From ad99ac2d9c4f9c9ea15d7f0b11863bb28b0a7b23 Mon Sep 17 00:00:00 2001
From: sebdet <sebastien.determe@intl.att.com>
Date: Fri, 4 Oct 2019 16:12:51 +0200
Subject: Fix X509 injection

Url Decode before using the certificate

Issue-ID: CLAMP-519
Change-Id: I7b0e9926a7ae6c50f2e5fafa73b20d733725b076
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
---
 src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
index 3a9394227..7e104c74b 100644
--- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
@@ -30,6 +30,8 @@ import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.StandardCopyOption;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -142,7 +144,8 @@ public class ClampCadiFilter extends CadiFilter {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
         try {
-            String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
+            String certHeader = URLDecoder.decode(((HttpServletRequest) request).getHeader("X-SSL-Cert"),
+                    StandardCharsets.UTF_8.toString());
             if (certHeader != null) {
 
                 CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
-- 
cgit 1.2.3-korg