Skip to content
Permalink
Browse files
Made initialization of identity return ApplicationSignatureSet to be …
…more palatable for provisioner.
  • Loading branch information
mifosio-04-04-2018 committed Apr 12, 2017
1 parent 323650e commit d79ff4461b51e2858c6ffefdf31f9bcc8d1c27ea
Showing 7 changed files with 68 additions and 24 deletions.
@@ -124,7 +124,7 @@ public interface IdentityManager {
consumes = {MediaType.APPLICATION_JSON_VALUE},
produces = {MediaType.APPLICATION_JSON_VALUE})
@ThrowsException(status = HttpStatus.CONFLICT, exception = TenantAlreadyInitializedException.class)
String initialize(@RequestParam("password") String password);
ApplicationSignatureSet initialize(@RequestParam("password") String password);

@RequestMapping(value = "/signatures", method = RequestMethod.POST,
consumes = {MediaType.APPLICATION_JSON_VALUE},
@@ -1,3 +1,18 @@
/*
* Copyright 2017 The Mifos Initiative.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import io.mifos.anubis.api.v1.client.Anubis;
import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
import io.mifos.anubis.api.v1.domain.Signature;
@@ -15,6 +15,7 @@
*/

import io.mifos.anubis.api.v1.RoleConstants;
import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
import io.mifos.anubis.api.v1.domain.Signature;
import io.mifos.anubis.test.v1.TenantApplicationSecurityEnvironmentTestRule;
import io.mifos.anubis.token.SystemAccessTokenSerializer;
@@ -95,7 +96,7 @@ public void testBoundaryInitializeCases() throws InterruptedException {
final IdentityManager testSubject = getTestSubject();


final String firstTenantSignatureTimestamp;
final ApplicationSignatureSet firstTenantSignatureSet;
Signature firstTenantIdentityManagerSignature = null;
try (final TenantDataStoreTestContext ignored = TenantDataStoreTestContext.forRandomTenantName(cassandraInitializer)) {

@@ -130,10 +131,10 @@ public void testBoundaryInitializeCases() throws InterruptedException {
}

try (final AutoUserContext ignored2 = tenantApplicationSecurityEnvironment.createAutoSeshatContext()) {
firstTenantSignatureTimestamp = testSubject.initialize(Helpers.encodePassword(ADMIN_PASSWORD));
firstTenantSignatureSet = testSubject.initialize(Helpers.encodePassword(ADMIN_PASSWORD));

final Signature applicationSignature = tenantApplicationSecurityEnvironment.getAnubis().getApplicationSignature(firstTenantSignatureTimestamp);
firstTenantIdentityManagerSignature = tenantApplicationSecurityEnvironment.getAnubis().getSignatureSet(firstTenantSignatureTimestamp).getIdentityManagerSignature();
final Signature applicationSignature = tenantApplicationSecurityEnvironment.getAnubis().getApplicationSignature(firstTenantSignatureSet.getTimestamp());
firstTenantIdentityManagerSignature = tenantApplicationSecurityEnvironment.getAnubis().getSignatureSet(firstTenantSignatureSet.getTimestamp()).getIdentityManagerSignature();
Assert.assertEquals(applicationSignature, firstTenantIdentityManagerSignature);


@@ -148,12 +149,12 @@ public void testBoundaryInitializeCases() throws InterruptedException {
}


final String secondTenantSignatureTimestamp;
final ApplicationSignatureSet secondTenantSignatureSet;
try (final TenantDataStoreTestContext ignored = TenantDataStoreTestContext.forRandomTenantName(cassandraInitializer)) {
try (final AutoUserContext ignored2
= tenantApplicationSecurityEnvironment.createAutoSeshatContext()) {
secondTenantSignatureTimestamp = testSubject.initialize(Helpers.encodePassword(ADMIN_PASSWORD));
final Signature secondTenantIdentityManagerSignature = tenantApplicationSecurityEnvironment.getAnubis().getApplicationSignature(secondTenantSignatureTimestamp);
secondTenantSignatureSet = testSubject.initialize(Helpers.encodePassword(ADMIN_PASSWORD));
final Signature secondTenantIdentityManagerSignature = tenantApplicationSecurityEnvironment.getAnubis().getApplicationSignature(secondTenantSignatureSet.getTimestamp());
Assert.assertNotEquals(firstTenantIdentityManagerSignature, secondTenantIdentityManagerSignature);
}
}
@@ -16,9 +16,11 @@
package io.mifos.identity.internal.command.handler;

import com.datastax.driver.core.exceptions.InvalidQueryException;
import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
import io.mifos.core.lang.ServiceException;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.identity.api.v1.PermittableGroupIds;
import io.mifos.identity.internal.mapper.SignatureMapper;
import io.mifos.identity.internal.repository.*;
import io.mifos.identity.internal.util.IdentityConstants;
import io.mifos.tool.crypto.SaltGenerator;
@@ -78,7 +80,7 @@ public class Provisioner {
this.saltGenerator = saltGenerator;
}

public String provisionTenant(final String initialPasswordHash) {
public ApplicationSignatureSet provisionTenant(final String initialPasswordHash) {
final RsaKeyPairFactory.KeyPairHolder keys = RsaKeyPairFactory.createKeyPair();

byte[] fixedSalt = this.saltGenerator.createRandomSalt();
@@ -90,7 +92,7 @@ public String provisionTenant(final String initialPasswordHash) {
permittableGroups.buildTable();
roles.buildTable();

signature.add(keys);
final SignatureEntity signatureEntity = signature.add(keys);
tenant.add(fixedSalt, passwordExpiresInDays, timeToChangePasswordAfterExpirationInDays);

createPermittablesGroup(PermittableGroupIds.ROLE_MANAGEMENT, "/roles/*", "/permittablegroups/*");
@@ -111,14 +113,14 @@ public String provisionTenant(final String initialPasswordHash) {
.build(IdentityConstants.SU_NAME, IdentityConstants.SU_ROLE, initialPasswordHash, true,
fixedSalt, timeToChangePasswordAfterExpirationInDays);
users.add(suUser);

return SignatureMapper.mapToApplicationSignatureSet(signatureEntity);
}
catch (final InvalidQueryException e)
{
logger.error("Failed to provision cassandra tables for tenant.", e);
throw ServiceException.internalError("Failed to provision tenant.");
}

return keys.getTimestamp();
}

private PermissionType fullAccess(final String permittableGroupIdentifier) {
@@ -0,0 +1,32 @@
/*
* Copyright 2017 The Mifos Initiative.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.mifos.identity.internal.mapper;

import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
import io.mifos.anubis.api.v1.domain.Signature;
import io.mifos.identity.internal.repository.SignatureEntity;

/**
* @author Myrle Krantz
*/
public interface SignatureMapper {
static ApplicationSignatureSet mapToApplicationSignatureSet(final SignatureEntity signatureEntity) {
return new ApplicationSignatureSet(
signatureEntity.getKeyTimestamp(),
new Signature(signatureEntity.getPublicKeyMod(), signatureEntity.getPublicKeyExp()),
new Signature(signatureEntity.getPublicKeyMod(), signatureEntity.getPublicKeyExp()));
}
}
@@ -20,6 +20,7 @@
import io.mifos.anubis.api.v1.domain.Signature;
import io.mifos.anubis.config.TenantSignatureRepository;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.identity.internal.mapper.SignatureMapper;
import io.mifos.identity.internal.repository.SignatureEntity;
import io.mifos.identity.internal.repository.Signatures;
import io.mifos.identity.internal.repository.Tenants;
@@ -57,7 +58,7 @@ public List<String> getAllSignatureSetKeyTimestamps() {
@Override
public Optional<ApplicationSignatureSet> getSignatureSet(final String keyTimestamp) {
final Optional<SignatureEntity> signatureEntity = signatures.getSignature(keyTimestamp);
return signatureEntity.map(this::mapSignatureEntityToApplicationSignatureSet);
return signatureEntity.map(SignatureMapper::mapToApplicationSignatureSet);
}

@Override
@@ -84,13 +85,6 @@ public boolean tenantAlreadyProvisioned() {
public ApplicationSignatureSet createSignatureSet() {
final RsaKeyPairFactory.KeyPairHolder keys = RsaKeyPairFactory.createKeyPair();
final SignatureEntity signatureEntity = signatures.add(keys);
return mapSignatureEntityToApplicationSignatureSet(signatureEntity);
}

private ApplicationSignatureSet mapSignatureEntityToApplicationSignatureSet(final SignatureEntity signatureEntity) {
return new ApplicationSignatureSet(
signatureEntity.getKeyTimestamp(),
new Signature(signatureEntity.getPublicKeyMod(), signatureEntity.getPublicKeyExp()),
new Signature(signatureEntity.getPublicKeyMod(), signatureEntity.getPublicKeyExp()));
return SignatureMapper.mapToApplicationSignatureSet(signatureEntity);
}
}
@@ -50,7 +50,7 @@ public class InitializeRestController {
consumes = {MediaType.ALL_VALUE},
produces = {MediaType.APPLICATION_JSON_VALUE})
@Permittable(AcceptedTokenType.SYSTEM)
public @ResponseBody ResponseEntity<String> initializeTenant(
public @ResponseBody ResponseEntity<ApplicationSignatureSet> initializeTenant(
@RequestParam("password") final String adminPassword)
{
if (tenantService.tenantAlreadyProvisioned())
@@ -59,9 +59,9 @@ public class InitializeRestController {
}


final String signatureTimestamp = provisioner.provisionTenant(adminPassword);
final ApplicationSignatureSet signatureSet = provisioner.provisionTenant(adminPassword);

return new ResponseEntity<>(signatureTimestamp,
return new ResponseEntity<>(signatureSet,
HttpStatus.OK);
}

0 comments on commit d79ff44

Please sign in to comment.