Skip to content

Commit

Permalink
[ISSUE apache#3515] Do some code optimization[AuthTokenUtils] (apache…
Browse files Browse the repository at this point in the history
…#3644)

* Code optimization

* Remove unused imports

* Added one forgotten import 'Objects'

* Added Constants import

* removed unnecessary space

* fixed code optimization

* corrected some small changes

* redundant lines

* redundant lines

* optimized returned reply in subscribe method

* reverted correct change

* reverted back
  • Loading branch information
kyooosukedn authored Jun 1, 2024
1 parent fdac217 commit 498c350
Showing 1 changed file with 45 additions and 69 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Objects;
import java.util.Set;

import io.jsonwebtoken.Claims;
Expand All @@ -51,41 +52,8 @@ public static void authTokenByPublicKey(AclProperties aclProperties) {
throw new AclException("group:" + aclProperties.getExtendedField("group ") + " has no auth to access the topic:"
+ aclProperties.getTopic());
}
String publicKeyUrl = null;
token = token.replace("Bearer ", "");
for (String key : ConfigurationContextUtil.KEYS) {
CommonConfiguration commonConfiguration = ConfigurationContextUtil.get(key);
if (commonConfiguration == null) {
continue;
}
if (StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
throw new AclException("publicKeyUrl cannot be null");
}
publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
}
byte[] validationKeyBytes = new byte[0];
try {
validationKeyBytes = Files.readAllBytes(Paths.get(publicKeyUrl));
X509EncodedKeySpec spec = new X509EncodedKeySpec(validationKeyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
Key validationKey = kf.generatePublic(spec);
JwtParser signedParser = Jwts.parserBuilder().setSigningKey(validationKey).build();
Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
String sub = signJwt.getBody().get("sub", String.class);
if (!sub.contains(aclProperties.getExtendedField("group").toString()) && !sub.contains("pulsar-admin")) {
throw new AclException("group:" + aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+ aclProperties.getTopic());
}
} catch (IOException e) {
throw new AclException("public key read error!", e);
} catch (NoSuchAlgorithmException e) {
throw new AclException("no such RSA algorithm!", e);
} catch (InvalidKeySpecException e) {
throw new AclException("invalid public key spec!", e);
} catch (JwtException e) {
throw new AclException("invalid token!", e);
}

String publicKeyUrl = getPublicKeyUrl();
validateToken(token, publicKeyUrl, aclProperties);
} else {
throw new AclException("invalid token!");
}
Expand All @@ -94,40 +62,7 @@ public static void authTokenByPublicKey(AclProperties aclProperties) {
public static void helloTaskAuthTokenByPublicKey(AclProperties aclProperties) {
String token = aclProperties.getToken();
if (StringUtils.isNotBlank(token)) {
String publicKeyUrl = null;
token = token.replace("Bearer ", "");
for (String key : ConfigurationContextUtil.KEYS) {
CommonConfiguration commonConfiguration = ConfigurationContextUtil.get(key);
if (commonConfiguration == null) {
continue;
}
if (StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
throw new AclException("publicKeyUrl cannot be null");
}
publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
}
byte[] validationKeyBytes = new byte[0];
try {
validationKeyBytes = Files.readAllBytes(Paths.get(publicKeyUrl));
X509EncodedKeySpec spec = new X509EncodedKeySpec(validationKeyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
Key validationKey = kf.generatePublic(spec);
JwtParser signedParser = Jwts.parserBuilder().setSigningKey(validationKey).build();
Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
String sub = signJwt.getBody().get("sub", String.class);
if (!sub.contains(aclProperties.getExtendedField("group").toString()) && !sub.contains("pulsar-admin")) {
throw new AclException("group:" + aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+ aclProperties.getTopic());
}
} catch (IOException e) {
throw new AclException("public key read error!", e);
} catch (NoSuchAlgorithmException e) {
throw new AclException("no such RSA algorithm!", e);
} catch (InvalidKeySpecException e) {
throw new AclException("invalid public key spec!", e);
} catch (JwtException e) {
throw new AclException("invalid token!", e);
}
validateToken(token, getPublicKeyUrl(), aclProperties);
} else {
throw new AclException("invalid token!");
}
Expand All @@ -148,4 +83,45 @@ public static boolean authAccess(AclProperties aclProperties) {
return groupTopics.contains(topic);
}

private static String getPublicKeyUrl() {
String publicKeyUrl = null;
for (String key : ConfigurationContextUtil.KEYS) {
CommonConfiguration commonConfiguration = ConfigurationContextUtil.get(key);
if (null == commonConfiguration) {
continue;
}
if (StringUtils.isBlank(commonConfiguration.getEventMeshSecurityPublickey())) {
throw new AclException("publicKeyUrl cannot be null");
}
publicKeyUrl = commonConfiguration.getEventMeshSecurityPublickey();
}
return publicKeyUrl;
}

private static void validateToken(String token, String publicKeyUrl, AclProperties aclProperties) {
String sub;
token = token.replace("Bearer ", "");
byte[] validationKeyBytes;
try {
validationKeyBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(publicKeyUrl)));
X509EncodedKeySpec spec = new X509EncodedKeySpec(validationKeyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
Key validationKey = kf.generatePublic(spec);
JwtParser signedParser = Jwts.parserBuilder().setSigningKey(validationKey).build();
Jwt<?, Claims> signJwt = signedParser.parseClaimsJws(token);
sub = signJwt.getBody().get("sub", String.class);
if (!sub.contains(aclProperties.getExtendedField("group").toString()) && !sub.contains("pulsar-admin")) {
throw new AclException("group:" + aclProperties.getExtendedField("group ") + " has no auth to access eventMesh:"
+ aclProperties.getTopic());
}
} catch (IOException e) {
throw new AclException("public key read error!", e);
} catch (NoSuchAlgorithmException e) {
throw new AclException("no such RSA algorithm!", e);
} catch (InvalidKeySpecException e) {
throw new AclException("invalid public key spec!", e);
} catch (JwtException e) {
throw new AclException("invalid token!", e);
}
}
}

0 comments on commit 498c350

Please sign in to comment.