move AwsPrivateKeyStore from server_common to auth_core as AwsS3Priva…

…teKeyStore

Signed-off-by: Henry Avetisyan <[email protected]>

libs/java/auth_core/pom.xml

@@ -30,18 +30,6 @@
     <code.coverage.min>0.9007</code.coverage.min>
   </properties>
 
-  <dependencyManagement>
-    <dependencies>
-      <dependency>
-        <groupId>software.amazon.awssdk</groupId>
-        <artifactId>bom</artifactId>
-        <version>${aws2.version}</version>
-        <type>pom</type>
-        <scope>import</scope>
-      </dependency>
-    </dependencies>
-  </dependencyManagement>
-
   <dependencies>
     <dependency>
       <groupId>org.slf4j</groupId>
@@ -94,6 +82,17 @@
     <dependency>
       <groupId>software.amazon.awssdk</groupId>
       <artifactId>ssm</artifactId>
+      <version>${aws2.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>s3</artifactId>
+      <version>${aws2.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>software.amazon.awssdk</groupId>
+      <artifactId>kms</artifactId>
+      <version>${aws2.version}</version>
     </dependency>
     <dependency>
       <groupId>io.jsonwebtoken</groupId>

libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStore.java → libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStore.java

@@ -14,8 +14,9 @@
  * limitations under the License.
  */
 
-package com.yahoo.athenz.auth.impl.aws;
+package com.yahoo.athenz.auth.impl;
 
+import com.yahoo.athenz.auth.util.StringUtils;
 import software.amazon.awssdk.core.ResponseInputStream;
 import software.amazon.awssdk.core.SdkBytes;
 import software.amazon.awssdk.regions.Region;
@@ -28,7 +29,6 @@
 import com.yahoo.athenz.auth.PrivateKeyStore;
 import com.yahoo.athenz.auth.ServerPrivateKey;
 import com.yahoo.athenz.auth.util.Crypto;
-import org.eclipse.jetty.util.StringUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -47,9 +47,9 @@
  * AmazonS3 lib defaults to reading from S3 buckets created under us-east-1 unless
  * its explicitly specified using system property or aws config
  */
-public class AwsPrivateKeyStore implements PrivateKeyStore {
+public class AwsS3PrivateKeyStore implements PrivateKeyStore {
 
-    private static final Logger LOG = LoggerFactory.getLogger(AwsPrivateKeyStore.class);
+    private static final Logger LOG = LoggerFactory.getLogger(AwsS3PrivateKeyStore.class);
 
     private static final String ATHENZ_PROP_AWS_S3_REGION   = "athenz.aws.s3.region";
     private static final String ATHENZ_PROP_AWS_KMS_DECRYPT = "athenz.aws.store_kms_decrypt";
@@ -71,24 +71,24 @@ public class AwsPrivateKeyStore implements PrivateKeyStore {
     private final KmsClient kms;
     private boolean kmsDecrypt;
 
-    public AwsPrivateKeyStore() {
+    public AwsS3PrivateKeyStore() {
        this(initAmazonS3(), initAWSKMS());
        kmsDecrypt = Boolean.parseBoolean(System.getProperty(ATHENZ_PROP_AWS_KMS_DECRYPT, "false"));
     }
 
     private static KmsClient initAWSKMS() {
         final String kmsRegion = System.getProperty(ATHENZ_PROP_AWS_KMS_REGION);
-        return StringUtil.isEmpty(kmsRegion) ? KmsClient.create() :
+        return StringUtils.isEmpty(kmsRegion) ? KmsClient.create() :
                 KmsClient.builder().region(Region.of(kmsRegion)).build();
     }
 
     private static S3Client initAmazonS3() {
         final String s3Region = System.getProperty(ATHENZ_PROP_AWS_S3_REGION);
-        return StringUtil.isEmpty(s3Region) ? S3Client.create() :
+        return StringUtils.isEmpty(s3Region) ? S3Client.create() :
                 S3Client.builder().region(Region.of(s3Region)).build();
     }
 
-    public AwsPrivateKeyStore(final S3Client s3, final KmsClient kms) {
+    public AwsS3PrivateKeyStore(final S3Client s3, final KmsClient kms) {
         this.s3 = s3;
         this.kms = kms;
     }

libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreFactory.java → libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreFactory.java

@@ -14,16 +14,15 @@
  * limitations under the License.
  */
 
-package com.yahoo.athenz.auth.impl.aws;
+package com.yahoo.athenz.auth.impl;
 
 import com.yahoo.athenz.auth.PrivateKeyStore;
 import com.yahoo.athenz.auth.PrivateKeyStoreFactory;
 
-public class AwsPrivateKeyStoreFactory implements PrivateKeyStoreFactory {
+public class AwsS3PrivateKeyStoreFactory implements PrivateKeyStoreFactory {
 
     @Override
     public PrivateKeyStore create() {
-        return new AwsPrivateKeyStore();
+        return new AwsS3PrivateKeyStore();
     }
-
 }

libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/StringUtils.java

@@ -110,4 +110,8 @@ public static int countMatches(final CharSequence str, final char ch) {
         }
         return count;
     }
+
+    public static boolean isEmpty(final String value) {
+        return value == null || value.isEmpty();
+    }
 }

libs/java/server_common/src/test/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreTest.java → libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreTest.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.yahoo.athenz.auth.impl.aws;
+package com.yahoo.athenz.auth.impl;
 
 import software.amazon.awssdk.core.ResponseInputStream;
 import software.amazon.awssdk.core.SdkBytes;
@@ -39,13 +39,13 @@
 import static org.mockito.Mockito.mock;
 import static org.testng.Assert.*;
 
-public class AwsPrivateKeyStoreTest {
+public class AwsS3PrivateKeyStoreTest {
 
     private static final String ATHENZ_PROP_ZTS_BUCKET_NAME = "athenz.aws.zts.bucket_name";
     private static final String ATHENZ_AWS_KMS_REGION = "athenz.aws.store_kms_region";
 
     @Test
-    public void testAwsPrivateKeyStore() {
+    public void testAwsS3PrivateKeyStore() {
         System.setProperty("athenz.aws.s3.region", "us-east-1");
         System.setProperty(ATHENZ_AWS_KMS_REGION, "us-east-1");
         String bucketName = "my_bucket";
@@ -67,11 +67,11 @@ public void testAwsPrivateKeyStore() {
         SdkBytes buffer = SdkBytes.fromByteArray(expected.getBytes());
         Mockito.when(decryptResponse.plaintext()).thenReturn(buffer);
 
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
         char []actual = awsPrivateKeyStore.getSecret(bucketName, "", keyName);
         awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "region", null);
         assertEquals(actual, expected.toCharArray());
-        S3Exception s3Exception = Mockito.mock(S3Exception.class);
+        S3Exception s3Exception = mock(S3Exception.class);
         Mockito.when(s3.getObject(any(GetObjectRequest.class))).thenThrow(s3Exception);
         awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "region", null);
 
@@ -83,10 +83,10 @@ public void testAwsPrivateKeyStore() {
     public void testGetPrivateKey() {
         System.setProperty("athenz.aws.s3.region", "us-east-1");
         System.setProperty("athenz.aws.store_kms_region", "us-east-1");
-        AwsPrivateKeyStoreFactory awsPrivateKeyStoreFactory = new AwsPrivateKeyStoreFactory();
-        assertTrue(awsPrivateKeyStoreFactory.create() instanceof AwsPrivateKeyStore);
+        AwsS3PrivateKeyStoreFactory awsPrivateKeyStoreFactory = new AwsS3PrivateKeyStoreFactory();
+        assertTrue(awsPrivateKeyStoreFactory.create() instanceof AwsS3PrivateKeyStore);
 
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore();
         awsPrivateKeyStore.getPrivateKey("zms", "testServerHostName", "region", null);
         awsPrivateKeyStore.getPrivateKey("testService", "testserverHostname", "region", null);
         System.clearProperty("athenz.aws.s3.region");
@@ -114,8 +114,8 @@ public void testGetApplicationSecret() {
         Mockito.when(decryptResponse.plaintext()).thenReturn(buffer);
 
         System.setProperty("athenz.aws.store_kms_decrypt", "true");
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
-        AwsPrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore();
+        AwsS3PrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
         doReturn(s3).when(spyAWS).getS3();
         doReturn(kms).when(spyAWS).getKMS();
         char[] actual = spyAWS.getSecret(bucketName, "", keyName);
@@ -132,7 +132,7 @@ public void testGetEncryptedDataException() {
 
         S3Client s3 = mock(S3Client.class);
         KmsClient kms = mock(KmsClient.class);
-        S3Exception s3Exception = Mockito.mock(S3Exception.class);
+        S3Exception s3Exception = mock(S3Exception.class);
         Mockito.when(s3.getObject(any(GetObjectRequest.class))).thenThrow(s3Exception);
 
         DecryptResponse decryptResponse = mock(DecryptResponse.class);
@@ -141,8 +141,8 @@ public void testGetEncryptedDataException() {
         Mockito.when(decryptResponse.plaintext()).thenReturn(buffer);
 
         System.setProperty("athenz.aws.store_kms_decrypt", "true");
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
-        AwsPrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore();
+        AwsS3PrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
         doReturn(s3).when(spyAWS).getS3();
 
         doReturn(kms).when(spyAWS).getKMS();
@@ -159,7 +159,7 @@ public void testGetEncryptedDataException() {
     public void testGetKMS() {
         S3Client s3 = mock(S3Client.class);
         KmsClient kms = mock(KmsClient.class);
-        AwsPrivateKeyStore privateKeyStore = new AwsPrivateKeyStore(s3, kms);
+        AwsS3PrivateKeyStore privateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
 
         assertEquals(privateKeyStore.getKMS(), kms);
     }
@@ -189,7 +189,7 @@ public void testGetPrivateKeyAlgorithmFailures() {
 
         S3Client s3 = mock(S3Client.class);
         KmsClient kms = mock(KmsClient.class);
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
         assertNull(awsPrivateKeyStore.getPrivateKey("msd", "testServerHostName", "us-east-1", "rsa"));
 
         // with no bucket with should get a null object
@@ -223,7 +223,7 @@ private void testGetPrivateKeyAlgorithm(final String service) throws IOException
         KmsClient kms = mock(KmsClient.class);
 
         GetObjectRequest getObjectRequestKey = GetObjectRequest.builder().bucket(bucketName).key(algKeyName).build();
-        File privKeyFile = new File("src/test/resources/unit_test_zts_private.pem");
+        File privKeyFile = new File("src/test/resources/unit_test_zts_private_k0.key");
         final String privKey = Files.readString(privKeyFile.toPath());
         InputStream isKey = new ByteArrayInputStream( privKey.getBytes() );
         GetObjectResponse response = GetObjectResponse.builder().build();
@@ -236,7 +236,7 @@ private void testGetPrivateKeyAlgorithm(final String service) throws IOException
         ResponseInputStream<GetObjectResponse> s3ObjectKeyIdInputStream = new ResponseInputStream<>(responseId, isKeyId);
         Mockito.when(s3.getObject(getObjectRequestId)).thenReturn(s3ObjectKeyIdInputStream);
 
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
         ServerPrivateKey serverPrivateKey = awsPrivateKeyStore.getPrivateKey(service, "testServerHostName", "us-east-1", "rsa");
         assertNotNull(serverPrivateKey);
         assertNotNull(serverPrivateKey.getKey());
@@ -282,7 +282,7 @@ public void testGetPrivateKeyAlgorithmInvalidKey() {
         ResponseInputStream<GetObjectResponse> s3ObjectKeyIdInputStream = new ResponseInputStream<>(responseId, isKeyId);
         Mockito.when(s3.getObject(getObjectRequestId)).thenReturn(s3ObjectKeyIdInputStream);
 
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
         assertNull(awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "us-east-1", "rsa"));
 
         System.clearProperty("athenz.aws.s3.region");
@@ -310,7 +310,7 @@ public void testGetPrivateKeyAlgorithmException() {
 
         Mockito.when(s3.getObject(any(GetObjectRequest.class))).thenThrow(new IndexOutOfBoundsException());
 
-        AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+        AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
         assertNull(awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "us-east-1", "rsa"));
 
         System.clearProperty("athenz.aws.s3.region");

libs/java/instance_provider/src/test/java/com/yahoo/athenz/instance/provider/impl/DefaultAWSElasticKubernetesServiceValidatorTest.java

@@ -15,7 +15,6 @@
  */
 package com.yahoo.athenz.instance.provider.impl;
 
-import com.yahoo.athenz.auth.impl.aws.AwsPrivateKeyStore;
 import org.mockito.MockedStatic;
 import software.amazon.awssdk.services.iam.IamClientBuilder;
 import software.amazon.awssdk.services.sts.StsClient;
@@ -45,8 +44,6 @@
 import static com.yahoo.athenz.instance.provider.InstanceProvider.ZTS_INSTANCE_SAN_DNS;
 import static com.yahoo.athenz.instance.provider.impl.IdTokenTestsHelper.createToken;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.when;
 import static org.testng.Assert.*;
 import static org.testng.Assert.assertFalse;