You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2021/09/14 01:03:02 UTC
[servicecomb-java-chassis] branch master updated: # SCB-2318 public
key info put in microservice properties (#2530)
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/master by this push:
new 34b4439 # SCB-2318 public key info put in microservice properties (#2530)
34b4439 is described below
commit 34b44393207c671d61f072659d21a60406312c6f
Author: zyl <72...@users.noreply.github.com>
AuthorDate: Tue Sep 14 09:02:53 2021 +0800
# SCB-2318 public key info put in microservice properties (#2530)
---
.../org/apache/servicecomb/AuthHandlerBoot.java | 23 +++++++++++++++++-----
.../provider/RSAProviderTokenManager.java | 19 ++++++++++++++++--
.../authentication/TestAuthHandlerBoot.java | 17 ++++++++++++++++
3 files changed, 52 insertions(+), 7 deletions(-)
diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/AuthHandlerBoot.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/AuthHandlerBoot.java
index 4f07166..9a2e219 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/AuthHandlerBoot.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/AuthHandlerBoot.java
@@ -24,6 +24,8 @@ import org.apache.servicecomb.registry.RegistrationManager;
import org.apache.servicecomb.registry.definition.DefinitionConst;
import org.springframework.stereotype.Component;
+import com.netflix.config.DynamicPropertyFactory;
+
/**
*
* initialize public and private key pair when system boot before registry instance to service center
@@ -36,13 +38,24 @@ public class AuthHandlerBoot implements BootListener {
@Override
public void onBootEvent(BootEvent event) {
- if (EventType.BEFORE_REGISTRY.equals(event.getEventType())) {
- RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.generateRSAKeyPair();
- RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey());
- RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey());
- RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded());
+ if (!EventType.BEFORE_REGISTRY.equals(event.getEventType())) {
+ return;
+ }
+ RSAKeyPairEntry rsaKeyPairEntry = RSAUtils.generateRSAKeyPair();
+ RSAKeypair4Auth.INSTANCE.setPrivateKey(rsaKeyPairEntry.getPrivateKey());
+ RSAKeypair4Auth.INSTANCE.setPublicKey(rsaKeyPairEntry.getPublicKey());
+ RSAKeypair4Auth.INSTANCE.setPublicKeyEncoded(rsaKeyPairEntry.getPublicKeyEncoded());
+ if (addMicroservicePublicKey()) {
+ RegistrationManager.INSTANCE.getMicroservice().getProperties().put(DefinitionConst.INSTANCE_PUBKEY_PRO,
+ rsaKeyPairEntry.getPublicKeyEncoded());
+ } else {
RegistrationManager.INSTANCE.getMicroserviceInstance().getProperties().put(DefinitionConst.INSTANCE_PUBKEY_PRO,
rsaKeyPairEntry.getPublicKeyEncoded());
}
}
+
+ private boolean addMicroservicePublicKey() {
+ return DynamicPropertyFactory.getInstance()
+ .getBooleanProperty("servicecomb.publicKey.microservice.enabled", true).get();
+ }
}
diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/RSAProviderTokenManager.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/RSAProviderTokenManager.java
index 48f630e..ac3f767 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/RSAProviderTokenManager.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/RSAProviderTokenManager.java
@@ -22,8 +22,10 @@ import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.concurrent.TimeUnit;
+import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.authentication.RSAAuthenticationToken;
import org.apache.servicecomb.foundation.common.utils.RSAUtils;
+import org.apache.servicecomb.registry.api.registry.Microservice;
import org.apache.servicecomb.registry.api.registry.MicroserviceInstance;
import org.apache.servicecomb.registry.cache.MicroserviceInstanceCache;
import org.apache.servicecomb.registry.definition.DefinitionConst;
@@ -74,7 +76,10 @@ public class RSAProviderTokenManager {
throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
String sign = rsaToken.getSign();
String content = rsaToken.plainToken();
- String publicKey = getPublicKey(rsaToken.getInstanceId(), rsaToken.getServiceId());
+ String publicKey = getPublicKeyFromMicroservice(rsaToken.getServiceId());
+ if (StringUtils.isEmpty(publicKey)) {
+ publicKey = getPublicKeyFromInstance(rsaToken.getInstanceId(), rsaToken.getServiceId());
+ }
return RSAUtils.verify(publicKey, sign, content);
}
@@ -89,7 +94,7 @@ public class RSAProviderTokenManager {
return now > expired;
}
- private String getPublicKey(String instanceId, String serviceId) {
+ private String getPublicKeyFromInstance(String instanceId, String serviceId) {
MicroserviceInstance instances = MicroserviceInstanceCache.getOrCreate(serviceId, instanceId);
if (instances != null) {
return instances.getProperties().get(DefinitionConst.INSTANCE_PUBKEY_PRO);
@@ -99,6 +104,16 @@ public class RSAProviderTokenManager {
}
}
+ private String getPublicKeyFromMicroservice(String serviceId) {
+ Microservice microservice = MicroserviceInstanceCache.getOrCreate(serviceId);
+ if (microservice != null) {
+ return microservice.getProperties().get(DefinitionConst.INSTANCE_PUBKEY_PRO);
+ } else {
+ LOGGER.error("not instance found {}, maybe attack", serviceId);
+ return "";
+ }
+ }
+
public static Cache<RSAAuthenticationToken, Boolean> getValidatedToken() {
return validatedToken;
}
diff --git a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAuthHandlerBoot.java b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAuthHandlerBoot.java
index 59aa747..1cd38fb 100644
--- a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAuthHandlerBoot.java
+++ b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAuthHandlerBoot.java
@@ -24,8 +24,10 @@ import org.apache.servicecomb.core.SCBEngine;
import org.apache.servicecomb.core.bootstrap.SCBBootstrap;
import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
import org.apache.servicecomb.foundation.token.RSAKeypair4Auth;
+import org.apache.servicecomb.registry.RegistrationManager;
import org.apache.servicecomb.registry.api.registry.Microservice;
import org.apache.servicecomb.registry.api.registry.MicroserviceInstance;
+import org.apache.servicecomb.registry.definition.DefinitionConst;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -59,4 +61,19 @@ public class TestAuthHandlerBoot {
Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPrivateKey());
Assert.assertNotNull(RSAKeypair4Auth.INSTANCE.getPublicKey());
}
+
+ @Test
+ public void testMicroservicePublicKey() {
+ MicroserviceInstance microserviceInstance = new MicroserviceInstance();
+ Microservice microservice = new Microservice();
+ microservice.setInstance(microserviceInstance);
+
+ AuthHandlerBoot authHandlerBoot = new AuthHandlerBoot();
+ BootEvent bootEvent = new BootEvent();
+ bootEvent.setEventType(BootListener.EventType.BEFORE_REGISTRY);
+ authHandlerBoot.onBootEvent(bootEvent);
+ String publicKey = RegistrationManager.INSTANCE.getMicroservice().
+ getProperties().get(DefinitionConst.INSTANCE_PUBKEY_PRO);
+ Assert.assertNotNull(publicKey);
+ }
}