From 44f0afc83a6c2662df4d84c6abcb5e503498808d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20J=C3=A4kel?= Date: Tue, 15 Mar 2022 09:28:04 +0100 Subject: [PATCH 1/2] [ELY-2315] Digest authentication fails for encoded paths --- .../security/http/digest/DigestAuthenticationMechanism.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java index eee408ca6dd..7d7e2f4f7db 100644 --- a/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java +++ b/http/digest/src/main/java/org/wildfly/security/http/digest/DigestAuthenticationMechanism.java @@ -280,9 +280,9 @@ private boolean digestUriMatchesRequestUri(HttpServerRequest request, byte[] dig String relativeRequestUri; String query = requestURI.getQuery(); if (query == null || query.isEmpty()) { - relativeRequestUri = requestURI.getPath(); + relativeRequestUri = requestURI.getRawPath(); } else { - relativeRequestUri = requestURI.getPath() + "?" + requestURI.getRawQuery(); + relativeRequestUri = requestURI.getRawPath() + "?" + requestURI.getRawQuery(); } return relativeRequestUri.equals(digestUriStr); From beda1cb11a542447870006a577454b776f6115e2 Mon Sep 17 00:00:00 2001 From: Diana Krepinska Vilkolakova Date: Wed, 16 Mar 2022 20:57:06 +0100 Subject: [PATCH 2/2] [ELY-2315] Add test case for Digest authentication with encoded path --- .../DigestAuthenticationMechanismTest.java | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java index 48795e538a7..a904d2d6d5b 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/digest/DigestAuthenticationMechanismTest.java @@ -117,6 +117,32 @@ public void testRfc2617EncodedQuery() throws Exception { Assert.assertEquals(Status.COMPLETE, request2.getResult()); } + @Test + public void testRfc2617EncodedPath() throws Exception { + mockDigestNonce("AAAAAQABsxiWa25/kpFxsPCrpDCFsjkTzs/Xr7RPsi/VVN6faYp21Hia3h4="); + Map props = new HashMap<>(); + props.put(CONFIG_REALM, "testrealm@host.com"); + props.put("org.wildfly.security.http.validate-digest-uri", "true"); + HttpServerAuthenticationMechanism mechanism = digestFactory.createAuthenticationMechanism(DIGEST_NAME, props, getCallbackHandler("Mufasa", "testrealm@host.com", "Circle Of Life")); + + String path = "/dir/foo%2Fr/index.html?foo=b%2Fr"; + String uri = "http://localhost" + path; + TestingHttpServerRequest request2 = new TestingHttpServerRequest(new String[] { + "Digest username=\"Mufasa\",\n" + + " realm=\"testrealm@host.com\",\n" + + " nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",\n" + + " uri=\"" + path + "\",\n" + + " qop=auth,\n" + + " nc=00000001,\n" + + " cnonce=\"0a4f113b\",\n" + + " response=\"cc3261565007973c9d647333822091ad\",\n" + + " opaque=\"00000000000000000000000000000000\",\n" + + " algorithm=MD5" + }, new URI(uri)); + mechanism.evaluateRequest(request2); + Assert.assertEquals(Status.COMPLETE, request2.getResult()); + } + @Test public void testRfc7616sha256() throws Exception { mockDigestNonce("7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v");