Cosmetic changes

Author: artem-v

tests/src/test/java/io/scalecube/security/environment/LoggingExtension.java

@@ -0,0 +1,54 @@
+package io.scalecube.security.environment;
+
+import java.lang.reflect.Method;
+import org.junit.jupiter.api.extension.AfterAllCallback;
+import org.junit.jupiter.api.extension.AfterEachCallback;
+import org.junit.jupiter.api.extension.BeforeAllCallback;
+import org.junit.jupiter.api.extension.BeforeEachCallback;
+import org.junit.jupiter.api.extension.ExtensionContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LoggingExtension
+    implements AfterEachCallback, BeforeEachCallback, AfterAllCallback, BeforeAllCallback {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(LoggingExtension.class);
+
+  @Override
+  public void beforeAll(ExtensionContext context) {
+    LOGGER.info(
+        "***** Setup: " + context.getTestClass().map(Class::getSimpleName).orElse("") + " *****");
+  }
+
+  @Override
+  public void afterEach(ExtensionContext context) {
+    LOGGER.info(
+        "***** Test finished: "
+            + context.getTestClass().map(Class::getSimpleName).orElse("")
+            + "."
+            + context.getTestMethod().map(Method::getName).orElse("")
+            + "."
+            + context.getDisplayName()
+            + " *****");
+  }
+
+  @Override
+  public void beforeEach(ExtensionContext context) {
+    LOGGER.info(
+        "***** Test started: "
+            + context.getTestClass().map(Class::getSimpleName).orElse("")
+            + "."
+            + context.getTestMethod().map(Method::getName).orElse("")
+            + "."
+            + context.getDisplayName()
+            + " *****");
+  }
+
+  @Override
+  public void afterAll(ExtensionContext context) {
+    LOGGER.info(
+        "***** TearDown: "
+            + context.getTestClass().map(Class::getSimpleName).orElse("")
+            + " *****");
+  }
+}

tests/src/test/java/io/scalecube/security/environment/VaultEnvironment.java

@@ -203,6 +203,14 @@ public String policiesAclUri(String roleName) {
     return vaultAddr + "/v1/sys/policies/acl/" + roleName;
   }
 
+  public static Throwable getRootCause(Throwable throwable) {
+    Throwable cause;
+    while ((cause = throwable.getCause()) != null) {
+      throwable = cause;
+    }
+    return throwable;
+  }
+
   @Override
   public void close() {
     vault.stop();

tests/src/test/java/io/scalecube/security/tokens/jwt/VaultIdentityTokenTests.java

@@ -1,5 +1,6 @@
 package io.scalecube.security.tokens.jwt;
 
+import static io.scalecube.security.environment.VaultEnvironment.getRootCause;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
@@ -11,7 +12,6 @@
 import io.scalecube.security.environment.VaultEnvironment;
 import java.security.Key;
 import java.time.Duration;
-import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.Assertions;
@@ -55,7 +55,7 @@ void testResolveTokenSuccessfully() throws Exception {
   }
 
   @Test
-  void testJwksKeyLocatorThrowsError() throws Exception {
+  void testJwksKeyLocatorThrowsError() {
     final var token = generateToken();
 
     Locator<Key> keyLocator = mock(Locator.class);
@@ -64,11 +64,11 @@ void testJwksKeyLocatorThrowsError() throws Exception {
     try {
       new JsonwebtokenResolver(keyLocator).resolve(token).get(3, TimeUnit.SECONDS);
       fail("Expected exception");
-    } catch (ExecutionException e) {
-      final var ex = e.getCause();
+    } catch (Exception e) {
+      final var ex = getRootCause(e);
       assertNotNull(ex);
       assertNotNull(ex.getMessage());
-      assertTrue(ex.getMessage().startsWith("Cannot get key"));
+      assertTrue(ex.getMessage().startsWith("Cannot get key"), "Exception: " + ex);
     }
   }
 

tests/src/test/java/io/scalecube/security/vault/VaultServiceTokenTests.java

@@ -1,5 +1,6 @@
 package io.scalecube.security.vault;
 
+import static io.scalecube.security.environment.VaultEnvironment.getRootCause;
 import static java.util.concurrent.CompletableFuture.completedFuture;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -51,7 +52,7 @@ void testGetServiceTokenUsingWrongCredentials() throws Exception {
       serviceTokenSupplier.getToken(Collections.emptyMap()).get(3, TimeUnit.SECONDS);
       fail("Exception expected");
     } catch (ExecutionException e) {
-      final var ex = e.getCause();
+      final var ex = getRootCause(e);
       assertNotNull(ex);
       assertNotNull(ex.getMessage());
       assertTrue(
@@ -75,7 +76,7 @@ void testGetNonExistingServiceToken() throws Exception {
       serviceTokenSupplier.getToken(Collections.emptyMap()).get(3, TimeUnit.SECONDS);
       fail("Exception expected");
     } catch (ExecutionException e) {
-      final var ex = e.getCause();
+      final var ex = getRootCause(e);
       assertNotNull(ex);
       assertNotNull(ex.getMessage());
       assertTrue(
@@ -119,7 +120,7 @@ void testGetServiceTokenByWrongServiceRole() throws Exception {
       serviceTokenSupplier.getToken(Collections.emptyMap()).get(3, TimeUnit.SECONDS);
       fail("Exception expected");
     } catch (ExecutionException e) {
-      final var ex = e.getCause();
+      final var ex = getRootCause(e);
       assertNotNull(ex);
       assertNotNull(ex.getMessage());
       assertTrue(

tests/src/test/resources/META-INF/services/org.junit.jupiter.api.extension.Extension

@@ -0,0 +1 @@
+io.scalecube.security.environment.LoggingExtension

tests/src/test/resources/junit-platform.properties

@@ -0,0 +1 @@
+junit.jupiter.extensions.autodetection.enabled=true

tokens/src/main/java/io/scalecube/security/tokens/jwt/JsonwebtokenResolver.java

@@ -21,27 +21,26 @@ public JsonwebtokenResolver(Locator<Key> keyLocator) {
   public CompletableFuture<JwtToken> resolve(String token) {
     return CompletableFuture.supplyAsync(
             () -> {
-              if (LOGGER.isDebugEnabled()) {
-                LOGGER.debug("Resolve token: {}", mask(token));
-              }
-
               final var claimsJws =
                   Jwts.parser().keyLocator(keyLocator).build().parseSignedClaims(token);
-
               return new JwtToken(claimsJws.getHeader(), claimsJws.getPayload());
             })
-        .whenComplete(
+        .handle(
             (jwtToken, ex) -> {
               if (jwtToken != null) {
                 if (LOGGER.isDebugEnabled()) {
                   LOGGER.debug("Resolved token: {}", mask(token));
                 }
+                return jwtToken;
               }
               if (ex != null) {
-                if (LOGGER.isWarnEnabled()) {
-                  LOGGER.warn("Failed to resolve token: {}, cause: {}", mask(token), ex.toString());
+                if (ex instanceof JwtTokenException) {
+                  throw (JwtTokenException) ex;
+                } else {
+                  throw new JwtTokenException("Failed to resolve token: " + mask(token), ex);
                 }
               }
+              return null;
             });
   }
 

tokens/src/main/java/io/scalecube/security/tokens/jwt/JwksKeyLocator.java

@@ -55,13 +55,11 @@ protected Key locate(JwsHeader header) {
               kid -> {
                 final var key = findKeyById(computeKeyList(), kid);
                 if (key == null) {
-                  throw new JwtTokenException("Cannot find key by kid: " + kid);
+                  throw new RuntimeException("Cannot find key by kid: " + kid);
                 }
                 return new CachedKey(key, System.currentTimeMillis() + keyTtl);
               })
           .key();
-    } catch (JwtTokenException ex) {
-      throw ex;
     } catch (Exception ex) {
       throw new JwtTokenException(ex);
     } finally {
@@ -80,12 +78,12 @@ private JwkInfoList computeKeyList() {
                   HttpRequest.newBuilder(jwksUri).GET().timeout(requestTimeout).build(),
                   BodyHandlers.ofInputStream());
     } catch (Exception e) {
-      throw new JwtTokenException("Failed to retrive jwk keys", e);
+      throw new RuntimeException("Failed to retrive jwk keys", e);
     }
 
     final var statusCode = httpResponse.statusCode();
     if (statusCode != 200) {
-      throw new JwtTokenException("Failed to retrive jwk keys, status: " + statusCode);
+      throw new RuntimeException("Failed to retrive jwk keys, status: " + statusCode);
     }
 
     return toJwkInfoList(httpResponse.body());

vault/src/main/java/io/scalecube/security/vault/VaultServiceRolesInstaller.java

@@ -86,12 +86,12 @@ public void install() {
                 final var rest = new Rest().header(VAULT_TOKEN_HEADER, token);
                 final var keyName = keyNameSupplier.get();
 
-                createVaultIdentityKey(rest.url(buildVaultIdentityKeyUri(keyName)), keyName);
+                createVaultIdentityKey(rest.url(vaultIdentityKeyUri(keyName)), keyName);
 
                 for (var role : serviceRoles.roles) {
                   String roleName = roleNameBuilder.apply(role.role);
                   createVaultIdentityRole(
-                      rest.url(buildVaultIdentityRoleUri(roleName)),
+                      rest.url(vaultIdentityRoleUri(roleName)),
                       keyName,
                       roleName,
                       role.permissions);
@@ -127,9 +127,7 @@ private static void awaitSuccess(int status) {
   }
 
   private void createVaultIdentityKey(Rest rest, String keyName) {
-    LOGGER.debug("[createVaultIdentityKey] {}", keyName);
-
-    byte[] body =
+    final byte[] body =
         Json.object()
             .add("rotation_period", keyRotationPeriod)
             .add("verification_ttl", keyVerificationTtl)
@@ -140,16 +138,15 @@ private void createVaultIdentityKey(Rest rest, String keyName) {
 
     try {
       awaitSuccess(rest.body(body).post().getStatus());
+      LOGGER.debug("Created vault identity key: {}", keyName);
     } catch (RestException e) {
-      throw new RuntimeException(e);
+      throw new RuntimeException("Failed to create vault identity key: " + keyName, e);
     }
   }
 
   private void createVaultIdentityRole(
       Rest rest, String keyName, String roleName, List<String> permissions) {
-    LOGGER.debug("[createVaultIdentityRole] {}", roleName);
-
-    byte[] body =
+    final byte[] body =
         Json.object()
             .add("key", keyName)
             .add("template", createTemplate(permissions))
@@ -159,8 +156,9 @@ private void createVaultIdentityRole(
 
     try {
       awaitSuccess(rest.body(body).post().getStatus());
+      LOGGER.debug("Created vault identity role: {}", roleName);
     } catch (RestException e) {
-      throw new RuntimeException(e);
+      throw new RuntimeException("Failed to create vault identity role: " + roleName, e);
     }
   }
 
@@ -170,14 +168,14 @@ private static String createTemplate(List<String> permissions) {
             Json.object().add("permissions", String.join(",", permissions)).toString().getBytes());
   }
 
-  private String buildVaultIdentityKeyUri(String keyName) {
+  private String vaultIdentityKeyUri(String keyName) {
     return new StringJoiner("/", vaultAddress, "")
         .add("/v1/identity/oidc/key")
         .add(keyName)
         .toString();
   }
 
-  private String buildVaultIdentityRoleUri(String roleName) {
+  private String vaultIdentityRoleUri(String roleName) {
     return new StringJoiner("/", vaultAddress, "")
         .add("/v1/identity/oidc/role")
         .add(roleName)
@@ -338,7 +336,7 @@ public ServiceRoles get() {
         try (final FileInputStream fis = new FileInputStream(file)) {
           return OBJECT_MAPPER.readValue(fis, ServiceRoles.class);
         }
-      } catch (Exception e) {
+      } catch (IOException e) {
         throw new RuntimeException(e);
       }
     }

vault/src/main/java/io/scalecube/security/vault/VaultServiceTokenSupplier.java

@@ -45,11 +45,17 @@ public CompletableFuture<String> getToken(Map<String, String> tags) {
         .get()
         .thenApplyAsync(
             vaultToken -> {
-              final String uri = toServiceTokenUri(tags);
-              final String token = rpcGetToken(uri, vaultToken);
-              LOGGER.debug(
-                  "[getToken][success] uri={}, tags={}, result={}", uri, tags, mask(token));
-              return token;
+              final var role = serviceTokenNameBuilder.apply(serviceRole, tags);
+              final var uri = serviceTokenUri(vaultAddress, role);
+              try {
+                final var token = rpcGetToken(uri, vaultToken);
+                if (LOGGER.isDebugEnabled()) {
+                  LOGGER.debug("Got service token: {}, role: {}", mask(token), role);
+                }
+                return token;
+              } catch (Exception ex) {
+                throw new RuntimeException("Failed to get service token, role: " + role, ex);
+              }
             });
   }
 
@@ -74,11 +80,8 @@ private static String rpcGetToken(String uri, String vaultToken) {
     }
   }
 
-  private String toServiceTokenUri(Map<String, String> tags) {
-    return new StringJoiner("/", vaultAddress, "")
-        .add("/v1/identity/oidc/token")
-        .add(serviceTokenNameBuilder.apply(serviceRole, tags))
-        .toString();
+  private static String serviceTokenUri(final String address, final String role) {
+    return new StringJoiner("/", address, "").add("/v1/identity/oidc/token").add(role).toString();
   }
 
   private static String mask(String data) {