Remove Antlr dependency with manual parsing

Author: rmichela

grpc-contrib/pom.xml

@@ -35,10 +35,6 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-context</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.antlr</groupId>
-            <artifactId>antlr4-runtime</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
@@ -103,18 +99,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.antlr</groupId>
-                <artifactId>antlr4-maven-plugin</artifactId>
-                <version>${antlr.version}</version>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>antlr4</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
         </plugins>
     </build>
 </project>

grpc-contrib/src/main/antlr4/com/salesforce/grpc/contrib/xfcc/Xfcc.g4

@@ -8,11 +8,7 @@
 package com.salesforce.grpc.contrib.xfcc;
 
 import io.grpc.Metadata;
-import org.antlr.v4.runtime.CharStreams;
-import org.antlr.v4.runtime.CommonTokenStream;
-import org.antlr.v4.runtime.tree.ParseTreeWalker;
 
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -31,54 +27,6 @@ public String toAsciiString(List<XForwardedClientCert> value) {
 
     @Override
     public List<XForwardedClientCert> parseAsciiString(String serialized) {
-        try {
-            List<XForwardedClientCert> clientCerts = new ArrayList<>();
-
-            XfccLexer lexer = new XfccLexer(CharStreams.fromString(serialized));
-            CommonTokenStream tokens = new CommonTokenStream(lexer);
-            XfccParser parser = new XfccParser(tokens);
-
-            XfccParser.HeaderContext headerContext = parser.header();
-            ParseTreeWalker walker = new ParseTreeWalker();
-
-            XfccListener listener = new XfccBaseListener() {
-                private XForwardedClientCert clientCert;
-
-                @Override
-                public void enterElement(XfccParser.ElementContext ctx) {
-                    clientCert = new XForwardedClientCert();
-                }
-
-                @Override
-                public void enterKvp(XfccParser.KvpContext ctx) {
-                    XfccParser.KeyContext key = ctx.key();
-                    XfccParser.ValueContext value = ctx.value();
-
-                    if (key.BY() != null) {
-                        clientCert.setBy(value.getText());
-                    }
-                    if (key.HASH() != null) {
-                        clientCert.setHash(value.getText());
-                    }
-                    if (key.SAN() != null) {
-                        clientCert.setSan(value.getText());
-                    }
-                    if (key.SUBJECT() != null) {
-                        clientCert.setSubject(value.getText());
-                    }
-                }
-
-                @Override
-                public void exitElement(XfccParser.ElementContext ctx) {
-                    clientCerts.add(clientCert);
-                    clientCert = null;
-                }
-            };
-
-            walker.walk(listener, headerContext);
-            return clientCerts;
-        } catch (NoClassDefFoundError err) {
-            throw new RuntimeException("Likely missing optional dependency on org.antlr:antlr4-runtime:4.7", err);
-        }
+        return XfccParser.parse(serialized);
     }
 }

grpc-contrib/src/main/java/com/salesforce/grpc/contrib/xfcc/XfccMarshaller.java

@@ -0,0 +1,115 @@
+/*
+ *  Copyright (c) 2017, salesforce.com, inc.
+ *  All rights reserved.
+ *  Licensed under the BSD 3-Clause license.
+ *  For full license text, see LICENSE.txt file in the repo root  or https://opensource.org/licenses/BSD-3-Clause
+ */
+
+package com.salesforce.grpc.contrib.xfcc;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * {@code XfccParser} parses the {@code x-forwarded-client-cert} (XFCC) header populated by TLS-terminating
+ * reverse proxies.
+ *
+ * @see <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/http_conn_man/headers.html#config-http-conn-man-headers-x-forwarded-client-cert">Envoy XFCC Header</a>
+ */
+final class XfccParser {
+    private XfccParser() { }
+
+    /**
+     * Given a header string, parse and return a collection of {@link XForwardedClientCert} objects.
+     */
+    static List<XForwardedClientCert> parse(String header) {
+        List<XForwardedClientCert> certs = new ArrayList<>();
+
+        for (String element : quoteAwareSplit(header, ',')) {
+            XForwardedClientCert cert = new XForwardedClientCert();
+            List<String> kvps = quoteAwareSplit(element, ';');
+            for (String kvp : kvps) {
+                List<String> l = quoteAwareSplit(kvp, '=');
+
+                if (l.get(0).toLowerCase().equals("by")) {
+                    cert.setBy(dequote(l.get(1)));
+                }
+                if (l.get(0).toLowerCase().equals("hash")) {
+                    cert.setHash(dequote(l.get(1)));
+                }
+                if (l.get(0).toLowerCase().equals("san")) {
+                    cert.setSan(dequote(l.get(1)));
+                }
+                if (l.get(0).toLowerCase().equals("subject")) {
+                    cert.setSubject(dequote(l.get(1)));
+                }
+            }
+            certs.add(cert);
+        }
+
+        return certs;
+    }
+
+    // Break str into individual elements, splitting on delim (not in quotes)
+    private static List<String> quoteAwareSplit(String str, char delim) {
+        boolean inQuotes = false;
+        boolean inEscape = false;
+
+        List<String> elements = new ArrayList<>();
+        StringBuilder buffer = new StringBuilder();
+        for (char c : str.toCharArray()) {
+            if (c == delim && !inQuotes) {
+                elements.add(buffer.toString());
+                buffer = new StringBuilder();
+                inEscape = false;
+                continue;
+            }
+
+            if (c == '"') {
+                if (inQuotes) {
+                    if (!inEscape) {
+                        inQuotes = false;
+                    }
+                } else {
+                    inQuotes = true;
+
+                }
+                inEscape = false;
+                buffer.append(c);
+                continue;
+            }
+
+            if (c == '\\') {
+                if (!inEscape) {
+                    inEscape = true;
+                    buffer.append(c);
+                    continue;
+                }
+            }
+
+            // all other characters
+            inEscape = false;
+            buffer.append(c);
+        }
+
+        if (inQuotes) {
+            throw new RuntimeException("Quoted string not closed");
+        }
+
+        elements.add(buffer.toString());
+
+        return elements;
+    }
+
+    // Remove leading and tailing unescaped quotes, remove escaping from escaped internal quotes
+    private static String dequote(String str) {
+        str = str.replace("\\\"", "\"");
+        if (str.startsWith("\"")) {
+            str = str.substring(1);
+        }
+        if (str.endsWith("\"")) {
+            str = str.substring(0, str.length() - 1);
+        }
+        return str;
+    }
+}

grpc-contrib/src/main/java/com/salesforce/grpc/contrib/xfcc/XfccParser.java

@@ -0,0 +1,68 @@
+/*
+ *  Copyright (c) 2017, salesforce.com, inc.
+ *  All rights reserved.
+ *  Licensed under the BSD 3-Clause license.
+ *  For full license text, see LICENSE.txt file in the repo root  or https://opensource.org/licenses/BSD-3-Clause
+ */
+
+package com.salesforce.grpc.contrib.xfcc;
+
+import org.junit.Test;
+
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+public class XfccParserTest {
+    @Test
+    public void parseSimpleHeaderWorks() {
+        String header = "By=http://frontend.lyft.com;Hash=468ed33be74eee6556d90c0149c1309e9ba61d6425303443c0748a02dd8de688;" +
+                "SAN=http://testclient.lyft.com";
+        List<XForwardedClientCert> certs = XfccParser.parse(header);
+
+        assertThat(certs.size()).isEqualTo(1);
+        assertThat(certs.get(0).getBy()).isEqualTo("http://frontend.lyft.com");
+        assertThat(certs.get(0).getHash()).isEqualTo("468ed33be74eee6556d90c0149c1309e9ba61d6425303443c0748a02dd8de688");
+        assertThat(certs.get(0).getSan()).isEqualTo("http://testclient.lyft.com");
+        assertThat(certs.get(0).getSubject()).isEmpty();
+    }
+    @Test
+    public void parseCompoundHeaderWorks() {
+        String header = "By=http://frontend.lyft.com;Hash=468ed33be74eee6556d90c0149c1309e9ba61d6425303443c0748a02dd8de688;SAN=http://testclient.lyft.com," +
+                "By=http://backend.lyft.com;Hash=9ba61d6425303443c0748a02dd8de688468ed33be74eee6556d90c0149c1309e;SAN=http://frontend.lyft.com";
+        List<XForwardedClientCert> certs = XfccParser.parse(header);
+
+        assertThat(certs.size()).isEqualTo(2);
+        assertThat(certs.get(0).getBy()).isEqualTo("http://frontend.lyft.com");
+        assertThat(certs.get(1).getBy()).isEqualTo("http://backend.lyft.com");
+    }
+
+    @Test
+    public void quotedHeaderWorks() {
+        String header = "By=http://frontend.lyft.com;Hash=468ed33be74eee6556d90c0149c1309e9ba61d6425303443c0748a02dd8de688;" +
+                "Subject=\"/C=US/ST=CA/L=San Francisco/OU=Lyft/CN=Test Client\";SAN=http://testclient.lyft.com";
+        List<XForwardedClientCert> certs = XfccParser.parse(header);
+
+        assertThat(certs.size()).isEqualTo(1);
+        assertThat(certs.get(0).getSubject()).isEqualTo("/C=US/ST=CA/L=San Francisco/OU=Lyft/CN=Test Client");
+    }
+
+    @Test
+    public void escapedQuotedHeaderWorks() {
+        String header = "By=http://frontend.lyft.com;Hash=468ed33be74eee6556d90c0149c1309e9ba61d6425303443c0748a02dd8de688;" +
+                "Subject=\"/C=US/ST=CA/L=\\\"San Francisco\\\"/OU=Lyft/CN=Test Client\";SAN=http://testclient.lyft.com";
+        List<XForwardedClientCert> certs = XfccParser.parse(header);
+
+        assertThat(certs.size()).isEqualTo(1);
+        assertThat(certs.get(0).getSubject()).isEqualTo("/C=US/ST=CA/L=\"San Francisco\"/OU=Lyft/CN=Test Client");
+    }
+
+    @Test
+    public void mismatchedQuotesThrows() {
+        String header = "By=http://frontend.lyft.com;Hash=468ed33be74eee6556d90c0149c1309e9ba61d6425303443c0748a02dd8de688;" +
+                "Subject=\"/C=US/ST=CA/L=\\\"San Francisco\"/OU=Lyft/CN=Test Client\";SAN=http://testclient.lyft.com";
+
+        assertThatThrownBy(() -> XfccParser.parse(header)).isInstanceOf(RuntimeException.class);
+    }
+}

grpc-contrib/src/test/java/com/salesforce/grpc/contrib/xfcc/XfccParserTest.java

@@ -69,7 +69,6 @@
         <gson.version>2.7</gson.version> <!-- Same version as grpc-proto -->
         <mustache-java.version>0.9.4</mustache-java.version>
         <spring.version>4.2.0.RELEASE</spring.version>
-        <antlr.version>4.7</antlr.version>
 
         <!-- Test Dependency Versions -->
         <junit.version>4.12</junit.version>
@@ -154,12 +153,6 @@
                 <artifactId>spring-webmvc</artifactId>
                 <version>${spring.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.antlr</groupId>
-                <artifactId>antlr4-runtime</artifactId>
-                <version>${antlr.version}</version>
-                <optional>true</optional>
-            </dependency>
             <!-- Provided dependencies -->
             <dependency>
                 <groupId>org.slf4j</groupId>