Merge pull request #39 from securenative/dev

Support proxy headers

Author: inbaltako

README.md

@@ -165,7 +165,7 @@ public void track(HttpServletRequest request, HttpServletResponse response) {
         System.err.printf("Could not get SecureNative instance; %s%n", e);
     }
 
-    SecureNativeContext context = SecureNativeContextBuilder.fromHttpServletRequest(request).build();
+    SecureNativeContext context = securenative.fromHttpServletRequest(request).build();
 
     EventOptions eventOptions = null;
     try {
@@ -199,7 +199,14 @@ public void track(HttpServletRequest request, HttpServletResponse response) {
 ```java
 @RequestMapping("/verify")
 public void verify(HttpServletRequest request, HttpServletResponse response) {
-    SecureNativeContext context = SecureNativeContextBuilder.fromHttpServletRequest(request).build();
+SecureNative securenative = null;
+    try {
+        securenative = SecureNative.getInstance();
+    } catch (SecureNativeSDKIllegalStateException e) {
+        System.err.printf("Could not get SecureNative instance; %s%n", e);
+    }
+
+    SecureNativeContext context = securenative.fromHttpServletRequest(request).build();
 
     EventOptions eventOptions = null;
     try {

pom.xml

@@ -6,7 +6,7 @@
     <groupId>com.securenative.java</groupId>
     <artifactId>securenative-java</artifactId>
     <packaging>jar</packaging>
-    <version>0.5.5</version>
+    <version>0.5.6</version>
     <url>https://github.com/securenative/securenative-java</url>
 
     <name>${project.groupId}:${project.artifactId}:${project.version}</name>

src/main/java/com/securenative/SecureNative.java

@@ -88,6 +88,10 @@ public static SecureNativeContextBuilder contextBuilder() {
         return SecureNativeContextBuilder.defaultContextBuilder();
     }
 
+    public SecureNativeContextBuilder fromHttpServletRequest(HttpServletRequest request) {
+        return SecureNativeContextBuilder.fromHttpServletRequest(request, this.options);
+    }
+
     public boolean verifyRequestPayload(HttpServletRequest request) throws IOException {
         String requestSignature = request.getHeader(SIGNATURE_HEADER);
         String body = request.getReader().lines().collect(Collectors.joining());

src/main/java/com/securenative/config/ConfigurationManager.java

@@ -7,11 +7,13 @@
 import com.securenative.utils.Utils;
 
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
 import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Objects;
 import java.util.Properties;
 
 public class ConfigurationManager {
@@ -61,6 +63,12 @@ private static String getPropertyOrEnvOrDefault(Properties properties, String ke
         return res == null ? null : res.toString();
     }
 
+    private static ArrayList<String> getPropertyListOrEnvOrDefault(Properties properties, String key, Object defaultValue) {
+        String defaultStrValue = defaultValue == null ? null : defaultValue.toString();
+        Object res = properties.getOrDefault(key, getEnvOrDefault(key, defaultStrValue));
+        return res == null ? null : new ArrayList<>(Arrays.asList(res.toString().split(",")));
+    }
+
     public static SecureNativeConfigurationBuilder configBuilder() {
         return SecureNativeConfigurationBuilder.defaultConfigBuilder();
     }
@@ -96,8 +104,8 @@ private static SecureNativeOptions getOptions(Properties properties) {
                 .withAutoSend(Utils.parseBooleanOrDefault(getPropertyOrEnvOrDefault(properties, "SECURENATIVE_AUTO_SEND", defaultOptions.getAutoSend()), defaultOptions.getAutoSend()))
                 .withDisable(Utils.parseBooleanOrDefault(getPropertyOrEnvOrDefault(properties, "SECURENATIVE_DISABLE", defaultOptions.getDisabled()), defaultOptions.getDisabled()))
                 .withLogLevel(getPropertyOrEnvOrDefault(properties, "SECURENATIVE_LOG_LEVEL", defaultOptions.getLogLevel()))
-                .withFailoverStrategy(FailoverStrategy.fromString(getPropertyOrEnvOrDefault(properties, "SECURENATIVE_FAILOVER_STRATEGY", defaultOptions.getFailoverStrategy()), defaultOptions.getFailoverStrategy()));
-
+                .withFailoverStrategy(FailoverStrategy.fromString(Objects.requireNonNull(getPropertyOrEnvOrDefault(properties, "SECURENATIVE_FAILOVER_STRATEGY", defaultOptions.getFailoverStrategy())), defaultOptions.getFailoverStrategy()))
+                .withProxyHeaders(getPropertyListOrEnvOrDefault(properties, "SECURENATIVE_PROXY_HEADERS", defaultOptions.getProxyHeaders()));
         return builder.build();
     }
 }

src/main/java/com/securenative/config/SecureNativeConfigurationBuilder.java

@@ -2,6 +2,8 @@
 
 import com.securenative.enums.FailoverStrategy;
 
+import java.util.ArrayList;
+
 public class SecureNativeConfigurationBuilder {
     /**
      * Api Secret associated with SecureNative account
@@ -48,6 +50,11 @@ public class SecureNativeConfigurationBuilder {
      */
     private FailoverStrategy failoverStrategy;
 
+    /**
+     * Proxy Headers
+     */
+    private ArrayList<String> proxyHeaders;
+
     private SecureNativeConfigurationBuilder() {
     }
 
@@ -61,7 +68,8 @@ public static SecureNativeConfigurationBuilder defaultConfigBuilder() {
                 .withAutoSend(true)
                 .withDisable(false)
                 .withLogLevel("fatal")
-                .withFailoverStrategy(FailoverStrategy.FAIL_OPEN);
+                .withFailoverStrategy(FailoverStrategy.FAIL_OPEN)
+                .withProxyHeaders(new ArrayList<>());
     }
 
     public SecureNativeConfigurationBuilder withApiKey(String apiKey) {
@@ -109,8 +117,12 @@ public SecureNativeConfigurationBuilder withFailoverStrategy(FailoverStrategy fa
         return this;
     }
 
+    public SecureNativeConfigurationBuilder withProxyHeaders(ArrayList<String> proxyHeaders) {
+        this.proxyHeaders = proxyHeaders;
+        return this;
+    }
 
     public SecureNativeOptions build() {
-        return new SecureNativeOptions(apiKey, apiUrl, interval, maxEvents, timeout, autoSend, disable, logLevel, failoverStrategy);
+        return new SecureNativeOptions(apiKey, apiUrl, interval, maxEvents, timeout, autoSend, disable, logLevel, failoverStrategy, proxyHeaders);
     }
 }

src/main/java/com/securenative/config/SecureNativeOptions.java

@@ -2,6 +2,8 @@
 
 import com.securenative.enums.FailoverStrategy;
 
+import java.util.ArrayList;
+
 public class SecureNativeOptions {
     /**
      * Api Secret associated with SecureNative account
@@ -48,7 +50,12 @@ public class SecureNativeOptions {
      */
     private final FailoverStrategy failoverStrategy;
 
-    public SecureNativeOptions(String apiKey, String apiUrl, int interval, int maxEvents, int timeout, boolean autoSend, boolean disable, String logLevel, FailoverStrategy failoverStrategy) {
+    /**
+     * Proxy Headers
+     */
+    private final ArrayList<String> proxyHeaders;
+
+    public SecureNativeOptions(String apiKey, String apiUrl, int interval, int maxEvents, int timeout, boolean autoSend, boolean disable, String logLevel, FailoverStrategy failoverStrategy, ArrayList<String> proxyHeaders) {
         this.apiKey = apiKey;
         this.apiUrl = apiUrl;
         this.interval = interval;
@@ -58,6 +65,7 @@ public SecureNativeOptions(String apiKey, String apiUrl, int interval, int maxEv
         this.disable = disable;
         this.logLevel = logLevel;
         this.failoverStrategy = failoverStrategy;
+        this.proxyHeaders = proxyHeaders;
     }
 
     public String getApiKey() {
@@ -95,4 +103,8 @@ public String getLogLevel() {
     public FailoverStrategy getFailoverStrategy() {
         return failoverStrategy;
     }
+
+    public ArrayList<String> getProxyHeaders() {
+        return proxyHeaders;
+    }
 }

src/main/java/com/securenative/context/SecureNativeContextBuilder.java

@@ -1,5 +1,6 @@
 package com.securenative.context;
 
+import com.securenative.config.SecureNativeOptions;
 import com.securenative.utils.RequestUtils;
 import com.securenative.utils.Utils;
 
@@ -52,7 +53,7 @@ public static SecureNativeContextBuilder defaultContextBuilder() {
         return new SecureNativeContextBuilder();
     }
 
-    public static SecureNativeContextBuilder fromHttpServletRequest(HttpServletRequest request) {
+    public static SecureNativeContextBuilder fromHttpServletRequest(HttpServletRequest request, SecureNativeOptions options) {
         Map<String, String> headers = RequestUtils.getHeadersFromRequest(request);
 
         String clientToken = RequestUtils.getCookieValueFromRequest(request, RequestUtils.SECURENATIVE_COOKIE);
@@ -65,7 +66,7 @@ public static SecureNativeContextBuilder fromHttpServletRequest(HttpServletReque
                 .withMethod(request.getMethod())
                 .withHeaders(headers)
                 .withClientToken(clientToken)
-                .withIp(RequestUtils.getClientIpFromRequest(request, headers))
+                .withIp(RequestUtils.getClientIpFromRequest(request, headers, options))
                 .withRemoteIp(RequestUtils.getRemoteIpFromRequest(request))
                 .withBody(null);
     }

src/main/java/com/securenative/utils/RequestUtils.java

@@ -1,5 +1,7 @@
 package com.securenative.utils;
 
+import com.securenative.config.SecureNativeOptions;
+
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import java.util.*;
@@ -35,7 +37,25 @@ public static String getCookieValueFromRequest(HttpServletRequest request, Strin
         return null;
     }
 
-    public static String getClientIpFromRequest(HttpServletRequest request, Map<String, String> headers) {
+    public static String getClientIpFromRequest(HttpServletRequest request, Map<String, String> headers, SecureNativeOptions options) {
+        if (options.getProxyHeaders().size() > 0) {
+            for (String header : options.getProxyHeaders()) {
+                if (headers.containsKey(header)) {
+                    String headerValue = headers.get(header);
+
+                    Optional<String> ip = Arrays.stream(headerValue.split(","))
+                            .map(String::trim)
+                            .filter(IPUtils::isIpAddress)
+                            .filter(IPUtils::isValidPublicIp)
+                            .findFirst();
+
+                    if (ip.isPresent()) {
+                        return ip.get();
+                    }
+                }
+            }
+        }
+
         Optional<String> bestCandidate = Optional.empty();
         for (String ipHeader : ipHeaders) {
             if (!headers.containsKey(ipHeader)) {

src/test/java/com/securenative/config/ConfigurationManagerTest.java

@@ -9,6 +9,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.lang.reflect.Field;
+import java.util.ArrayList;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
@@ -40,7 +41,8 @@ public void ParseConfigFileCorrectlyTest() throws SecureNativeConfigException {
                 "SECURENATIVE_AUTO_SEND=true",
                 "SECURENATIVE_DISABLE=false",
                 "SECURENATIVE_LOG_LEVEL=fatal",
-                "SECURENATIVE_FAILOVER_STRATEGY=fail-closed");
+                "SECURENATIVE_FAILOVER_STRATEGY=fail-closed",
+                "SECURENATIVE_PROXY_HEADERS=CF-Connecting-IP,Some-Random-Ip");
 
         InputStream inputStream = new ByteArrayInputStream(config.getBytes());
 
@@ -60,6 +62,7 @@ public void ParseConfigFileCorrectlyTest() throws SecureNativeConfigException {
         assertThat(options.getLogLevel()).isEqualTo("fatal");
         assertThat(options.getMaxEvents()).isEqualTo(100);
         assertThat(options.getTimeout()).isEqualTo(1500);
+        assertThat(options.getProxyHeaders().size() == 0);
 
         // restore resource stream
         ConfigurationManager.setResourceStream(new ResourceStreamImpl());
@@ -159,6 +162,7 @@ public void loadDefaultConfigTest() throws SecureNativeConfigException {
         assertThat(options.getDisabled()).isEqualTo(false);
         assertThat(options.getLogLevel()).isEqualTo("fatal");
         assertThat(options.getFailoverStrategy()).isEqualTo(FailoverStrategy.FAIL_OPEN);
+        assertThat(options.getProxyHeaders().size() == 0);
 
         ConfigurationManager.setResourceStream(new ResourceStreamImpl());
     }
@@ -177,6 +181,7 @@ public void getConfigFromEnvVariablesTest() throws SecureNativeConfigException,
         setEnv("SECURENATIVE_DISABLE", "true");
         setEnv("SECURENATIVE_LOG_LEVEL", "fatal");
         setEnv("SECURENATIVE_FAILOVER_STRATEGY", "fail-closed");
+        setEnv("SECURENATIVE_PROXY_HEADERS", "CF-Connecting-IP,Some-Random-Ip");
 
         SecureNativeOptions options = ConfigurationManager.loadConfig();
 
@@ -189,6 +194,7 @@ public void getConfigFromEnvVariablesTest() throws SecureNativeConfigException,
         assertThat(options.getDisabled()).isEqualTo(true);
         assertThat(options.getLogLevel()).isEqualTo("fatal");
         assertThat(options.getFailoverStrategy()).isEqualTo(FailoverStrategy.FAIL_CLOSED);
+        assertThat(options.getProxyHeaders().size() == 2);
 
         setEnv("SECURENATIVE_API_KEY", "");
         setEnv("SECURENATIVE_API_URL", "");
@@ -199,6 +205,7 @@ public void getConfigFromEnvVariablesTest() throws SecureNativeConfigException,
         setEnv("SECURENATIVE_DISABLE", "");
         setEnv("SECURENATIVE_LOG_LEVEL", "");
         setEnv("SECURENATIVE_FAILOVER_STRATEGY", "");
+        setEnv("SECURENATIVE_PROXY_HEADERS", "");
     }
 
     @Test
@@ -215,7 +222,8 @@ public void overwriteEnvVariablesWithConfigFileTest() throws SecureNativeConfigE
                 "SECURENATIVE_AUTO_SEND=false",
                 "SECURENATIVE_DISABLE=false",
                 "SECURENATIVE_LOG_LEVEL=fatal",
-                "SECURENATIVE_FAILOVER_STRATEGY=fail-closed");
+                "SECURENATIVE_FAILOVER_STRATEGY=fail-closed",
+                "SECURENATIVE_PROXY_HEADERS=CF-Connecting-IP,Some-Random-Ip");
 
         setEnv("SECURENATIVE_API_KEY", "API_KEY_FROM_ENV");
         setEnv("SECURENATIVE_API_URL", "API_URL_ENV");
@@ -226,6 +234,7 @@ public void overwriteEnvVariablesWithConfigFileTest() throws SecureNativeConfigE
         setEnv("SECURENATIVE_DISABLE", "true");
         setEnv("SECURENATIVE_LOG_LEVEL", "error");
         setEnv("SECURENATIVE_FAILOVER_STRATEGY", "fail-open");
+        setEnv("SECURENATIVE_PROXY_HEADERS", "CF-Connecting-IP,Some-Random-Ip");
 
         InputStream inputStream = new ByteArrayInputStream(config.getBytes());
 
@@ -234,6 +243,9 @@ public void overwriteEnvVariablesWithConfigFileTest() throws SecureNativeConfigE
 
         ConfigurationManager.setResourceStream(resourceStream);
         SecureNativeOptions options = ConfigurationManager.loadConfig();
+        ArrayList<String> proxyHeaders = new ArrayList<>();
+        proxyHeaders.add("CF-Connecting-IP");
+        proxyHeaders.add("Some-Random-Ip");
 
         assertThat(options).isNotNull();
         assertThat(options.getApiKey()).isEqualTo("API_KEY_FROM_FILE");
@@ -245,6 +257,7 @@ public void overwriteEnvVariablesWithConfigFileTest() throws SecureNativeConfigE
         assertThat(options.getDisabled()).isEqualTo(false);
         assertThat(options.getLogLevel()).isEqualTo("fatal");
         assertThat(options.getFailoverStrategy()).isEqualTo(FailoverStrategy.FAIL_CLOSED);
+        assertThat(options.getProxyHeaders()).isEqualTo(proxyHeaders);
 
         setEnv("SECURENATIVE_API_KEY", "");
         setEnv("SECURENATIVE_API_URL", "");
@@ -255,6 +268,7 @@ public void overwriteEnvVariablesWithConfigFileTest() throws SecureNativeConfigE
         setEnv("SECURENATIVE_DISABLE", "");
         setEnv("SECURENATIVE_LOG_LEVEL", "");
         setEnv("SECURENATIVE_FAILOVER_STRATEGY", "");
+        setEnv("SECURENATIVE_PROXY_HEADERS", "");
 
         // restore resource stream
         ConfigurationManager.setResourceStream(new ResourceStreamImpl());