Merge remote-tracking branch 'eclipse/master' into harmonize-test-documentation

This commit is contained in:
Kai Zimmermann
2016-03-04 18:14:26 +01:00
61 changed files with 1216 additions and 652 deletions

View File

@@ -0,0 +1,219 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.security;
import java.util.List;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* The common properties for DDI security.
*/
@ConfigurationProperties("hawkbit.server.ddi.security")
public class DdiSecurityProperties {
private final Rp rp = new Rp();
private final Authentication authentication = new Authentication();
public Authentication getAuthentication() {
return authentication;
}
public Rp getRp() {
return rp;
}
/**
* Reverse proxy configuration. Defines the security properties for
* authenticating controllers behind a reverse proxy which terminates the
* SSL session at the reverse proxy but adding request header which contains
* the CN of the certificate.
*/
public static class Rp {
/**
* HTTP header field for common name of a DDI target client certificate.
*/
private String cnHeader = "X-Ssl-Client-Cn";
/**
* HTTP header field for issuer hash of a DDI target client certificate.
*/
private String sslIssuerHashHeader = "X-Ssl-Issuer-Hash-%d";
/**
* List of trusted (reverse proxy) IP addresses for performing DDI
* client certificate authentication.
*/
private List<String> trustedIPs;
/**
* @return the cnHeader
*/
public String getCnHeader() {
return cnHeader;
}
/**
* @param cnHeader
* the cnHeader to set
*/
public void setCnHeader(final String cnHeader) {
this.cnHeader = cnHeader;
}
/**
* @return the sslIssuerHashHeader
*/
public String getSslIssuerHashHeader() {
return sslIssuerHashHeader;
}
/**
* @param sslIssuerHashHeader
* the sslIssuerHashHeader to set
*/
public void setSslIssuerHashHeader(final String sslIssuerHashHeader) {
this.sslIssuerHashHeader = sslIssuerHashHeader;
}
/**
* @return the trustedIPs
*/
public List<String> getTrustedIPs() {
return trustedIPs;
}
/**
* @param trustedIPs
* the trustedIPs to set
*/
public void setTrustedIPs(final List<String> trustedIPs) {
this.trustedIPs = trustedIPs;
}
}
/**
* DDI Authentication options.
*/
public static class Authentication {
private final Anonymous anonymous = new Anonymous();
private final Targettoken targettoken = new Targettoken();
private final Gatewaytoken gatewaytoken = new Gatewaytoken();
public Anonymous getAnonymous() {
return anonymous;
}
public Gatewaytoken getGatewaytoken() {
return gatewaytoken;
}
public Targettoken getTargettoken() {
return targettoken;
}
/**
* Target token authentication. Tokens are defined per target.
*
*/
public static class Targettoken {
/**
* Set to true to enable target token authentication.
*/
private boolean enabled = false;
public boolean isEnabled() {
return enabled;
}
public void setEnabled(final boolean enabled) {
this.enabled = enabled;
}
}
/**
* Gateway token authentication. Tokens are defined per tenant. Use with
* care!
*
*/
public static class Gatewaytoken {
/**
* Gateway token based authentication enabled.
*/
private boolean enabled = false;
/**
* Default gateway token name.
*/
private String name = "";
/**
* Default gateway token itself.
*/
private String key = "";
public boolean isEnabled() {
return enabled;
}
public void setEnabled(final boolean enabled) {
this.enabled = enabled;
}
public String getName() {
return name;
}
public void setName(final String name) {
this.name = name;
}
public String getKey() {
return key;
}
public void setKey(final String key) {
this.key = key;
}
}
/**
* Anonymous authentication.
*/
public static class Anonymous {
/**
* Set to true to enable anonymous DDI client authentication.
*/
private boolean enabled = false;
/**
* @param enabled
* the enabled to set
*/
public void setEnabled(final boolean enabled) {
this.enabled = enabled;
}
/**
* @return the enabled
*/
public boolean isEnabled() {
return enabled;
}
}
}
}

View File

@@ -0,0 +1,191 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.security;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* Security related hawkbit configuration.
*
*/
@Component
@ConfigurationProperties("hawkbit.server.security")
public class HawkbitSecurityProperties {
private final Clients clients = new Clients();
private final Dos dos = new Dos();
private final Xframe xframe = new Xframe();
public Dos getDos() {
return dos;
}
public Clients getClients() {
return clients;
}
public Xframe getXframe() {
return xframe;
}
/**
* Defines the XFrameOption policy.
*
*/
public static class Xframe {
/**
* XFrame option. Allowed values: SAMEORIGIN, DENY, ALLOW-FROM
*/
private String option = "DENY";
/**
* ALLOW-FROM defined URL, has to be filled in case ALLOW-FROM option is
* selected.
*/
private String allowfrom = "";
public String getOption() {
return option;
}
public void setOption(final String option) {
this.option = option;
}
public String getAllowfrom() {
return allowfrom;
}
public void setAllowfrom(final String allowfrom) {
this.allowfrom = allowfrom;
}
}
/**
* Security configuration related to clients.
*
*/
public static class Clients {
/**
* Blacklisted client (IP addresses) for for DDI and Management API.
*/
private String blacklist = "";
/**
* Name of the http header from which the remote ip is extracted.
*/
private String remoteIpHeader = "X-Forwarded-For";
public String getBlacklist() {
return blacklist;
}
public void setBlacklist(final String blacklist) {
this.blacklist = blacklist;
}
public String getRemoteIpHeader() {
return remoteIpHeader;
}
public void setRemoteIpHeader(final String remoteIpHeader) {
this.remoteIpHeader = remoteIpHeader;
}
}
/**
* Denial of service protection related properties.
*
*/
public static class Dos {
/**
* Maximum number of status updates that the controller can report for
* an action (0 to disable).
*/
private int maxStatusEntriesPerAction = 1000;
/**
* Maximum number of attributes that the controller can report;
*/
private int maxAttributeEntriesPerTarget = 100;
private final Filter filter = new Filter();
public Filter getFilter() {
return filter;
}
public int getMaxStatusEntriesPerAction() {
return maxStatusEntriesPerAction;
}
public void setMaxStatusEntriesPerAction(final int maxStatusEntriesPerAction) {
this.maxStatusEntriesPerAction = maxStatusEntriesPerAction;
}
public int getMaxAttributeEntriesPerTarget() {
return maxAttributeEntriesPerTarget;
}
public void setMaxAttributeEntriesPerTarget(final int maxAttributeEntriesPerTarget) {
this.maxAttributeEntriesPerTarget = maxAttributeEntriesPerTarget;
}
public static class Filter {
/**
* White list of peer IP addresses for DOS filter (regular
* expression).
*/
private String whitelist = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
/**
* # Maximum number of allowed REST read/GET requests per second per
* client.
*/
int maxRead = 200;
/**
* Maximum number of allowed REST write/(PUT/POST/etc.) requests per
* second per client.
*/
int maxWrite = 50;
public String getWhitelist() {
return whitelist;
}
public void setWhitelist(final String whitelist) {
this.whitelist = whitelist;
}
public int getMaxRead() {
return maxRead;
}
public void setMaxRead(final int maxRead) {
this.maxRead = maxRead;
}
public int getMaxWrite() {
return maxWrite;
}
public void setMaxWrite(final int maxWrite) {
this.maxWrite = maxWrite;
}
}
}
}

View File

@@ -1,130 +0,0 @@
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.hawkbit.security;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* The common properties for security.
*
*
*
*/
@ConfigurationProperties
public class SecurityProperties {
/**
* Inner class for reverse proxy configuration.
*/
@Component
@ConfigurationProperties("hawkbit.server.controller.security.rp")
public static class RpProperties {
private String cnHeader = "X-Ssl-Client-Cn";
private String sslIssuerHashHeader = "X-Ssl-Issuer-Hash-%d";
private List<String> trustedIPs;
/**
* @return the cnHeader
*/
public String getCnHeader() {
return cnHeader;
}
/**
* @param cnHeader
* the cnHeader to set
*/
public void setCnHeader(final String cnHeader) {
this.cnHeader = cnHeader;
}
/**
* @return the sslIssuerHashHeader
*/
public String getSslIssuerHashHeader() {
return sslIssuerHashHeader;
}
/**
* @param sslIssuerHashHeader
* the sslIssuerHashHeader to set
*/
public void setSslIssuerHashHeader(final String sslIssuerHashHeader) {
this.sslIssuerHashHeader = sslIssuerHashHeader;
}
/**
* @return the trustedIPs
*/
public List<String> getTrustedIPs() {
return trustedIPs;
}
/**
* @param trustedIPs
* the trustedIPs to set
*/
public void setTrustedIPs(final List<String> trustedIPs) {
this.trustedIPs = trustedIPs;
}
}
/**
* Inner class for anonymous enable configuration.
*/
@Component
@ConfigurationProperties("hawkbit.server.controller.security.authentication.anonymous")
public static class AnoymousAuthenticationProperties {
private Boolean enabled = Boolean.FALSE;
/**
* @param enabled
* the enabled to set
*/
public void setEnabled(final Boolean enabled) {
this.enabled = enabled;
}
/**
* @return the enabled
*/
public Boolean getEnabled() {
return enabled;
}
}
@Autowired
private RpProperties rppProperties;
@Autowired
private AnoymousAuthenticationProperties authenticationsProperties;
public String getRpCnHeader() {
return rppProperties.getCnHeader();
}
public String getRpSslIssuerHashHeader() {
return rppProperties.getSslIssuerHashHeader();
}
public List<String> getRpTrustedIPs() {
return rppProperties.getTrustedIPs();
}
public Boolean getAnonymousEnabled() {
return authenticationsProperties.getEnabled();
}
}

View File

@@ -11,90 +11,24 @@ package org.eclipse.hawkbit.util;
import javax.servlet.MultipartConfigElement;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
/**
* Bean which contains all informations about the SP software, e.g. like
* version, built time etc. from the environment.
*
*
*
*
*/
@Component
public class SPInfo implements EnvironmentAware {
public class SPInfo {
// package private for testing purposes
static final String UNKNOWN_VERSION = "unknown";
static final String UNKNOWN_CREDENTIAL = "unknown credential";
private Environment environmentData;
@Autowired
private MultipartConfigElement configElement;
/*
* (non-Javadoc)
*
* @see org.springframework.context.EnvironmentAware#setEnvironment(org.
* springframework.core.env. Environment)
*/
@Override
public void setEnvironment(final Environment environment) {
this.environmentData = environment;
}
/**
* @return the version in string format, e.g. 1.0.0 or {@code "UNKNOWN"} in
* case the SP version info cannot be determined.
*/
public String getVersion() {
if (environmentData != null) {
return environmentData.getProperty("info.build.version", UNKNOWN_VERSION);
}
return UNKNOWN_VERSION;
}
public String getSupportEmail() {
if (environmentData != null) {
return environmentData.getProperty("hawkbit.server.email.support");
}
return "";
}
public String getRequestAccountEmail() {
if (environmentData != null) {
return environmentData.getProperty("hawkbit.server.email.request.account");
}
return "";
}
public String getDemoTenant() {
if (environmentData != null) {
return environmentData.getProperty("hawkbit.server.demo.tenant");
}
return UNKNOWN_CREDENTIAL;
}
public String getDemoUser() {
if (environmentData != null) {
return environmentData.getProperty("hawkbit.server.demo.user");
}
return UNKNOWN_CREDENTIAL;
}
public String getDemoPassword() {
if (environmentData != null) {
return environmentData.getProperty("hawkbit.server.demo.password");
}
return UNKNOWN_CREDENTIAL;
}
/**
* @return the max file size to upload artifact files in bytes which has
* been configured.