If HMAC is a request parameter, calculate it from the requested path

2018-11-16 12:40:27 +01:00 · 2018-11-16 12:40:27 +01:00 · 917dbbadaa
parent 3241066303
commit 917dbbadaa
1 changed files with 4 additions and 1 deletions
--- a/src/main/java/ctbrec/recorder/server/AbstractCtbrecServlet.java
+++ b/src/main/java/ctbrec/recorder/server/AbstractCtbrecServlet.java
@ -19,6 +19,8 @@ public abstract class AbstractCtbrecServlet extends HttpServlet {
            String reqParamHmac = req.getParameter("hmac");
            String httpHeaderHmac = req.getHeader("CTBREC-HMAC");
            String hmac = null;
+            String url = req.getRequestURI();
+
            if(reqParamHmac != null) {
                hmac = reqParamHmac;
            }
@ -27,7 +29,8 @@ public abstract class AbstractCtbrecServlet extends HttpServlet {
            }

            byte[] key = Config.getInstance().getSettings().key;
-            authenticated = Hmac.validate(body, key, hmac);
+            String msg = reqParamHmac != null ? url : body;
+            authenticated = Hmac.validate(msg, key, hmac);
        } else {
            authenticated = true;
        }