correct HMAC padding, escape chars in tests

Signed-off-by: Maciej Mierzwa <[email protected]>

src/main/java/org/opensearch/security/authtoken/jwt/JwtVendor.java

@@ -114,7 +114,7 @@ public static String padSecret(String signingKey, JWSAlgorithm jwsAlgorithm) {
         }
         int requiredByteLength = ByteUtils.byteLength(requiredSecretLength);
         // padding the signing key with 0s to meet the minimum required length
-        return StringUtils.rightPad(signingKey, requiredByteLength, "0");
+        return StringUtils.rightPad(signingKey, requiredByteLength, "\0");
     }
 
     public String createJwt(

src/test/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticatorTest.java

@@ -345,10 +345,10 @@ public void shouldUnescapeSamlEntitiesTest2() throws Exception {
         Assert.assertNotNull("Expected authorization attribute in JSON: " + responseJson, authorization);
 
         SignedJWT jwt = SignedJWT.parse(authorization.replaceAll("\\s*bearer\\s*", ""));
-        Assert.assertEquals("ABC\\User1", jwt.getJWTClaimsSet().getClaim("sub"));
-        Assert.assertEquals("ABC\\User1", samlAuthenticator.httpJwtAuthenticator.extractSubject(jwt.getJWTClaimsSet()));
-        Assert.assertEquals("[ABC\\Admin]", String.valueOf(jwt.getJWTClaimsSet().getClaim("roles")));
-        Assert.assertEquals("ABC\\Admin", samlAuthenticator.httpJwtAuthenticator.extractRoles(jwt.getJWTClaimsSet())[0]);
+        Assert.assertEquals("ABC\"User1", jwt.getJWTClaimsSet().getClaim("sub"));
+        Assert.assertEquals("ABC\"User1", samlAuthenticator.httpJwtAuthenticator.extractSubject(jwt.getJWTClaimsSet()));
+        Assert.assertEquals("[ABC\"Admin]", String.valueOf(jwt.getJWTClaimsSet().getClaim("roles")));
+        Assert.assertEquals("ABC\"Admin", samlAuthenticator.httpJwtAuthenticator.extractRoles(jwt.getJWTClaimsSet())[0]);
     }
 
     @Test
@@ -395,10 +395,10 @@ public void shouldNotEscapeSamlEntities() throws Exception {
         Assert.assertNotNull("Expected authorization attribute in JSON: " + responseJson, authorization);
 
         SignedJWT jwt = SignedJWT.parse(authorization.replaceAll("\\s*bearer\\s*", ""));
-        Assert.assertEquals("ABC\\User1", jwt.getJWTClaimsSet().getClaim("sub"));
-        Assert.assertEquals("ABC\\User1", samlAuthenticator.httpJwtAuthenticator.extractSubject(jwt.getJWTClaimsSet()));
-        Assert.assertEquals("[ABC\\Admin]", String.valueOf(jwt.getJWTClaimsSet().getClaim("roles")));
-        Assert.assertEquals("ABC\\Admin", samlAuthenticator.httpJwtAuthenticator.extractRoles(jwt.getJWTClaimsSet())[0]);
+        Assert.assertEquals("ABC/User1", jwt.getJWTClaimsSet().getClaim("sub"));
+        Assert.assertEquals("ABC/User1", samlAuthenticator.httpJwtAuthenticator.extractSubject(jwt.getJWTClaimsSet()));
+        Assert.assertEquals("[ABC/Admin]", String.valueOf(jwt.getJWTClaimsSet().getClaim("roles")));
+        Assert.assertEquals("ABC/Admin", samlAuthenticator.httpJwtAuthenticator.extractRoles(jwt.getJWTClaimsSet())[0]);
     }
 
     @Test
@@ -445,7 +445,7 @@ public void shouldNotTrimWhitespaceInJwtRoles() throws Exception {
         Assert.assertNotNull("Expected authorization attribute in JSON: " + responseJson, authorization);
 
         SignedJWT jwt = SignedJWT.parse(authorization.replaceAll("\\s*bearer\\s*", ""));
-        Assert.assertEquals("ABC\\Admin", samlAuthenticator.httpJwtAuthenticator.extractRoles(jwt.getJWTClaimsSet())[0]);
+        Assert.assertEquals("ABC/Admin", samlAuthenticator.httpJwtAuthenticator.extractRoles(jwt.getJWTClaimsSet())[0]);
 
     }