From b6ceb4fa2fbabfe64d9034fb46a0913f33086a66 Mon Sep 17 00:00:00 2001
From: Antonio Lorusso <antonio.lorusso1@cabinetoffice.gov.uk>
Date: Wed, 17 Apr 2024 16:47:50 +0100
Subject: [PATCH] Revert "GAP-2594:encrypt Authorization secret"

This reverts commit e887ac5e8d7eeeaa2a688427aadceff6124e55ae.
---
 tests/unit/test_app.py           | 10 +---------
 upload_function/app.py           | 22 ++++------------------
 upload_function/requirements.txt |  3 +--
 3 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/tests/unit/test_app.py b/tests/unit/test_app.py
index 95f10e0..e0f3e4f 100644
--- a/tests/unit/test_app.py
+++ b/tests/unit/test_app.py
@@ -2,7 +2,7 @@
 from unittest import TestCase, mock
 import urllib.parse
 
-from upload_function.app import parse_s3_object_url, parse_pathname, clean_result, s3_location, encrypt_secret
+from upload_function.app import parse_s3_object_url, parse_pathname, clean_result, s3_location
 
 GOOD_ENCODED_PATHNAME: str = "1/81ccea53-9d35-4acf-8cdb-883dfe22e9e9/273acbe3-c937-496e-86f8-f5a0166843c3/" \
                              "2022-07-08%20Grant%20Application%20Definition%20-%20Definition%20-" \
@@ -93,14 +93,6 @@ def test_not_clean_result_location_will_include_quarantine_bucket(self):
         location = s3_location(False, "path")
         self.assertIn("bad", location)
 
-class EncryptionTests(TestCase):
-
-    def test_encryption_returns_string(self):
-        secret = "secret"
-        key ='MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA9Z7o0z3DYfB+NiqnXCzCoPwDMARvL6gmbELeW9pmVIT1ZJY4u7PL9CGP2HTpKVVHlULRFEYWt1KZnMt0p+7zjmVwxYSVkrZNLOV0hWO6ej9EfLyIKduiNL1lmSN94yTgt0NbU8nIaUzkOWxf321ER/Ru/QMlmX+nLJfF0z1s4oarfY7mIdgPSrPcwgaHsyvuiYjZFKoph23CAu3335ZudZ//HEiWxo2+nRjltCelBLHCVpsCk+Rbfp38RNEfDvjFC4wzzosH65cQ2KyFKdyOOiqUO447zmHNh15CD/+g0kxgjyZSIWMkPFrEf+x66ruTRisYOObKdUezLpos+jXQIDAQAB';
-        result = encrypt_secret(secret, key)
-        self.assertIsInstance(result, str)
-        self.assertNotEqual(secret, result)
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/upload_function/app.py b/upload_function/app.py
index c0ab607..cdabb33 100644
--- a/upload_function/app.py
+++ b/upload_function/app.py
@@ -5,10 +5,6 @@
 import urllib.parse
 import requests
 from requests.exceptions import Timeout, HTTPError, RequestException
-from cryptography.hazmat.primitives import serialization, hashes
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.backends import default_backend
-import base64
 
 # useful for more indepth debugging
 # import http
@@ -29,19 +25,9 @@
 S3_DOMAIN_PATTERN = r's3(\..+)?\.amazonaws.com'
 
 API_SECRET = os.environ.get('API_SECRET')
-API_PUBLIC_KEY = os.environ.get('API_PUBLIC_KEY')
 
-def encrypt_secret(secret, public_key):
-  # Load the public key
-  public_key_with_begin_and_end = f"-----BEGIN PUBLIC KEY-----\n{public_key}\n-----END PUBLIC KEY-----"
-  public_key_bytes = public_key_with_begin_and_end.encode('utf-8')
-  public_key = serialization.load_pem_public_key(public_key_bytes,
-                                                 backend=default_backend())
-
-  encrypted_bytes = public_key.encrypt(secret.encode('utf-8'),
-                                       padding.PKCS1v15())
-
-  return base64.b64encode(encrypted_bytes).decode('utf-8')
+HEADERS = {"Content-Type": "application/json",
+           "Authorization": API_SECRET}
 
 
 def parse_s3_object_url(url_string) -> str:
@@ -93,8 +79,7 @@ def update_attachment(subscription_id: str, question_id: str, pathname: str, is_
     url: str = ATTACHMENT_URL.format(subscription_id, question_id)
     endpoint: str = str(ATTACHMENT_HOST) + url
     logger.debug("Passing request to %s", endpoint)
-    HEADERS = {"Content-Type": "application/json",
-           "Authorization": encrypt_secret(API_SECRET, API_PUBLIC_KEY)}
+
     try:
         response = requests.put(endpoint, json={'uri': pathname, 'isClean': is_clean}, headers=HEADERS,
                                 timeout=ATTACHMENT_TIMEOUT)
@@ -119,6 +104,7 @@ def s3_location(is_clean: bool, pathname: str) -> str:
     bucket = CLEAN_BUCKET if is_clean else QUARANTINE_BUCKET
     return "s3://" + bucket + "/" + pathname
 
+
 def lambda_handler(event, context):
     logger.debug("Received event: %s", json.dumps(event, indent=2))
     for record in event['Records']:
diff --git a/upload_function/requirements.txt b/upload_function/requirements.txt
index ace9e84..663bd1f 100644
--- a/upload_function/requirements.txt
+++ b/upload_function/requirements.txt
@@ -1,2 +1 @@
-requests
-cryptography
\ No newline at end of file
+requests
\ No newline at end of file