Add sentinel-security-core module as building blocks for zero-trust(c…

…ertificate manager, authentication) as part of traffic governance module

pom.xml

@@ -69,6 +69,7 @@
 
     <modules>
         <module>sentinel-core</module>
+        <module>sentinel-security-core</module>
         <module>sentinel-extension</module>
         <module>sentinel-transport</module>
         <module>sentinel-adapter</module>
@@ -79,7 +80,6 @@
 
         <module>sentinel-demo</module>
         <module>sentinel-benchmark</module>
-
     </modules>
 
     <dependencyManagement>
@@ -89,6 +89,11 @@
                 <artifactId>sentinel-core</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.alibaba.csp</groupId>
+                <artifactId>sentinel-security-core</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.alibaba.csp</groupId>
                 <artifactId>sentinel-extension</artifactId>
@@ -170,7 +175,7 @@
                 <artifactId>sentinel-metric-exporter</artifactId>
                 <version>${project.version}</version>
             </dependency>
-            
+
             <dependency>
                 <groupId>com.alibaba</groupId>
                 <artifactId>fastjson</artifactId>

sentinel-security-core/pom.xml

@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.alibaba.csp</groupId>
+        <artifactId>sentinel-parent</artifactId>
+        <version>2.0.0-alpha2-SNAPSHOT</version>
+    </parent>
+    <artifactId>sentinel-security-core</artifactId>
+    <packaging>jar</packaging>
+    <description>The security core of Sentinel</description>
+
+    <properties>
+        <jose4j.version>0.8.0</jose4j.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.alibaba.csp</groupId>
+            <artifactId>sentinel-core</artifactId>
+        </dependency>
+
+        <!-- for JWT -->
+        <dependency>
+            <groupId>org.bitbucket.b_c</groupId>
+            <artifactId>jose4j</artifactId>
+            <version>${jose4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.hamcrest</groupId>
+                    <artifactId>hamcrest-libray</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.awaitility</groupId>
+            <artifactId>awaitility</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>java-hamcrest</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-module-junit4</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-api-mockito2</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifestEntries>
+                            <Implementation-Version>${project.version}</Implementation-Version>
+                        </manifestEntries>
+                    </archive>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

sentinel-security-core/src/main/java/com/alibaba/csp/sentinel/trust/StoreCallback.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.csp.sentinel.trust;
+
+/**
+ * @author lwj
+ * @since 2.0.0
+ */
+public interface StoreCallback<T> {
+
+    void onUpdate(T newInstance);
+}

sentinel-security-core/src/main/java/com/alibaba/csp/sentinel/trust/TrustManager.java

@@ -0,0 +1,106 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.csp.sentinel.trust;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.alibaba.csp.sentinel.trust.auth.Rules;
+import com.alibaba.csp.sentinel.trust.cert.CertPair;
+import com.alibaba.csp.sentinel.trust.tls.TlsMode;
+
+/**
+ * Manager of Sentinel zero-trust cert and rules.
+ *
+ * @author lwj
+ * @since 2.0.0
+ */
+public class TrustManager {
+
+    private static volatile TrustManager instance = null;
+
+    private CertPair certPair = null;
+    private List<StoreCallback<CertPair>> certStoreCallbackList = new ArrayList<>();
+    private TlsMode tlsMode = null;
+    private List<StoreCallback<TlsMode>> tlsModeStoreCallbackList = new ArrayList<>();
+    private Rules rules = null;
+    private List<StoreCallback<Rules>> rulesStoreCallbackList = new ArrayList<>();
+
+    public static TrustManager getInstance() {
+        if (null != instance) {
+            return instance;
+        }
+        synchronized (TrustManager.class) {
+            if (null != instance) {
+                return instance;
+            }
+            instance = new TrustManager();
+            return instance;
+        }
+    }
+
+    public synchronized void storeCertPair(CertPair certPair) {
+        this.certPair = certPair;
+        certStoreCallbackList.forEach(c -> c.onUpdate(certPair));
+    }
+
+    public synchronized void storeTlsMode(TlsMode tlsMode) {
+        this.tlsMode = tlsMode;
+        tlsModeStoreCallbackList.forEach(c -> c.onUpdate(tlsMode));
+    }
+
+    public synchronized void storeRules(Rules rules) {
+        this.rules = rules;
+        rulesStoreCallbackList.forEach(c -> c.onUpdate(rules));
+    }
+
+    public void registerCertCallback(StoreCallback<CertPair> callback) {
+        certStoreCallbackList.add(callback);
+    }
+
+    public void registerTlsModeCallback(StoreCallback<TlsMode> callback) {
+        tlsModeStoreCallbackList.add(callback);
+    }
+
+    public void registerRulesCallback(StoreCallback<Rules> callback) {
+        rulesStoreCallbackList.add(callback);
+    }
+
+    public void removeAllCertCallback() {
+        certStoreCallbackList.clear();
+    }
+
+    public void removeAllTlsModeCallback() {
+        tlsModeStoreCallbackList.clear();
+    }
+
+    public void removeAllRulesCallback() {
+        rulesStoreCallbackList.clear();
+    }
+
+    public CertPair getCertPair() {
+        return certPair;
+    }
+
+    public TlsMode getTlsMode() {
+        return tlsMode;
+    }
+
+    public Rules getRules() {
+        return rules;
+    }
+
+}

sentinel-security-core/src/main/java/com/alibaba/csp/sentinel/trust/auth/Rules.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 1999-2019 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.csp.sentinel.trust.auth;
+
+import java.util.Map;
+
+import com.alibaba.csp.sentinel.trust.auth.rule.AuthRule;
+import com.alibaba.csp.sentinel.trust.auth.rule.JwtRule;
+
+/**
+ * @author lwj
+ * @since 2.0.0
+ */
+public class Rules {
+
+    private final Map<String, AuthRule> allowAuthRules;
+
+    private final Map<String, AuthRule> denyAuthRules;
+
+    private final Map<String, JwtRule> jwtRules;
+
+    public Rules(Map<String, AuthRule> allowAuthRules, Map<String, AuthRule> denyAuthRules,
+                 Map<String, JwtRule> jwtRules) {
+        this.allowAuthRules = allowAuthRules;
+        this.denyAuthRules = denyAuthRules;
+        this.jwtRules = jwtRules;
+    }
+
+    public Map<String, AuthRule> getAllowAuthRules() {
+        return allowAuthRules;
+    }
+
+    public Map<String, AuthRule> getDenyAuthRules() {
+        return denyAuthRules;
+    }
+
+    public Map<String, JwtRule> getJwtRules() {
+        return jwtRules;
+    }
+
+    @Override
+    public String toString() {
+        return "Rules{" + "allowAuthRules=" + allowAuthRules + ", denyAuthRules=" + denyAuthRules + ", jwtRules="
+            + jwtRules + '}';
+    }
+}