Code format hawkbit-security-integration (#1934)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-11-05 11:19:11 +02:00
committed by GitHub
parent 2c2ed8f8ab
commit 51ac49db64
13 changed files with 145 additions and 179 deletions

View File

@@ -9,50 +9,50 @@
SPDX-License-Identifier: EPL-2.0 SPDX-License-Identifier: EPL-2.0
--> -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<parent> <parent>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-parent</artifactId> <artifactId>hawkbit-parent</artifactId>
<version>${revision}</version> <version>${revision}</version>
</parent> </parent>
<artifactId>hawkbit-security-integration</artifactId> <artifactId>hawkbit-security-integration</artifactId>
<name>hawkBit :: Security Integration</name> <name>hawkBit :: Security Integration</name>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-repository-api</artifactId> <artifactId>hawkbit-repository-api</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId> <artifactId>spring-security-web</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>jakarta.servlet</groupId> <groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId> <artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<!-- TEST --> <!-- TEST -->
<dependency> <dependency>
<groupId>org.eclipse.hawkbit</groupId> <groupId>org.eclipse.hawkbit</groupId>
<artifactId>hawkbit-repository-jpa</artifactId> <artifactId>hawkbit-repository-jpa</artifactId>
<version>${project.version}</version> <version>${project.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId> <artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>io.qameta.allure</groupId> <groupId>io.qameta.allure</groupId>
<artifactId>allure-junit5</artifactId> <artifactId>allure-junit5</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>
</project> </project>

View File

@@ -28,8 +28,8 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
protected final TenantConfigurationManagement tenantConfigurationManagement; protected final TenantConfigurationManagement tenantConfigurationManagement;
protected final TenantAware tenantAware; protected final TenantAware tenantAware;
private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
protected final SystemSecurityContext systemSecurityContext; protected final SystemSecurityContext systemSecurityContext;
private final SecurityConfigurationKeyTenantRunner configurationKeyTenantRunner;
protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement, protected AbstractControllerAuthenticationFilter(final TenantConfigurationManagement systemManagement,
final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) { final TenantAware tenantAware, final SystemSecurityContext systemSecurityContext) {
@@ -39,14 +39,20 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
this.configurationKeyTenantRunner = new SecurityConfigurationKeyTenantRunner(); this.configurationKeyTenantRunner = new SecurityConfigurationKeyTenantRunner();
} }
protected abstract String getTenantConfigurationKey();
@Override @Override
public boolean isEnable(final DmfTenantSecurityToken securityToken) { public boolean isEnable(final DmfTenantSecurityToken securityToken) {
return tenantAware.runAsTenant(securityToken.getTenant(), configurationKeyTenantRunner); return tenantAware.runAsTenant(securityToken.getTenant(), configurationKeyTenantRunner);
} }
@Override
public Collection<GrantedAuthority> getSuccessfulAuthenticationAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE));
}
protected abstract String getTenantConfigurationKey();
private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> { private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> {
@Override @Override
public Boolean run() { public Boolean run() {
@@ -56,9 +62,4 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
} }
} }
@Override
public Collection<GrantedAuthority> getSuccessfulAuthenticationAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE));
}
} }

View File

@@ -36,18 +36,14 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
/** /**
* Constructor. * Constructor.
* *
* @param tenantConfigurationManagement * @param tenantConfigurationManagement the tenant management service to retrieve configuration
* the tenant management service to retrieve configuration * properties
* properties * @param controllerManagement the controller management to retrieve the specific target
* @param controllerManagement * security token to verify
* the controller management to retrieve the specific target * @param tenantAware the tenant aware service to get configuration for the specific
* security token to verify * tenant
* @param tenantAware * @param systemSecurityContext the system security context to get access to tenant
* the tenant aware service to get configuration for the specific * configuration
* tenant
* @param systemSecurityContext
* the system security context to get access to tenant
* configuration
*/ */
public ControllerPreAuthenticateSecurityTokenFilter( public ControllerPreAuthenticateSecurityTokenFilter(
final TenantConfigurationManagement tenantConfigurationManagement, final TenantConfigurationManagement tenantConfigurationManagement,
@@ -82,10 +78,15 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
}, securityToken.getTenant()); }, securityToken.getTenant());
return target.map(t -> new HeaderAuthentication(t.getControllerId(), return target.map(t -> new HeaderAuthentication(t.getControllerId(),
systemSecurityContext.runAsSystemAsTenant(() -> t.getSecurityToken(), securityToken.getTenant()))) systemSecurityContext.runAsSystemAsTenant(() -> t.getSecurityToken(), securityToken.getTenant())))
.orElse(null); .orElse(null);
} }
@Override
protected String getTenantConfigurationKey() {
return TenantConfigurationKey.AUTHENTICATION_MODE_TARGET_SECURITY_TOKEN_ENABLED;
}
private String resolveControllerId(final DmfTenantSecurityToken securityToken) { private String resolveControllerId(final DmfTenantSecurityToken securityToken) {
if (securityToken.getControllerId() != null) { if (securityToken.getControllerId() != null) {
return securityToken.getControllerId(); return securityToken.getControllerId();
@@ -94,9 +95,4 @@ public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractContro
() -> controllerManagement.get(securityToken.getTargetId()), securityToken.getTenant()); () -> controllerManagement.get(securityToken.getTargetId()), securityToken.getTenant());
return foundTarget.map(Target::getControllerId).orElse(null); return foundTarget.map(Target::getControllerId).orElse(null);
} }
@Override
protected String getTenantConfigurationKey() {
return TenantConfigurationKey.AUTHENTICATION_MODE_TARGET_SECURITY_TOKEN_ENABLED;
}
} }

View File

@@ -25,15 +25,12 @@ public class ControllerPreAuthenticatedAnonymousDownload extends AbstractControl
/** /**
* Constructor. * Constructor.
* *
* @param tenantConfigurationManagement * @param tenantConfigurationManagement the tenant management service to retrieve configuration
* the tenant management service to retrieve configuration * properties
* properties * @param tenantAware the tenant aware service to get configuration for the specific
* @param tenantAware * tenant
* the tenant aware service to get configuration for the specific * @param systemSecurityContext the system security context to get access to tenant
* tenant * configuration
* @param systemSecurityContext
* the system security context to get access to tenant
* configuration
*/ */
public ControllerPreAuthenticatedAnonymousDownload( public ControllerPreAuthenticatedAnonymousDownload(
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,

View File

@@ -20,14 +20,18 @@ public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticat
private final DdiSecurityProperties ddiSecurityConfiguration; private final DdiSecurityProperties ddiSecurityConfiguration;
/** /**
* @param ddiSecurityConfiguration * @param ddiSecurityConfiguration the security configuration which holds the configuration if
* the security configuration which holds the configuration if * anonymous is enabled or not
* anonymous is enabled or not
*/ */
public ControllerPreAuthenticatedAnonymousFilter(final DdiSecurityProperties ddiSecurityConfiguration) { public ControllerPreAuthenticatedAnonymousFilter(final DdiSecurityProperties ddiSecurityConfiguration) {
this.ddiSecurityConfiguration = ddiSecurityConfiguration; this.ddiSecurityConfiguration = ddiSecurityConfiguration;
} }
@Override
public boolean isEnable(final DmfTenantSecurityToken securityToken) {
return ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled();
}
@Override @Override
public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final DmfTenantSecurityToken securityToken) {
return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId()); return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
@@ -37,9 +41,4 @@ public class ControllerPreAuthenticatedAnonymousFilter implements PreAuthenticat
public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) { public HeaderAuthentication getPreAuthenticatedCredentials(final DmfTenantSecurityToken securityToken) {
return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId()); return new HeaderAuthentication(securityToken.getControllerId(), securityToken.getControllerId());
} }
@Override
public boolean isEnable(final DmfTenantSecurityToken securityToken) {
return ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled();
}
} }

View File

@@ -34,15 +34,12 @@ public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends Abstra
/** /**
* Constructor. * Constructor.
* *
* @param tenantConfigurationManagement * @param tenantConfigurationManagement the tenant management service to retrieve configuration
* the tenant management service to retrieve configuration * properties
* properties * @param tenantAware the tenant aware service to get configuration for the specific
* @param tenantAware * tenant
* the tenant aware service to get configuration for the specific * @param systemSecurityContext the system security context to get access to tenant
* tenant * configuration
* @param systemSecurityContext
* the system security context to get access to tenant
* configuration
*/ */
public ControllerPreAuthenticatedGatewaySecurityTokenFilter( public ControllerPreAuthenticatedGatewaySecurityTokenFilter(
final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware, final TenantConfigurationManagement tenantConfigurationManagement, final TenantAware tenantAware,

View File

@@ -52,20 +52,15 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
/** /**
* Constructor. * Constructor.
* *
* @param caCommonNameHeader * @param caCommonNameHeader the http-header which holds the common-name of the certificate
* the http-header which holds the common-name of the certificate * @param caAuthorityNameHeader the http-header which holds the ca-authority name of the
* @param caAuthorityNameHeader * certificate
* the http-header which holds the ca-authority name of the * @param tenantConfigurationManagement the tenant management service to retrieve configuration
* certificate * properties
* @param tenantConfigurationManagement * @param tenantAware the tenant aware service to get configuration for the specific
* the tenant management service to retrieve configuration * tenant
* properties * @param systemSecurityContext the system security context to get access to tenant
* @param tenantAware * configuration
* the tenant aware service to get configuration for the specific
* tenant
* @param systemSecurityContext
* the system security context to get access to tenant
* configuration
*/ */
public ControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader, public ControllerPreAuthenticatedSecurityHeaderFilter(final String caCommonNameHeader,
final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement, final String caAuthorityNameHeader, final TenantConfigurationManagement tenantConfigurationManagement,
@@ -113,6 +108,15 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
.collect(Collectors.toSet()); .collect(Collectors.toSet());
} }
@Override
protected String getTenantConfigurationKey() {
return TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_ENABLED;
}
private static List<String> splitMultiHashBySemicolon(final String knownIssuerHashes) {
return Arrays.stream(knownIssuerHashes.split("[;,]")).map(String::toLowerCase).collect(Collectors.toList());
}
/** /**
* Iterates over the {@link #sslIssuerHashBasicHeader} basic header * Iterates over the {@link #sslIssuerHashBasicHeader} basic header
* {@code X-Ssl-Issuer-Hash-%d} and try to find the same hash as known. It's ok * {@code X-Ssl-Issuer-Hash-%d} and try to find the same hash as known. It's ok
@@ -142,20 +146,12 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
return null; return null;
} }
@Override
protected String getTenantConfigurationKey() {
return TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_ENABLED;
}
private final class GetSecurityAuthorityNameTenantRunner implements TenantAware.TenantRunner<String> { private final class GetSecurityAuthorityNameTenantRunner implements TenantAware.TenantRunner<String> {
@Override @Override
public String run() { public String run() {
return systemSecurityContext.runAsSystem(() -> tenantConfigurationManagement.getConfigurationValue( return systemSecurityContext.runAsSystem(() -> tenantConfigurationManagement.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class).getValue()); TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class).getValue());
} }
} }
private static List<String> splitMultiHashBySemicolon(final String knownIssuerHashes) {
return Arrays.stream(knownIssuerHashes.split("[;,]")).map(String::toLowerCase).collect(Collectors.toList());
}
} }

View File

@@ -28,16 +28,14 @@ import lombok.Data;
public class DmfTenantSecurityToken { public class DmfTenantSecurityToken {
public static final String AUTHORIZATION_HEADER = "Authorization"; public static final String AUTHORIZATION_HEADER = "Authorization";
@JsonProperty
private String tenant;
@JsonProperty @JsonProperty
private final Long tenantId; private final Long tenantId;
@JsonProperty @JsonProperty
private final String controllerId; private final String controllerId;
@JsonProperty @JsonProperty
private final Long targetId; private final Long targetId;
@JsonProperty
private String tenant;
@JsonProperty @JsonProperty
private Map<String, String> headers; private Map<String, String> headers;
@@ -82,8 +80,7 @@ public class DmfTenantSecurityToken {
/** /**
* Gets a header value. * Gets a header value.
* *
* @param name * @param name of header
* of header
* @return the value * @return the value
*/ */
public String getHeader(final String name) { public String getHeader(final String name) {
@@ -99,7 +96,6 @@ public class DmfTenantSecurityToken {
* *
* @param name of the header * @param name of the header
* @param value of the header * @param value of the header
*
* @return the previous value associated with the <tt>name</tt>, or <tt>null</tt> if there was no mapping for <tt>name</tt>. * @return the previous value associated with the <tt>name</tt>, or <tt>null</tt> if there was no mapping for <tt>name</tt>.
*/ */
public String putHeader(final String name, final String value) { public String putHeader(final String name, final String value) {

View File

@@ -13,11 +13,9 @@ package org.eclipse.hawkbit.security;
* The authentication principal and credentials object which holds the * The authentication principal and credentials object which holds the
* controller-id and the authority name from the http-headers as principal or * controller-id and the authority name from the http-headers as principal or
* from the http-url and tenant configuration for the credentials. * from the http-url and tenant configuration for the credentials.
*
*
*
*/ */
final class HeaderAuthentication { final class HeaderAuthentication {
private final String controllerId; private final String controllerId;
private final String headerAuth; private final String headerAuth;

View File

@@ -54,8 +54,7 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
* source IP addresses which are trusted and should be checked against the * source IP addresses which are trusted and should be checked against the
* request remote IP address. * request remote IP address.
* *
* @param authorizedSourceIps * @param authorizedSourceIps a list of IP addresses.
* a list of IP addresses.
*/ */
public PreAuthTokenSourceTrustAuthenticationProvider(final List<String> authorizedSourceIps) { public PreAuthTokenSourceTrustAuthenticationProvider(final List<String> authorizedSourceIps) {
this.authorizedSourceIps = authorizedSourceIps; this.authorizedSourceIps = authorizedSourceIps;
@@ -66,8 +65,7 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
* source IP addresses which are trusted and should be checked against the * source IP addresses which are trusted and should be checked against the
* request remote IP address. * request remote IP address.
* *
* @param authorizedSourceIps * @param authorizedSourceIps a list of IP addresses.
* a list of IP addresses.
*/ */
public PreAuthTokenSourceTrustAuthenticationProvider(final String... authorizedSourceIps) { public PreAuthTokenSourceTrustAuthenticationProvider(final String... authorizedSourceIps) {
this.authorizedSourceIps = new ArrayList<>(); this.authorizedSourceIps = new ArrayList<>();
@@ -104,8 +102,12 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
throw new BadCredentialsException("The provided principal and credentials are not match"); throw new BadCredentialsException("The provided principal and credentials are not match");
} }
@Override
public boolean supports(final Class<?> authentication) {
return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);
}
/** /**
*
* The credentials may either be of type HeaderAuthentication or of type * The credentials may either be of type HeaderAuthentication or of type
* Collection<HeaderAuthentication> depending on the authentication mode in * Collection<HeaderAuthentication> depending on the authentication mode in
* use (the latter is used in case of trusted reverse-proxy). It is checked * use (the latter is used in case of trusted reverse-proxy). It is checked
@@ -115,13 +117,10 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
* special header set by the reverse-proxy which extracted the CN from the * special header set by the reverse-proxy which extracted the CN from the
* certificate. * certificate.
* *
* @param principal * @param principal the {@link HeaderAuthentication} from the header
* the {@link HeaderAuthentication} from the header * @param credentials a single {@link HeaderAuthentication} or a Collection of
* @param credentials * HeaderAuthentication
* a single {@link HeaderAuthentication} or a Collection of * @param tokenDetails authentication details
* HeaderAuthentication
* @param tokenDetails
* authentication details
* @return <code>true</code> if authentication succeeded, otherwise * @return <code>true</code> if authentication succeeded, otherwise
* <code>false</code> * <code>false</code>
*/ */
@@ -172,9 +171,4 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
return true; return true;
} }
@Override
public boolean supports(final Class<?> authentication) {
return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(authentication);
}
} }

View File

@@ -19,9 +19,6 @@ import org.eclipse.hawkbit.im.authentication.TenantAwareAuthenticationDetails;
* authenticating the requested controller e.g. based on the security header and * authenticating the requested controller e.g. based on the security header and
* trusted IP address we need the remote address of the http request to verify * trusted IP address we need the remote address of the http request to verify
* the e.g. the reverse proxy is trusted and allowed to set the header. * the e.g. the reverse proxy is trusted and allowed to set the header.
*
*
*
*/ */
public class TenantAwareWebAuthenticationDetails extends TenantAwareAuthenticationDetails { public class TenantAwareWebAuthenticationDetails extends TenantAwareAuthenticationDetails {
@@ -29,13 +26,10 @@ public class TenantAwareWebAuthenticationDetails extends TenantAwareAuthenticati
private final String remoteAddress; private final String remoteAddress;
/** /**
* @param tenant * @param tenant the current tenant
* the current tenant * @param remoteAddress the remote address of this web request
* @param remoteAddress * @param controller {@code true} indicates this is an controller HTTP request
* the remote address of this web request * otherwise {@code false}.
* @param controller
* {@code true} indicates this is an controller HTTP request
* otherwise {@code false}.
*/ */
public TenantAwareWebAuthenticationDetails(final String tenant, final String remoteAddress, public TenantAwareWebAuthenticationDetails(final String tenant, final String remoteAddress,
final boolean controller) { final boolean controller) {

View File

@@ -11,6 +11,8 @@ package org.eclipse.hawkbit.security;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions; import org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.tenancy.TenantAware; import org.eclipse.hawkbit.tenancy.TenantAware;
@@ -21,9 +23,6 @@ import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
/** /**
* *
*/ */

View File

@@ -14,6 +14,9 @@ import static org.mockito.Mockito.when;
import java.util.Collection; import java.util.Collection;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement; import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.repository.model.TenantConfigurationValue; import org.eclipse.hawkbit.repository.model.TenantConfigurationValue;
import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver; import org.eclipse.hawkbit.tenancy.UserAuthoritiesResolver;
@@ -24,10 +27,6 @@ import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import io.qameta.allure.Description;
import io.qameta.allure.Feature;
import io.qameta.allure.Story;
@Feature("Unit Tests - Security") @Feature("Unit Tests - Security")
@Story("Issuer hash based authentication") @Story("Issuer hash based authentication")
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
@@ -74,7 +73,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
// use single known hash // use single known hash
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class)) TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
.thenReturn(CONFIG_VALUE_SINGLE_HASH); .thenReturn(CONFIG_VALUE_SINGLE_HASH);
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull(); assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
} }
@@ -84,7 +83,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
// use multiple known hashes // use multiple known hashes
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class)) TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
.thenReturn(CONFIG_VALUE_MULTI_HASH); .thenReturn(CONFIG_VALUE_MULTI_HASH);
assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(SINGLE_HASH))).isNotNull(); assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(SINGLE_HASH))).isNotNull();
assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(SECOND_HASH))).isNotNull(); assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(SECOND_HASH))).isNotNull();
assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(THIRD_HASH))).isNotNull(); assertThat(underTest.getPreAuthenticatedPrincipal(prepareSecurityToken(THIRD_HASH))).isNotNull();
@@ -97,7 +96,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
// use single known hash // use single known hash
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class)) TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
.thenReturn(CONFIG_VALUE_MULTI_HASH); .thenReturn(CONFIG_VALUE_MULTI_HASH);
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull(); assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
} }
@@ -112,7 +111,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class)) TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class))
.thenReturn(CONFIG_VALUE_MULTI_HASH); .thenReturn(CONFIG_VALUE_MULTI_HASH);
final Collection<HeaderAuthentication> credentials1 = (Collection<HeaderAuthentication>) underTest final Collection<HeaderAuthentication> credentials1 = (Collection<HeaderAuthentication>) underTest
.getPreAuthenticatedCredentials(securityToken1); .getPreAuthenticatedCredentials(securityToken1);