This is an automated email from the ASF dual-hosted git repository.
xiatian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/eventmesh.git
The following commit(s) were added to refs/heads/master by this push:
new 498c35042 [ISSUE #3515] Do some code optimization[AuthTokenUtils]
(#3644)
498c35042 is described below
commit 498c35042d274a0e45eebada3af4e6dcba57f155
Author: Daniel Purnomo <[email protected]>
AuthorDate: Sat Jun 1 20:27:34 2024 +0200
[ISSUE #3515] Do some code optimization[AuthTokenUtils] (#3644)
* Code optimization
* Remove unused imports
* Added one forgotten import 'Objects'
* Added Constants import
* removed unnecessary space
* fixed code optimization
* corrected some small changes
* redundant lines
* redundant lines
* optimized returned reply in subscribe method
* reverted correct change
* reverted back
---
.../auth/token/impl/auth/AuthTokenUtils.java | 114 ++++++++-------------
1 file changed, 45 insertions(+), 69 deletions(-)
diff --git
a/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
b/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
index 41ceca549..16005649f 100644
---
a/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
+++
b/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
@@ -33,6 +33,7 @@ import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
+import java.util.Objects;
import java.util.Set;
import io.jsonwebtoken.Claims;
@@ -51,41 +52,8 @@ public class AuthTokenUtils {
throw new AclException("group:" +
aclProperties.getExtendedField("group ") + " has no auth to access the topic:"
+ aclProperties.getTopic());
}
- String publicKeyUrl = null;
- token = token.replace("Bearer ", "");
- for (String key : ConfigurationContextUtil.KEYS) {
- CommonConfiguration commonConfiguration =
ConfigurationContextUtil.get(key);
- if (commonConfiguration == null) {
- continue;
- }
- if
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
- throw new AclException("publicKeyUrl cannot be null");
- }
- publicKeyUrl =
commonConfiguration.getEventMeshSecurityPublickey();
- }
- byte[] validationKeyBytes = new byte[0];
- try {
- validationKeyBytes =
Files.readAllBytes(Paths.get(publicKeyUrl));
- X509EncodedKeySpec spec = new
X509EncodedKeySpec(validationKeyBytes);
- KeyFactory kf = KeyFactory.getInstance("RSA");
- Key validationKey = kf.generatePublic(spec);
- JwtParser signedParser =
Jwts.parserBuilder().setSigningKey(validationKey).build();
- Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
- String sub = signJwt.getBody().get("sub", String.class);
- if
(!sub.contains(aclProperties.getExtendedField("group").toString()) &&
!sub.contains("pulsar-admin")) {
- throw new AclException("group:" +
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
- + aclProperties.getTopic());
- }
- } catch (IOException e) {
- throw new AclException("public key read error!", e);
- } catch (NoSuchAlgorithmException e) {
- throw new AclException("no such RSA algorithm!", e);
- } catch (InvalidKeySpecException e) {
- throw new AclException("invalid public key spec!", e);
- } catch (JwtException e) {
- throw new AclException("invalid token!", e);
- }
-
+ String publicKeyUrl = getPublicKeyUrl();
+ validateToken(token, publicKeyUrl, aclProperties);
} else {
throw new AclException("invalid token!");
}
@@ -94,40 +62,7 @@ public class AuthTokenUtils {
public static void helloTaskAuthTokenByPublicKey(AclProperties
aclProperties) {
String token = aclProperties.getToken();
if (StringUtils.isNotBlank(token)) {
- String publicKeyUrl = null;
- token = token.replace("Bearer ", "");
- for (String key : ConfigurationContextUtil.KEYS) {
- CommonConfiguration commonConfiguration =
ConfigurationContextUtil.get(key);
- if (commonConfiguration == null) {
- continue;
- }
- if
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
- throw new AclException("publicKeyUrl cannot be null");
- }
- publicKeyUrl =
commonConfiguration.getEventMeshSecurityPublickey();
- }
- byte[] validationKeyBytes = new byte[0];
- try {
- validationKeyBytes =
Files.readAllBytes(Paths.get(publicKeyUrl));
- X509EncodedKeySpec spec = new
X509EncodedKeySpec(validationKeyBytes);
- KeyFactory kf = KeyFactory.getInstance("RSA");
- Key validationKey = kf.generatePublic(spec);
- JwtParser signedParser =
Jwts.parserBuilder().setSigningKey(validationKey).build();
- Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
- String sub = signJwt.getBody().get("sub", String.class);
- if
(!sub.contains(aclProperties.getExtendedField("group").toString()) &&
!sub.contains("pulsar-admin")) {
- throw new AclException("group:" +
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
- + aclProperties.getTopic());
- }
- } catch (IOException e) {
- throw new AclException("public key read error!", e);
- } catch (NoSuchAlgorithmException e) {
- throw new AclException("no such RSA algorithm!", e);
- } catch (InvalidKeySpecException e) {
- throw new AclException("invalid public key spec!", e);
- } catch (JwtException e) {
- throw new AclException("invalid token!", e);
- }
+ validateToken(token, getPublicKeyUrl(), aclProperties);
} else {
throw new AclException("invalid token!");
}
@@ -148,4 +83,45 @@ public class AuthTokenUtils {
return groupTopics.contains(topic);
}
+ private static String getPublicKeyUrl() {
+ String publicKeyUrl = null;
+ for (String key : ConfigurationContextUtil.KEYS) {
+ CommonConfiguration commonConfiguration =
ConfigurationContextUtil.get(key);
+ if (null == commonConfiguration) {
+ continue;
+ }
+ if
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
+ throw new AclException("publicKeyUrl cannot be null");
+ }
+ publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
+ }
+ return publicKeyUrl;
+ }
+
+ private static void validateToken(String token, String publicKeyUrl,
AclProperties aclProperties) {
+ String sub;
+ token = token.replace("Bearer ", "");
+ byte[] validationKeyBytes;
+ try {
+ validationKeyBytes =
Files.readAllBytes(Paths.get(Objects.requireNonNull(publicKeyUrl)));
+ X509EncodedKeySpec spec = new
X509EncodedKeySpec(validationKeyBytes);
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ Key validationKey = kf.generatePublic(spec);
+ JwtParser signedParser =
Jwts.parserBuilder().setSigningKey(validationKey).build();
+ Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
+ sub = signJwt.getBody().get("sub", String.class);
+ if
(!sub.contains(aclProperties.getExtendedField("group").toString()) &&
!sub.contains("pulsar-admin")) {
+ throw new AclException("group:" +
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+ + aclProperties.getTopic());
+ }
+ } catch (IOException e) {
+ throw new AclException("public key read error!", e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new AclException("no such RSA algorithm!", e);
+ } catch (InvalidKeySpecException e) {
+ throw new AclException("invalid public key spec!", e);
+ } catch (JwtException e) {
+ throw new AclException("invalid token!", e);
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]