diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java index cf64e6c59..56baf3bfc 100644 --- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java +++ b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/AbstractControllerAuthenticationFilter.java @@ -46,12 +46,6 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe return tenantAware.runAsTenant(secruityToken.getTenant(), configurationKeyTenantRunner); } - @Override - public abstract Object getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken); - - @Override - public abstract Object getPreAuthenticatedCredentials(TenantSecurityToken secruityToken); - private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner { @Override public Boolean run() { diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java index a536b319d..fae0b53ad 100644 --- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java +++ b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.java @@ -77,7 +77,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont } @Override - public Object getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) { + public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) { // retrieve the common name header and the authority name header from // the http request and combine them together final String commonNameValue = secruityToken.getHeader(caCommonNameHeader); diff --git a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthentificationFilter.java b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthentificationFilter.java index 72f362fa0..f0801ff4d 100644 --- a/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthentificationFilter.java +++ b/hawkbit-security-integration/src/main/java/org/eclipse/hawkbit/security/PreAuthentificationFilter.java @@ -36,7 +36,7 @@ public interface PreAuthentificationFilter { * the secruityToken * @return the extracted tenant and controller id */ - Object getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken); + HeaderAuthentication getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken); /** * Extract the principal credentials from the current secruityToken. diff --git a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java b/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java index 15e9c2055..80979795f 100644 --- a/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java +++ b/hawkbit-security-integration/src/test/java/org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilterTest.java @@ -46,10 +46,13 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { private SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(); private static final String CA_COMMON_NAME = "ca-cn"; + private static final String CA_COMMON_NAME_VALUE = "box1"; private static final String X_SSL_ISSUER_HASH_1 = "X-Ssl-Issuer-Hash-1"; private static final String SINGLE_HASH = "hash1"; + private static final String SECOND_HASH = "hash2"; + private static final String UNKNOWN_HASH = "unknown"; private static final String MULTI_HASH = "hash1;hash2;hash3"; @@ -69,9 +72,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { @Test @Description("Tests the filter for issuer hash based authentication with a single known hash") public void testIssuerHashBasedAuthenticationWithSingleKnownHash() { - // prepare security token - final TenantSecurityToken securityToken = prepareSecurityToken(); - securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, SINGLE_HASH); + final TenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH); // use single known hash when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) @@ -82,9 +83,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { @Test @Description("Tests the filter for issuer hash based authentication with multiple known hashes") public void testIssuerHashBasedAuthenticationWithMultipleKnownHashes() { - // prepare security token - final TenantSecurityToken securityToken = prepareSecurityToken(); - securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, SINGLE_HASH); + final TenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH); // use multiple known hashes when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) @@ -95,9 +94,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { @Test @Description("Tests the filter for issuer hash based authentication with unknown hash") public void testIssuerHashBasedAuthenticationWithUnknownHash() { - // prepare security token - final TenantSecurityToken securityToken = prepareSecurityToken(); - securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "unknown"); + final TenantSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH); // use single known hash when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) @@ -108,39 +105,37 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest { @Test @Description("Tests different values for issuer hash header and inspects the credentials") public void useDifferentValuesForIssuerHashHeader() { + final TenantSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH); + final TenantSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH); - // prepare security token - TenantSecurityToken securityToken = prepareSecurityToken(); - securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash1"); + final HeaderAuthentication expected1 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SINGLE_HASH); + final HeaderAuthentication expected2 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SECOND_HASH); when(tenantConfigurationManagementMock.getConfigurationValue( eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) .thenReturn(CONFIG_VALUE_MULTI_HASH); - HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1"); - Collection credentials = (Collection) underTest - .getPreAuthenticatedCredentials(securityToken); - assertThat(credentials.contains(expected)).isTrue(); + final Collection credentials1 = (Collection) underTest + .getPreAuthenticatedCredentials(securityToken1); + final Collection credentials2 = (Collection) underTest + .getPreAuthenticatedCredentials(securityToken2); - Object principal = underTest.getPreAuthenticatedPrincipal(securityToken); - assertEquals("hash1 expected in principal!", expected, principal); + Object principal1 = underTest.getPreAuthenticatedPrincipal(securityToken1); + Object principal2 = underTest.getPreAuthenticatedPrincipal(securityToken2); - securityToken = prepareSecurityToken(); - securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2"); - expected = new HeaderAuthentication("box1", "hash2"); - credentials = (Collection) underTest.getPreAuthenticatedCredentials(securityToken); - assertThat(credentials.contains(expected)).isTrue(); + assertThat(credentials1.contains(expected1)).isTrue(); + assertThat(credentials2.contains(expected2)).isTrue(); - principal = underTest.getPreAuthenticatedPrincipal(securityToken); - assertEquals("hash2 expected in principal!", expected, principal); + assertEquals("hash1 expected in principal!", expected1, principal1); + assertEquals("hash2 expected in principal!", expected2, principal2); } - private static TenantSecurityToken prepareSecurityToken() { - final TenantSecurityToken securityToken = new TenantSecurityToken("DEFAULT", "box1", + private static TenantSecurityToken prepareSecurityToken(String issuerHashHeaderValue) { + final TenantSecurityToken securityToken = new TenantSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE, FileResource.createFileResourceBySha1("12345")); - securityToken.getHeaders().put(CA_COMMON_NAME, "box1"); - + securityToken.getHeaders().put(CA_COMMON_NAME, CA_COMMON_NAME_VALUE); + securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, issuerHashHeaderValue); return securityToken; }