Google Git
Sign in
apache / servicecomb-java-chassis / 809e5ce146c4a6c2eff9a54e0ef6e8e82f186554 / . / service-registry / registry-service-center / src / main / java / org / apache / servicecomb / serviceregistry / auth / RBACBootStrapService.java
blob: d5a0710608d0d0db9bb57086573ed60aa56137d9 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.servicecomb.serviceregistry.auth;
import static org.apache.servicecomb.foundation.ssl.SSLOption.DEFAULT_OPTION;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.servicecomb.foundation.auth.Cipher;
import org.apache.servicecomb.foundation.auth.DefaultCipher;
import org.apache.servicecomb.foundation.bootstrap.BootStrapService;
import org.apache.servicecomb.foundation.common.event.EventManager;
import org.apache.servicecomb.foundation.common.utils.SPIServiceUtils;
import org.apache.servicecomb.foundation.ssl.SSLCustom;
import org.apache.servicecomb.foundation.ssl.SSLOption;
import org.apache.servicecomb.http.client.auth.DefaultRequestAuthHeaderProvider;
import org.apache.servicecomb.http.client.common.HttpConfiguration.SSLProperties;
import org.apache.servicecomb.service.center.client.ServiceCenterAddressManager;
import org.apache.servicecomb.service.center.client.ServiceCenterClient;
import org.apache.servicecomb.serviceregistry.config.ServiceRegistryConfig;
import org.springframework.core.env.Environment;
import com.google.common.annotations.VisibleForTesting;
public class RBACBootStrapService implements BootStrapService {
private static final String RBAC_ADDRESS = "servicecomb.service.registry.address";
public static final String DEFAULT_REGISTRY_NAME = "default";
public static final String RBAC_ENABLED = "servicecomb.credentials.rbac.enabled";
public static final String ACCOUNT_NAME_KEY = "servicecomb.credentials.account.name";
public static final String PASSWORD_KEY = "servicecomb.credentials.account.password";
public static final String CIPHER_KEY = "servicecomb.credentials.cipher";
@Override
public void startup(Environment environment) {
if (!getBooleanProperty(environment, false, RBAC_ENABLED)) {
return;
}
ServiceCenterAddressManager addressManager = createAddressManager(environment);
SSLProperties sslProperties = createSSLProperties(environment, "sc.consumer");
sslProperties.setEnabled(addressManager.sslEnabled());
// header: x-domain-name and url: /v1/{project}/ are all token from getTenantName。
ServiceCenterClient serviceCenterClient = new ServiceCenterClient(
addressManager, sslProperties, new DefaultRequestAuthHeaderProvider(), getTenantName(environment),
new HashMap<>(0)
);
Map<String, ServiceCenterClient> clients = new HashMap<>(1);
clients
.put(DEFAULT_REGISTRY_NAME, serviceCenterClient);
TokenCacheManager.getInstance().setServiceCenterClients(clients);
TokenCacheManager.getInstance().addTokenCache(
DEFAULT_REGISTRY_NAME,
getStringProperty(environment, null, ACCOUNT_NAME_KEY),
getStringProperty(environment, null, PASSWORD_KEY),
getCipher(getStringProperty(environment, DefaultCipher.CIPHER_NAME, CIPHER_KEY)));
}
@VisibleForTesting
Cipher getCipher(String cipherName) {
if (DefaultCipher.CIPHER_NAME.equals(cipherName)) {
return DefaultCipher.getInstance();
}
List<Cipher> ciphers = SPIServiceUtils.getOrLoadSortedService(Cipher.class);
return ciphers.stream().filter(c -> c.name().equals(cipherName)).findFirst()
.orElseThrow(() -> new IllegalArgumentException("failed to find cipher named " + cipherName));
}
private ServiceCenterAddressManager createAddressManager(Environment environment) {
return new ServiceCenterAddressManager(getTenantName(environment),
getRBACAddressList(environment), EventManager.getEventBus());
}
private SSLProperties createSSLProperties(Environment environment, String tag) {
SSLProperties sslProperties = new SSLProperties();
SSLOption option = new SSLOption();
option.setEngine(getStringProperty(environment,
DEFAULT_OPTION.getEngine(),
"ssl." + tag + ".engine",
"ssl.engine"));
option.setProtocols(
getStringProperty(environment,
DEFAULT_OPTION.getProtocols(),
"ssl." + tag + ".protocols",
"ssl.protocols"));
option.setCiphers(
getStringProperty(environment, DEFAULT_OPTION.getCiphers(), "ssl." + tag + ".ciphers", "ssl.ciphers"));
option.setAuthPeer(
getBooleanProperty(environment, DEFAULT_OPTION.isAuthPeer(), "ssl." + tag + ".authPeer", "ssl.authPeer"));
option.setCheckCNHost(
getBooleanProperty(environment,
DEFAULT_OPTION.isCheckCNHost(),
"ssl." + tag + ".checkCN.host",
"ssl.checkCN.host"));
option.setCheckCNWhite(
getBooleanProperty(environment,
DEFAULT_OPTION.isCheckCNWhite(),
"ssl." + tag + ".checkCN.white",
"ssl.checkCN.white"));
option.setCheckCNWhiteFile(getStringProperty(environment,
DEFAULT_OPTION.getCiphers(),
"ssl." + tag + ".checkCN.white.file",
"ssl.checkCN.white.file"));
option.setAllowRenegociate(getBooleanProperty(environment,
DEFAULT_OPTION.isAllowRenegociate(),
"ssl." + tag + ".allowRenegociate",
"ssl.allowRenegociate"));
option.setStorePath(
getStringProperty(environment,
DEFAULT_OPTION.getStorePath(),
"ssl." + tag + ".storePath",
"ssl.storePath"));
option.setClientAuth(
getStringProperty(environment,
DEFAULT_OPTION.getClientAuth(),
"ssl." + tag + ".clientAuth",
"ssl.clientAuth"));
option.setTrustStore(
getStringProperty(environment,
DEFAULT_OPTION.getTrustStore(),
"ssl." + tag + ".trustStore",
"ssl.trustStore"));
option.setTrustStoreType(getStringProperty(environment,
DEFAULT_OPTION.getTrustStoreType(),
"ssl." + tag + ".trustStoreType",
"ssl.trustStoreType"));
option.setTrustStoreValue(getStringProperty(environment,
DEFAULT_OPTION.getTrustStoreValue(),
"ssl." + tag + ".trustStoreValue",
"ssl.trustStoreValue"));
option.setKeyStore(
getStringProperty(environment, DEFAULT_OPTION.getKeyStore(), "ssl." + tag + ".keyStore", "ssl.keyStore"));
option.setKeyStoreType(
getStringProperty(environment,
DEFAULT_OPTION.getKeyStoreType(),
"ssl." + tag + ".keyStoreType",
"ssl.keyStoreType"));
option.setKeyStoreValue(getStringProperty(environment,
DEFAULT_OPTION.getKeyStoreValue(),
"ssl." + tag + ".keyStoreValue",
"ssl.keyStoreValue"));
option.setCrl(getStringProperty(environment, DEFAULT_OPTION.getCrl(), "ssl." + tag + ".crl", "ssl.crl"));
option.setSslCustomClass(
getStringProperty(environment, null, "ssl." + tag + ".sslCustomClass", "ssl.sslCustomClass"));
sslProperties.setSslOption(option);
sslProperties.setSslCustom(SSLCustom.createSSLCustom(option.getSslCustomClass()));
return sslProperties;
}
private String getStringProperty(Environment environment, String defaultValue, String... keys) {
for (String key : keys) {
if (environment.getProperty(key) != null) {
return environment.getProperty(key);
}
}
return defaultValue;
}
private boolean getBooleanProperty(Environment environment, boolean defaultValue, String... keys) {
for (String key : keys) {
if (environment.getProperty(key) != null) {
return Boolean.parseBoolean(environment.getProperty(key));
}
}
return defaultValue;
}
private String getTenantName(Environment environment) {
return environment.getProperty(ServiceRegistryConfig.TENANT_NAME, ServiceRegistryConfig.NO_TENANT);
}
private List<String> getRBACAddressList(Environment environment) {
String address = environment.getProperty(RBAC_ADDRESS, "http://127.0.0.1:30100)");
return Arrays.asList(address.split(","));
}
}