Code improvements
Signed-off-by: Dominik Herbst <dominik.herbst@bosch-si.com>
This commit is contained in:
@@ -10,7 +10,7 @@ package org.eclipse.hawkbit.security;
|
|||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
import org.eclipse.hawkbit.dmf.json.model.TenantSecurityToken;
|
||||||
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
|
||||||
@@ -19,15 +19,11 @@ import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationKey;
|
|||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import com.google.common.collect.Sets;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An pre-authenticated processing filter which extracts the principal from a
|
* An pre-authenticated processing filter which extracts the principal from a
|
||||||
* request URI and the credential from a request header in a the
|
* request URI and the credential from a request header in a the
|
||||||
* {@link TenantSecurityToken}.
|
* {@link TenantSecurityToken}.
|
||||||
*
|
*
|
||||||
*
|
|
||||||
*
|
|
||||||
*/
|
*/
|
||||||
public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter {
|
public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter {
|
||||||
|
|
||||||
@@ -112,12 +108,10 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
|||||||
controllerId = secruityToken.getHeader(caCommonNameHeader);
|
controllerId = secruityToken.getHeader(caCommonNameHeader);
|
||||||
}
|
}
|
||||||
|
|
||||||
List<String> knownHashes = splitMultiHash(authorityNameConfigurationValue);
|
List<String> knownHashes = splitMultiHashBySemicolon(authorityNameConfigurationValue);
|
||||||
|
|
||||||
Set<HeaderAuthentication> multiHashes = Sets.newHashSetWithExpectedSize(knownHashes.size());
|
|
||||||
final String cntlId = controllerId;
|
final String cntlId = controllerId;
|
||||||
knownHashes.forEach(hashItem -> multiHashes.add(new HeaderAuthentication(cntlId, hashItem)));
|
return knownHashes.stream().map(hashItem -> new HeaderAuthentication(cntlId, hashItem)).collect(Collectors.toSet());
|
||||||
return multiHashes;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -128,8 +122,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
|||||||
*/
|
*/
|
||||||
private String getIssuerHashHeader(final TenantSecurityToken secruityToken, final String knownIssuerHashes) {
|
private String getIssuerHashHeader(final TenantSecurityToken secruityToken, final String knownIssuerHashes) {
|
||||||
// there may be several knownIssuerHashes configured for the tenant
|
// there may be several knownIssuerHashes configured for the tenant
|
||||||
// separated by a semicolon
|
List<String> knownHashes = splitMultiHashBySemicolon(knownIssuerHashes);
|
||||||
List<String> knownHashes = splitMultiHash(knownIssuerHashes);
|
|
||||||
|
|
||||||
// iterate over the headers until we get a null header.
|
// iterate over the headers until we get a null header.
|
||||||
int iHeader = 1;
|
int iHeader = 1;
|
||||||
@@ -162,7 +155,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static List<String> splitMultiHash(String knownIssuerHashes) {
|
private static List<String> splitMultiHashBySemicolon(String knownIssuerHashes) {
|
||||||
return Arrays.asList(knownIssuerHashes.split(";"));
|
return Arrays.asList(knownIssuerHashes.split(";"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -123,14 +123,18 @@ public class PreAuthTokenSourceTrustAuthenticationProvider implements Authentica
|
|||||||
* certificate.
|
* certificate.
|
||||||
*
|
*
|
||||||
* @param principal
|
* @param principal
|
||||||
|
* the {@link HeaderAuthentication} from the header
|
||||||
* @param credentials
|
* @param credentials
|
||||||
|
* a single {@link HeaderAuthentication} or a Collection of
|
||||||
|
* HeaderAuthentication
|
||||||
* @param tokenDetails
|
* @param tokenDetails
|
||||||
|
* authentication details
|
||||||
* @return <code>true</code> if authentication succeeded, otherwise
|
* @return <code>true</code> if authentication succeeded, otherwise
|
||||||
* <code>false</code>
|
* <code>false</code>
|
||||||
*/
|
*/
|
||||||
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
|
private boolean calculateAuthenticationSuccess(Object principal, Object credentials, Object tokenDetails) {
|
||||||
boolean successAuthentication = false;
|
boolean successAuthentication = false;
|
||||||
if (Collection.class.isAssignableFrom(credentials.getClass())) {
|
if (credentials instanceof Collection) {
|
||||||
final Collection<?> multiValueCredentials = (Collection<?>) credentials;
|
final Collection<?> multiValueCredentials = (Collection<?>) credentials;
|
||||||
if (multiValueCredentials.contains(principal)) {
|
if (multiValueCredentials.contains(principal)) {
|
||||||
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
successAuthentication = checkSourceIPAddressIfNeccessary(tokenDetails);
|
||||||
|
|||||||
@@ -8,8 +8,6 @@
|
|||||||
*/
|
*/
|
||||||
package org.eclipse.hawkbit.security;
|
package org.eclipse.hawkbit.security;
|
||||||
|
|
||||||
|
|
||||||
//import static org.junit.Assert.*;
|
|
||||||
import static org.fest.assertions.api.Assertions.assertThat;
|
import static org.fest.assertions.api.Assertions.assertThat;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.mockito.Matchers.eq;
|
import static org.mockito.Matchers.eq;
|
||||||
@@ -105,7 +103,6 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
|
|||||||
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
|
||||||
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
.thenReturn(CONFIG_VALUE_MULTI_HASH);
|
||||||
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
|
assertThat(underTest.getPreAuthenticatedPrincipal(securityToken)).isNull();
|
||||||
;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
Reference in New Issue
Block a user