From bd856fa9a665943a7af18dc4769677ddc4db58b7 Mon Sep 17 00:00:00 2001
From: Antonio Tarricone <110115827+antoniotarricone@users.noreply.github.com>
Date: Wed, 18 Oct 2023 17:02:25 +0200
Subject: [PATCH] feat: Authentication for key vault use, by means of
system-managed identity. (#68)
---
.github/workflows/build-n-push-main.yml | 111 +++++++++++++++
.../bean/GetAccessTokenResponse.java | 14 +-
.../azurekeyvault/client/AzureAuthClient.java | 17 +--
.../service/AzureAuthService.java | 24 +---
src/main/resources/application.properties | 69 ++++------
.../service/AzureKeyFinderTest.java | 126 ++++++++++--------
.../service/AzureTokenSignerTest.java | 16 +--
.../resource/RefreshTokensResourceTest.java | 32 ++++-
.../TokenByClientSecretResourceTest.java | 76 +++++++----
.../resource/TokenByPasswordResourceTest.java | 32 ++++-
.../TokenByPoyntTokenResourceTest.java | 32 ++++-
11 files changed, 361 insertions(+), 188 deletions(-)
create mode 100644 .github/workflows/build-n-push-main.yml
diff --git a/.github/workflows/build-n-push-main.yml b/.github/workflows/build-n-push-main.yml
new file mode 100644
index 00000000..ac63e7f4
--- /dev/null
+++ b/.github/workflows/build-n-push-main.yml
@@ -0,0 +1,111 @@
+name: Build and push main
+
+on:
+ workflow_dispatch:
+
+jobs:
+ build_and_push_main:
+ runs-on: ubuntu-latest
+
+ permissions:
+ id-token: write
+ packages: write
+ contents: write
+
+ steps:
+ #
+ # Checkout the source code.
+ #
+ - name: Checkout the source code
+ uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
+ with:
+ token: ${{ secrets.GIT_PAT }}
+ fetch-depth: 0
+
+ #
+ # Cache JDK.
+ #
+ - name: Cache JDK
+ if: steps.semantic.outputs.new_release_published == 'true'
+ uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+ id: cache-jdk
+ with:
+ key: OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
+ path: |
+ ${{ runner.temp }}/jdk_setup.tar.gz
+ ${{ runner.temp }}/jdk_setup.sha256
+
+ #
+ # Download JDK and verify its hash.
+ #
+ - name: Download JDK and verify its hash
+ if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-jdk.outputs.cache-hit != 'true'
+ run: |
+ echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
+ curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
+ sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
+
+ #
+ # Setup JDK.
+ #
+ - name: Setup JDK
+ if: steps.semantic.outputs.new_release_published == 'true'
+ uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
+ with:
+ distribution: "jdkfile"
+ jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
+ java-version: "17"
+ cache: maven
+
+ #
+ # Cache Maven.
+ #
+ - name: Cache Maven
+ if: steps.semantic.outputs.new_release_published == 'true'
+ uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+ id: cache-maven
+ with:
+ key: apache-maven-3.9.2-bin.tar.gz
+ path: |
+ ${{ runner.temp }}/maven_setup.tar.gz
+ ${{ runner.temp }}/maven_setup.sha256
+
+ #
+ # Download Maven and verify its hash.
+ #
+ - name: Download Maven and verify its hash
+ if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-maven.outputs.cache-hit != 'true'
+ run: |
+ echo "809ef3220c6d179195c06c324cb9a6d34d8ecba566c5cfd8eb83167bc034117d ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
+ curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.2/binaries/apache-maven-3.9.2-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
+ sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
+
+ #
+ # Setup Maven.
+ #
+ - name: Setup Maven
+ if: steps.semantic.outputs.new_release_published == 'true'
+ run: |
+ mkdir ${{ runner.temp }}/maven
+ tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
+ echo "github${{ secrets.GIT_USER }}${{ secrets.GIT_PAT }}" >> ${{ runner.temp }}/settings.xml
+
+ #
+ # Build native executable.
+ #
+ - name: Build native executable
+ run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=false -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress
+
+ #
+ # Build Docker image.
+ #
+ - name: Build Docker image
+ run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:main .
+
+ #
+ # Push Docker image.
+ #
+ - name: Push Docker image
+ run: |
+ echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+ docker push -a ghcr.io/${{ github.repository }}
\ No newline at end of file
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java
index 466983d0..aa7c0c56 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/bean/GetAccessTokenResponse.java
@@ -35,14 +35,20 @@ public class GetAccessTokenResponse {
/*
*
*/
- @JsonProperty("expires_in")
- private long expiresIn;
+ @JsonProperty("expires_on")
+ private long expiresOn;
/*
*
*/
- @JsonProperty("ext_expires_in")
- private long extExpiresIn;
+ @JsonProperty("client_id")
+ private String clientId;
+
+ /*
+ *
+ */
+ @JsonProperty("resource")
+ private String resource;
/*
*
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java
index 9803b31b..c94ee11f 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/client/AzureAuthClient.java
@@ -9,9 +9,8 @@
import io.smallrye.mutiny.Uni;
import it.pagopa.swclient.mil.auth.azurekeyvault.bean.GetAccessTokenResponse;
-import jakarta.ws.rs.Consumes;
-import jakarta.ws.rs.FormParam;
-import jakarta.ws.rs.POST;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
@@ -30,14 +29,10 @@ public interface AzureAuthClient {
* @param scope
* @return
*/
- @Path("/{tenantId}/oauth2/v2.0/token")
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Path("?resource={scope}&api-version=2019-08-01")
+ @GET
@Produces(MediaType.APPLICATION_JSON)
Uni getAccessToken(
- @PathParam("tenantId") String tenantId,
- @FormParam("grant_type") String grantType,
- @FormParam("client_id") String clientId,
- @FormParam("client_secret") String clientSecret,
- @FormParam("scope") String scope);
+ @HeaderParam("x-identity-header") String identity,
+ @PathParam("scope") String scope);
}
diff --git a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java
index a4fbaa1f..00ca3f75 100644
--- a/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java
+++ b/src/main/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureAuthService.java
@@ -19,40 +19,28 @@
*/
@ApplicationScoped
public class AzureAuthService {
- /*
- * Grant types.
- */
- private static final String CLIENT_CREDENTIALS = "client_credentials";
/*
* Scope for authentication.
*/
private static final String VAULT = "https://vault.azure.net/.default";
+
/*
*
*/
@RestClient
AzureAuthClient client;
+
/*
*
*/
- @ConfigProperty(name = "azure-auth-api.tenant-id")
- String tenantId;
- /*
- *
- */
- @ConfigProperty(name = "azure-auth-api.client-id")
- String clientId;
- /*
- *
- */
- @ConfigProperty(name = "azure-auth-api.client-secret")
- String clientSecret;
-
+ @ConfigProperty(name = "azure-auth-api.identity")
+ String identity;
+
/**
* @return
*/
public Uni getAccessToken() {
Log.debug("Authenticating to Azure AD.");
- return client.getAccessToken(tenantId, CLIENT_CREDENTIALS, clientId, clientSecret, VAULT);
+ return client.getAccessToken(identity, VAULT);
}
}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 3cce516d..ed2c07da 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -10,16 +10,10 @@ quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss.SSS} [%X{requestId}] [%p] [%c{
%dev.quarkus.log.level=INFO
%dev.quarkus.log.category."it.pagopa.swclient.mil.auth".level=DEBUG
-%dev.quarkus.log.category."REQ_IN".level=INFO
-%dev.quarkus.log.category."RESP_OUT".level=INFO
%dev.quarkus.rest-client.logging.scope=all
%dev.quarkus.rest-client.logging.body-limit=32768
%dev.quarkus.log.category."org.jboss.resteasy.reactive.client.logging".level=DEBUG
-%test.quarkus.rest-client.logging.scope=all
-%test.quarkus.rest-client.logging.body-limit=32768
-%test.quarkus.log.category."org.jboss.resteasy.reactive.client.logging".level=DEBUG
-
%test.quarkus.log.level=ERROR
%test.quarkus.log.category."it.pagopa.swclient.mil.auth".level=DEBUG
@@ -29,71 +23,56 @@ quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss.SSS} [%X{requestId}] [%p] [%c{
# ------------------------------------------------------------------------------
# Cryptoperiod of RSA keys in seconds (86400s = 1d)
# ------------------------------------------------------------------------------
-%dev.cryptoperiod=86400
-%test.cryptoperiod=86400
+cryptoperiod=86400
%prod.cryptoperiod=${auth.cryptoperiod}
# ------------------------------------------------------------------------------
# Key size (modulus) of RSA keys in bits
# ------------------------------------------------------------------------------
-%dev.keysize=4096
-%test.keysize=4096
+keysize=4096
%prod.keysize=${auth.keysize}
# ------------------------------------------------------------------------------
# Token configuration
# ------------------------------------------------------------------------------
-%dev.access.duration=300
-%test.access.duration=300
-%prod.access.duration=${auth.access.duration}
+access.duration=300
+refresh.duration=3600
-%dev.refresh.duration=3600
-%test.refresh.duration=3600
+%prod.access.duration=${auth.access.duration}
%prod.refresh.duration=${auth.refresh.duration}
-#
+# ------------------------------------------------------------------------------
# Poynt integration
-#
+# ------------------------------------------------------------------------------
quarkus.rest-client.poynt-api.url=https://services-eu.poynt.net/
poynt-api.version=1.2
-#
+# ------------------------------------------------------------------------------
# Authorization data repository (clients, roles)
-#
-%dev.quarkus.rest-client.auth-data-repository.url=https://mildconfst.blob.core.windows.net
-%test.quarkus.rest-client.auth-data-repository.url=https://mildconfst.blob.core.windows.net
+# ------------------------------------------------------------------------------
+quarkus.rest-client.auth-data-repository.url=https://mildconfst.blob.core.windows.net
%prod.quarkus.rest-client.auth-data-repository.url=${auth.data.url}
-#
+# ------------------------------------------------------------------------------
# TTL for the authorization data cache
-#
-%test.quarkus.cache.enabled=false
+# ------------------------------------------------------------------------------
quarkus.cache.caffeine.expire-after-write=1h
+%test.quarkus.cache.enabled=false
-#
+# ------------------------------------------------------------------------------
# Azure Auth API
-#
-quarkus.rest-client.azure-auth-api.url=https://login.microsoftonline.com
-
-%dev.azure-auth-api.tenant-id=${AZURE_TENANT_ID}
-%dev.azure-auth-api.client-id=${AZURE_CLIENT_ID}
-%dev.azure-auth-api.client-secret=${AZURE_CLIENT_SECRET}
-
-%test.azure-auth-api.tenant-id=dummy
-%test.azure-auth-api.client-id=dummy
-%test.azure-auth-api.client-secret=dummy
+# ------------------------------------------------------------------------------
+quarkus.rest-client.azure-auth-api.url=http://dummy
+azure-auth-api.identity=dummy
-%prod.azure-auth-api.tenant-id=${azure.tenant.id}
-%prod.azure-auth-api.client-id=${azure.client.id}
-%prod.azure-auth-api.client-secret=${azure.client.secret}
+%prod.quarkus.rest-client.azure-auth-api.url=${IDENTITY_ENDPOINT}
+%prod.azure-auth-api.identity=${IDENTITY_HEADER}
-#
+# ------------------------------------------------------------------------------
# Azure Key Vault API
-#
-%dev.azure-key-vault-api.version=7.4
-%test.azure-key-vault-api.version=7.4
-%prod.azure-key-vault-api.version=${auth.keyvault.api-version}
+# ------------------------------------------------------------------------------
+azure-key-vault-api.version=7.4
+quarkus.rest-client.azure-key-vault-api.url=http://dummy
-%dev.quarkus.rest-client.azure-key-vault-api.url=https://mil-d-appl-kv.vault.azure.net/
-%test.quarkus.rest-client.azure-key-vault-api.url=https://mil-d-appl-kv.vault.azure.net/
+%prod.azure-key-vault-api.version=${auth.keyvault.api-version}
%prod.quarkus.rest-client.azure-key-vault-api.url=${auth.keyvault.url}
\ No newline at end of file
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java b/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java
index 244bc4c8..76f7ce43 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureKeyFinderTest.java
@@ -15,6 +15,7 @@
import java.util.List;
import java.util.Optional;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
@@ -83,29 +84,40 @@ class AzureKeyFinderTest {
/*
*
*/
- private static final String KEY_URL = "https://mil-d-appl-kv.vault.azure.net/keys/";
+ @ConfigProperty(name = "quarkus.rest-client.azure-key-vault-api.url")
+ String vaultBaseUrl;
+
+ /*
+ *
+ */
+ private String keyUrl;
+
/*
*
*/
private static final String AZURE_ACCESS_TOKEN = "this_is_the_token";
private static final String AUTHORIZATION_HDR_VALUE = "Bearer " + AZURE_ACCESS_TOKEN;
+
/*
*
*/
@InjectMock
@RestClient
AzureAuthClient authClient;
+
/*
*
*/
@InjectMock
@RestClient
AzureKeyVaultClient keyVaultClient;
+
/*
*
*/
@Inject
AzureKeyFinder azureKeyFinder;
+
/*
*
*/
@@ -172,6 +184,8 @@ class AzureKeyFinderTest {
*/
@BeforeAll
void setup() {
+ keyUrl = vaultBaseUrl + (vaultBaseUrl.endsWith("/") ? "keys/" : "/keys/");
+
now = Instant.now().getEpochSecond();
/*
@@ -202,7 +216,7 @@ void setup() {
Boolean.FALSE));
keyWithValidKid1 = new BasicKey(
- KEY_URL + K1,
+ keyUrl + K1,
new KeyAttributes(
now - 300,
now + 600,
@@ -214,7 +228,7 @@ void setup() {
Boolean.FALSE));
keyWithValidKid2 = new BasicKey(
- KEY_URL + K2,
+ keyUrl + K2,
new KeyAttributes(
now - 300,
now + 300,
@@ -226,7 +240,7 @@ void setup() {
Boolean.FALSE));
keyWithValidKidWithoutVersions = new BasicKey(
- KEY_URL + K3,
+ keyUrl + K3,
new KeyAttributes(
now - 300,
now + 300,
@@ -238,7 +252,7 @@ void setup() {
Boolean.FALSE));
keyBelogingToAnotherDomain = new BasicKey(
- KEY_URL + K5,
+ keyUrl + K5,
new KeyAttributes(
now - 300,
now + 300,
@@ -250,7 +264,7 @@ void setup() {
Boolean.FALSE));
keyWithoutDetails = new BasicKey(
- KEY_URL + K6,
+ keyUrl + K6,
new KeyAttributes(
now - 300,
now + 300,
@@ -267,11 +281,11 @@ void setup() {
nullVersionK1V1 = null;
versionWithNullAttributesK2V1 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V1,
+ keyUrl + K2 + "/" + K2_V1,
null);
versionWithNullEnabledAttributeK1V2 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V2,
+ keyUrl + K1 + "/" + K1_V2,
new KeyAttributes(
now - 300,
now + 300,
@@ -283,7 +297,7 @@ void setup() {
Boolean.FALSE));
versionWithFalseEnabledAttributeK2V2 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V2,
+ keyUrl + K2 + "/" + K2_V2,
new KeyAttributes(
now - 300,
now + 300,
@@ -295,7 +309,7 @@ void setup() {
Boolean.FALSE));
versionWithNullCreationTimestampAttributeK1V3 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V3,
+ keyUrl + K1 + "/" + K1_V3,
new KeyAttributes(
null,
now + 300,
@@ -307,7 +321,7 @@ void setup() {
Boolean.FALSE));
versionWithNotCoherentCreationTimestampAttributeK2V3 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V3,
+ keyUrl + K2 + "/" + K2_V3,
new KeyAttributes(
now + 300,
now + 300,
@@ -319,7 +333,7 @@ void setup() {
Boolean.FALSE));
versionWithNullExpiredTimestampAttributeK1V4 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V4,
+ keyUrl + K1 + "/" + K1_V4,
new KeyAttributes(
now - 300,
null,
@@ -331,7 +345,7 @@ void setup() {
Boolean.FALSE));
expiredVersionK2V4 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V4,
+ keyUrl + K2 + "/" + K2_V4,
new KeyAttributes(
now - 300,
now - 100,
@@ -343,7 +357,7 @@ void setup() {
Boolean.FALSE));
versionWithNullNotBeforeAttributeK1V5 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V5,
+ keyUrl + K1 + "/" + K1_V5,
new KeyAttributes(
now - 300,
now + 300,
@@ -355,7 +369,7 @@ void setup() {
Boolean.FALSE));
versionWithUnmetNotBeforeAttributeK2V5 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V5,
+ keyUrl + K2 + "/" + K2_V5,
new KeyAttributes(
now - 300,
now + 300,
@@ -391,7 +405,7 @@ void setup() {
Boolean.FALSE));
versionWithNullDetailsK1V7 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V7,
+ keyUrl + K1 + "/" + K1_V7,
new KeyAttributes(
now - 300,
now + 300,
@@ -403,7 +417,7 @@ void setup() {
Boolean.FALSE));
versionWithExpiredDetailsK2V7 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V7,
+ keyUrl + K2 + "/" + K2_V7,
new KeyAttributes(
now - 300,
now + 300,
@@ -415,7 +429,7 @@ void setup() {
Boolean.FALSE));
versionWithDetailsWithNoRsaKeyTypeK1V8 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V8,
+ keyUrl + K1 + "/" + K1_V8,
new KeyAttributes(
now - 300,
now + 300,
@@ -427,7 +441,7 @@ void setup() {
Boolean.FALSE));
versionWithDetailsWithNullOpsK2V8 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V8,
+ keyUrl + K2 + "/" + K2_V8,
new KeyAttributes(
now - 300,
now + 300,
@@ -439,7 +453,7 @@ void setup() {
Boolean.FALSE));
versionWithDetailsWithoutSignOpK1V9 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V9,
+ keyUrl + K1 + "/" + K1_V9,
new KeyAttributes(
now - 300,
now + 300,
@@ -451,7 +465,7 @@ void setup() {
Boolean.FALSE));
versionWithDetailsWithoutVerifyOpK2V9 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V9,
+ keyUrl + K2 + "/" + K2_V9,
new KeyAttributes(
now - 300,
now + 300,
@@ -463,7 +477,7 @@ void setup() {
Boolean.FALSE));
versionWithDetailsWithoutSignAndVerifyOpK1V10 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V10,
+ keyUrl + K1 + "/" + K1_V10,
new KeyAttributes(
now - 300,
now + 300,
@@ -475,7 +489,7 @@ void setup() {
Boolean.FALSE));
versionWithValidDetailsK2V10 = new BasicKey(
- KEY_URL + K2 + "/" + K2_V10,
+ keyUrl + K2 + "/" + K2_V10,
new KeyAttributes(
now - 300,
now + 300,
@@ -487,7 +501,7 @@ void setup() {
Boolean.FALSE));
versionWithValidDetailsWithGreatestExpirationK1V11 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V11,
+ keyUrl + K1 + "/" + K1_V11,
new KeyAttributes(
now - 300,
now + 600,
@@ -499,7 +513,7 @@ void setup() {
Boolean.FALSE));
versionWith500OnGetKeyK1V12 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V12,
+ keyUrl + K1 + "/" + K1_V12,
new KeyAttributes(
now - 300,
now + 300,
@@ -511,7 +525,7 @@ void setup() {
Boolean.FALSE));
versionWith500OnGetKeyK1V12 = new BasicKey(
- KEY_URL + K1 + "/" + K1_V12,
+ keyUrl + K1 + "/" + K1_V12,
new KeyAttributes(
now - 300,
now + 300,
@@ -523,7 +537,7 @@ void setup() {
Boolean.FALSE));
versionWithoutDetailsK6V1 = new BasicKey(
- KEY_URL + K6 + "/" + K6_V1,
+ keyUrl + K6 + "/" + K6_V1,
new KeyAttributes(
now - 300,
now + 300,
@@ -539,7 +553,7 @@ void setup() {
*/
expiredDetailsK2V7 = new DetailedKey(
new KeyDetails(
- KEY_URL + K2 + "/" + K2_V7,
+ keyUrl + K2 + "/" + K2_V7,
"RSA",
new String[] {
"sign", "verify"
@@ -558,7 +572,7 @@ void setup() {
detailsWithNoRsaKeyTypeK1V8 = new DetailedKey(
new KeyDetails(
- KEY_URL + K1 + "/" + K1_V8,
+ keyUrl + K1 + "/" + K1_V8,
"non-RSA",
new String[] {
"sign", "verify"
@@ -577,7 +591,7 @@ void setup() {
detailsWithNullOpsK2V8 = new DetailedKey(
new KeyDetails(
- KEY_URL + K2 + "/" + K2_V8,
+ keyUrl + K2 + "/" + K2_V8,
"RSA",
null,
"this_is_the_modulus",
@@ -594,7 +608,7 @@ void setup() {
detailsWithoutSignOpK1V9 = new DetailedKey(
new KeyDetails(
- KEY_URL + K1 + "/" + K1_V9,
+ keyUrl + K1 + "/" + K1_V9,
"RSA",
new String[] {
"verify"
@@ -613,7 +627,7 @@ void setup() {
detailsWithoutVerifyOpK2V9 = new DetailedKey(
new KeyDetails(
- KEY_URL + K2 + "/" + K2_V9,
+ keyUrl + K2 + "/" + K2_V9,
"RSA",
new String[] {
"sign"
@@ -632,7 +646,7 @@ void setup() {
detailsWithoutSignAndVerifyOpK1V10 = new DetailedKey(
new KeyDetails(
- KEY_URL + K1 + "/" + K1_V10,
+ keyUrl + K1 + "/" + K1_V10,
"RSA",
new String[] {},
"this_is_the_modulus",
@@ -649,7 +663,7 @@ void setup() {
validDetailsK2V10 = new DetailedKey(
new KeyDetails(
- KEY_URL + K2 + "/" + K2_V10,
+ keyUrl + K2 + "/" + K2_V10,
"RSA",
new String[] {
"verify", "sign"
@@ -668,7 +682,7 @@ void setup() {
validDetailsWithGreatestExpirationK1V11 = new DetailedKey(
new KeyDetails(
- KEY_URL + K1 + "/" + K1_V11,
+ keyUrl + K1 + "/" + K1_V11,
"RSA",
new String[] {
"verify", "sign"
@@ -721,8 +735,8 @@ void setup() {
*
*/
private void mostCommonSetup() {
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().item(new GetKeysResponse(new BasicKey[] {
@@ -814,8 +828,8 @@ void testFindPublicKeysWithNullAccessToken() {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, null)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", null)));
/*
* Test.
@@ -834,7 +848,7 @@ void testFindPublicKeysWith401OnGetAccessToken() {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
+ when(authClient.getAccessToken(anyString(), anyString()))
.thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Status.UNAUTHORIZED).build())));
/*
@@ -932,8 +946,8 @@ void testFindPublicKeysWith401OnGetKeys() {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Status.UNAUTHORIZED).build())));
@@ -991,7 +1005,7 @@ void testFindValidPublicKeyWithGreatestExpiration2() {
DetailedKey validDetails1 = new DetailedKey(
new KeyDetails(
- KEY_URL + K1 + "/" + K1_V11,
+ keyUrl + K1 + "/" + K1_V11,
"RSA",
new String[] {
"verify", "sign"
@@ -1010,7 +1024,7 @@ void testFindValidPublicKeyWithGreatestExpiration2() {
DetailedKey validDetails2 = new DetailedKey(
new KeyDetails(
- KEY_URL + K2 + "/" + K2_V10,
+ keyUrl + K2 + "/" + K2_V10,
"RSA",
new String[] {
"verify", "sign"
@@ -1067,7 +1081,7 @@ void testFindValidPublicKeyWithGreatestExpiration3() {
DetailedKey validDetails1 = new DetailedKey(
new KeyDetails(
- KEY_URL + K1 + "/" + K1_V11,
+ keyUrl + K1 + "/" + K1_V11,
"RSA",
new String[] {
"verify", "sign"
@@ -1086,7 +1100,7 @@ void testFindValidPublicKeyWithGreatestExpiration3() {
DetailedKey validDetails2 = new DetailedKey(
new KeyDetails(
- KEY_URL + K2 + "/" + K2_V10,
+ keyUrl + K2 + "/" + K2_V10,
"RSA",
new String[] {
"verify", "sign"
@@ -1139,8 +1153,8 @@ void testFindValidPublicKeyWithGreatestExpirationWithNoKeys() {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().item(new GetKeysResponse(new BasicKey[]{})));
@@ -1165,8 +1179,8 @@ void testFindValidPublicKeyWithGreatestExpirationWithNoKeysAndExpiredKeyIsCreate
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().item(new GetKeysResponse(new BasicKey[]{})));
@@ -1191,8 +1205,8 @@ void testFindValidPublicKeyWithGreatestExpirationWithNoKeysAndNonRsaKeyIsCreated
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().item(new GetKeysResponse(new BasicKey[]{})));
@@ -1217,8 +1231,8 @@ void testFindValidPublicKeyWithGreatestExpirationWithNoKeysAndKeyWithBadKidIsCre
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().item(new GetKeysResponse(new BasicKey[]{})));
@@ -1243,8 +1257,8 @@ void testFindValidPublicKeyWithGreatestExpirationWithNoKeysAndErrorOnCreation()
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, AZURE_ACCESS_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now + 3599, "", "", AZURE_ACCESS_TOKEN)));
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(Uni.createFrom().item(new GetKeysResponse(new BasicKey[]{})));
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java b/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java
index 9408d8c4..15070a8a 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/azurekeyvault/service/AzureTokenSignerTest.java
@@ -369,8 +369,8 @@ void testVerify() throws JOSEException {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, "this_is_the_token")));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now.getEpochSecond() + 3599, "", "", "this_is_the_token")));
when(keyVaultClient.verifySignature(anyString(), eq(KEY_NAME), eq(KEY_VERSION), any(VerifySignatureRequest.class)))
.thenReturn(Uni.createFrom().item(new VerifySignatureResponse(Boolean.TRUE)));
@@ -417,8 +417,8 @@ void testVerifyWithFailedVerification() throws JOSEException {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, "this_is_the_token")));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now.getEpochSecond() + 3599, "", "", "this_is_the_token")));
when(keyVaultClient.verifySignature(anyString(), eq(KEY_NAME), eq(KEY_VERSION), any(VerifySignatureRequest.class)))
.thenReturn(Uni.createFrom().item(new VerifySignatureResponse(Boolean.FALSE)));
@@ -464,8 +464,8 @@ void testVerifyWithNullAccessToken() throws JOSEException {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, null)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now.getEpochSecond() + 3599, "", "", null)));
when(keyVaultClient.verifySignature(anyString(), eq(KEY_NAME), eq(KEY_VERSION), any(VerifySignatureRequest.class)))
.thenReturn(Uni.createFrom().item(new VerifySignatureResponse(Boolean.TRUE)));
@@ -511,8 +511,8 @@ void testVerifyWithNoSuchAlgorithmException() throws JOSEException {
/*
* Setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", 3599, 3599, "this_is_the_token")));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(Uni.createFrom().item(new GetAccessTokenResponse("Bearer", now.getEpochSecond() + 3599, "", "", "this_is_the_token")));
when(keyVaultClient.verifySignature(anyString(), eq(KEY_NAME), eq(KEY_VERSION), any(VerifySignatureRequest.class)))
.thenReturn(Uni.createFrom().item(new VerifySignatureResponse(Boolean.TRUE)));
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java
index 29eaca2f..2d8a1da5 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/RefreshTokensResourceTest.java
@@ -25,7 +25,9 @@
import java.util.Date;
import java.util.List;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
@@ -100,7 +102,17 @@ class RefreshTokensResourceTest {
/*
*
*/
- private static final String KEY_URL = "https://mil-d-appl-kv.vault.azure.net/keys/";
+ @ConfigProperty(name = "quarkus.rest-client.azure-key-vault-api.url")
+ String vaultBaseUrl;
+
+ /*
+ *
+ */
+ private String keyUrl;
+
+ /*
+ *
+ */
private static final String KEY_NAME = "auth0709643f49394529b92c19a68c8e184a";
private static final String KEY_VERSION = "6581c704deda4979943c3b34468df7c2";
private static final String KID = KEY_NAME + "/" + KEY_VERSION;
@@ -135,6 +147,14 @@ class RefreshTokensResourceTest {
@RestClient
AzureAuthClient authClient;
+ /**
+ *
+ */
+ @BeforeAll
+ void setup() {
+ keyUrl = vaultBaseUrl + (vaultBaseUrl.endsWith("/") ? "keys/" : "/keys/");
+ }
+
@Test
void testOk() throws InvalidKeySpecException, NoSuchAlgorithmException, JOSEException {
/*
@@ -152,8 +172,8 @@ void testOk() throws InvalidKeySpecException, NoSuchAlgorithmException, JOSEExce
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -163,16 +183,16 @@ void testOk() throws InvalidKeySpecException, NoSuchAlgorithmException, JOSEExce
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME, keyAttributes)
})));
when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
})));
when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION))
- .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
+ .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class)))
.thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE)));
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java
index 4c75f799..e088c0a2 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByClientSecretResourceTest.java
@@ -18,7 +18,9 @@
import java.time.Instant;
import java.util.List;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
@@ -85,7 +87,17 @@ class TokenByClientSecretResourceTest {
/*
*
*/
- private static final String KEY_URL = "https://mil-d-appl-kv.vault.azure.net/keys/";
+ @ConfigProperty(name = "quarkus.rest-client.azure-key-vault-api.url")
+ String vaultBaseUrl;
+
+ /*
+ *
+ */
+ private String keyUrl;
+
+ /*
+ *
+ */
private static final String KEY_NAME = "auth0709643f49394529b92c19a68c8e184a";
private static final String KEY_VERSION = "6581c704deda4979943c3b34468df7c2";
private static final String KID = KEY_NAME + "/" + KEY_VERSION;
@@ -119,6 +131,14 @@ class TokenByClientSecretResourceTest {
@RestClient
AzureAuthClient authClient;
+ /**
+ *
+ */
+ @BeforeAll
+ void setup() {
+ keyUrl = vaultBaseUrl + (vaultBaseUrl.endsWith("/") ? "keys/" : "/keys/");
+ }
+
@Test
void testOk() {
/*
@@ -136,8 +156,8 @@ void testOk() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -146,17 +166,17 @@ void testOk() {
KeyAttributes keyAttributes = new KeyAttributes(now - 300, now + 600, now - 300, now - 300, Boolean.TRUE, KEY_RECOVERY_LEVEL, 0, Boolean.FALSE);
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
- .thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME, keyAttributes)
+ .thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[] {
+ new BasicKey(keyUrl + KEY_NAME, keyAttributes)
})));
when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
})));
when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION))
- .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
+ .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class)))
.thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE)));
@@ -204,8 +224,8 @@ void testOkForAtm() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -215,16 +235,16 @@ void testOkForAtm() {
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME, keyAttributes)
})));
when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
})));
when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION))
- .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
+ .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class)))
.thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE)));
@@ -271,8 +291,8 @@ void testOkForPortal() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -282,16 +302,16 @@ void testOkForPortal() {
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME, keyAttributes)
})));
when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
})));
when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION))
- .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
+ .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class)))
.thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE)));
@@ -575,7 +595,7 @@ void test401OnGetAccessToken() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
+ when(authClient.getAccessToken(anyString(), anyString()))
.thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build())));
/*
@@ -618,14 +638,14 @@ void test401OnGetKeys() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
*/
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
- .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build())));
+ .thenReturn(Uni.createFrom().failure(new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build())));
/*
* Test.
@@ -667,8 +687,8 @@ void test401WithNullAccessToken() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, null)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", null)));
/*
* Test.
@@ -710,8 +730,8 @@ void testExpiredKeyOnKeyCreation() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -721,7 +741,7 @@ void testExpiredKeyOnKeyCreation() {
long now = Instant.now().getEpochSecond();
when(keyVaultClient.createKey(eq(AUTHORIZATION_HDR_VALUE), anyString(), any(CreateKeyRequest.class)))
- .thenReturn(Uni.createFrom().item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), new KeyAttributes(now - 300, now - 100, now - 300, now - 300, Boolean.TRUE, KEY_RECOVERY_LEVEL, 0, Boolean.FALSE))));
+ .thenReturn(Uni.createFrom().item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), new KeyAttributes(now - 300, now - 100, now - 300, now - 300, Boolean.TRUE, KEY_RECOVERY_LEVEL, 0, Boolean.FALSE))));
/*
* Test.
@@ -763,8 +783,8 @@ void testErrorOnKeyCreation() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java
index 4851aa4e..71c8559f 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPasswordResourceTest.java
@@ -21,7 +21,9 @@
import java.util.Base64;
import java.util.List;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
@@ -92,7 +94,17 @@ class TokenByPasswordResourceTest {
/*
*
*/
- private static final String KEY_URL = "https://mil-d-appl-kv.vault.azure.net/keys/";
+ @ConfigProperty(name = "quarkus.rest-client.azure-key-vault-api.url")
+ String vaultBaseUrl;
+
+ /*
+ *
+ */
+ private String keyUrl;
+
+ /*
+ *
+ */
private static final String KEY_NAME = "auth0709643f49394529b92c19a68c8e184a";
private static final String KEY_VERSION = "6581c704deda4979943c3b34468df7c2";
private static final String KID = KEY_NAME + "/" + KEY_VERSION;
@@ -138,6 +150,14 @@ class TokenByPasswordResourceTest {
@RestClient
AzureAuthClient authClient;
+ /**
+ *
+ */
+ @BeforeAll
+ void setup() {
+ keyUrl = vaultBaseUrl + (vaultBaseUrl.endsWith("/") ? "keys/" : "/keys/");
+ }
+
@Test
void testOk() throws NoSuchAlgorithmException {
/*
@@ -167,8 +187,8 @@ void testOk() throws NoSuchAlgorithmException {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(TokenType.BEARER, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -178,16 +198,16 @@ void testOk() throws NoSuchAlgorithmException {
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[] {
- new BasicKey(KEY_URL + KEY_NAME, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME, keyAttributes)
})));
when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[] {
- new BasicKey(KEY_URL + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
})));
when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION))
- .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
+ .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class)))
.thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE)));
diff --git a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java
index 8e6a5aeb..b0c5fcef 100644
--- a/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java
+++ b/src/test/java/it/pagopa/swclient/mil/auth/resource/TokenByPoyntTokenResourceTest.java
@@ -17,7 +17,9 @@
import java.time.Instant;
import java.util.List;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
@@ -82,7 +84,17 @@ class TokenByPoyntTokenResourceTest {
/*
*
*/
- private static final String KEY_URL = "https://mil-d-appl-kv.vault.azure.net/keys/";
+ @ConfigProperty(name = "quarkus.rest-client.azure-key-vault-api.url")
+ String vaultBaseUrl;
+
+ /*
+ *
+ */
+ private String keyUrl;
+
+ /*
+ *
+ */
private static final String KEY_NAME = "auth0709643f49394529b92c19a68c8e184a";
private static final String KEY_VERSION = "6581c704deda4979943c3b34468df7c2";
private static final String KID = KEY_NAME + "/" + KEY_VERSION;
@@ -123,6 +135,14 @@ class TokenByPoyntTokenResourceTest {
@RestClient
PoyntClient poyntClient;
+ /**
+ *
+ */
+ @BeforeAll
+ void setup() {
+ keyUrl = vaultBaseUrl + (vaultBaseUrl.endsWith("/") ? "keys/" : "/keys/");
+ }
+
@Test
void testOk() {
/*
@@ -146,8 +166,8 @@ void testOk() {
/*
* Azure auth. client setup.
*/
- when(authClient.getAccessToken(anyString(), anyString(), anyString(), anyString(), anyString()))
- .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, AZURE_TOKEN_DURATION, AZURE_TOKEN_DURATION, AZURE_TOKEN)));
+ when(authClient.getAccessToken(anyString(), anyString()))
+ .thenReturn(UniGenerator.item(new GetAccessTokenResponse(JsonPropertyName.TOKEN_TYPE, Instant.now().getEpochSecond() + AZURE_TOKEN_DURATION, "", "", AZURE_TOKEN)));
/*
* Azure key vault setup.
@@ -157,16 +177,16 @@ void testOk() {
when(keyVaultClient.getKeys(AUTHORIZATION_HDR_VALUE))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME, keyAttributes)
})));
when(keyVaultClient.getKeyVersions(AUTHORIZATION_HDR_VALUE, KEY_NAME))
.thenReturn(UniGenerator.item(new GetKeysResponse(new BasicKey[]{
- new BasicKey(KEY_URL + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
+ new BasicKey(keyUrl + KEY_NAME + "/" + KEY_VERSION, keyAttributes)
})));
when(keyVaultClient.getKey(AUTHORIZATION_HDR_VALUE, KEY_NAME, KEY_VERSION))
- .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(KEY_URL + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
+ .thenReturn(UniGenerator.item(new DetailedKey(new KeyDetails(keyUrl + KEY_NAME + "/" + KEY_VERSION, KEY_TYPE, KEY_OPS, MODULUS, PUBLIC_EXPONENT), keyAttributes)));
when(keyVaultClient.sign(eq(AUTHORIZATION_HDR_VALUE), eq(KEY_NAME), eq(KEY_VERSION), any(SignRequest.class)))
.thenReturn(UniGenerator.item(new SignResponse(KID, EXPECTED_SIGNATURE)));