-
Notifications
You must be signed in to change notification settings - Fork 24.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HLRC: Fix '+' Not Correctly Encoded in GET Req. #33164
Changes from 12 commits
d607643
127aa1c
f3e9208
c16be99
ce12e8d
e9862d9
906d51e
9da77eb
33ac4c8
88661c1
1d59ba8
20ee2f8
4c65f6b
9b7b010
d32bee1
1704338
e4397d1
0f8be02
c792bda
357e801
fbe3323
d0f38a1
d34ae83
94b2ba9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,8 @@ | |
import java.io.ByteArrayInputStream; | ||
import java.io.ByteArrayOutputStream; | ||
import java.io.IOException; | ||
import java.io.UnsupportedEncodingException; | ||
import java.net.URLDecoder; | ||
import java.nio.charset.StandardCharsets; | ||
import java.time.Clock; | ||
import java.util.Base64; | ||
|
@@ -19,6 +21,7 @@ | |
|
||
import org.apache.logging.log4j.message.ParameterizedMessage; | ||
import org.elasticsearch.ElasticsearchSecurityException; | ||
import org.elasticsearch.common.Nullable; | ||
import org.elasticsearch.common.Strings; | ||
import org.elasticsearch.common.unit.TimeValue; | ||
import org.elasticsearch.core.internal.io.Streams; | ||
|
@@ -94,7 +97,7 @@ private ParsedQueryString parseQueryStringAndValidateSignature(String queryStrin | |
return new ParsedQueryString(samlRequest, true, relayState); | ||
} | ||
|
||
private Result parseLogout(LogoutRequest logoutRequest, boolean requireSignature, String relayState) { | ||
private Result parseLogout(LogoutRequest logoutRequest, boolean requireSignature, @Nullable String relayState) { | ||
final Signature signature = logoutRequest.getSignature(); | ||
if (signature == null) { | ||
if (requireSignature) { | ||
|
@@ -108,7 +111,15 @@ private Result parseLogout(LogoutRequest logoutRequest, boolean requireSignature | |
checkDestination(logoutRequest); | ||
validateNotOnOrAfter(logoutRequest.getNotOnOrAfter()); | ||
|
||
return new Result(logoutRequest.getID(), SamlNameId.fromXml(getNameID(logoutRequest)), getSessionIndex(logoutRequest), relayState); | ||
try { | ||
return new Result( | ||
logoutRequest.getID(), SamlNameId.fromXml(getNameID(logoutRequest)), | ||
getSessionIndex(logoutRequest), | ||
relayState == null ? null : URLDecoder.decode(relayState, StandardCharsets.US_ASCII.name()) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is kind of hacky and I wonder what the correct fix is here. The problem is that we use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I read some brief SO/docs on RelayState and it seems like we should not be doing decoding/encoding on it, but instead storing it as an "opaque object"... I think that it might be a correct assumption to not use the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. From what I have read, URL encoding is correct here, using There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think is correct. Specifically the RelayState of I'll need to look into what we ought to be doing with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks @tvernum I think I figured this out actually and was able to revert this change. The problem actually came from the assumption that we made here #33164 (comment) (never handling form data). It turns out that the form data encoding logic ( |
||
); | ||
} catch (UnsupportedEncodingException e) { | ||
throw new IllegalArgumentException(e); | ||
} | ||
} | ||
|
||
private void validateSignature(String inputString, String signatureAlgorithm, String signature) { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that we should immediately deprecate a true value here. Then in 8.0.0 we can reject true, allow for unset or false (with the latter deprecated), and then finally remove in 9.0.0 (let’s add assertions on the major version for this). Let us also add a note to the migration guide. That means after this PR is merged to master and backported to 7.x (only), we need a follow-up in master to reject false and do the deprecation and add the assertion.