io.vertx.core.http.HttpConnection Java Examples

@Before
public void initStrBuilder() {
  accessLogEvent = new ServerAccessLogEvent();
  routingContext = Mockito.mock(RoutingContext.class);
  finishEvent = Mockito.mock(InvocationFinishEvent.class);
  serverRequest = Mockito.mock(HttpServerRequest.class);
  socketAddress = Mockito.mock(SocketAddress.class);
  invocation = Mockito.mock(Invocation.class);
  restClientRequest = Mockito.mock(RestClientRequestImpl.class);
  clientRequest = Mockito.mock(HttpClientRequest.class);
  connection = Mockito.mock(HttpConnection.class);
  Map<String, Object> handlerMap = new HashMap<>();
  handlerMap.put(RestConst.INVOCATION_HANDLER_REQUESTCLIENT, restClientRequest);
  when(finishEvent.getInvocation()).thenReturn(invocation);
  when(invocation.getHandlerContext()).thenReturn(handlerMap);
  accessLogEvent.setRoutingContext(routingContext);
  strBuilder = new StringBuilder();
}
 

@Before
public void initStrBuilder() {
  accessLogEvent = new ServerAccessLogEvent();
  routingContext = Mockito.mock(RoutingContext.class);
  finishEvent = Mockito.mock(InvocationFinishEvent.class);
  serverRequest = Mockito.mock(HttpServerRequest.class);
  socketAddress = Mockito.mock(SocketAddress.class);
  invocation = Mockito.mock(Invocation.class);
  restClientRequest = Mockito.mock(RestClientRequestImpl.class);
  clientRequest = Mockito.mock(HttpClientRequest.class);
  connection = Mockito.mock(HttpConnection.class);
  Map<String, Object> handlerMap = new HashMap<>();
  handlerMap.put(RestConst.INVOCATION_HANDLER_REQUESTCLIENT, restClientRequest);
  when(finishEvent.getInvocation()).thenReturn(invocation);
  when(invocation.getHandlerContext()).thenReturn(handlerMap);
  accessLogEvent.setRoutingContext(routingContext);
  strBuilder = new StringBuilder();
}
 

@Test
public void testCertAuthorizationFailed() throws SSLPeerUnverifiedException {
    TokenReview tokenReview = new TokenReview("system:anonymous", "", null, null, false);
    SubjectAccessReview returnedSubjectAccessReview = new SubjectAccessReview("system:anonymous", false);
    when(mockAuthApi.performSubjectAccessReviewResource(eq(tokenReview), any(), any(), any(), eq("create"), eq("enmasse.io"))).thenReturn(returnedSubjectAccessReview);
    when(mockRequestContext.getHeaderString("X-Remote-User")).thenReturn("me");

    HttpServerRequest request = mock(HttpServerRequest.class);
    HttpConnection connection = mock(HttpConnection.class);
    when(request.isSSL()).thenReturn(true);
    when(request.connection()).thenReturn(connection);
    when(connection.peerCertificateChain()).thenThrow(new SSLPeerUnverifiedException(""));

    handler.setRequest(request);

    handler.filter(mockRequestContext);

    ArgumentCaptor<SecurityContext> contextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
    verify(mockRequestContext).setSecurityContext(contextCaptor.capture());
    SecurityContext context = contextCaptor.getValue();

    assertThat(context.getAuthenticationScheme(), is("RBAC"));
    RbacSecurityContext rbacSecurityContext = (RbacSecurityContext) context;
    assertThat(RbacSecurityContext.getUserName(rbacSecurityContext.getUserPrincipal()), is("system:anonymous"));
    assertFalse(rbacSecurityContext.isUserInRole(RbacSecurityContext.rbacToRole("myspace", ResourceVerb.create, "addressspaces", "enmasse.io")));
}
 

private String getLocalAddress() {
  HttpConnection connection = clientRequest.connection();
  if (connection == null) {
    return "not connected";
  }
  SocketAddress socketAddress = connection.localAddress();
  return socketAddress != null ? socketAddress.toString() : "not connected";
}
 

public void closeAllSourceBridgeEndpoints() {
    for (Map.Entry<HttpConnection, SourceBridgeEndpoint<K, V>> source: getHttpSourceEndpoints().entrySet()) {
        if (source.getValue() != null)
            source.getValue().close();
    }
    getHttpSourceEndpoints().clear();
}
 

/**
 * Close a connection endpoint and before that all the related sink/source endpoints
 *
 * @param connection connection for which closing related endpoint
 */
private void closeConnectionEndpoint(HttpConnection connection) {

    // closing connection, but before closing all sink/source endpoints
    if (this.httpBridgeContext.getHttpSourceEndpoints().containsKey(connection)) {
        SourceBridgeEndpoint<byte[], byte[]> sourceEndpoint = this.httpBridgeContext.getHttpSourceEndpoints().get(connection);
        if (sourceEndpoint != null) {
            sourceEndpoint.close();
        }
        this.httpBridgeContext.getHttpSourceEndpoints().remove(connection);
    }
}
 

@Override
public void filter(ContainerRequestContext requestContext) {
    if (pathFilter.test(requestContext.getUriInfo().getPath())) {
        return;
    }

    String auth = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
    if (auth != null && auth.startsWith(BEARER_PREFIX)) {
        log.debug("Authentication using bearer token");
        String token = auth.substring(BEARER_PREFIX.length());
        TokenReview tokenReview = authApi.performTokenReview(token);
        if (tokenReview.isAuthenticated()) {
            requestContext.setSecurityContext(new RbacSecurityContext(tokenReview, authApi, requestContext.getUriInfo()));
        } else {
            throw Exceptions.notAuthorizedException();
        }
    } else if (request != null && request.isSSL() && findUserName(apiHeaderConfig, requestContext) != null) {
        log.debug("Authenticating using client certificate");
        HttpConnection connection = request.connection();
        String userName = findUserName(apiHeaderConfig, requestContext);
        Set<String> groups = findGroups(apiHeaderConfig, requestContext);
        Map<String, List<String>> extras = findExtra(apiHeaderConfig, requestContext);
        log.debug("Found username {}, groups {}, extra {}", userName, groups, extras);
        try {
            connection.peerCertificateChain();
            log.debug("Client certificates trusted... impersonating {}", userName);
            requestContext.setSecurityContext(new RbacSecurityContext(new TokenReview(userName, "", groups, extras, true), authApi, requestContext.getUriInfo()));
        } catch (SSLPeerUnverifiedException e) {
            log.debug("Peer certificate not valid, proceeding as anonymous");
            requestContext.setSecurityContext(new RbacSecurityContext(new TokenReview("system:anonymous", "", null, null, false), authApi, requestContext.getUriInfo()));
        }
    } else {
        requestContext.setSecurityContext(new RbacSecurityContext(new TokenReview("system:anonymous", "", null, null, false), authApi, requestContext.getUriInfo()));
    }
}
 

@Test
public void testCertAuthorization() {
    SubjectAccessReview returnedSubjectAccessReview = new SubjectAccessReview("me", true);
    TokenReview tokenReview = new TokenReview("me", "", Collections.singleton("system:authenticated"), Map.of("custom-header", Collections.singletonList("customvalue")), true);
    when(mockAuthApi.performSubjectAccessReviewResource(eq(tokenReview), any(), any(), any(), eq("create"), any())).thenReturn(returnedSubjectAccessReview);
    when(mockRequestContext.getHeaderString("X-Remote-User")).thenReturn("me");
    when(mockRequestContext.getHeaderString("X-Remote-Group")).thenReturn("system:authenticated");
    MultivaluedMap<String, String> map = new MultivaluedHashMap<>();
    map.put("X-Remote-Extra-Custom-Header", Collections.singletonList("customvalue"));
    when(mockRequestContext.getHeaders()).thenReturn(map);

    HttpServerRequest request = mock(HttpServerRequest.class);
    HttpConnection connection = mock(HttpConnection.class);
    when(request.isSSL()).thenReturn(true);
    when(request.connection()).thenReturn(connection);

    handler.setRequest(request);

    handler.filter(mockRequestContext);

    ArgumentCaptor<SecurityContext> contextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
    verify(mockRequestContext).setSecurityContext(contextCaptor.capture());
    SecurityContext context = contextCaptor.getValue();

    assertThat(context.getAuthenticationScheme(), is("RBAC"));
    RbacSecurityContext rbacSecurityContext = (RbacSecurityContext) context;
    assertThat(RbacSecurityContext.getUserName(rbacSecurityContext.getUserPrincipal()), is("me"));
    assertTrue(rbacSecurityContext.isUserInRole(RbacSecurityContext.rbacToRole("myspace", ResourceVerb.create, "addressspaces", "enmasse.io")));
}
 

@Override
public HttpConnection connection() {
    return delegate.connection();
}
 

@Override
public HttpConnection connection() {
    return delegate.connection();
}
 

@Override
public HttpConnection connection() {
    // TODO Auto-generated method stub
    return null;
}
 

@Override
public HttpConnection connection() {
    return request.connection();
}
 

@Override
public S3ClientRequest connectionHandler(Handler<HttpConnection> handler) {
    request.connectionHandler(handler);
    return this;
}
 

@Override
public HttpConnection connection() {
    return httpServerRequest.connection();
}
 

/**
 * @return map of source endpoints
 */
public Map<HttpConnection, SourceBridgeEndpoint<K, V>> getHttpSourceEndpoints() {
    return this.httpSourceEndpoints;
}
 

private void processConnection(HttpConnection httpConnection) {
    httpConnection.closeHandler(close -> {
        closeConnectionEndpoint(httpConnection);
    });
}