From a3badc61450d67204fde1fcaa18ad2891a84160d Mon Sep 17 00:00:00 2001
From: Saeed Rezaee <saeed.rezaee@kynetics.it>
Date: Mon, 10 Jun 2024 11:48:31 +0200
Subject: [PATCH] Fix crash when auth tokens contain new line character

When a new line character (0x0a) exists in the authorization tokens, the
 ddi-client/third-party application using the ddi-api will keep crashing
 while trying to send the HTTPS request again.
 This commit catches and logs this exception to prevent fatal crashes.

UF-888
Signed-off-by: Saeed Rezaee <saeed.rezaee@kynetics.it>
---
 ...HawkbitAuthenticationRequestInterceptor.kt | 11 ++++-
 .../DdiClientHttpRequestsTest.kt              | 43 +++++++++++++++++++
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/ddi-consumer/src/main/kotlin/org/eclipse/hara/ddi/security/HawkbitAuthenticationRequestInterceptor.kt b/ddi-consumer/src/main/kotlin/org/eclipse/hara/ddi/security/HawkbitAuthenticationRequestInterceptor.kt
index d653bd7..1072e85 100644
--- a/ddi-consumer/src/main/kotlin/org/eclipse/hara/ddi/security/HawkbitAuthenticationRequestInterceptor.kt
+++ b/ddi-consumer/src/main/kotlin/org/eclipse/hara/ddi/security/HawkbitAuthenticationRequestInterceptor.kt
@@ -14,6 +14,7 @@ import java.io.IOException
 import java.util.Objects
 import okhttp3.Interceptor
 import okhttp3.Response
+import org.slf4j.LoggerFactory
 
 /**
  * @author Daniele Sergio
@@ -41,7 +42,11 @@ class HawkbitAuthenticationRequestInterceptor(private val authentications: List<
         do {
             response?.close()
             val authentication = authentications[authenticationUse]
-            builder.header(authentication.header, authentication.headerValue)
+            runCatching {
+                builder.header(authentication.header, authentication.headerValue)
+            }.onFailure {
+                LOG.error("Error in setting the ${authentication.type.type} header", it)
+            }
             response = chain.proceed(builder.build())
             if (response.code != 401) {
                 break
@@ -51,4 +56,8 @@ class HawkbitAuthenticationRequestInterceptor(private val authentications: List<
 
         return response!!
     }
+
+    companion object {
+        val LOG = LoggerFactory.getLogger(HawkbitAuthenticationRequestInterceptor::class.java)!!
+    }
 }
diff --git a/src/test/kotlin/org/eclipse/hara/ddiclient/integrationtest/DdiClientHttpRequestsTest.kt b/src/test/kotlin/org/eclipse/hara/ddiclient/integrationtest/DdiClientHttpRequestsTest.kt
index c03ebbe..b4f9d2d 100644
--- a/src/test/kotlin/org/eclipse/hara/ddiclient/integrationtest/DdiClientHttpRequestsTest.kt
+++ b/src/test/kotlin/org/eclipse/hara/ddiclient/integrationtest/DdiClientHttpRequestsTest.kt
@@ -349,6 +349,46 @@ class DdiClientHttpRequestsTest : AbstractHaraMessageTest() {
         startSubTestTest(true)
     }
 
+    @Test(enabled = true, priority = 8, timeOut = 60_000)
+    fun useInvalidTokenWithForbiddenCharactersTest() = runBlocking {
+        enableTargetTokenInServer(true)
+        enableGatewayTokenInServer(true)
+        client = createClient(gatewayToken = "")
+
+        `test #6-1= request should fail, when there is invalid character in both auth tokens`()
+        `test #6-2= request should succeed, when there is an invalid character in target token with valid gateway token`()
+    }
+
+    private suspend fun `test #6-1= request should fail, when there is invalid character in both auth tokens`() {
+        logCurrentFunctionName()
+
+        val invalidToken = "\nInvalidGatewayToken"
+        client = createClient(targetToken = invalidToken, gatewayToken = invalidToken)
+
+        expectPollingOnlyMessage()
+        expectedServerResponses.apply {
+            add(emptyTokenErrorMessage())
+            add(emptyTokenErrorMessage())
+        }
+
+        startSubTestTest()
+    }
+
+    private suspend fun `test #6-2= request should succeed, when there is an invalid character in target token with valid gateway token`() {
+        logCurrentFunctionName()
+
+        val invalidToken = "\nInvalidGatewayToken"
+        client = createClient(targetToken = invalidToken, gatewayToken = gatewayToken)
+
+        expectPollingAndIdleMessages()
+        expectedServerResponses.apply {
+            add(emptyTokenErrorMessage())
+            add(gatewayTokenMessage(HttpURLConnection.HTTP_OK))
+        }
+
+        startSubTestTest()
+    }
+
     private suspend fun startSubTestTest(lastTest: Boolean = false) {
         client?.startAsync()
         startWatchingExpectedMessages(lastTest)
@@ -392,6 +432,9 @@ class DdiClientHttpRequestsTest : AbstractHaraMessageTest() {
             ).headerValue
         )
 
+    private fun emptyTokenErrorMessage() =
+        OkHttpMessage(HttpURLConnection.HTTP_UNAUTHORIZED, null)
+
     data class OkHttpMessage(val code: Int, val authHeader: String?) :
         ExpectedMessage()