From df7a39220850282a41375b60679dd3a30264cc55 Mon Sep 17 00:00:00 2001 From: "adrian.f.cole" Date: Thu, 3 Sep 2009 07:48:04 +0000 Subject: [PATCH] Issue 86: corrected to only allow the comp header into the signature git-svn-id: http://jclouds.googlecode.com/svn/trunk@1877 3d8758e0-26b5-11de-8745-db77d3ebf521 --- .../filters/SharedKeyAuthentication.java | 16 ++++++++++-- .../filters/SharedKeyAuthenticationTest.java | 25 +++++++++++++++++-- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/azure/storage/core/src/main/java/org/jclouds/azure/storage/filters/SharedKeyAuthentication.java b/azure/storage/core/src/main/java/org/jclouds/azure/storage/filters/SharedKeyAuthentication.java index f626b4ad14..1b22157170 100644 --- a/azure/storage/core/src/main/java/org/jclouds/azure/storage/filters/SharedKeyAuthentication.java +++ b/azure/storage/core/src/main/java/org/jclouds/azure/storage/filters/SharedKeyAuthentication.java @@ -189,8 +189,20 @@ public class SharedKeyAuthentication implements HttpRequestFilter { // mark and the comp parameter (for example, ?comp=metadata). No other parameters should be // included on the query string. if (request.getEndpoint().getQuery() != null) { - // TODO: determine what components of the query string are really needed. - toSign.append("?").append(request.getEndpoint().getQuery()); + StringBuilder paramsToSign = new StringBuilder("?"); + + String[] params = request.getEndpoint().getQuery().split("&"); + for (String param : params) { + String[] paramNameAndValue = param.split("="); + + if ("comp".equals(paramNameAndValue[0])) { + paramsToSign.append(param); + } + } + + if (paramsToSign.length() > 1) { + toSign.append(paramsToSign); + } } } diff --git a/azure/storage/core/src/test/java/org/jclouds/azure/storage/filters/SharedKeyAuthenticationTest.java b/azure/storage/core/src/test/java/org/jclouds/azure/storage/filters/SharedKeyAuthenticationTest.java index 03e0588168..55fad27b13 100755 --- a/azure/storage/core/src/test/java/org/jclouds/azure/storage/filters/SharedKeyAuthenticationTest.java +++ b/azure/storage/core/src/test/java/org/jclouds/azure/storage/filters/SharedKeyAuthenticationTest.java @@ -95,13 +95,34 @@ public class SharedKeyAuthenticationTest { } @Test - void testAclQueryStringRelative() { + void testAclQueryStringResTypeNotSignificant() { URI host = URI.create("http://" + ACCOUNT + ".blob.core.windows.net/mycontainer?restype=container"); HttpRequest request = new HttpRequest(HttpMethod.GET, host); StringBuilder builder = new StringBuilder(); filter.appendUriPath(request, builder); - assertEquals(builder.toString(), "/mycontainer?restype=container"); + assertEquals(builder.toString(), "/mycontainer"); + } + + @Test + void testAclQueryStringComp() { + URI host = URI.create("http://" + ACCOUNT + ".blob.core.windows.net/mycontainer?comp=list"); + HttpRequest request = new HttpRequest(HttpMethod.GET, host); + StringBuilder builder = new StringBuilder(); + filter.appendUriPath(request, builder); + assertEquals(builder.toString(), "/mycontainer?comp=list"); + } + + @Test + void testAclQueryStringRelativeWithExtraJunk() { + URI host = URI + .create("http://" + + ACCOUNT + + ".blob.core.windows.net/mycontainer?comp=list&marker=marker&maxresults=1&prefix=prefix"); + HttpRequest request = new HttpRequest(HttpMethod.GET, host); + StringBuilder builder = new StringBuilder(); + filter.appendUriPath(request, builder); + assertEquals(builder.toString(), "/mycontainer?comp=list"); } @Test