Tweak the agent registration protocol a bit (#2464) (#2558)

ketan · zabil · commit 845ee9bcd840 · 2016-09-06T09:09:53.000+05:30
* Tweak the agent registration protocol a bit (#2464) * The server responds with a 202 (Accepted) and an empty JSON object `{}` as long as the registration is pending. * The server responds with a 200 (OK) and the old JSON object containing the private key and the cert chain. * Move serializaiton/deserialization of Registration into another class This prevents having to add GSON as a dependency in go.jar/lib
diff --git a/agent/src/com/thoughtworks/go/agent/service/SslInfrastructureService.java b/agent/src/com/thoughtworks/go/agent/service/SslInfrastructureService.java
@@ -23,6 +23,7 @@
 import com.thoughtworks.go.config.GuidService;
 import com.thoughtworks.go.security.KeyStoreManager;
 import com.thoughtworks.go.security.Registration;
+import com.thoughtworks.go.security.RegistrationJSONizer;
 import com.thoughtworks.go.server.service.AgentRuntimeInfo;
 import com.thoughtworks.go.util.SystemEnvironment;
 import com.thoughtworks.go.util.SystemUtil;
@@ -96,8 +97,8 @@ public boolean isRegistered() {
 
     private void register(AgentAutoRegistrationProperties agentAutoRegistrationProperties) throws Exception {
         String hostName = SystemUtil.getLocalhostNameOrRandomNameIfNotFound();
-        Registration keyEntry = null;
-        while (keyEntry == null || keyEntry.getChain().length == 0) {
+        Registration keyEntry = Registration.createNullPrivateKeyEntry();
+        while (!keyEntry.isValid()) {
             try {
                 keyEntry = remoteRegistrationRequester.requestRegistration(hostName, agentAutoRegistrationProperties);
             } catch (Exception e) {
@@ -183,7 +184,7 @@ protected Registration requestRegistration(String agentHostName, AgentAutoRegist
         }
 
         protected Registration readResponse(InputStream is) throws IOException, ClassNotFoundException {
-            return Registration.fromJson(IOUtils.toString(is));
+            return RegistrationJSONizer.fromJson(IOUtils.toString(is));
         }
     }
 }
diff --git a/common/src/com/thoughtworks/go/security/Registration.java b/common/src/com/thoughtworks/go/security/Registration.java
@@ -16,52 +16,21 @@
 
 package com.thoughtworks.go.security;
 
-import com.google.gson.Gson;
-import org.apache.commons.io.IOUtils;
-import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.io.pem.PemReader;
-import org.bouncycastle.util.io.pem.PemWriter;
-
-import java.io.*;
-import java.security.*;
+import java.io.Serializable;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.cert.Certificate;
-import java.security.cert.*;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.*;
-
-import static com.thoughtworks.go.util.ExceptionUtils.bomb;
+import java.security.cert.X509Certificate;
+import java.util.Date;
 
 public class Registration implements Serializable {
 
-    public static Registration fromJson(String json) {
-        Map map = new Gson().fromJson(json, Map.class);
-        List<Certificate> chain = new ArrayList<>();
-        try {
-            PemReader reader = new PemReader(new StringReader((String) map.get("agentPrivateKey")));
-            KeyFactory kf = KeyFactory.getInstance("RSA");
-            PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(reader.readPemObject().getContent());
-            PrivateKey privateKey = kf.generatePrivate(spec);
-            String agentCertificate = (String) map.get("agentCertificate");
-            PemReader certReader = new PemReader(new StringReader(agentCertificate));
-            while (true) {
-                PemObject obj = certReader.readPemObject();
-                if (obj == null) {
-                    break;
-                }
-                chain.add(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(obj.getContent())));
-            }
-            return new Registration(privateKey, chain.toArray(new Certificate[chain.size()]));
-        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
-            throw bomb(e);
-        }
-    }
-
     private final PrivateKey privateKey;
     private final Certificate[] chain;
 
     public static Registration createNullPrivateKeyEntry() {
-        return new Registration(emptyPrivateKey());
+        return new Registration(null);
     }
 
     public Registration(PrivateKey privateKey, Certificate... chain) {
@@ -89,53 +58,12 @@ public Date getCertificateNotBeforeDate() {
         return getFirstCertificate().getNotBefore();
     }
 
-    private static PrivateKey emptyPrivateKey() {
-        return new PrivateKey() {
-            public String getAlgorithm() {
-                return null;
-            }
-
-            public String getFormat() {
-                return null;
-            }
-
-            public byte[] getEncoded() {
-                return new byte[0];
-            }
-        };
-    }
-
     public KeyStore.PrivateKeyEntry asKeyStoreEntry() {
         return new KeyStore.PrivateKeyEntry(privateKey, chain);
     }
 
-    public String toJson() {
-        Map<String, Object> ret = new HashMap<>();
-        ret.put("agentPrivateKey", serialize("RSA PRIVATE KEY", privateKey.getEncoded()));
-        StringBuilder builder = new StringBuilder();
-        for (Certificate c : chain) {
-            try {
-                builder.append(serialize("CERTIFICATE", c.getEncoded()));
-            } catch (CertificateEncodingException e) {
-                throw bomb(e);
-            }
-        }
-        ret.put("agentCertificate", builder.toString());
-        return new Gson().toJson(ret);
-    }
-
-    private String serialize(String type, byte[] data) {
-        PemObject obj = new PemObject(type, data);
-        StringWriter out = new StringWriter();
-        PemWriter writer = new PemWriter(out);
-        try {
-            writer.writeObject(obj);
-        } catch (IOException e) {
-            throw bomb(e);
-        } finally {
-            IOUtils.closeQuietly(writer);
-        }
-        return out.toString();
+    public boolean isValid() {
+        return privateKey != null && chain != null && chain.length > 0;
     }
 
 }
diff --git a/common/src/com/thoughtworks/go/security/RegistrationJSONizer.java b/common/src/com/thoughtworks/go/security/RegistrationJSONizer.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2016 ThoughtWorks, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.thoughtworks.go.security;
+
+import com.google.gson.Gson;
+import org.apache.commons.io.IOUtils;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.bouncycastle.util.io.pem.PemWriter;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static com.thoughtworks.go.util.ExceptionUtils.bomb;
+
+public class RegistrationJSONizer {
+    private static final Gson GSON = new Gson();
+
+    public static Registration fromJson(String json) {
+        Map map = GSON.fromJson(json, Map.class);
+
+        if (map.isEmpty()) {
+            return Registration.createNullPrivateKeyEntry();
+        }
+
+        List<Certificate> chain = new ArrayList<>();
+        try {
+            PemReader reader = new PemReader(new StringReader((String) map.get("agentPrivateKey")));
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+            PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(reader.readPemObject().getContent());
+            PrivateKey privateKey = kf.generatePrivate(spec);
+            String agentCertificate = (String) map.get("agentCertificate");
+            PemReader certReader = new PemReader(new StringReader(agentCertificate));
+            while (true) {
+                PemObject obj = certReader.readPemObject();
+                if (obj == null) {
+                    break;
+                }
+                chain.add(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(obj.getContent())));
+            }
+            return new Registration(privateKey, chain.toArray(new Certificate[chain.size()]));
+        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
+            throw bomb(e);
+        }
+    }
+
+
+    public static String toJson(Registration registration) {
+        Map<String, Object> ret = new HashMap<>();
+
+        if (registration.isValid()) {
+            ret.put("agentPrivateKey", serialize("RSA PRIVATE KEY", registration.getPrivateKey().getEncoded()));
+            StringBuilder builder = new StringBuilder();
+            for (Certificate c : registration.getChain()) {
+                try {
+                    builder.append(serialize("CERTIFICATE", c.getEncoded()));
+                } catch (CertificateEncodingException e) {
+                    throw bomb(e);
+                }
+            }
+            ret.put("agentCertificate", builder.toString());
+        }
+
+        return GSON.toJson(ret);
+    }
+
+    private static String serialize(String type, byte[] data) {
+        PemObject obj = new PemObject(type, data);
+        StringWriter out = new StringWriter();
+        PemWriter writer = new PemWriter(out);
+        try {
+            writer.writeObject(obj);
+        } catch (IOException e) {
+            throw bomb(e);
+        } finally {
+            IOUtils.closeQuietly(writer);
+        }
+        return out.toString();
+    }
+}
diff --git a/common/test/unit/com/thoughtworks/go/security/RegistrationTest.java b/common/test/unit/com/thoughtworks/go/security/RegistrationTest.java
@@ -16,21 +16,25 @@
 
 package com.thoughtworks.go.security;
 
-import com.thoughtworks.go.util.TestFileUtil;
+import org.apache.commons.lang.builder.EqualsBuilder;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
 
 import java.io.File;
+import java.io.IOException;
 
 import static org.hamcrest.Matchers.is;
-import static org.junit.Assert.assertThat;
+import static org.junit.Assert.*;
 
 public class RegistrationTest {
-    private static String authorityKeystorePath = "tempAuthorityKeystore";
+    @Rule
+    public TemporaryFolder tmpFolder = new TemporaryFolder();
 
     @Test
-    public void decodeFromJson() {
+    public void decodeFromJson() throws IOException {
         Registration origin = createRegistration();
-        Registration reg = Registration.fromJson(origin.toJson());
+        Registration reg = RegistrationJSONizer.fromJson(RegistrationJSONizer.toJson(origin));
         assertThat(reg.getPrivateKey(), is(origin.getPrivateKey()));
         assertThat(reg.getPublicKey(), is(origin.getPublicKey()));
         assertThat(reg.getChain(), is(origin.getChain()));
@@ -39,8 +43,31 @@ public void decodeFromJson() {
         assertThat(reg.getChain().length, is(3));
     }
 
-    public static Registration createRegistration() {
-        File tempKeystoreFile = TestFileUtil.createUniqueTempFile(authorityKeystorePath);
+
+    @Test
+    public void shouldBeValidWhenPrivateKeyAndChainIsPresent() throws Exception {
+        assertFalse(Registration.createNullPrivateKeyEntry().isValid());
+        assertFalse(new Registration(null, null).isValid());
+        assertFalse(new Registration(null).isValid());
+
+        assertTrue(createRegistration().isValid());
+    }
+
+    @Test
+    public void registrationFromEmptyJSONShouldBeInvalid() throws Exception {
+        assertFalse(RegistrationJSONizer.fromJson("{}").isValid());
+    }
+
+    @Test
+    public void shouldEncodeDecodeEmptyRegistration() throws Exception {
+        Registration toSerialize = Registration.createNullPrivateKeyEntry();
+        Registration deserialized = RegistrationJSONizer.fromJson(RegistrationJSONizer.toJson(toSerialize));
+
+        assertTrue(EqualsBuilder.reflectionEquals(toSerialize, deserialized));
+    }
+
+    private Registration createRegistration() throws IOException {
+        File tempKeystoreFile = tmpFolder.newFile();
         X509CertificateGenerator certificateGenerator = new X509CertificateGenerator();
         certificateGenerator.createAndStoreCACertificates(tempKeystoreFile);
         return certificateGenerator.createAgentCertificate(tempKeystoreFile, "blah");
diff --git a/server/src/com/thoughtworks/go/server/controller/AgentRegistrationController.java b/server/src/com/thoughtworks/go/server/controller/AgentRegistrationController.java
@@ -25,7 +25,7 @@
 import com.thoughtworks.go.domain.ConfigErrors;
 import com.thoughtworks.go.plugin.infra.commons.PluginsZip;
 import com.thoughtworks.go.security.Registration;
-import com.thoughtworks.go.server.domain.Username;
+import com.thoughtworks.go.security.RegistrationJSONizer;
 import com.thoughtworks.go.server.service.*;
 import com.thoughtworks.go.server.service.result.HttpOperationResult;
 import com.thoughtworks.go.util.SystemEnvironment;
@@ -40,7 +40,6 @@
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.View;
 
-import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.*;
@@ -251,20 +250,20 @@ public ModelAndView agentRequest(@RequestParam("hostname") String hostname,
             LOG.error("Error occured during agent registration process: ", e);
         }
 
-        final Registration anotherCopy = keyEntry;
+        return render(keyEntry);
+    }
+
+    private ModelAndView render(final Registration registration) {
         return new ModelAndView(new View() {
             public String getContentType() {
                 return "application/json";
             }
 
             public void render(Map model, HttpServletRequest request, HttpServletResponse response) throws IOException {
-                ServletOutputStream servletOutputStream = null;
-                try {
-                    servletOutputStream = response.getOutputStream();
-                    servletOutputStream.print(anotherCopy.toJson());
-                } finally {
-                    IOUtils.closeQuietly(servletOutputStream);
+                if (!registration.isValid()) {
+                    response.setStatus(HttpServletResponse.SC_ACCEPTED);
                 }
+                response.getWriter().print(RegistrationJSONizer.toJson(registration));
             }
         });
     }

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@`
`23`	`23`	`import com.thoughtworks.go.config.GuidService;`
`24`	`24`	`import com.thoughtworks.go.security.KeyStoreManager;`
`25`	`25`	`import com.thoughtworks.go.security.Registration;`
	`26`	`+import com.thoughtworks.go.security.RegistrationJSONizer;`
`26`	`27`	`import com.thoughtworks.go.server.service.AgentRuntimeInfo;`
`27`	`28`	`import com.thoughtworks.go.util.SystemEnvironment;`
`28`	`29`	`import com.thoughtworks.go.util.SystemUtil;`
`@@ -96,8 +97,8 @@ public boolean isRegistered() {`
`96`	`97`
`97`	`98`	`private void register(AgentAutoRegistrationProperties agentAutoRegistrationProperties) throws Exception {`
`98`	`99`	`String hostName = SystemUtil.getLocalhostNameOrRandomNameIfNotFound();`
`99`		`- Registration keyEntry = null;`
`100`		`- while (keyEntry == null \|\| keyEntry.getChain().length == 0) {`
	`100`	`+ Registration keyEntry = Registration.createNullPrivateKeyEntry();`
	`101`	`+ while (!keyEntry.isValid()) {`
`101`	`102`	`try {`
`102`	`103`	`keyEntry = remoteRegistrationRequester.requestRegistration(hostName, agentAutoRegistrationProperties);`
`103`	`104`	`} catch (Exception e) {`
`@@ -183,7 +184,7 @@ protected Registration requestRegistration(String agentHostName, AgentAutoRegist`
`183`	`184`	`}`
`184`	`185`
`185`	`186`	`protected Registration readResponse(InputStream is) throws IOException, ClassNotFoundException {`
`186`		`- return Registration.fromJson(IOUtils.toString(is));`
	`187`	`+ return RegistrationJSONizer.fromJson(IOUtils.toString(is));`
`187`	`188`	`}`
`188`	`189`	`}`
`189`	`190`	`}`