diff --git a/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java new file mode 100644 index 0000000000..33ea38a593 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/security/ApiKeyTokenHandler.java @@ -0,0 +1,84 @@ +/* + * MIT License + * + * Copyright (c) 2020-present Cloudogu GmbH and Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package sonia.scm.security; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.jsonwebtoken.io.Decoder; +import io.jsonwebtoken.io.Decoders; +import io.jsonwebtoken.io.DecodingException; +import io.jsonwebtoken.io.Encoder; +import io.jsonwebtoken.io.Encoders; +import lombok.AllArgsConstructor; +import lombok.Getter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.util.Optional; + +import static java.util.Optional.empty; +import static java.util.Optional.of; + +class ApiKeyTokenHandler { + + private static final Encoder encoder = Encoders.BASE64URL; + private static final Decoder decoder = Decoders.BASE64URL; + private static final Logger LOG = LoggerFactory.getLogger(ApiKeyTokenHandler.class); + private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); + + String createToken(String user, ApiKey apiKey, String passphrase) { + final Token token = new Token(apiKey.getId(), user, passphrase); + try { + return encoder.encode(OBJECT_MAPPER.writeValueAsBytes(token)); + } catch (JsonProcessingException e) { + LOG.error("could not serialize token"); + throw new TokenSerializationException(e); + } + } + + Optional readToken(String asString) { + try { + return of(OBJECT_MAPPER.readValue(decoder.decode(asString), Token.class)); + } catch (IOException | DecodingException e) { + LOG.warn("error reading api token", e); + return empty(); + } + } + + @AllArgsConstructor + @Getter + public static class Token { + private final String apiKeyId; + private final String user; + private final String passphrase; + } + + private static class TokenSerializationException extends RuntimeException { + public TokenSerializationException(Throwable cause) { + super(cause); + } + } +} diff --git a/scm-webapp/src/test/java/sonia/scm/security/ApiKeyTokenHandlerTest.java b/scm-webapp/src/test/java/sonia/scm/security/ApiKeyTokenHandlerTest.java new file mode 100644 index 0000000000..9b45323627 --- /dev/null +++ b/scm-webapp/src/test/java/sonia/scm/security/ApiKeyTokenHandlerTest.java @@ -0,0 +1,65 @@ +/* + * MIT License + * + * Copyright (c) 2020-present Cloudogu GmbH and Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package sonia.scm.security; + +import io.jsonwebtoken.io.Encoders; +import org.junit.jupiter.api.Test; + +import java.util.Optional; + +import static org.assertj.core.api.Assertions.assertThat; + +class ApiKeyTokenHandlerTest { + + ApiKeyTokenHandler handler = new ApiKeyTokenHandler(); + + @Test + void shouldSerializeAndDeserializeToken() { + final String tokenString = handler.createToken("dent", new ApiKey("42", "hg2g", "READ"), "some secret"); + + System.out.println(tokenString); + + final Optional token = handler.readToken(tokenString); + + assertThat(token).isNotEmpty(); + assertThat(token).get().extracting("user").isEqualTo("dent"); + assertThat(token).get().extracting("apiKeyId").isEqualTo("42"); + assertThat(token).get().extracting("passphrase").isEqualTo("some secret"); + } + + @Test + void shouldNotFailWithInvalidTokenEncoding() { + final Optional token = handler.readToken("invalid token"); + + assertThat(token).isEmpty(); + } + + @Test + void shouldNotFailWithInvalidTokenContent() { + final Optional token = handler.readToken(Encoders.BASE64URL.encode("{\"invalid\":\"token\"}".getBytes())); + + assertThat(token).isEmpty(); + } +}