Pil0tXia commented on code in PR #3644:
URL: https://github.com/apache/eventmesh/pull/3644#discussion_r1454779835
##########
eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java:
##########
@@ -146,6 +81,50 @@ public static boolean authAccess(AclProperties
aclProperties) {
Set<String> groupTopics = TypeUtils.castSet(topics, String.class);
return groupTopics.contains(topic);
+
+ }
Review Comment:
We generally won't leave a blank line at the end of a method.
##########
eventmesh-security-plugin/eventmesh-security-auth-token/src/main/java/org/apache/eventmesh/auth/token/impl/auth/AuthTokenUtils.java:
##########
@@ -146,6 +81,50 @@ public static boolean authAccess(AclProperties
aclProperties) {
Set<String> groupTopics = TypeUtils.castSet(topics, String.class);
return groupTopics.contains(topic);
+
+ }
+
+ private static String getPublicKeyUrl() {
+ String publicKeyUrl = null;
+ for (String key : ConfigurationContextUtil.KEYS) {
+ CommonConfiguration commonConfiguration =
ConfigurationContextUtil.get(key);
+ if (null == commonConfiguration) {
+ continue;
+ }
+ if
(StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
+ throw new AclException("publicKeyUrl cannot be null");
+ }
+ publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
+ }
+ return publicKeyUrl;
+ }
+
+ private static void validateToken(String token, String publicKeyUrl,
AclProperties aclProperties) {
+ String sub;
+ token = token.replace("Bearer ", "");
+ byte[] validationKeyBytes;
+ try {
+ validationKeyBytes =
Files.readAllBytes(Paths.get(Objects.requireNonNull(publicKeyUrl)));
+ X509EncodedKeySpec spec = new
X509EncodedKeySpec(validationKeyBytes);
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ Key validationKey = kf.generatePublic(spec);
+ JwtParser signedParser =
Jwts.parserBuilder().setSigningKey(validationKey).build();
+ Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
+ sub = signJwt.getBody().get("sub", String.class);
+ if
(!sub.contains(aclProperties.getExtendedField("group").toString()) &&
!sub.contains("pulsar-admin")) {
+ throw new AclException("group:" +
aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+ + aclProperties.getTopic());
+ }
+ } catch (IOException e) {
+ throw new AclException("public key read error!", e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new AclException("no such RSA algorithm!", e);
+ } catch (InvalidKeySpecException e) {
+ throw new AclException("invalid public key spec!", e);
+ } catch (JwtException e) {
+ throw new AclException("invalid token!", e);
+ }
+
}
}
Review Comment:
Redundant lines here too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@eventmesh.apache.org
For additional commands, e-mail: issues-h...@eventmesh.apache.org
