Addressing date header bug reported in #122 and added basic unit tests

sapessi · sapessi · commit ca2297ba5db5 · 2018-02-19T09:16:49.000-08:00
diff --git a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletRequest.java
@@ -32,7 +32,7 @@
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
-import java.security.Security;
+import java.time.format.DateTimeFormatter;
 import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -58,7 +58,7 @@ public abstract class AwsHttpServletRequest implements HttpServletRequest {
     static final String HEADER_VALUE_SEPARATOR = ";";
     static final String FORM_DATA_SEPARATOR = "&";
     static final String DEFAULT_CHARACTER_ENCODING = "UTF-8";
-    static final String HEADER_DATE_FORMAT = "EEE, d MMM yyyy HH:mm:ss z";
+    static final DateTimeFormatter dateFormatter = DateTimeFormatter.RFC_1123_DATE_TIME;
     static final String ENCODING_VALUE_KEY = "charset";
 
     // We need this to pickup the protocol from the CloudFront header since Lambda doesn't receive this
diff --git a/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java b/aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java
@@ -53,14 +53,14 @@
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.security.Principal;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeParseException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Date;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -133,16 +133,15 @@ public Cookie[] getCookies() {
 
     @Override
     public long getDateHeader(String s) {
-        String dateString = getHeaderCaseInsensitive(HttpHeaders.DATE);
+        String dateString = getHeaderCaseInsensitive(s);
         if (dateString == null) {
-            return new Date().getTime();
+            return -1L;
         }
-        SimpleDateFormat dateFormatter = new SimpleDateFormat(HEADER_DATE_FORMAT);
         try {
-            return dateFormatter.parse(dateString).getTime();
-        } catch (ParseException e) {
-            log.error("Could not parse date header", e);
-            return new Date().getTime();
+            return Instant.from(ZonedDateTime.parse(dateString, dateFormatter)).toEpochMilli();
+        } catch (DateTimeParseException e) {
+            log.warn("Invalid date header in request" + SecurityUtils.crlf(dateString));
+            return -1L;
         }
     }
 
diff --git a/aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequestTest.java b/aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequestTest.java
@@ -9,6 +9,8 @@
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 
+import java.time.Instant;
+import java.time.ZonedDateTime;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -25,6 +27,7 @@ public class AwsProxyHttpServletRequestTest {
     private static final String REQUEST_SCHEME_HTTP = "http";
     private static final String USER_AGENT = "Mozilla/5.0 (Android 4.4; Mobile; rv:41.0) Gecko/41.0 Firefox/41.0";
     private static final String REFERER = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox";
+    private static ZonedDateTime REQUEST_DATE = ZonedDateTime.now();
 
     private static final AwsProxyRequest REQUEST_WITH_HEADERS = new AwsProxyRequestBuilder("/hello", "GET")
             .header(CUSTOM_HEADER_KEY, CUSTOM_HEADER_VALUE)
@@ -52,6 +55,10 @@ public class AwsProxyHttpServletRequestTest {
             .userAgent(USER_AGENT)
             .referer(REFERER).build();
 
+    private static final AwsProxyRequest REQUEST_WITH_DATE = new AwsProxyRequestBuilder("/hello", "GET")
+            .header(HttpHeaders.DATE, AwsHttpServletRequest.dateFormatter.format(REQUEST_DATE))
+            .build();
+
     private static final AwsProxyRequest REQUEST_NULL_QUERY_STRING;
     static {
         AwsProxyRequest awsProxyRequest = new AwsProxyRequestBuilder("/hello", "GET").build();
@@ -113,6 +120,23 @@ public void formParams_getParameter_queryStringPrecendence() {
         assertEquals(QUERY_STRING_NAME_VALUE, request.getParameter(FORM_PARAM_NAME));
     }
 
+    @Test
+    public void dateHeader_noDate_returnNegativeOne() {
+        HttpServletRequest request = new AwsProxyHttpServletRequest(REQUEST_FORM_URLENCODED_AND_QUERY, null, null);
+        assertNotNull(request);
+        assertEquals(-1L, request.getDateHeader(HttpHeaders.DATE));
+    }
+
+    @Test
+    public void dateHeader_correctDate_parseToCorrectLong() {
+        HttpServletRequest request = new AwsProxyHttpServletRequest(REQUEST_WITH_DATE, null, null);
+        assertNotNull(request);
+
+        String instantString = AwsHttpServletRequest.dateFormatter.format(REQUEST_DATE);
+        assertEquals(Instant.from(AwsHttpServletRequest.dateFormatter.parse(instantString)).toEpochMilli(), request.getDateHeader(HttpHeaders.DATE));
+        assertEquals(-1L, request.getDateHeader(HttpHeaders.IF_MODIFIED_SINCE));
+    }
+
     @Test
     public void scheme_getScheme_https() {
         HttpServletRequest request = new AwsProxyHttpServletRequest(REQUEST_FORM_URLENCODED, null, null);
