From 21bb2df3db9104e3829a668b1af44aeddaecccdc Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Sat, 18 Nov 2017 12:00:52 +0800 Subject: [PATCH 01/28] service private and public key auth --- .../foundation/common/utils/RSAUtils.java | 66 +++++++++++++++++++ .../token/AuthenticationTokenManager.java | 9 +++ .../foundation/common/utils/TestRSAUtil.java | 29 ++++++++ handlers/handler-auth/pom.xml | 56 ++++++++++++++++ handlers/handler-auth/readme.MD | 3 + .../java/io/servicecomb/AuthHandlerBoot.java | 35 ++++++++++ .../authentication/ConsumerAuthHandler.java | 33 ++++++++++ .../authentication/ProviderAuthHanlder.java | 15 +++++ .../RSAAuthenticationTokenManager.java | 47 +++++++++++++ .../src/main/resources/config/cse.handler.xml | 22 +++++++ .../src/test/resources/log4j.properties | 29 ++++++++ handlers/pom.xml | 1 + 12 files changed, 345 insertions(+) create mode 100644 foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java create mode 100644 foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java create mode 100644 foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java create mode 100644 handlers/handler-auth/pom.xml create mode 100644 handlers/handler-auth/readme.MD create mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java create mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java create mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java create mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java create mode 100644 handlers/handler-auth/src/main/resources/config/cse.handler.xml create mode 100644 handlers/handler-auth/src/test/resources/log4j.properties diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java new file mode 100644 index 00000000000..681828d1d2f --- /dev/null +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -0,0 +1,66 @@ +package io.servicecomb.foundation.common.utils; + +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; + +public class RSAUtils { + + private final static String RSA_ALG = "RSA"; + private final static String SIGN_ALG = "SHA256withRSA"; + + /** + * 加密算法 + */ + private static Base64.Encoder encoder = Base64.getEncoder(); + private static Base64.Decoder decoder = Base64.getDecoder(); + + public static String[] getEncodedKeyPair() { + try { + KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(RSA_ALG); + keyGenerator.initialize(1024, new SecureRandom()); + KeyPair keyPair = keyGenerator.generateKeyPair(); + PublicKey pubKey = keyPair.getPublic(); + PrivateKey privKey = keyPair.getPrivate(); + return new String[] { encoder.encodeToString(privKey.getEncoded()), + encoder.encodeToString(pubKey.getEncoded()) }; + } catch (NoSuchAlgorithmException e) { + throw new Error(e); + } + } + + public static String sign(String content, String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException { + byte[] bytes = decoder.decode(privateKey); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes); + KeyFactory kf = KeyFactory.getInstance(RSA_ALG); + PrivateKey key = kf.generatePrivate(keySpec); + Signature signature = Signature.getInstance(SIGN_ALG); + signature.initSign(key); + signature.update(content.getBytes()); + byte []signByte = signature.sign(); + return encoder.encodeToString(signByte); + } + + public static boolean verify(String publicKey, String sign, String content) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException { + byte[] bytes = decoder.decode(publicKey); + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); + KeyFactory kf = KeyFactory.getInstance(RSA_ALG); + PublicKey pubKey = kf.generatePublic(keySpec); + Signature signature = Signature.getInstance(SIGN_ALG); + signature.initVerify(pubKey); + signature.update(content.getBytes()); + return signature.verify(decoder.decode(sign)); + } + +} diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java new file mode 100644 index 00000000000..516ff1cb2f9 --- /dev/null +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java @@ -0,0 +1,9 @@ +package io.servicecomb.foundation.token; + +public interface AuthenticationTokenManager { + + public String getToken(); + + public boolean vaild(); + +} diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java new file mode 100644 index 00000000000..dd1c899f5f6 --- /dev/null +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java @@ -0,0 +1,29 @@ +package io.servicecomb.foundation.common.utils; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; + +import org.junit.Assert; +import org.junit.Test; + +public class TestRSAUtil { + + @Test + public void testSignVerify() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException + { + String []keypair = RSAUtils.getEncodedKeyPair(); + + String privateKey = keypair[0]; + String pubKey = keypair[1]; + + Assert.assertNotNull(privateKey); + Assert.assertNotNull(pubKey); + String testContent = "instance-id@201711201930@randomstr"; + String signstr = RSAUtils.sign(testContent, privateKey); + System.err.println(signstr); + Assert.assertTrue(RSAUtils.verify(pubKey, signstr, testContent)); + + } +} diff --git a/handlers/handler-auth/pom.xml b/handlers/handler-auth/pom.xml new file mode 100644 index 00000000000..217fc8a272f --- /dev/null +++ b/handlers/handler-auth/pom.xml @@ -0,0 +1,56 @@ + + + + 4.0.0 + + io.servicecomb + handlers + 0.4.1-SNAPSHOT + + + handler-auth + + + UTF-8 + + + + + io.servicecomb + java-chassis-core + + + + com.netflix.hystrix + hystrix-core + + + + org.slf4j + slf4j-log4j12 + test + + + log4j + log4j + test + + + + + diff --git a/handlers/handler-auth/readme.MD b/handlers/handler-auth/readme.MD new file mode 100644 index 00000000000..698fc80167e --- /dev/null +++ b/handlers/handler-auth/readme.MD @@ -0,0 +1,3 @@ +参考: +hystrix: https://github.com/Netflix/Hystrix/wiki +design: http://code.huawei.com/CSE/CSE/wikis/design \ No newline at end of file diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java new file mode 100644 index 00000000000..edaa934e221 --- /dev/null +++ b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -0,0 +1,35 @@ +package io.servicecomb; + +import io.servicecomb.authentication.RSAAuthenticationTokenManager; +import io.servicecomb.core.BootListener; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class AuthHandlerBoot implements BootListener { + + @Autowired + private AuthenticationTokenManager authenticationToken; + + @Override + public void onBootEvent(BootEvent event) { + if (EventType.BEFORE_REGISTRY.equals(event.getEventType()) && authenticationToken instanceof RSAAuthenticationTokenManager) + { + String []privAndPubKey = RSAUtils.getEncodedKeyPair(); + RSAAuthenticationTokenManager token = (RSAAuthenticationTokenManager)authenticationToken; + token.setPrivateKey(privAndPubKey[0]); + token.setPublicKey(privAndPubKey[1]); + } + + } + + public void setAuthenticationToken(AuthenticationTokenManager authenticationToken) { + this.authenticationToken = authenticationToken; + } + + + +} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java new file mode 100644 index 00000000000..244f833e1e1 --- /dev/null +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java @@ -0,0 +1,33 @@ +package io.servicecomb.authentication; + +import io.servicecomb.core.Handler; +import io.servicecomb.core.Invocation; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.swagger.invocation.AsyncResponse; + +import org.junit.Assert; +import org.springframework.beans.factory.annotation.Autowired; + +public class ConsumerAuthHandler implements Handler { + + @Autowired + public AuthenticationTokenManager athenticationTokenManager; + + @Override + public void handle(Invocation invocation, AsyncResponse asyncResp) + throws Exception { + + String token = athenticationTokenManager.getToken(); + Assert.assertNotNull(token, "athentication token is required"); + //TODO lwh set token in httprequest header + invocation.next(asyncResp); + } + + public void setAthenticationTokenManager( + AuthenticationTokenManager athenticationTokenManager) { + this.athenticationTokenManager = athenticationTokenManager; + } + + + +} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java new file mode 100644 index 00000000000..fc5bc8794cc --- /dev/null +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java @@ -0,0 +1,15 @@ +package io.servicecomb.authentication; + +import io.servicecomb.core.Handler; +import io.servicecomb.core.Invocation; +import io.servicecomb.swagger.invocation.AsyncResponse; + +public class ProviderAuthHanlder implements Handler{ + + @Override + public void handle(Invocation invocation, AsyncResponse asyncResp) + throws Exception { + + } + +} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java new file mode 100644 index 00000000000..267b6a5172c --- /dev/null +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java @@ -0,0 +1,47 @@ +package io.servicecomb.authentication; + +import io.servicecomb.foundation.token.AuthenticationTokenManager; + +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; + +@Component +@Scope("singleton") +public class RSAAuthenticationTokenManager implements AuthenticationTokenManager { + + private String privateKey; + + private String publicKey; + + private String token; + + @Override + public String getToken() { + return token; + } + + @Override + public boolean vaild() { + + return true; + } + + public String getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(String privateKey) { + this.privateKey = privateKey; + } + + public String getPublicKey() { + return publicKey; + } + + public void setPublicKey(String publicKey) { + this.publicKey = publicKey; + } + + + +} diff --git a/handlers/handler-auth/src/main/resources/config/cse.handler.xml b/handlers/handler-auth/src/main/resources/config/cse.handler.xml new file mode 100644 index 00000000000..b0f739faff2 --- /dev/null +++ b/handlers/handler-auth/src/main/resources/config/cse.handler.xml @@ -0,0 +1,22 @@ + + + + + + \ No newline at end of file diff --git a/handlers/handler-auth/src/test/resources/log4j.properties b/handlers/handler-auth/src/test/resources/log4j.properties new file mode 100644 index 00000000000..82ef8a6612c --- /dev/null +++ b/handlers/handler-auth/src/test/resources/log4j.properties @@ -0,0 +1,29 @@ +# +# Copyright 2017 Huawei Technologies Co., Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +log4j.rootLogger=INFO, out, stdout + +# CONSOLE appender not used by default +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d [%-15.15t] %-5p %-30.30c{1} - %m%n + +# File appender +log4j.appender.out=org.apache.log4j.FileAppender +log4j.appender.out.layout=org.apache.log4j.PatternLayout +log4j.appender.out.layout.ConversionPattern=%d [%-15.15t] %-5p %-30.30c{1} - %m%n +log4j.appender.out.file=target/test.log +log4j.appender.out.append=true diff --git a/handlers/pom.xml b/handlers/pom.xml index 071e6405e60..923960abbf3 100644 --- a/handlers/pom.xml +++ b/handlers/pom.xml @@ -34,6 +34,7 @@ handler-bizkeeper handler-flowcontrol-qps handler-loadbalance + handler-auth From bd0ef763ba98daafd29ec54ac392bc2c2faa5628 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Sat, 18 Nov 2017 15:38:20 +0800 Subject: [PATCH 02/28] add auth header to context --- .../main/java/io/servicecomb/core/Const.java | 2 ++ .../token/AuthenticationTokenManager.java | 2 +- .../authentication/ConsumerAuthHandler.java | 21 ++++++-------- .../authentication/ProviderAuthHanlder.java | 28 ++++++++++++++++--- .../RSAAuthenticationTokenManager.java | 12 ++++---- 5 files changed, 41 insertions(+), 24 deletions(-) diff --git a/core/src/main/java/io/servicecomb/core/Const.java b/core/src/main/java/io/servicecomb/core/Const.java index 801ca1bcc4d..0e493aa6b79 100644 --- a/core/src/main/java/io/servicecomb/core/Const.java +++ b/core/src/main/java/io/servicecomb/core/Const.java @@ -39,4 +39,6 @@ private Const() { public static final String TARGET_MICROSERVICE = "x-cse-target-microservice"; public static final String REMOTE_ADDRESS = "x-cse-remote-address"; + + public static final String AUTH_TOKEN = "x-cse-auth-rsatoken"; } diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java index 516ff1cb2f9..3e6265e59bf 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java @@ -4,6 +4,6 @@ public interface AuthenticationTokenManager { public String getToken(); - public boolean vaild(); + public boolean vaild(String token); } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java index 244f833e1e1..7d276d2fa88 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java @@ -1,33 +1,30 @@ package io.servicecomb.authentication; +import org.junit.Assert; +import org.springframework.beans.factory.annotation.Autowired; + +import io.servicecomb.core.Const; import io.servicecomb.core.Handler; import io.servicecomb.core.Invocation; import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.swagger.invocation.AsyncResponse; -import org.junit.Assert; -import org.springframework.beans.factory.annotation.Autowired; - public class ConsumerAuthHandler implements Handler { @Autowired public AuthenticationTokenManager athenticationTokenManager; - + @Override - public void handle(Invocation invocation, AsyncResponse asyncResp) - throws Exception { - + public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { + String token = athenticationTokenManager.getToken(); Assert.assertNotNull(token, "athentication token is required"); - //TODO lwh set token in httprequest header + invocation.addContext(Const.AUTH_TOKEN, token); invocation.next(asyncResp); } - public void setAthenticationTokenManager( - AuthenticationTokenManager athenticationTokenManager) { + public void setAthenticationTokenManager(AuthenticationTokenManager athenticationTokenManager) { this.athenticationTokenManager = athenticationTokenManager; } - - } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java index fc5bc8794cc..7942f062959 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java @@ -1,15 +1,35 @@ package io.servicecomb.authentication; +import org.springframework.beans.factory.annotation.Autowired; + +import io.servicecomb.core.Const; import io.servicecomb.core.Handler; import io.servicecomb.core.Invocation; +import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.swagger.invocation.AsyncResponse; +import io.servicecomb.swagger.invocation.context.HttpStatus; +import io.servicecomb.swagger.invocation.exception.InvocationException; + +public class ProviderAuthHanlder implements Handler { -public class ProviderAuthHanlder implements Handler{ + @Autowired + private AuthenticationTokenManager authenticationTokenManager; @Override - public void handle(Invocation invocation, AsyncResponse asyncResp) - throws Exception { - + public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { + + String token = invocation.getContext(Const.AUTH_TOKEN); + if (authenticationTokenManager.vaild(token)) { + invocation.next(asyncResp); + } else { + asyncResp.producerFail( + new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "reject by authentication")); + } + + } + + public void setAuthenticationTokenManager(AuthenticationTokenManager authenticationTokenManager) { + this.authenticationTokenManager = authenticationTokenManager; } } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java index 267b6a5172c..9a6bee613e0 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java @@ -10,19 +10,19 @@ public class RSAAuthenticationTokenManager implements AuthenticationTokenManager { private String privateKey; - + private String publicKey; - + private String token; - + @Override public String getToken() { return token; } @Override - public boolean vaild() { - + public boolean vaild(String token) { + return true; } @@ -41,7 +41,5 @@ public String getPublicKey() { public void setPublicKey(String publicKey) { this.publicKey = publicKey; } - - } From 327da7589d879d7a829f209769742aafe88370ce Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Sun, 19 Nov 2017 11:42:23 +0800 Subject: [PATCH 03/28] pub private key auth --- .../token/AuthenticationTokenManager.java | 2 +- .../token/RSAAuthenticationToken.java | 49 ++++++++++++ .../foundation/token/RSAKeypair.java | 29 ++++++++ .../java/io/servicecomb/AuthHandlerBoot.java | 16 +--- .../authentication/ConsumerAuthHandler.java | 2 + .../authentication/ProviderAuthHanlder.java | 2 + .../RSAAuthenticationTokenManager.java | 45 ----------- .../RSACoumserTokenManager.java | 74 +++++++++++++++++++ .../RSAProviderTokenManager.java | 48 ++++++++++++ .../serviceregistry/api/Const.java | 2 + .../MicroserviceInstanceRegisterTask.java | 9 ++- 11 files changed, 219 insertions(+), 59 deletions(-) create mode 100644 foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java create mode 100644 foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java create mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java create mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java index 3e6265e59bf..bf317505c72 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java @@ -2,7 +2,7 @@ public interface AuthenticationTokenManager { - public String getToken(); + default public String getToken(){return "";}; public boolean vaild(String token); diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java new file mode 100644 index 00000000000..18ac09b575b --- /dev/null +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java @@ -0,0 +1,49 @@ +package io.servicecomb.foundation.token; + +public class RSAAuthenticationToken { + + public final static long TOKEN_ACTIVE_TIME = 24 * 60 * 60 *1000; + + private String instanceId; + + private long generateTime; + + private String randomCode; + + private String sign; + + public RSAAuthenticationToken(String instanceId, long generateTime, + String randomCode, String sign) { + this.instanceId = instanceId; + this.generateTime = generateTime; + this.randomCode = randomCode; + this.sign = sign; + } + + + public String getInstanceId() { + return instanceId; + } + + + public long getGenerateTime() { + return generateTime; + } + + + public String getSign() { + return sign; + } + + + public String fromat() { + return String.format("%s@%s@%s@%s", instanceId, randomCode, + generateTime, sign); + } + + public static RSAAuthenticationToken fromStr(String token) { + String[] tokenArr = token.split("@"); + return new RSAAuthenticationToken(tokenArr[0], + Long.valueOf(tokenArr[1]), tokenArr[2], tokenArr[3]); + } +} diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java new file mode 100644 index 00000000000..52e080b9bc3 --- /dev/null +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java @@ -0,0 +1,29 @@ +package io.servicecomb.foundation.token; + + +public class RSAKeypair { + + private RSAKeypair(){}; + + private String privateKey; + + private String publicKey; + + public String getPrivateKey() { + return privateKey; + } + + public void setPrivateKey(String privateKey) { + this.privateKey = privateKey; + } + + public String getPublicKey() { + return publicKey; + } + + public void setPublicKey(String publicKey) { + this.publicKey = publicKey; + } + + public static RSAKeypair INSTANCE = new RSAKeypair(); +} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java index edaa934e221..9cfa3a680c0 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -1,34 +1,26 @@ package io.servicecomb; -import io.servicecomb.authentication.RSAAuthenticationTokenManager; import io.servicecomb.core.BootListener; import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.foundation.token.RSAKeypair; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @Component public class AuthHandlerBoot implements BootListener { - @Autowired - private AuthenticationTokenManager authenticationToken; @Override public void onBootEvent(BootEvent event) { - if (EventType.BEFORE_REGISTRY.equals(event.getEventType()) && authenticationToken instanceof RSAAuthenticationTokenManager) + if (EventType.BEFORE_REGISTRY.equals(event.getEventType())) { String []privAndPubKey = RSAUtils.getEncodedKeyPair(); - RSAAuthenticationTokenManager token = (RSAAuthenticationTokenManager)authenticationToken; - token.setPrivateKey(privAndPubKey[0]); - token.setPublicKey(privAndPubKey[1]); + RSAKeypair.INSTANCE.setPrivateKey(privAndPubKey[0]); + RSAKeypair.INSTANCE.setPublicKey(privAndPubKey[1]); } } - public void setAuthenticationToken(AuthenticationTokenManager authenticationToken) { - this.authenticationToken = authenticationToken; - } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java index 7d276d2fa88..df94f07b99f 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java @@ -2,6 +2,7 @@ import org.junit.Assert; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import io.servicecomb.core.Const; import io.servicecomb.core.Handler; @@ -12,6 +13,7 @@ public class ConsumerAuthHandler implements Handler { @Autowired + @Qualifier("coumserTokenManager") public AuthenticationTokenManager athenticationTokenManager; @Override diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java index 7942f062959..b3fa01e0da0 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java @@ -1,6 +1,7 @@ package io.servicecomb.authentication; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import io.servicecomb.core.Const; import io.servicecomb.core.Handler; @@ -13,6 +14,7 @@ public class ProviderAuthHanlder implements Handler { @Autowired + @Qualifier("providerTokenManager") private AuthenticationTokenManager authenticationTokenManager; @Override diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java deleted file mode 100644 index 9a6bee613e0..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationTokenManager.java +++ /dev/null @@ -1,45 +0,0 @@ -package io.servicecomb.authentication; - -import io.servicecomb.foundation.token.AuthenticationTokenManager; - -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Component; - -@Component -@Scope("singleton") -public class RSAAuthenticationTokenManager implements AuthenticationTokenManager { - - private String privateKey; - - private String publicKey; - - private String token; - - @Override - public String getToken() { - return token; - } - - @Override - public boolean vaild(String token) { - - return true; - } - - public String getPrivateKey() { - return privateKey; - } - - public void setPrivateKey(String privateKey) { - this.privateKey = privateKey; - } - - public String getPublicKey() { - return publicKey; - } - - public void setPublicKey(String publicKey) { - this.publicKey = publicKey; - } - -} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java new file mode 100644 index 00000000000..24ba6235b1e --- /dev/null +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java @@ -0,0 +1,74 @@ +package io.servicecomb.authentication; + +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.foundation.token.RSAAuthenticationToken; +import io.servicecomb.foundation.token.RSAKeypair; +import io.servicecomb.serviceregistry.RegistryUtils; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; +import java.util.Date; +import java.util.concurrent.locks.ReadWriteLock; +import java.util.concurrent.locks.ReentrantReadWriteLock; + +import org.springframework.stereotype.Component; +import org.springframework.stereotype.Service; + +@Component +@Service("coumserTokenManager") +public class RSACoumserTokenManager implements AuthenticationTokenManager { + + private ReadWriteLock readWriteLock = new ReentrantReadWriteLock(); + + private RSAAuthenticationToken token; + + @Override + public String getToken() { + readWriteLock.readLock().lock(); + if(null != token && vaild(token.fromat())) + { + String tokenStr = token.fromat(); + readWriteLock.readLock().unlock(); + return tokenStr; + } + else + { + return createToken(); + } + } + + public String createToken() + { + String privateKey = RSAKeypair.INSTANCE.getPrivateKey(); + readWriteLock.writeLock().lock(); + String instanceId = RegistryUtils.getAppId(); + String randomCode = ""; + long generateTime = System.currentTimeMillis(); + try { + String content = String.format("%s@%s@%s", instanceId, generateTime, randomCode); + String sign = RSAUtils.sign(content, privateKey); + token = RSAAuthenticationToken.fromStr(String.format("%s@%s", content, sign)); + return token.fromat(); + } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { + throw new Error("create token error"); + } + + } + + @Override + public boolean vaild(String token) { + long generateTime = RSAAuthenticationToken.fromStr(token).getGenerateTime(); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); + Date now = new Date(); + if (expiredDate.before(now) ) + { + return true; + } + return false; + } + + +} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java new file mode 100644 index 00000000000..79c4440378f --- /dev/null +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java @@ -0,0 +1,48 @@ +package io.servicecomb.authentication; + +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.foundation.token.RSAAuthenticationToken; +import io.servicecomb.serviceregistry.RegistryUtils; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; +import java.util.Date; + +public class RSAProviderTokenManager implements AuthenticationTokenManager{ + + + @Override + public boolean vaild(String token) { + + try { + RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); + String sign = rsaToken.getSign(); + String content = token.substring(0, token.lastIndexOf("@")); + String publicKey = getPublicKeyByInstanceId(rsaToken.getInstanceId()); + boolean verify = RSAUtils.verify(publicKey, sign, content); + if (verify) + { + long generateTime = rsaToken.getGenerateTime(); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); + Date now = new Date(); + if (now.before(expiredDate)) + { + return true; + } + } + } catch (InvalidKeyException | NoSuchAlgorithmException + | InvalidKeySpecException | SignatureException e) { + + return false; + } + return false; + } + + private String getPublicKeyByInstanceId(String instanceId) { + return ""; + } + +} diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/Const.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/Const.java index 476adc295b4..9e9127f6771 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/Const.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/Const.java @@ -149,4 +149,6 @@ public static final class REGISTRY_API { public static final String PATH_CHECKSESSION = "checksession"; public static final String URL_PREFIX = "urlPrefix"; + + public static final String INSTANCE_PUBKEY_PRO = "publickey"; } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index d6250c8e603..9ab4555be85 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -15,6 +15,8 @@ */ package io.servicecomb.serviceregistry.task; +import java.util.Optional; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.StringUtils; @@ -22,7 +24,9 @@ import com.google.common.eventbus.EventBus; import com.google.common.eventbus.Subscribe; +import io.servicecomb.foundation.token.RSAKeypair; import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.serviceregistry.api.Const; import io.servicecomb.serviceregistry.api.registry.Microservice; import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; import io.servicecomb.serviceregistry.client.ServiceRegistryClient; @@ -66,7 +70,10 @@ protected boolean doRegister() { microserviceInstance.setHostName(hostName); microserviceInstance.getHealthCheck().setInterval(serviceRegistryConfig.getHeartbeatInterval()); microserviceInstance.getHealthCheck().setTimes(serviceRegistryConfig.getResendHeartBeatTimes()); - + + Optional publicKey = Optional.of(RSAKeypair.INSTANCE.getPublicKey()); + publicKey.ifPresent(value -> microserviceInstance.getProperties().put(Const.INSTANCE_PUBKEY_PRO, value)); + String instanceId = srClient.registerMicroserviceInstance(microserviceInstance); if (StringUtils.isEmpty(instanceId)) { LOGGER.error("Register microservice instance failed. microserviceId={}", From 7c10133d4bacdc346a727db2415f5c0fc174e30b Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Sun, 19 Nov 2017 18:55:34 +0800 Subject: [PATCH 04/28] private public key auth --- .../{RSAKeypair.java => RSAKeypair4Auth.java} | 11 ++++-- .../java/io/servicecomb/AuthHandlerBoot.java | 6 +-- .../RSAAuthenticationToken.java | 20 ++++++++-- .../RSACoumserTokenManager.java | 21 +++++----- .../RSAProviderTokenManager.java | 8 ++-- .../authentication/TestAuthHandlerBoot.java | 24 ++++++++++++ .../TestConsumerAuthHandler.java | 37 ++++++++++++++++++ .../TestProviderAuthHanlder.java | 38 +++++++++++++++++++ .../MicroserviceInstanceRegisterTask.java | 4 +- 9 files changed, 142 insertions(+), 27 deletions(-) rename foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/{RSAKeypair.java => RSAKeypair4Auth.java} (70%) rename {foundations/foundation-common/src/main/java/io/servicecomb/foundation/token => handlers/handler-auth/src/main/java/io/servicecomb/authentication}/RSAAuthenticationToken.java (68%) create mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java create mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java create mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java similarity index 70% rename from foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java rename to foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java index 52e080b9bc3..aafbd280101 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java @@ -1,9 +1,12 @@ package io.servicecomb.foundation.token; +/** + * 进程级别公私钥对 + * + */ +public class RSAKeypair4Auth { -public class RSAKeypair { - - private RSAKeypair(){}; + private RSAKeypair4Auth(){}; private String privateKey; @@ -25,5 +28,5 @@ public void setPublicKey(String publicKey) { this.publicKey = publicKey; } - public static RSAKeypair INSTANCE = new RSAKeypair(); + public static RSAKeypair4Auth INSTANCE = new RSAKeypair4Auth(); } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java index 9cfa3a680c0..7c3842c4cb1 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -2,7 +2,7 @@ import io.servicecomb.core.BootListener; import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.RSAKeypair; +import io.servicecomb.foundation.token.RSAKeypair4Auth; import org.springframework.stereotype.Component; @@ -15,8 +15,8 @@ public void onBootEvent(BootEvent event) { if (EventType.BEFORE_REGISTRY.equals(event.getEventType())) { String []privAndPubKey = RSAUtils.getEncodedKeyPair(); - RSAKeypair.INSTANCE.setPrivateKey(privAndPubKey[0]); - RSAKeypair.INSTANCE.setPublicKey(privAndPubKey[1]); + RSAKeypair4Auth.INSTANCE.setPrivateKey(privAndPubKey[0]); + RSAKeypair4Auth.INSTANCE.setPublicKey(privAndPubKey[1]); } } diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java similarity index 68% rename from foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java rename to handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index 18ac09b575b..3b683614401 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAAuthenticationToken.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -1,5 +1,12 @@ -package io.servicecomb.foundation.token; +package io.servicecomb.authentication; + +/** + * token 组成部分: + * token: instanceId@generateTime@randomCode@sign(instanceId@generateTime@randomCode) + * @author Administrator + * + */ public class RSAAuthenticationToken { public final static long TOKEN_ACTIVE_TIME = 24 * 60 * 60 *1000; @@ -19,7 +26,12 @@ public RSAAuthenticationToken(String instanceId, long generateTime, this.randomCode = randomCode; this.sign = sign; } - + + public String plainToken() + { + return String.format("%s@%s@%s", this.instanceId, this.generateTime, this.randomCode); + } + public String getInstanceId() { return instanceId; @@ -37,8 +49,8 @@ public String getSign() { public String fromat() { - return String.format("%s@%s@%s@%s", instanceId, randomCode, - generateTime, sign); + return String.format("%s@%s@%s@%s", instanceId, generateTime, + randomCode, sign); } public static RSAAuthenticationToken fromStr(String token) { diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java index 24ba6235b1e..9e81fa8c540 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java @@ -2,9 +2,7 @@ import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.foundation.token.RSAAuthenticationToken; -import io.servicecomb.foundation.token.RSAKeypair; -import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.foundation.token.RSAKeypair4Auth; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -14,6 +12,7 @@ import java.util.concurrent.locks.ReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock; +import org.apache.commons.lang3.RandomStringUtils; import org.springframework.stereotype.Component; import org.springframework.stereotype.Service; @@ -27,9 +26,10 @@ public class RSACoumserTokenManager implements AuthenticationTokenManager { @Override public String getToken() { - readWriteLock.readLock().lock(); + if(null != token && vaild(token.fromat())) { + readWriteLock.readLock().lock(); String tokenStr = token.fromat(); readWriteLock.readLock().unlock(); return tokenStr; @@ -42,15 +42,16 @@ public String getToken() { public String createToken() { - String privateKey = RSAKeypair.INSTANCE.getPrivateKey(); + String privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey(); readWriteLock.writeLock().lock(); - String instanceId = RegistryUtils.getAppId(); - String randomCode = ""; + //TODO get from cache + String instanceId = "lwh"; + String randomCode = RandomStringUtils.randomAlphanumeric(128); long generateTime = System.currentTimeMillis(); try { - String content = String.format("%s@%s@%s", instanceId, generateTime, randomCode); - String sign = RSAUtils.sign(content, privateKey); - token = RSAAuthenticationToken.fromStr(String.format("%s@%s", content, sign)); + String plain = String.format("%s@%s@%s", instanceId, generateTime, randomCode); + String sign = RSAUtils.sign(plain, privateKey); + token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, sign)); return token.fromat(); } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { throw new Error("create token error"); diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java index 79c4440378f..6e3b89e95d9 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java @@ -2,8 +2,7 @@ import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.foundation.token.RSAAuthenticationToken; -import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.foundation.token.RSAKeypair4Auth; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -20,7 +19,7 @@ public boolean vaild(String token) { try { RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); String sign = rsaToken.getSign(); - String content = token.substring(0, token.lastIndexOf("@")); + String content = rsaToken.plainToken(); String publicKey = getPublicKeyByInstanceId(rsaToken.getInstanceId()); boolean verify = RSAUtils.verify(publicKey, sign, content); if (verify) @@ -42,7 +41,8 @@ public boolean vaild(String token) { } private String getPublicKeyByInstanceId(String instanceId) { - return ""; + //TODO get from cache + return RSAKeypair4Auth.INSTANCE.getPublicKey(); } } diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java new file mode 100644 index 00000000000..f08d62f7cf3 --- /dev/null +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java @@ -0,0 +1,24 @@ +package io.servicecomb.authentication; + +import io.servicecomb.AuthHandlerBoot; +import io.servicecomb.core.BootListener; +import io.servicecomb.core.BootListener.BootEvent; +import io.servicecomb.foundation.token.RSAKeypair4Auth; + +import org.junit.Assert; +import org.junit.Test; + +public class TestAuthHandlerBoot { + + + @Test + public void testGenerateRSAKey() + { + AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot(); + BootEvent bootEvent = new BootEvent(); + bootEvent.setEventType(BootListener.EventType.BEFORE_REGISTRY); + authHandlerBoot.onBootEvent(bootEvent); + Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPrivateKey()); + Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPublicKey()); + } +} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java new file mode 100644 index 00000000000..9289e1dd97d --- /dev/null +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -0,0 +1,37 @@ +package io.servicecomb.authentication; + +import io.servicecomb.core.Invocation; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.swagger.invocation.AsyncResponse; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class TestConsumerAuthHandler { + + Invocation invocation = null; + AsyncResponse asyncResp = null; + + @Test + public void testHandler() throws Exception { + + AuthenticationTokenManager tokenManager = new RSACoumserTokenManager(); + ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); + consumerAuthHandler.setAthenticationTokenManager(tokenManager); + consumerAuthHandler.handle(invocation, asyncResp); + Assert.assertTrue(true); + } + + @Before + public void setUp() throws Exception { + invocation = Mockito.mock(Invocation.class); + asyncResp = Mockito.mock(AsyncResponse.class); + String[] privAndPubKey = RSAUtils.getEncodedKeyPair(); + RSAKeypair4Auth.INSTANCE.setPrivateKey(privAndPubKey[0]); + RSAKeypair4Auth.INSTANCE.setPublicKey(privAndPubKey[1]); + } +} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java new file mode 100644 index 00000000000..be23e36b92b --- /dev/null +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java @@ -0,0 +1,38 @@ +package io.servicecomb.authentication; + +import io.servicecomb.core.Const; +import io.servicecomb.core.Invocation; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.swagger.invocation.AsyncResponse; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class TestProviderAuthHanlder { + Invocation invocation = null; + AsyncResponse asyncResp = null; + @Before + public void setUp() throws Exception { + invocation = Mockito.mock(Invocation.class); + asyncResp = Mockito.mock(AsyncResponse.class); + String[] privAndPubKey = RSAUtils.getEncodedKeyPair(); + RSAKeypair4Auth.INSTANCE.setPrivateKey(privAndPubKey[0]); + RSAKeypair4Auth.INSTANCE.setPublicKey(privAndPubKey[1]); + String token = new RSACoumserTokenManager().createToken(); + Mockito.when(invocation.getContext(Const.AUTH_TOKEN)).thenReturn(token); + } + + @Test + public void testHandle() throws Exception + { + AuthenticationTokenManager tokenManager = new RSAProviderTokenManager(); + ProviderAuthHanlder providerAuthHanlder = new ProviderAuthHanlder(); + providerAuthHanlder.setAuthenticationTokenManager(tokenManager); + providerAuthHanlder.handle(invocation, asyncResp); + Assert.assertTrue(true); + } +} diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index 9ab4555be85..37b95561b65 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -24,7 +24,7 @@ import com.google.common.eventbus.EventBus; import com.google.common.eventbus.Subscribe; -import io.servicecomb.foundation.token.RSAKeypair; +import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.serviceregistry.RegistryUtils; import io.servicecomb.serviceregistry.api.Const; import io.servicecomb.serviceregistry.api.registry.Microservice; @@ -71,7 +71,7 @@ protected boolean doRegister() { microserviceInstance.getHealthCheck().setInterval(serviceRegistryConfig.getHeartbeatInterval()); microserviceInstance.getHealthCheck().setTimes(serviceRegistryConfig.getResendHeartBeatTimes()); - Optional publicKey = Optional.of(RSAKeypair.INSTANCE.getPublicKey()); + Optional publicKey = Optional.of(RSAKeypair4Auth.INSTANCE.getPublicKey()); publicKey.ifPresent(value -> microserviceInstance.getProperties().put(Const.INSTANCE_PUBKEY_PRO, value)); String instanceId = srClient.registerMicroserviceInstance(microserviceInstance); From ca32e83f69c4614687ca6d547aa4a94c1b51a2cc Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Sun, 19 Nov 2017 20:39:23 +0800 Subject: [PATCH 05/28] add sample fix bug and add sample --- .../src/main/resources/config/cse.handler.xml | 2 +- java-chassis-dependencies/pom.xml | 5 ++ samples/auth-sample/auth-consumer/pom.xml | 55 +++++++++++++++++ .../springmvc/consumer/AuthConsumerMain.java | 59 +++++++++++++++++++ .../META-INF/spring/pojo.consumer.bean.xml | 30 ++++++++++ .../resources/config/log4j.demo.properties | 20 +++++++ .../src/main/resources/microservice.yaml | 18 ++++++ .../resources/microservices/hello/hello.yaml | 55 +++++++++++++++++ samples/auth-sample/auth-provider/pom.xml | 52 ++++++++++++++++ .../provider/SpringmvcHelloImpl.java | 46 +++++++++++++++ .../provider/SpringmvcProviderMain.java | 28 +++++++++ .../META-INF/spring/pojo.provider.bean.xml | 28 +++++++++ .../resources/config/log4j.demo.properties | 20 +++++++ .../src/main/resources/microservice.yaml | 16 +++++ .../resources/microservices/hello/hello.yaml | 55 +++++++++++++++++ samples/auth-sample/pom.xml | 14 +++++ samples/pom.xml | 2 + 17 files changed, 504 insertions(+), 1 deletion(-) create mode 100644 samples/auth-sample/auth-consumer/pom.xml create mode 100644 samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java create mode 100644 samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml create mode 100644 samples/auth-sample/auth-consumer/src/main/resources/config/log4j.demo.properties create mode 100644 samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml create mode 100644 samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml create mode 100644 samples/auth-sample/auth-provider/pom.xml create mode 100644 samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcHelloImpl.java create mode 100644 samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java create mode 100644 samples/auth-sample/auth-provider/src/main/resources/META-INF/spring/pojo.provider.bean.xml create mode 100644 samples/auth-sample/auth-provider/src/main/resources/config/log4j.demo.properties create mode 100644 samples/auth-sample/auth-provider/src/main/resources/microservice.yaml create mode 100644 samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml create mode 100644 samples/auth-sample/pom.xml diff --git a/handlers/handler-auth/src/main/resources/config/cse.handler.xml b/handlers/handler-auth/src/main/resources/config/cse.handler.xml index b0f739faff2..73b4a6b084a 100644 --- a/handlers/handler-auth/src/main/resources/config/cse.handler.xml +++ b/handlers/handler-auth/src/main/resources/config/cse.handler.xml @@ -16,7 +16,7 @@ + class="io.servicecomb.authentication.ConsumerAuthHandler" /> \ No newline at end of file diff --git a/java-chassis-dependencies/pom.xml b/java-chassis-dependencies/pom.xml index 7683c6a41bb..a7f38eff455 100644 --- a/java-chassis-dependencies/pom.xml +++ b/java-chassis-dependencies/pom.xml @@ -764,6 +764,11 @@ io.servicecomb handler-flowcontrol-qps 0.4.1-SNAPSHOT + + + io.servicecomb + handler-auth + 0.4.1-SNAPSHOT io.servicecomb diff --git a/samples/auth-sample/auth-consumer/pom.xml b/samples/auth-sample/auth-consumer/pom.xml new file mode 100644 index 00000000000..f286fe93f61 --- /dev/null +++ b/samples/auth-sample/auth-consumer/pom.xml @@ -0,0 +1,55 @@ + + + + 4.0.0 + + io.servicecomb.samples + auth-sample + 0.4.1-SNAPSHOT + + auth-consumer + + + io.servicecomb + transport-highway + + + io.servicecomb + transport-rest-vertx + + + io.servicecomb + provider-springmvc + + + io.servicecomb + provider-pojo + + + io.servicecomb + handler-auth + + + org.slf4j + slf4j-log4j12 + + + io.servicecomb.samples + commmon-schema + + + \ No newline at end of file diff --git a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java new file mode 100644 index 00000000000..a0f76369e0e --- /dev/null +++ b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java @@ -0,0 +1,59 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.servicecomb.samples.springmvc.consumer; + +import io.servicecomb.foundation.common.utils.BeanUtils; +import io.servicecomb.foundation.common.utils.Log4jUtils; +import io.servicecomb.provider.pojo.RpcReference; +import io.servicecomb.provider.springmvc.reference.RestTemplateBuilder; +import io.servicecomb.samples.common.schema.Hello; +import io.servicecomb.samples.common.schema.models.Person; + +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; + +@Component +public class AuthConsumerMain { + + private static RestTemplate restTemplate = RestTemplateBuilder.create(); + + @RpcReference(microserviceName = "springmvc", schemaId = "springmvcHello") + private static Hello hello; + + public static void main(String[] args) throws Exception { + init(); + Person person = new Person(); + person.setName("ServiceComb/Java Chassis"); + + // RestTemplate Consumer or POJO Consumer. You can choose whatever you like + // RestTemplate Consumer + String sayHiResult = + restTemplate.postForObject("cse://springmvc/springmvchello/sayhi?name=Java Chassis", null, String.class); + String sayHelloResult = restTemplate.postForObject("cse://springmvc/springmvchello/sayhello", person, String.class); + System.out.println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); + System.out.println("RestTemplate consumer sayhi services: " + sayHiResult); + System.out.println("RestTemplate consumer sayhello services: " + sayHelloResult); + + // POJO Consumer + System.out.println("POJO consumer sayhi services: " + hello.sayHi("Java Chassis")); + System.out.println("POJO consumer sayhi services: " + hello.sayHello(person)); + } + + public static void init() throws Exception { + Log4jUtils.init(); + BeanUtils.init(); + } +} diff --git a/samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml b/samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml new file mode 100644 index 00000000000..f34ddb79034 --- /dev/null +++ b/samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml @@ -0,0 +1,30 @@ + + + + + + + + \ No newline at end of file diff --git a/samples/auth-sample/auth-consumer/src/main/resources/config/log4j.demo.properties b/samples/auth-sample/auth-consumer/src/main/resources/config/log4j.demo.properties new file mode 100644 index 00000000000..0324fbb1032 --- /dev/null +++ b/samples/auth-sample/auth-consumer/src/main/resources/config/log4j.demo.properties @@ -0,0 +1,20 @@ +# +# Copyright 2017 Huawei Technologies Co., Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +paas.logs.dir=target/logs/ +paas.logs.file=sample.log + +log4j.rootLogger=INFO,paas,stdout diff --git a/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml b/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml new file mode 100644 index 00000000000..13b6fd5f219 --- /dev/null +++ b/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml @@ -0,0 +1,18 @@ +APPLICATION_ID: auth-consumer-sample +service_description: + name: authConsumer + version: 0.0.1 +cse: + service: + registry: + address: http://127.0.0.1:30111 + handler: + chain: + Consumer: + default: auth-consumer + isolation: + Consumer: + enabled: false + references: + springmvc: + version-rule: 0.0.1 diff --git a/samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml b/samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml new file mode 100644 index 00000000000..be8ea88dda4 --- /dev/null +++ b/samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml @@ -0,0 +1,55 @@ +swagger: '2.0' +info: + title: hello + version: 1.0.0 + x-java-interface: io.servicecomb.samples.springmvc.Hello +basePath: /pojo/rest/hello +produces: + - application/json + +paths: + /sayhi: + post: + operationId: sayHi + parameters: + - name: name + in: body + required: true + schema: + type: string + responses: + 200: + description: 正确返回 + schema: + type: string + default: + description: 默认返回 + schema: + type: string + /sayhello: + post: + operationId: sayHello + parameters: + - name: person + in: body + required: true + schema: + $ref: "#/definitions/Person" + responses: + 200: + description: 正确返回 + schema: + type: string + default: + description: 默认返回 + schema: + type: string +definitions: + Person: + type: "object" + properties: + name: + type: "string" + description: "person name" + xml: + name: "Person" \ No newline at end of file diff --git a/samples/auth-sample/auth-provider/pom.xml b/samples/auth-sample/auth-provider/pom.xml new file mode 100644 index 00000000000..465c63a700a --- /dev/null +++ b/samples/auth-sample/auth-provider/pom.xml @@ -0,0 +1,52 @@ + + + + 4.0.0 + + io.servicecomb.samples + auth-sample + 0.4.1-SNAPSHOT + + auth-provider + + + io.servicecomb + transport-highway + + + io.servicecomb + transport-rest-vertx + + + io.servicecomb + handler-auth + + + io.servicecomb + provider-springmvc + + + org.slf4j + slf4j-log4j12 + + + io.servicecomb.samples + commmon-schema + + + \ No newline at end of file diff --git a/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcHelloImpl.java b/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcHelloImpl.java new file mode 100644 index 00000000000..46a9ce5689b --- /dev/null +++ b/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcHelloImpl.java @@ -0,0 +1,46 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.servicecomb.samples.springmvc.provider; + + +import io.servicecomb.provider.rest.common.RestSchema; +import io.servicecomb.samples.common.schema.Hello; +import io.servicecomb.samples.common.schema.models.Person; + +import javax.ws.rs.core.MediaType; + +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; + +@RestSchema(schemaId = "springmvcHello") +@RequestMapping(path = "/springmvchello", produces = MediaType.APPLICATION_JSON) +public class SpringmvcHelloImpl implements Hello { + + @Override + @RequestMapping(path = "/sayhi", method = RequestMethod.POST) + public String sayHi(@RequestParam(name = "name") String name) { + return "Hello " + name; + } + + @Override + @RequestMapping(path = "/sayhello", method = RequestMethod.POST) + public String sayHello(@RequestBody Person person) { + return "Hello person " + person.getName(); + } +} diff --git a/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java b/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java new file mode 100644 index 00000000000..83c5f92b95d --- /dev/null +++ b/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java @@ -0,0 +1,28 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.servicecomb.samples.springmvc.provider; + +import io.servicecomb.foundation.common.utils.BeanUtils; +import io.servicecomb.foundation.common.utils.Log4jUtils; + +public class SpringmvcProviderMain { + + public static void main(String[] args) throws Exception { + Log4jUtils.init(); + BeanUtils.init(); + } +} diff --git a/samples/auth-sample/auth-provider/src/main/resources/META-INF/spring/pojo.provider.bean.xml b/samples/auth-sample/auth-provider/src/main/resources/META-INF/spring/pojo.provider.bean.xml new file mode 100644 index 00000000000..2acd82877ea --- /dev/null +++ b/samples/auth-sample/auth-provider/src/main/resources/META-INF/spring/pojo.provider.bean.xml @@ -0,0 +1,28 @@ + + + + + + + \ No newline at end of file diff --git a/samples/auth-sample/auth-provider/src/main/resources/config/log4j.demo.properties b/samples/auth-sample/auth-provider/src/main/resources/config/log4j.demo.properties new file mode 100644 index 00000000000..0324fbb1032 --- /dev/null +++ b/samples/auth-sample/auth-provider/src/main/resources/config/log4j.demo.properties @@ -0,0 +1,20 @@ +# +# Copyright 2017 Huawei Technologies Co., Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +paas.logs.dir=target/logs/ +paas.logs.file=sample.log + +log4j.rootLogger=INFO,paas,stdout diff --git a/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml b/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml new file mode 100644 index 00000000000..eeb8c6ec7c5 --- /dev/null +++ b/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml @@ -0,0 +1,16 @@ +APPLICATION_ID: auth-provider-sample +service_description: + name: authsample + version: 0.0.1 +cse: + service: + registry: + address: http://127.0.0.1:30112 + handler: + chain: + Consumer: + default: auth-provider + rest: + address: 0.0.0.0:8080 + highway: + address: 0.0.0.0:7070 diff --git a/samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml b/samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml new file mode 100644 index 00000000000..be8ea88dda4 --- /dev/null +++ b/samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml @@ -0,0 +1,55 @@ +swagger: '2.0' +info: + title: hello + version: 1.0.0 + x-java-interface: io.servicecomb.samples.springmvc.Hello +basePath: /pojo/rest/hello +produces: + - application/json + +paths: + /sayhi: + post: + operationId: sayHi + parameters: + - name: name + in: body + required: true + schema: + type: string + responses: + 200: + description: 正确返回 + schema: + type: string + default: + description: 默认返回 + schema: + type: string + /sayhello: + post: + operationId: sayHello + parameters: + - name: person + in: body + required: true + schema: + $ref: "#/definitions/Person" + responses: + 200: + description: 正确返回 + schema: + type: string + default: + description: 默认返回 + schema: + type: string +definitions: + Person: + type: "object" + properties: + name: + type: "string" + description: "person name" + xml: + name: "Person" \ No newline at end of file diff --git a/samples/auth-sample/pom.xml b/samples/auth-sample/pom.xml new file mode 100644 index 00000000000..f978e24278b --- /dev/null +++ b/samples/auth-sample/pom.xml @@ -0,0 +1,14 @@ + + 4.0.0 + + io.servicecomb.samples + samples + 0.4.1-SNAPSHOT + + auth-sample + pom + + auth-provider + auth-consumer + + \ No newline at end of file diff --git a/samples/pom.xml b/samples/pom.xml index 65d0a898548..00f4aac88f8 100644 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -30,6 +30,8 @@ pojo-sample springmvc-sample commmon-schema + auth-sample + From be794077073b59a5a0cd547716c830d768314dee Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Mon, 20 Nov 2017 21:45:50 +0800 Subject: [PATCH 06/28] bufix --- .../authentication/ConsumerAuthHandler.java | 12 +----------- .../authentication/ProviderAuthHanlder.java | 12 +----------- .../authentication/RSACoumserTokenManager.java | 4 ---- .../authentication/TestConsumerAuthHandler.java | 3 --- .../authentication/TestProviderAuthHanlder.java | 3 --- samples/auth-sample/auth-consumer/pom.xml | 4 ++++ .../samples/springmvc/consumer/AuthConsumerMain.java | 12 ++---------- .../src/main/resources/microservice.yaml | 11 ++++------- samples/auth-sample/auth-provider/pom.xml | 2 +- .../src/main/resources/microservice.yaml | 8 ++++---- .../task/MicroserviceInstanceRegisterTask.java | 7 +++++-- 11 files changed, 22 insertions(+), 56 deletions(-) diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java index df94f07b99f..536f6e54c6c 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java @@ -1,9 +1,5 @@ package io.servicecomb.authentication; -import org.junit.Assert; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; - import io.servicecomb.core.Const; import io.servicecomb.core.Handler; import io.servicecomb.core.Invocation; @@ -12,21 +8,15 @@ public class ConsumerAuthHandler implements Handler { - @Autowired - @Qualifier("coumserTokenManager") - public AuthenticationTokenManager athenticationTokenManager; + public AuthenticationTokenManager athenticationTokenManager = new RSACoumserTokenManager(); @Override public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { String token = athenticationTokenManager.getToken(); - Assert.assertNotNull(token, "athentication token is required"); invocation.addContext(Const.AUTH_TOKEN, token); invocation.next(asyncResp); } - public void setAthenticationTokenManager(AuthenticationTokenManager athenticationTokenManager) { - this.athenticationTokenManager = athenticationTokenManager; - } } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java index b3fa01e0da0..f7470d6cb11 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java @@ -1,8 +1,5 @@ package io.servicecomb.authentication; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; - import io.servicecomb.core.Const; import io.servicecomb.core.Handler; import io.servicecomb.core.Invocation; @@ -13,9 +10,7 @@ public class ProviderAuthHanlder implements Handler { - @Autowired - @Qualifier("providerTokenManager") - private AuthenticationTokenManager authenticationTokenManager; + private AuthenticationTokenManager authenticationTokenManager = new RSAProviderTokenManager(); @Override public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { @@ -29,9 +24,4 @@ public void handle(Invocation invocation, AsyncResponse asyncResp) throws Except } } - - public void setAuthenticationTokenManager(AuthenticationTokenManager authenticationTokenManager) { - this.authenticationTokenManager = authenticationTokenManager; - } - } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java index 9e81fa8c540..2cd986e1b77 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java @@ -13,11 +13,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock; import org.apache.commons.lang3.RandomStringUtils; -import org.springframework.stereotype.Component; -import org.springframework.stereotype.Service; -@Component -@Service("coumserTokenManager") public class RSACoumserTokenManager implements AuthenticationTokenManager { private ReadWriteLock readWriteLock = new ReentrantReadWriteLock(); diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java index 9289e1dd97d..d5fe1482abf 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -2,7 +2,6 @@ import io.servicecomb.core.Invocation; import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.swagger.invocation.AsyncResponse; @@ -19,9 +18,7 @@ public class TestConsumerAuthHandler { @Test public void testHandler() throws Exception { - AuthenticationTokenManager tokenManager = new RSACoumserTokenManager(); ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); - consumerAuthHandler.setAthenticationTokenManager(tokenManager); consumerAuthHandler.handle(invocation, asyncResp); Assert.assertTrue(true); } diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java index be23e36b92b..4d50feee450 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java @@ -3,7 +3,6 @@ import io.servicecomb.core.Const; import io.servicecomb.core.Invocation; import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.swagger.invocation.AsyncResponse; @@ -29,9 +28,7 @@ public void setUp() throws Exception { @Test public void testHandle() throws Exception { - AuthenticationTokenManager tokenManager = new RSAProviderTokenManager(); ProviderAuthHanlder providerAuthHanlder = new ProviderAuthHanlder(); - providerAuthHanlder.setAuthenticationTokenManager(tokenManager); providerAuthHanlder.handle(invocation, asyncResp); Assert.assertTrue(true); } diff --git a/samples/auth-sample/auth-consumer/pom.xml b/samples/auth-sample/auth-consumer/pom.xml index f286fe93f61..659f1bc3467 100644 --- a/samples/auth-sample/auth-consumer/pom.xml +++ b/samples/auth-sample/auth-consumer/pom.xml @@ -31,6 +31,10 @@ io.servicecomb transport-rest-vertx + + io.servicecomb + handler-loadbalance + io.servicecomb provider-springmvc diff --git a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java index a0f76369e0e..6b73d930929 100644 --- a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java +++ b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java @@ -17,9 +17,7 @@ import io.servicecomb.foundation.common.utils.BeanUtils; import io.servicecomb.foundation.common.utils.Log4jUtils; -import io.servicecomb.provider.pojo.RpcReference; import io.servicecomb.provider.springmvc.reference.RestTemplateBuilder; -import io.servicecomb.samples.common.schema.Hello; import io.servicecomb.samples.common.schema.models.Person; import org.springframework.stereotype.Component; @@ -30,9 +28,6 @@ public class AuthConsumerMain { private static RestTemplate restTemplate = RestTemplateBuilder.create(); - @RpcReference(microserviceName = "springmvc", schemaId = "springmvcHello") - private static Hello hello; - public static void main(String[] args) throws Exception { init(); Person person = new Person(); @@ -41,15 +36,12 @@ public static void main(String[] args) throws Exception { // RestTemplate Consumer or POJO Consumer. You can choose whatever you like // RestTemplate Consumer String sayHiResult = - restTemplate.postForObject("cse://springmvc/springmvchello/sayhi?name=Java Chassis", null, String.class); - String sayHelloResult = restTemplate.postForObject("cse://springmvc/springmvchello/sayhello", person, String.class); + restTemplate.postForObject("cse://auth-provider/springmvchello/sayhi?name=Java Chassis", null, String.class); + String sayHelloResult = restTemplate.postForObject("cse://auth-provider/springmvchello/sayhello", person, String.class); System.out.println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); System.out.println("RestTemplate consumer sayhi services: " + sayHiResult); System.out.println("RestTemplate consumer sayhello services: " + sayHelloResult); - // POJO Consumer - System.out.println("POJO consumer sayhi services: " + hello.sayHi("Java Chassis")); - System.out.println("POJO consumer sayhi services: " + hello.sayHello(person)); } public static void init() throws Exception { diff --git a/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml b/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml index 13b6fd5f219..1956f054e06 100644 --- a/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml +++ b/samples/auth-sample/auth-consumer/src/main/resources/microservice.yaml @@ -1,18 +1,15 @@ -APPLICATION_ID: auth-consumer-sample +APPLICATION_ID: auth-sample service_description: name: authConsumer version: 0.0.1 cse: service: registry: - address: http://127.0.0.1:30111 + address: http://127.0.0.1:30100 handler: chain: Consumer: - default: auth-consumer - isolation: - Consumer: - enabled: false + default: auth-consumer, loadbalance references: - springmvc: + auth-provider: version-rule: 0.0.1 diff --git a/samples/auth-sample/auth-provider/pom.xml b/samples/auth-sample/auth-provider/pom.xml index 465c63a700a..439474f25b6 100644 --- a/samples/auth-sample/auth-provider/pom.xml +++ b/samples/auth-sample/auth-provider/pom.xml @@ -35,7 +35,7 @@ io.servicecomb handler-auth - + io.servicecomb provider-springmvc diff --git a/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml b/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml index eeb8c6ec7c5..5ae5d004102 100644 --- a/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml +++ b/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml @@ -1,16 +1,16 @@ -APPLICATION_ID: auth-provider-sample +APPLICATION_ID: auth-sample service_description: - name: authsample + name: auth-provider version: 0.0.1 cse: service: registry: - address: http://127.0.0.1:30112 + address: http://127.0.0.1:30100 handler: chain: Consumer: default: auth-provider rest: - address: 0.0.0.0:8080 + address: 0.0.0.0:8081 highway: address: 0.0.0.0:7070 diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index 37b95561b65..82bc43121f3 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -71,8 +71,11 @@ protected boolean doRegister() { microserviceInstance.getHealthCheck().setInterval(serviceRegistryConfig.getHeartbeatInterval()); microserviceInstance.getHealthCheck().setTimes(serviceRegistryConfig.getResendHeartBeatTimes()); - Optional publicKey = Optional.of(RSAKeypair4Auth.INSTANCE.getPublicKey()); - publicKey.ifPresent(value -> microserviceInstance.getProperties().put(Const.INSTANCE_PUBKEY_PRO, value)); + String publicKey = RSAKeypair4Auth.INSTANCE.getPublicKey(); + if (null != publicKey) + { + microserviceInstance.getProperties().put(Const.INSTANCE_PUBKEY_PRO, publicKey); + } String instanceId = srClient.registerMicroserviceInstance(microserviceInstance); if (StringUtils.isEmpty(instanceId)) { From 5b3146c983dca49f51494361400648dd509b630f Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Tue, 21 Nov 2017 21:00:01 +0800 Subject: [PATCH 07/28] bug fix --- .../authentication/ProviderAuthHanlder.java | 2 +- .../RSAAuthenticationToken.java | 22 +++++++--- .../RSACoumserTokenManager.java | 7 +-- .../RSAProviderTokenManager.java | 28 ++++++++---- .../src/main/resources/microservice.yaml | 4 +- .../cache/InstanceCacheManager.java | 1 + .../cache/MicroserviceInstanceCache.java | 44 +++++++++++++++++++ .../LocalServiceRegistryClientImpl.java | 8 ++++ .../client/ServiceRegistryClient.java | 8 ++++ .../http/ServiceRegistryClientImpl.java | 20 +++++++++ .../MicroserviceInstanceRegisterTask.java | 2 - 11 files changed, 125 insertions(+), 21 deletions(-) create mode 100644 service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java index f7470d6cb11..d19f4371c35 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java @@ -20,7 +20,7 @@ public void handle(Invocation invocation, AsyncResponse asyncResp) throws Except invocation.next(asyncResp); } else { asyncResp.producerFail( - new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "reject by authentication")); + new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "UNAUTHORIZED")); } } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index 3b683614401..12a4744406b 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -13,23 +13,26 @@ public class RSAAuthenticationToken { private String instanceId; + private String serviceId; + private long generateTime; private String randomCode; private String sign; - public RSAAuthenticationToken(String instanceId, long generateTime, + public RSAAuthenticationToken(String instanceId, String serviceId, long generateTime, String randomCode, String sign) { this.instanceId = instanceId; this.generateTime = generateTime; this.randomCode = randomCode; + this.serviceId = serviceId; this.sign = sign; } public String plainToken() { - return String.format("%s@%s@%s", this.instanceId, this.generateTime, this.randomCode); + return String.format("%s@%s@%s%s@", this.instanceId, this.serviceId, this.generateTime, this.randomCode); } @@ -49,13 +52,22 @@ public String getSign() { public String fromat() { - return String.format("%s@%s@%s@%s", instanceId, generateTime, + return String.format("%s@%s@%s@%s@%s", instanceId, serviceId, generateTime, randomCode, sign); } public static RSAAuthenticationToken fromStr(String token) { String[] tokenArr = token.split("@"); - return new RSAAuthenticationToken(tokenArr[0], - Long.valueOf(tokenArr[1]), tokenArr[2], tokenArr[3]); + return new RSAAuthenticationToken(tokenArr[0], tokenArr[1], + Long.valueOf(tokenArr[2]), tokenArr[3], tokenArr[4]); + } + + public String getServiceId() { + return serviceId; } + + public void setServiceId(String serviceId) { + this.serviceId = serviceId; + } + } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java index 2cd986e1b77..dff77c4da50 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java @@ -3,6 +3,7 @@ import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.serviceregistry.RegistryUtils; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -40,12 +41,12 @@ public String createToken() { String privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey(); readWriteLock.writeLock().lock(); - //TODO get from cache - String instanceId = "lwh"; + String instanceId = RegistryUtils.getMicroserviceInstance().getInstanceId(); + String serviceId = RegistryUtils.getMicroservice().getServiceId(); String randomCode = RandomStringUtils.randomAlphanumeric(128); long generateTime = System.currentTimeMillis(); try { - String plain = String.format("%s@%s@%s", instanceId, generateTime, randomCode); + String plain = String.format("%s@%s@%s@%s", instanceId, serviceId, generateTime, randomCode); String sign = RSAUtils.sign(plain, privateKey); token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, sign)); return token.fromat(); diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java index 6e3b89e95d9..82b762f5146 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java @@ -1,14 +1,19 @@ package io.servicecomb.authentication; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.foundation.token.RSAKeypair4Auth; - import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.util.Date; +import java.util.Map; +import java.util.Optional; +import java.util.function.Function; + +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.serviceregistry.api.Const; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; public class RSAProviderTokenManager implements AuthenticationTokenManager{ @@ -20,7 +25,7 @@ public boolean vaild(String token) { RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); String sign = rsaToken.getSign(); String content = rsaToken.plainToken(); - String publicKey = getPublicKeyByInstanceId(rsaToken.getInstanceId()); + String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); boolean verify = RSAUtils.verify(publicKey, sign, content); if (verify) { @@ -40,9 +45,16 @@ public boolean vaild(String token) { return false; } - private String getPublicKeyByInstanceId(String instanceId) { - //TODO get from cache - return RSAKeypair4Auth.INSTANCE.getPublicKey(); + private String getPublicKey(String instanceId, String serviceId) { + Optional instances = Optional.of(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)); + return instances.map(MicroserviceInstance :: getProperties).map(new Function< Map, String>() { + + @Override + public String apply(Map properties) { + return properties.get(Const.INSTANCE_PUBKEY_PRO); + } + + }).get(); } } diff --git a/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml b/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml index 5ae5d004102..1b7856729a0 100644 --- a/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml +++ b/samples/auth-sample/auth-provider/src/main/resources/microservice.yaml @@ -8,9 +8,9 @@ cse: address: http://127.0.0.1:30100 handler: chain: - Consumer: + Provider: default: auth-provider rest: - address: 0.0.0.0:8081 + address: 0.0.0.0:8082 highway: address: 0.0.0.0:7070 diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/InstanceCacheManager.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/InstanceCacheManager.java index 38d6828dce1..38b127f2c7b 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/InstanceCacheManager.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/InstanceCacheManager.java @@ -22,4 +22,5 @@ public interface InstanceCacheManager { InstanceCache getOrCreate(String appId, String microserviceName, String microserviceVersionRule); VersionedCache getOrCreateVersionedCache(String appId, String microserviceName, String microserviceVersionRule); + } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java new file mode 100644 index 00000000000..f67ded7cdd7 --- /dev/null +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java @@ -0,0 +1,44 @@ +package io.servicecomb.serviceregistry.cache; + +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.common.cache.Cache; +import com.google.common.cache.CacheBuilder; + +import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; + +public class MicroserviceInstanceCache { + + private static final Logger logger = LoggerFactory.getLogger(MicroserviceInstanceCache.class); + + private static Cache instances = CacheBuilder.newBuilder().maximumSize(1000) + .expireAfterAccess(30, TimeUnit.MINUTES).build(); + + public static MicroserviceInstance getOrCreate(String serviceId, String instanceId) { + try { + String key = String.format("%s@%s", serviceId, instanceId); + return instances.get(key, new Callable() { + + @Override + public MicroserviceInstance call() throws Exception { + return getMicroserviceInstanceFromSC(serviceId, instanceId); + } + + }); + } catch (ExecutionException e) { + logger.error("get microservice from cache failed:" + String.format("%s@%s", serviceId, instanceId)); + return null; + } + } + + private static MicroserviceInstance getMicroserviceInstanceFromSC(String serviceId, String instanceId) { + return RegistryUtils.getServiceRegistryClient().findServiceInstance(serviceId, instanceId); + } + +} diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java index 139cd6e6fe5..90ec983c5b5 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java @@ -334,4 +334,12 @@ public boolean updateInstanceProperties(String microserviceId, String microservi } return true; } + +@Override +public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { + Map instances = microserviceInstanceMap.get(serviceId); + return instances.get(instanceId); +} + + } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/ServiceRegistryClient.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/ServiceRegistryClient.java index c67be3dc727..4666f0a1b5d 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/ServiceRegistryClient.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/ServiceRegistryClient.java @@ -123,4 +123,12 @@ void watch(String selfMicroserviceId, AsyncResultCallback findServiceInstance(String consumerId, String appId, String serviceName, String versionRule); + + /** + * 通过serviceid, instanceid 获取instance对象。 + * @param serviceId + * @param instanceId + * @return MicroserviceInstance + */ + MicroserviceInstance findServiceInstance(String serviceId, String instanceId); } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java index db2ec116436..c73283df845 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java @@ -628,4 +628,24 @@ public boolean updateInstanceProperties(String microserviceId, String microservi } return false; } + + @Override + public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { + try { + Holder holder = new Holder<>(); + IpPort ipPort = ipPortManager.getAvailableAddress(false); + CountDownLatch countDownLatch = new CountDownLatch(1); + RestUtils.get(ipPort, + String.format(Const.REGISTRY_API.MICROSERVICE_INSTANCE_OPERATION_ONE, serviceId, instanceId), + new RequestParam(), syncHandler(countDownLatch, MicroserviceInstance.class, holder)); + countDownLatch.await(); + return holder.value; + } catch (Exception e) { + LOGGER.error("get instance from sc failed"); + return null; + } + + } + + } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index 82bc43121f3..e4760a665b2 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -15,8 +15,6 @@ */ package io.servicecomb.serviceregistry.task; -import java.util.Optional; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.StringUtils; From f8abd61b8f9a7fde1558d5d570e8392e8a437d86 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Wed, 22 Nov 2017 10:42:58 +0800 Subject: [PATCH 08/28] bug fix --- .../foundation/common/utils/RSAUtils.java | 2 +- .../foundation/common/utils/TestRSAUtil.java | 10 +++++++ .../authentication/ProviderAuthHanlder.java | 6 ++-- .../RSAAuthenticationToken.java | 2 +- .../TestRSAAuthenticationToken.java | 29 +++++++++++++++++++ ...roviderMain.java => AuthProviderMain.java} | 2 +- .../api/response/MicroInstanceResponse.java | 18 ++++++++++++ .../http/ServiceRegistryClientImpl.java | 11 +++++-- 8 files changed, 71 insertions(+), 9 deletions(-) create mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java rename samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/{SpringmvcProviderMain.java => AuthProviderMain.java} (96%) create mode 100644 service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java index 681828d1d2f..b5120ea9bfd 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -62,5 +62,5 @@ public static boolean verify(String publicKey, String sign, String content) thro signature.update(content.getBytes()); return signature.verify(decoder.decode(sign)); } - + } diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java index dd1c899f5f6..b47b501aa7a 100644 --- a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java @@ -26,4 +26,14 @@ public void testSignVerify() throws InvalidKeyException, NoSuchAlgorithmExceptio Assert.assertTrue(RSAUtils.verify(pubKey, signstr, testContent)); } + + @Test + public void testSignVerify2() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException + { + String sign = "WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + String content = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ"; + String pubKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; + Assert.assertTrue(RSAUtils.verify(pubKey, sign, content)); + + } } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java index d19f4371c35..55fd03bcd1f 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java @@ -16,12 +16,12 @@ public class ProviderAuthHanlder implements Handler { public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { String token = invocation.getContext(Const.AUTH_TOKEN); - if (authenticationTokenManager.vaild(token)) { + if (null != token && authenticationTokenManager.vaild(token)) { invocation.next(asyncResp); } else { - asyncResp.producerFail( - new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "UNAUTHORIZED")); + asyncResp.producerFail(new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "UNAUTHORIZED")); } } + } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index 12a4744406b..7b1e60ef785 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -32,7 +32,7 @@ public RSAAuthenticationToken(String instanceId, String serviceId, long generate public String plainToken() { - return String.format("%s@%s@%s%s@", this.instanceId, this.serviceId, this.generateTime, this.randomCode); + return String.format("%s@%s@%s@%s", this.instanceId, this.serviceId, this.generateTime, this.randomCode); } diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java new file mode 100644 index 00000000000..6bbd47eb605 --- /dev/null +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java @@ -0,0 +1,29 @@ +package io.servicecomb.authentication; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; + +import org.junit.Assert; +import org.junit.Test; + +import io.servicecomb.foundation.common.utils.RSAUtils; + + +public class TestRSAAuthenticationToken { + + + @Test + public void testRSAAuthenticationToken() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException + { + String tokenstr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); + String contents = token.plainToken(); + Assert.assertEquals("e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ", contents); + String sign = token.getSign(); + Assert.assertEquals("WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk=", sign); + String pubKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; + Assert.assertTrue(RSAUtils.verify(pubKey, sign, contents)); + } +} diff --git a/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java b/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/AuthProviderMain.java similarity index 96% rename from samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java rename to samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/AuthProviderMain.java index 83c5f92b95d..1929037a36c 100644 --- a/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/SpringmvcProviderMain.java +++ b/samples/auth-sample/auth-provider/src/main/java/io/servicecomb/samples/springmvc/provider/AuthProviderMain.java @@ -19,7 +19,7 @@ import io.servicecomb.foundation.common.utils.BeanUtils; import io.servicecomb.foundation.common.utils.Log4jUtils; -public class SpringmvcProviderMain { +public class AuthProviderMain { public static void main(String[] args) throws Exception { Log4jUtils.init(); diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java new file mode 100644 index 00000000000..6f550820165 --- /dev/null +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java @@ -0,0 +1,18 @@ +package io.servicecomb.serviceregistry.api.response; + +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; + +public class MicroInstanceResponse { + + private MicroserviceInstance instance; + + public MicroserviceInstance getInstance() { + return instance; + } + + public void setInstance(MicroserviceInstance instance) { + this.instance = instance; + } + + +} diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java index c73283df845..a094a572228 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java @@ -49,6 +49,7 @@ import io.servicecomb.serviceregistry.api.response.GetSchemaResponse; import io.servicecomb.serviceregistry.api.response.GetServiceResponse; import io.servicecomb.serviceregistry.api.response.HeartbeatResponse; +import io.servicecomb.serviceregistry.api.response.MicroInstanceResponse; import io.servicecomb.serviceregistry.api.response.MicroserviceInstanceChangedEvent; import io.servicecomb.serviceregistry.api.response.RegisterInstanceResponse; import io.servicecomb.serviceregistry.client.ClientException; @@ -632,14 +633,18 @@ public boolean updateInstanceProperties(String microserviceId, String microservi @Override public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { try { - Holder holder = new Holder<>(); + Holder holder = new Holder<>(); IpPort ipPort = ipPortManager.getAvailableAddress(false); CountDownLatch countDownLatch = new CountDownLatch(1); RestUtils.get(ipPort, String.format(Const.REGISTRY_API.MICROSERVICE_INSTANCE_OPERATION_ONE, serviceId, instanceId), - new RequestParam(), syncHandler(countDownLatch, MicroserviceInstance.class, holder)); + new RequestParam().addHeader("X-ConsumerId", serviceId), syncHandler(countDownLatch, MicroInstanceResponse.class, holder)); countDownLatch.await(); - return holder.value; + if(null != holder.value) + { + return holder.value.getInstance(); + } + return null; } catch (Exception e) { LOGGER.error("get instance from sc failed"); return null; From 3cf33db1b41e3218e718cd4a6c0b2a20029a1173 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Wed, 22 Nov 2017 11:41:46 +0800 Subject: [PATCH 09/28] =?UTF-8?q?=E6=A0=B9=E6=8D=AE=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E6=84=8F=E8=A7=81=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../foundation/common/utils/RSAUtils.java | 3 - .../token/AuthenticationTokenManager.java | 2 +- handlers/handler-auth/readme.MD | 3 - .../RSAAuthenticationToken.java | 3 +- .../RSACoumserTokenManager.java | 2 +- .../RSAProviderTokenManager.java | 67 +++++++++---------- .../cache/MicroserviceInstanceCache.java | 7 +- 7 files changed, 42 insertions(+), 45 deletions(-) delete mode 100644 handlers/handler-auth/readme.MD diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java index b5120ea9bfd..2217d85a5f3 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -20,9 +20,6 @@ public class RSAUtils { private final static String RSA_ALG = "RSA"; private final static String SIGN_ALG = "SHA256withRSA"; - /** - * 加密算法 - */ private static Base64.Encoder encoder = Base64.getEncoder(); private static Base64.Decoder decoder = Base64.getDecoder(); diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java index bf317505c72..a85197366d6 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java @@ -2,7 +2,7 @@ public interface AuthenticationTokenManager { - default public String getToken(){return "";}; + default public String getToken(){return "";} public boolean vaild(String token); diff --git a/handlers/handler-auth/readme.MD b/handlers/handler-auth/readme.MD deleted file mode 100644 index 698fc80167e..00000000000 --- a/handlers/handler-auth/readme.MD +++ /dev/null @@ -1,3 +0,0 @@ -参考: -hystrix: https://github.com/Netflix/Hystrix/wiki -design: http://code.huawei.com/CSE/CSE/wikis/design \ No newline at end of file diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index 7b1e60ef785..b686c6ef5ee 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -3,8 +3,7 @@ /** * token 组成部分: - * token: instanceId@generateTime@randomCode@sign(instanceId@generateTime@randomCode) - * @author Administrator + * token: instanceId@@generateTime@randomCode@sign(instanceId@@generateTime@randomCode) * */ public class RSAAuthenticationToken { diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java index dff77c4da50..b193bc0a2e1 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java @@ -59,7 +59,7 @@ public String createToken() @Override public boolean vaild(String token) { long generateTime = RSAAuthenticationToken.fromStr(token).getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); Date now = new Date(); if (expiredDate.before(now) ) { diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java index 82b762f5146..f96fc2fc929 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java @@ -5,9 +5,10 @@ import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.util.Date; -import java.util.Map; import java.util.Optional; -import java.util.function.Function; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.AuthenticationTokenManager; @@ -15,46 +16,44 @@ import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; -public class RSAProviderTokenManager implements AuthenticationTokenManager{ +public class RSAProviderTokenManager implements AuthenticationTokenManager { + + private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); - @Override public boolean vaild(String token) { - - try { - RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); - String sign = rsaToken.getSign(); - String content = rsaToken.plainToken(); - String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); - boolean verify = RSAUtils.verify(publicKey, sign, content); - if (verify) - { - long generateTime = rsaToken.getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); - Date now = new Date(); - if (now.before(expiredDate)) - { - return true; - } - } - } catch (InvalidKeyException | NoSuchAlgorithmException - | InvalidKeySpecException | SignatureException e) { - - return false; + + try { + RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); + String sign = rsaToken.getSign(); + String content = rsaToken.plainToken(); + String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); + boolean verify = RSAUtils.verify(publicKey, sign, content); + if (verify) { + long generateTime = rsaToken.getGenerateTime(); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); + Date now = new Date(); + if (now.before(expiredDate)) { + return true; + } + } + } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { + + return false; } return false; } private String getPublicKey(String instanceId, String serviceId) { - Optional instances = Optional.of(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)); - return instances.map(MicroserviceInstance :: getProperties).map(new Function< Map, String>() { - - @Override - public String apply(Map properties) { - return properties.get(Const.INSTANCE_PUBKEY_PRO); - } - - }).get(); + Optional instances = Optional + .ofNullable(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)); + if (instances.isPresent()) { + return instances.map(MicroserviceInstance::getProperties) + .map(properties -> properties.get(Const.INSTANCE_PUBKEY_PRO)).get(); + } else { + logger.error("not instance found {}-{},maybe attack", instanceId, serviceId); + return ""; + } } } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java index f67ded7cdd7..b9416f783f5 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java @@ -13,6 +13,10 @@ import io.servicecomb.serviceregistry.RegistryUtils; import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +/** + * 微服务实例缓存 key为:serviceId@instanceId 缓存limit:1000 缓存老化策略:30分钟没有访问就过期。 + * + */ public class MicroserviceInstanceCache { private static final Logger logger = LoggerFactory.getLogger(MicroserviceInstanceCache.class); @@ -27,12 +31,13 @@ public static MicroserviceInstance getOrCreate(String serviceId, String instance @Override public MicroserviceInstance call() throws Exception { + logger.debug("get microservice instance from SC"); return getMicroserviceInstanceFromSC(serviceId, instanceId); } }); } catch (ExecutionException e) { - logger.error("get microservice from cache failed:" + String.format("%s@%s", serviceId, instanceId)); + logger.error("get microservice from cache failed:" + String.format("%s@%s", serviceId, instanceId)); return null; } } From 14524df0098c0e87c3587b9f5dd4410b65b963ef Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Wed, 22 Nov 2017 22:10:11 +0800 Subject: [PATCH 10/28] =?UTF-8?q?=E9=87=8D=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/io/servicecomb/AuthHandlerBoot.java | 6 +++++ .../RSAAuthenticationToken.java | 3 +++ .../{ => consumer}/ConsumerAuthHandler.java | 12 ++++++++-- .../RSACoumserTokenManager.java | 11 ++++++--- .../{ => provider}/ProviderAuthHanlder.java | 2 +- .../RSAProviderTokenManager.java | 23 +++++++++++-------- .../src/main/resources/config/cse.handler.xml | 4 ++-- .../TestConsumerAuthHandler.java | 1 + .../TestProviderAuthHanlder.java | 2 ++ .../MicroserviceInstanceRegisterTask.java | 10 ++++---- 10 files changed, 52 insertions(+), 22 deletions(-) rename handlers/handler-auth/src/main/java/io/servicecomb/authentication/{ => consumer}/ConsumerAuthHandler.java (69%) rename handlers/handler-auth/src/main/java/io/servicecomb/authentication/{ => consumer}/RSACoumserTokenManager.java (88%) rename handlers/handler-auth/src/main/java/io/servicecomb/authentication/{ => provider}/ProviderAuthHanlder.java (94%) rename handlers/handler-auth/src/main/java/io/servicecomb/authentication/{ => provider}/RSAProviderTokenManager.java (90%) diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java index 7c3842c4cb1..87c0aa33410 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -6,6 +6,12 @@ import org.springframework.stereotype.Component; +/** + * + * initialize public and private key pair when system boot before registry instance to service center + * + * + */ @Component public class AuthHandlerBoot implements BootListener { diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index b686c6ef5ee..d9e726258a3 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -57,6 +57,9 @@ public String fromat() { public static RSAAuthenticationToken fromStr(String token) { String[] tokenArr = token.split("@"); + if (tokenArr.length != 4) { + return null; + } return new RSAAuthenticationToken(tokenArr[0], tokenArr[1], Long.valueOf(tokenArr[2]), tokenArr[3], tokenArr[4]); } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java similarity index 69% rename from handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java rename to handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java index 536f6e54c6c..8541199b922 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ConsumerAuthHandler.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -1,4 +1,6 @@ -package io.servicecomb.authentication; +package io.servicecomb.authentication.consumer; + +import java.util.Optional; import io.servicecomb.core.Const; import io.servicecomb.core.Handler; @@ -6,6 +8,12 @@ import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.swagger.invocation.AsyncResponse; +/** + * + * add token to context + * Provider will get token for authentication + * + */ public class ConsumerAuthHandler implements Handler { public AuthenticationTokenManager athenticationTokenManager = new RSACoumserTokenManager(); @@ -14,7 +22,7 @@ public class ConsumerAuthHandler implements Handler { public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { String token = athenticationTokenManager.getToken(); - invocation.addContext(Const.AUTH_TOKEN, token); + Optional.ofNullable(token).ifPresent(t -> invocation.addContext(Const.AUTH_TOKEN, t)); invocation.next(asyncResp); } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java similarity index 88% rename from handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java rename to handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java index b193bc0a2e1..a8d9c23daac 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java @@ -1,5 +1,6 @@ -package io.servicecomb.authentication; +package io.servicecomb.authentication.consumer; +import io.servicecomb.authentication.RSAAuthenticationToken; import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.foundation.token.RSAKeypair4Auth; @@ -23,16 +24,16 @@ public class RSACoumserTokenManager implements AuthenticationTokenManager { @Override public String getToken() { - + readWriteLock.readLock().lock(); if(null != token && vaild(token.fromat())) { - readWriteLock.readLock().lock(); String tokenStr = token.fromat(); readWriteLock.readLock().unlock(); return tokenStr; } else { + readWriteLock.readLock().unlock(); return createToken(); } } @@ -56,6 +57,10 @@ public String createToken() } + /** + * the TTL of Token is 24 hours + * client token will expired 15 minutes early + */ @Override public boolean vaild(String token) { long generateTime = RSAAuthenticationToken.fromStr(token).getGenerateTime(); diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java similarity index 94% rename from handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java rename to handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java index 55fd03bcd1f..65c07457baf 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java @@ -1,4 +1,4 @@ -package io.servicecomb.authentication; +package io.servicecomb.authentication.provider; import io.servicecomb.core.Const; import io.servicecomb.core.Handler; diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java similarity index 90% rename from handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java rename to handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java index f96fc2fc929..adf0430fcba 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAProviderTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -1,4 +1,11 @@ -package io.servicecomb.authentication; +package io.servicecomb.authentication.provider; + +import io.servicecomb.authentication.RSAAuthenticationToken; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.serviceregistry.api.Const; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -10,21 +17,19 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.serviceregistry.api.Const; -import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; -import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; - public class RSAProviderTokenManager implements AuthenticationTokenManager { private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); - + @Override public boolean vaild(String token) { - try { RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); + if (null == rsaToken) + { + logger.error("token format is error,maybe attack"); + return false; + } String sign = rsaToken.getSign(); String content = rsaToken.plainToken(); String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); diff --git a/handlers/handler-auth/src/main/resources/config/cse.handler.xml b/handlers/handler-auth/src/main/resources/config/cse.handler.xml index 73b4a6b084a..8b3d1a39251 100644 --- a/handlers/handler-auth/src/main/resources/config/cse.handler.xml +++ b/handlers/handler-auth/src/main/resources/config/cse.handler.xml @@ -16,7 +16,7 @@ + class="io.servicecomb.authentication.consumer.ConsumerAuthHandler" /> + class="io.servicecomb.authentication.provider.ProviderAuthHanlder" /> \ No newline at end of file diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java index d5fe1482abf..8dfba957656 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -1,5 +1,6 @@ package io.servicecomb.authentication; +import io.servicecomb.authentication.consumer.ConsumerAuthHandler; import io.servicecomb.core.Invocation; import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.RSAKeypair4Auth; diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java index 4d50feee450..5c718a78349 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java @@ -1,5 +1,7 @@ package io.servicecomb.authentication; +import io.servicecomb.authentication.consumer.RSACoumserTokenManager; +import io.servicecomb.authentication.provider.ProviderAuthHanlder; import io.servicecomb.core.Const; import io.servicecomb.core.Invocation; import io.servicecomb.foundation.common.utils.RSAUtils; diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index e4760a665b2..08bde597977 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -15,6 +15,8 @@ */ package io.servicecomb.serviceregistry.task; +import java.util.Optional; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.StringUtils; @@ -69,11 +71,9 @@ protected boolean doRegister() { microserviceInstance.getHealthCheck().setInterval(serviceRegistryConfig.getHeartbeatInterval()); microserviceInstance.getHealthCheck().setTimes(serviceRegistryConfig.getResendHeartBeatTimes()); - String publicKey = RSAKeypair4Auth.INSTANCE.getPublicKey(); - if (null != publicKey) - { - microserviceInstance.getProperties().put(Const.INSTANCE_PUBKEY_PRO, publicKey); - } + Optional.ofNullable(RSAKeypair4Auth.INSTANCE.getPublicKey()).ifPresent( + publicKey -> microserviceInstance.getProperties().put( + Const.INSTANCE_PUBKEY_PRO, publicKey)); String instanceId = srClient.registerMicroserviceInstance(microserviceInstance); if (StringUtils.isEmpty(instanceId)) { From 06c997ed8df6456135729c000892430beb352d7e Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Fri, 24 Nov 2017 16:47:38 +0800 Subject: [PATCH 11/28] =?UTF-8?q?1.=20provider=E5=A2=9E=E5=8A=A0vaildate?= =?UTF-8?q?=20pool=202.=20bug=20gix=203.=20=E5=A2=9E=E5=8A=A0UT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../foundation/common/utils/TestRSAUtil.java | 1 - .../utils/TestRollingFileAppenderExt.java | 1 + .../RSAAuthenticationToken.java | 25 ++++++- .../consumer/RSACoumserTokenManager.java | 14 ++-- .../provider/RSAProviderTokenManager.java | 68 ++++++++++++------ .../TestRSAProviderTokenManager.java | 72 +++++++++++++++++++ 6 files changed, 151 insertions(+), 30 deletions(-) create mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java index b47b501aa7a..c4c902006cc 100644 --- a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java @@ -22,7 +22,6 @@ public void testSignVerify() throws InvalidKeyException, NoSuchAlgorithmExceptio Assert.assertNotNull(pubKey); String testContent = "instance-id@201711201930@randomstr"; String signstr = RSAUtils.sign(testContent, privateKey); - System.err.println(signstr); Assert.assertTrue(RSAUtils.verify(pubKey, signstr, testContent)); } diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java index b8b5d08934d..db58b6e88ad 100644 --- a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java @@ -22,6 +22,7 @@ import org.apache.log4j.spi.LoggingEvent; import org.junit.Assert; import org.junit.Test; +import org.junit.runners.Parameterized.Parameters; import mockit.Expectations; import mockit.Injectable; diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index d9e726258a3..0333099fdd0 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -57,7 +57,7 @@ public String fromat() { public static RSAAuthenticationToken fromStr(String token) { String[] tokenArr = token.split("@"); - if (tokenArr.length != 4) { + if (tokenArr.length != 5) { return null; } return new RSAAuthenticationToken(tokenArr[0], tokenArr[1], @@ -72,4 +72,27 @@ public void setServiceId(String serviceId) { this.serviceId = serviceId; } + @Override + public boolean equals(Object obj) { + if(null == obj || !(obj instanceof RSAAuthenticationToken)) + { + return false; + } + RSAAuthenticationToken token = (RSAAuthenticationToken)obj; + if (!token.plainToken().equals(this.plainToken())) + { + return false; + } + if (!token.getSign().equals(this.sign)) + { + return false; + } + return true; + } + + public int hashCode() { + return this.plainToken().hashCode() + this.sign.hashCode(); + } + + } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java index a8d9c23daac..fe76a0dc9e1 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java @@ -1,11 +1,5 @@ package io.servicecomb.authentication.consumer; -import io.servicecomb.authentication.RSAAuthenticationToken; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.foundation.token.RSAKeypair4Auth; -import io.servicecomb.serviceregistry.RegistryUtils; - import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; @@ -16,6 +10,12 @@ import org.apache.commons.lang3.RandomStringUtils; +import io.servicecomb.authentication.RSAAuthenticationToken; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.serviceregistry.RegistryUtils; + public class RSACoumserTokenManager implements AuthenticationTokenManager { private ReadWriteLock readWriteLock = new ReentrantReadWriteLock(); @@ -66,7 +66,7 @@ public boolean vaild(String token) { long generateTime = RSAAuthenticationToken.fromStr(token).getGenerateTime(); Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); Date now = new Date(); - if (expiredDate.before(now) ) + if (now.before(expiredDate) ) { return true; } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java index adf0430fcba..8524f7bad91 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -1,52 +1,78 @@ package io.servicecomb.authentication.provider; -import io.servicecomb.authentication.RSAAuthenticationToken; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.serviceregistry.api.Const; -import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; -import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; - import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.util.Date; import java.util.Optional; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import io.servicecomb.authentication.RSAAuthenticationToken; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.AuthenticationTokenManager; +import io.servicecomb.serviceregistry.api.Const; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; + public class RSAProviderTokenManager implements AuthenticationTokenManager { private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); - + + private Set vaildateToken = ConcurrentHashMap.newKeySet(1000); + @Override public boolean vaild(String token) { try { RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); - if (null == rsaToken) + if (null == rsaToken) { + logger.error("token format is error, perhaps you need to set auth handler at consumer"); + return false; + } + if (tokenExprired(rsaToken)) { - logger.error("token format is error,maybe attack"); + logger.error("token is expired"); return false; } - String sign = rsaToken.getSign(); - String content = rsaToken.plainToken(); - String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); - boolean verify = RSAUtils.verify(publicKey, sign, content); - if (verify) { - long generateTime = rsaToken.getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); - Date now = new Date(); - if (now.before(expiredDate)) { + if (vaildateToken.contains(rsaToken)) { + logger.info("found vaildate token in vaildate pool"); + return true; + } + else + { + String sign = rsaToken.getSign(); + String content = rsaToken.plainToken(); + String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); + boolean verify = RSAUtils.verify(publicKey, sign, content); + if (verify && !tokenExprired(rsaToken)) { + vaildateToken.add(rsaToken); return true; } + else + { + logger.error("token verify error"); + return false; + } } + } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { + logger.error("verfiy error", e); + return false; + } + } + private boolean tokenExprired(RSAAuthenticationToken rsaToken) { + long generateTime = rsaToken.getGenerateTime(); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); + Date now = new Date(); + if (now.before(expiredDate)) { return false; } - return false; + return true; } private String getPublicKey(String instanceId, String serviceId) { @@ -56,7 +82,7 @@ private String getPublicKey(String instanceId, String serviceId) { return instances.map(MicroserviceInstance::getProperties) .map(properties -> properties.get(Const.INSTANCE_PUBKEY_PRO)).get(); } else { - logger.error("not instance found {}-{},maybe attack", instanceId, serviceId); + logger.error("not instance found {}-{}, maybe attack", instanceId, serviceId); return ""; } } diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java new file mode 100644 index 00000000000..1f7a6ddf123 --- /dev/null +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java @@ -0,0 +1,72 @@ +package io.servicecomb.authentication; + +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import io.servicecomb.authentication.consumer.RSACoumserTokenManager; +import io.servicecomb.authentication.provider.RSAProviderTokenManager; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.serviceregistry.api.Const; +import io.servicecomb.serviceregistry.api.registry.Microservice; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; +@RunWith(PowerMockRunner.class) +@PrepareForTest({MicroserviceInstanceCache.class,RegistryUtils.class}) +public class TestRSAProviderTokenManager { + + + @Test + public void testTokenExpried() + { + String tokenStr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + RSAProviderTokenManager tokenManager = new RSAProviderTokenManager(); + PowerMockito.mockStatic(MicroserviceInstanceCache.class); + MicroserviceInstance microserviceInstance = new MicroserviceInstance(); + Map properties = new HashMap(); + microserviceInstance.setProperties(properties); + properties.put(Const.INSTANCE_PUBKEY_PRO, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"); + PowerMockito.when(MicroserviceInstanceCache.getOrCreate("c8636e5acf1f11e7b701286ed488fc20", "e8a04b54cf2711e7b701286ed488fc20")).thenReturn(microserviceInstance); + Assert.assertFalse(tokenManager.vaild(tokenStr)); + } + + @Test + public void testTokenFromVaidatePool() + { + String[] keypairs = RSAUtils.getEncodedKeyPair(); + String privateKey = keypairs[0]; + String publicKey = keypairs[1]; + RSAKeypair4Auth.INSTANCE.setPrivateKey(privateKey); + RSAKeypair4Auth.INSTANCE.setPublicKey(publicKey); + String serviceId = "c8636e5acf1f11e7b701286ed488fc20"; + String instanceId= "e8a04b54cf2711e7b701286ed488fc20"; + RSACoumserTokenManager rsaCoumserTokenManager = new RSACoumserTokenManager(); + MicroserviceInstance microserviceInstance = new MicroserviceInstance(); + microserviceInstance.setInstanceId(instanceId); + Map properties = new HashMap(); + microserviceInstance.setProperties(properties); + properties.put(Const.INSTANCE_PUBKEY_PRO, publicKey); + Microservice microservice = new Microservice(); + microservice.setServiceId(serviceId); + PowerMockito.mockStatic(RegistryUtils.class); + PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); + PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); + String token = rsaCoumserTokenManager.createToken(); + Assert.assertNotNull(token); + PowerMockito.mockStatic(MicroserviceInstanceCache.class); + PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(microserviceInstance); + RSAProviderTokenManager rsaProviderTokenManager = new RSAProviderTokenManager(); + Assert.assertTrue(rsaProviderTokenManager.vaild(token)); + PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(null); + Assert.assertTrue(rsaProviderTokenManager.vaild(token)); + } + +} From d06a7712cd1afbf30e9875feb4f7ba084edacdc9 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Fri, 24 Nov 2017 17:40:48 +0800 Subject: [PATCH 12/28] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=96=B9=E6=B3=95?= =?UTF-8?q?=E5=90=8D=E7=A7=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../token/AuthenticationTokenManager.java | 2 +- .../consumer/RSACoumserTokenManager.java | 4 +- .../provider/ProviderAuthHanlder.java | 2 +- .../provider/RSAProviderTokenManager.java | 8 ++-- .../TestRSAProviderTokenManager.java | 15 ++++-- .../springmvc/consumer/AuthConsumerMain.java | 47 +++++++++---------- 6 files changed, 41 insertions(+), 37 deletions(-) diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java index a85197366d6..1e769aa8d75 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java @@ -4,6 +4,6 @@ public interface AuthenticationTokenManager { default public String getToken(){return "";} - public boolean vaild(String token); + public boolean valid(String token); } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java index fe76a0dc9e1..f828828669c 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java @@ -25,7 +25,7 @@ public class RSACoumserTokenManager implements AuthenticationTokenManager { @Override public String getToken() { readWriteLock.readLock().lock(); - if(null != token && vaild(token.fromat())) + if(null != token && valid(token.fromat())) { String tokenStr = token.fromat(); readWriteLock.readLock().unlock(); @@ -62,7 +62,7 @@ public String createToken() * client token will expired 15 minutes early */ @Override - public boolean vaild(String token) { + public boolean valid(String token) { long generateTime = RSAAuthenticationToken.fromStr(token).getGenerateTime(); Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); Date now = new Date(); diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java index 65c07457baf..5b451b12326 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java @@ -16,7 +16,7 @@ public class ProviderAuthHanlder implements Handler { public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { String token = invocation.getContext(Const.AUTH_TOKEN); - if (null != token && authenticationTokenManager.vaild(token)) { + if (null != token && authenticationTokenManager.valid(token)) { invocation.next(asyncResp); } else { asyncResp.producerFail(new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "UNAUTHORIZED")); diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java index 8524f7bad91..4b2bdddaed3 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -23,10 +23,10 @@ public class RSAProviderTokenManager implements AuthenticationTokenManager { private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); - private Set vaildateToken = ConcurrentHashMap.newKeySet(1000); + private Set validatedToken = ConcurrentHashMap.newKeySet(1000); @Override - public boolean vaild(String token) { + public boolean valid(String token) { try { RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); if (null == rsaToken) { @@ -38,7 +38,7 @@ public boolean vaild(String token) { logger.error("token is expired"); return false; } - if (vaildateToken.contains(rsaToken)) { + if (validatedToken.contains(rsaToken)) { logger.info("found vaildate token in vaildate pool"); return true; } @@ -49,7 +49,7 @@ public boolean vaild(String token) { String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); boolean verify = RSAUtils.verify(publicKey, sign, content); if (verify && !tokenExprired(rsaToken)) { - vaildateToken.add(rsaToken); + validatedToken.add(rsaToken); return true; } else diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java index 1f7a6ddf123..dab571e4b5c 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java @@ -35,7 +35,7 @@ public void testTokenExpried() microserviceInstance.setProperties(properties); properties.put(Const.INSTANCE_PUBKEY_PRO, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"); PowerMockito.when(MicroserviceInstanceCache.getOrCreate("c8636e5acf1f11e7b701286ed488fc20", "e8a04b54cf2711e7b701286ed488fc20")).thenReturn(microserviceInstance); - Assert.assertFalse(tokenManager.vaild(tokenStr)); + Assert.assertFalse(tokenManager.valid(tokenStr)); } @Test @@ -59,14 +59,21 @@ public void testTokenFromVaidatePool() PowerMockito.mockStatic(RegistryUtils.class); PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); - String token = rsaCoumserTokenManager.createToken(); + + //Test Consumer first create token + String token = rsaCoumserTokenManager.getToken(); Assert.assertNotNull(token); + // use cache token + Assert.assertEquals(token, rsaCoumserTokenManager.getToken()); + PowerMockito.mockStatic(MicroserviceInstanceCache.class); PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(microserviceInstance); RSAProviderTokenManager rsaProviderTokenManager = new RSAProviderTokenManager(); - Assert.assertTrue(rsaProviderTokenManager.vaild(token)); + //first validate need to verify use RSA + Assert.assertTrue(rsaProviderTokenManager.valid(token)); + // second validate use validated pool PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(null); - Assert.assertTrue(rsaProviderTokenManager.vaild(token)); + Assert.assertTrue(rsaProviderTokenManager.valid(token)); } } diff --git a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java index 6b73d930929..4576dc708d3 100644 --- a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java +++ b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java @@ -15,37 +15,34 @@ */ package io.servicecomb.samples.springmvc.consumer; +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; + import io.servicecomb.foundation.common.utils.BeanUtils; import io.servicecomb.foundation.common.utils.Log4jUtils; import io.servicecomb.provider.springmvc.reference.RestTemplateBuilder; import io.servicecomb.samples.common.schema.models.Person; -import org.springframework.stereotype.Component; -import org.springframework.web.client.RestTemplate; - @Component public class AuthConsumerMain { - private static RestTemplate restTemplate = RestTemplateBuilder.create(); - - public static void main(String[] args) throws Exception { - init(); - Person person = new Person(); - person.setName("ServiceComb/Java Chassis"); - - // RestTemplate Consumer or POJO Consumer. You can choose whatever you like - // RestTemplate Consumer - String sayHiResult = - restTemplate.postForObject("cse://auth-provider/springmvchello/sayhi?name=Java Chassis", null, String.class); - String sayHelloResult = restTemplate.postForObject("cse://auth-provider/springmvchello/sayhello", person, String.class); - System.out.println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); - System.out.println("RestTemplate consumer sayhi services: " + sayHiResult); - System.out.println("RestTemplate consumer sayhello services: " + sayHelloResult); - - } - - public static void init() throws Exception { - Log4jUtils.init(); - BeanUtils.init(); - } + private static RestTemplate restTemplate = RestTemplateBuilder.create(); + + public static void main(String[] args) throws Exception { + init(); + Person person = new Person(); + person.setName("ServiceComb/Authenticate"); + System.out.println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); + String sayHiResult = restTemplate.postForObject("cse://auth-provider/springmvchello/sayhi?name=Authenticate", + null, String.class); + String sayHelloResult = restTemplate.postForObject("cse://auth-provider/springmvchello/sayhello", person, + String.class); + System.out.println("RestTemplate consumer sayhi services: " + sayHiResult); + System.out.println("RestTemplate consumer sayhello services: " + sayHelloResult); + } + + public static void init() throws Exception { + Log4jUtils.init(); + BeanUtils.init(); + } } From ad136623eeeb99815f1e4015f1fb973c0894a690 Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Fri, 24 Nov 2017 19:36:23 +0800 Subject: [PATCH 13/28] fix ut --- .../consumer/ConsumerAuthHandler.java | 12 ++++--- .../TestConsumerAuthHandler.java | 11 ++++--- .../TestProviderAuthHanlder.java | 9 +----- .../springmvc/consumer/AuthConsumerMain.java | 32 ++++++++++++------- 4 files changed, 35 insertions(+), 29 deletions(-) diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java index 8541199b922..8f9c4a2b33c 100644 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java +++ b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -1,13 +1,13 @@ package io.servicecomb.authentication.consumer; -import java.util.Optional; - import io.servicecomb.core.Const; import io.servicecomb.core.Handler; import io.servicecomb.core.Invocation; import io.servicecomb.foundation.token.AuthenticationTokenManager; import io.servicecomb.swagger.invocation.AsyncResponse; +import java.util.Optional; + /** * * add token to context @@ -16,7 +16,7 @@ */ public class ConsumerAuthHandler implements Handler { - public AuthenticationTokenManager athenticationTokenManager = new RSACoumserTokenManager(); + private AuthenticationTokenManager athenticationTokenManager = new RSACoumserTokenManager(); @Override public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { @@ -25,6 +25,10 @@ public void handle(Invocation invocation, AsyncResponse asyncResp) throws Except Optional.ofNullable(token).ifPresent(t -> invocation.addContext(Const.AUTH_TOKEN, t)); invocation.next(asyncResp); } - + + public void setAuthenticationTokenManager(AuthenticationTokenManager authenticationTokenManager) + { + this.athenticationTokenManager = authenticationTokenManager; + } } diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java index 8dfba957656..1928cdb11a8 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -1,9 +1,8 @@ package io.servicecomb.authentication; import io.servicecomb.authentication.consumer.ConsumerAuthHandler; +import io.servicecomb.authentication.consumer.RSACoumserTokenManager; import io.servicecomb.core.Invocation; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.swagger.invocation.AsyncResponse; import org.junit.Assert; @@ -15,11 +14,13 @@ public class TestConsumerAuthHandler { Invocation invocation = null; AsyncResponse asyncResp = null; + RSACoumserTokenManager tokenManager = null; @Test public void testHandler() throws Exception { ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); + consumerAuthHandler.setAuthenticationTokenManager(tokenManager); consumerAuthHandler.handle(invocation, asyncResp); Assert.assertTrue(true); } @@ -28,8 +29,8 @@ public void testHandler() throws Exception { public void setUp() throws Exception { invocation = Mockito.mock(Invocation.class); asyncResp = Mockito.mock(AsyncResponse.class); - String[] privAndPubKey = RSAUtils.getEncodedKeyPair(); - RSAKeypair4Auth.INSTANCE.setPrivateKey(privAndPubKey[0]); - RSAKeypair4Auth.INSTANCE.setPublicKey(privAndPubKey[1]); + + tokenManager = Mockito.mock(RSACoumserTokenManager.class); + Mockito.when(tokenManager.getToken()).thenReturn("testtoken"); } } diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java index 5c718a78349..7d56aae4bd0 100644 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java +++ b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java @@ -1,11 +1,8 @@ package io.servicecomb.authentication; -import io.servicecomb.authentication.consumer.RSACoumserTokenManager; import io.servicecomb.authentication.provider.ProviderAuthHanlder; import io.servicecomb.core.Const; import io.servicecomb.core.Invocation; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.swagger.invocation.AsyncResponse; import org.junit.Assert; @@ -20,11 +17,7 @@ public class TestProviderAuthHanlder { public void setUp() throws Exception { invocation = Mockito.mock(Invocation.class); asyncResp = Mockito.mock(AsyncResponse.class); - String[] privAndPubKey = RSAUtils.getEncodedKeyPair(); - RSAKeypair4Auth.INSTANCE.setPrivateKey(privAndPubKey[0]); - RSAKeypair4Auth.INSTANCE.setPublicKey(privAndPubKey[1]); - String token = new RSACoumserTokenManager().createToken(); - Mockito.when(invocation.getContext(Const.AUTH_TOKEN)).thenReturn(token); + Mockito.when(invocation.getContext(Const.AUTH_TOKEN)).thenReturn("testtoken"); } @Test diff --git a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java index 4576dc708d3..e0f6014ca35 100644 --- a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java +++ b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java @@ -15,14 +15,14 @@ */ package io.servicecomb.samples.springmvc.consumer; -import org.springframework.stereotype.Component; -import org.springframework.web.client.RestTemplate; - import io.servicecomb.foundation.common.utils.BeanUtils; import io.servicecomb.foundation.common.utils.Log4jUtils; import io.servicecomb.provider.springmvc.reference.RestTemplateBuilder; import io.servicecomb.samples.common.schema.models.Person; +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; + @Component public class AuthConsumerMain { @@ -30,15 +30,23 @@ public class AuthConsumerMain { public static void main(String[] args) throws Exception { init(); - Person person = new Person(); - person.setName("ServiceComb/Authenticate"); - System.out.println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); - String sayHiResult = restTemplate.postForObject("cse://auth-provider/springmvchello/sayhi?name=Authenticate", - null, String.class); - String sayHelloResult = restTemplate.postForObject("cse://auth-provider/springmvchello/sayhello", person, - String.class); - System.out.println("RestTemplate consumer sayhi services: " + sayHiResult); - System.out.println("RestTemplate consumer sayhello services: " + sayHelloResult); + for (int i = 0; i < 2; i++) { + Person person = new Person(); + person.setName("ServiceComb/Authenticate"); + System.out + .println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); + String sayHiResult = restTemplate + .postForObject( + "cse://auth-provider/springmvchello/sayhi?name=Authenticate", + null, String.class); + String sayHelloResult = restTemplate.postForObject( + "cse://auth-provider/springmvchello/sayhello", person, + String.class); + System.out.println("RestTemplate consumer sayhi services: " + + sayHiResult); + System.out.println("RestTemplate consumer sayhello services: " + + sayHelloResult); + } } public static void init() throws Exception { From 8e86e2c1b16131526d4bc4d594c5457c22eecf54 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Sat, 25 Nov 2017 16:06:52 +0800 Subject: [PATCH 14/28] =?UTF-8?q?=E6=A0=B9=E6=8D=AE=E8=A7=81=E8=AF=86?= =?UTF-8?q?=E6=84=8F=E8=A7=81=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/utils/RSAKeyPairEntry.java | 33 +++++++ .../foundation/common/utils/RSAUtils.java | 86 ++++++++-------- .../token/AuthenticationTokenManager.java | 9 -- .../foundation/token/RSAKeypair4Auth.java | 66 ++++++++----- .../foundation/common/utils/TestRSAUtil.java | 14 ++- .../java/io/servicecomb/AuthHandlerBoot.java | 33 ------- .../RSAAuthenticationToken.java | 98 ------------------- .../consumer/ConsumerAuthHandler.java | 34 ------- .../consumer/RSACoumserTokenManager.java | 77 --------------- .../provider/ProviderAuthHanlder.java | 27 ----- .../provider/RSAProviderTokenManager.java | 90 ----------------- .../authentication/TestAuthHandlerBoot.java | 24 ----- .../TestConsumerAuthHandler.java | 36 ------- .../TestProviderAuthHanlder.java | 30 ------ .../TestRSAAuthenticationToken.java | 29 ------ .../TestRSAProviderTokenManager.java | 79 --------------- .../pom.xml | 6 -- .../java/io/servicecomb/AuthHandlerBoot.java | 33 +++++++ .../RSAAuthenticationToken.java | 98 +++++++++++++++++++ .../consumer/ConsumerAuthHandler.java | 37 +++++++ .../consumer/RSACoumserTokenManager.java | 81 +++++++++++++++ .../provider/ProviderAuthHanlder.java | 26 +++++ .../provider/RSAProviderTokenManager.java | 84 ++++++++++++++++ .../src/main/resources/config/cse.handler.xml | 0 .../authentication/TestAuthHandlerBoot.java | 23 +++++ .../TestConsumerAuthHandler.java | 38 +++++++ .../TestProviderAuthHanlder.java | 31 ++++++ .../TestRSAAuthenticationToken.java | 35 +++++++ .../TestRSAProviderTokenManager.java | 83 ++++++++++++++++ .../src/test/resources/log4j.properties | 0 handlers/pom.xml | 2 +- .../META-INF/spring/pojo.consumer.bean.xml | 30 ------ ...log4j.demo.properties => log4j.properties} | 0 .../resources/microservices/hello/hello.yaml | 55 ----------- ...log4j.demo.properties => log4j.properties} | 0 .../resources/microservices/hello/hello.yaml | 55 ----------- ...java => MicroserviceInstanceResponse.java} | 2 +- .../http/ServiceRegistryClientImpl.java | 6 +- .../MicroserviceInstanceRegisterTask.java | 2 +- 39 files changed, 699 insertions(+), 793 deletions(-) create mode 100644 foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java delete mode 100644 foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java delete mode 100644 handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java delete mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java delete mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java delete mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java delete mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java delete mode 100644 handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java rename handlers/{handler-auth => handler-publickey-auth}/pom.xml (93%) create mode 100644 handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java create mode 100644 handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java create mode 100644 handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java create mode 100644 handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java create mode 100644 handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java create mode 100644 handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java rename handlers/{handler-auth => handler-publickey-auth}/src/main/resources/config/cse.handler.xml (100%) create mode 100644 handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java create mode 100644 handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java create mode 100644 handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java create mode 100644 handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java create mode 100644 handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java rename handlers/{handler-auth => handler-publickey-auth}/src/test/resources/log4j.properties (100%) delete mode 100644 samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml rename samples/auth-sample/auth-consumer/src/main/resources/config/{log4j.demo.properties => log4j.properties} (100%) delete mode 100644 samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml rename samples/auth-sample/auth-provider/src/main/resources/config/{log4j.demo.properties => log4j.properties} (100%) delete mode 100644 samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml rename service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/{MicroInstanceResponse.java => MicroserviceInstanceResponse.java} (88%) diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java new file mode 100644 index 00000000000..f5bc7efa4ba --- /dev/null +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java @@ -0,0 +1,33 @@ +package io.servicecomb.foundation.common.utils; + +import java.security.PrivateKey; +import java.security.PublicKey; + +public final class RSAKeyPairEntry { + + private PrivateKey privateKey; + + private PublicKey publicKey; + + private String publicKeyEncoded; + + public RSAKeyPairEntry(PrivateKey privateKey, PublicKey publicKey, String publicKeyEncoded) + { + this.privateKey = privateKey; + this.publicKey = publicKey; + this.publicKeyEncoded = publicKeyEncoded; + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public PublicKey getPublicKey() { + return publicKey; + } + + public String getPublicKeyEncoded() { + return publicKeyEncoded; + } + +} diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java index 2217d85a5f3..fe3e69e29d3 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -11,53 +11,51 @@ import java.security.Signature; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; public class RSAUtils { - private final static String RSA_ALG = "RSA"; - private final static String SIGN_ALG = "SHA256withRSA"; - - private static Base64.Encoder encoder = Base64.getEncoder(); - private static Base64.Decoder decoder = Base64.getDecoder(); - - public static String[] getEncodedKeyPair() { - try { - KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(RSA_ALG); - keyGenerator.initialize(1024, new SecureRandom()); - KeyPair keyPair = keyGenerator.generateKeyPair(); - PublicKey pubKey = keyPair.getPublic(); - PrivateKey privKey = keyPair.getPrivate(); - return new String[] { encoder.encodeToString(privKey.getEncoded()), - encoder.encodeToString(pubKey.getEncoded()) }; - } catch (NoSuchAlgorithmException e) { - throw new Error(e); - } - } - - public static String sign(String content, String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException { - byte[] bytes = decoder.decode(privateKey); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes); - KeyFactory kf = KeyFactory.getInstance(RSA_ALG); - PrivateKey key = kf.generatePrivate(keySpec); - Signature signature = Signature.getInstance(SIGN_ALG); - signature.initSign(key); - signature.update(content.getBytes()); - byte []signByte = signature.sign(); - return encoder.encodeToString(signByte); - } - - public static boolean verify(String publicKey, String sign, String content) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException { - byte[] bytes = decoder.decode(publicKey); - X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); - KeyFactory kf = KeyFactory.getInstance(RSA_ALG); - PublicKey pubKey = kf.generatePublic(keySpec); - Signature signature = Signature.getInstance(SIGN_ALG); - signature.initVerify(pubKey); - signature.update(content.getBytes()); - return signature.verify(decoder.decode(sign)); - } - + private final static String RSA_ALG = "RSA"; + + private final static String SIGN_ALG = "SHA256withRSA"; + + private static Base64.Encoder encoder = Base64.getEncoder(); + + private static Base64.Decoder decoder = Base64.getDecoder(); + + public static RSAKeyPairEntry getRSAKeyPair() { + try { + KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(RSA_ALG); + keyGenerator.initialize(1024, new SecureRandom()); + KeyPair keyPair = keyGenerator.generateKeyPair(); + PublicKey pubKey = keyPair.getPublic(); + PrivateKey privKey = keyPair.getPrivate(); + return new RSAKeyPairEntry(privKey, pubKey, encoder.encodeToString(pubKey.getEncoded())); + } catch (NoSuchAlgorithmException e) { + throw new Error(e); + } + } + + public static String sign(String content, PrivateKey privateKey) + throws NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException { + Signature signature = Signature.getInstance(SIGN_ALG); + signature.initSign(privateKey); + signature.update(content.getBytes()); + byte[] signByte = signature.sign(); + return encoder.encodeToString(signByte); + } + + public static boolean verify(String publicKey, String sign, String content) + throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException { + byte[] bytes = decoder.decode(publicKey); + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); + KeyFactory kf = KeyFactory.getInstance(RSA_ALG); + PublicKey pubKey = kf.generatePublic(keySpec); + Signature signature = Signature.getInstance(SIGN_ALG); + signature.initVerify(pubKey); + signature.update(content.getBytes()); + return signature.verify(decoder.decode(sign)); + } + } diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java deleted file mode 100644 index 1e769aa8d75..00000000000 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/AuthenticationTokenManager.java +++ /dev/null @@ -1,9 +0,0 @@ -package io.servicecomb.foundation.token; - -public interface AuthenticationTokenManager { - - default public String getToken(){return "";} - - public boolean valid(String token); - -} diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java index aafbd280101..84000e5ded0 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/token/RSAKeypair4Auth.java @@ -1,32 +1,52 @@ package io.servicecomb.foundation.token; +import java.security.PrivateKey; +import java.security.PublicKey; + /** * 进程级别公私钥对 * */ public class RSAKeypair4Auth { - private RSAKeypair4Auth(){}; - - private String privateKey; - - private String publicKey; - - public String getPrivateKey() { - return privateKey; - } - - public void setPrivateKey(String privateKey) { - this.privateKey = privateKey; - } - - public String getPublicKey() { - return publicKey; - } - - public void setPublicKey(String publicKey) { - this.publicKey = publicKey; - } - - public static RSAKeypair4Auth INSTANCE = new RSAKeypair4Auth(); + private RSAKeypair4Auth() { + }; + + private PrivateKey privateKey; + + private PublicKey publicKey; + + private String publicKeyEncoded; + + + public PrivateKey getPrivateKey() { + return privateKey; + } + + + public void setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + } + + + public PublicKey getPublicKey() { + return publicKey; + } + + + public void setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + } + + + public String getPublicKeyEncoded() { + return publicKeyEncoded; + } + + + public void setPublicKeyEncoded(String publicKeyEncoded) { + this.publicKeyEncoded = publicKeyEncoded; + } + + public static RSAKeypair4Auth INSTANCE = new RSAKeypair4Auth(); } diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java index c4c902006cc..515aaf338f5 100644 --- a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java @@ -13,16 +13,14 @@ public class TestRSAUtil { @Test public void testSignVerify() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException { - String []keypair = RSAUtils.getEncodedKeyPair(); + RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.getRSAKeyPair(); - String privateKey = keypair[0]; - String pubKey = keypair[1]; - - Assert.assertNotNull(privateKey); - Assert.assertNotNull(pubKey); + Assert.assertNotNull(rsaKeyPairEntry.getPublicKeyEncoded()); + Assert.assertNotNull(rsaKeyPairEntry.getPrivateKey()); + Assert.assertNotNull(rsaKeyPairEntry.getPublicKey()); String testContent = "instance-id@201711201930@randomstr"; - String signstr = RSAUtils.sign(testContent, privateKey); - Assert.assertTrue(RSAUtils.verify(pubKey, signstr, testContent)); + String signstr = RSAUtils.sign(testContent, rsaKeyPairEntry.getPrivateKey()); + Assert.assertTrue(RSAUtils.verify(rsaKeyPairEntry.getPublicKeyEncoded(), signstr, testContent)); } diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java deleted file mode 100644 index 87c0aa33410..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java +++ /dev/null @@ -1,33 +0,0 @@ -package io.servicecomb; - -import io.servicecomb.core.BootListener; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.RSAKeypair4Auth; - -import org.springframework.stereotype.Component; - -/** - * - * initialize public and private key pair when system boot before registry instance to service center - * - * - */ -@Component -public class AuthHandlerBoot implements BootListener { - - - @Override - public void onBootEvent(BootEvent event) { - if (EventType.BEFORE_REGISTRY.equals(event.getEventType())) - { - String []privAndPubKey = RSAUtils.getEncodedKeyPair(); - RSAKeypair4Auth.INSTANCE.setPrivateKey(privAndPubKey[0]); - RSAKeypair4Auth.INSTANCE.setPublicKey(privAndPubKey[1]); - } - - } - - - - -} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java deleted file mode 100644 index 0333099fdd0..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ /dev/null @@ -1,98 +0,0 @@ -package io.servicecomb.authentication; - - -/** - * token 组成部分: - * token: instanceId@@generateTime@randomCode@sign(instanceId@@generateTime@randomCode) - * - */ -public class RSAAuthenticationToken { - - public final static long TOKEN_ACTIVE_TIME = 24 * 60 * 60 *1000; - - private String instanceId; - - private String serviceId; - - private long generateTime; - - private String randomCode; - - private String sign; - - public RSAAuthenticationToken(String instanceId, String serviceId, long generateTime, - String randomCode, String sign) { - this.instanceId = instanceId; - this.generateTime = generateTime; - this.randomCode = randomCode; - this.serviceId = serviceId; - this.sign = sign; - } - - public String plainToken() - { - return String.format("%s@%s@%s@%s", this.instanceId, this.serviceId, this.generateTime, this.randomCode); - } - - - public String getInstanceId() { - return instanceId; - } - - - public long getGenerateTime() { - return generateTime; - } - - - public String getSign() { - return sign; - } - - - public String fromat() { - return String.format("%s@%s@%s@%s@%s", instanceId, serviceId, generateTime, - randomCode, sign); - } - - public static RSAAuthenticationToken fromStr(String token) { - String[] tokenArr = token.split("@"); - if (tokenArr.length != 5) { - return null; - } - return new RSAAuthenticationToken(tokenArr[0], tokenArr[1], - Long.valueOf(tokenArr[2]), tokenArr[3], tokenArr[4]); - } - - public String getServiceId() { - return serviceId; - } - - public void setServiceId(String serviceId) { - this.serviceId = serviceId; - } - - @Override - public boolean equals(Object obj) { - if(null == obj || !(obj instanceof RSAAuthenticationToken)) - { - return false; - } - RSAAuthenticationToken token = (RSAAuthenticationToken)obj; - if (!token.plainToken().equals(this.plainToken())) - { - return false; - } - if (!token.getSign().equals(this.sign)) - { - return false; - } - return true; - } - - public int hashCode() { - return this.plainToken().hashCode() + this.sign.hashCode(); - } - - -} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java deleted file mode 100644 index 8f9c4a2b33c..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java +++ /dev/null @@ -1,34 +0,0 @@ -package io.servicecomb.authentication.consumer; - -import io.servicecomb.core.Const; -import io.servicecomb.core.Handler; -import io.servicecomb.core.Invocation; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.swagger.invocation.AsyncResponse; - -import java.util.Optional; - -/** - * - * add token to context - * Provider will get token for authentication - * - */ -public class ConsumerAuthHandler implements Handler { - - private AuthenticationTokenManager athenticationTokenManager = new RSACoumserTokenManager(); - - @Override - public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { - - String token = athenticationTokenManager.getToken(); - Optional.ofNullable(token).ifPresent(t -> invocation.addContext(Const.AUTH_TOKEN, t)); - invocation.next(asyncResp); - } - - public void setAuthenticationTokenManager(AuthenticationTokenManager authenticationTokenManager) - { - this.athenticationTokenManager = authenticationTokenManager; - } - -} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java deleted file mode 100644 index f828828669c..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java +++ /dev/null @@ -1,77 +0,0 @@ -package io.servicecomb.authentication.consumer; - -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.util.Date; -import java.util.concurrent.locks.ReadWriteLock; -import java.util.concurrent.locks.ReentrantReadWriteLock; - -import org.apache.commons.lang3.RandomStringUtils; - -import io.servicecomb.authentication.RSAAuthenticationToken; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.foundation.token.RSAKeypair4Auth; -import io.servicecomb.serviceregistry.RegistryUtils; - -public class RSACoumserTokenManager implements AuthenticationTokenManager { - - private ReadWriteLock readWriteLock = new ReentrantReadWriteLock(); - - private RSAAuthenticationToken token; - - @Override - public String getToken() { - readWriteLock.readLock().lock(); - if(null != token && valid(token.fromat())) - { - String tokenStr = token.fromat(); - readWriteLock.readLock().unlock(); - return tokenStr; - } - else - { - readWriteLock.readLock().unlock(); - return createToken(); - } - } - - public String createToken() - { - String privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey(); - readWriteLock.writeLock().lock(); - String instanceId = RegistryUtils.getMicroserviceInstance().getInstanceId(); - String serviceId = RegistryUtils.getMicroservice().getServiceId(); - String randomCode = RandomStringUtils.randomAlphanumeric(128); - long generateTime = System.currentTimeMillis(); - try { - String plain = String.format("%s@%s@%s@%s", instanceId, serviceId, generateTime, randomCode); - String sign = RSAUtils.sign(plain, privateKey); - token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, sign)); - return token.fromat(); - } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { - throw new Error("create token error"); - } - - } - - /** - * the TTL of Token is 24 hours - * client token will expired 15 minutes early - */ - @Override - public boolean valid(String token) { - long generateTime = RSAAuthenticationToken.fromStr(token).getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); - Date now = new Date(); - if (now.before(expiredDate) ) - { - return true; - } - return false; - } - - -} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java deleted file mode 100644 index 5b451b12326..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java +++ /dev/null @@ -1,27 +0,0 @@ -package io.servicecomb.authentication.provider; - -import io.servicecomb.core.Const; -import io.servicecomb.core.Handler; -import io.servicecomb.core.Invocation; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.swagger.invocation.AsyncResponse; -import io.servicecomb.swagger.invocation.context.HttpStatus; -import io.servicecomb.swagger.invocation.exception.InvocationException; - -public class ProviderAuthHanlder implements Handler { - - private AuthenticationTokenManager authenticationTokenManager = new RSAProviderTokenManager(); - - @Override - public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { - - String token = invocation.getContext(Const.AUTH_TOKEN); - if (null != token && authenticationTokenManager.valid(token)) { - invocation.next(asyncResp); - } else { - asyncResp.producerFail(new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "UNAUTHORIZED")); - } - - } - -} diff --git a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java deleted file mode 100644 index 4b2bdddaed3..00000000000 --- a/handlers/handler-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java +++ /dev/null @@ -1,90 +0,0 @@ -package io.servicecomb.authentication.provider; - -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.util.Date; -import java.util.Optional; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import io.servicecomb.authentication.RSAAuthenticationToken; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.AuthenticationTokenManager; -import io.servicecomb.serviceregistry.api.Const; -import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; -import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; - -public class RSAProviderTokenManager implements AuthenticationTokenManager { - - private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); - - private Set validatedToken = ConcurrentHashMap.newKeySet(1000); - - @Override - public boolean valid(String token) { - try { - RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); - if (null == rsaToken) { - logger.error("token format is error, perhaps you need to set auth handler at consumer"); - return false; - } - if (tokenExprired(rsaToken)) - { - logger.error("token is expired"); - return false; - } - if (validatedToken.contains(rsaToken)) { - logger.info("found vaildate token in vaildate pool"); - return true; - } - else - { - String sign = rsaToken.getSign(); - String content = rsaToken.plainToken(); - String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); - boolean verify = RSAUtils.verify(publicKey, sign, content); - if (verify && !tokenExprired(rsaToken)) { - validatedToken.add(rsaToken); - return true; - } - else - { - logger.error("token verify error"); - return false; - } - } - - } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { - logger.error("verfiy error", e); - return false; - } - } - - private boolean tokenExprired(RSAAuthenticationToken rsaToken) { - long generateTime = rsaToken.getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); - Date now = new Date(); - if (now.before(expiredDate)) { - return false; - } - return true; - } - - private String getPublicKey(String instanceId, String serviceId) { - Optional instances = Optional - .ofNullable(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)); - if (instances.isPresent()) { - return instances.map(MicroserviceInstance::getProperties) - .map(properties -> properties.get(Const.INSTANCE_PUBKEY_PRO)).get(); - } else { - logger.error("not instance found {}-{}, maybe attack", instanceId, serviceId); - return ""; - } - } - -} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java deleted file mode 100644 index f08d62f7cf3..00000000000 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java +++ /dev/null @@ -1,24 +0,0 @@ -package io.servicecomb.authentication; - -import io.servicecomb.AuthHandlerBoot; -import io.servicecomb.core.BootListener; -import io.servicecomb.core.BootListener.BootEvent; -import io.servicecomb.foundation.token.RSAKeypair4Auth; - -import org.junit.Assert; -import org.junit.Test; - -public class TestAuthHandlerBoot { - - - @Test - public void testGenerateRSAKey() - { - AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot(); - BootEvent bootEvent = new BootEvent(); - bootEvent.setEventType(BootListener.EventType.BEFORE_REGISTRY); - authHandlerBoot.onBootEvent(bootEvent); - Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPrivateKey()); - Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPublicKey()); - } -} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java deleted file mode 100644 index 1928cdb11a8..00000000000 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java +++ /dev/null @@ -1,36 +0,0 @@ -package io.servicecomb.authentication; - -import io.servicecomb.authentication.consumer.ConsumerAuthHandler; -import io.servicecomb.authentication.consumer.RSACoumserTokenManager; -import io.servicecomb.core.Invocation; -import io.servicecomb.swagger.invocation.AsyncResponse; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; - -public class TestConsumerAuthHandler { - - Invocation invocation = null; - AsyncResponse asyncResp = null; - RSACoumserTokenManager tokenManager = null; - - @Test - public void testHandler() throws Exception { - - ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); - consumerAuthHandler.setAuthenticationTokenManager(tokenManager); - consumerAuthHandler.handle(invocation, asyncResp); - Assert.assertTrue(true); - } - - @Before - public void setUp() throws Exception { - invocation = Mockito.mock(Invocation.class); - asyncResp = Mockito.mock(AsyncResponse.class); - - tokenManager = Mockito.mock(RSACoumserTokenManager.class); - Mockito.when(tokenManager.getToken()).thenReturn("testtoken"); - } -} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java deleted file mode 100644 index 7d56aae4bd0..00000000000 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java +++ /dev/null @@ -1,30 +0,0 @@ -package io.servicecomb.authentication; - -import io.servicecomb.authentication.provider.ProviderAuthHanlder; -import io.servicecomb.core.Const; -import io.servicecomb.core.Invocation; -import io.servicecomb.swagger.invocation.AsyncResponse; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; - -public class TestProviderAuthHanlder { - Invocation invocation = null; - AsyncResponse asyncResp = null; - @Before - public void setUp() throws Exception { - invocation = Mockito.mock(Invocation.class); - asyncResp = Mockito.mock(AsyncResponse.class); - Mockito.when(invocation.getContext(Const.AUTH_TOKEN)).thenReturn("testtoken"); - } - - @Test - public void testHandle() throws Exception - { - ProviderAuthHanlder providerAuthHanlder = new ProviderAuthHanlder(); - providerAuthHanlder.handle(invocation, asyncResp); - Assert.assertTrue(true); - } -} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java deleted file mode 100644 index 6bbd47eb605..00000000000 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java +++ /dev/null @@ -1,29 +0,0 @@ -package io.servicecomb.authentication; - -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; - -import org.junit.Assert; -import org.junit.Test; - -import io.servicecomb.foundation.common.utils.RSAUtils; - - -public class TestRSAAuthenticationToken { - - - @Test - public void testRSAAuthenticationToken() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException - { - String tokenstr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; - RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); - String contents = token.plainToken(); - Assert.assertEquals("e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ", contents); - String sign = token.getSign(); - Assert.assertEquals("WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk=", sign); - String pubKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; - Assert.assertTrue(RSAUtils.verify(pubKey, sign, contents)); - } -} diff --git a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java b/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java deleted file mode 100644 index dab571e4b5c..00000000000 --- a/handlers/handler-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java +++ /dev/null @@ -1,79 +0,0 @@ -package io.servicecomb.authentication; - -import java.util.HashMap; -import java.util.Map; - -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -import io.servicecomb.authentication.consumer.RSACoumserTokenManager; -import io.servicecomb.authentication.provider.RSAProviderTokenManager; -import io.servicecomb.foundation.common.utils.RSAUtils; -import io.servicecomb.foundation.token.RSAKeypair4Auth; -import io.servicecomb.serviceregistry.RegistryUtils; -import io.servicecomb.serviceregistry.api.Const; -import io.servicecomb.serviceregistry.api.registry.Microservice; -import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; -import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; -@RunWith(PowerMockRunner.class) -@PrepareForTest({MicroserviceInstanceCache.class,RegistryUtils.class}) -public class TestRSAProviderTokenManager { - - - @Test - public void testTokenExpried() - { - String tokenStr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; - RSAProviderTokenManager tokenManager = new RSAProviderTokenManager(); - PowerMockito.mockStatic(MicroserviceInstanceCache.class); - MicroserviceInstance microserviceInstance = new MicroserviceInstance(); - Map properties = new HashMap(); - microserviceInstance.setProperties(properties); - properties.put(Const.INSTANCE_PUBKEY_PRO, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"); - PowerMockito.when(MicroserviceInstanceCache.getOrCreate("c8636e5acf1f11e7b701286ed488fc20", "e8a04b54cf2711e7b701286ed488fc20")).thenReturn(microserviceInstance); - Assert.assertFalse(tokenManager.valid(tokenStr)); - } - - @Test - public void testTokenFromVaidatePool() - { - String[] keypairs = RSAUtils.getEncodedKeyPair(); - String privateKey = keypairs[0]; - String publicKey = keypairs[1]; - RSAKeypair4Auth.INSTANCE.setPrivateKey(privateKey); - RSAKeypair4Auth.INSTANCE.setPublicKey(publicKey); - String serviceId = "c8636e5acf1f11e7b701286ed488fc20"; - String instanceId= "e8a04b54cf2711e7b701286ed488fc20"; - RSACoumserTokenManager rsaCoumserTokenManager = new RSACoumserTokenManager(); - MicroserviceInstance microserviceInstance = new MicroserviceInstance(); - microserviceInstance.setInstanceId(instanceId); - Map properties = new HashMap(); - microserviceInstance.setProperties(properties); - properties.put(Const.INSTANCE_PUBKEY_PRO, publicKey); - Microservice microservice = new Microservice(); - microservice.setServiceId(serviceId); - PowerMockito.mockStatic(RegistryUtils.class); - PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); - PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); - - //Test Consumer first create token - String token = rsaCoumserTokenManager.getToken(); - Assert.assertNotNull(token); - // use cache token - Assert.assertEquals(token, rsaCoumserTokenManager.getToken()); - - PowerMockito.mockStatic(MicroserviceInstanceCache.class); - PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(microserviceInstance); - RSAProviderTokenManager rsaProviderTokenManager = new RSAProviderTokenManager(); - //first validate need to verify use RSA - Assert.assertTrue(rsaProviderTokenManager.valid(token)); - // second validate use validated pool - PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(null); - Assert.assertTrue(rsaProviderTokenManager.valid(token)); - } - -} diff --git a/handlers/handler-auth/pom.xml b/handlers/handler-publickey-auth/pom.xml similarity index 93% rename from handlers/handler-auth/pom.xml rename to handlers/handler-publickey-auth/pom.xml index 217fc8a272f..cd255678af7 100644 --- a/handlers/handler-auth/pom.xml +++ b/handlers/handler-publickey-auth/pom.xml @@ -34,12 +34,6 @@ io.servicecomb java-chassis-core - - - com.netflix.hystrix - hystrix-core - - org.slf4j slf4j-log4j12 diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java new file mode 100644 index 00000000000..91883101ec7 --- /dev/null +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -0,0 +1,33 @@ +package io.servicecomb; + +import io.servicecomb.core.BootListener; +import io.servicecomb.foundation.common.utils.RSAKeyPairEntry; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.RSAKeypair4Auth; + +import org.springframework.stereotype.Component; + +/** + * + * initialize public and private key pair when system boot before registry instance to service center + * + * + */ +@Component +public class AuthHandlerBoot implements BootListener { + + + @Override + public void onBootEvent(BootEvent event) { + if (EventType.BEFORE_REGISTRY.equals(event.getEventType())) { + RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.getRSAKeyPair(); + RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey()); + RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey()); + RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded()); + } + + } + + + +} diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java new file mode 100644 index 00000000000..de82e665157 --- /dev/null +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -0,0 +1,98 @@ +package io.servicecomb.authentication; + + +/** + * token 组成部分: + * token: instanceId@@generateTime@randomCode@sign(instanceId@@generateTime@randomCode) + * + */ +public class RSAAuthenticationToken { + + public final static long TOKEN_ACTIVE_TIME = 24 * 60 * 60 * 1000; + + private String instanceId; + + private String serviceId; + + private long generateTime; + + private String randomCode; + + private String sign; + + public RSAAuthenticationToken(String instanceId, String serviceId, long generateTime, + String randomCode, String sign) { + this.instanceId = instanceId; + this.generateTime = generateTime; + this.randomCode = randomCode; + this.serviceId = serviceId; + this.sign = sign; + } + + public String plainToken() { + return String.format("%s@%s@%s@%s", this.instanceId, this.serviceId, this.generateTime, this.randomCode); + } + + + public String getInstanceId() { + return instanceId; + } + + + public long getGenerateTime() { + return generateTime; + } + + + public String getSign() { + return sign; + } + + + public String format() { + return String.format("%s@%s@%s@%s@%s", + instanceId, + serviceId, + generateTime, + randomCode, + sign); + } + + public static RSAAuthenticationToken fromStr(String token) { + String[] tokenArr = token.split("@"); + if (tokenArr.length != 5) { + return null; + } + return new RSAAuthenticationToken(tokenArr[0], tokenArr[1], + Long.valueOf(tokenArr[2]), tokenArr[3], tokenArr[4]); + } + + public String getServiceId() { + return serviceId; + } + + public void setServiceId(String serviceId) { + this.serviceId = serviceId; + } + + @Override + public boolean equals(Object obj) { + if (null == obj || !(obj instanceof RSAAuthenticationToken)) { + return false; + } + RSAAuthenticationToken token = (RSAAuthenticationToken) obj; + if (!token.plainToken().equals(this.plainToken())) { + return false; + } + if (!token.getSign().equals(this.sign)) { + return false; + } + return true; + } + + public int hashCode() { + return this.plainToken().hashCode() + this.sign.hashCode(); + } + + +} diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java new file mode 100644 index 00000000000..5c264f32f04 --- /dev/null +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -0,0 +1,37 @@ +package io.servicecomb.authentication.consumer; + +import java.util.Optional; + +import io.servicecomb.core.Const; +import io.servicecomb.core.Handler; +import io.servicecomb.core.Invocation; +import io.servicecomb.swagger.invocation.AsyncResponse; + +/** + * + * add token to context + * Provider will get token for authentication + * + */ +public class ConsumerAuthHandler implements Handler { + + private RSACoumserTokenManager athenticationTokenManager = new RSACoumserTokenManager(); + + @Override + public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { + + Optional token = Optional.ofNullable(athenticationTokenManager.getToken()); + if(!token.isPresent()) + { + asyncResp.consumerFail( + new Error("rejected by consumer authentication handler")); + } + invocation.addContext(Const.AUTH_TOKEN, token.get()); + invocation.next(asyncResp); + } + + public void setAuthenticationTokenManager(RSACoumserTokenManager authenticationTokenManager) { + this.athenticationTokenManager = authenticationTokenManager; + } + +} diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java new file mode 100644 index 00000000000..a32a63fef36 --- /dev/null +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java @@ -0,0 +1,81 @@ +package io.servicecomb.authentication.consumer; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; +import java.util.Date; +import java.util.concurrent.locks.ReadWriteLock; +import java.util.concurrent.locks.ReentrantReadWriteLock; + +import org.apache.commons.lang3.RandomStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import io.servicecomb.authentication.RSAAuthenticationToken; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.serviceregistry.RegistryUtils; + +public class RSACoumserTokenManager { + + private static final Logger logger = LoggerFactory.getLogger(RSACoumserTokenManager.class); + + private ReadWriteLock readWriteLock = new ReentrantReadWriteLock(); + + private RSAAuthenticationToken token; + + public String getToken() { + readWriteLock.readLock().lock(); + if (isvalid(token)) { + String tokenStr = token.format(); + readWriteLock.readLock().unlock(); + return tokenStr; + } else { + readWriteLock.readLock().unlock(); + return createToken(); + } + } + + public String createToken() { + PrivateKey privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey(); + readWriteLock.writeLock().lock(); + if (isvalid(token)) { + logger.debug("Token had been recreated by another thread"); + return token.format(); + } + String instanceId = RegistryUtils.getMicroserviceInstance().getInstanceId(); + String serviceId = RegistryUtils.getMicroservice().getServiceId(); + String randomCode = RandomStringUtils.randomAlphanumeric(128); + long generateTime = System.currentTimeMillis(); + try { + String plain = String.format("%s@%s@%s@%s", instanceId, serviceId, generateTime, randomCode); + String sign = RSAUtils.sign(plain, privateKey); + token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, sign)); + return token.format(); + } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { + throw new Error("create token error"); + } + + } + + /** + * the TTL of Token is 24 hours + * client token will expired 15 minutes early + */ + public boolean isvalid(RSAAuthenticationToken token) { + if (null == token) { + return false; + } + long generateTime = token.getGenerateTime(); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); + Date now = new Date(); + if (now.before(expiredDate)) { + return true; + } + return false; + } + + +} diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java new file mode 100644 index 00000000000..cdac2bffbfb --- /dev/null +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java @@ -0,0 +1,26 @@ +package io.servicecomb.authentication.provider; + +import io.servicecomb.core.Const; +import io.servicecomb.core.Handler; +import io.servicecomb.core.Invocation; +import io.servicecomb.swagger.invocation.AsyncResponse; +import io.servicecomb.swagger.invocation.context.HttpStatus; +import io.servicecomb.swagger.invocation.exception.InvocationException; + +public class ProviderAuthHanlder implements Handler { + + private RSAProviderTokenManager authenticationTokenManager = new RSAProviderTokenManager(); + + @Override + public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { + + String token = invocation.getContext(Const.AUTH_TOKEN); + if (null != token && authenticationTokenManager.valid(token)) { + invocation.next(asyncResp); + } else { + asyncResp.producerFail(new InvocationException(new HttpStatus(401, "UNAUTHORIZED"), "UNAUTHORIZED")); + } + + } + +} diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java new file mode 100644 index 00000000000..da5cf438406 --- /dev/null +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -0,0 +1,84 @@ +package io.servicecomb.authentication.provider; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; +import java.util.Date; +import java.util.Optional; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import io.servicecomb.authentication.RSAAuthenticationToken; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.serviceregistry.api.Const; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; + +public class RSAProviderTokenManager { + + private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); + + private Set validatedToken = ConcurrentHashMap.newKeySet(1000); + + public boolean valid(String token) { + try { + RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); + if (null == rsaToken) { + logger.error("token format is error, perhaps you need to set auth handler at consumer"); + return false; + } + if (tokenExprired(rsaToken)) { + logger.error("token is expired"); + return false; + } + if (validatedToken.contains(rsaToken)) { + logger.info("found vaildate token in vaildate pool"); + return true; + } else { + String sign = rsaToken.getSign(); + String content = rsaToken.plainToken(); + String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); + boolean verify = RSAUtils.verify(publicKey, sign, content); + if (verify && !tokenExprired(rsaToken)) { + validatedToken.add(rsaToken); + return true; + } else { + logger.error("token verify error"); + return false; + } + } + + } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { + logger.error("verfiy error", e); + return false; + } + } + + private boolean tokenExprired(RSAAuthenticationToken rsaToken) { + long generateTime = rsaToken.getGenerateTime(); + Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); + Date now = new Date(); + if (now.before(expiredDate)) { + return false; + } + return true; + } + + private String getPublicKey(String instanceId, String serviceId) { + Optional instances = Optional + .ofNullable(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)); + if (instances.isPresent()) { + return instances.map(MicroserviceInstance::getProperties) + .map(properties -> properties.get(Const.INSTANCE_PUBKEY_PRO)) + .get(); + } else { + logger.error("not instance found {}-{}, maybe attack", instanceId, serviceId); + return ""; + } + } + +} diff --git a/handlers/handler-auth/src/main/resources/config/cse.handler.xml b/handlers/handler-publickey-auth/src/main/resources/config/cse.handler.xml similarity index 100% rename from handlers/handler-auth/src/main/resources/config/cse.handler.xml rename to handlers/handler-publickey-auth/src/main/resources/config/cse.handler.xml diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java new file mode 100644 index 00000000000..3841d67c66b --- /dev/null +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java @@ -0,0 +1,23 @@ +package io.servicecomb.authentication; + +import io.servicecomb.AuthHandlerBoot; +import io.servicecomb.core.BootListener; +import io.servicecomb.core.BootListener.BootEvent; +import io.servicecomb.foundation.token.RSAKeypair4Auth; + +import org.junit.Assert; +import org.junit.Test; + +public class TestAuthHandlerBoot { + + + @Test + public void testGenerateRSAKey() { + AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot(); + BootEvent bootEvent = new BootEvent(); + bootEvent.setEventType(BootListener.EventType.BEFORE_REGISTRY); + authHandlerBoot.onBootEvent(bootEvent); + Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPrivateKey()); + Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPublicKey()); + } +} diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java new file mode 100644 index 00000000000..e857aba4939 --- /dev/null +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -0,0 +1,38 @@ +package io.servicecomb.authentication; + +import io.servicecomb.authentication.consumer.ConsumerAuthHandler; +import io.servicecomb.authentication.consumer.RSACoumserTokenManager; +import io.servicecomb.core.Invocation; +import io.servicecomb.swagger.invocation.AsyncResponse; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class TestConsumerAuthHandler { + + Invocation invocation = null; + + AsyncResponse asyncResp = null; + + RSACoumserTokenManager tokenManager = null; + + @Test + public void testHandler() throws Exception { + + ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); + consumerAuthHandler.setAuthenticationTokenManager(tokenManager); + consumerAuthHandler.handle(invocation, asyncResp); + Assert.assertTrue(true); + } + + @Before + public void setUp() throws Exception { + invocation = Mockito.mock(Invocation.class); + asyncResp = Mockito.mock(AsyncResponse.class); + + tokenManager = Mockito.mock(RSACoumserTokenManager.class); + Mockito.when(tokenManager.getToken()).thenReturn("testtoken"); + } +} diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java new file mode 100644 index 00000000000..371e07d603c --- /dev/null +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java @@ -0,0 +1,31 @@ +package io.servicecomb.authentication; + +import io.servicecomb.authentication.provider.ProviderAuthHanlder; +import io.servicecomb.core.Const; +import io.servicecomb.core.Invocation; +import io.servicecomb.swagger.invocation.AsyncResponse; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class TestProviderAuthHanlder { + Invocation invocation = null; + + AsyncResponse asyncResp = null; + + @Before + public void setUp() throws Exception { + invocation = Mockito.mock(Invocation.class); + asyncResp = Mockito.mock(AsyncResponse.class); + Mockito.when(invocation.getContext(Const.AUTH_TOKEN)).thenReturn("testtoken"); + } + + @Test + public void testHandle() throws Exception { + ProviderAuthHanlder providerAuthHanlder = new ProviderAuthHanlder(); + providerAuthHanlder.handle(invocation, asyncResp); + Assert.assertTrue(true); + } +} diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java new file mode 100644 index 00000000000..4f95385e94d --- /dev/null +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java @@ -0,0 +1,35 @@ +package io.servicecomb.authentication; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; + +import org.junit.Assert; +import org.junit.Test; + +import io.servicecomb.foundation.common.utils.RSAUtils; + + +public class TestRSAAuthenticationToken { + + + @Test + public void testRSAAuthenticationToken() + throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException { + String tokenstr = + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); + String contents = token.plainToken(); + Assert.assertEquals( + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ", + contents); + String sign = token.getSign(); + Assert.assertEquals( + "WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk=", + sign); + String pubKey = + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; + Assert.assertTrue(RSAUtils.verify(pubKey, sign, contents)); + } +} diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java new file mode 100644 index 00000000000..fe1b3635584 --- /dev/null +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java @@ -0,0 +1,83 @@ +package io.servicecomb.authentication; + +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import io.servicecomb.authentication.consumer.RSACoumserTokenManager; +import io.servicecomb.authentication.provider.RSAProviderTokenManager; +import io.servicecomb.foundation.common.utils.RSAKeyPairEntry; +import io.servicecomb.foundation.common.utils.RSAUtils; +import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.serviceregistry.api.Const; +import io.servicecomb.serviceregistry.api.registry.Microservice; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; + +@RunWith(PowerMockRunner.class) +@PrepareForTest({MicroserviceInstanceCache.class, RegistryUtils.class}) +public class TestRSAProviderTokenManager { + + + @Test + public void testTokenExpried() { + String tokenStr = + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + RSAProviderTokenManager tokenManager = new RSAProviderTokenManager(); + PowerMockito.mockStatic(MicroserviceInstanceCache.class); + MicroserviceInstance microserviceInstance = new MicroserviceInstance(); + Map properties = new HashMap(); + microserviceInstance.setProperties(properties); + properties.put(Const.INSTANCE_PUBKEY_PRO, + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"); + PowerMockito + .when(MicroserviceInstanceCache.getOrCreate("c8636e5acf1f11e7b701286ed488fc20", + "e8a04b54cf2711e7b701286ed488fc20")) + .thenReturn(microserviceInstance); + Assert.assertFalse(tokenManager.valid(tokenStr)); + } + + @Test + public void testTokenFromVaidatePool() { + RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.getRSAKeyPair(); + RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey()); + RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey()); + RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded()); + String serviceId = "c8636e5acf1f11e7b701286ed488fc20"; + String instanceId = "e8a04b54cf2711e7b701286ed488fc20"; + RSACoumserTokenManager rsaCoumserTokenManager = new RSACoumserTokenManager(); + MicroserviceInstance microserviceInstance = new MicroserviceInstance(); + microserviceInstance.setInstanceId(instanceId); + Map properties = new HashMap(); + microserviceInstance.setProperties(properties); + properties.put(Const.INSTANCE_PUBKEY_PRO, rsaKeyPairEntry.getPublicKeyEncoded()); + Microservice microservice = new Microservice(); + microservice.setServiceId(serviceId); + PowerMockito.mockStatic(RegistryUtils.class); + PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); + PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); + + //Test Consumer first create token + String token = rsaCoumserTokenManager.getToken(); + Assert.assertNotNull(token); + // use cache token + Assert.assertEquals(token, rsaCoumserTokenManager.getToken()); + + PowerMockito.mockStatic(MicroserviceInstanceCache.class); + PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(microserviceInstance); + RSAProviderTokenManager rsaProviderTokenManager = new RSAProviderTokenManager(); + //first validate need to verify use RSA + Assert.assertTrue(rsaProviderTokenManager.valid(token)); + // second validate use validated pool + PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(null); + Assert.assertTrue(rsaProviderTokenManager.valid(token)); + } + +} diff --git a/handlers/handler-auth/src/test/resources/log4j.properties b/handlers/handler-publickey-auth/src/test/resources/log4j.properties similarity index 100% rename from handlers/handler-auth/src/test/resources/log4j.properties rename to handlers/handler-publickey-auth/src/test/resources/log4j.properties diff --git a/handlers/pom.xml b/handlers/pom.xml index 923960abbf3..ad6913c2ca5 100644 --- a/handlers/pom.xml +++ b/handlers/pom.xml @@ -34,7 +34,7 @@ handler-bizkeeper handler-flowcontrol-qps handler-loadbalance - handler-auth + handler-publickey-auth diff --git a/samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml b/samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml deleted file mode 100644 index f34ddb79034..00000000000 --- a/samples/auth-sample/auth-consumer/src/main/resources/META-INF/spring/pojo.consumer.bean.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/samples/auth-sample/auth-consumer/src/main/resources/config/log4j.demo.properties b/samples/auth-sample/auth-consumer/src/main/resources/config/log4j.properties similarity index 100% rename from samples/auth-sample/auth-consumer/src/main/resources/config/log4j.demo.properties rename to samples/auth-sample/auth-consumer/src/main/resources/config/log4j.properties diff --git a/samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml b/samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml deleted file mode 100644 index be8ea88dda4..00000000000 --- a/samples/auth-sample/auth-consumer/src/main/resources/microservices/hello/hello.yaml +++ /dev/null @@ -1,55 +0,0 @@ -swagger: '2.0' -info: - title: hello - version: 1.0.0 - x-java-interface: io.servicecomb.samples.springmvc.Hello -basePath: /pojo/rest/hello -produces: - - application/json - -paths: - /sayhi: - post: - operationId: sayHi - parameters: - - name: name - in: body - required: true - schema: - type: string - responses: - 200: - description: 正确返回 - schema: - type: string - default: - description: 默认返回 - schema: - type: string - /sayhello: - post: - operationId: sayHello - parameters: - - name: person - in: body - required: true - schema: - $ref: "#/definitions/Person" - responses: - 200: - description: 正确返回 - schema: - type: string - default: - description: 默认返回 - schema: - type: string -definitions: - Person: - type: "object" - properties: - name: - type: "string" - description: "person name" - xml: - name: "Person" \ No newline at end of file diff --git a/samples/auth-sample/auth-provider/src/main/resources/config/log4j.demo.properties b/samples/auth-sample/auth-provider/src/main/resources/config/log4j.properties similarity index 100% rename from samples/auth-sample/auth-provider/src/main/resources/config/log4j.demo.properties rename to samples/auth-sample/auth-provider/src/main/resources/config/log4j.properties diff --git a/samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml b/samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml deleted file mode 100644 index be8ea88dda4..00000000000 --- a/samples/auth-sample/auth-provider/src/main/resources/microservices/hello/hello.yaml +++ /dev/null @@ -1,55 +0,0 @@ -swagger: '2.0' -info: - title: hello - version: 1.0.0 - x-java-interface: io.servicecomb.samples.springmvc.Hello -basePath: /pojo/rest/hello -produces: - - application/json - -paths: - /sayhi: - post: - operationId: sayHi - parameters: - - name: name - in: body - required: true - schema: - type: string - responses: - 200: - description: 正确返回 - schema: - type: string - default: - description: 默认返回 - schema: - type: string - /sayhello: - post: - operationId: sayHello - parameters: - - name: person - in: body - required: true - schema: - $ref: "#/definitions/Person" - responses: - 200: - description: 正确返回 - schema: - type: string - default: - description: 默认返回 - schema: - type: string -definitions: - Person: - type: "object" - properties: - name: - type: "string" - description: "person name" - xml: - name: "Person" \ No newline at end of file diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java similarity index 88% rename from service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java rename to service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java index 6f550820165..a65b8e18b3a 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroInstanceResponse.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java @@ -2,7 +2,7 @@ import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; -public class MicroInstanceResponse { +public class MicroserviceInstanceResponse { private MicroserviceInstance instance; diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java index a094a572228..df35a5b84bb 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java @@ -49,7 +49,7 @@ import io.servicecomb.serviceregistry.api.response.GetSchemaResponse; import io.servicecomb.serviceregistry.api.response.GetServiceResponse; import io.servicecomb.serviceregistry.api.response.HeartbeatResponse; -import io.servicecomb.serviceregistry.api.response.MicroInstanceResponse; +import io.servicecomb.serviceregistry.api.response.MicroserviceInstanceResponse; import io.servicecomb.serviceregistry.api.response.MicroserviceInstanceChangedEvent; import io.servicecomb.serviceregistry.api.response.RegisterInstanceResponse; import io.servicecomb.serviceregistry.client.ClientException; @@ -633,12 +633,12 @@ public boolean updateInstanceProperties(String microserviceId, String microservi @Override public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { try { - Holder holder = new Holder<>(); + Holder holder = new Holder<>(); IpPort ipPort = ipPortManager.getAvailableAddress(false); CountDownLatch countDownLatch = new CountDownLatch(1); RestUtils.get(ipPort, String.format(Const.REGISTRY_API.MICROSERVICE_INSTANCE_OPERATION_ONE, serviceId, instanceId), - new RequestParam().addHeader("X-ConsumerId", serviceId), syncHandler(countDownLatch, MicroInstanceResponse.class, holder)); + new RequestParam().addHeader("X-ConsumerId", serviceId), syncHandler(countDownLatch, MicroserviceInstanceResponse.class, holder)); countDownLatch.await(); if(null != holder.value) { diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index 08bde597977..eff0560e023 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -71,7 +71,7 @@ protected boolean doRegister() { microserviceInstance.getHealthCheck().setInterval(serviceRegistryConfig.getHeartbeatInterval()); microserviceInstance.getHealthCheck().setTimes(serviceRegistryConfig.getResendHeartBeatTimes()); - Optional.ofNullable(RSAKeypair4Auth.INSTANCE.getPublicKey()).ifPresent( + Optional.ofNullable(RSAKeypair4Auth.INSTANCE.getPublicKeyEncoded()).ifPresent( publicKey -> microserviceInstance.getProperties().put( Const.INSTANCE_PUBKEY_PRO, publicKey)); From eacffc4e5efa34f8dc12527cb68a7fc5f2831862 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Sat, 25 Nov 2017 17:29:14 +0800 Subject: [PATCH 15/28] =?UTF-8?q?=E6=A0=B9=E6=8D=AE=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E6=84=8F=E8=A7=81=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- handlers/handler-publickey-auth/pom.xml | 2 +- java-chassis-dependencies/pom.xml | 2 +- samples/auth-sample/auth-consumer/pom.xml | 2 +- .../springmvc/consumer/AuthConsumerMain.java | 49 +++++++++---------- samples/auth-sample/auth-provider/pom.xml | 2 +- 5 files changed, 28 insertions(+), 29 deletions(-) diff --git a/handlers/handler-publickey-auth/pom.xml b/handlers/handler-publickey-auth/pom.xml index cd255678af7..2ffb8f692d5 100644 --- a/handlers/handler-publickey-auth/pom.xml +++ b/handlers/handler-publickey-auth/pom.xml @@ -23,7 +23,7 @@ 0.4.1-SNAPSHOT - handler-auth + handler-publickey-auth UTF-8 diff --git a/java-chassis-dependencies/pom.xml b/java-chassis-dependencies/pom.xml index a7f38eff455..cabfac75f09 100644 --- a/java-chassis-dependencies/pom.xml +++ b/java-chassis-dependencies/pom.xml @@ -767,7 +767,7 @@ io.servicecomb - handler-auth + handler-publickey-auth 0.4.1-SNAPSHOT diff --git a/samples/auth-sample/auth-consumer/pom.xml b/samples/auth-sample/auth-consumer/pom.xml index 659f1bc3467..7f7bedf1890 100644 --- a/samples/auth-sample/auth-consumer/pom.xml +++ b/samples/auth-sample/auth-consumer/pom.xml @@ -45,7 +45,7 @@ io.servicecomb - handler-auth + handler-publickey-auth org.slf4j diff --git a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java index e0f6014ca35..8f348904b15 100644 --- a/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java +++ b/samples/auth-sample/auth-consumer/src/main/java/io/servicecomb/samples/springmvc/consumer/AuthConsumerMain.java @@ -21,36 +21,35 @@ import io.servicecomb.samples.common.schema.models.Person; import org.springframework.stereotype.Component; +import org.springframework.util.Assert; import org.springframework.web.client.RestTemplate; @Component public class AuthConsumerMain { - private static RestTemplate restTemplate = RestTemplateBuilder.create(); + private static RestTemplate restTemplate = RestTemplateBuilder.create(); - public static void main(String[] args) throws Exception { - init(); - for (int i = 0; i < 2; i++) { - Person person = new Person(); - person.setName("ServiceComb/Authenticate"); - System.out - .println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); - String sayHiResult = restTemplate - .postForObject( - "cse://auth-provider/springmvchello/sayhi?name=Authenticate", - null, String.class); - String sayHelloResult = restTemplate.postForObject( - "cse://auth-provider/springmvchello/sayhello", person, - String.class); - System.out.println("RestTemplate consumer sayhi services: " - + sayHiResult); - System.out.println("RestTemplate consumer sayhello services: " - + sayHelloResult); - } - } + public static void main(String[] args) throws Exception { + init(); + Person person = new Person(); + person.setName("ServiceComb/Authenticate"); + System.out + .println("RestTemplate Consumer or POJO Consumer. You can choose whatever you like."); + String sayHiResult = restTemplate + .postForObject( + "cse://auth-provider/springmvchello/sayhi?name=Authenticate", + null, + String.class); + String sayHelloResult = restTemplate.postForObject( + "cse://auth-provider/springmvchello/sayhello", + person, + String.class); + Assert.isTrue("Hello Authenticate".equals(sayHiResult)); + Assert.isTrue("Hello person ServiceComb/Authenticate".equals(sayHelloResult)); + } - public static void init() throws Exception { - Log4jUtils.init(); - BeanUtils.init(); - } + public static void init() throws Exception { + Log4jUtils.init(); + BeanUtils.init(); + } } diff --git a/samples/auth-sample/auth-provider/pom.xml b/samples/auth-sample/auth-provider/pom.xml index 439474f25b6..713850339f1 100644 --- a/samples/auth-sample/auth-provider/pom.xml +++ b/samples/auth-sample/auth-provider/pom.xml @@ -34,7 +34,7 @@ io.servicecomb - handler-auth + handler-publickey-auth io.servicecomb From 5f288e67b683aa3d87a6209ea5c8f38c215628e3 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Sat, 25 Nov 2017 18:39:13 +0800 Subject: [PATCH 16/28] =?UTF-8?q?=E6=A0=B9=E6=8D=AE=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E6=84=8F=E8=A7=81=E4=BF=AE=E6=94=B9=20=E5=A2=9E=E5=8A=A0UT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../servicecomb/foundation/common/utils/RSAUtils.java | 4 +++- .../common/utils/TestRollingFileAppenderExt.java | 1 - .../src/main/java/io/servicecomb/AuthHandlerBoot.java | 3 +++ .../authentication/consumer/ConsumerAuthHandler.java | 2 +- .../task/MicroserviceInstanceRegisterTask.java | 8 -------- .../client/LocalServiceRegistryClientImplTest.java | 10 ++++++++++ 6 files changed, 17 insertions(+), 11 deletions(-) diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java index fe3e69e29d3..108619fddda 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -19,6 +19,8 @@ public class RSAUtils { private final static String RSA_ALG = "RSA"; private final static String SIGN_ALG = "SHA256withRSA"; + + private final static int KEY_SIZE = 2048; private static Base64.Encoder encoder = Base64.getEncoder(); @@ -27,7 +29,7 @@ public class RSAUtils { public static RSAKeyPairEntry getRSAKeyPair() { try { KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(RSA_ALG); - keyGenerator.initialize(1024, new SecureRandom()); + keyGenerator.initialize(KEY_SIZE, new SecureRandom()); KeyPair keyPair = keyGenerator.generateKeyPair(); PublicKey pubKey = keyPair.getPublic(); PrivateKey privKey = keyPair.getPrivate(); diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java index db58b6e88ad..b8b5d08934d 100644 --- a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRollingFileAppenderExt.java @@ -22,7 +22,6 @@ import org.apache.log4j.spi.LoggingEvent; import org.junit.Assert; import org.junit.Test; -import org.junit.runners.Parameterized.Parameters; import mockit.Expectations; import mockit.Injectable; diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java index 91883101ec7..9ca9a5e3763 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -4,6 +4,8 @@ import io.servicecomb.foundation.common.utils.RSAKeyPairEntry; import io.servicecomb.foundation.common.utils.RSAUtils; import io.servicecomb.foundation.token.RSAKeypair4Auth; +import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.serviceregistry.api.Const; import org.springframework.stereotype.Component; @@ -24,6 +26,7 @@ public void onBootEvent(BootEvent event) { RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey()); RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey()); RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded()); + RegistryUtils.getMicroserviceInstance().getProperties().put(Const.INSTANCE_PUBKEY_PRO, rsaKeyPairEntry.getPublicKeyEncoded()); } } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java index 5c264f32f04..ad6bbed4246 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -24,7 +24,7 @@ public void handle(Invocation invocation, AsyncResponse asyncResp) throws Except if(!token.isPresent()) { asyncResp.consumerFail( - new Error("rejected by consumer authentication handler")); + new IllegalStateException("rejected by consumer authentication handler")); } invocation.addContext(Const.AUTH_TOKEN, token.get()); invocation.next(asyncResp); diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java index eff0560e023..8e886070c14 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/task/MicroserviceInstanceRegisterTask.java @@ -15,8 +15,6 @@ */ package io.servicecomb.serviceregistry.task; -import java.util.Optional; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.StringUtils; @@ -24,9 +22,7 @@ import com.google.common.eventbus.EventBus; import com.google.common.eventbus.Subscribe; -import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.serviceregistry.RegistryUtils; -import io.servicecomb.serviceregistry.api.Const; import io.servicecomb.serviceregistry.api.registry.Microservice; import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; import io.servicecomb.serviceregistry.client.ServiceRegistryClient; @@ -71,10 +67,6 @@ protected boolean doRegister() { microserviceInstance.getHealthCheck().setInterval(serviceRegistryConfig.getHeartbeatInterval()); microserviceInstance.getHealthCheck().setTimes(serviceRegistryConfig.getResendHeartBeatTimes()); - Optional.ofNullable(RSAKeypair4Auth.INSTANCE.getPublicKeyEncoded()).ifPresent( - publicKey -> microserviceInstance.getProperties().put( - Const.INSTANCE_PUBKEY_PRO, publicKey)); - String instanceId = srClient.registerMicroserviceInstance(microserviceInstance); if (StringUtils.isEmpty(instanceId)) { LOGGER.error("Register microservice instance failed. microserviceId={}", diff --git a/service-registry/src/test/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImplTest.java b/service-registry/src/test/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImplTest.java index e6b8ae582fc..6cb4b4b4de9 100644 --- a/service-registry/src/test/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImplTest.java +++ b/service-registry/src/test/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImplTest.java @@ -145,4 +145,14 @@ public void registerSchema_normal() { Assert.assertTrue(registryClient.registerSchema(v1.getServiceId(), "sid", "content")); } + + @Test + public void testFindServiceInstance() + { + Microservice microservice = mockRegisterMicroservice(appId, microserviceName, "1.0.0"); + MicroserviceInstance instance = new MicroserviceInstance(); + instance.setServiceId(microservice.getServiceId()); + String instanceId = registryClient.registerMicroserviceInstance(instance); + Assert.assertNotNull(registryClient.findServiceInstance(microservice.getServiceId(), instanceId)); + } } From 8743f7075f0d3496bc839c1c581c5d42bd391ff3 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Mon, 27 Nov 2017 11:04:40 +0800 Subject: [PATCH 17/28] 1. format code 2. fix ut --- .../common/utils/RSAKeyPairEntry.java | 9 ++++---- .../authentication/TestAuthHandlerBoot.java | 23 +++++++++++++++---- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java index f5bc7efa4ba..52e280e463f 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java @@ -4,15 +4,14 @@ import java.security.PublicKey; public final class RSAKeyPairEntry { - + private PrivateKey privateKey; private PublicKey publicKey; - + private String publicKeyEncoded; - - public RSAKeyPairEntry(PrivateKey privateKey, PublicKey publicKey, String publicKeyEncoded) - { + + public RSAKeyPairEntry(PrivateKey privateKey, PublicKey publicKey, String publicKeyEncoded) { this.privateKey = privateKey; this.publicKey = publicKey; this.publicKeyEncoded = publicKeyEncoded; diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java index 3841d67c66b..f91f3ccc09a 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java @@ -1,18 +1,33 @@ package io.servicecomb.authentication; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + import io.servicecomb.AuthHandlerBoot; import io.servicecomb.core.BootListener; import io.servicecomb.core.BootListener.BootEvent; import io.servicecomb.foundation.token.RSAKeypair4Auth; - -import org.junit.Assert; -import org.junit.Test; - +import io.servicecomb.serviceregistry.RegistryUtils; +import io.servicecomb.serviceregistry.api.registry.Microservice; +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; +@RunWith(PowerMockRunner.class) +@PrepareForTest(RegistryUtils.class) public class TestAuthHandlerBoot { @Test public void testGenerateRSAKey() { + MicroserviceInstance microserviceInstance = new MicroserviceInstance(); + Microservice microservice = new Microservice(); + microservice.setIntance(microserviceInstance); + PowerMockito.mockStatic(RegistryUtils.class); + PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); + PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); + AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot(); BootEvent bootEvent = new BootEvent(); bootEvent.setEventType(BootListener.EventType.BEFORE_REGISTRY); From 8923c22d07924df1b2a5eb05367c6edcc803ae7a Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Mon, 27 Nov 2017 15:54:52 +0800 Subject: [PATCH 18/28] 1. add ut 2. fix bug --- .../consumer/ConsumerAuthHandler.java | 1 + .../TestConsumerAuthHandler.java | 17 +++++++++-- .../TestRSAAuthenticationToken.java | 28 +++++++++++++++++++ .../http/TestServiceRegistryClientImpl.java | 7 +++++ 4 files changed, 50 insertions(+), 3 deletions(-) diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java index ad6bbed4246..f9682052023 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -25,6 +25,7 @@ public void handle(Invocation invocation, AsyncResponse asyncResp) throws Except { asyncResp.consumerFail( new IllegalStateException("rejected by consumer authentication handler")); + return ; } invocation.addContext(Const.AUTH_TOKEN, token.get()); invocation.next(asyncResp); diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java index e857aba4939..3e60ffaa4f2 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -20,19 +20,30 @@ public class TestConsumerAuthHandler { @Test public void testHandler() throws Exception { - + tokenManager = Mockito.mock(RSACoumserTokenManager.class); + Mockito.when(tokenManager.getToken()).thenReturn("testtoken"); ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); consumerAuthHandler.setAuthenticationTokenManager(tokenManager); consumerAuthHandler.handle(invocation, asyncResp); Assert.assertTrue(true); } + + + @Test + public void testHandlerException() throws Exception { + tokenManager = Mockito.mock(RSACoumserTokenManager.class); + Mockito.when(tokenManager.getToken()).thenReturn(null); + ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); + consumerAuthHandler.setAuthenticationTokenManager(tokenManager); + consumerAuthHandler.handle(invocation, asyncResp); + + } @Before public void setUp() throws Exception { invocation = Mockito.mock(Invocation.class); asyncResp = Mockito.mock(AsyncResponse.class); - tokenManager = Mockito.mock(RSACoumserTokenManager.class); - Mockito.when(tokenManager.getToken()).thenReturn("testtoken"); + } } diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java index 4f95385e94d..70afc908973 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java @@ -32,4 +32,32 @@ public void testRSAAuthenticationToken() "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; Assert.assertTrue(RSAUtils.verify(pubKey, sign, contents)); } + + + @Test + public void testRSAAuthenticationTokenError() + { + String tokenstr = + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); + Assert.assertNull(token); + } + + + @Test + public void testEqual() + { + String tokenstr = + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); + Assert.assertNotEquals(token, null); + RSAAuthenticationToken token2 = RSAAuthenticationToken.fromStr("e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk"); + Assert.assertNotEquals(token2, token); + + RSAAuthenticationToken token3 = RSAAuthenticationToken.fromStr("e8a0a4b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk"); + Assert.assertNotEquals(token3, token); + + RSAAuthenticationToken token4 = RSAAuthenticationToken.fromStr("e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="); + Assert.assertEquals(token4, token); + } } diff --git a/service-registry/src/test/java/io/servicecomb/serviceregistry/client/http/TestServiceRegistryClientImpl.java b/service-registry/src/test/java/io/servicecomb/serviceregistry/client/http/TestServiceRegistryClientImpl.java index 43835b7cfba..2dd6227fa09 100644 --- a/service-registry/src/test/java/io/servicecomb/serviceregistry/client/http/TestServiceRegistryClientImpl.java +++ b/service-registry/src/test/java/io/servicecomb/serviceregistry/client/http/TestServiceRegistryClientImpl.java @@ -248,4 +248,11 @@ void doRun(java.util.List events) { } }.run(); } + + + @Test + public void testFindServiceInstance() + { + Assert.assertNull(oClient.findServiceInstance("aaa","bbb")); + } } From d1fbfe5d12b867dc677d3889b64bd45b75613db8 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Mon, 27 Nov 2017 20:27:47 +0800 Subject: [PATCH 19/28] =?UTF-8?q?=E5=A2=9E=E5=8A=A0coverage=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- coverage-reports/pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/coverage-reports/pom.xml b/coverage-reports/pom.xml index 19f9815f2ed..15ba758b5a6 100644 --- a/coverage-reports/pom.xml +++ b/coverage-reports/pom.xml @@ -62,6 +62,10 @@ io.servicecomb handler-loadbalance + + io.servicecomb + handler-publickey-auth + io.servicecomb handler-flowcontrol-qps From 8fb76d7134779cf4ab632ec37ee6ec6aaa036d3a Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Mon, 27 Nov 2017 21:28:19 +0800 Subject: [PATCH 20/28] add IT --- integration-tests/auth-handler-tests/pom.xml | 20 +++++++++++++++ .../authentication/AuthProviderMain.java | 13 ++++++++++ .../servicecomb/authentication/BaseTest.java | 25 +++++++++++++++++++ .../src/test/resources/microservice.yaml | 14 +++++++++++ integration-tests/pom.xml | 7 +++--- 5 files changed, 75 insertions(+), 4 deletions(-) create mode 100644 integration-tests/auth-handler-tests/pom.xml create mode 100644 integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java create mode 100644 integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java create mode 100644 integration-tests/auth-handler-tests/src/test/resources/microservice.yaml diff --git a/integration-tests/auth-handler-tests/pom.xml b/integration-tests/auth-handler-tests/pom.xml new file mode 100644 index 00000000000..54e7552594d --- /dev/null +++ b/integration-tests/auth-handler-tests/pom.xml @@ -0,0 +1,20 @@ + + + 4.0.0 + + io.servicecomb.tests + integration-tests + 0.4.1-SNAPSHOT + + io.servicecomb.tests + auth-handler-tests + 0.4.1-SNAPSHOT + auth-handler-tests + http://maven.apache.org + + UTF-8 + + + + diff --git a/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java b/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java new file mode 100644 index 00000000000..12abb6a216a --- /dev/null +++ b/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java @@ -0,0 +1,13 @@ +package io.servicecomb.authentication; + +import io.servicecomb.foundation.common.utils.BeanUtils; +import io.servicecomb.foundation.common.utils.Log4jUtils; + +public class AuthProviderMain { + + public static void main(String[] args) throws Exception { + Log4jUtils.init(); + BeanUtils.init(); + } + +} diff --git a/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java b/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java new file mode 100644 index 00000000000..e2c4876c749 --- /dev/null +++ b/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java @@ -0,0 +1,25 @@ +package io.servicecomb.authentication; + +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.springframework.context.event.ContextClosedEvent; + +import io.servicecomb.core.CseApplicationListener; +import io.servicecomb.foundation.common.utils.BeanUtils; + +public class BaseTest { + + + @BeforeClass + public static void init() throws Exception + { + AuthProviderMain.main(new String[0]); + } + + @AfterClass + public static void shutdown() throws Exception { + CseApplicationListener cal = BeanUtils.getBean("io.servicecomb.core.CseApplicationListener"); + ContextClosedEvent event = new ContextClosedEvent(BeanUtils.getContext()); + cal.onApplicationEvent(event); + } +} diff --git a/integration-tests/auth-handler-tests/src/test/resources/microservice.yaml b/integration-tests/auth-handler-tests/src/test/resources/microservice.yaml new file mode 100644 index 00000000000..f7aea0912e3 --- /dev/null +++ b/integration-tests/auth-handler-tests/src/test/resources/microservice.yaml @@ -0,0 +1,14 @@ +APPLICATION_ID: auth-handle-it +service_description: + name: springmvc + version: 0.0.2 +cse: + service: + registry: + address: http://127.0.0.1:30100 + rest: + address: 0.0.0.0:8080 + handler: + chain: + Provider: + default: auth-provider diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index c5e8dff11b0..ab99d7e787c 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -1,7 +1,5 @@ - + io.servicecomb java-chassis-parent @@ -24,6 +22,7 @@ spring-springmvc-tests spring-zuul-tracing-tests spring-pojo-tests + auth-handler-tests @@ -100,4 +99,4 @@ - + \ No newline at end of file From 1647eb2728ea7e8d0610bb63ea6aa5859a4c308c Mon Sep 17 00:00:00 2001 From: coolhongluo Date: Mon, 27 Nov 2017 23:08:02 +0800 Subject: [PATCH 21/28] =?UTF-8?q?=E4=BD=BF=E7=94=A8PowerMock=E5=BD=B1?= =?UTF-8?q?=E5=93=8D=E8=A6=86=E7=9B=96=E7=8E=87=E7=BB=9F=E8=AE=A1=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../authentication/TestAuthHandlerBoot.java | 24 ++++----- .../TestRSAProviderTokenManager.java | 50 ++++++++++--------- 2 files changed, 38 insertions(+), 36 deletions(-) diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java index f91f3ccc09a..d02ec9ab4ea 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java @@ -1,12 +1,5 @@ package io.servicecomb.authentication; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - import io.servicecomb.AuthHandlerBoot; import io.servicecomb.core.BootListener; import io.servicecomb.core.BootListener.BootEvent; @@ -14,8 +7,10 @@ import io.servicecomb.serviceregistry.RegistryUtils; import io.servicecomb.serviceregistry.api.registry.Microservice; import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; -@RunWith(PowerMockRunner.class) -@PrepareForTest(RegistryUtils.class) +import mockit.Expectations; + +import org.junit.Assert; +import org.junit.Test; public class TestAuthHandlerBoot { @@ -24,9 +19,14 @@ public void testGenerateRSAKey() { MicroserviceInstance microserviceInstance = new MicroserviceInstance(); Microservice microservice = new Microservice(); microservice.setIntance(microserviceInstance); - PowerMockito.mockStatic(RegistryUtils.class); - PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); - PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); + new Expectations(RegistryUtils.class) + { + { + + RegistryUtils.getMicroserviceInstance(); + result = microserviceInstance; + } + }; AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot(); BootEvent bootEvent = new BootEvent(); diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java index fe1b3635584..4308a448732 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java @@ -1,15 +1,5 @@ package io.servicecomb.authentication; -import java.util.HashMap; -import java.util.Map; - -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - import io.servicecomb.authentication.consumer.RSACoumserTokenManager; import io.servicecomb.authentication.provider.RSAProviderTokenManager; import io.servicecomb.foundation.common.utils.RSAKeyPairEntry; @@ -21,8 +11,14 @@ import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; import io.servicecomb.serviceregistry.cache.MicroserviceInstanceCache; -@RunWith(PowerMockRunner.class) -@PrepareForTest({MicroserviceInstanceCache.class, RegistryUtils.class}) +import java.util.HashMap; +import java.util.Map; + +import mockit.Expectations; + +import org.junit.Assert; +import org.junit.Test; + public class TestRSAProviderTokenManager { @@ -31,16 +27,11 @@ public void testTokenExpried() { String tokenStr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; RSAProviderTokenManager tokenManager = new RSAProviderTokenManager(); - PowerMockito.mockStatic(MicroserviceInstanceCache.class); MicroserviceInstance microserviceInstance = new MicroserviceInstance(); Map properties = new HashMap(); microserviceInstance.setProperties(properties); properties.put(Const.INSTANCE_PUBKEY_PRO, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"); - PowerMockito - .when(MicroserviceInstanceCache.getOrCreate("c8636e5acf1f11e7b701286ed488fc20", - "e8a04b54cf2711e7b701286ed488fc20")) - .thenReturn(microserviceInstance); Assert.assertFalse(tokenManager.valid(tokenStr)); } @@ -60,23 +51,34 @@ public void testTokenFromVaidatePool() { properties.put(Const.INSTANCE_PUBKEY_PRO, rsaKeyPairEntry.getPublicKeyEncoded()); Microservice microservice = new Microservice(); microservice.setServiceId(serviceId); - PowerMockito.mockStatic(RegistryUtils.class); - PowerMockito.when(RegistryUtils.getMicroservice()).thenReturn(microservice); - PowerMockito.when(RegistryUtils.getMicroserviceInstance()).thenReturn(microserviceInstance); + new Expectations(RegistryUtils.class) + { + { + RegistryUtils.getMicroservice(); + result = microservice; + RegistryUtils.getMicroserviceInstance(); + result = microserviceInstance; + + } + }; //Test Consumer first create token String token = rsaCoumserTokenManager.getToken(); Assert.assertNotNull(token); // use cache token Assert.assertEquals(token, rsaCoumserTokenManager.getToken()); - - PowerMockito.mockStatic(MicroserviceInstanceCache.class); - PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(microserviceInstance); + new Expectations(MicroserviceInstanceCache.class) + { + { + MicroserviceInstanceCache.getOrCreate(serviceId, instanceId); + result = microserviceInstance; + + } + }; RSAProviderTokenManager rsaProviderTokenManager = new RSAProviderTokenManager(); //first validate need to verify use RSA Assert.assertTrue(rsaProviderTokenManager.valid(token)); // second validate use validated pool - PowerMockito.when(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)).thenReturn(null); Assert.assertTrue(rsaProviderTokenManager.valid(token)); } From 42be7b5ca99e5022d90f758dabdeef57f0ac1eef Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Tue, 28 Nov 2017 19:58:31 +0800 Subject: [PATCH 22/28] =?UTF-8?q?=E6=A0=B9=E6=8D=AE=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E6=84=8F=E8=A7=81=E4=BF=AE=E6=94=B9=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../foundation/common/utils/RSAUtils.java | 58 ++++++++++++++++- .../foundation/common/utils/TestRSAUtil.java | 65 ++++++++++++------- .../java/io/servicecomb/AuthHandlerBoot.java | 17 ++++- .../RSAAuthenticationToken.java | 30 +++++++-- .../consumer/ConsumerAuthHandler.java | 19 +++++- ...ager.java => RSAConsumerTokenManager.java} | 33 +++++++--- .../provider/ProviderAuthHanlder.java | 15 +++++ .../provider/RSAProviderTokenManager.java | 51 ++++++++++----- .../authentication/TestAuthHandlerBoot.java | 31 ++++++--- .../TestConsumerAuthHandler.java | 31 ++++++--- .../TestProviderAuthHanlder.java | 15 +++++ .../TestRSAAuthenticationToken.java | 42 ++++++++---- .../TestRSAProviderTokenManager.java | 51 +++++++++------ integration-tests/auth-handler-tests/pom.xml | 20 ------ .../authentication/AuthProviderMain.java | 13 ---- .../servicecomb/authentication/BaseTest.java | 25 ------- .../src/test/resources/microservice.yaml | 14 ---- integration-tests/pom.xml | 1 - 18 files changed, 347 insertions(+), 184 deletions(-) rename handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/{RSACoumserTokenManager.java => RSAConsumerTokenManager.java} (73%) delete mode 100644 integration-tests/auth-handler-tests/pom.xml delete mode 100644 integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java delete mode 100644 integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java delete mode 100644 integration-tests/auth-handler-tests/src/test/resources/microservice.yaml diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java index 108619fddda..9ddc6a80ab8 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.foundation.common.utils; import java.security.InvalidKeyException; @@ -14,7 +29,12 @@ import java.security.spec.X509EncodedKeySpec; import java.util.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + public class RSAUtils { + + private final static Logger LOGGER = LoggerFactory.getLogger(RSAUtils.class); private final static String RSA_ALG = "RSA"; @@ -25,8 +45,21 @@ public class RSAUtils { private static Base64.Encoder encoder = Base64.getEncoder(); private static Base64.Decoder decoder = Base64.getDecoder(); + + private static KeyFactory kf = null; + + static { + + try + { + kf = KeyFactory.getInstance(RSA_ALG); + }catch(NoSuchAlgorithmException e) + { + LOGGER.error("init keyfactory error"); + } + } - public static RSAKeyPairEntry getRSAKeyPair() { + public static RSAKeyPairEntry generateRSAKeyPair() { try { KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(RSA_ALG); keyGenerator.initialize(KEY_SIZE, new SecureRandom()); @@ -35,10 +68,14 @@ public static RSAKeyPairEntry getRSAKeyPair() { PrivateKey privKey = keyPair.getPrivate(); return new RSAKeyPairEntry(privKey, pubKey, encoder.encodeToString(pubKey.getEncoded())); } catch (NoSuchAlgorithmException e) { - throw new Error(e); + LOGGER.error("generate rsa keypair faild"); + throw new IllegalStateException("perhaps error occurred on jre"); } } + /** + * if has performance problem ,change Signature to ThreadLocal instance + */ public static String sign(String content, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException { Signature signature = Signature.getInstance(SIGN_ALG); @@ -48,11 +85,26 @@ public static String sign(String content, PrivateKey privateKey) return encoder.encodeToString(signByte); } + /** + * + * if has performance problem ,change Signature to ThreadLocal instance + * @param publicKey public key after base64 encode + * @param sign 签名 + * @param content original content + * @return verify result + * @throws NoSuchAlgorithmException + * @throws InvalidKeySpecException + * @throws InvalidKeyException + * @throws SignatureException + */ public static boolean verify(String publicKey, String sign, String content) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException { + if (null == kf ) + { + throw new NoSuchAlgorithmException(RSA_ALG + " KeyFactory not available"); + } byte[] bytes = decoder.decode(publicKey); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); - KeyFactory kf = KeyFactory.getInstance(RSA_ALG); PublicKey pubKey = kf.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGN_ALG); signature.initVerify(pubKey); diff --git a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java index 515aaf338f5..72a27d6d236 100644 --- a/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java +++ b/foundations/foundation-common/src/test/java/io/servicecomb/foundation/common/utils/TestRSAUtil.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.foundation.common.utils; import java.security.InvalidKeyException; @@ -10,27 +25,31 @@ public class TestRSAUtil { - @Test - public void testSignVerify() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException - { - RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.getRSAKeyPair(); - - Assert.assertNotNull(rsaKeyPairEntry.getPublicKeyEncoded()); - Assert.assertNotNull(rsaKeyPairEntry.getPrivateKey()); - Assert.assertNotNull(rsaKeyPairEntry.getPublicKey()); - String testContent = "instance-id@201711201930@randomstr"; - String signstr = RSAUtils.sign(testContent, rsaKeyPairEntry.getPrivateKey()); - Assert.assertTrue(RSAUtils.verify(rsaKeyPairEntry.getPublicKeyEncoded(), signstr, testContent)); - - } - - @Test - public void testSignVerify2() throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException - { - String sign = "WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; - String content = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ"; - String pubKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; - Assert.assertTrue(RSAUtils.verify(pubKey, sign, content)); - - } + @Test + public void testSignVerify() + throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException { + RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.generateRSAKeyPair(); + + Assert.assertNotNull(rsaKeyPairEntry.getPublicKeyEncoded()); + Assert.assertNotNull(rsaKeyPairEntry.getPrivateKey()); + Assert.assertNotNull(rsaKeyPairEntry.getPublicKey()); + String testContent = "instance-id@201711201930@randomstr"; + String signstr = RSAUtils.sign(testContent, rsaKeyPairEntry.getPrivateKey()); + Assert.assertTrue(RSAUtils.verify(rsaKeyPairEntry.getPublicKeyEncoded(), signstr, testContent)); + + } + + @Test + public void testSignVerify2() + throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException { + String sign = + "WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; + String content = + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ"; + String pubKey = + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; + Assert.assertTrue(RSAUtils.verify(pubKey, sign, content)); + + } + } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java index 9ca9a5e3763..f0ccc547190 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/AuthHandlerBoot.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb; import io.servicecomb.core.BootListener; @@ -22,7 +37,7 @@ public class AuthHandlerBoot implements BootListener { @Override public void onBootEvent(BootEvent event) { if (EventType.BEFORE_REGISTRY.equals(event.getEventType())) { - RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.getRSAKeyPair(); + RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.generateRSAKeyPair(); RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey()); RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey()); RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded()); diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index de82e665157..065f5404b24 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication; @@ -20,6 +35,8 @@ public class RSAAuthenticationToken { private String sign; + private String tokenFormat; + public RSAAuthenticationToken(String instanceId, String serviceId, long generateTime, String randomCode, String sign) { this.instanceId = instanceId; @@ -27,6 +44,12 @@ public RSAAuthenticationToken(String instanceId, String serviceId, long generate this.randomCode = randomCode; this.serviceId = serviceId; this.sign = sign; + this.tokenFormat = String.format("%s@%s@%s@%s@%s", + instanceId, + serviceId, + generateTime, + randomCode, + sign); } public String plainToken() { @@ -50,12 +73,7 @@ public String getSign() { public String format() { - return String.format("%s@%s@%s@%s@%s", - instanceId, - serviceId, - generateTime, - randomCode, - sign); + return tokenFormat; } public static RSAAuthenticationToken fromStr(String token) { diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java index f9682052023..148143fcb71 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/ConsumerAuthHandler.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication.consumer; import java.util.Optional; @@ -15,7 +30,7 @@ */ public class ConsumerAuthHandler implements Handler { - private RSACoumserTokenManager athenticationTokenManager = new RSACoumserTokenManager(); + private RSAConsumerTokenManager athenticationTokenManager = new RSAConsumerTokenManager(); @Override public void handle(Invocation invocation, AsyncResponse asyncResp) throws Exception { @@ -31,7 +46,7 @@ public void handle(Invocation invocation, AsyncResponse asyncResp) throws Except invocation.next(asyncResp); } - public void setAuthenticationTokenManager(RSACoumserTokenManager authenticationTokenManager) { + public void setAuthenticationTokenManager(RSAConsumerTokenManager authenticationTokenManager) { this.athenticationTokenManager = authenticationTokenManager; } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java similarity index 73% rename from handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java rename to handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java index a32a63fef36..d41f909fa59 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSACoumserTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication.consumer; import java.security.InvalidKeyException; @@ -18,9 +33,9 @@ import io.servicecomb.foundation.token.RSAKeypair4Auth; import io.servicecomb.serviceregistry.RegistryUtils; -public class RSACoumserTokenManager { +public class RSAConsumerTokenManager { - private static final Logger logger = LoggerFactory.getLogger(RSACoumserTokenManager.class); + private static final Logger logger = LoggerFactory.getLogger(RSAConsumerTokenManager.class); private ReadWriteLock readWriteLock = new ReentrantReadWriteLock(); @@ -28,7 +43,7 @@ public class RSACoumserTokenManager { public String getToken() { readWriteLock.readLock().lock(); - if (isvalid(token)) { + if (!isExpired(token)) { String tokenStr = token.format(); readWriteLock.readLock().unlock(); return tokenStr; @@ -41,7 +56,7 @@ public String getToken() { public String createToken() { PrivateKey privateKey = RSAKeypair4Auth.INSTANCE.getPrivateKey(); readWriteLock.writeLock().lock(); - if (isvalid(token)) { + if (!isExpired(token)) { logger.debug("Token had been recreated by another thread"); return token.format(); } @@ -55,6 +70,7 @@ public String createToken() { token = RSAAuthenticationToken.fromStr(String.format("%s@%s", plain, sign)); return token.format(); } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { + logger.error("create token error", e); throw new Error("create token error"); } @@ -64,17 +80,14 @@ public String createToken() { * the TTL of Token is 24 hours * client token will expired 15 minutes early */ - public boolean isvalid(RSAAuthenticationToken token) { + public boolean isExpired(RSAAuthenticationToken token) { if (null == token) { - return false; + return true; } long generateTime = token.getGenerateTime(); Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); Date now = new Date(); - if (now.before(expiredDate)) { - return true; - } - return false; + return expiredDate.before(now); } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java index cdac2bffbfb..068002b9faa 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/ProviderAuthHanlder.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication.provider; import io.servicecomb.core.Const; diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java index da5cf438406..faffb33575d 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication.provider; import java.security.InvalidKeyException; @@ -20,7 +35,7 @@ public class RSAProviderTokenManager { - private static Logger logger = LoggerFactory.getLogger(RSAProviderTokenManager.class); + private final static Logger LOGGER = LoggerFactory.getLogger(RSAProviderTokenManager.class); private Set validatedToken = ConcurrentHashMap.newKeySet(1000); @@ -28,32 +43,32 @@ public boolean valid(String token) { try { RSAAuthenticationToken rsaToken = RSAAuthenticationToken.fromStr(token); if (null == rsaToken) { - logger.error("token format is error, perhaps you need to set auth handler at consumer"); + LOGGER.error("token format is error, perhaps you need to set auth handler at consumer"); return false; } if (tokenExprired(rsaToken)) { - logger.error("token is expired"); + LOGGER.error("token is expired"); return false; } if (validatedToken.contains(rsaToken)) { - logger.info("found vaildate token in vaildate pool"); + LOGGER.info("found vaildate token in vaildate pool"); return true; - } else { - String sign = rsaToken.getSign(); - String content = rsaToken.plainToken(); - String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); - boolean verify = RSAUtils.verify(publicKey, sign, content); - if (verify && !tokenExprired(rsaToken)) { - validatedToken.add(rsaToken); - return true; - } else { - logger.error("token verify error"); - return false; - } } + + String sign = rsaToken.getSign(); + String content = rsaToken.plainToken(); + String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId()); + boolean verify = RSAUtils.verify(publicKey, sign, content); + if (verify && !tokenExprired(rsaToken)) { + validatedToken.add(rsaToken); + return true; + } + + LOGGER.error("token verify error"); + return false; } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { - logger.error("verfiy error", e); + LOGGER.error("verfiy error", e); return false; } } @@ -76,7 +91,7 @@ private String getPublicKey(String instanceId, String serviceId) { .map(properties -> properties.get(Const.INSTANCE_PUBKEY_PRO)) .get(); } else { - logger.error("not instance found {}-{}, maybe attack", instanceId, serviceId); + LOGGER.error("not instance found {}-{}, maybe attack", instanceId, serviceId); return ""; } } diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java index d02ec9ab4ea..047885b58ec 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestAuthHandlerBoot.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication; import io.servicecomb.AuthHandlerBoot; @@ -11,6 +26,7 @@ import org.junit.Assert; import org.junit.Test; + public class TestAuthHandlerBoot { @@ -19,15 +35,14 @@ public void testGenerateRSAKey() { MicroserviceInstance microserviceInstance = new MicroserviceInstance(); Microservice microservice = new Microservice(); microservice.setIntance(microserviceInstance); - new Expectations(RegistryUtils.class) - { - { - - RegistryUtils.getMicroserviceInstance(); - result = microserviceInstance; - } + new Expectations(RegistryUtils.class) { + { + + RegistryUtils.getMicroserviceInstance(); + result = microserviceInstance; + } }; - + AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot(); BootEvent bootEvent = new BootEvent(); bootEvent.setEventType(BootListener.EventType.BEFORE_REGISTRY); diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java index 3e60ffaa4f2..42f01b03722 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestConsumerAuthHandler.java @@ -1,7 +1,22 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication; import io.servicecomb.authentication.consumer.ConsumerAuthHandler; -import io.servicecomb.authentication.consumer.RSACoumserTokenManager; +import io.servicecomb.authentication.consumer.RSAConsumerTokenManager; import io.servicecomb.core.Invocation; import io.servicecomb.swagger.invocation.AsyncResponse; @@ -16,27 +31,27 @@ public class TestConsumerAuthHandler { AsyncResponse asyncResp = null; - RSACoumserTokenManager tokenManager = null; + RSAConsumerTokenManager tokenManager = null; @Test public void testHandler() throws Exception { - tokenManager = Mockito.mock(RSACoumserTokenManager.class); + tokenManager = Mockito.mock(RSAConsumerTokenManager.class); Mockito.when(tokenManager.getToken()).thenReturn("testtoken"); ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); consumerAuthHandler.setAuthenticationTokenManager(tokenManager); consumerAuthHandler.handle(invocation, asyncResp); Assert.assertTrue(true); } - - + + @Test public void testHandlerException() throws Exception { - tokenManager = Mockito.mock(RSACoumserTokenManager.class); + tokenManager = Mockito.mock(RSAConsumerTokenManager.class); Mockito.when(tokenManager.getToken()).thenReturn(null); ConsumerAuthHandler consumerAuthHandler = new ConsumerAuthHandler(); consumerAuthHandler.setAuthenticationTokenManager(tokenManager); consumerAuthHandler.handle(invocation, asyncResp); - + } @Before @@ -44,6 +59,6 @@ public void setUp() throws Exception { invocation = Mockito.mock(Invocation.class); asyncResp = Mockito.mock(AsyncResponse.class); - + } } diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java index 371e07d603c..80bf5555157 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestProviderAuthHanlder.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication; import io.servicecomb.authentication.provider.ProviderAuthHanlder; diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java index 70afc908973..b50fc824682 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAAuthenticationToken.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication; import java.security.InvalidKeyException; @@ -32,32 +47,33 @@ public void testRSAAuthenticationToken() "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxKl5TNUTec7fL2degQcCk6vKf3c0wsfNK5V6elKzjWxm0MwbRj/UeR20VSnicBmVIOWrBS9LiERPPvjmmWUOSS2vxwr5XfhBhZ07gCAUNxBOTzgMo5nE45DhhZu5Jzt5qSV6o10Kq7+fCCBlDZ1UoWxZceHkUt5AxcrhEDulFjQIDAQAB"; Assert.assertTrue(RSAUtils.verify(pubKey, sign, contents)); } - - + + @Test - public void testRSAAuthenticationTokenError() - { + public void testRSAAuthenticationTokenError() { String tokenstr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); Assert.assertNull(token); } - - + + @Test - public void testEqual() - { + public void testEqual() { String tokenstr = "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="; RSAAuthenticationToken token = RSAAuthenticationToken.fromStr(tokenstr); Assert.assertNotEquals(token, null); - RSAAuthenticationToken token2 = RSAAuthenticationToken.fromStr("e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk"); + RSAAuthenticationToken token2 = RSAAuthenticationToken.fromStr( + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk"); Assert.assertNotEquals(token2, token); - - RSAAuthenticationToken token3 = RSAAuthenticationToken.fromStr("e8a0a4b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk"); + + RSAAuthenticationToken token3 = RSAAuthenticationToken.fromStr( + "e8a0a4b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk"); Assert.assertNotEquals(token3, token); - - RSAAuthenticationToken token4 = RSAAuthenticationToken.fromStr("e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="); + + RSAAuthenticationToken token4 = RSAAuthenticationToken.fromStr( + "e8a04b54cf2711e7b701286ed488fc20@c8636e5acf1f11e7b701286ed488fc20@1511315597475@9t0tp8ce80SUM5ts6iRGjFJMvCdQ7uvhpyh0RM7smKm3p4wYOrojr4oT1Pnwx7xwgcgEFbQdwPJxIMfivpQ1rHGqiLp67cjACvJ3Ke39pmeAVhybsLADfid6oSjscFaJ@WBYouF6hXYrXzBA31HC3VX8Bw9PNgJUtVqOPAaeW9ye3q/D7WWb0M+XMouBIWxWY6v9Un1dGu5Rkjlx6gZbnlHkb2VO8qFR3Y6lppooWCirzpvEBRjlJQu8LPBur0BCfYGq8XYrEZA2NU6sg2zXieqCSiX6BnMnBHNn4cR9iZpk="); Assert.assertEquals(token4, token); } } diff --git a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java index 4308a448732..17139b62ad1 100644 --- a/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java +++ b/handlers/handler-publickey-auth/src/test/java/io/servicecomb/authentication/TestRSAProviderTokenManager.java @@ -1,6 +1,21 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.authentication; -import io.servicecomb.authentication.consumer.RSACoumserTokenManager; +import io.servicecomb.authentication.consumer.RSAConsumerTokenManager; import io.servicecomb.authentication.provider.RSAProviderTokenManager; import io.servicecomb.foundation.common.utils.RSAKeyPairEntry; import io.servicecomb.foundation.common.utils.RSAUtils; @@ -37,13 +52,13 @@ public void testTokenExpried() { @Test public void testTokenFromVaidatePool() { - RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.getRSAKeyPair(); + RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.generateRSAKeyPair(); RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey()); RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey()); RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded()); String serviceId = "c8636e5acf1f11e7b701286ed488fc20"; String instanceId = "e8a04b54cf2711e7b701286ed488fc20"; - RSACoumserTokenManager rsaCoumserTokenManager = new RSACoumserTokenManager(); + RSAConsumerTokenManager rsaCoumserTokenManager = new RSAConsumerTokenManager(); MicroserviceInstance microserviceInstance = new MicroserviceInstance(); microserviceInstance.setInstanceId(instanceId); Map properties = new HashMap(); @@ -51,15 +66,14 @@ public void testTokenFromVaidatePool() { properties.put(Const.INSTANCE_PUBKEY_PRO, rsaKeyPairEntry.getPublicKeyEncoded()); Microservice microservice = new Microservice(); microservice.setServiceId(serviceId); - new Expectations(RegistryUtils.class) - { - { - RegistryUtils.getMicroservice(); - result = microservice; - RegistryUtils.getMicroserviceInstance(); - result = microserviceInstance; - - } + new Expectations(RegistryUtils.class) { + { + RegistryUtils.getMicroservice(); + result = microservice; + RegistryUtils.getMicroserviceInstance(); + result = microserviceInstance; + + } }; //Test Consumer first create token @@ -67,13 +81,12 @@ public void testTokenFromVaidatePool() { Assert.assertNotNull(token); // use cache token Assert.assertEquals(token, rsaCoumserTokenManager.getToken()); - new Expectations(MicroserviceInstanceCache.class) - { - { - MicroserviceInstanceCache.getOrCreate(serviceId, instanceId); - result = microserviceInstance; - - } + new Expectations(MicroserviceInstanceCache.class) { + { + MicroserviceInstanceCache.getOrCreate(serviceId, instanceId); + result = microserviceInstance; + + } }; RSAProviderTokenManager rsaProviderTokenManager = new RSAProviderTokenManager(); //first validate need to verify use RSA diff --git a/integration-tests/auth-handler-tests/pom.xml b/integration-tests/auth-handler-tests/pom.xml deleted file mode 100644 index 54e7552594d..00000000000 --- a/integration-tests/auth-handler-tests/pom.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - 4.0.0 - - io.servicecomb.tests - integration-tests - 0.4.1-SNAPSHOT - - io.servicecomb.tests - auth-handler-tests - 0.4.1-SNAPSHOT - auth-handler-tests - http://maven.apache.org - - UTF-8 - - - - diff --git a/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java b/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java deleted file mode 100644 index 12abb6a216a..00000000000 --- a/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/AuthProviderMain.java +++ /dev/null @@ -1,13 +0,0 @@ -package io.servicecomb.authentication; - -import io.servicecomb.foundation.common.utils.BeanUtils; -import io.servicecomb.foundation.common.utils.Log4jUtils; - -public class AuthProviderMain { - - public static void main(String[] args) throws Exception { - Log4jUtils.init(); - BeanUtils.init(); - } - -} diff --git a/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java b/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java deleted file mode 100644 index e2c4876c749..00000000000 --- a/integration-tests/auth-handler-tests/src/test/java/io/servicecomb/authentication/BaseTest.java +++ /dev/null @@ -1,25 +0,0 @@ -package io.servicecomb.authentication; - -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.springframework.context.event.ContextClosedEvent; - -import io.servicecomb.core.CseApplicationListener; -import io.servicecomb.foundation.common.utils.BeanUtils; - -public class BaseTest { - - - @BeforeClass - public static void init() throws Exception - { - AuthProviderMain.main(new String[0]); - } - - @AfterClass - public static void shutdown() throws Exception { - CseApplicationListener cal = BeanUtils.getBean("io.servicecomb.core.CseApplicationListener"); - ContextClosedEvent event = new ContextClosedEvent(BeanUtils.getContext()); - cal.onApplicationEvent(event); - } -} diff --git a/integration-tests/auth-handler-tests/src/test/resources/microservice.yaml b/integration-tests/auth-handler-tests/src/test/resources/microservice.yaml deleted file mode 100644 index f7aea0912e3..00000000000 --- a/integration-tests/auth-handler-tests/src/test/resources/microservice.yaml +++ /dev/null @@ -1,14 +0,0 @@ -APPLICATION_ID: auth-handle-it -service_description: - name: springmvc - version: 0.0.2 -cse: - service: - registry: - address: http://127.0.0.1:30100 - rest: - address: 0.0.0.0:8080 - handler: - chain: - Provider: - default: auth-provider diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index ab99d7e787c..75271a624e4 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -22,7 +22,6 @@ spring-springmvc-tests spring-zuul-tracing-tests spring-pojo-tests - auth-handler-tests From 1953eb846860fb8e3ba77afb86d8b882f7b0f543 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Tue, 28 Nov 2017 20:46:57 +0800 Subject: [PATCH 23/28] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../consumer/RSAConsumerTokenManager.java | 7 ++-- .../provider/RSAProviderTokenManager.java | 10 ++---- .../MicroserviceInstanceResponse.java | 16 +++++++++ .../cache/MicroserviceInstanceCache.java | 16 +++++++++ .../TestMicroserviceInstanceResponse.java | 35 +++++++++++++++++++ 5 files changed, 73 insertions(+), 11 deletions(-) create mode 100644 service-registry/src/test/java/io/servicecomb/serviceregistry/api/response/TestMicroserviceInstanceResponse.java diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java index d41f909fa59..8b0d23677ed 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java @@ -20,7 +20,6 @@ import java.security.PrivateKey; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; -import java.util.Date; import java.util.concurrent.locks.ReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock; @@ -85,9 +84,9 @@ public boolean isExpired(RSAAuthenticationToken token) { return true; } long generateTime = token.getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000); - Date now = new Date(); - return expiredDate.before(now); + long expiredDate = generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME - 15 * 60 * 1000; + long now = System.currentTimeMillis(); + return now > expiredDate; } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java index faffb33575d..fbe34d6e7e7 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -19,7 +19,6 @@ import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; -import java.util.Date; import java.util.Optional; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -75,12 +74,9 @@ public boolean valid(String token) { private boolean tokenExprired(RSAAuthenticationToken rsaToken) { long generateTime = rsaToken.getGenerateTime(); - Date expiredDate = new Date(generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000); - Date now = new Date(); - if (now.before(expiredDate)) { - return false; - } - return true; + long expired = generateTime + RSAAuthenticationToken.TOKEN_ACTIVE_TIME + 15 * 60 * 1000; + long now = System.currentTimeMillis(); + return now > expired; } private String getPublicKey(String instanceId, String serviceId) { diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java index a65b8e18b3a..c10154ff8a2 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java @@ -1,3 +1,19 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package io.servicecomb.serviceregistry.api.response; import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java index b9416f783f5..2a6d18c9041 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java @@ -1,3 +1,19 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package io.servicecomb.serviceregistry.cache; import java.util.concurrent.Callable; diff --git a/service-registry/src/test/java/io/servicecomb/serviceregistry/api/response/TestMicroserviceInstanceResponse.java b/service-registry/src/test/java/io/servicecomb/serviceregistry/api/response/TestMicroserviceInstanceResponse.java new file mode 100644 index 00000000000..fe4a5fb7196 --- /dev/null +++ b/service-registry/src/test/java/io/servicecomb/serviceregistry/api/response/TestMicroserviceInstanceResponse.java @@ -0,0 +1,35 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.servicecomb.serviceregistry.api.response; + +import org.junit.Assert; +import org.junit.Test; + +import io.servicecomb.serviceregistry.api.registry.MicroserviceInstance; + +public class TestMicroserviceInstanceResponse { + + + @Test + public void testMicroserviceInstanceResponse() + { + MicroserviceInstance microserviceInstance = new MicroserviceInstance(); + MicroserviceInstanceResponse microserviceInstanceResponse = new MicroserviceInstanceResponse(); + microserviceInstanceResponse.setInstance(microserviceInstance); + Assert.assertNotNull(microserviceInstanceResponse.getInstance()); + } +} From cf76cbe1acfc73003041260b7ec14bd3f070fa8e Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Tue, 28 Nov 2017 21:12:37 +0800 Subject: [PATCH 24/28] UT --- .../io/servicecomb/foundation/metrics/TestMetricsConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java b/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java index 00cdac2a669..99ec1aaa4b6 100644 --- a/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java +++ b/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java @@ -38,6 +38,6 @@ public void tearDown() throws Exception { @Test public void test() { Assert.assertEquals(60000, MetricsConfig.getMsCycle()); - Assert.assertEquals(true, MetricsConfig.isEnable()); + Assert.assertEquals(false, MetricsConfig.isEnable()); } } From 6cf2ad82f83252e5d3e8040bcf1fb2d15595430a Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Wed, 29 Nov 2017 10:22:03 +0800 Subject: [PATCH 25/28] =?UTF-8?q?=E6=A0=B9=E6=8D=AE=E6=A3=80=E8=A7=86?= =?UTF-8?q?=E6=84=8F=E8=A7=81=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/utils/RSAKeyPairEntry.java | 15 +++++++ .../foundation/common/utils/RSAUtils.java | 8 ++-- .../RSAAuthenticationToken.java | 2 +- .../consumer/RSAConsumerTokenManager.java | 3 ++ .../provider/RSAProviderTokenManager.java | 10 ++--- .../cache/MicroserviceInstanceCache.java | 44 ++++++++++--------- 6 files changed, 48 insertions(+), 34 deletions(-) diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java index 52e280e463f..5f152f19904 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAKeyPairEntry.java @@ -1,3 +1,18 @@ +/* + * Copyright 2017 Huawei Technologies Co., Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package io.servicecomb.foundation.common.utils; import java.security.PrivateKey; diff --git a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java index 9ddc6a80ab8..004e0122895 100644 --- a/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java +++ b/foundations/foundation-common/src/main/java/io/servicecomb/foundation/common/utils/RSAUtils.java @@ -49,12 +49,10 @@ public class RSAUtils { private static KeyFactory kf = null; static { - - try - { + + try { kf = KeyFactory.getInstance(RSA_ALG); - }catch(NoSuchAlgorithmException e) - { + } catch (NoSuchAlgorithmException e) { LOGGER.error("init keyfactory error"); } } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java index 065f5404b24..89a849c0320 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/RSAAuthenticationToken.java @@ -95,7 +95,7 @@ public void setServiceId(String serviceId) { @Override public boolean equals(Object obj) { - if (null == obj || !(obj instanceof RSAAuthenticationToken)) { + if (!(obj instanceof RSAAuthenticationToken)) { return false; } RSAAuthenticationToken token = (RSAAuthenticationToken) obj; diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java index 8b0d23677ed..6b7328af0cd 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/consumer/RSAConsumerTokenManager.java @@ -57,6 +57,7 @@ public String createToken() { readWriteLock.writeLock().lock(); if (!isExpired(token)) { logger.debug("Token had been recreated by another thread"); + readWriteLock.writeLock().unlock(); return token.format(); } String instanceId = RegistryUtils.getMicroserviceInstance().getInstanceId(); @@ -71,6 +72,8 @@ public String createToken() { } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | SignatureException e) { logger.error("create token error", e); throw new Error("create token error"); + } finally { + readWriteLock.writeLock().unlock(); } } diff --git a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java index fbe34d6e7e7..d7826e8fe68 100644 --- a/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java +++ b/handlers/handler-publickey-auth/src/main/java/io/servicecomb/authentication/provider/RSAProviderTokenManager.java @@ -19,7 +19,6 @@ import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; -import java.util.Optional; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -80,12 +79,9 @@ private boolean tokenExprired(RSAAuthenticationToken rsaToken) { } private String getPublicKey(String instanceId, String serviceId) { - Optional instances = Optional - .ofNullable(MicroserviceInstanceCache.getOrCreate(serviceId, instanceId)); - if (instances.isPresent()) { - return instances.map(MicroserviceInstance::getProperties) - .map(properties -> properties.get(Const.INSTANCE_PUBKEY_PRO)) - .get(); + MicroserviceInstance instances = MicroserviceInstanceCache.getOrCreate(serviceId, instanceId); + if (instances != null) { + return instances.getProperties().get(Const.INSTANCE_PUBKEY_PRO); } else { LOGGER.error("not instance found {}-{}, maybe attack", instanceId, serviceId); return ""; diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java index 2a6d18c9041..1f0aca05f6b 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/cache/MicroserviceInstanceCache.java @@ -35,31 +35,33 @@ */ public class MicroserviceInstanceCache { - private static final Logger logger = LoggerFactory.getLogger(MicroserviceInstanceCache.class); + private static final Logger logger = LoggerFactory.getLogger(MicroserviceInstanceCache.class); - private static Cache instances = CacheBuilder.newBuilder().maximumSize(1000) - .expireAfterAccess(30, TimeUnit.MINUTES).build(); + private static Cache instances = CacheBuilder.newBuilder() + .maximumSize(1000) + .expireAfterAccess(30, TimeUnit.MINUTES) + .build(); - public static MicroserviceInstance getOrCreate(String serviceId, String instanceId) { - try { - String key = String.format("%s@%s", serviceId, instanceId); - return instances.get(key, new Callable() { + public static MicroserviceInstance getOrCreate(String serviceId, String instanceId) { + try { + String key = String.format("%s@%s", serviceId, instanceId); + return instances.get(key, new Callable() { - @Override - public MicroserviceInstance call() throws Exception { - logger.debug("get microservice instance from SC"); - return getMicroserviceInstanceFromSC(serviceId, instanceId); - } + @Override + public MicroserviceInstance call() throws Exception { + logger.debug("get microservice instance from SC"); + return getMicroserviceInstanceFromSC(serviceId, instanceId); + } - }); - } catch (ExecutionException e) { - logger.error("get microservice from cache failed:" + String.format("%s@%s", serviceId, instanceId)); - return null; - } - } + }); + } catch (ExecutionException e) { + logger.error("get microservice from cache failed:" + String.format("%s@%s", serviceId, instanceId)); + return null; + } + } - private static MicroserviceInstance getMicroserviceInstanceFromSC(String serviceId, String instanceId) { - return RegistryUtils.getServiceRegistryClient().findServiceInstance(serviceId, instanceId); - } + private static MicroserviceInstance getMicroserviceInstanceFromSC(String serviceId, String instanceId) { + return RegistryUtils.getServiceRegistryClient().findServiceInstance(serviceId, instanceId); + } } From e35b62d94c16a2efc79edefd819a10a831200946 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Wed, 29 Nov 2017 10:37:23 +0800 Subject: [PATCH 26/28] =?UTF-8?q?=E5=9B=9E=E9=80=80=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/servicecomb/foundation/metrics/TestMetricsConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java b/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java index 99ec1aaa4b6..00cdac2a669 100644 --- a/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java +++ b/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java @@ -38,6 +38,6 @@ public void tearDown() throws Exception { @Test public void test() { Assert.assertEquals(60000, MetricsConfig.getMsCycle()); - Assert.assertEquals(false, MetricsConfig.isEnable()); + Assert.assertEquals(true, MetricsConfig.isEnable()); } } From 2ee157cfa8b37cf44b6591dcaeb136814f08b0f2 Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Wed, 29 Nov 2017 11:08:01 +0800 Subject: [PATCH 27/28] Fix UT --- .../io/servicecomb/foundation/metrics/TestMetricsConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java b/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java index 121c8a2eb74..7d462883eca 100644 --- a/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java +++ b/foundations/foundation-metrics/src/test/java/io/servicecomb/foundation/metrics/TestMetricsConfig.java @@ -24,6 +24,6 @@ public class TestMetricsConfig { @Test public void test() { Assert.assertEquals(60000, MetricsConfig.getMsCycle()); - Assert.assertEquals(true, MetricsConfig.isEnable()); + Assert.assertEquals(false, MetricsConfig.isEnable()); } } From 417d2c929fdd245e2dcdfda14191cb384d63861c Mon Sep 17 00:00:00 2001 From: jeho0815 Date: Thu, 30 Nov 2017 11:22:33 +0800 Subject: [PATCH 28/28] format code --- .../MicroserviceInstanceResponse.java | 18 ++++---- .../LocalServiceRegistryClientImpl.java | 10 ++--- .../http/ServiceRegistryClientImpl.java | 42 +++++++++---------- 3 files changed, 35 insertions(+), 35 deletions(-) diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java index c10154ff8a2..76f801b409e 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/api/response/MicroserviceInstanceResponse.java @@ -20,15 +20,15 @@ public class MicroserviceInstanceResponse { - private MicroserviceInstance instance; + private MicroserviceInstance instance; + + public MicroserviceInstance getInstance() { + return instance; + } + + public void setInstance(MicroserviceInstance instance) { + this.instance = instance; + } - public MicroserviceInstance getInstance() { - return instance; - } - public void setInstance(MicroserviceInstance instance) { - this.instance = instance; - } - - } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java index 90ec983c5b5..d9107a293f6 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/LocalServiceRegistryClientImpl.java @@ -335,11 +335,11 @@ public boolean updateInstanceProperties(String microserviceId, String microservi return true; } -@Override -public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { - Map instances = microserviceInstanceMap.get(serviceId); - return instances.get(instanceId); -} + @Override + public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { + Map instances = microserviceInstanceMap.get(serviceId); + return instances.get(instanceId); + } } diff --git a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java index fba8da96641..9b2c1497f00 100644 --- a/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java +++ b/service-registry/src/main/java/io/servicecomb/serviceregistry/client/http/ServiceRegistryClientImpl.java @@ -630,27 +630,27 @@ public boolean updateInstanceProperties(String microserviceId, String microservi return false; } - @Override - public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { - try { - Holder holder = new Holder<>(); - IpPort ipPort = ipPortManager.getAvailableAddress(false); - CountDownLatch countDownLatch = new CountDownLatch(1); - RestUtils.get(ipPort, - String.format(Const.REGISTRY_API.MICROSERVICE_INSTANCE_OPERATION_ONE, serviceId, instanceId), - new RequestParam().addHeader("X-ConsumerId", serviceId), syncHandler(countDownLatch, MicroserviceInstanceResponse.class, holder)); - countDownLatch.await(); - if(null != holder.value) - { - return holder.value.getInstance(); - } - return null; - } catch (Exception e) { - LOGGER.error("get instance from sc failed"); - return null; - } - - } + @Override + public MicroserviceInstance findServiceInstance(String serviceId, String instanceId) { + try { + Holder holder = new Holder<>(); + IpPort ipPort = ipPortManager.getAvailableAddress(false); + CountDownLatch countDownLatch = new CountDownLatch(1); + RestUtils.get(ipPort, + String.format(Const.REGISTRY_API.MICROSERVICE_INSTANCE_OPERATION_ONE, serviceId, instanceId), + new RequestParam().addHeader("X-ConsumerId", serviceId), + syncHandler(countDownLatch, MicroserviceInstanceResponse.class, holder)); + countDownLatch.await(); + if (null != holder.value) { + return holder.value.getInstance(); + } + return null; + } catch (Exception e) { + LOGGER.error("get instance from sc failed"); + return null; + } + + } }