Pil0tXia commented on code in PR #3644:
URL: https://github.com/apache/eventmesh/pull/3644#discussion_r1453304782
##########
eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java:
##########
@@ -138,14 +75,58 @@ public static boolean authAccess(AclProperties
aclProperties) {
String topic = aclProperties.getTopic();
Object topics = aclProperties.getExtendedField("topics");
-
if (!(topics instanceof Set)) {
return false;
}
Set<String> groupTopics = TypeUtils.castSet(topics, String.class);
return groupTopics.contains(topic);
+
+ }
+
+ public static void validateToken(String token, String publicKeyUrl,
AclProperties aclProperties) {
+ String sub;
+ token = token.replace("Bearer ", "");
+ byte[] validationKeyBytes;
+ try {
+ validationKeyBytes =
Files.readAllBytes(Paths.get(Objects.requireNonNull(publicKeyUrl)));
+ X509EncodedKeySpec spec = new
X509EncodedKeySpec(validationKeyBytes);
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ Key validationKey = kf.generatePublic(spec);
+ JwtParser signedParser =
Jwts.parserBuilder().setSigningKey(validationKey).build();
+ Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
+ sub = signJwt.getBody().get("sub", String.class);
+ if
(!sub.contains(aclProperties.getExtendedField("group").toString()) &&
!sub.contains("pulsar-admin")) {
+ throw new AclException("group:" +
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+ + aclProperties.getTopic());
+ }
+ } catch (IOException e) {
+ throw new AclException("public key read error!", e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new AclException("no such RSA algorithm!", e);
+ } catch (InvalidKeySpecException e) {
+ throw new AclException("invalid public key spec!", e);
+ } catch (JwtException e) {
+ throw new AclException("invalid token!", e);
+ }
+
+ }
+
+ public static String getPublicKeyUrl() {
+ String publicKeyUrl = null;
+ for (String key : ConfigurationContextUtil.KEYS) {
+ CommonConfiguration commonConfiguration =
ConfigurationContextUtil.get(key);
+ if (null == commonConfiguration) {
+ continue;
+ }
+ if
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
+ throw new AclException("publicKeyUrl cannot be null");
+ }
+ publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
+ }
+ return publicKeyUrl;
+
}
Review Comment:
Redundant blank line at the end of the method.
##########
eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java:
##########
@@ -138,14 +75,58 @@ public static boolean authAccess(AclProperties
aclProperties) {
String topic = aclProperties.getTopic();
Object topics = aclProperties.getExtendedField("topics");
-
if (!(topics instanceof Set)) {
Review Comment:
I think this blank line is better not removed to maintain the formatting.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@eventmesh.apache.org
For additional commands, e-mail: issues-h...@eventmesh.apache.org
