Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APP-2846: Obo Certificate Authentication #218

Merged
merged 5 commits into from
Sep 16, 2020
Merged

APP-2846: Obo Certificate Authentication #218

merged 5 commits into from
Sep 16, 2020

Conversation

symphony-hong
Copy link
Contributor

Create AuthSessionOboCerImpl implements the AuthSession to represent
a authsession after a bot authenticate OBO user

OboAuthenticatorCertImpl implements the OboAuthenticator for handling
the Obo authentication stuff for a bot using Certificate

In ApiClientFactory, create a method ApiClientFactory#getExtAppSessionAuthClient
to get a dedicated sessionauth client for extension app authentication configured
with the keystore of the extension app and the password

In AuthenticatorFactory, check if the extension app is configured with
certificate or not. If yes, AuthenticatorFactory#getOboAuthenticator returns
an OboAuthenticatorCertImpl, otherwise, returns an OboAuthenticatorRsaImpl

Unittest added

Javadoc added

@symphony-hong
Obo Certificate Authentication
cc67c80 
Create AuthSessionOboCerImpl implements the AuthSession to represent
a authsession after a bot authenticate OBO user

OboAuthenticatorCertImpl implements the OboAuthenticator for handling
the Obo authentication stuff for a bot using Certificate

In ApiClientFactory, create a method ApiClientFactory#getExtAppSessionAuthClient
to get a dedicated sessionauth client for extension app authentication configured
with the keystore of the extension app and the password

In AuthenticatorFactory, check if the extension app is configured with
certificate or not. If yes, AuthenticatorFactory#getOboAuthenticator returns
an OboAuthenticatorCertImpl, otherwise, returns an OboAuthenticatorRsaImpl

Unittest added

Javadoc added
@symphony-hong symphony-hong changed the title Obo Certificate Authentication APP-2846: Obo Certificate Authentication Sep 15, 2020
symphony-elias
symphony-elias reviewed Sep 15, 2020
View reviewed changes
symphony-bdk-core/src/main/java/com/symphony/bdk/core/auth/impl/OboAuthenticatorCertImpl.java
try {
OboAuthResponse oboAuthResponse = this.authenticationApi.v1AppUsernameUsernameAuthenticatePost(username, appSessionToken);
return oboAuthResponse.getSessionToken();
} catch (ApiException e) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we find a way to extract this logic ? Only difference is the message in the AuthUnauthorizedException.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are fine with the current code. It's not a big block of code at all. 🤔

thibauult
thibauult approved these changes Sep 15, 2020
View reviewed changes
Copy link
Member

@thibauult thibauult left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

symphony-youri
symphony-youri reviewed Sep 16, 2020
View reviewed changes
symphony-bdk-core/src/main/java/com/symphony/bdk/core/config/model/BdkBotConfig.java

private String username;
private String privateKeyPath;
private String certificatePath;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in term of configuration should'nt we have something like:

username: "mybot"
certificate:
path:
password

repeating the same prefix is often the sign that a sub structure should be used

but then to be consistent you would wonder if privateKeyPath should a privateKey item with a path sub item....
could we have other settings for a private key?

symphony-youri
symphony-youri reviewed Sep 16, 2020
View reviewed changes
symphony-bdk-core/src/main/java/com/symphony/bdk/core/auth/impl/AuthSessionOboCertImpl.java
import com.symphony.bdk.core.auth.OboAuthenticator;
import com.symphony.bdk.core.auth.exception.AuthUnauthorizedException;

import lombok.NonNull;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we have that NonNull annotation on purpose (vs the javax one)?
if so maybe we should explicit when we use that one vs the other

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Import issue I guess, should be javax.annotation.Nonnull

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NonNull from lombok actually helps us validate the configuration which could be useful here
(Although we perhaps want to provider our own validation for more complex use cases and checks or use javax validation)

thibauult
thibauult reviewed Sep 16, 2020
View reviewed changes
symphony-bdk-core/src/main/java/com/symphony/bdk/core/config/model/BdkAuthenticationConfig.java
Comment on lines +12 to +14
protected String privateKeyPath;
protected String certificatePath;
protected String certificatePassword;
Copy link
Member

@thibauult thibauult Sep 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following @symphony-youri's comment below, I also think that we should change our configuration model to:

bot:
  username: 'my-bot'
  rsa:
    privateKeyPath: 
    privateKeyContent: 
  certificate:
    path: 
    password:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but then should it be:

bot:
  username: 'my-bot'
  rsa:
    privateKey:
       path: / or content: 
  certificate:
    path: 
    password:

😅

or maybe just rsa.path / rsa.content ? (and by the way is it really rsa or the notion of public/private keys? might be another algorithm)

so maybe just privateKey.path / privateKey.content?

@symphony-hong
Update OboAuthenticatorCertImplTest.java
500676d 
Using line breaks to split different phases of the test
@symphony-hong symphony-hong merged commit c9833e0 into finos:master Sep 16, 2020
@symphony-hong symphony-hong deleted the APP-2846 branch September 16, 2020 07:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thibauult thibauult thibauult approved these changes

@symphony-youri symphony-youri symphony-youri approved these changes

@symphony-elias symphony-elias Awaiting requested review from symphony-elias

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@symphony-hong @thibauult @symphony-youri @symphony-elias