[Spotbugs] Enable spotbugs in module pulsar-broker-auth-athenz and pu…

…lsar-client-auth-athenz. (apache#8857) Fixes streamnative#1777 ### Motivation Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz.
teazj · Jan 14, 2021 · 17c0d11 · 17c0d11
1 parent 56ae93e
commit 17c0d11
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 6 deletions.
diff --git a/pulsar-broker-auth-athenz/pom.xml b/pulsar-broker-auth-athenz/pom.xml
@@ -54,4 +54,26 @@
     </dependency>
 
   </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <excludeFilterFile>${basedir}/src/test/resources/findbugsExclude.xml</excludeFilterFile>
+        </configuration>
+        <executions>
+          <execution>
+            <id>spotbugs</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 </project>
diff --git a/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml b/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml
@@ -0,0 +1,22 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<FindBugsFilter>
+</FindBugsFilter>
diff --git a/pulsar-client-auth-athenz/pom.xml b/pulsar-client-auth-athenz/pom.xml
@@ -58,4 +58,25 @@
     </dependency>
 
   </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <excludeFilterFile>${basedir}/src/test/resources/findbugsExclude.xml</excludeFilterFile>
+        </configuration>
+        <executions>
+          <execution>
+            <id>spotbugs</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 </project>
diff --git a/...nt-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/...nt-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -26,6 +26,7 @@
 import java.io.InputStreamReader;
 import java.net.URISyntaxException;
 import java.net.URLConnection;
+import java.nio.charset.Charset;
 import java.security.PrivateKey;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@@ -57,6 +58,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
     private String tenantDomain;
     private String tenantService;
     private String providerDomain;
+    private final Object providerDomainLock = new Object();
     private PrivateKey privateKey;
     private String keyId = "0";
     private String roleHeader = null;
@@ -66,9 +68,9 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
     private boolean autoPrefetchEnabled = false;
     private long cachedRoleTokenTimestamp;
     private String roleToken;
-    private final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
-    private final int maxValidity = 24 * 60 * 60; // token has upto 24 hours validity
-    private final int cacheDurationInHour = 1; // we will cache role token for an hour then ask athenz lib again
+    private static final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
+    private static final int maxValidity = 24 * 60 * 60; // token has upto 24 hours validity
+    private static final int cacheDurationInHour = 1; // we will cache role token for an hour then ask athenz lib again
 
     public AuthenticationAthenz() {
     }
@@ -87,7 +89,10 @@ synchronized public AuthenticationDataProvider getAuthData() throws PulsarClient
             // the following would set up the API call that requests tokens from the server
             // that can only be used if they are 10 minutes from expiration and last twenty
             // four hours
-            RoleToken token = getZtsClient().getRoleToken(providerDomain, null, minValidity, maxValidity, false);
+            RoleToken token;
+            synchronized (providerDomainLock) {
+                token = getZtsClient().getRoleToken(providerDomain, null, minValidity, maxValidity, false);
+            }
             roleToken = token.getToken();
             cachedRoleTokenTimestamp = System.nanoTime();
             return new AuthenticationDataAthenz(roleToken, isNotBlank(roleHeader) ? roleHeader : ZTSClient.getHeader());
@@ -125,7 +130,7 @@ public void configure(Map<String, String> authParams) {
         setAuthParams(authParams);
     }
 
-    private void setAuthParams(Map<String, String> authParams) {
+    private synchronized void setAuthParams(Map<String, String> authParams) {
         this.tenantDomain = authParams.get("tenantDomain");
         this.tenantService = authParams.get("tenantService");
         this.providerDomain = authParams.get("providerDomain");
@@ -188,7 +193,7 @@ private PrivateKey loadPrivateKey(String privateKeyURL) {
                 throw new IllegalArgumentException(
                         "Unsupported media type or encoding format: " + urlConnection.getContentType());
             }
-            String keyData = CharStreams.toString(new InputStreamReader((InputStream) urlConnection.getContent()));
+            String keyData = CharStreams.toString(new InputStreamReader((InputStream) urlConnection.getContent(), Charset.defaultCharset()));
             privateKey = Crypto.loadPrivateKey(keyData);
         } catch (URISyntaxException e) {
             throw new IllegalArgumentException("Invalid privateKey format", e);

diff --git a/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml b/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml
@@ -0,0 +1,22 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<FindBugsFilter>
+</FindBugsFilter>