feat: System-managed and RBAC support to access to KV and Storage. (#72)

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java → src/main/java/it/pagopa/swclient/mil/auth/azure/auth/bean/GetAccessTokenResponse.java

@@ -3,7 +3,7 @@
  *
  * 21 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.auth.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java → src/main/java/it/pagopa/swclient/mil/auth/azure/auth/client/AzureAuthClient.java

@@ -3,17 +3,17 @@
  *
  * 23 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.client;
+package it.pagopa.swclient.mil.auth.azure.auth.client;
 
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
 
+import io.quarkus.rest.client.reactive.ClientQueryParam;
 import io.smallrye.mutiny.Uni;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse;
+import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.HeaderParam;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.PathParam;
 import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.QueryParam;
 import jakarta.ws.rs.core.MediaType;
 
 /**
@@ -22,17 +22,14 @@
 @RegisterRestClient(configKey = "azure-auth-api")
 public interface AzureAuthClient {
 	/**
-	 * @param tenantId
-	 * @param grantType
-	 * @param clientId
-	 * @param clientSecret
+	 * @param identity
 	 * @param scope
 	 * @return
 	 */
-	@Path("?resource={scope}&api-version=2019-08-01")
 	@GET
 	@Produces(MediaType.APPLICATION_JSON)
+	@ClientQueryParam(name = "api-version", value = "${azure-auth-api.version}")
 	Uni<GetAccessTokenResponse> getAccessToken(
 		@HeaderParam("x-identity-header") String identity,
-		@PathParam("scope") String scope);
+		@QueryParam("resource") String scope);
 }

src/main/java/it/pagopa/swclient/mil/auth/azure/auth/service/AzureAuthService.java

@@ -0,0 +1,56 @@
+/*
+ * AzureAuthService.java
+ *
+ * 1 ago 2023
+ */
+package it.pagopa.swclient.mil.auth.azure.auth.service;
+
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+import org.eclipse.microprofile.rest.client.inject.RestClient;
+
+import io.quarkus.logging.Log;
+import io.smallrye.mutiny.Uni;
+import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse;
+import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient;
+import jakarta.enterprise.context.ApplicationScoped;
+
+/**
+ * @author Antonio Tarricone
+ */
+@ApplicationScoped
+public class AzureAuthService {
+	/*
+	 * Scopes for authentication.
+	 */
+	//private static final String VAULT = "https://vault.azure.net/.default";
+	public static final String VAULT = "https://vault.azure.net";
+	public static final String STORAGE = "https://storage.azure.com";
+
+	/*
+	 *
+	 */
+	@RestClient
+	AzureAuthClient client;
+
+	/*
+	 *
+	 */
+	@ConfigProperty(name = "azure-auth-api.identity")
+	String identity;
+
+	/**
+	 * @return
+	 */
+	public Uni<GetAccessTokenResponse> getAccessToken() {
+		Log.debug("Authenticating to Azure AD for Key Vault.");
+		return client.getAccessToken(identity, VAULT);
+	}
+
+	/**
+	 * @return
+	 */
+	public Uni<GetAccessTokenResponse> getAccessTokenForStorage() {
+		Log.debug("Authenticating to Azure AD for Storage Account.");
+		return client.getAccessToken(identity, STORAGE);
+	}
+}

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/BasicKey.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/BasicKey.java

@@ -3,7 +3,7 @@
  *
  * 19 set 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/CreateKeyRequest.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/CreateKeyRequest.java

@@ -3,7 +3,7 @@
  *
  * 23 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/DetailedKey.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/DetailedKey.java

@@ -3,7 +3,7 @@
  *
  * 19 set 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetKeysResponse.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/GetKeysResponse.java

@@ -3,7 +3,7 @@
  *
  * 24 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/Key.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/Key.java

@@ -3,7 +3,7 @@
  *
  * 19 set 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyAttributes.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyAttributes.java

@@ -3,7 +3,7 @@
  *
  * 23 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyDetails.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyDetails.java

@@ -3,7 +3,7 @@
  *
  * 19 set 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersion.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersion.java

@@ -3,7 +3,7 @@
  *
  * 27 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignRequest.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignRequest.java

@@ -3,7 +3,7 @@
  *
  * 25 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignResponse.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignResponse.java

@@ -3,7 +3,7 @@
  *
  * 25 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureRequest.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureRequest.java

@@ -3,7 +3,7 @@
  *
  * 25 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureResponse.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureResponse.java

@@ -3,7 +3,7 @@
  *
  * 25 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.bean;
+package it.pagopa.swclient.mil.auth.azure.keyvault.bean;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureKeyVaultClient.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/client/AzureKeyVaultClient.java

@@ -3,19 +3,19 @@
  *
  * 23 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.client;
+package it.pagopa.swclient.mil.auth.azure.keyvault.client;
 
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
 
 import io.quarkus.rest.client.reactive.ClientQueryParam;
 import io.smallrye.mutiny.Uni;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureResponse;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.HeaderParam;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinder.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinder.java

@@ -3,7 +3,7 @@
  *
  * 26 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.service;
+package it.pagopa.swclient.mil.auth.azure.keyvault.service;
 
 import java.time.Instant;
 import java.util.Arrays;
@@ -20,15 +20,16 @@
 import io.smallrye.mutiny.Multi;
 import io.smallrye.mutiny.Uni;
 import it.pagopa.swclient.mil.auth.AuthErrorCode;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyNameAndVersion;
-import it.pagopa.swclient.mil.auth.azurekeyvault.util.KidUtil;
+import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse;
+import it.pagopa.swclient.mil.auth.azure.auth.service.AzureAuthService;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyNameAndVersion;
+import it.pagopa.swclient.mil.auth.azure.keyvault.util.KidUtil;
 import it.pagopa.swclient.mil.auth.bean.KeyType;
 import it.pagopa.swclient.mil.auth.bean.KeyUse;
 import it.pagopa.swclient.mil.auth.bean.PublicKey;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyVaultService.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyVaultService.java

@@ -3,20 +3,20 @@
  *
  * 27 lug 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.service;
+package it.pagopa.swclient.mil.auth.azure.keyvault.service;
 
 import org.eclipse.microprofile.rest.client.inject.RestClient;
 
 import io.quarkus.logging.Log;
 import io.smallrye.mutiny.Uni;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureResponse;
-import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureResponse;
+import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient;
 import jakarta.enterprise.context.ApplicationScoped;
 
 /**
@@ -28,6 +28,7 @@ public class AzureKeyVaultService {
 	 *
 	 */
 	private static final String BEARER = "Bearer ";
+
 	/*
 	 *
 	 */

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSigner.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSigner.java

@@ -3,7 +3,7 @@
  *
  * 1 ago 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.service;
+package it.pagopa.swclient.mil.auth.azure.keyvault.service;
 
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
@@ -21,9 +21,10 @@
 import io.quarkus.logging.Log;
 import io.smallrye.mutiny.Uni;
 import it.pagopa.swclient.mil.auth.AuthErrorCode;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest;
-import it.pagopa.swclient.mil.auth.azurekeyvault.util.SignedJWTFactory;
+import it.pagopa.swclient.mil.auth.azure.auth.service.AzureAuthService;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest;
+import it.pagopa.swclient.mil.auth.azure.keyvault.util.SignedJWTFactory;
 import it.pagopa.swclient.mil.auth.service.TokenSigner;
 import it.pagopa.swclient.mil.auth.util.AuthError;
 import it.pagopa.swclient.mil.auth.util.AuthException;

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/KidUtil.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/KidUtil.java

@@ -3,14 +3,14 @@
  *
  * 1 ago 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.util;
+package it.pagopa.swclient.mil.auth.azure.keyvault.util;
 
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 
-import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyNameAndVersion;
+import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyNameAndVersion;
 import jakarta.annotation.PostConstruct;
 import jakarta.enterprise.context.ApplicationScoped;
 

src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/SignedJWTFactory.java → src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/SignedJWTFactory.java

@@ -3,7 +3,7 @@
  *
  * 4 ago 2023
  */
-package it.pagopa.swclient.mil.auth.azurekeyvault.util;
+package it.pagopa.swclient.mil.auth.azure.keyvault.util;
 
 import java.text.ParseException;