diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/bean/GetAccessTokenResponse.java similarity index 94% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/auth/bean/GetAccessTokenResponse.java index aa7c0c56..f5205772 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/bean/GetAccessTokenResponse.java @@ -3,7 +3,7 @@ * * 21 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.auth.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/client/AzureAuthClient.java similarity index 61% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/auth/client/AzureAuthClient.java index c94ee11f..0b018da4 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/client/AzureAuthClient.java @@ -3,17 +3,17 @@ * * 23 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.client; +package it.pagopa.swclient.mil.auth.azure.auth.client; import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; +import io.quarkus.rest.client.reactive.ClientQueryParam; import io.smallrye.mutiny.Uni; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; import jakarta.ws.rs.GET; import jakarta.ws.rs.HeaderParam; -import jakarta.ws.rs.Path; -import jakarta.ws.rs.PathParam; import jakarta.ws.rs.Produces; +import jakarta.ws.rs.QueryParam; import jakarta.ws.rs.core.MediaType; /** @@ -22,17 +22,14 @@ @RegisterRestClient(configKey = "azure-auth-api") public interface AzureAuthClient { /** - * @param tenantId - * @param grantType - * @param clientId - * @param clientSecret + * @param identity * @param scope * @return */ - @Path("?resource={scope}&api-version=2019-08-01") @GET @Produces(MediaType.APPLICATION_JSON) + @ClientQueryParam(name = "api-version", value = "${azure-auth-api.version}") Uni getAccessToken( @HeaderParam("x-identity-header") String identity, - @PathParam("scope") String scope); + @QueryParam("resource") String scope); } diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/service/AzureAuthService.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/service/AzureAuthService.java new file mode 100644 index 00000000..185fe586 --- /dev/null +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/auth/service/AzureAuthService.java @@ -0,0 +1,56 @@ +/* + * AzureAuthService.java + * + * 1 ago 2023 + */ +package it.pagopa.swclient.mil.auth.azure.auth.service; + +import org.eclipse.microprofile.config.inject.ConfigProperty; +import org.eclipse.microprofile.rest.client.inject.RestClient; + +import io.quarkus.logging.Log; +import io.smallrye.mutiny.Uni; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import jakarta.enterprise.context.ApplicationScoped; + +/** + * @author Antonio Tarricone + */ +@ApplicationScoped +public class AzureAuthService { + /* + * Scopes for authentication. + */ + //private static final String VAULT = "https://vault.azure.net/.default"; + public static final String VAULT = "https://vault.azure.net"; + public static final String STORAGE = "https://storage.azure.com"; + + /* + * + */ + @RestClient + AzureAuthClient client; + + /* + * + */ + @ConfigProperty(name = "azure-auth-api.identity") + String identity; + + /** + * @return + */ + public Uni getAccessToken() { + Log.debug("Authenticating to Azure AD for Key Vault."); + return client.getAccessToken(identity, VAULT); + } + + /** + * @return + */ + public Uni getAccessTokenForStorage() { + Log.debug("Authenticating to Azure AD for Storage Account."); + return client.getAccessToken(identity, STORAGE); + } +} diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/BasicKey.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/BasicKey.java similarity index 92% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/BasicKey.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/BasicKey.java index 97df2344..85a70372 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/BasicKey.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/BasicKey.java @@ -3,7 +3,7 @@ * * 19 set 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/CreateKeyRequest.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/CreateKeyRequest.java similarity index 93% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/CreateKeyRequest.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/CreateKeyRequest.java index e783b60a..47685525 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/CreateKeyRequest.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/CreateKeyRequest.java @@ -3,7 +3,7 @@ * * 23 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/DetailedKey.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/DetailedKey.java similarity index 93% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/DetailedKey.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/DetailedKey.java index 37259493..1bf8455f 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/DetailedKey.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/DetailedKey.java @@ -3,7 +3,7 @@ * * 19 set 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetKeysResponse.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/GetKeysResponse.java similarity index 92% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetKeysResponse.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/GetKeysResponse.java index 4a6f5dc2..6bc752ba 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetKeysResponse.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/GetKeysResponse.java @@ -3,7 +3,7 @@ * * 24 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/Key.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/Key.java similarity index 91% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/Key.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/Key.java index a56cc6fb..6cb3b309 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/Key.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/Key.java @@ -3,7 +3,7 @@ * * 19 set 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyAttributes.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyAttributes.java similarity index 95% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyAttributes.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyAttributes.java index 940d4916..53ecfb63 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyAttributes.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyAttributes.java @@ -3,7 +3,7 @@ * * 23 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyDetails.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyDetails.java similarity index 94% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyDetails.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyDetails.java index 0300cd35..86875aab 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyDetails.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyDetails.java @@ -3,7 +3,7 @@ * * 19 set 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersion.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersion.java similarity index 89% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersion.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersion.java index ae4bda8c..409f9ca6 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersion.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersion.java @@ -3,7 +3,7 @@ * * 27 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import lombok.AllArgsConstructor; import lombok.Getter; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignRequest.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignRequest.java similarity index 92% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignRequest.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignRequest.java index 90492e11..34b5e1c9 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignRequest.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignRequest.java @@ -3,7 +3,7 @@ * * 25 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignResponse.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignResponse.java similarity index 92% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignResponse.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignResponse.java index f2a7bc70..210ba81e 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/SignResponse.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/SignResponse.java @@ -3,7 +3,7 @@ * * 25 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureRequest.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureRequest.java similarity index 92% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureRequest.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureRequest.java index 8b6eeb9c..196a6958 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureRequest.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureRequest.java @@ -3,7 +3,7 @@ * * 25 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureResponse.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureResponse.java similarity index 91% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureResponse.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureResponse.java index 87229d07..991913ca 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/VerifySignatureResponse.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/VerifySignatureResponse.java @@ -3,7 +3,7 @@ * * 25 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureKeyVaultClient.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/client/AzureKeyVaultClient.java similarity index 84% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureKeyVaultClient.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/client/AzureKeyVaultClient.java index fd0bba50..9b6ad623 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureKeyVaultClient.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/client/AzureKeyVaultClient.java @@ -3,19 +3,19 @@ * * 23 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.client; +package it.pagopa.swclient.mil.auth.azure.keyvault.client; import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; import io.quarkus.rest.client.reactive.ClientQueryParam; import io.smallrye.mutiny.Uni; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureResponse; import jakarta.ws.rs.Consumes; import jakarta.ws.rs.GET; import jakarta.ws.rs.HeaderParam; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinder.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinder.java similarity index 94% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinder.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinder.java index 361a4a6d..b3df56bc 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinder.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinder.java @@ -3,7 +3,7 @@ * * 26 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.service; +package it.pagopa.swclient.mil.auth.azure.keyvault.service; import java.time.Instant; import java.util.Arrays; @@ -20,15 +20,16 @@ import io.smallrye.mutiny.Multi; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyNameAndVersion; -import it.pagopa.swclient.mil.auth.azurekeyvault.util.KidUtil; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.service.AzureAuthService; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyNameAndVersion; +import it.pagopa.swclient.mil.auth.azure.keyvault.util.KidUtil; import it.pagopa.swclient.mil.auth.bean.KeyType; import it.pagopa.swclient.mil.auth.bean.KeyUse; import it.pagopa.swclient.mil.auth.bean.PublicKey; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyVaultService.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyVaultService.java similarity index 79% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyVaultService.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyVaultService.java index 4e6c5976..00831e82 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyVaultService.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyVaultService.java @@ -3,20 +3,20 @@ * * 27 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.service; +package it.pagopa.swclient.mil.auth.azure.keyvault.service; import org.eclipse.microprofile.rest.client.inject.RestClient; import io.quarkus.logging.Log; import io.smallrye.mutiny.Uni; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; import jakarta.enterprise.context.ApplicationScoped; /** @@ -28,6 +28,7 @@ public class AzureKeyVaultService { * */ private static final String BEARER = "Bearer "; + /* * */ diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSigner.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSigner.java similarity index 93% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSigner.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSigner.java index 405d485e..f1f5d26c 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSigner.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSigner.java @@ -3,7 +3,7 @@ * * 1 ago 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.service; +package it.pagopa.swclient.mil.auth.azure.keyvault.service; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; @@ -21,9 +21,10 @@ import io.quarkus.logging.Log; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.util.SignedJWTFactory; +import it.pagopa.swclient.mil.auth.azure.auth.service.AzureAuthService; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.util.SignedJWTFactory; import it.pagopa.swclient.mil.auth.service.TokenSigner; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.AuthException; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/KidUtil.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/KidUtil.java similarity index 94% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/KidUtil.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/KidUtil.java index 83c6f493..01b71bc7 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/KidUtil.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/KidUtil.java @@ -3,14 +3,14 @@ * * 1 ago 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.util; +package it.pagopa.swclient.mil.auth.azure.keyvault.util; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.eclipse.microprofile.config.inject.ConfigProperty; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyNameAndVersion; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyNameAndVersion; import jakarta.annotation.PostConstruct; import jakarta.enterprise.context.ApplicationScoped; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/SignedJWTFactory.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/SignedJWTFactory.java similarity index 92% rename from src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/SignedJWTFactory.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/SignedJWTFactory.java index 5137c401..b8a233a2 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/util/SignedJWTFactory.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/keyvault/util/SignedJWTFactory.java @@ -3,7 +3,7 @@ * * 4 ago 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.util; +package it.pagopa.swclient.mil.auth.azure.keyvault.util; import java.text.ParseException; diff --git a/src/main/java/it/pagopa/swclient/mil/auth/client/AuthDataRepository.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/storage/client/AzureAuthDataRepositoryClient.java similarity index 55% rename from src/main/java/it/pagopa/swclient/mil/auth/client/AuthDataRepository.java rename to src/main/java/it/pagopa/swclient/mil/auth/azure/storage/client/AzureAuthDataRepositoryClient.java index f67c67a3..5c6e7966 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/client/AuthDataRepository.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/storage/client/AzureAuthDataRepositoryClient.java @@ -1,10 +1,11 @@ /* - * AuthDataRepository.java + * AzureAuthDataRepositoryClient.java * * 30 mag 2023 */ -package it.pagopa.swclient.mil.auth.client; +package it.pagopa.swclient.mil.auth.azure.storage.client; +import org.eclipse.microprofile.rest.client.annotation.ClientHeaderParam; import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; import io.smallrye.mutiny.Uni; @@ -12,6 +13,7 @@ import it.pagopa.swclient.mil.auth.bean.Role; import it.pagopa.swclient.mil.auth.bean.User; import jakarta.ws.rs.GET; +import jakarta.ws.rs.HeaderParam; import jakarta.ws.rs.Path; import jakarta.ws.rs.PathParam; @@ -19,16 +21,19 @@ * @author Antonio Tarricone */ @RegisterRestClient(configKey = "auth-data-repository") -public interface AuthDataRepository { +public interface AzureAuthDataRepositoryClient { /** + * @param authorization * @param clientId * @return */ @Path("clients/{clientId}.json") @GET - Uni getClient(@PathParam("clientId") String clientId); + @ClientHeaderParam(name = "x-ms-version", value = "${azure-storage-api.version}") + Uni getClient(@HeaderParam("Authorization") String authorization, @PathParam("clientId") String clientId); /** + * @param authorization * @param acquirerId * @param channel * @param merchantId @@ -38,7 +43,9 @@ public interface AuthDataRepository { */ @Path("roles/{acquirerId}/{channel}/{clientId}/{merchantId}/{terminalId}/roles.json") @GET + @ClientHeaderParam(name = "x-ms-version", value = "${azure-storage-api.version}") Uni getRoles( + @HeaderParam("Authorization") String authorization, @PathParam("acquirerId") String acquirerId, @PathParam("channel") String channel, @PathParam("clientId") String clientId, @@ -46,10 +53,12 @@ Uni getRoles( @PathParam("terminalId") String terminalId); /** + * @param authorization * @param userHash * @return */ @Path("users/{userHash}.json") @GET - Uni getUser(@PathParam("userHash") String userHash); + @ClientHeaderParam(name = "x-ms-version", value = "${azure-storage-api.version}") + Uni getUser(@HeaderParam("Authorization") String authorization, @PathParam("userHash") String userHash); } \ No newline at end of file diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azure/storage/service/AzureAuthDataRepository.java b/src/main/java/it/pagopa/swclient/mil/auth/azure/storage/service/AzureAuthDataRepository.java new file mode 100644 index 00000000..0df24ffd --- /dev/null +++ b/src/main/java/it/pagopa/swclient/mil/auth/azure/storage/service/AzureAuthDataRepository.java @@ -0,0 +1,86 @@ +/* + * + */ +package it.pagopa.swclient.mil.auth.azure.storage.service; + +import org.eclipse.microprofile.rest.client.inject.RestClient; + +import io.quarkus.logging.Log; +import io.smallrye.mutiny.Uni; +import it.pagopa.swclient.mil.auth.AuthErrorCode; +import it.pagopa.swclient.mil.auth.azure.auth.service.AzureAuthService; +import it.pagopa.swclient.mil.auth.azure.storage.client.AzureAuthDataRepositoryClient; +import it.pagopa.swclient.mil.auth.bean.Client; +import it.pagopa.swclient.mil.auth.bean.Role; +import it.pagopa.swclient.mil.auth.bean.User; +import it.pagopa.swclient.mil.auth.service.AuthDataRepository; +import it.pagopa.swclient.mil.auth.util.AuthError; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; + +/** + * @author Antonio Tarricone + */ +@ApplicationScoped +public class AzureAuthDataRepository implements AuthDataRepository { + /* + * + */ + private static final String BEARER = "Bearer "; + + /* + * + */ + @Inject + AzureAuthService authService; + + /* + * + */ + @RestClient + AzureAuthDataRepositoryClient dataRepo; + + /** + * Returns the authorization header value, invoking identity endpoint. + * + * @return + */ + private Uni getAuthorization() { + return authService.getAccessTokenForStorage() + .map(x -> { + String t = x.getToken(); + if (t != null) { + Log.debug("Successfully authenticated."); + return BEARER + t; + } else { + String message = String.format("[%s] Azure access token not valid.", AuthErrorCode.AZURE_ACCESS_TOKEN_IS_NULL); + Log.error(message); + throw new AuthError(AuthErrorCode.AZURE_ACCESS_TOKEN_IS_NULL, message); + } + }); + } + + /** + * + */ + @Override + public Uni getClient(String clientId) { + return getAuthorization().chain(authorization -> dataRepo.getClient(authorization, clientId)); + } + + /** + * + */ + @Override + public Uni getRoles(String acquirerId, String channel, String clientId, String merchantId, String terminalId) { + return getAuthorization().chain(authorization -> dataRepo.getRoles(authorization, acquirerId, channel, clientId, merchantId, terminalId)); + } + + /** + * + */ + @Override + public Uni getUser(String userHash) { + return getAuthorization().chain(authorization -> dataRepo.getUser(authorization, userHash)); + } +} diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java deleted file mode 100644 index 00ca3f75..00000000 --- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * AzureAuthService.java - * - * 1 ago 2023 - */ -package it.pagopa.swclient.mil.auth.azurekeyvault.service; - -import org.eclipse.microprofile.config.inject.ConfigProperty; -import org.eclipse.microprofile.rest.client.inject.RestClient; - -import io.quarkus.logging.Log; -import io.smallrye.mutiny.Uni; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import jakarta.enterprise.context.ApplicationScoped; - -/** - * @author Antonio Tarricone - */ -@ApplicationScoped -public class AzureAuthService { - /* - * Scope for authentication. - */ - private static final String VAULT = "https://vault.azure.net/.default"; - - /* - * - */ - @RestClient - AzureAuthClient client; - - /* - * - */ - @ConfigProperty(name = "azure-auth-api.identity") - String identity; - - /** - * @return - */ - public Uni getAccessToken() { - Log.debug("Authenticating to Azure AD."); - return client.getAccessToken(identity, VAULT); - } -} diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/AuthDataRepository.java b/src/main/java/it/pagopa/swclient/mil/auth/service/AuthDataRepository.java new file mode 100644 index 00000000..d723a645 --- /dev/null +++ b/src/main/java/it/pagopa/swclient/mil/auth/service/AuthDataRepository.java @@ -0,0 +1,38 @@ +/* + * AuthDataRepository.java + * + * 23 ott 2023 + */ +package it.pagopa.swclient.mil.auth.service; + +import io.smallrye.mutiny.Uni; +import it.pagopa.swclient.mil.auth.bean.Client; +import it.pagopa.swclient.mil.auth.bean.Role; +import it.pagopa.swclient.mil.auth.bean.User; + +/** + * @author Antonio Tarricone + */ +public interface AuthDataRepository { + /** + * @param clientId + * @return + */ + public Uni getClient(String clientId); + + /** + * @param acquirerId + * @param channel + * @param merchantId + * @param clientId + * @param terminalId + * @return + */ + public Uni getRoles(String acquirerId, String channel, String clientId, String merchantId, String terminalId); + + /** + * @param userHash + * @return + */ + public Uni getUser(String userHash); +} \ No newline at end of file diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/ClientVerifier.java b/src/main/java/it/pagopa/swclient/mil/auth/service/ClientVerifier.java index 51eb25d4..d7426819 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/service/ClientVerifier.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/service/ClientVerifier.java @@ -8,18 +8,16 @@ import java.security.NoSuchAlgorithmException; import java.util.Objects; -import org.eclipse.microprofile.rest.client.inject.RestClient; - import io.quarkus.cache.CacheResult; import io.quarkus.logging.Log; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; import it.pagopa.swclient.mil.auth.bean.Client; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.AuthException; import it.pagopa.swclient.mil.auth.util.PasswordVerifier; import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.Response; @@ -31,7 +29,7 @@ public class ClientVerifier { /* * */ - @RestClient + @Inject AuthDataRepository repository; /** @@ -52,7 +50,7 @@ public Uni getClient(String clientId) { public Uni findClient(String clientId) { Log.debugf("Search for the client [%s].", clientId); return getClient(clientId) - .onFailure().transform(t -> { + .onFailure(t -> !(t instanceof AuthError)).transform(t -> { if (t instanceof WebApplicationException e) { Response r = e.getResponse(); // r cannot be null diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/RolesFinder.java b/src/main/java/it/pagopa/swclient/mil/auth/service/RolesFinder.java index 901efce0..55d034fe 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/service/RolesFinder.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/service/RolesFinder.java @@ -5,17 +5,15 @@ */ package it.pagopa.swclient.mil.auth.service; -import org.eclipse.microprofile.rest.client.inject.RestClient; - import io.quarkus.cache.CacheResult; import io.quarkus.logging.Log; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; import it.pagopa.swclient.mil.auth.bean.Role; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.AuthException; import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.Response; @@ -28,10 +26,11 @@ public class RolesFinder { * */ private static final String NA = "NA"; + /* * Role repository. */ - @RestClient + @Inject AuthDataRepository repository; /** diff --git a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java index 56475bc7..0e7616d7 100644 --- a/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java +++ b/src/main/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordService.java @@ -11,8 +11,6 @@ import java.util.Base64; import java.util.Objects; -import org.eclipse.microprofile.rest.client.inject.RestClient; - import io.quarkus.cache.CacheResult; import io.quarkus.logging.Log; import io.smallrye.mutiny.Uni; @@ -20,13 +18,13 @@ import it.pagopa.swclient.mil.auth.bean.GetAccessTokenRequest; import it.pagopa.swclient.mil.auth.bean.GetAccessTokenResponse; import it.pagopa.swclient.mil.auth.bean.User; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.qualifier.Password; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.AuthException; import it.pagopa.swclient.mil.auth.util.PasswordVerifier; import it.pagopa.swclient.mil.auth.util.UniGenerator; import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.Response; @@ -44,7 +42,7 @@ public class TokenByPasswordService extends TokenService { /* * */ - @RestClient + @Inject AuthDataRepository repository; /** diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 7bd4f281..5da24e1d 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -54,6 +54,7 @@ poynt-api.version=1.2 # Authorization data repository (clients, roles) # ------------------------------------------------------------------------------ quarkus.rest-client.auth-data-repository.url=https://mildconfst.blob.core.windows.net +azure-storage-api.version=2019-07-07 %prod.quarkus.rest-client.auth-data-repository.url=${auth.data.url} # ------------------------------------------------------------------------------ @@ -67,6 +68,7 @@ quarkus.cache.caffeine.expire-after-write=1h # ------------------------------------------------------------------------------ quarkus.rest-client.azure-auth-api.url=http://dummy azure-auth-api.identity=dummy +azure-auth-api.version=2019-08-01 %prod.quarkus.rest-client.azure-auth-api.url=${IDENTITY_ENDPOINT} %prod.azure-auth-api.identity=${IDENTITY_HEADER} @@ -78,4 +80,4 @@ azure-key-vault-api.version=7.4 quarkus.rest-client.azure-key-vault-api.url=http://dummy %prod.azure-key-vault-api.version=${auth.keyvault.api-version} -%prod.quarkus.rest-client.azure-key-vault-api.url=${auth.keyvault.url} \ No newline at end of file +%prod.quarkus.rest-client.azure-key-vault-api.url=${auth.keyvault.url} diff --git a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersionTest.java b/src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersionTest.java similarity index 92% rename from src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersionTest.java rename to src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersionTest.java index 5aa8a959..05d67c76 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/KeyNameAndVersionTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/bean/KeyNameAndVersionTest.java @@ -3,7 +3,7 @@ * * 14 set 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.bean; +package it.pagopa.swclient.mil.auth.azure.keyvault.bean; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; diff --git a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java b/src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinderTest.java similarity index 98% rename from src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java rename to src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinderTest.java index 76f7ce43..57def2be 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureKeyFinderTest.java @@ -3,7 +3,7 @@ * * 28 lug 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.service; +package it.pagopa.swclient.mil.auth.azure.keyvault.service; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.ArgumentMatchers.any; @@ -26,15 +26,15 @@ import io.quarkus.test.junit.QuarkusTest; import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.helpers.test.UniAssertSubscriber; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; import it.pagopa.swclient.mil.auth.bean.KeyType; import it.pagopa.swclient.mil.auth.bean.KeyUse; import it.pagopa.swclient.mil.auth.bean.PublicKey; diff --git a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java b/src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSignerTest.java similarity index 92% rename from src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java rename to src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSignerTest.java index 15070a8a..23c5d930 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/azure/keyvault/service/AzureTokenSignerTest.java @@ -3,7 +3,7 @@ * * 2 ago 2023 */ -package it.pagopa.swclient.mil.auth.azurekeyvault.service; +package it.pagopa.swclient.mil.auth.azure.keyvault.service; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.ArgumentMatchers.any; @@ -49,14 +49,14 @@ import io.smallrye.mutiny.ItemWithContext; import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.helpers.test.UniAssertSubscriber; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.util.SignedJWTFactory; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.util.SignedJWTFactory; import it.pagopa.swclient.mil.auth.bean.KeyType; import it.pagopa.swclient.mil.auth.bean.KeyUse; import it.pagopa.swclient.mil.auth.service.TokenSigner; @@ -141,7 +141,7 @@ void init() throws NoSuchAlgorithmException, InvalidKeySpecException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#sign(com.nimbusds.jwt.JWTClaimsSet)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#sign(com.nimbusds.jwt.JWTClaimsSet)}. * * @throws JOSEException */ @@ -207,7 +207,7 @@ void testSign() throws JOSEException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#sign(com.nimbusds.jwt.JWTClaimsSet)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#sign(com.nimbusds.jwt.JWTClaimsSet)}. * * @throws JOSEException */ @@ -272,7 +272,7 @@ void testSignWithNoSuchAlgorithmException() throws JOSEException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#sign(com.nimbusds.jwt.JWTClaimsSet)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#sign(com.nimbusds.jwt.JWTClaimsSet)}. * * @throws JOSEException */ @@ -339,7 +339,7 @@ void testSignWithParseException() throws JOSEException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. * * @throws JOSEException */ @@ -387,7 +387,7 @@ void testVerify() throws JOSEException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. * * @throws JOSEException */ @@ -434,7 +434,7 @@ void testVerifyWithFailedVerification() throws JOSEException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. * * @throws JOSEException */ @@ -481,7 +481,7 @@ void testVerifyWithNullAccessToken() throws JOSEException { /** * Test method for - * {@link it.pagopa.swclient.mil.auth.azurekeyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. + * {@link it.pagopa.swclient.mil.auth.azure.keyvault.service.AzureTokenSigner#verify(com.nimbusds.jwt.SignedJWT)}. * * @throws JOSEException */ diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java index 2d8a1da5..4eae4f62 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java @@ -43,18 +43,19 @@ import io.quarkus.test.common.http.TestHTTPEndpoint; import io.quarkus.test.junit.QuarkusTest; import it.pagopa.swclient.mil.auth.AuthErrorCode; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.VerifySignatureResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.VerifySignatureResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.storage.client.AzureAuthDataRepositoryClient; import it.pagopa.swclient.mil.auth.bean.ClaimName; import it.pagopa.swclient.mil.auth.bean.Client; import it.pagopa.swclient.mil.auth.bean.FormParamName; @@ -64,7 +65,6 @@ import it.pagopa.swclient.mil.auth.bean.Role; import it.pagopa.swclient.mil.auth.bean.Scope; import it.pagopa.swclient.mil.auth.bean.TokenType; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.UniGenerator; import it.pagopa.swclient.mil.bean.Channel; import jakarta.ws.rs.core.MediaType; @@ -131,7 +131,7 @@ class RefreshTokensResourceTest { */ @InjectMock @RestClient - AuthDataRepository repository; + AzureAuthDataRepositoryClient repository; /* * @@ -160,13 +160,13 @@ void testOk() throws InvalidKeySpecException, NoSuchAlgorithmException, JOSEExce /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, null, null, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* @@ -174,7 +174,7 @@ void testOk() throws InvalidKeySpecException, NoSuchAlgorithmException, JOSEExce */ when(authClient.getAccessToken(anyString(), anyString())) .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); - + /* * Azure key vault setup. */ diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java index e088c0a2..48dda941 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java @@ -29,17 +29,19 @@ import io.quarkus.test.junit.QuarkusTest; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.CreateKeyRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import it.pagopa.swclient.mil.auth.azure.auth.service.AzureAuthService; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.CreateKeyRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.storage.client.AzureAuthDataRepositoryClient; import it.pagopa.swclient.mil.auth.bean.Client; import it.pagopa.swclient.mil.auth.bean.FormParamName; import it.pagopa.swclient.mil.auth.bean.GrantType; @@ -47,7 +49,6 @@ import it.pagopa.swclient.mil.auth.bean.JsonPropertyName; import it.pagopa.swclient.mil.auth.bean.Role; import it.pagopa.swclient.mil.auth.bean.TokenType; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.UniGenerator; import it.pagopa.swclient.mil.bean.Channel; import jakarta.ws.rs.WebApplicationException; @@ -115,7 +116,7 @@ class TokenByClientSecretResourceTest { */ @InjectMock @RestClient - AuthDataRepository repository; + AzureAuthDataRepositoryClient repository; /* * @@ -144,13 +145,13 @@ void testOk() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* @@ -212,20 +213,20 @@ void testOkForAtm() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.ATM, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.ATM, CLIENT_ID, "NA", TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.ATM, CLIENT_ID, "NA", TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.ATM, CLIENT_ID, "NA", TERMINAL_ID, ROLES))); /* * Azure auth. client setup. */ when(authClient.getAccessToken(anyString(), anyString())) - .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); /* * Azure key vault setup. @@ -279,20 +280,20 @@ void testOkForPortal() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, null, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles("NA", "NA", CLIENT_ID, "NA", "NA")) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, "NA", "NA", CLIENT_ID, "NA", "NA")) .thenReturn(UniGenerator.item(new Role("NA", "NA", CLIENT_ID, "NA", "NA", ROLES))); /* * Azure auth. client setup. */ when(authClient.getAccessToken(anyString(), anyString())) - .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); /* * Azure key vault setup. @@ -340,9 +341,12 @@ void testOkForPortal() { @Test void testClientNotFound() { - when(repository.getClient(anyString())) - .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()))); - + when(repository.getClient(anyString(), anyString())) + .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()))); + + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + given() .contentType(MediaType.APPLICATION_FORM_URLENCODED) .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-000000000001") @@ -365,7 +369,7 @@ void testClientNotFound() { @Test void testWebApplicationExceptionSerchingClient() { - when(repository.getClient(anyString())) + when(repository.getClient(anyString(), anyString())) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build()))); given() @@ -390,9 +394,12 @@ void testWebApplicationExceptionSerchingClient() { @Test void testExceptionSearchingClient() { - when(repository.getClient(anyString())) - .thenReturn(Uni.createFrom().failure(new Exception())); + when(repository.getClient(anyString(), anyString())) + .thenReturn(Uni.createFrom().failure(new Exception())); + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + given() .contentType(MediaType.APPLICATION_FORM_URLENCODED) .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-000000000003") @@ -415,8 +422,12 @@ void testExceptionSearchingClient() { @Test void testClientHasWrongChannel() { - when(repository.getClient(CLIENT_ID)) - .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.ATM, SALT, HASH, DESCRIPTION))); + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) + .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.ATM, SALT, HASH, DESCRIPTION))); + + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + given() .contentType(MediaType.APPLICATION_FORM_URLENCODED) @@ -440,7 +451,11 @@ void testClientHasWrongChannel() { @Test void testWrongSecret() { - when(repository.getClient(CLIENT_ID)) + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + + + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); given() @@ -465,7 +480,11 @@ void testWrongSecret() { @Test void testWrongSecretWithNullExpected() { - when(repository.getClient(CLIENT_ID)) + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + + + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, null, null, DESCRIPTION))); given() @@ -490,16 +509,20 @@ void testWrongSecretWithNullExpected() { @Test void testRolesNotFound() { - when(repository.getClient(CLIENT_ID)) + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + + + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()))); - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, "NA")) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, "NA")) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()))); - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, "NA", "NA")) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, "NA", "NA")) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()))); given() @@ -524,10 +547,14 @@ void testRolesNotFound() { @Test void testWebApplicationExceptionSearchingRoles() { - when(repository.getClient(CLIENT_ID)) + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + + + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build()))); given() @@ -552,10 +579,14 @@ void testWebApplicationExceptionSearchingRoles() { @Test void testExceptionSearchingRoles() { - when(repository.getClient(CLIENT_ID)) + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + + + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(Uni.createFrom().failure(new Exception())); given() @@ -583,20 +614,23 @@ void test401OnGetAccessToken() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* * Azure auth. client setup. */ - when(authClient.getAccessToken(anyString(), anyString())) + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.VAULT))) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build()))); + + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); /* * Test. @@ -626,13 +660,13 @@ void test401OnGetKeys() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* @@ -652,7 +686,7 @@ void test401OnGetKeys() { */ given() .contentType(MediaType.APPLICATION_FORM_URLENCODED) - .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000000A") + .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000001A") .header(HeaderParamName.ACQUIRER_ID, ACQUIRER_ID) .header(HeaderParamName.CHANNEL, Channel.POS) .header(HeaderParamName.MERCHANT_ID, MERCHANT_ID) @@ -675,27 +709,30 @@ void test401WithNullAccessToken() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* * Azure auth. client setup. */ - when(authClient.getAccessToken(anyString(), anyString())) - .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", null))); + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.VAULT))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", null))); + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test. */ given() .contentType(MediaType.APPLICATION_FORM_URLENCODED) - .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000000A") + .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000002A") .header(HeaderParamName.ACQUIRER_ID, ACQUIRER_ID) .header(HeaderParamName.CHANNEL, Channel.POS) .header(HeaderParamName.MERCHANT_ID, MERCHANT_ID) @@ -718,13 +755,13 @@ void testExpiredKeyOnKeyCreation() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* @@ -748,7 +785,7 @@ void testExpiredKeyOnKeyCreation() { */ given() .contentType(MediaType.APPLICATION_FORM_URLENCODED) - .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000000A") + .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000003A") .header(HeaderParamName.ACQUIRER_ID, ACQUIRER_ID) .header(HeaderParamName.CHANNEL, Channel.POS) .header(HeaderParamName.MERCHANT_ID, MERCHANT_ID) @@ -771,13 +808,13 @@ void testErrorOnKeyCreation() { /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* @@ -817,4 +854,72 @@ void testErrorOnKeyCreation() { .contentType(MediaType.APPLICATION_JSON) .body(JsonPropertyName.ERRORS, hasItem(AuthErrorCode.ERROR_GENERATING_KEY_PAIR)); } + + @Test + void test401WithNullStorageAccessToken() { + /* + * Client repository setup. + */ + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) + .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, SALT, HASH, DESCRIPTION))); + + /* + * Roles repository setup. + */ + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); + + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.VAULT))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + + when(authClient.getAccessToken(anyString(), eq(AzureAuthService.STORAGE))) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", null))); + + /* + * Azure key vault setup. + */ + long now = Instant.now().getEpochSecond(); + KeyAttributes keyAttributes = new KeyAttributes(now - 300, now + 600, now - 300, now - 300, Boolean.TRUE, KEY_RECOVERY_LEVEL, 0, Boolean.FALSE); + + when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE)) + .thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[] { + new BasicKey(keyUrl + KEY_NAME, keyAttributes) + }))); + + when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME)) + .thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{ + new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes) + }))); + + when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION)) + .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes))); + + when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class))) + .thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE))); + + /* + * Test. + */ + given() + .contentType(MediaType.APPLICATION_FORM_URLENCODED) + .header(HeaderParamName.REQUEST_ID, "00000000-0000-0000-0000-00000000004A") + .header(HeaderParamName.ACQUIRER_ID, ACQUIRER_ID) + .header(HeaderParamName.CHANNEL, Channel.POS) + .header(HeaderParamName.MERCHANT_ID, MERCHANT_ID) + .header(HeaderParamName.TERMINAL_ID, TERMINAL_ID) + .formParam(FormParamName.CLIENT_ID, CLIENT_ID) + .formParam(FormParamName.GRANT_TYPE, GrantType.CLIENT_CREDENTIALS) + .formParam(FormParamName.CLIENT_SECRET, SECRET) + .when() + .post() + .then() + .log() + .everything() + .statusCode(500) + .contentType(MediaType.APPLICATION_JSON) + .body(JsonPropertyName.ERRORS, hasItem(AuthErrorCode.AZURE_ACCESS_TOKEN_IS_NULL)); + } } diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java index 71c8559f..681be9f7 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java @@ -32,16 +32,17 @@ import io.quarkus.test.junit.QuarkusTest; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.storage.client.AzureAuthDataRepositoryClient; import it.pagopa.swclient.mil.auth.bean.Client; import it.pagopa.swclient.mil.auth.bean.FormParamName; import it.pagopa.swclient.mil.auth.bean.GrantType; @@ -51,7 +52,6 @@ import it.pagopa.swclient.mil.auth.bean.Scope; import it.pagopa.swclient.mil.auth.bean.TokenType; import it.pagopa.swclient.mil.auth.bean.User; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.PasswordVerifier; import it.pagopa.swclient.mil.auth.util.UniGenerator; import it.pagopa.swclient.mil.bean.Channel; @@ -134,7 +134,7 @@ class TokenByPasswordResourceTest { */ @InjectMock @RestClient - AuthDataRepository repository; + AzureAuthDataRepositoryClient repository; /* * @@ -169,26 +169,26 @@ void testOk() throws NoSuchAlgorithmException { String passwordHash = Base64.getEncoder().encodeToString(PasswordVerifier.hashBytes(PASSWORD, SALT)); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(UniGenerator.item(new User(USERNAME, SALT, passwordHash, ACQUIRER_ID, Channel.POS, MERCHANT_ID))); /* * Client repository setup. */ - when(repository.getClient(CLIENT_ID)) + when(repository.getClient(AUTHORIZATION_HDR_VALUE, CLIENT_ID)) .thenReturn(UniGenerator.item(new Client(CLIENT_ID, Channel.POS, null, null, DESCRIPTION))); /* * Roles repository setup. */ - when(repository.getRoles(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) + when(repository.getRoles(AUTHORIZATION_HDR_VALUE, ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID)) .thenReturn(UniGenerator.item(new Role(ACQUIRER_ID, Channel.POS, CLIENT_ID, MERCHANT_ID, TERMINAL_ID, ROLES))); /* * Azure auth. client setup. */ when(authClient.getAccessToken(anyString(), anyString())) - .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); /* * Azure key vault setup. @@ -247,9 +247,15 @@ void testUserNotFound() throws NoSuchAlgorithmException { MessageDigest.getInstance("SHA256").digest( USERNAME.getBytes(StandardCharsets.UTF_8))); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ @@ -282,9 +288,15 @@ void testWebApplicationExceptionGettingUser() throws NoSuchAlgorithmException { MessageDigest.getInstance("SHA256").digest( USERNAME.getBytes(StandardCharsets.UTF_8))); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build()))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ @@ -317,9 +329,15 @@ void testExceptionGettingUser() throws NoSuchAlgorithmException { MessageDigest.getInstance("SHA256").digest( USERNAME.getBytes(StandardCharsets.UTF_8))); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(Uni.createFrom().failure(new Exception("synthetic exception"))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ @@ -358,9 +376,15 @@ void testInconsistentAcquirerId() throws NoSuchAlgorithmException { String passwordHash = Base64.getEncoder().encodeToString(PasswordVerifier.hashBytes(PASSWORD, SALT)); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(UniGenerator.item(new User(USERNAME, SALT, passwordHash, ACQUIRER_2_ID, Channel.POS, MERCHANT_ID))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ @@ -395,9 +419,15 @@ void testInconsistentChannel() throws NoSuchAlgorithmException { String passwordHash = Base64.getEncoder().encodeToString(PasswordVerifier.hashBytes(PASSWORD, SALT)); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(UniGenerator.item(new User(USERNAME, SALT, passwordHash, ACQUIRER_ID, Channel.ATM, MERCHANT_ID))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ @@ -432,9 +462,15 @@ void testInconsistentMerchantId() throws NoSuchAlgorithmException { String passwordHash = Base64.getEncoder().encodeToString(PasswordVerifier.hashBytes(PASSWORD, SALT)); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(UniGenerator.item(new User(USERNAME, SALT, passwordHash, ACQUIRER_ID, Channel.POS, MERCHANT_2_ID))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ @@ -469,9 +505,15 @@ void testWrongPassword() throws NoSuchAlgorithmException { String passwordHash = Base64.getEncoder().encodeToString(PasswordVerifier.hashBytes(PASSWORD_2, SALT)); - when(repository.getUser(userHash)) + when(repository.getUser(AUTHORIZATION_HDR_VALUE, userHash)) .thenReturn(UniGenerator.item(new User(USERNAME, SALT, passwordHash, ACQUIRER_ID, Channel.POS, MERCHANT_ID))); + /* + * Azure auth. client setup. + */ + when(authClient.getAccessToken(anyString(), anyString())) + .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN))); + /* * Test */ diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java index b0c5fcef..e14a8490 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java @@ -28,16 +28,16 @@ import io.quarkus.test.junit.QuarkusTest; import io.smallrye.mutiny.Uni; import it.pagopa.swclient.mil.auth.AuthErrorCode; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.BasicKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.DetailedKey; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetKeysResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyAttributes; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.KeyDetails; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignRequest; -import it.pagopa.swclient.mil.auth.azurekeyvault.bean.SignResponse; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureAuthClient; -import it.pagopa.swclient.mil.auth.azurekeyvault.client.AzureKeyVaultClient; +import it.pagopa.swclient.mil.auth.azure.auth.bean.GetAccessTokenResponse; +import it.pagopa.swclient.mil.auth.azure.auth.client.AzureAuthClient; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.BasicKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.DetailedKey; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.GetKeysResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyAttributes; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.KeyDetails; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignRequest; +import it.pagopa.swclient.mil.auth.azure.keyvault.bean.SignResponse; +import it.pagopa.swclient.mil.auth.azure.keyvault.client.AzureKeyVaultClient; import it.pagopa.swclient.mil.auth.bean.Client; import it.pagopa.swclient.mil.auth.bean.FormParamName; import it.pagopa.swclient.mil.auth.bean.GrantType; @@ -46,7 +46,7 @@ import it.pagopa.swclient.mil.auth.bean.Role; import it.pagopa.swclient.mil.auth.bean.Scope; import it.pagopa.swclient.mil.auth.bean.TokenType; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; +import it.pagopa.swclient.mil.auth.service.AuthDataRepository; import it.pagopa.swclient.mil.auth.client.PoyntClient; import it.pagopa.swclient.mil.auth.util.UniGenerator; import it.pagopa.swclient.mil.bean.Channel; @@ -111,7 +111,6 @@ class TokenByPoyntTokenResourceTest { * */ @InjectMock - @RestClient AuthDataRepository repository; /* diff --git a/src/test/java/it/pagopa/swclient/mil/auth/service/ClientVerifierTest.java b/src/test/java/it/pagopa/swclient/mil/auth/service/ClientVerifierTest.java index dc580165..213f6278 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/service/ClientVerifierTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/service/ClientVerifierTest.java @@ -10,7 +10,6 @@ import java.security.NoSuchAlgorithmException; -import org.eclipse.microprofile.rest.client.inject.RestClient; import org.junit.jupiter.api.Test; import org.mockito.MockedStatic; import org.mockito.Mockito; @@ -20,7 +19,6 @@ import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.helpers.test.UniAssertSubscriber; import it.pagopa.swclient.mil.auth.bean.Client; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.AuthException; import it.pagopa.swclient.mil.auth.util.PasswordVerifier; @@ -50,7 +48,6 @@ class ClientVerifierTest { * */ @InjectMock - @RestClient AuthDataRepository repository; /* diff --git a/src/test/java/it/pagopa/swclient/mil/auth/service/RolesFinderTest.java b/src/test/java/it/pagopa/swclient/mil/auth/service/RolesFinderTest.java index 728e4919..d69903c1 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/service/RolesFinderTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/service/RolesFinderTest.java @@ -9,7 +9,6 @@ import java.util.List; -import org.eclipse.microprofile.rest.client.inject.RestClient; import org.junit.jupiter.api.Test; import io.quarkus.test.InjectMock; @@ -17,7 +16,6 @@ import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.helpers.test.UniAssertSubscriber; import it.pagopa.swclient.mil.auth.bean.Role; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.AuthException; import it.pagopa.swclient.mil.auth.util.UniGenerator; @@ -44,7 +42,6 @@ class RolesFinderTest { * */ @InjectMock - @RestClient AuthDataRepository repository; /* diff --git a/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java index 25d9fc75..a24ab069 100644 --- a/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/auth/service/TokenByPasswordServiceTest.java @@ -10,7 +10,6 @@ import java.security.NoSuchAlgorithmException; import java.util.Base64; -import org.eclipse.microprofile.rest.client.inject.RestClient; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestInstance; import org.junit.jupiter.api.TestInstance.Lifecycle; @@ -24,7 +23,6 @@ import it.pagopa.swclient.mil.auth.bean.GrantType; import it.pagopa.swclient.mil.auth.bean.Scope; import it.pagopa.swclient.mil.auth.bean.User; -import it.pagopa.swclient.mil.auth.client.AuthDataRepository; import it.pagopa.swclient.mil.auth.qualifier.Password; import it.pagopa.swclient.mil.auth.util.AuthError; import it.pagopa.swclient.mil.auth.util.PasswordVerifier; @@ -64,7 +62,6 @@ class TokenByPasswordServiceTest { * */ @InjectMock - @RestClient AuthDataRepository repository; /*