Issue 86: corrected to only allow the comp header into the signature

git-svn-id: http://jclouds.googlecode.com/svn/trunk@1877 3d8758e0-26b5-11de-8745-db77d3ebf521
2009-09-03 07:48:04 +00:00 · 2009-09-03 07:48:04 +00:00 · df7a392208
parent 7e9229d55e
commit df7a392208
2 changed files with 37 additions and 4 deletions
--- a/azure/storage/core/src/main/java/org/jclouds/azure/storage/filters/SharedKeyAuthentication.java
+++ b/azure/storage/core/src/main/java/org/jclouds/azure/storage/filters/SharedKeyAuthentication.java
@ -189,8 +189,20 @@ public class SharedKeyAuthentication implements HttpRequestFilter {
      // mark and the comp parameter (for example, ?comp=metadata). No other parameters should be
      // included on the query string.
      if (request.getEndpoint().getQuery() != null) {
-         // TODO: determine what components of the query string are really needed.
-         toSign.append("?").append(request.getEndpoint().getQuery());
+         StringBuilder paramsToSign = new StringBuilder("?");
+
+         String[] params = request.getEndpoint().getQuery().split("&");
+         for (String param : params) {
+            String[] paramNameAndValue = param.split("=");
+
+            if ("comp".equals(paramNameAndValue[0])) {
+               paramsToSign.append(param);
+            }
+         }
+
+         if (paramsToSign.length() > 1) {
+            toSign.append(paramsToSign);
+         }
      }
   }

--- a/azure/storage/core/src/test/java/org/jclouds/azure/storage/filters/SharedKeyAuthenticationTest.java
+++ b/azure/storage/core/src/test/java/org/jclouds/azure/storage/filters/SharedKeyAuthenticationTest.java
@ -95,13 +95,34 @@ public class SharedKeyAuthenticationTest {
   }

   @Test
-   void testAclQueryStringRelative() {
+   void testAclQueryStringResTypeNotSignificant() {
      URI host = URI.create("http://" + ACCOUNT
               + ".blob.core.windows.net/mycontainer?restype=container");
      HttpRequest request = new HttpRequest(HttpMethod.GET, host);
      StringBuilder builder = new StringBuilder();
      filter.appendUriPath(request, builder);
-      assertEquals(builder.toString(), "/mycontainer?restype=container");
+      assertEquals(builder.toString(), "/mycontainer");
+   }
+
+   @Test
+   void testAclQueryStringComp() {
+      URI host = URI.create("http://" + ACCOUNT + ".blob.core.windows.net/mycontainer?comp=list");
+      HttpRequest request = new HttpRequest(HttpMethod.GET, host);
+      StringBuilder builder = new StringBuilder();
+      filter.appendUriPath(request, builder);
+      assertEquals(builder.toString(), "/mycontainer?comp=list");
+   }
+
+   @Test
+   void testAclQueryStringRelativeWithExtraJunk() {
+      URI host = URI
+               .create("http://"
+                        + ACCOUNT
+                        + ".blob.core.windows.net/mycontainer?comp=list&marker=marker&maxresults=1&prefix=prefix");
+      HttpRequest request = new HttpRequest(HttpMethod.GET, host);
+      StringBuilder builder = new StringBuilder();
+      filter.appendUriPath(request, builder);
+      assertEquals(builder.toString(), "/mycontainer?comp=list");
   }

   @Test