Review fixes of code quality.

Signed-off-by: Marcel Mager (INST-IOT/ESB) <Marcel.Mager@bosch-si.com>
This commit is contained in:
Marcel Mager (INST-IOT/ESB)
2016-09-22 16:02:27 +02:00
parent a0c5915ce6
commit 54c4c8c481
3 changed files with 34 additions and 27 deletions

View File

@@ -20,6 +20,8 @@ import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import com.google.common.collect.Sets;
/** /**
* An pre-authenticated processing filter which extracts the principal from a * An pre-authenticated processing filter which extracts the principal from a
* request URI and the credential from a request header in a the * request URI and the credential from a request header in a the
@@ -113,7 +115,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue); List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue);
Set<HeaderAuthentication> multiHashes = new HashSet<>(); Set<HeaderAuthentication> multiHashes = Sets.newHashSetWithExpectedSize(knownHashes.size());
final String cntlId = controllerId; final String cntlId = controllerId;
knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem))); knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem)));
return multiHashes; return multiHashes;

View File

@@ -110,34 +110,35 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
throw new BadCredentialsException("The provided principal and credentials are not match"); throw new BadCredentialsException("The provided principal and credentials are not match");
} }
/** /**
* *
* The credentials may either be of type HeaderAuthentication or of type * The credentials may either be of type HeaderAuthentication or of type
* Collection<HeaderAuthentication> depending on the authentication mode in * Collection<HeaderAuthentication> depending on the authentication mode in
* use (the latter is used in case of trusted reverse-proxy). It is checked * use (the latter is used in case of trusted reverse-proxy). It is checked
* whether principal equals credentials (respectively if credentials * whether principal equals credentials (respectively if credentials
* contains principal in case of collection) because we want to check if * contains principal in case of collection) because we want to check if
* e.g. controllerId containing in the URL equals the controllerId in the * e.g. controllerId containing in the URL equals the controllerId in the
* special header set by the reverse-proxy which extracted the CN from the * special header set by the reverse-proxy which extracted the CN from the
* certificate. * certificate.
* *
* @param principal * @param principal
* @param credentials * @param credentials
* @param tokenDetails * @param tokenDetails
* @return * @return <code>true</code> if authentication succeeded, otherwise
*/ * <code>false</code>
*/
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) { private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
boolean successAuthentication = false; boolean successAuthentication = false;
if (principal.equals(credentials)) { if (Collection.class.isAssignableFrom(credentials.getClass())) {
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
} else if (Collection.class.isAssignableFrom(credentials.getClass())) {
final Collection<?> multiValueCredentials = (Collection<?>) credentials; final Collection<?> multiValueCredentials = (Collection<?>) credentials;
if (multiValueCredentials.contains(principal)) { if (multiValueCredentials.contains(principal)) {
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails); successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
} }
} else if (principal.equals(credentials)) {
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
} }
return successAuthentication; return successAuthentication;
} }

View File

@@ -8,7 +8,10 @@
*/ */
package org.eclipse.hawkbit.security; package org.eclipse.hawkbit.security;
import static org.junit.Assert.*;
//import static org.junit.Assert.*;
import static org.fest.assertions.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
import static org.mockito.Matchers.eq; import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
@@ -75,7 +78,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_SINGLE_HASH); .thenReturn(CONFIG_VALUE_SINGLE_HASH);
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken)); assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
} }
@Test @Test
@@ -88,7 +91,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_MULTI_HASH); .thenReturn(CONFIG_VALUE_MULTI_HASH);
assertNotNull(underTest.getPreAuthenticatedPrincipal(securityToken)); assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNotNull();
} }
@Test @Test
@@ -101,7 +104,8 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_MULTI_HASH); .thenReturn(CONFIG_VALUE_MULTI_HASH);
assertNull(underTest.getPreAuthenticatedPrincipal(securityToken)); assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
;
} }
@Test @Test
@@ -119,7 +123,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1"); HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1");
Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest
.getPreAuthenticatedCredentials(securityToken); .getPreAuthenticatedCredentials(securityToken);
assertTrue(credentials.contains(expected)); assertThat(credentials.contains(expected)).isTrue();
Object principal = underTest.getPreAuthenticatedPrincipal(securityToken); Object principal = underTest.getPreAuthenticatedPrincipal(securityToken);
assertEquals(expected, principal); assertEquals(expected, principal);
@@ -128,7 +132,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2"); securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2");
expected = new HeaderAuthentication("box1", "hash2"); expected = new HeaderAuthentication("box1", "hash2");
credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken); credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken);
assertTrue(credentials.contains(expected)); assertThat(credentials.contains(expected)).isTrue();
principal = underTest.getPreAuthenticatedPrincipal(securityToken); principal = underTest.getPreAuthenticatedPrincipal(securityToken);
assertEquals(expected, principal); assertEquals(expected, principal);