adoc @@ -5,7 +5,7 @@ This is an implementation of Medidata Authentication Client Signer to sign the H == Usage . Configuration * MAuth uses https://github.com/typesafehub/config[Typesafe Config]. - Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v2. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers + Create `application.conf` on your classpath with the following content. The mauth_sign_requests option can be set to sign outgoing requests with Comma-separated protocol versions to sign requests. the default is v1. If the both v1 and v2 specified, the client sign requests with both x-mws-xxxxx and mcc-xxxxx headers ---- app { diff --git a/modules/mauth-signer/src/main/java/com/mdsol/mauth/SignerConfiguration.java b/modules/mauth-signer/src/main/java/com/mdsol/mauth/SignerConfiguration.java index 83d30ad0..81a58cfd 100644 --- a/modules/mauth-signer/src/main/java/com/mdsol/mauth/SignerConfiguration.java +++ b/modules/mauth-signer/src/main/java/com/mdsol/mauth/SignerConfiguration.java @@ -19,7 +19,7 @@ public class SignerConfiguration implements MAuthConfiguration { public static final String MAUTH_SIGN_VERSIONS = MAUTH_SECTION_HEADER + ".sign_versions"; public static final List ALL_SIGN_VERSIONS = Arrays.asList(MAuthVersion.values()); - public static final List DEFAULT_SIGN_VERSION = Arrays.asList(MAuthVersion.MWSV2); + public static final List DEFAULT_SIGN_VERSION = Arrays.asList(MAuthVersion.MWS); private final UUID appUUID; private final transient String privateKey; @@ -64,24 +64,26 @@ public List getSignVersions() { static public List getSignVersions(String signVersionsStr) { List signVersions = new ArrayList(); List unrecognizedVersions = new ArrayList(); - List versionList = Arrays.asList(signVersionsStr.toLowerCase().split(",")); - versionList.forEach(e -> { - switch (e.trim()) { - case "v1": - signVersions.add(MAuthVersion.MWS); - break; - case "v2": - signVersions.add(MAuthVersion.MWSV2); - break; - default: - unrecognizedVersions.add(e.trim()); - break; - } - }); - - if (signVersions.isEmpty()) return DEFAULT_SIGN_VERSION; - - if (!unrecognizedVersions.isEmpty()) + if (signVersionsStr != null) { + List versionList = Arrays.asList(signVersionsStr.toLowerCase().split(",")); + versionList.forEach(e -> { + switch (e.trim()) { + case "v1": + signVersions.add(MAuthVersion.MWS); + break; + case "v2": + signVersions.add(MAuthVersion.MWSV2); + break; + default: + unrecognizedVersions.add(e.trim()); + break; + } + }); + } + + if (signVersions.isEmpty()) signVersions.addAll(DEFAULT_SIGN_VERSION); + + if (unrecognizedVersions.size() > 0) logger.warn("unrecognized versions to sign requests: " + unrecognizedVersions.toString()); logger.info("Protocol versions to sign requests: " + signVersions.toString()); diff --git a/modules/mauth-signer/src/test/scala/com/mdsol/mauth/DefaultSignerSpec.scala b/modules/mauth-signer/src/test/scala/com/mdsol/mauth/DefaultSignerSpec.scala index 5acfa335..41f5c7fd 100644 --- a/modules/mauth-signer/src/test/scala/com/mdsol/mauth/DefaultSignerSpec.scala +++ b/modules/mauth-signer/src/test/scala/com/mdsol/mauth/DefaultSignerSpec.scala @@ -211,4 +211,12 @@ class DefaultSignerSpec extends AnyFlatSpec with Matchers with MockFactory { headers(MAuthRequest.MCC_AUTHENTICATION_HEADER_NAME) matches AUTHENTICATION_HEADER_PATTERN_V2 headers(MAuthRequest.MCC_TIME_HEADER_NAME) shouldBe String.valueOf(TEST_EPOCH_TIME) } + + it should "be default sign version" in { + val expected_sign_versions = SignerConfiguration.DEFAULT_SIGN_VERSION + SignerConfiguration.getSignVersions(null) shouldBe expected_sign_versions + SignerConfiguration.getSignVersions("") shouldBe expected_sign_versions + SignerConfiguration.getSignVersions("v10, v20, v30") shouldBe expected_sign_versions + } + }