feat(config): add support for base64url encoding

This adds a test case to ensure base64 encoded properties are corectly parsed and decoded.
Kong · Sep 2, 2022 · 89b0eeb · 89b0eeb
1 parent c9fde0d
commit 89b0eeb
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 5 deletions.
diff --git a/kong/conf_loader/init.lua b/kong/conf_loader/init.lua
@@ -18,6 +18,7 @@ local utils = require "kong.tools.utils"
 local log = require "kong.cmd.utils.log"
 local env = require "kong.cmd.utils.env"
 local ffi = require "ffi"
+local base64 = require "ngx.base64"
 
 
 local fmt = string.format
@@ -45,6 +46,7 @@ local tostring = tostring
 local tonumber = tonumber
 local setmetatable = setmetatable
 local decode_base64 = ngx.decode_base64
+local decode_base64url = base64.decode_base64url
 
 
 local get_phase do
@@ -625,14 +627,18 @@ end
 
 local function try_base64_decode(vals)
   if type(vals) == "table" then
-    for k, v in pairs(vals) do
-      vals[k] = decode_base64(v) or v
+    for i, v in ipairs(vals) do
+      vals[i] = decode_base64(v)
+                or decode_base64url(v)
+                or v
     end
     return vals
   end
 
   if type(vals) == "string" then
-    return decode_base64(vals) or vals
+    return decode_base64(vals)
+           or decode_base64url(vals)
+           or vals
   end
 
   return vals
@@ -663,7 +669,6 @@ local function check_and_infer(conf, opts)
     conf[k] = value
   end
 
-
   -- decode base64 for supported fields
   for _, prefix in ipairs({
     "ssl",
@@ -676,7 +681,6 @@ local function check_and_infer(conf, opts)
     conf[prefix .. "_cert_key"] = try_base64_decode(conf[prefix .. "_cert_key"])
   end
 
-
   ---------------------
   -- custom validations
   ---------------------

diff --git a/spec/01-unit/03-conf_loader_spec.lua b/spec/01-unit/03-conf_loader_spec.lua
@@ -728,6 +728,45 @@ describe("Configuration loader", function()
       assert.is_nil(conf)
     end)
     describe("SSL", function()
+      it("accepts and decodes valid base64 values", function()
+        local ssl_fixtures = require "spec.fixtures.ssl"
+        local prefixes = {
+          "ssl",
+          "admin_ssl",
+          "status_ssl",
+          "client_ssl",
+          "cluster"
+        }
+        local cert = ssl_fixtures.cert
+        local key = ssl_fixtures.key
+        local cert_base64 = ngx.encode_base64(cert)
+        local key_base64 = ngx.encode_base64(key)
+        local params = {}
+        for _, prefix in ipairs(prefixes) do
+          params[prefix .. "_cert"] = cert_base64
+          params[prefix .. "_cert_key"] = key_base64
+        end
+        local conf, err = conf_loader(nil, params)
+
+        assert.is_nil(err)
+        assert.is_table(conf)
+        for _, prefix in ipairs(prefixes) do
+          local certs = conf[prefix .. "_cert"]
+          local keys = conf[prefix .. "_cert_key"]
+
+          if type(certs) == "table" then
+            for i = 1, #certs do
+              assert.equals(cert, certs[i])
+              assert.equals(key, keys[i])
+            end
+          end
+
+          if type(certs) == "string" then
+            assert.equals(cert, certs)
+            assert.equals(key, keys)
+          end
+        end
+      end)
       describe("proxy", function()
         it("does not check SSL cert and key if SSL is off", function()
           local conf, err = conf_loader(nil, {