Skip to content
Permalink
Browse files
Replacing seshat with system/provisioner, and isis with identity/tenant.
  • Loading branch information
mifosio-04-04-2018 committed Mar 17, 2017
1 parent dcfdf25 commit 7c34c04ce94fa835d9dd6adc5f57f4d068a79c13
Showing 16 changed files with 80 additions and 80 deletions.
@@ -29,8 +29,8 @@
@SuppressWarnings("WeakerAccess")
@FeignClient
public interface Anubis {
String ISIS_PUBLIC_KEY_MODULUS_HEADER = "X-Isis-Public-Key-Modulus";
String ISIS_PUBLIC_KEY_EXPONENT_HEADER = "X-Isis-Public-Key-Exponent";
String TENANT_PUBLIC_KEY_MODULUS_HEADER = "X-Tenant-Public-Key-Modulus";
String TENANT_PUBLIC_KEY_EXPONENT_HEADER = "X-Tenant-Public-Key-Exponent";

@RequestMapping(
value = "/permittables",
@@ -44,7 +44,7 @@ public interface Anubis {
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.ALL_VALUE})
void initialize(
@RequestHeader(ISIS_PUBLIC_KEY_MODULUS_HEADER) BigInteger isisKeyMod,
@RequestHeader(ISIS_PUBLIC_KEY_EXPONENT_HEADER) BigInteger isisKeyExp)
@RequestHeader(TENANT_PUBLIC_KEY_MODULUS_HEADER) BigInteger tenantKeyMod,
@RequestHeader(TENANT_PUBLIC_KEY_EXPONENT_HEADER) BigInteger tenantKeyExp)
throws InvalidTokenException, TenantNotFoundException;
}
@@ -231,7 +231,7 @@ public void requestYourOwnInformationWhenYoureOnlyPermittedToAccessOwnShouldWork
@Test
public void tenantTokenForSystemEndpointShouldNotWorkRegardlessOfPermissions()
{
try (final AutoSeshat ignored = new AutoSeshat(tenantApplicationSecurityEnvironment.seshatToken()))
try (final AutoSeshat ignored = new AutoSeshat(tenantApplicationSecurityEnvironment.systemToken()))
{
example.callSystemEndpoint();
}
@@ -24,7 +24,7 @@ public interface TenantSignatureProvider {
/**
*
* @param version The version of the signature to get.
* @return The public keys that isis uses for signing tokens.
* @return The public keys that the identity service uses for signing tokens.
* @throws IllegalArgumentException if the tenant context is not set.
*/
Optional<Signature> getSignature(String version) throws IllegalArgumentException;
@@ -30,8 +30,8 @@
import java.math.BigInteger;
import java.util.Optional;

import static io.mifos.anubis.api.v1.client.Anubis.ISIS_PUBLIC_KEY_EXPONENT_HEADER;
import static io.mifos.anubis.api.v1.client.Anubis.ISIS_PUBLIC_KEY_MODULUS_HEADER;
import static io.mifos.anubis.api.v1.client.Anubis.TENANT_PUBLIC_KEY_EXPONENT_HEADER;
import static io.mifos.anubis.api.v1.client.Anubis.TENANT_PUBLIC_KEY_MODULUS_HEADER;


/**
@@ -57,25 +57,25 @@ protected void doFilterInternal(final HttpServletRequest request,
final String method = request.getMethod();

if (method.equals("POST")) {
final Optional<BigInteger> isisPublicKeyExponent =
toBigInteger(request.getHeader(ISIS_PUBLIC_KEY_EXPONENT_HEADER));
final Optional<BigInteger> isisPublicKeyModulus =
toBigInteger(request.getHeader(ISIS_PUBLIC_KEY_MODULUS_HEADER));
final Optional<BigInteger> tenantPublicKeyExponent =
toBigInteger(request.getHeader(TENANT_PUBLIC_KEY_EXPONENT_HEADER));
final Optional<BigInteger> tenantPublicKeyModulus =
toBigInteger(request.getHeader(TENANT_PUBLIC_KEY_MODULUS_HEADER));

if (!isisPublicKeyExponent.isPresent()) {
if (!tenantPublicKeyExponent.isPresent()) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Header [" + ISIS_PUBLIC_KEY_EXPONENT_HEADER + "] must be a valid big integer.");
} else if (!isisPublicKeyModulus.isPresent()) {
"Header [" + TENANT_PUBLIC_KEY_EXPONENT_HEADER + "] must be a valid big integer.");
} else if (!tenantPublicKeyModulus.isPresent()) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Header [" + ISIS_PUBLIC_KEY_MODULUS_HEADER + "] must be a valid big integer.");
"Header [" + TENANT_PUBLIC_KEY_MODULUS_HEADER + "] must be a valid big integer.");
} else {
//NOTE: we are provisioning, whether the tenant is already provisioned or not. This is
// for the case that isis public key has for some reason changed, and need to be
// for the case that tenant public key has for some reason changed, and need to be
// re-broadcast.
try {
tenantAuthorizationDataRepository
.provisionTenant(isisPublicKeyModulus.get(),
isisPublicKeyExponent.get());
.provisionTenant(tenantPublicKeyModulus.get(),
tenantPublicKeyExponent.get());
}
catch (final ServiceException e)
{
@@ -29,30 +29,30 @@
*/
@Component
public class SystemRsaKeyProvider {
private String seshatPublicKeyMod;
private String seshatPublicKeyExp;
private String systemPublicKeyMod;
private String systemPublicKeyExp;

private PublicKey seshatPublicKey;
private PublicKey systemPublicKey;

@Autowired
public SystemRsaKeyProvider(final @Value("${seshat.publicKey.modulus}") String seshatPublicKeyMod, final @Value("${seshat.publicKey.exponent}") String seshatPublicKeyExp)
public SystemRsaKeyProvider(final @Value("${system.publicKey.modulus}") String systemPublicKeyMod, final @Value("${system.publicKey.exponent}") String systemPublicKeyExp)
{
this.seshatPublicKeyMod = seshatPublicKeyMod;
this.seshatPublicKeyExp = seshatPublicKeyExp;
this.systemPublicKeyMod = systemPublicKeyMod;
this.systemPublicKeyExp = systemPublicKeyExp;
}

@PostConstruct
public void init() {
this.seshatPublicKey =
this.systemPublicKey =
new RsaPublicKeyBuilder()
.setPublicKeyMod(new BigInteger(seshatPublicKeyMod))
.setPublicKeyExp(new BigInteger(seshatPublicKeyExp))
.setPublicKeyMod(new BigInteger(systemPublicKeyMod))
.setPublicKeyExp(new BigInteger(systemPublicKeyExp))
.build();
}

public PublicKey getPublicKey(final String tokenVersion) throws InvalidKeyVersionException {
if (!tokenVersion.equals("1"))
throw new InvalidKeyVersionException(tokenVersion);
return seshatPublicKey;
return systemPublicKey;
}
}
@@ -53,11 +53,11 @@ public TenantAuthorizationDataRepository(
this.cassandraSessionProvider = cassandraSessionProvider;
}

public void provisionTenant(final BigInteger isisPublicKeyModulus, final BigInteger isisPublicKeyExponent) {
public void provisionTenant(final BigInteger tenantPublicKeyModulus, final BigInteger tenantPublicKeyExponent) {
final Session session = cassandraSessionProvider.getTenantSession();

createTable(session);
createEntry(session, isisPublicKeyModulus, isisPublicKeyExponent);
createEntry(session, tenantPublicKeyModulus, tenantPublicKeyExponent);
}

private void createTable(final Session tenantSession) {
@@ -58,12 +58,12 @@ public static AmitAuthenticationException missingTokenContent() {
return new AmitAuthenticationException("Token does not contain content. Perhaps you submitted a refresh token instead of the access token?");
}

@SuppressWarnings("unused") //used in isis
@SuppressWarnings("unused") //used in identity
public static AmitAuthenticationException userPasswordCombinationNotFound() {
return new AmitAuthenticationException("A user with the given useridentifier and password doesn't exist.");
}

@SuppressWarnings("unused") //used in isis
@SuppressWarnings("unused") //used in identity
public static AmitAuthenticationException passwordExpired() {
return new AmitAuthenticationException("Users password has expired.");
}
@@ -83,7 +83,7 @@ public AnubisAuthentication authenticate(
logger.debug("token = {}", token);
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyVersionException e) {
throw AmitAuthenticationException.invalidTokenVersion("seshat", version);
throw AmitAuthenticationException.invalidTokenVersion("system", version);
}
}
}
@@ -86,7 +86,7 @@ AnubisAuthentication authenticate(
catch (final JwtException e) {
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyVersionException e) {
throw AmitAuthenticationException.invalidTokenVersion("isis", version);
throw AmitAuthenticationException.invalidTokenVersion("tenant", version);
}
}

@@ -18,7 +18,7 @@
import java.util.Optional;

public enum TokenType {
SYSTEM("seshat"), TENANT("isis"), ;
SYSTEM("system"), TENANT("tenant"), ;

private final String issuer;

@@ -31,8 +31,8 @@
import java.util.ArrayList;
import java.util.Collection;

import static io.mifos.anubis.api.v1.client.Anubis.ISIS_PUBLIC_KEY_EXPONENT_HEADER;
import static io.mifos.anubis.api.v1.client.Anubis.ISIS_PUBLIC_KEY_MODULUS_HEADER;
import static io.mifos.anubis.api.v1.client.Anubis.TENANT_PUBLIC_KEY_EXPONENT_HEADER;
import static io.mifos.anubis.api.v1.client.Anubis.TENANT_PUBLIC_KEY_MODULUS_HEADER;
import static javax.servlet.http.HttpServletResponse.*;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
@@ -107,9 +107,9 @@ public void setup()

request = Mockito.mock(HttpServletRequest.class);
when(request.getMethod()).thenReturn(testCase.method);
when(request.getHeader(ISIS_PUBLIC_KEY_EXPONENT_HEADER)).thenReturn(
when(request.getHeader(TENANT_PUBLIC_KEY_EXPONENT_HEADER)).thenReturn(
String.valueOf(testCase.publicKeyExp));
when(request.getHeader(ISIS_PUBLIC_KEY_MODULUS_HEADER)).thenReturn(
when(request.getHeader(TENANT_PUBLIC_KEY_MODULUS_HEADER)).thenReturn(
String.valueOf(testCase.publicKeyMod));

response = Mockito.mock(HttpServletResponse.class);
@@ -68,11 +68,11 @@ public void shouldCreateValidSeshatToken() throws Exception {
final SystemAccessTokenSerializer testSubject = new SystemAccessTokenSerializer();

final LocalDateTime now = LocalDateTime.now(ZoneId.of("UTC"));
final TokenSerializationResult seshatToken = testSubject.build(specification);
final TokenSerializationResult systemToken = testSubject.build(specification);

Assert.assertNotNull(seshatToken);
Assert.assertNotNull(systemToken);

final LocalDateTime expiration = seshatToken.getExpiration();
final LocalDateTime expiration = systemToken.getExpiration();
final long diff = expiration.toInstant(ZoneOffset.ofHours(0)).getEpochSecond()
- now.toInstant(ZoneOffset.ofHours(0)).getEpochSecond();

@@ -82,7 +82,7 @@ public void shouldCreateValidSeshatToken() throws Exception {
final Jwt<Header, Claims> parsedToken = Jwts
.parser()
.setSigningKey(keyPairHolder.publicKey())
.parse(seshatToken.getToken().substring("Bearer ".length()).trim());
.parse(systemToken.getToken().substring("Bearer ".length()).trim());


Assert.assertNotNull(parsedToken);
@@ -63,11 +63,11 @@ public void shouldCreateValidSeshatToken() throws Exception
final TenantAccessTokenSerializer testSubject = new TenantAccessTokenSerializer(new Gson());

final LocalDateTime now = LocalDateTime.now(ZoneId.of("UTC"));
final TokenSerializationResult seshatToken = testSubject.build(specification);
final TokenSerializationResult systemToken = testSubject.build(specification);

Assert.assertNotNull(seshatToken);
Assert.assertNotNull(systemToken);

final LocalDateTime expiration = seshatToken.getExpiration();
final LocalDateTime expiration = systemToken.getExpiration();
final long diff = expiration.toInstant(ZoneOffset.ofHours(0)).getEpochSecond()
- now.toInstant(ZoneOffset.ofHours(0)).getEpochSecond();

@@ -77,7 +77,7 @@ public void shouldCreateValidSeshatToken() throws Exception
final Jwt<Header, Claims> parsedToken = Jwts
.parser()
.setSigningKey(keyPairHolder.publicKey())
.parse(seshatToken.getToken().substring("Bearer ".length()).trim());
.parse(systemToken.getToken().substring("Bearer ".length()).trim());


Assert.assertNotNull(parsedToken);
@@ -29,15 +29,15 @@ public class TokenTypeTest {
@Test
public void valueOfIssuer()
{
Assert.assertEquals(TokenType.valueOfIssuer("seshat").get(), TokenType.SYSTEM);
Assert.assertEquals(TokenType.valueOfIssuer("isis").get(), TokenType.TENANT);
Assert.assertEquals(TokenType.valueOfIssuer("system").get(), TokenType.SYSTEM);
Assert.assertEquals(TokenType.valueOfIssuer("tenant").get(), TokenType.TENANT);
Assert.assertEquals(TokenType.valueOfIssuer("ra"), Optional.empty());
}

@Test
public void getIssuer()
{
Assert.assertEquals(TokenType.SYSTEM.getIssuer(), "seshat");
Assert.assertEquals(TokenType.TENANT.getIssuer(), "isis");
Assert.assertEquals(TokenType.SYSTEM.getIssuer(), "system");
Assert.assertEquals(TokenType.TENANT.getIssuer(), "tenant");
}
}
@@ -58,39 +58,39 @@ public class SystemSecurityEnvironment {

private final TenantAccessTokenSerializer tenantAccessTokenSerializer;
private final SystemAccessTokenSerializer systemAccessTokenSerializer;
private final PublicKey seshatPublicKey;
private final PrivateKey seshatPrivateKey;
private final Map<String, RsaKeyPairFactory.KeyPairHolder> isisKeyPairHolders;
private final PublicKey systemPublicKey;
private final PrivateKey systemPrivateKey;
private final Map<String, RsaKeyPairFactory.KeyPairHolder> tenantKeyPairHolders;

public SystemSecurityEnvironment(final PublicKey seshatPublicKey, final PrivateKey seshatPrivateKey) {
public SystemSecurityEnvironment(final PublicKey systemPublicKey, final PrivateKey systemPrivateKey) {
final Gson gson = new GsonBuilder().create();
this.tenantAccessTokenSerializer = new TenantAccessTokenSerializer(gson);
this.systemAccessTokenSerializer = new SystemAccessTokenSerializer();
this.seshatPublicKey = seshatPublicKey;
this.seshatPrivateKey = seshatPrivateKey;
this.systemPublicKey = systemPublicKey;
this.systemPrivateKey = systemPrivateKey;

this.isisKeyPairHolders = new HashMap<>();
this.tenantKeyPairHolders = new HashMap<>();
}

public AutoUserContext createAutoSeshatContext(final String applicationName)
public AutoUserContext createAutoSystemContext(final String applicationName)
{
return new AutoSeshat(seshatToken(applicationName));
return new AutoSeshat(systemToken(applicationName));
}

public AutoUserContext createAutoSeshatContext(final String tenantName, final String applicationName) {
return new AutoSeshat(seshatToken(tenantName, applicationName));
public AutoUserContext createAutoSystemContext(final String tenantName, final String applicationName) {
return new AutoSeshat(systemToken(tenantName, applicationName));
}

public String seshatToken(final String applicationName) {
return seshatToken(TenantContextHolder.checkedGetIdentifier(), applicationName);
public String systemToken(final String applicationName) {
return systemToken(TenantContextHolder.checkedGetIdentifier(), applicationName);
}

private String seshatToken(final String tenantName, final String applicationName) {
private String systemToken(final String tenantName, final String applicationName) {
return systemAccessTokenSerializer.build(new SystemAccessTokenSerializer.Specification()
.setTenant(tenantName)
.setRole(RoleConstants.SYSTEM_ADMIN_ROLE_IDENTIFIER)
.setSecondsToLive(TimeUnit.HOURS.toSeconds(12))
.setPrivateKey(seshatPrivateKey)
.setPrivateKey(systemPrivateKey)
.setTargetApplicationName(applicationName)
).getToken();
}
@@ -131,13 +131,13 @@ private TokenContent generateOnePermissionTokenContent(final String applicationN

public RSAPublicKey tenantPublicKey()
{
return isisKeyPairHolders.computeIfAbsent(TenantContextHolder.checkedGetIdentifier(),
return tenantKeyPairHolders.computeIfAbsent(TenantContextHolder.checkedGetIdentifier(),
x -> RsaKeyPairFactory.createKeyPair()).publicKey();
}

public RSAPrivateKey tenantPrivateKey()
{
return isisKeyPairHolders.computeIfAbsent(TenantContextHolder.checkedGetIdentifier(),
return tenantKeyPairHolders.computeIfAbsent(TenantContextHolder.checkedGetIdentifier(),
x -> RsaKeyPairFactory.createKeyPair()).privateKey();
}

@@ -183,19 +183,19 @@ public boolean isValidToken(final String token,

final SystemRsaKeyProvider systemRsaKeyProvider = Mockito.mock(SystemRsaKeyProvider.class);
try {
Mockito.doReturn(seshatPublicKey).when(systemRsaKeyProvider).getPublicKey(Mockito.anyString());
Mockito.doReturn(systemPublicKey).when(systemRsaKeyProvider).getPublicKey(Mockito.anyString());
}
catch (final InvalidKeyVersionException ignored) {}

final Logger logger = LoggerFactory.getLogger(LOGGER_NAME);

final SystemAuthenticator isisSystemAuthenticator = new SystemAuthenticator(
final SystemAuthenticator systemAuthenticator = new SystemAuthenticator(
systemRsaKeyProvider,
ApplicationName.appNameWithVersion(forService, forServiceVersion),
permittableService,
logger);
try {
return (isisSystemAuthenticator.authenticate(forUser, jwtToken, "1") != null);
return (systemAuthenticator.authenticate(forUser, jwtToken, "1") != null);
}
catch (final Exception e)
{

0 comments on commit 7c34c04

Please sign in to comment.