SEBSERV-114 fixed, forgot to add escaping in string arrays

also fixed a bug with Config Key generation within inline-tables
2020-04-23 10:49:41 +02:00 · 2020-04-23 10:49:41 +02:00 · c329e73af0
commit c329e73af0
parent 71273debe6
5 changed files with 48 additions and 12 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/sebconfig/ConfigurationAttribute.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/sebconfig/ConfigurationAttribute.java
@ -40,7 +40,7 @@ public final class ConfigurationAttribute implements Entity, Comparable<Configur

    /** This is used to compare the attribute names for sorting used to generate the Config-Key
     * See: https://www.safeexambrowser.org/developer/seb-config-key.html */
-    private static final Collator CULTURE_INVARIANT_COLLATOR = Collator.getInstance(Locale.ROOT);
+    public static final Collator CULTURE_INVARIANT_COLLATOR = Collator.getInstance(Locale.ROOT);

    /** This configuration attribute dependency key can be used to set a specific localized text key prefix for
     * resources. This is usually convenient if two different attributes use the same resources and to avoid
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigServiceImpl.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ExamConfigServiceImpl.java
@ -253,7 +253,7 @@ public class ExamConfigServiceImpl implements ExamConfigService {
            log.debug("Start to stream plain JSON SEB Configuration data for Config-Key generation");
        }

-        if (log.isTraceEnabled()) {
+        if (true) {
            PipedOutputStream pout;
            PipedInputStream pin;
            try {
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/ArrayOfStringConverter.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/ArrayOfStringConverter.java
@ -17,6 +17,7 @@ import java.util.Set;
 import java.util.function.Function;

 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;

@ -93,7 +94,12 @@ public class ArrayOfStringConverter implements AttributeValueConverter {
                    (xml) ? XML_TEMPLATE : JSON_TEMPLATE,
                    AttributeValueConverter.extractName(attribute)));

-            for (final String v : values) {
+            for (final String singleValue : values) {
+                // NOTE: Don't escape JSON characters on the value strings here,
+                //       otherwise the Config-Key will be different then in SEB and SEB Config Tool
+                final String v = (xml)
+                        ? StringEscapeUtils.escapeXml10(singleValue)
+                        : singleValue;
                sb.append(String.format(
                        (xml) ? XML_TEMPLATE_ENTRY : JSON_TEMPLATE_ENTRY,
                        v));
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/InlineTableConverter.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/InlineTableConverter.java
@ -13,6 +13,7 @@ import java.io.OutputStream;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import java.util.function.Function;

@ -100,7 +101,7 @@ public class InlineTableConverter implements AttributeValueConverter {
        out.write((xml) ? XML_ARRAY_START : JSON_ARRAY_START);

        final String[] rows = StringUtils.split(value.value, Constants.LIST_SEPARATOR);
-        final String[] columns = StringUtils.split(attribute.getResources(), Constants.EMBEDDED_LIST_SEPARATOR);
+        final String[] columns = getSortedColumns(attribute.getResources());

        StringUtils.split(attribute.resources, Constants.LIST_SEPARATOR);
        for (int i = 0; i < rows.length; i++) {
@ -143,15 +144,35 @@ public class InlineTableConverter implements AttributeValueConverter {
                            out,
                            configurationAttribute,
                            a -> configurationValue);
+                    if (j < columns.length - 1) {
+                        out.write(Utils.toByteArray(Constants.LIST_SEPARATOR));
+                    }
                }

            }

            out.write((xml) ? XML_DICT_END : JSON_DICT_END);
+            if (!xml && i < rows.length - 1) {
+                out.write(Utils.toByteArray(Constants.LIST_SEPARATOR));
+            }
        }

        out.write((xml) ? XML_ARRAY_END : JSON_ARRAY_END);

    }

+    private String[] getSortedColumns(final String resources) {
+        final String[] columns = StringUtils.split(resources, Constants.EMBEDDED_LIST_SEPARATOR);
+        final List<String> list = Arrays.asList(columns);
+        Collections.sort(list, (s1, s2) -> {
+            final String name1 = StringUtils.split(s1, Constants.COMPLEX_VALUE_SEPARATOR)[1];
+            final String name2 = StringUtils.split(s2, Constants.COMPLEX_VALUE_SEPARATOR)[1];
+            return ConfigurationAttribute.CULTURE_INVARIANT_COLLATOR.compare(
+                    name1,
+                    name2);
+        });
+
+        return list.toArray(new String[columns.length]);
+    }
+
 }
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
@ -67,10 +67,15 @@ public class StringConverter implements AttributeValueConverter {
            final ConfigurationAttribute attribute,
            final Function<ConfigurationAttribute, ConfigurationValue> valueSupplier) throws IOException {

+        final ConfigurationValue cValue = valueSupplier.apply(attribute);
+        final String val = StringEscapeUtils.escapeXml10((cValue != null && cValue.value != null)
+                ? cValue.value
+                : attribute.getDefaultValue());
+
        convert(
                out,
                attribute,
-                valueSupplier.apply(attribute),
+                val,
                XML_TEMPLATE, XML_TEMPLATE_EMPTY);
    }

@ -80,29 +85,33 @@ public class StringConverter implements AttributeValueConverter {
            final ConfigurationAttribute attribute,
            final Function<ConfigurationAttribute, ConfigurationValue> valueSupplier) throws IOException {

+        // NOTE: Don't escape JSON characters on the value strings here,
+        //       otherwise the Config-Key will be different then in SEB and SEB Config Tool
+        final ConfigurationValue cValue = valueSupplier.apply(attribute);
+        final String val = (cValue != null && cValue.value != null)
+                ? cValue.value
+                : attribute.getDefaultValue();
+
        convert(
                out,
                attribute,
-                valueSupplier.apply(attribute),
+                val,
                JSON_TEMPLATE, JSON_TEMPLATE_EMPTY);
    }

    private void convert(
            final OutputStream out,
            final ConfigurationAttribute attribute,
-            final ConfigurationValue value,
+            final String value,
            final String template,
            final String emptyTemplate) throws IOException {

-        final String val = StringEscapeUtils.escapeXml10((value != null && value.value != null)
-                ? value.value
-                : attribute.getDefaultValue());
        final String realName = AttributeValueConverter.extractName(attribute);
-        if (StringUtils.isNotBlank(val)) {
+        if (StringUtils.isNotBlank(value)) {
            out.write(Utils.toByteArray(String.format(
                    template,
                    realName,
-                    convertPassword(realName, val))));
+                    convertPassword(realName, value))));
        } else {
            out.write(Utils.toByteArray(String.format(
                    emptyTemplate,