Skip to content

Commit

Permalink
Fix URL encoding problem for HTTP signatures (#6637)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sebastien-rosset
sebastien-rosset authored Jun 12, 2020
1 parent a0f2293 commit 3626bc4
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 20 deletions.
16 changes: 6 additions & 10 deletions ...enapi-generator/src/main/resources/Java/libraries/jersey2/auth/HttpSignatureAuth.mustache
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,16 +234,12 @@ public class HttpSignatureAuth implements Authentication {
throw new ApiException("Signer cannot be null. Please call the method `setPrivateKey` to set it up correctly");
}

// construct the path with the URL query string
String path = uri.getPath();

List<String> urlQueries = new ArrayList<String>();
for (Pair queryParam : queryParams) {
urlQueries.add(queryParam.getName() + "=" + URLEncoder.encode(queryParam.getValue(), "utf8").replaceAll("\\+", "%20"));
}

if (!urlQueries.isEmpty()) {
path = path + "?" + String.join("&", urlQueries);
// construct the path with the URL-encoded path and query.
// Calling getRawPath and getRawQuery ensures the path is URL-encoded as it will be serialized
// on the wire. The HTTP signature must use the encode URL as it is sent on the wire.
String path = uri.getRawPath();
if (uri.getRawQuery() != "") {
path += "?" + uri.getRawQuery();
}

headerParams.put("Authorization", signer.sign(method, path, headerParams).toString());
Expand Down
16 changes: 6 additions & 10 deletions ...tore/java/jersey2-java8/src/main/java/org/openapitools/client/auth/HttpSignatureAuth.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,16 +245,12 @@ public void applyToParams(List<Pair> queryParams, Map<String, String> headerPara
throw new ApiException("Signer cannot be null. Please call the method `setPrivateKey` to set it up correctly");
}

// construct the path with the URL query string
String path = uri.getPath();

List<String> urlQueries = new ArrayList<String>();
for (Pair queryParam : queryParams) {
urlQueries.add(queryParam.getName() + "=" + URLEncoder.encode(queryParam.getValue(), "utf8").replaceAll("\\+", "%20"));
}

if (!urlQueries.isEmpty()) {
path = path + "?" + String.join("&", urlQueries);
// construct the path with the URL-encoded path and query.
// Calling getRawPath and getRawQuery ensures the path is URL-encoded as it will be serialized
// on the wire. The HTTP signature must use the encode URL as it is sent on the wire.
String path = uri.getRawPath();
if (uri.getRawQuery() != "") {
path += "?" + uri.getRawQuery();
}

headerParams.put("Authorization", signer.sign(method, path, headerParams).toString());
Expand Down

0 comments on commit 3626bc4

Please sign in to comment.