fix: add the missing encoding and add a pattern to validate the hash (#…

…2430) * fix: add the missing encoding and add a pattern to validate the hash Refs: XRDDEV-2731 * fix: test fixes Refs: XRDDEV-2731
nordic-institute · Nov 19, 2024 · 577093c · 577093c
1 parent 8660082
commit 577093c
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 9 deletions.
diff --git a/src/central-server/admin-service/ui/src/store/modules/trusted-anchors.ts b/src/central-server/admin-service/ui/src/store/modules/trusted-anchors.ts
@@ -29,6 +29,7 @@ import { defineStore } from 'pinia';
 import { saveResponseAsFile } from '@/util/helpers';
 import axios from 'axios';
 import { TrustedAnchor } from '@/openapi-types';
+import {encodePathParameter} from "@/util/api";
 
 export const useTrustedAnchor = defineStore('trustedAnchor', {
   actions: {
@@ -67,7 +68,7 @@ export const useTrustedAnchor = defineStore('trustedAnchor', {
     },
     downloadTrustedAnchor(hash: string) {
       return axios
-        .get(`/trusted-anchors/${hash}/download`, {
+        .get(`/trusted-anchors/${encodePathParameter(hash)}/download`, {
           responseType: 'blob',
         })
         .then((resp) => {
@@ -79,7 +80,7 @@ export const useTrustedAnchor = defineStore('trustedAnchor', {
     },
     deleteTrustedAnchor(hash: string) {
       return axios
-        .delete(`/trusted-anchors/${hash}`, {
+        .delete(`/trusted-anchors/${encodePathParameter(hash)}`, {
           responseType: 'blob',
         })
         .catch((error) => {

diff --git a/...s/xroad/securityserver/restapi/openapi/TokenCertificatesApiControllerIntegrationTest.java b/...s/xroad/securityserver/restapi/openapi/TokenCertificatesApiControllerIntegrationTest.java
@@ -100,9 +100,9 @@ public class TokenCertificatesApiControllerIntegrationTest extends AbstractApiCo
     @Autowired
     TokenCertificatesApiController tokenCertificatesApiController;
 
-    private static final String AUTH_CERT_HASH = "auth-cert-hash";
-    private static final String SIGN_CERT_HASH = "sign-cert-hash";
-    private static final String UNKNOWN_CERT_HASH = "unknown-cert-hash";
+    private static final String AUTH_CERT_HASH = "1A24F22E9BA8DDD86DAC48D854AD3C8701D28391DB705A7FAD1AB09BD1";
+    private static final String SIGN_CERT_HASH = "1A24F22E9BA8DDD86DAC48D854AD3C8701D28391DB705A7FAD1AB09BD2";
+    private static final String UNKNOWN_CERT_HASH = "1A24F22E9BA8DDD86DAC48D854AD3C8701D28391DB705A7FAD1AB09BD0";
 
     @Before
     public void setup() throws Exception {
@@ -369,7 +369,7 @@ public void getCertificateForHashNotFound() throws Exception {
                 .tr(SIGNER_X + "." + X_CERT_NOT_FOUND, "mock code", "mock msg"))
                 .when(signerProxyFacade).getCertForHash(any());
         try {
-            tokenCertificatesApiController.getCertificate("knock knock");
+            tokenCertificatesApiController.getCertificate(UNKNOWN_CERT_HASH);
         } catch (ResourceNotFoundException e) {
             ErrorDeviation error = e.getErrorDeviation();
             Assert.assertEquals(DeviationCodes.ERROR_CERTIFICATE_NOT_FOUND, error.getCode());
@@ -495,7 +495,7 @@ public void deleteCertificateNotFound() throws Exception {
                 .withPrefix(SIGNER_X))
                 .when(signerProxyFacade).deleteCert(any());
         try {
-            tokenCertificatesApiController.deleteCertificate("knock knock");
+            tokenCertificatesApiController.deleteCertificate(UNKNOWN_CERT_HASH);
         } catch (ResourceNotFoundException e) {
             ErrorDeviation error = e.getErrorDeviation();
             Assert.assertEquals(DeviationCodes.ERROR_CERTIFICATE_NOT_FOUND, error.getCode());

diff --git a/src/security-server/admin-service/ui/src/views/CertificateDetails/CertificateDetails.vue b/src/security-server/admin-service/ui/src/views/CertificateDetails/CertificateDetails.vue
@@ -227,7 +227,7 @@ export default defineComponent({
       // Fetch possible actions
       api
         .get<PossibleActionsList>(
-          `/token-certificates/${hash}/possible-actions`,
+          `/token-certificates/${encodePathParameter(hash)}/possible-actions`,
         )
         .then((res) => {
           this.possibleActions = res.data;

diff --git a/src/security-server/admin-service/ui/src/views/ClientTlsCertificate/ClientTlsCertificate.vue b/src/security-server/admin-service/ui/src/views/ClientTlsCertificate/ClientTlsCertificate.vue
@@ -98,7 +98,7 @@ export default defineComponent({
     fetchData(clientId: string, hash: string): void {
       api
         .get<CertificateDetails>(
-          `/clients/${clientId}/tls-certificates/${hash}`,
+          `/clients/${clientId}/tls-certificates/${encodePathParameter(hash)}`,
         )
         .then(
           (response) => {

diff --git a/src/security-server/openapi-model/src/main/resources/META-INF/openapi-definition.yaml b/src/security-server/openapi-model/src/main/resources/META-INF/openapi-definition.yaml
@@ -406,6 +406,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '200':
           description: token certificate
@@ -443,6 +444,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '204':
           description: deletion was successful
@@ -482,6 +484,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '204':
           description: request was successful
@@ -514,6 +517,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '204':
           description: certificate was deactivated
@@ -548,6 +552,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '201':
           description: the imported certificate
@@ -595,6 +600,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '200':
           description: possible actions that can be done on the certificate
@@ -631,6 +637,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       requestBody:
         content:
           application/json:
@@ -670,6 +677,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '204':
           description: request was successful
@@ -720,6 +728,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '204':
           description: request was successful
@@ -1616,6 +1625,7 @@ paths:
             format: text
             minLength: 1
             maxLength: 64
+            pattern: ^[a-fA-F0-9]+
       responses:
         '200':
           description: certificate details