reorg project structure

dubbo-common/src/main/java/org/apache/dubbo/common/utils/SignatureUtils.java

@@ -23,6 +23,7 @@
 import java.io.ObjectOutput;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
+import java.security.NoSuchAlgorithmException;
 import java.security.SignatureException;
 import java.util.Arrays;
 import java.util.Base64;
@@ -44,7 +45,7 @@ public static String sign(Object[] parameters, String metadata, String key) {
                 return sign(metadata, key);
             }
             boolean notSerializable = Arrays.stream(parameters).anyMatch(parameter -> !(parameter instanceof Serializable));
-            if (notSerializable){
+            if (notSerializable) {
                 throw new IllegalArgumentException("");
             }
 
@@ -61,9 +62,9 @@ public static String sign(Object[] parameters, String metadata, String key) {
     public static String sign(byte[] data, String key) throws SignatureException {
         String result;
         try {
+            Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
             SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(),
                     HMAC_SHA256_ALGORITHM);
-            Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
             mac.init(signingKey);
             // compute the hmac on input data bytes
             byte[] rawHmac = mac.doFinal(data);
@@ -84,8 +85,7 @@ static byte[] toByteArray(Object[] parameters) throws Exception {
             out = new ObjectOutputStream(bos);
             out.writeObject(parameters);
             out.flush();
-            byte[] bytes = bos.toByteArray();
-            return bytes;
+            return bos.toByteArray();
         } finally {
             try {
                 bos.close();

dubbo-plugin/dubbo-auth/pom.xml

@@ -0,0 +1,46 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>org.apache.dubbo</groupId>
+        <artifactId>dubbo-plugin</artifactId>
+        <version>${revision}</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>dubbo-auth</artifactId>
+    <packaging>jar</packaging>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <skip_maven_deploy>false</skip_maven_deploy>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo-rpc-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/auth/AccessKeyAuthenticationHelper.java → dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/AccessKeyAuthenticationHelper.java

@@ -14,74 +14,80 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.dubbo.rpc.filter.auth;
+package org.apache.dubbo.auth;
 
+import org.apache.dubbo.auth.exception.AccessKeyNotFoundException;
+import org.apache.dubbo.auth.model.AccessKeyPair;
+import org.apache.dubbo.auth.spi.AccessKeyStorage;
+import org.apache.dubbo.auth.spi.AuthenticationHelper;
 import org.apache.dubbo.common.URL;
 import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.common.extension.ExtensionLoader;
 import org.apache.dubbo.common.utils.SignatureUtils;
 import org.apache.dubbo.common.utils.StringUtils;
-import org.apache.dubbo.rpc.Constants;
 import org.apache.dubbo.rpc.Invocation;
 
 public class AccessKeyAuthenticationHelper implements AuthenticationHelper {
     @Override
     public void signForRequest(Invocation invocation, URL url) {
         String currentTime = String.valueOf(System.currentTimeMillis());
         String consumer = url.getParameter(CommonConstants.APPLICATION_KEY);
-
-        AccessKeyStorage accessKeyStorage = ExtensionLoader.getExtensionLoader(AccessKeyStorage.class)
-                .getExtension(url.getParameter(Constants.ACCESS_KEY_STORAGE_KEY, Constants.DEFAULT_ACCESS_KEY_STORAGE));
-
-        AccessKey accessKey = accessKeyStorage.getAccessKey(url, invocation);
-
-        invocation.setAttachment(Constants.SIGNATURE_STRING_FORMAT, getSignature(url, invocation, accessKey.getSecretKey(), currentTime));
+        AccessKeyPair accessKeyPair = getAccessKeyPair(invocation, url);
+        invocation.setAttachment(Constants.SIGNATURE_STRING_FORMAT, getSignature(url, invocation, accessKeyPair.getSecretKey(), currentTime));
         invocation.setAttachment(Constants.REQUEST_TIMESTAMP_KEY, currentTime);
-        invocation.setAttachment(Constants.AK_KEY, accessKey.getAccessKey());
+        invocation.setAttachment(Constants.AK_KEY, accessKeyPair.getAccessKey());
         invocation.setAttachment(CommonConstants.CONSUMER, consumer);
     }
 
-    String getSignature(URL url, Invocation invocation, String secrectKey, String time) {
-        boolean parameterEncrypt = url.getParameter(Constants.PARAMTER_ENCRYPT_ENABLE_KEY, false);
-        String signature;
-        String requestString = String.format(Constants.SIGNATURE_STRING_FORMAT,
-                url.getColonSeparatedKey(), invocation.getMethodName(), secrectKey, time);
-        if (parameterEncrypt) {
-            signature = SignatureUtils.sign(invocation.getArguments(), requestString, secrectKey);
-        } else {
-            signature = SignatureUtils.sign(requestString, secrectKey);
-        }
-        return signature;
-    }
-
     @Override
     public boolean authenticateRequest(Invocation invocation, URL url) {
-        String ak = String.valueOf(invocation.getAttachment(Constants.AK_KEY));
+        String accessKeyId = String.valueOf(invocation.getAttachment(Constants.AK_KEY));
         String requestTimestamp = String.valueOf(invocation.getAttachment(Constants.REQUEST_TIMESTAMP_KEY));
         String originSignature = String.valueOf(invocation.getAttachment(Constants.REQUEST_SIGNATURE_KEY));
         String consumer = String.valueOf(invocation.getAttachment(CommonConstants.CONSUMER));
 
-        if (StringUtils.isEmpty(ak) || StringUtils.isEmpty(consumer)
+        if (StringUtils.isEmpty(accessKeyId) || StringUtils.isEmpty(consumer)
                 || StringUtils.isEmpty(requestTimestamp) || StringUtils.isEmpty(originSignature)) {
             throw new RuntimeException("Auth failed, maybe consumer not enable the auth");
         }
+        AccessKeyPair accessKeyPair = getAccessKeyPair(invocation, url);
+
+        String computeSignature = getSignature(url, invocation, accessKeyPair.getSecretKey(), requestTimestamp);
+        boolean success = computeSignature.equals(originSignature);
+        if (!success) {
+            throw new RuntimeException("Auth failed, signature is not correct");
+        }
+        return success;
+    }
+
+
+    AccessKeyPair getAccessKeyPair(Invocation invocation, URL url) {
         AccessKeyStorage accessKeyStorage = ExtensionLoader.getExtensionLoader(AccessKeyStorage.class)
                 .getExtension(url.getParameter(Constants.ACCESS_KEY_STORAGE_KEY, Constants.DEFAULT_ACCESS_KEY_STORAGE));
 
-        AccessKey accessKey = null;
+        AccessKeyPair accessKeyPair = null;
         try {
-            accessKey = accessKeyStorage.getAccessKey(url, invocation);
-            if (accessKey == null) {
-                throw new AccessKeyNotFoundException("AccessKey:" + ak + "consumer:" + consumer + " not found");
+            accessKeyPair = accessKeyStorage.getAccessKey(url, invocation);
+            if (accessKeyPair == null || StringUtils.isEmpty(accessKeyPair.getAccessKey()) || StringUtils.isEmpty(accessKeyPair.getSecretKey())) {
+                throw new AccessKeyNotFoundException("AccessKeyId or secretAccessKey not found");
             }
         } catch (Exception e) {
-            throw new RuntimeException("Can't load the AccessKey from accessKeyStorage", e);
+            throw new RuntimeException("Can't load the AccessKeyPair from accessKeyStorage", e);
         }
-        String computeSignature = getSignature(url, invocation, accessKey.getSecretKey(), requestTimestamp);
-        boolean success = computeSignature.equals(originSignature);
-        if (!success) {
-            throw new RuntimeException("Auth failed, signature is not correct");
+        return accessKeyPair;
+    }
+
+    String getSignature(URL url, Invocation invocation, String secrectKey, String time) {
+        boolean parameterEncrypt = url.getParameter(Constants.PARAMTER_ENCRYPT_ENABLE_KEY, false);
+        String signature;
+        String requestString = String.format(Constants.SIGNATURE_STRING_FORMAT,
+                url.getColonSeparatedKey(), invocation.getMethodName(), secrectKey, time);
+        if (parameterEncrypt) {
+            signature = SignatureUtils.sign(invocation.getArguments(), requestString, secrectKey);
+        } else {
+            signature = SignatureUtils.sign(requestString, secrectKey);
         }
-        return success;
+        return signature;
     }
+
 }

dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/Constants.java

@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.auth;
+
+
+public interface Constants {
+    String REFERENCE_AUTH = "reference.auth";
+
+    String SERVICE_AUTH = "service.auth";
+
+    String AUTH_HELPER = "auth.helper";
+
+    String DEFAULT_AUTH_HELPER = "accesskey";
+
+    String DEFAULT_ACCESS_KEY_STORAGE = "urlstorage";
+
+    String ACCESS_KEY_STORAGE_KEY = "accessKey.storage";
+
+    String ACCESS_KEY_ID_KEY = "accessKeyId";
+
+    String SECRET_ACCESS_KEY_KEY = "secretAccessKey";
+
+    String REQUEST_TIMESTAMP_KEY = "timestamp";
+
+    String REQUEST_SIGNATURE_KEY = "signature";
+
+    String AK_KEY = "ak";
+
+    String SIGNATURE_STRING_FORMAT = "%s#%s#%s#%s";
+
+    String PARAMTER_ENCRYPT_ENABLE_KEY = "paramater.sign";
+}

dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/DefaultAccessKeyStorage.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.auth;
+
+
+import org.apache.dubbo.auth.model.AccessKeyPair;
+import org.apache.dubbo.auth.spi.AccessKeyStorage;
+import org.apache.dubbo.common.URL;
+import org.apache.dubbo.rpc.Invocation;
+
+/**
+ *  The default implemention of {@link AccessKeyStorage}
+ */
+public class DefaultAccessKeyStorage implements AccessKeyStorage {
+    @Override
+    public AccessKeyPair getAccessKey(URL url, Invocation invocation) {
+        AccessKeyPair accessKeyPair = new AccessKeyPair();
+        String accessKeyId = url.getParameter(Constants.ACCESS_KEY_ID_KEY);
+        String secretAccessKey = url.getParameter(Constants.SECRET_ACCESS_KEY_KEY);
+        accessKeyPair.setAccessKey(accessKeyId);
+        accessKeyPair.setSecretKey(secretAccessKey);
+        return accessKeyPair;
+    }
+}

dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/auth/AccessKeyNotFoundException.java → dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/exception/AccessKeyNotFoundException.java

@@ -14,11 +14,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.dubbo.rpc.filter.auth;
+package org.apache.dubbo.auth.exception;
 
 
+import org.apache.dubbo.auth.model.AccessKeyPair;
+
 /**
- * Signals that an attempt to get the {@link AccessKey} has failed.
+ * Signals that an attempt to get the {@link AccessKeyPair} has failed.
  */
 public class AccessKeyNotFoundException extends Exception {
     private static final long serialVersionUID = 7106108446396804404L;

dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/ConsumerAuthFilter.java → dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/filter/ConsumerSignFilter.java

@@ -14,26 +14,27 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.dubbo.rpc.filter;
+package org.apache.dubbo.auth.filter;
 
+import org.apache.dubbo.auth.Constants;
+import org.apache.dubbo.auth.spi.AuthenticationHelper;
 import org.apache.dubbo.common.URL;
 import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.common.extension.Activate;
 import org.apache.dubbo.common.extension.ExtensionLoader;
-import org.apache.dubbo.rpc.Constants;
 import org.apache.dubbo.rpc.Filter;
 import org.apache.dubbo.rpc.Invocation;
 import org.apache.dubbo.rpc.Invoker;
 import org.apache.dubbo.rpc.Result;
 import org.apache.dubbo.rpc.RpcException;
-import org.apache.dubbo.rpc.filter.auth.AuthenticationHelper;
 
 /**
- * The ConsumerAuthFilter
+ * The ConsumerSignFilter
+ *
  * @see org.apache.dubbo.rpc.Filter
  */
 @Activate(group = CommonConstants.CONSUMER, order = -10000)
-public class ConsumerAuthFilter implements Filter {
+public class ConsumerSignFilter implements Filter {
 
     @Override
     public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {

dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/ProviderAuthFilter.java → dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/filter/ProviderAuthFilter.java

@@ -14,20 +14,20 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.dubbo.rpc.filter;
+package org.apache.dubbo.auth.filter;
 
+import org.apache.dubbo.auth.spi.AuthenticationHelper;
 import org.apache.dubbo.common.URL;
 import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.common.extension.Activate;
 import org.apache.dubbo.common.extension.ExtensionLoader;
 import org.apache.dubbo.rpc.AsyncRpcResult;
-import org.apache.dubbo.rpc.Constants;
+import org.apache.dubbo.auth.Constants;
 import org.apache.dubbo.rpc.Filter;
 import org.apache.dubbo.rpc.Invocation;
 import org.apache.dubbo.rpc.Invoker;
 import org.apache.dubbo.rpc.Result;
 import org.apache.dubbo.rpc.RpcException;
-import org.apache.dubbo.rpc.filter.auth.AuthenticationHelper;
 
 @Activate(group = CommonConstants.PROVIDER, order = -10000)
 public class ProviderAuthFilter implements Filter {
@@ -43,7 +43,7 @@ public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcExcept
             try {
                 authResult = authenticationHelper.authenticateRequest(invocation, url);
                 if (!authResult) {
-                    SecurityException securityException = new SecurityException("Authenticate Request failed" );
+                    SecurityException securityException = new SecurityException("Authenticate Request failed");
                     return AsyncRpcResult.newDefaultAsyncResult(securityException, invocation);
                 }
             } catch (Exception e) {

dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/auth/AccessKey.java → dubbo-plugin/dubbo-auth/src/main/java/org/apache/dubbo/auth/model/AccessKeyPair.java

@@ -14,12 +14,12 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.dubbo.rpc.filter.auth;
+package org.apache.dubbo.auth.model;
 
 /**
  * The model of AK/SK pair
  */
-public class AccessKey {
+public class AccessKeyPair {
     private String accessKey;
     private String secretKey;
     private String consumerSide;
@@ -77,7 +77,7 @@ public void setOptions(String options) {
 
     @Override
     public String toString() {
-        return "AccessKey{" +
+        return "AccessKeyPair{" +
                 "accessKey='" + accessKey + '\'' +
                 ", secretKey='" + secretKey + '\'' +
                 ", consumerSide='" + consumerSide + '\'' +