From c7f57bf447d5ec6883ce53d64559ae50462dd570 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 25 Jul 2018 13:03:27 +0200
Subject: fix bug in auth/AbstractAuthenticationManager.java which adds http
 header names without toLowerCase()

---
 eaaf_core/pom.xml                                  |  2 +-
 .../idp/auth/AbstractAuthenticationManager.java    | 11 ++++++++---
 .../gv/egiz/eaaf/core/impl/utils/ArrayUtils.java   | 22 ++++++++++++++++++++++
 3 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java

diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index a17cd7d6..6b236ac6 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -15,7 +15,7 @@
   <description>Core components for identity managment implementations</description>
   
   <properties>  		  		
-  		<surefire.version>2.20.1</surefire.version>	
+  		<surefire.version>2.22.0</surefire.version>	
   		<org.slf4j.version>1.7.25</org.slf4j.version>
   		
   </properties>
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
index 1fb4bf6b..afadeb61 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
@@ -256,12 +256,17 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
 			Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
 			while(reqHeaderNames.hasMoreElements()) { 
 				String paramName = reqHeaderNames.nextElement();
-				if (StringUtils.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) )
-					executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
+				if (StringUtils.isNotEmpty(paramName) 
+						&& at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules) 
+						//reqHeaderWhiteListeForModules.contains(paramName.toLowerCase())
+					)
+					executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
 					
 			}			
 		}
 		
+
+		
 		//populate more IDP specific information to execution context
 		populateExecutionContext(executionContext, pendingReq, httpReq);
 				
@@ -269,7 +274,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa
 		startProcessEngine(pendingReq, executionContext);
 		
 	}
-
+	
 	/**
 	 * 
 	 * 
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java
new file mode 100644
index 00000000..f399ee75
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/ArrayUtils.java
@@ -0,0 +1,22 @@
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.util.List;
+
+public class ArrayUtils {
+
+	/**
+	 * Check if a String 's' is part of a List 'l' in qualsIgnoreCase mode
+	 * 
+	 * @param s Search String
+	 * @param l List of String elements
+	 * @return true if 's' is in 'l', otherwise false
+	 */
+	public static boolean containsCaseInsensitive(String s, List<String> l){
+		if (l == null || s == null)
+			return false;
+		
+        return l.stream().anyMatch(x -> x.equalsIgnoreCase(s));
+        
+    }
+
+}
-- 
cgit v1.2.3