HTTP headers are not checked case insensitively
Closed this issue · 0 comments
sopgreg commented
Testing exchange with a third party AS2 software, we noticed that this extension does not check the HTTP headers case insensitively within GenericMessageInfo. So, exchange with any third party software sending headers like AS2-From or AS2-To is not supported, unless the headers are sent in lowercase.
ReadUserMessageInfo:
log.debug("Get the general message info of the User Message from msgCtx");
GenericMessageInfo generalInfo = (GenericMessageInfo) procCtx.getProperty(Constants.CTX_AS2_GENERAL_DATA);
// Check that at least the party ids of the sender and receiver are included in the message
final String fromId = generalInfo.getFromPartyId();
final String toId = generalInfo.getToPartyId();
if (Utils.isNullOrEmpty(fromId) || Utils.isNullOrEmpty(toId)) {
log.error("Received message does not contain AS2-To and/or AS2-From header(s)!"); // <---- ERROR is logged here
A potential fix (verified to work) is to put the HTTP headers into a TreeMap with a case insensitive comparator:
public GenericMessageInfo(final Map<String, String> httpHeaders) {
// If there are no HTTP headers, no information is avaible and an "empty" object is created
if (Utils.isNullOrEmpty(httpHeaders))
return;
Map<String, String> caseInsensitiveHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
caseInsensitiveHeaders.putAll(httpHeaders);
messageId = caseInsensitiveHeaders.get(MESSAGE_ID_HEADER);
refToMessageId = caseInsensitiveHeaders.get(REF_TO_MESSAGE_ID_HEADER);
try {
timestamp = new MimeDateParser(caseInsensitiveHeaders.get(TIMESTAMP_HEADER)).parse();
} catch (NullPointerException | ParseException notaDate) {
timestamp = null;
}
subject = caseInsensitiveHeaders.get(SUBJECT_HEADER);
fromPartyId = caseInsensitiveHeaders.get(SENDER_ID_HEADER);
toPartyId = caseInsensitiveHeaders.get(RECEIVER_ID_HEADER);
originalRecipient = caseInsensitiveHeaders.get(ORIGINAL_RECIPIENT);
finalRecipient = caseInsensitiveHeaders.get(FINAL_RECIPIENT);
}