🐛 Resolved JWT Certificate Issue Preventing REST API Logins for Accounts

[MDeLuise]

Issue Overview: Creating a JWT Certificate in a child account was causing login failures for users attempting to access the REST API. This affected both users of the child account and users from other accounts.

Steps to Reproduce:

1. Create a child account.
2. Create a JWT Certificate in the child account.
3. Log out and attempt to perform a login from the Console NG.

Current Behaviour:

• Users of the child account encounter login errors.
• Users from other accounts also encounter login errors.

Expected Behaviour:

• Users should be able to login with their own JWT certificate or the closest valid certificate in the hierarchy.

Fix Implemented: Instead of querying the certificates and retrieving only one without specifying sorting (which defaulted to alphabetical order by name), the fix introduces significant changes:

1. Query All Certificates: The new implementation queries all of the user's certificates as well as the inherited ones. This comprehensive query ensures all potential JWT certificates are considered.

2. Determine the Nearest Certificate: A new function, getNearestCertificate, is introduced. This function processes the list of queried certificates to determine the nearest valid certificate. The function getNearestCertificateFromList is then used to get the actual closest certificate, prioritizing the user's own JWT certificate if it exists, or the closest parent JWT certificate otherwise.

This approach ensures that the most relevant JWT certificate is used for authentication.

Code Changes:

• Added getNearestCertificate function to query and process all relevant certificates.
• Implemented getNearestCertificateFromList to select the nearest valid certificate from the list.

Screen Sharing of the Fix: Screen sharing of the fix

Impact:

• Users across all accounts can now reliably login to the REST API.

By merging this pull request, we ensure that the JWT Certificate creation process no longer disrupts the login functionality, providing a smoother and more secure user experience across all accounts.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 0% with 50 lines in your changes missing coverage. Please review.

Project coverage is 16.78%. Comparing base (70cbdd3) to head (209709a). Report is 6 commits behind head on develop.

Additional details and impacted files

[](https://app.codecov.io/gh/eclipse/kapua/pull/4083?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=eclipse) ```diff @@ Coverage Diff @@ ## develop #4083 +/- ## ============================================= - Coverage 16.79% 16.78% -0.01% Complexity 22 22 ============================================= Files 2016 2016 Lines 52317 52347 +30 Branches 4407 4411 +4 ============================================= Hits 8787 8787 - Misses 43132 43162 +30 Partials 398 398 ``` | [Files](https://app.codecov.io/gh/eclipse/kapua/pull/4083?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=eclipse) | Coverage Δ | | |---|---|---| | [...tication/shiro/AuthenticationServiceShiroImpl.java](https://app.codecov.io/gh/eclipse/kapua/pull/4083?src=pr&el=tree&filepath=service%2Fsecurity%2Fshiro%2Fsrc%2Fmain%2Fjava%2Forg%2Feclipse%2Fkapua%2Fservice%2Fauthentication%2Fshiro%2FAuthenticationServiceShiroImpl.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=eclipse#diff-c2VydmljZS9zZWN1cml0eS9zaGlyby9zcmMvbWFpbi9qYXZhL29yZy9lY2xpcHNlL2thcHVhL3NlcnZpY2UvYXV0aGVudGljYXRpb24vc2hpcm8vQXV0aGVudGljYXRpb25TZXJ2aWNlU2hpcm9JbXBsLmphdmE=) | `0.00% <ø> (ø)` | | | [...on/shiro/realm/AccessTokenAuthenticatingRealm.java](https://app.codecov.io/gh/eclipse/kapua/pull/4083?src=pr&el=tree&filepath=service%2Fsecurity%2Fshiro%2Fsrc%2Fmain%2Fjava%2Forg%2Feclipse%2Fkapua%2Fservice%2Fauthentication%2Fshiro%2Frealm%2FAccessTokenAuthenticatingRealm.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=eclipse#diff-c2VydmljZS9zZWN1cml0eS9zaGlyby9zcmMvbWFpbi9qYXZhL29yZy9lY2xpcHNlL2thcHVhL3NlcnZpY2UvYXV0aGVudGljYXRpb24vc2hpcm8vcmVhbG0vQWNjZXNzVG9rZW5BdXRoZW50aWNhdGluZ1JlYWxtLmphdmE=) | `10.47% <0.00%> (-4.20%)` | :arrow_down: |