diff --git a/src/main/java/io/gravitee/common/security/CertificateUtils.java b/src/main/java/io/gravitee/common/security/CertificateUtils.java index 93ebaf2..5240882 100644 --- a/src/main/java/io/gravitee/common/security/CertificateUtils.java +++ b/src/main/java/io/gravitee/common/security/CertificateUtils.java @@ -49,7 +49,10 @@ public static Optional extractCertificate(final HttpHeaders htt if (certHeaderValue != null) { try { - certHeaderValue = URLDecoder.decode(certHeaderValue.replaceAll("\t", "\n"), Charset.defaultCharset()); + if (!certHeaderValue.contains("\n")) { + certHeaderValue = URLDecoder.decode(certHeaderValue, Charset.defaultCharset()); + } + certHeaderValue = certHeaderValue.replaceAll("\t", "\n"); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); certificate = Optional.ofNullable( diff --git a/src/test/java/io/gravitee/common/security/CertificateUtilsTest.java b/src/test/java/io/gravitee/common/security/CertificateUtilsTest.java index e5afeee..c003694 100644 --- a/src/test/java/io/gravitee/common/security/CertificateUtilsTest.java +++ b/src/test/java/io/gravitee/common/security/CertificateUtilsTest.java @@ -66,7 +66,7 @@ void should_return_empty_certificate_without_header() { } @Test - void should_extract_certificate_from_header() { + void should_extract_encoded_certificate_from_header() { HttpHeaders httpHeaders = HttpHeaders.create(); httpHeaders.set(CLIENT_CERT_HEADER, URLEncoder.encode(clientCertificate, StandardCharsets.UTF_8)); Optional certificateOptional = CertificateUtils.extractCertificate(httpHeaders, CLIENT_CERT_HEADER); @@ -76,6 +76,17 @@ void should_extract_certificate_from_header() { assertThat(certificate).isEqualTo(clientX509Certificate); } + @Test + void should_extract_non_encoded_certificate_from_header() { + HttpHeaders httpHeaders = HttpHeaders.create(); + httpHeaders.set(CLIENT_CERT_HEADER, clientCertificate); + Optional certificateOptional = CertificateUtils.extractCertificate(httpHeaders, CLIENT_CERT_HEADER); + + assertThat(certificateOptional).isNotEmpty(); + X509Certificate certificate = certificateOptional.get(); + assertThat(certificate).isEqualTo(clientX509Certificate); + } + @Test void should_return_empty_certificate_without_ssl_session() { Optional certificateOptional = CertificateUtils.extractPeerCertificate(null);