Review fixes of code quality.
Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
This commit is contained in:
@@ -20,6 +20,8 @@ import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
|||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import com.google.common.collect.Sets;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An pre-authenticated processing filter which extracts the principal from a
|
* An pre-authenticated processing filter which extracts the principal from a
|
||||||
* request URI and the credential from a request header in a the
|
* request URI and the credential from a request header in a the
|
||||||
@@ -113,7 +115,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
|||||||
|
|
||||||
List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue);
|
List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue);
|
||||||
|
|
||||||
Set<HeaderAuthentication> multiHashes = new HashSet<>();
|
Set<HeaderAuthentication> multiHashes = Sets.newHashSetWithExpectedSize(knownHashes.size());
|
||||||
final String cntlId = controllerId;
|
final String cntlId = controllerId;
|
||||||
knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem)));
|
knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem)));
|
||||||
return multiHashes;
|
return multiHashes;
|
||||||
|
|||||||
@@ -110,34 +110,35 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
|
|||||||
|
|
||||||
throw new BadCredentialsException("The provided principal and credentials are not match");
|
throw new BadCredentialsException("The provided principal and credentials are not match");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* The credentials may either be of type HeaderAuthentication or of type
|
* The credentials may either be of type HeaderAuthentication or of type
|
||||||
* Collection<HeaderAuthentication> depending on the authentication mode in
|
* Collection<HeaderAuthentication> depending on the authentication mode in
|
||||||
* use (the latter is used in case of trusted reverse-proxy). It is checked
|
* use (the latter is used in case of trusted reverse-proxy). It is checked
|
||||||
* whether principal equals credentials (respectively if credentials
|
* whether principal equals credentials (respectively if credentials
|
||||||
* contains principal in case of collection) because we want to check if
|
* contains principal in case of collection) because we want to check if
|
||||||
* e.g. controllerId containing in the URL equals the controllerId in the
|
* e.g. controllerId containing in the URL equals the controllerId in the
|
||||||
* special header set by the reverse-proxy which extracted the CN from the
|
* special header set by the reverse-proxy which extracted the CN from the
|
||||||
* certificate.
|
* certificate.
|
||||||
*
|
*
|
||||||
* @param principal
|
* @param principal
|
||||||
* @param credentials
|
* @param credentials
|
||||||
* @param tokenDetails
|
* @param tokenDetails
|
||||||
* @return
|
* @return <code>true</code> if authentication succeeded, otherwise
|
||||||
*/
|
* <code>false</code>
|
||||||
|
*/
|
||||||
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
|
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
|
||||||
boolean successAuthentication = false;
|
boolean successAuthentication = false;
|
||||||
if (principal.equals(credentials)) {
|
if (Collection.class.isAssignableFrom(credentials.getClass())) {
|
||||||
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
|
||||||
} else if (Collection.class.isAssignableFrom(credentials.getClass())) {
|
|
||||||
final Collection<?> multiValueCredentials = (Collection<?>) credentials;
|
final Collection<?> multiValueCredentials = (Collection<?>) credentials;
|
||||||
if (multiValueCredentials.contains(principal)) {
|
if (multiValueCredentials.contains(principal)) {
|
||||||
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
||||||
}
|
}
|
||||||
|
} else if (principal.equals(credentials)) {
|
||||||
|
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
||||||
}
|
}
|
||||||
|
|
||||||
return successAuthentication;
|
return successAuthentication;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -8,7 +8,10 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.security;
|
package org.eclipse.hawkbit.security;
|
||||||
|
|
||||||
import static org.junit.Assert.*;
|
|
||||||
|
//import static org.junit.Assert.*;
|
||||||
|
import static org.fest.assertions.api.Assertions.assertThat;
|
||||||
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.mockito.Matchers.eq;
|
import static org.mockito.Matchers.eq;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
@@ -75,7 +78,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
|||||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||||
.thenReturn(CONFIG_VALUE_SINGLE_HASH);
|
.thenReturn(CONFIG_VALUE_SINGLE_HASH);
|
||||||
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken));
|
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -88,7 +91,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
|||||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||||
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
||||||
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken));
|
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -101,7 +104,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
|||||||
when(tenantConfigurationManagementMock.getConfigurationValue(
|
when(tenantConfigurationManagementMock.getConfigurationValue(
|
||||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||||
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
||||||
assertNull(underTest.getPreAuthenticatedPrincipal(securityToken));
|
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
|
||||||
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -119,7 +123,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
|||||||
HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1");
|
HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1");
|
||||||
Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest
|
Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest
|
||||||
.getPreAuthenticatedCredentials(securityToken);
|
.getPreAuthenticatedCredentials(securityToken);
|
||||||
assertTrue(credentials.contains(expected));
|
assertThat(credentials.contains(expected)).isTrue();
|
||||||
|
|
||||||
Object principal = underTest.getPreAuthenticatedPrincipal(securityToken);
|
Object principal = underTest.getPreAuthenticatedPrincipal(securityToken);
|
||||||
assertEquals(expected, principal);
|
assertEquals(expected, principal);
|
||||||
@@ -128,7 +132,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
|||||||
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2");
|
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2");
|
||||||
expected = new HeaderAuthentication("box1", "hash2");
|
expected = new HeaderAuthentication("box1", "hash2");
|
||||||
credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken);
|
credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken);
|
||||||
assertTrue(credentials.contains(expected));
|
assertThat(credentials.contains(expected)).isTrue();
|
||||||
|
|
||||||
principal = underTest.getPreAuthenticatedPrincipal(securityToken);
|
principal = underTest.getPreAuthenticatedPrincipal(securityToken);
|
||||||
assertEquals(expected, principal);
|
assertEquals(expected, principal);
|
||||||
|
|||||||
Reference in New Issue
Block a user