Review fixes of code quality.

Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
This commit is contained in:
Marcel Mager (INST-IOT/ESB)
2016-09-22 16:02:27 +02:00
parent a0c5915ce6
commit 54c4c8c481
3 changed files with 34 additions and 27 deletions

View File

@@ -20,6 +20,8 @@ import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.collect.Sets;
/**
* An pre-authenticated processing filter which extracts the principal from a
* request URI and the credential from a request header in a the
@@ -113,7 +115,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue);
Set<HeaderAuthentication> multiHashes = new HashSet<>();
Set<HeaderAuthentication> multiHashes = Sets.newHashSetWithExpectedSize(knownHashes.size());
final String cntlId = controllerId;
knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem)));
return multiHashes;

View File

@@ -110,34 +110,35 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
throw new BadCredentialsException("The provided principal and credentials are not match");
}
/**
*
* The credentials may either be of type HeaderAuthentication or of type
* Collection<HeaderAuthentication> depending on the authentication mode in
* use (the latter is used in case of trusted reverse-proxy). It is checked
* whether principal equals credentials (respectively if credentials
* contains principal in case of collection) because we want to check if
* e.g. controllerId containing in the URL equals the controllerId in the
* special header set by the reverse-proxy which extracted the CN from the
* certificate.
*
* @param principal
* @param credentials
* @param tokenDetails
* @return
*/
*
* The credentials may either be of type HeaderAuthentication or of type
* Collection<HeaderAuthentication> depending on the authentication mode in
* use (the latter is used in case of trusted reverse-proxy). It is checked
* whether principal equals credentials (respectively if credentials
* contains principal in case of collection) because we want to check if
* e.g. controllerId containing in the URL equals the controllerId in the
* special header set by the reverse-proxy which extracted the CN from the
* certificate.
*
* @param principal
* @param credentials
* @param tokenDetails
* @return <code>true</code> if authentication succeeded, otherwise
* <code>false</code>
*/
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
boolean successAuthentication = false;
if (principal.equals(credentials)) {
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
} else if (Collection.class.isAssignableFrom(credentials.getClass())) {
if (Collection.class.isAssignableFrom(credentials.getClass())) {
final Collection<?> multiValueCredentials = (Collection<?>) credentials;
if (multiValueCredentials.contains(principal)) {
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
}
} else if (principal.equals(credentials)) {
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
}
return successAuthentication;
}

View File

@@ -8,7 +8,10 @@
*/
package org.eclipse.hawkbit.security;
import static org.junit.Assert.*;
//import static org.junit.Assert.*;
import static org.fest.assertions.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.when;
@@ -75,7 +78,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_SINGLE_HASH);
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken));
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
}
@Test
@@ -88,7 +91,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_MULTI_HASH);
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken));
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
}
@Test
@@ -101,7 +104,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_MULTI_HASH);
assertNull(underTest.getPreAuthenticatedPrincipal(securityToken));
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
;
}
@Test
@@ -119,7 +123,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1");
Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest
.getPreAuthenticatedCredentials(securityToken);
assertTrue(credentials.contains(expected));
assertThat(credentials.contains(expected)).isTrue();
Object principal = underTest.getPreAuthenticatedPrincipal(securityToken);
assertEquals(expected, principal);
@@ -128,7 +132,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2");
expected = new HeaderAuthentication("box1", "hash2");
credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken);
assertTrue(credentials.contains(expected));
assertThat(credentials.contains(expected)).isTrue();
principal = underTest.getPreAuthenticatedPrincipal(securityToken);
assertEquals(expected, principal);