This is an automated email from the ASF dual-hosted git repository. eolivelli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/pulsar-manager.git
The following commit(s) were added to refs/heads/master by this push: new 4476f5e Remove JWT validation from production code (#547) 4476f5e is described below commit 4476f5e5537c701744da80b6e9cdf9634f341723 Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> AuthorDate: Wed Feb 7 06:51:47 2024 -0500 Remove JWT validation from production code (#547) Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> --- .../apache/pulsar/manager/service/JwtService.java | 6 ----- .../manager/service/impl/JwtServiceImpl.java | 31 ++++++++-------------- .../{ => impl}/BrokerTokensServiceImplTest.java | 19 ++++++++++--- 3 files changed, 27 insertions(+), 29 deletions(-) diff --git a/src/main/java/org/apache/pulsar/manager/service/JwtService.java b/src/main/java/org/apache/pulsar/manager/service/JwtService.java index 64d5162..3c126d7 100644 --- a/src/main/java/org/apache/pulsar/manager/service/JwtService.java +++ b/src/main/java/org/apache/pulsar/manager/service/JwtService.java @@ -13,10 +13,6 @@ */ package org.apache.pulsar.manager.service; -import io.jsonwebtoken.Claims; -import org.springframework.stereotype.Service; - -import java.security.Key; import java.util.Optional; public interface JwtService { @@ -27,8 +23,6 @@ public interface JwtService { String createBrokerToken(String role, String expiryTime); - Claims validateBrokerToken(String token); - void setToken(String key, String value); String getToken(String key); diff --git a/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java b/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java index fa460e5..fe9d816 100644 --- a/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java +++ b/src/main/java/org/apache/pulsar/manager/service/impl/JwtServiceImpl.java @@ -13,6 +13,7 @@ */ package org.apache.pulsar.manager.service.impl; +import com.google.common.annotations.VisibleForTesting; import io.jsonwebtoken.*; import io.jsonwebtoken.security.Keys; import org.apache.pulsar.manager.service.JwtService; @@ -24,6 +25,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; +import javax.annotation.Nullable; import java.io.IOException; import java.security.Key; import java.util.Date; @@ -111,16 +113,21 @@ public class JwtServiceImpl implements JwtService { } } - public String createBrokerToken(String role, String expiryTime) { - Key signingKey; + @VisibleForTesting + @Nullable + Key getSigningKey() { if (jwtBrokerTokenMode.equals("SECRET")) { - signingKey = decodeBySecretKey(); + return decodeBySecretKey(); } else if (jwtBrokerTokenMode.equals("PRIVATE")){ - signingKey = decodeByPrivateKey(); + return decodeByPrivateKey(); } else { log.info("Default disable JWT auth, please set jwt.broker.token.mode."); return null; } + } + + public String createBrokerToken(String role, String expiryTime) { + Key signingKey = getSigningKey(); if (signingKey == null) { log.error("JWT Auth failed, signingKey is not empty"); return null; @@ -144,20 +151,4 @@ public class JwtServiceImpl implements JwtService { return null; } } - - public Claims validateBrokerToken(String token) { - Key validationKey; - if (jwtBrokerTokenMode.equals("SECRET")) { - validationKey = decodeBySecretKey(); - } else if (jwtBrokerTokenMode.equals("PRIVATE")){ - validationKey = decodeByPrivateKey(); - } else { - log.info("Default disable JWT auth, please set jwt.broker.token.mode."); - return null; - } - Jwt<?, Claims> jwt = Jwts.parser() - .setSigningKey(validationKey) - .parse(token); - return jwt.getBody(); - } } diff --git a/src/test/java/org/apache/pulsar/manager/service/BrokerTokensServiceImplTest.java b/src/test/java/org/apache/pulsar/manager/service/impl/BrokerTokensServiceImplTest.java similarity index 78% rename from src/test/java/org/apache/pulsar/manager/service/BrokerTokensServiceImplTest.java rename to src/test/java/org/apache/pulsar/manager/service/impl/BrokerTokensServiceImplTest.java index 618dee7..3b936fc 100644 --- a/src/test/java/org/apache/pulsar/manager/service/BrokerTokensServiceImplTest.java +++ b/src/test/java/org/apache/pulsar/manager/service/impl/BrokerTokensServiceImplTest.java @@ -11,11 +11,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.pulsar.manager.service; +package org.apache.pulsar.manager.service.impl; import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwt; +import io.jsonwebtoken.Jwts; import org.apache.pulsar.manager.PulsarManagerApplication; import org.apache.pulsar.manager.profiles.HerdDBTestProfile; +import org.apache.pulsar.manager.service.impl.JwtServiceImpl; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -28,6 +31,8 @@ import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; +import java.security.Key; + @RunWith(PowerMockRunner.class) @PowerMockRunnerDelegate(SpringRunner.class) @PowerMockIgnore( {"javax.*", "sun.*", "com.sun.*", "org.xml.*", "org.w3c.*"}) @@ -47,13 +52,21 @@ import org.springframework.test.context.junit4.SpringRunner; public class BrokerTokensServiceImplTest { @Autowired - private JwtService jwtService; + private JwtServiceImpl jwtService; + + public Claims validateBrokerToken(String token) { + Key validationKey = jwtService.getSigningKey(); + Jwt jwt = Jwts.parser() + .setSigningKey(validationKey) + .parse(token); + return (Claims) jwt.getBody(); + } @Test public void createBrokerTokenTest() { String role = "test"; String token = jwtService.createBrokerToken(role, null); - Claims jwtBody = jwtService.validateBrokerToken(token); + Claims jwtBody = validateBrokerToken(token); Assert.assertEquals(role, jwtBody.getSubject()); } }