Merge pull request #728 from CorfuDB/checkstyle-org.corfudb.security

Checkstyle fixups for org.corfudb.security.*

runtime/src/main/java/org/corfudb/security/sasl/SaslUtils.java

@@ -13,6 +13,12 @@
  */
 public class SaslUtils {
 
+    /**
+     * Parse username and password files for SASL authentication.
+     * @param usernameFile Username file path string.
+     * @param passwordFile Password file path string.
+     * @return PlainTextSaslNettyClient or RuntimeException on error
+     */
     public static PlainTextSaslNettyClient enableSaslPlainText(
             String usernameFile, String passwordFile) {
         if (usernameFile == null) {
@@ -27,8 +33,8 @@ public static PlainTextSaslNettyClient enableSaslPlainText(
             username =
                 (new String(Files.readAllBytes(Paths.get(usernameFile)))).trim();
         } catch (Exception e) {
-            throw new RuntimeException("Error reading the username file: " +
-                e.getClass().getSimpleName(), e);
+            throw new RuntimeException("Error reading the username file: "
+                + e.getClass().getSimpleName(), e);
         }
 
 
@@ -37,17 +43,17 @@ public static PlainTextSaslNettyClient enableSaslPlainText(
             password =
                 (new String(Files.readAllBytes(Paths.get(passwordFile)))).trim();
         } catch (Exception e) {
-            throw new RuntimeException("Error reading the password file: " +
-                e.getClass().getSimpleName(), e);
+            throw new RuntimeException("Error reading the password file: "
+                + e.getClass().getSimpleName(), e);
         }
 
         PlainTextSaslNettyClient saslNettyClient = null;
 
         try {
             saslNettyClient = new PlainTextSaslNettyClient(username, password);
         } catch (SaslException se) {
-            throw new RuntimeException("Could not create a SASL Plain Text Netty client" +
-                    se.getClass().getSimpleName(), se);
+            throw new RuntimeException("Could not create a SASL Plain Text Netty client"
+                    + se.getClass().getSimpleName(), se);
         }
 
         return saslNettyClient;

runtime/src/main/java/org/corfudb/security/sasl/plaintext/PlainTextCallbackHandler.java

@@ -1,15 +1,15 @@
 package org.corfudb.security.sasl.plaintext;
 
 import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 /**
  * Created by sneginhal on 01/27/2017
  *
- * Common callback handler for NameCallback and PasswordCallback.
+ * <p>Common callback handler for NameCallback and PasswordCallback.
  * Used by PlainTextLoginModule and PlainTextSaslNettyClient.
  */
 
@@ -23,8 +23,14 @@ public PlainTextCallbackHandler(String username, String password) {
         this.password = password;
     }
 
+    /**
+     * Call functions for username & password for SASL callbacks.
+     *
+     * @param callbacks SASL callback array
+     * @throws UnsupportedCallbackException If callback array includes unknown type.
+     */
     public void handle(Callback[] callbacks)
-        throws UnsupportedCallbackException {
+            throws UnsupportedCallbackException {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof NameCallback) {
                 NameCallback nc = (NameCallback)callbacks[i];
@@ -34,7 +40,7 @@ public void handle(Callback[] callbacks)
                 pc.setPassword(password.toCharArray());
             } else {
                 throw new UnsupportedCallbackException(callbacks[i],
-                    "Unsupported Callback");
+                        "Unsupported Callback");
             }
         }
     }

runtime/src/main/java/org/corfudb/security/sasl/plaintext/PlainTextLoginModule.java

@@ -3,19 +3,19 @@
 import java.io.IOException;
 import java.util.Map;
 
+import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
-import javax.security.auth.Subject;
 
 /**
  * Created by sneginhal on 01/27/2017
  *
- * Implementation of the plain text LoginMoodule.
+ * <p>Implementation of the plain text LoginMoodule.
  * http://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html
  */
 
@@ -27,7 +27,7 @@ public class PlainTextLoginModule implements LoginModule {
 
     @Override
     public void initialize(Subject subject, CallbackHandler callbackHandler,
-        Map<String, ?> sharedState, Map<String, ?> options) {
+                           Map<String, ?> sharedState, Map<String, ?> options) {
         this.callbackHandler = callbackHandler;
         this.options = options;
     }
@@ -47,14 +47,14 @@ public boolean login() throws LoginException {
         } catch (IOException ie) {
             throw new LoginException("IOException: " + ie.toString());
         } catch (UnsupportedCallbackException uce) {
-            throw new LoginException("UnsupportedCallbackException: " +
-                uce.getCallback().toString());
+            throw new LoginException("UnsupportedCallbackException: "
+                + uce.getCallback().toString());
         }
 
         String username = ((NameCallback)callbacks[0]).getName();
         if (options.containsKey(PLAIN_TEXT_USER_PREFIX + username)) {
             String expectedPassword = (String) options.get(PLAIN_TEXT_USER_PREFIX + username);
-            String password = new String (((PasswordCallback)callbacks[1]).getPassword());
+            String password = new String(((PasswordCallback)callbacks[1]).getPassword());
             if (!expectedPassword.equals(password)) {
                 throw new LoginException("Incorrect password for: " + username);
             }

runtime/src/main/java/org/corfudb/security/sasl/plaintext/PlainTextSaslNettyClient.java

@@ -1,13 +1,13 @@
 package org.corfudb.security.sasl.plaintext;
 
 import io.netty.buffer.ByteBuf;
-import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelDuplexHandler;
-import lombok.extern.slf4j.Slf4j;
+import io.netty.channel.ChannelHandlerContext;
 
 import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * Created by sneginhal on 01/31/2017.
@@ -24,10 +24,11 @@ public class PlainTextSaslNettyClient extends ChannelDuplexHandler {
 
     private final String[] mechanisms = {"PLAIN"};
 
+    /** Plaintext client constructor. */
     public PlainTextSaslNettyClient(String username, String password)
-        throws SaslException {
+            throws SaslException {
         PlainTextCallbackHandler cbh = new PlainTextCallbackHandler(username,
-            password);
+                password);
         saslClient = Sasl.createSaslClient(mechanisms, username,
             "plain", null, null, cbh);
     }

runtime/src/main/java/org/corfudb/security/sasl/plaintext/PlainTextSaslNettyServer.java

@@ -35,7 +35,7 @@ public PlainTextSaslNettyServer() throws SaslException {
 
     @Override
     protected void channelRead0(ChannelHandlerContext ctx, ByteBuf buf)
-        throws Exception {
+            throws Exception {
 
         byte[] msg = new byte[buf.readableBytes()];
         buf.getBytes(0, msg);

runtime/src/main/java/org/corfudb/security/sasl/plaintext/PlainTextSaslServer.java

@@ -1,7 +1,5 @@
 package org.corfudb.security.sasl.plaintext;
 
-import lombok.extern.slf4j.Slf4j;
-
 import java.io.UnsupportedEncodingException;
 import java.util.Arrays;
 import java.util.Map;
@@ -13,6 +11,7 @@
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 import javax.security.sasl.SaslServerFactory;
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * Created by sneginhal on 01/27/2017.
@@ -41,7 +40,7 @@ public String getMechanismName() {
     }
 
     private void verify(String authzid, String authcid, String passwd)
-        throws SaslException {
+            throws SaslException {
 
         if (authcid.isEmpty()) {
             throw new SaslException("Authentication failed due to empty username");
@@ -58,7 +57,7 @@ private void verify(String authzid, String authcid, String passwd)
 
         try {
             LoginContext lc = new LoginContext("CorfuDB",
-                new PlainTextCallbackHandler(authcid, passwd));
+                    new PlainTextCallbackHandler(authcid, passwd));
             lc.login();
         } catch (LoginException le) {
             throw new SaslException("Login attempt by '" + authcid + "' failed");
@@ -70,7 +69,7 @@ private void verify(String authzid, String authcid, String passwd)
 
     @Override
     public byte[] evaluateResponse(byte[] response)
-        throws SaslException {
+            throws SaslException {
         String[] tokens;
         try {
             tokens = new String(response, "UTF-8").split("\u0000");
@@ -132,8 +131,9 @@ public static class PlainTextSaslServerFactory implements SaslServerFactory {
 
         @Override
         public SaslServer createSaslServer(String mechanism, String protocol,
-            String serverName, Map<String, ?> props, CallbackHandler cbh)
-            throws SaslException {
+                                           String serverName, Map<String, ?> props,
+                                           CallbackHandler cbh)
+                throws SaslException {
 
             if (!mechanism.equals(MECHANISM)) {
                 throw new SaslException("Unsupported mechanism: " + mechanism);
@@ -144,10 +144,11 @@ public SaslServer createSaslServer(String mechanism, String protocol,
         @Override
         public String[] getMechanismNames(Map<String, ?> props) {
             String noPlainText = (String) props.get(Sasl.POLICY_NOPLAINTEXT);
-            if (noPlainText.equals("true"))
+            if (noPlainText.equals("true")) {
                 return new String[]{};
-            else
+            } else {
                 return new String[]{MECHANISM};
+            }
         }
     }
 }

runtime/src/main/java/org/corfudb/security/sasl/plaintext/PlainTextSaslServerProvider.java

@@ -16,9 +16,9 @@ public class PlainTextSaslServerProvider extends Provider {
 
     protected PlainTextSaslServerProvider() {
         super("PlainTextSaslServerProvider", 1.0,
-            "Plain Text Sasl Server Provider for CorfuDB");
+                "Plain Text Sasl Server Provider for CorfuDB");
         super.put("SaslServerFactory." + PlainTextSaslServer.MECHANISM,
-            PlainTextSaslServerFactory.class.getName());
+                PlainTextSaslServerFactory.class.getName());
     }
 
     public static void initialize() {

runtime/src/main/java/org/corfudb/security/tls/TlsUtils.java

@@ -3,23 +3,34 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManagerFactory;
 import java.io.FileInputStream;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.util.Map;
 import java.util.function.Consumer;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
 
 /**
  * Utilities for common options parsing and session configuration for
  * encrypted & authenticated TLS sessions.
  */
 
 public class TlsUtils {
-    public enum SslContextType { SERVER_CONTEXT, CLIENT_CONTEXT };
+    public enum SslContextType { SERVER_CONTEXT, CLIENT_CONTEXT }
 
+    /**
+     * Create SslContext object based on Getopt-style parameter spec.
+     *
+     * @param desiredType Server or client context
+     * @param opts Getopt-style parameters
+     * @param keyStoreException Consumer for key store error
+     * @param ksPasswordFileException Consumer for ks password file error
+     * @param trustStoreException Consumer for trust store error
+     * @param tsPasswordFileException Consumer for ts password file error
+     * @return SslContext object or null on error
+     */
     public static SslContext enableTls(SslContextType desiredType,
                                        Map<String, Object> opts,
                                        Consumer<Exception> keyStoreException,
@@ -33,11 +44,29 @@ public static SslContext enableTls(SslContextType desiredType,
                 (String) opts.get("--truststore-password-file"), tsPasswordFileException);
     }
 
+    /**
+     * Create SslContext object based on a spec of individual configuration strings.
+     *
+     * @param desiredType Server or client context
+     * @param keyStore Key store path string
+     * @param keyStoreException Consumer for key store error
+     * @param ksPasswordFile Key store password file string
+     * @param ksPasswordFileException Consumer for ks password file error
+     * @param trustStore Trust store path string
+     * @param trustStoreException Consumer for trust store error
+     * @param tsPasswordFile Trust store password file path string
+     * @param tsPasswordFileException Consumer for ts password file error
+     * @return SslContext object or null on error
+     */
     public static SslContext enableTls(SslContextType desiredType,
-                                       String keyStore, Consumer<Exception> keyStoreException,
-                                       String ksPasswordFile, Consumer<Exception> ksPasswordFileException,
-                                       String trustStore, Consumer<Exception> trustStoreException,
-                                       String tsPasswordFile, Consumer<Exception> tsPasswordFileException) {
+                                       String keyStore,
+                                       Consumer<Exception> keyStoreException,
+                                       String ksPasswordFile,
+                                       Consumer<Exception> ksPasswordFileException,
+                                       String trustStore,
+                                       Consumer<Exception> trustStoreException,
+                                       String tsPasswordFile,
+                                       Consumer<Exception> tsPasswordFileException) {
         // Get the key store password
         String ksp = "";
         if (ksPasswordFile != null) {
@@ -100,9 +129,9 @@ public static SslContext enableTls(SslContextType desiredType,
                     throw new RuntimeException("Bad SSL context type: " + desiredType);
             }
         } catch (Exception e) {
-            throw new RuntimeException("Could not build SslContext type " +
-                    desiredType.toString() + ": " +
-                    e.getClass().getSimpleName(), e);
+            throw new RuntimeException("Could not build SslContext type "
+                    + desiredType.toString() + ": "
+                    + e.getClass().getSimpleName(), e);
         }
     }