Review fixes of code quality.
Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
This commit is contained in:
@@ -20,6 +20,8 @@ import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.google.common.collect.Sets;
|
||||
|
||||
/**
|
||||
* An pre-authenticated processing filter which extracts the principal from a
|
||||
* request URI and the credential from a request header in a the
|
||||
@@ -113,7 +115,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
||||
|
||||
List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue);
|
||||
|
||||
Set<HeaderAuthentication> multiHashes = new HashSet<>();
|
||||
Set<HeaderAuthentication> multiHashes = Sets.newHashSetWithExpectedSize(knownHashes.size());
|
||||
final String cntlId = controllerId;
|
||||
knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem)));
|
||||
return multiHashes;
|
||||
|
||||
@@ -110,34 +110,35 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
|
||||
|
||||
throw new BadCredentialsException("The provided principal and credentials are not match");
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* The credentials may either be of type HeaderAuthentication or of type
|
||||
* Collection<HeaderAuthentication> depending on the authentication mode in
|
||||
* use (the latter is used in case of trusted reverse-proxy). It is checked
|
||||
* whether principal equals credentials (respectively if credentials
|
||||
* contains principal in case of collection) because we want to check if
|
||||
* e.g. controllerId containing in the URL equals the controllerId in the
|
||||
* special header set by the reverse-proxy which extracted the CN from the
|
||||
* certificate.
|
||||
*
|
||||
* @param principal
|
||||
* @param credentials
|
||||
* @param tokenDetails
|
||||
* @return
|
||||
*/
|
||||
*
|
||||
* The credentials may either be of type HeaderAuthentication or of type
|
||||
* Collection<HeaderAuthentication> depending on the authentication mode in
|
||||
* use (the latter is used in case of trusted reverse-proxy). It is checked
|
||||
* whether principal equals credentials (respectively if credentials
|
||||
* contains principal in case of collection) because we want to check if
|
||||
* e.g. controllerId containing in the URL equals the controllerId in the
|
||||
* special header set by the reverse-proxy which extracted the CN from the
|
||||
* certificate.
|
||||
*
|
||||
* @param principal
|
||||
* @param credentials
|
||||
* @param tokenDetails
|
||||
* @return <code>true</code> if authentication succeeded, otherwise
|
||||
* <code>false</code>
|
||||
*/
|
||||
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
|
||||
boolean successAuthentication = false;
|
||||
if (principal.equals(credentials)) {
|
||||
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
||||
} else if (Collection.class.isAssignableFrom(credentials.getClass())) {
|
||||
if (Collection.class.isAssignableFrom(credentials.getClass())) {
|
||||
final Collection<?> multiValueCredentials = (Collection<?>) credentials;
|
||||
if (multiValueCredentials.contains(principal)) {
|
||||
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
||||
}
|
||||
} else if (principal.equals(credentials)) {
|
||||
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
||||
}
|
||||
|
||||
|
||||
return successAuthentication;
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,10 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.security;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
//import static org.junit.Assert.*;
|
||||
import static org.fest.assertions.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@@ -75,7 +78,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||
.thenReturn(CONFIG_VALUE_SINGLE_HASH);
|
||||
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken));
|
||||
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -88,7 +91,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
||||
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken));
|
||||
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -101,7 +104,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
||||
assertNull(underTest.getPreAuthenticatedPrincipal(securityToken));
|
||||
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
|
||||
;
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -119,7 +123,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1");
|
||||
Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest
|
||||
.getPreAuthenticatedCredentials(securityToken);
|
||||
assertTrue(credentials.contains(expected));
|
||||
assertThat(credentials.contains(expected)).isTrue();
|
||||
|
||||
Object principal = underTest.getPreAuthenticatedPrincipal(securityToken);
|
||||
assertEquals(expected, principal);
|
||||
@@ -128,7 +132,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
||||
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2");
|
||||
expected = new HeaderAuthentication("box1", "hash2");
|
||||
credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken);
|
||||
assertTrue(credentials.contains(expected));
|
||||
assertThat(credentials.contains(expected)).isTrue();
|
||||
|
||||
principal = underTest.getPreAuthenticatedPrincipal(securityToken);
|
||||
assertEquals(expected, principal);
|
||||
|
||||
Reference in New Issue
Block a user