This is an automated email from the ASF dual-hosted git repository.

xiatian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/eventmesh.git


The following commit(s) were added to refs/heads/master by this push:
     new 498c35042 [ISSUE #3515] Do some code optimization[AuthTokenUtils] 
(#3644)
498c35042 is described below

commit 498c35042d274a0e45eebada3af4e6dcba57f155
Author: Daniel Purnomo <[email protected]>
AuthorDate: Sat Jun 1 20:27:34 2024 +0200

    [ISSUE #3515] Do some code optimization[AuthTokenUtils] (#3644)
    
    * Code optimization
    
    * Remove unused imports
    
    * Added one forgotten import 'Objects'
    
    * Added Constants import
    
    * removed unnecessary space
    
    * fixed code optimization
    
    * corrected some small changes
    
    * redundant lines
    
    * redundant lines
    
    * optimized returned reply in subscribe method
    
    * reverted correct change
    
    * reverted back
---
 .../auth/token/impl/auth/AuthTokenUtils.java       | 114 ++++++++-------------
 1 file changed, 45 insertions(+), 69 deletions(-)

diff --git 
a/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
 
b/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
index 41ceca549..16005649f 100644
--- 
a/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
+++ 
b/eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java
@@ -33,6 +33,7 @@ import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
+import java.util.Objects;
 import java.util.Set;
 
 import io.jsonwebtoken.Claims;
@@ -51,41 +52,8 @@ public class AuthTokenUtils {
                 throw new AclException("group:" + 
aclProperties.getExtendedField("group ") + " has no auth to access the topic:"
                     + aclProperties.getTopic());
             }
-            String publicKeyUrl = null;
-            token = token.replace("Bearer ", "");
-            for (String key : ConfigurationContextUtil.KEYS) {
-                CommonConfiguration commonConfiguration = 
ConfigurationContextUtil.get(key);
-                if (commonConfiguration == null) {
-                    continue;
-                }
-                if 
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
-                    throw new AclException("publicKeyUrl cannot be null");
-                }
-                publicKeyUrl = 
commonConfiguration.getEventMeshSecurityPublickey();
-            }
-            byte[] validationKeyBytes = new byte[0];
-            try {
-                validationKeyBytes = 
Files.readAllBytes(Paths.get(publicKeyUrl));
-                X509EncodedKeySpec spec = new 
X509EncodedKeySpec(validationKeyBytes);
-                KeyFactory kf = KeyFactory.getInstance("RSA");
-                Key validationKey = kf.generatePublic(spec);
-                JwtParser signedParser = 
Jwts.parserBuilder().setSigningKey(validationKey).build();
-                Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
-                String sub = signJwt.getBody().get("sub", String.class);
-                if 
(!sub.contains(aclProperties.getExtendedField("group").toString()) && 
!sub.contains("pulsar-admin")) {
-                    throw new AclException("group:" + 
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
-                        + aclProperties.getTopic());
-                }
-            } catch (IOException e) {
-                throw new AclException("public key read error!", e);
-            } catch (NoSuchAlgorithmException e) {
-                throw new AclException("no such RSA algorithm!", e);
-            } catch (InvalidKeySpecException e) {
-                throw new AclException("invalid public key spec!", e);
-            } catch (JwtException e) {
-                throw new AclException("invalid token!", e);
-            }
-
+            String publicKeyUrl = getPublicKeyUrl();
+            validateToken(token, publicKeyUrl, aclProperties);
         } else {
             throw new AclException("invalid token!");
         }
@@ -94,40 +62,7 @@ public class AuthTokenUtils {
     public static void helloTaskAuthTokenByPublicKey(AclProperties 
aclProperties) {
         String token = aclProperties.getToken();
         if (StringUtils.isNotBlank(token)) {
-            String publicKeyUrl = null;
-            token = token.replace("Bearer ", "");
-            for (String key : ConfigurationContextUtil.KEYS) {
-                CommonConfiguration commonConfiguration = 
ConfigurationContextUtil.get(key);
-                if (commonConfiguration == null) {
-                    continue;
-                }
-                if 
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
-                    throw new AclException("publicKeyUrl cannot be null");
-                }
-                publicKeyUrl = 
commonConfiguration.getEventMeshSecurityPublickey();
-            }
-            byte[] validationKeyBytes = new byte[0];
-            try {
-                validationKeyBytes = 
Files.readAllBytes(Paths.get(publicKeyUrl));
-                X509EncodedKeySpec spec = new 
X509EncodedKeySpec(validationKeyBytes);
-                KeyFactory kf = KeyFactory.getInstance("RSA");
-                Key validationKey = kf.generatePublic(spec);
-                JwtParser signedParser = 
Jwts.parserBuilder().setSigningKey(validationKey).build();
-                Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
-                String sub = signJwt.getBody().get("sub", String.class);
-                if 
(!sub.contains(aclProperties.getExtendedField("group").toString()) && 
!sub.contains("pulsar-admin")) {
-                    throw new AclException("group:" + 
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
-                        + aclProperties.getTopic());
-                }
-            } catch (IOException e) {
-                throw new AclException("public key read error!", e);
-            } catch (NoSuchAlgorithmException e) {
-                throw new AclException("no such RSA algorithm!", e);
-            } catch (InvalidKeySpecException e) {
-                throw new AclException("invalid public key spec!", e);
-            } catch (JwtException e) {
-                throw new AclException("invalid token!", e);
-            }
+            validateToken(token, getPublicKeyUrl(), aclProperties);
         } else {
             throw new AclException("invalid token!");
         }
@@ -148,4 +83,45 @@ public class AuthTokenUtils {
         return groupTopics.contains(topic);
     }
 
+    private static String getPublicKeyUrl() {
+        String publicKeyUrl = null;
+        for (String key : ConfigurationContextUtil.KEYS) {
+            CommonConfiguration commonConfiguration = 
ConfigurationContextUtil.get(key);
+            if (null == commonConfiguration) {
+                continue;
+            }
+            if 
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
+                throw new AclException("publicKeyUrl cannot be null");
+            }
+            publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
+        }
+        return publicKeyUrl;
+    }
+
+    private static void validateToken(String token, String publicKeyUrl, 
AclProperties aclProperties) {
+        String sub;
+        token = token.replace("Bearer ", "");
+        byte[] validationKeyBytes;
+        try {
+            validationKeyBytes = 
Files.readAllBytes(Paths.get(Objects.requireNonNull(publicKeyUrl)));
+            X509EncodedKeySpec spec = new 
X509EncodedKeySpec(validationKeyBytes);
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+            Key validationKey = kf.generatePublic(spec);
+            JwtParser signedParser = 
Jwts.parserBuilder().setSigningKey(validationKey).build();
+            Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
+            sub = signJwt.getBody().get("sub", String.class);
+            if 
(!sub.contains(aclProperties.getExtendedField("group").toString()) && 
!sub.contains("pulsar-admin")) {
+                throw new AclException("group:" + 
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+                    + aclProperties.getTopic());
+            }
+        } catch (IOException e) {
+            throw new AclException("public key read error!", e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new AclException("no such RSA algorithm!", e);
+        } catch (InvalidKeySpecException e) {
+            throw new AclException("invalid public key spec!", e);
+        } catch (JwtException e) {
+            throw new AclException("invalid token!", e);
+        }
+    }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to