diff --git a/sechub-commons-model-testframework/src/main/java/com/mercedesbenz/sechub/commons/model/login/TestWebLoginConfigurationBuilder.java b/sechub-commons-model-testframework/src/main/java/com/mercedesbenz/sechub/commons/model/login/TestWebLoginConfigurationBuilder.java index d55646140f..1cabf1592c 100644 --- a/sechub-commons-model-testframework/src/main/java/com/mercedesbenz/sechub/commons/model/login/TestWebLoginConfigurationBuilder.java +++ b/sechub-commons-model-testframework/src/main/java/com/mercedesbenz/sechub/commons/model/login/TestWebLoginConfigurationBuilder.java @@ -41,12 +41,14 @@ public ScriptPageEntryBuilder formScripted(String user, String login) { return builder; } - public TestWebLoginConfigurationBuilder totp(String seed, int validityInSeconds, TOTPHashAlgorithm hashAlgorithm, int tokenLength) { + public TestWebLoginConfigurationBuilder totp(String seed, int validityInSeconds, TOTPHashAlgorithm hashAlgorithm, int tokenLength, + EncodingType encodingType) { WebLoginTOTPConfiguration totp = new WebLoginTOTPConfiguration(); totp.setSeed(seed); totp.setValidityInSeconds(validityInSeconds); totp.setHashAlgorithm(hashAlgorithm); totp.setTokenLength(tokenLength); + totp.setEncodingType(encodingType); loginConfig.setTotp(totp); return this; diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/EncodingType.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/EncodingType.java new file mode 100644 index 0000000000..8c0f9857e8 --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/EncodingType.java @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.commons.model.login; + +import com.fasterxml.jackson.annotation.JsonFormat; + +public enum EncodingType { + + @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_PROPERTIES) + AUTODETECT, + + @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_PROPERTIES) + HEX, + + @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_PROPERTIES) + BASE32, + + @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_PROPERTIES) + BASE64, + + @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_PROPERTIES) + PLAIN, + + ; + +} diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfiguration.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfiguration.java index 9435499eee..9ddd3a5533 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfiguration.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfiguration.java @@ -13,20 +13,24 @@ public class WebLoginTOTPConfiguration { public static final String PROPERTY_VALIDITY_IN_SECONDS = "validityInSeconds"; public static final String PROPERTY_TOKEN_LENGTH = "tokenLength"; public static final String PROPERTY_HASH_ALGORITHM = "hashAlgorithm"; + public static final String PROPERTY_ENCODING_TYPE = "encodingType"; public static final int DEFAULT_VALIDITY_IN_SECONDS = 30; public static final int DEFAULT_TOKEN_LENGTH = 6; public static final TOTPHashAlgorithm DEFAULT_HASH_ALGORITHM = TOTPHashAlgorithm.HMAC_SHA1; + public static final EncodingType DEFAULT_ENCODING_TYPE = EncodingType.AUTODETECT; private SealedObject seed; private int validityInSeconds; private int tokenLength; private TOTPHashAlgorithm hashAlgorithm; + private EncodingType encodingType; public WebLoginTOTPConfiguration() { this.validityInSeconds = DEFAULT_VALIDITY_IN_SECONDS; this.tokenLength = DEFAULT_TOKEN_LENGTH; this.hashAlgorithm = DEFAULT_HASH_ALGORITHM; + this.encodingType = DEFAULT_ENCODING_TYPE; } public String getSeed() { @@ -61,4 +65,12 @@ public void setHashAlgorithm(TOTPHashAlgorithm hashAlgorithm) { this.hashAlgorithm = hashAlgorithm; } + public EncodingType getEncodingType() { + return encodingType; + } + + public void setEncodingType(EncodingType encodingType) { + this.encodingType = encodingType; + } + } diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfigurationTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfigurationTest.java index 877b334bae..8f6b8df019 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfigurationTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfigurationTest.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.commons.model.login; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; import org.junit.jupiter.api.Test; @@ -19,6 +19,7 @@ void default_values_are_as_expected() { assertEquals(WebLoginTOTPConfiguration.DEFAULT_VALIDITY_IN_SECONDS, defaultConfig.getValidityInSeconds()); assertEquals(WebLoginTOTPConfiguration.DEFAULT_TOKEN_LENGTH, defaultConfig.getTokenLength()); assertEquals(WebLoginTOTPConfiguration.DEFAULT_HASH_ALGORITHM, defaultConfig.getHashAlgorithm()); + assertEquals(WebLoginTOTPConfiguration.DEFAULT_ENCODING_TYPE, defaultConfig.getEncodingType()); } @Test @@ -35,6 +36,7 @@ void default_values_are_used_correctly_during_json_serialization_and_deserializa assertEquals(config.getValidityInSeconds(), expectedConfig.getValidityInSeconds()); assertEquals(config.getTokenLength(), expectedConfig.getTokenLength()); assertEquals(config.getHashAlgorithm(), expectedConfig.getHashAlgorithm()); + assertEquals(config.getEncodingType(), expectedConfig.getEncodingType()); } @Test @@ -45,6 +47,7 @@ void custom_values_are_used_correctly_during_json_serialization_and_deserializat expectedConfig.setValidityInSeconds(45); expectedConfig.setTokenLength(9); expectedConfig.setHashAlgorithm(TOTPHashAlgorithm.HMAC_SHA512); + expectedConfig.setEncodingType(EncodingType.BASE64); /* execute */ String json = JSONConverter.get().toJSON(expectedConfig); @@ -55,6 +58,7 @@ void custom_values_are_used_correctly_during_json_serialization_and_deserializat assertEquals(config.getValidityInSeconds(), expectedConfig.getValidityInSeconds()); assertEquals(config.getTokenLength(), expectedConfig.getTokenLength()); assertEquals(config.getHashAlgorithm(), expectedConfig.getHashAlgorithm()); + assertEquals(config.getEncodingType(), expectedConfig.getEncodingType()); } } diff --git a/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config.adoc b/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config.adoc index 39c0d463a6..83f1644c72 100644 --- a/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config.adoc +++ b/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config.adoc @@ -328,6 +328,15 @@ The currently available hash algorithms are: - `HMAC_SHA1` - `HMAC_SHA256` - `HMAC_SHA512` +<6> The `encodingType` is an __optional__ field, representing the encoding of the __mandatory__ field `seed`. +Sechub has a default configured if nothing is specified or the encoding type is not known. +The default value is `AUTODETECT` where SecHub tries to detect the encoding of one of the four other available types. + The currently available encoding types for `seed` are, which are treated case-insensitive: +- `BASE64` +- `BASE32` +- `HEX` +- `PLAIN` +- `AUTODETECT` [[sechub-config-example-webscan-openapi]] ====== Example OpenAPI scan diff --git a/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json b/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json index 989a54b318..110468808a 100644 --- a/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json +++ b/sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json @@ -27,7 +27,8 @@ "seed" : "example-seed", //<2> "validityInSeconds" : 60, //<3> "tokenLength" : 8, //<4> - "hashAlgorithm" : "HMAC_SHA256" //<5> + "hashAlgorithm" : "HMAC_SHA256", //<5> + "encodingType" : "base64" //<6> } } } diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java index d7c8500f5c..786c247b73 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java @@ -307,6 +307,7 @@ void webscan_form_based_script_auth_with_totp_can_be_read_and_contains_expected_ assertEquals(60, totp.getValidityInSeconds()); assertEquals(8, totp.getTokenLength()); assertEquals(TOTPHashAlgorithm.HMAC_SHA256, totp.getHashAlgorithm()); + assertEquals(EncodingType.BASE64, totp.getEncodingType()); } private void assertDefaultValue(PDSProductSetup setup, boolean isMandatory, String parameterKey, String expectedDefault) { diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java index 82aa3f5248..f68687e0e9 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java @@ -3,17 +3,17 @@ import static com.mercedesbenz.sechub.commons.core.CommonConstants.*; import static com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel.*; -import static com.mercedesbenz.sechub.commons.model.TestSecHubConfigurationBuilder.*; -import static com.mercedesbenz.sechub.restdoc.RestDocumentation.*; +import static com.mercedesbenz.sechub.commons.model.TestSecHubConfigurationBuilder.configureSecHub; +import static com.mercedesbenz.sechub.restdoc.RestDocumentation.defineRestService; import static com.mercedesbenz.sechub.test.RestDocPathParameter.*; -import static com.mercedesbenz.sechub.test.SecHubTestURLBuilder.*; +import static com.mercedesbenz.sechub.test.SecHubTestURLBuilder.https; import static org.mockito.ArgumentMatchers.*; import static org.mockito.Mockito.*; import static org.springframework.restdocs.headers.HeaderDocumentation.*; import static org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders.*; import static org.springframework.restdocs.payload.PayloadDocumentation.*; import static org.springframework.restdocs.request.RequestDocumentation.*; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*; +import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; import java.io.InputStream; @@ -42,57 +42,24 @@ import org.springframework.util.StringUtils; import com.mercedesbenz.sechub.commons.core.CommonConstants; -import com.mercedesbenz.sechub.commons.model.ClientCertificateConfiguration; -import com.mercedesbenz.sechub.commons.model.HTTPHeaderConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubCodeScanConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubConfigurationMetaData; -import com.mercedesbenz.sechub.commons.model.SecHubDataConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubDataConfigurationUsageByName; -import com.mercedesbenz.sechub.commons.model.SecHubFileSystemConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubInfrastructureScanConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubSourceDataConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubTimeUnit; -import com.mercedesbenz.sechub.commons.model.SecHubWebScanApiConfiguration; -import com.mercedesbenz.sechub.commons.model.SecHubWebScanApiType; -import com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration; -import com.mercedesbenz.sechub.commons.model.TrafficLight; -import com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.commons.model.job.ExecutionResult; import com.mercedesbenz.sechub.commons.model.job.ExecutionState; -import com.mercedesbenz.sechub.commons.model.login.ActionType; -import com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration; -import com.mercedesbenz.sechub.commons.model.login.TOTPHashAlgorithm; -import com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration; -import com.mercedesbenz.sechub.commons.model.login.WebLoginTOTPConfiguration; +import com.mercedesbenz.sechub.commons.model.login.*; import com.mercedesbenz.sechub.docgen.util.RestDocFactory; import com.mercedesbenz.sechub.docgen.util.RestDocTestFileSupport; -import com.mercedesbenz.sechub.domain.schedule.ScheduleJobStatus; -import com.mercedesbenz.sechub.domain.schedule.SchedulerApproveJobService; -import com.mercedesbenz.sechub.domain.schedule.SchedulerBinariesUploadService; -import com.mercedesbenz.sechub.domain.schedule.SchedulerCreateJobService; -import com.mercedesbenz.sechub.domain.schedule.SchedulerGetJobStatusService; -import com.mercedesbenz.sechub.domain.schedule.SchedulerRestController; -import com.mercedesbenz.sechub.domain.schedule.SchedulerResult; -import com.mercedesbenz.sechub.domain.schedule.SchedulerSourcecodeUploadService; +import com.mercedesbenz.sechub.domain.schedule.*; import com.mercedesbenz.sechub.domain.schedule.access.ScheduleAccess; import com.mercedesbenz.sechub.domain.schedule.access.ScheduleAccess.ProjectAccessCompositeKey; import com.mercedesbenz.sechub.domain.schedule.access.ScheduleAccessRepository; -import com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob; -import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUser; -import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUserListPage; -import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobInfoForUserService; -import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository; +import com.mercedesbenz.sechub.domain.schedule.job.*; import com.mercedesbenz.sechub.sharedkernel.Profiles; import com.mercedesbenz.sechub.sharedkernel.configuration.AbstractSecHubAPISecurityConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration; import com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfigurationValidator; import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc; import com.mercedesbenz.sechub.sharedkernel.usecases.job.UseCaseUserListsJobsForProject; -import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserApprovesJob; -import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserChecksJobStatus; -import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserCreatesNewJob; -import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserUploadsBinaries; -import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.UseCaseUserUploadsSourceCode; +import com.mercedesbenz.sechub.sharedkernel.usecases.user.execute.*; import com.mercedesbenz.sechub.test.ExampleConstants; import com.mercedesbenz.sechub.test.TestIsNecessaryForDocumentation; import com.mercedesbenz.sechub.test.TestPortProvider; @@ -755,7 +722,7 @@ public void restDoc_userCreatesNewJob_webScan_login_form_script_and_totp_as_seco webConfig(). addURI("https://localhost/mywebapp"). login("https://localhost/mywebapp/login"). - totp("example-seed", 30, TOTPHashAlgorithm.HMAC_SHA1, 6). + totp("example-seed", 30, TOTPHashAlgorithm.HMAC_SHA1, 6, EncodingType.BASE32). formScripted("username1","password1"). createPage(). createAction(). @@ -817,6 +784,7 @@ public void restDoc_userCreatesNewJob_webScan_login_form_script_and_totp_as_seco fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+"."+WebLoginConfiguration.PROPERTY_TOTP+"."+WebLoginTOTPConfiguration.PROPERTY_VALIDITY_IN_SECONDS).description("The time in seconds the generated TOTP is valid. In most cases nothing is specified and the default of '"+WebLoginTOTPConfiguration.DEFAULT_VALIDITY_IN_SECONDS+"' seconds is used.").optional(), fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+"."+WebLoginConfiguration.PROPERTY_TOTP+"."+WebLoginTOTPConfiguration.PROPERTY_TOKEN_LENGTH).description("The length of the generated TOTP. In most cases nothing is specified and the default length '"+WebLoginTOTPConfiguration.DEFAULT_TOKEN_LENGTH+"' is used.").optional(), fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+"."+WebLoginConfiguration.PROPERTY_TOTP+"."+WebLoginTOTPConfiguration.PROPERTY_HASH_ALGORITHM).description("The hash algorithm to generate the TOTP. In most cases nothing is specified and the default hash algorithm '"+WebLoginTOTPConfiguration.DEFAULT_HASH_ALGORITHM+"' is used. Currently available values are: 'HMAC_SHA1', 'HMAC_SHA256', 'HMAC_SHA512'").optional(), + fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+"."+WebLoginConfiguration.PROPERTY_TOTP+"."+WebLoginTOTPConfiguration.PROPERTY_ENCODING_TYPE).description("The encoding type of the 'seed'. The default value is '"+WebLoginTOTPConfiguration.DEFAULT_ENCODING_TYPE+"'. Currently available values are: 'BASE64', 'BASE32', 'HEX', 'PLAIN', 'AUTODETECT'").optional(), fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+".url").description("Login URL").optional(), fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+"."+FORM).description("form login definition").optional(), fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_LOGIN+"."+FORM+"."+SCRIPT).description("script").optional(), diff --git a/sechub-openapi-java/src/main/resources/openapi.yaml b/sechub-openapi-java/src/main/resources/openapi.yaml index 316395f78f..cb55881156 100644 --- a/sechub-openapi-java/src/main/resources/openapi.yaml +++ b/sechub-openapi-java/src/main/resources/openapi.yaml @@ -650,6 +650,8 @@ components: format: int32 hashAlgorithm: $ref: '#/components/schemas/TOTPHashAlgorithm' + encodingType: + $ref: '#/components/schemas/EncodingType' required: - seed @@ -661,6 +663,16 @@ components: - HmacSHA512 description: Representing the TOTP hash algorithms. default: HmacSHA1 + + EncodingType: + enum: + - AUTODETECT + - HEX + - BASE32 + - BASE64 + - PLAIN + description: Representing the encoding of the TOTP seed. + default: AUTODETECT WebLoginConfiguration: title: WebLoginConfiguration