IntelliJ code analyze changes for auth core (#443)

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/Authority.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -37,32 +37,32 @@ enum CredSource {
     /**
      * Initialize the authority
      */
-    public void initialize();
+    void initialize();
 
     /**
      * @return credentials source - headers or certificate with headers being default
      */
-    default public CredSource getCredSource() {
+    default CredSource getCredSource() {
         return CredSource.HEADER;
     }
 
     /**
      * @return the domain of the authority, i.e. "user" or "local", as defined by the authorization system
      */
-    public String getDomain();
+    String getDomain();
 
     /**
      * @return a string describing where to find the credentials in a request, i.e. "X-Auth-Token" or "Cookie.User"
      */
-    public String getHeader();
+    String getHeader();
 
     /**
      * @return a boolean flag indicating whether or not authenticated principals
      * by this authority are allowed to be "authorized" to make changes. If this
      * flag is false, then the principal must first get a ZMS UserToken and then
      * use that UserToken for subsequent operations.
      */
-    default public boolean allowAuthorization() {
+    default boolean allowAuthorization() {
         return true;
     }
 
@@ -72,7 +72,7 @@ default public boolean allowAuthorization() {
      * @param userName user name
      * @return mapped domain name
      */
-    default public String getUserDomainName(String userName) {
+    default String getUserDomainName(String userName) {
         return userName;
     }
 
@@ -84,7 +84,7 @@ default public String getUserDomainName(String userName) {
      * @param errMsg will contain error message if authenticate fails
      * @return the Principal for the credentials, or null if the credentials are not valid.
      */
-    public Principal authenticate(String creds, String remoteAddr, String httpMethod, StringBuilder errMsg);
+    Principal authenticate(String creds, String remoteAddr, String httpMethod, StringBuilder errMsg);
 
     /**
      * Process the client certificates extracted from the http request object.
@@ -95,7 +95,7 @@ default public String getUserDomainName(String userName) {
      * @param errMsg will contain error message if authenticate fails
      * @return the Principal for the certificate, or null in case of failure.
      */
-    default public Principal authenticate(X509Certificate[] certs, StringBuilder errMsg) {
+    default Principal authenticate(X509Certificate[] certs, StringBuilder errMsg) {
         return null;
     }
 
@@ -105,7 +105,7 @@ default public Principal authenticate(X509Certificate[] certs, StringBuilder err
      * @param errMsg will contain error message if authenticate fails
      * @return the Principal for the certificate, or null in case of failure.
      */
-    default public Principal authenticate(HttpServletRequest request, StringBuilder errMsg) {
+    default Principal authenticate(HttpServletRequest request, StringBuilder errMsg) {
         return null;
     }
 }

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/AuthorityKeyStore.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/Authorizer.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -30,5 +30,5 @@ public interface Authorizer {
      * @param crossDomain - (DomainName) an alternate domain responsible for the policy involved. This is usually null.
      * @return true if access is granted for the action/resource/principal
      */
-    public boolean access(String action, String resource, Principal principal, String crossDomain);
+    boolean access(String action, String resource, Principal principal, String crossDomain);
 }

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/KeyStore.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/Principal.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,38 +24,38 @@
 public interface Principal {
 
     /** @return the domain of the authority over this principal, i.e. "user" */
-    public String getDomain();
+    String getDomain();
 
     /** @return the name of the principal as a string, i.e. "joe" */
-    public String getName();
+    String getName();
 
     /** @return the full name of the principal as a string, i.e. "user.joe" */
-    public String getFullName();
+    String getFullName();
 
     /** @return the credentials token as a string */
-    public String getCredentials();
+    String getCredentials();
 
     /** @return the client certificate that the principal
      * was authenticated with if using the certificate authority */
-    default public X509Certificate getX509Certificate() {
+    default X509Certificate getX509Certificate() {
         return null;
     }
 
     /** @return the credentials token as a string but will not contain a signature */
-    public String getUnsignedCredentials();
+    String getUnsignedCredentials();
 
     /** @return the list of roles this principal is able to assume. This is null 
      * for user/service principals, but valid for a principal based on ZTokens. */
-    public List<String> getRoles();
+    List<String> getRoles();
 
     /** @return the authority over this principal. Can be null, if not authenticated. */
-    public Authority getAuthority();
+    Authority getAuthority();
 
     /** @return the issue time for the credentials */
-    public long getIssueTime();
+    long getIssueTime();
 
     /** @return the service name that was authorized to use the Principal's UserToken */
-    public String getAuthorizedService();
+    String getAuthorizedService();
 
     /** @return the associated IP address provided in the principal token */
     default String getIP() {
@@ -78,7 +78,7 @@ default String getKeyId() {
     }
 
     /** @return the application ID */
-    default public String getApplicationId() {
+    default String getApplicationId() {
         return null;
     }
 

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStore.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStoreFactory.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,5 +21,5 @@ public interface PrivateKeyStoreFactory {
      * Create and return a new PrivateKeyStore instance
      * @return PrivateKeyStore instance
      */
-    public PrivateKeyStore create();
+    PrivateKeyStore create();
 }

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/ServiceIdentityProvider.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,6 +26,6 @@ public interface ServiceIdentityProvider {
      * @param serviceName the name of the service
      * @return the identity of the service in the form of a Principal.
      */
-    public Principal getIdentity(String domainName, String serviceName);
+    Principal getIdentity(String domainName, String serviceName);
 
 }

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/CertificateAuthority.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,9 +32,9 @@
 public class CertificateAuthority implements Authority {
 
     private static final Logger LOG = LoggerFactory.getLogger(CertificateAuthority.class);
-    static final String ATHENZ_PROP_EXCLUDED_PRINCIPALS = "athenz.auth.certificate.excluded_principals";
+    private static final String ATHENZ_PROP_EXCLUDED_PRINCIPALS = "athenz.auth.certificate.excluded_principals";
 
-    Set<String> excludedPrincipalSet = null;
+    private Set<String> excludedPrincipalSet = null;
 
     @Override
     public void initialize() {
@@ -69,7 +69,6 @@ public CredSource getCredSource() {
     public Principal authenticate(X509Certificate[] certs, StringBuilder errMsg) {
 
         if (LOG.isDebugEnabled()) {
-            LOG.debug("CertificateAuthority:authenticate: TLS Certificates: " + certs);
             if (certs != null) {
                 for (X509Certificate cert : certs) {
                     LOG.debug("CertificateAuthority:authenticate: TLS Certificate: " + cert);
@@ -123,15 +122,15 @@ public Principal authenticate(X509Certificate[] certs, StringBuilder errMsg) {
 
             List<String> emails = Crypto.extractX509CertEmails(x509Cert);
             if (emails.isEmpty()) {
-                errMsg.append("CertificateAuthority:authenticate: Invalid role cert, no email SAN entry"
-                    + principalName);
+                errMsg.append("CertificateAuthority:authenticate: Invalid role cert, no email SAN entry")
+                        .append(principalName);
                 return null;
             }
             String email = emails.get(0);
             idx = email.indexOf('@');
             if (idx == -1) {
-                errMsg.append("CertificateAuthority:authenticate: Invalid role cert, invalid email SAN entry"
-                    + principalName);
+                errMsg.append("CertificateAuthority:authenticate: Invalid role cert, invalid email SAN entry")
+                        .append(principalName);
                 return null;
             }
             principalName = email.substring(0, idx);
@@ -142,8 +141,8 @@ public Principal authenticate(X509Certificate[] certs, StringBuilder errMsg) {
 
         idx = principalName.lastIndexOf('.');
         if (idx == -1) {
-            errMsg.append("CertificateAuthority:authenticate: Principal is not a valid service identity: "
-                + principalName);
+            errMsg.append("CertificateAuthority:authenticate: Principal is not a valid service identity: ")
+                    .append(principalName);
             return null;
         }
 

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStore.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,7 +32,7 @@ public class FilePrivateKeyStore implements PrivateKeyStore {
 
     public static final String ATHENZ_PROP_PRIVATE_KEY = "athenz.auth.private_key_store.private_key";
     public static final String ATHENZ_PROP_PRIVATE_KEY_ID = "athenz.auth.private_key_store.private_key_id";
-    public static final String ATHENZ_STR_JAR_RESOURCE = "JAR_RESOURCE:";
+    private static final String ATHENZ_STR_JAR_RESOURCE = "JAR_RESOURCE:";
 
     public FilePrivateKeyStore() {
     }
@@ -54,7 +54,7 @@ public PrivateKey getPrivateKey(String service, String serverHostName,
         // check to see if this is running in dev mode and thus it's
         // a resource in our jar file
 
-        String privKey = null;
+        String privKey;
         if (privKeyName.startsWith(ATHENZ_STR_JAR_RESOURCE)) {
             privKey = retrieveKeyFromResource(privKeyName.substring(ATHENZ_STR_JAR_RESOURCE.length()));
         } else {
@@ -70,7 +70,7 @@ public PrivateKey getPrivateKey(String service, String serverHostName,
         return pkey;
     }
 
-    String retrieveKeyFromResource(String resourceName) {
+    private String retrieveKeyFromResource(String resourceName) {
 
         String key = null;
         try (InputStream is = getClass().getResourceAsStream(resourceName)) {

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStoreFactory.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright 2016 Yahoo Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");