/
DdiSecurityProperties.java
120 lines (101 loc) · 3.15 KB
/
DdiSecurityProperties.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/**
* Copyright (c) 2015 Bosch Software Innovations GmbH and others
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.hawkbit.security;
import java.util.List;
import lombok.Data;
import lombok.Getter;
import lombok.ToString;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* The common properties for DDI security.
*/
@Getter
@ConfigurationProperties("hawkbit.server.ddi.security")
public class DdiSecurityProperties {
private final Rp rp = new Rp();
private final Authentication authentication = new Authentication();
public Authentication getAuthentication() {
return authentication;
}
public Rp getRp() {
return rp;
}
/**
* Reverse proxy configuration. Defines the security properties for
* authenticating controllers behind a reverse proxy which terminates the
* SSL session at the reverse proxy but adding request header which contains
* the CN of the certificate.
*/
@Data
public static class Rp {
/**
* HTTP header field for common name of a DDI target client certificate.
*/
private String cnHeader = "X-Ssl-Client-Cn";
/**
* HTTP header field for issuer hash of a DDI target client certificate.
*/
private String sslIssuerHashHeader = "X-Ssl-Issuer-Hash-%d";
/**
* List of trusted (reverse proxy) IP addresses for performing DDI
* client certificate authentication.
*/
private List<String> trustedIPs;
}
/**
* DDI Authentication options.
*/
@Data
public static class Authentication {
private final Anonymous anonymous = new Anonymous();
private final Targettoken targettoken = new Targettoken();
private final Gatewaytoken gatewaytoken = new Gatewaytoken();
/**
* Target token authentication. Tokens are defined per target.
*
*/
@Data
public static class Targettoken {
/**
* Set to true to enable target token authentication.
*/
private boolean enabled = false;
}
/**
* Gateway token authentication. Tokens are defined per tenant. Use with care!
*/
@Data
public static class Gatewaytoken {
/**
* Gateway token based authentication enabled.
*/
private boolean enabled = false;
/**
* Default gateway token name.
*/
private String name = "";
/**
* Default gateway token itself.
*/
@ToString.Exclude
private String key = "";
}
/**
* Anonymous authentication.
*/
@Data
public static class Anonymous {
/**
* Set to true to enable anonymous DDI client authentication.
*/
private boolean enabled = false;
}
}
}