From 5316f2b1cc9c2d3f04edc681b0dbc86dfb2d54bb Mon Sep 17 00:00:00 2001
From: Eric Wild <ewild@sysmocom.de>
Date: Fri, 13 Jun 2025 19:59:17 +0200
Subject: [PATCH] smdpp: verify request headers

Change-Id: Ic1221bcb87a9975a013ab356266d3cb76d9241f1
---
 osmo-smdpp.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/osmo-smdpp.py b/osmo-smdpp.py
index 9328b99b..16c0386b 100755
--- a/osmo-smdpp.py
+++ b/osmo-smdpp.py
@@ -54,6 +54,16 @@ def set_headers(request: IRequest):
     request.setHeader('Content-Type', 'application/json;charset=UTF-8')
     request.setHeader('X-Admin-Protocol', 'gsma/rsp/v2.1.0')
 
+def validate_request_headers(request: IRequest):
+    """Validate mandatory HTTP headers according to SGP.22."""
+    content_type = request.getHeader('Content-Type')
+    if not content_type or not content_type.startswith('application/json'):
+        raise ApiError('1.2.1', '2.1', 'Invalid Content-Type header')
+
+    admin_protocol = request.getHeader('X-Admin-Protocol')
+    if admin_protocol and not admin_protocol.startswith('gsma/rsp/v'):
+        raise ApiError('1.2.2', '2.1', 'Unsupported X-Admin-Protocol version')
+
 def build_status_code(subject_code: str, reason_code: str, subject_id: Optional[str], message: Optional[str]) -> Dict:
     r = {'subjectCode': subject_code, 'reasonCode': reason_code }
     if subject_id:
@@ -179,8 +189,7 @@ class SmDppHttpServer:
         functionality, such as JSON decoding/encoding and debug-printing."""
         @functools.wraps(func)
         def _api_wrapper(self, request: IRequest):
-            # TODO: evaluate User-Agent + X-Admin-Protocol header
-            # TODO: reject any non-JSON Content-type
+            validate_request_headers(request)
 
             content = json.loads(request.content.read())
             print("Rx JSON: %s" % json.dumps(content))