diff --git a/libs/java/auth_core/pom.xml b/libs/java/auth_core/pom.xml
index b0df92ed0d9..92eb17e1789 100644
--- a/libs/java/auth_core/pom.xml
+++ b/libs/java/auth_core/pom.xml
@@ -30,18 +30,6 @@
0.9007
-
-
-
- software.amazon.awssdk
- bom
- ${aws2.version}
- pom
- import
-
-
-
-
org.slf4j
@@ -94,6 +82,17 @@
software.amazon.awssdk
ssm
+ ${aws2.version}
+
+
+ software.amazon.awssdk
+ s3
+ ${aws2.version}
+
+
+ software.amazon.awssdk
+ kms
+ ${aws2.version}
io.jsonwebtoken
diff --git a/libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStore.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStore.java
similarity index 94%
rename from libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStore.java
rename to libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStore.java
index 7c347d5ff88..9a7b55e9ce2 100644
--- a/libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStore.java
+++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStore.java
@@ -14,8 +14,9 @@
* limitations under the License.
*/
-package com.yahoo.athenz.auth.impl.aws;
+package com.yahoo.athenz.auth.impl;
+import com.yahoo.athenz.auth.util.StringUtils;
import software.amazon.awssdk.core.ResponseInputStream;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.regions.Region;
@@ -28,7 +29,6 @@
import com.yahoo.athenz.auth.PrivateKeyStore;
import com.yahoo.athenz.auth.ServerPrivateKey;
import com.yahoo.athenz.auth.util.Crypto;
-import org.eclipse.jetty.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -47,9 +47,9 @@
* AmazonS3 lib defaults to reading from S3 buckets created under us-east-1 unless
* its explicitly specified using system property or aws config
*/
-public class AwsPrivateKeyStore implements PrivateKeyStore {
+public class AwsS3PrivateKeyStore implements PrivateKeyStore {
- private static final Logger LOG = LoggerFactory.getLogger(AwsPrivateKeyStore.class);
+ private static final Logger LOG = LoggerFactory.getLogger(AwsS3PrivateKeyStore.class);
private static final String ATHENZ_PROP_AWS_S3_REGION = "athenz.aws.s3.region";
private static final String ATHENZ_PROP_AWS_KMS_DECRYPT = "athenz.aws.store_kms_decrypt";
@@ -71,24 +71,24 @@ public class AwsPrivateKeyStore implements PrivateKeyStore {
private final KmsClient kms;
private boolean kmsDecrypt;
- public AwsPrivateKeyStore() {
+ public AwsS3PrivateKeyStore() {
this(initAmazonS3(), initAWSKMS());
kmsDecrypt = Boolean.parseBoolean(System.getProperty(ATHENZ_PROP_AWS_KMS_DECRYPT, "false"));
}
private static KmsClient initAWSKMS() {
final String kmsRegion = System.getProperty(ATHENZ_PROP_AWS_KMS_REGION);
- return StringUtil.isEmpty(kmsRegion) ? KmsClient.create() :
+ return StringUtils.isEmpty(kmsRegion) ? KmsClient.create() :
KmsClient.builder().region(Region.of(kmsRegion)).build();
}
private static S3Client initAmazonS3() {
final String s3Region = System.getProperty(ATHENZ_PROP_AWS_S3_REGION);
- return StringUtil.isEmpty(s3Region) ? S3Client.create() :
+ return StringUtils.isEmpty(s3Region) ? S3Client.create() :
S3Client.builder().region(Region.of(s3Region)).build();
}
- public AwsPrivateKeyStore(final S3Client s3, final KmsClient kms) {
+ public AwsS3PrivateKeyStore(final S3Client s3, final KmsClient kms) {
this.s3 = s3;
this.kms = kms;
}
diff --git a/libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreFactory.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreFactory.java
similarity index 82%
rename from libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreFactory.java
rename to libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreFactory.java
index 1542ee82797..2c5457db72a 100644
--- a/libs/java/server_common/src/main/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreFactory.java
+++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreFactory.java
@@ -14,16 +14,15 @@
* limitations under the License.
*/
-package com.yahoo.athenz.auth.impl.aws;
+package com.yahoo.athenz.auth.impl;
import com.yahoo.athenz.auth.PrivateKeyStore;
import com.yahoo.athenz.auth.PrivateKeyStoreFactory;
-public class AwsPrivateKeyStoreFactory implements PrivateKeyStoreFactory {
+public class AwsS3PrivateKeyStoreFactory implements PrivateKeyStoreFactory {
@Override
public PrivateKeyStore create() {
- return new AwsPrivateKeyStore();
+ return new AwsS3PrivateKeyStore();
}
-
}
diff --git a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/StringUtils.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/StringUtils.java
index 49f79e3f4bf..b30e90dd0d9 100644
--- a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/StringUtils.java
+++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/StringUtils.java
@@ -110,4 +110,8 @@ public static int countMatches(final CharSequence str, final char ch) {
}
return count;
}
+
+ public static boolean isEmpty(final String value) {
+ return value == null || value.isEmpty();
+ }
}
diff --git a/libs/java/server_common/src/test/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreTest.java b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreTest.java
similarity index 91%
rename from libs/java/server_common/src/test/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreTest.java
rename to libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreTest.java
index ae13d727dbc..27ca6b868ec 100644
--- a/libs/java/server_common/src/test/java/com/yahoo/athenz/auth/impl/aws/AwsPrivateKeyStoreTest.java
+++ b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/AwsS3PrivateKeyStoreTest.java
@@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package com.yahoo.athenz.auth.impl.aws;
+package com.yahoo.athenz.auth.impl;
import software.amazon.awssdk.core.ResponseInputStream;
import software.amazon.awssdk.core.SdkBytes;
@@ -39,13 +39,13 @@
import static org.mockito.Mockito.mock;
import static org.testng.Assert.*;
-public class AwsPrivateKeyStoreTest {
+public class AwsS3PrivateKeyStoreTest {
private static final String ATHENZ_PROP_ZTS_BUCKET_NAME = "athenz.aws.zts.bucket_name";
private static final String ATHENZ_AWS_KMS_REGION = "athenz.aws.store_kms_region";
@Test
- public void testAwsPrivateKeyStore() {
+ public void testAwsS3PrivateKeyStore() {
System.setProperty("athenz.aws.s3.region", "us-east-1");
System.setProperty(ATHENZ_AWS_KMS_REGION, "us-east-1");
String bucketName = "my_bucket";
@@ -67,11 +67,11 @@ public void testAwsPrivateKeyStore() {
SdkBytes buffer = SdkBytes.fromByteArray(expected.getBytes());
Mockito.when(decryptResponse.plaintext()).thenReturn(buffer);
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
char []actual = awsPrivateKeyStore.getSecret(bucketName, "", keyName);
awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "region", null);
assertEquals(actual, expected.toCharArray());
- S3Exception s3Exception = Mockito.mock(S3Exception.class);
+ S3Exception s3Exception = mock(S3Exception.class);
Mockito.when(s3.getObject(any(GetObjectRequest.class))).thenThrow(s3Exception);
awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "region", null);
@@ -83,10 +83,10 @@ public void testAwsPrivateKeyStore() {
public void testGetPrivateKey() {
System.setProperty("athenz.aws.s3.region", "us-east-1");
System.setProperty("athenz.aws.store_kms_region", "us-east-1");
- AwsPrivateKeyStoreFactory awsPrivateKeyStoreFactory = new AwsPrivateKeyStoreFactory();
- assertTrue(awsPrivateKeyStoreFactory.create() instanceof AwsPrivateKeyStore);
+ AwsS3PrivateKeyStoreFactory awsPrivateKeyStoreFactory = new AwsS3PrivateKeyStoreFactory();
+ assertTrue(awsPrivateKeyStoreFactory.create() instanceof AwsS3PrivateKeyStore);
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore();
awsPrivateKeyStore.getPrivateKey("zms", "testServerHostName", "region", null);
awsPrivateKeyStore.getPrivateKey("testService", "testserverHostname", "region", null);
System.clearProperty("athenz.aws.s3.region");
@@ -114,8 +114,8 @@ public void testGetApplicationSecret() {
Mockito.when(decryptResponse.plaintext()).thenReturn(buffer);
System.setProperty("athenz.aws.store_kms_decrypt", "true");
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
- AwsPrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore();
+ AwsS3PrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
doReturn(s3).when(spyAWS).getS3();
doReturn(kms).when(spyAWS).getKMS();
char[] actual = spyAWS.getSecret(bucketName, "", keyName);
@@ -132,7 +132,7 @@ public void testGetEncryptedDataException() {
S3Client s3 = mock(S3Client.class);
KmsClient kms = mock(KmsClient.class);
- S3Exception s3Exception = Mockito.mock(S3Exception.class);
+ S3Exception s3Exception = mock(S3Exception.class);
Mockito.when(s3.getObject(any(GetObjectRequest.class))).thenThrow(s3Exception);
DecryptResponse decryptResponse = mock(DecryptResponse.class);
@@ -141,8 +141,8 @@ public void testGetEncryptedDataException() {
Mockito.when(decryptResponse.plaintext()).thenReturn(buffer);
System.setProperty("athenz.aws.store_kms_decrypt", "true");
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore();
- AwsPrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore();
+ AwsS3PrivateKeyStore spyAWS = Mockito.spy(awsPrivateKeyStore);
doReturn(s3).when(spyAWS).getS3();
doReturn(kms).when(spyAWS).getKMS();
@@ -159,7 +159,7 @@ public void testGetEncryptedDataException() {
public void testGetKMS() {
S3Client s3 = mock(S3Client.class);
KmsClient kms = mock(KmsClient.class);
- AwsPrivateKeyStore privateKeyStore = new AwsPrivateKeyStore(s3, kms);
+ AwsS3PrivateKeyStore privateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
assertEquals(privateKeyStore.getKMS(), kms);
}
@@ -189,7 +189,7 @@ public void testGetPrivateKeyAlgorithmFailures() {
S3Client s3 = mock(S3Client.class);
KmsClient kms = mock(KmsClient.class);
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
assertNull(awsPrivateKeyStore.getPrivateKey("msd", "testServerHostName", "us-east-1", "rsa"));
// with no bucket with should get a null object
@@ -223,7 +223,7 @@ private void testGetPrivateKeyAlgorithm(final String service) throws IOException
KmsClient kms = mock(KmsClient.class);
GetObjectRequest getObjectRequestKey = GetObjectRequest.builder().bucket(bucketName).key(algKeyName).build();
- File privKeyFile = new File("src/test/resources/unit_test_zts_private.pem");
+ File privKeyFile = new File("src/test/resources/unit_test_zts_private_k0.key");
final String privKey = Files.readString(privKeyFile.toPath());
InputStream isKey = new ByteArrayInputStream( privKey.getBytes() );
GetObjectResponse response = GetObjectResponse.builder().build();
@@ -236,7 +236,7 @@ private void testGetPrivateKeyAlgorithm(final String service) throws IOException
ResponseInputStream s3ObjectKeyIdInputStream = new ResponseInputStream<>(responseId, isKeyId);
Mockito.when(s3.getObject(getObjectRequestId)).thenReturn(s3ObjectKeyIdInputStream);
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
ServerPrivateKey serverPrivateKey = awsPrivateKeyStore.getPrivateKey(service, "testServerHostName", "us-east-1", "rsa");
assertNotNull(serverPrivateKey);
assertNotNull(serverPrivateKey.getKey());
@@ -282,7 +282,7 @@ public void testGetPrivateKeyAlgorithmInvalidKey() {
ResponseInputStream s3ObjectKeyIdInputStream = new ResponseInputStream<>(responseId, isKeyId);
Mockito.when(s3.getObject(getObjectRequestId)).thenReturn(s3ObjectKeyIdInputStream);
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
assertNull(awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "us-east-1", "rsa"));
System.clearProperty("athenz.aws.s3.region");
@@ -310,7 +310,7 @@ public void testGetPrivateKeyAlgorithmException() {
Mockito.when(s3.getObject(any(GetObjectRequest.class))).thenThrow(new IndexOutOfBoundsException());
- AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
+ AwsS3PrivateKeyStore awsPrivateKeyStore = new AwsS3PrivateKeyStore(s3, kms);
assertNull(awsPrivateKeyStore.getPrivateKey("zts", "testServerHostName", "us-east-1", "rsa"));
System.clearProperty("athenz.aws.s3.region");
diff --git a/libs/java/instance_provider/src/test/java/com/yahoo/athenz/instance/provider/impl/DefaultAWSElasticKubernetesServiceValidatorTest.java b/libs/java/instance_provider/src/test/java/com/yahoo/athenz/instance/provider/impl/DefaultAWSElasticKubernetesServiceValidatorTest.java
index 814db4c45ad..c59e040f39a 100644
--- a/libs/java/instance_provider/src/test/java/com/yahoo/athenz/instance/provider/impl/DefaultAWSElasticKubernetesServiceValidatorTest.java
+++ b/libs/java/instance_provider/src/test/java/com/yahoo/athenz/instance/provider/impl/DefaultAWSElasticKubernetesServiceValidatorTest.java
@@ -15,7 +15,6 @@
*/
package com.yahoo.athenz.instance.provider.impl;
-import com.yahoo.athenz.auth.impl.aws.AwsPrivateKeyStore;
import org.mockito.MockedStatic;
import software.amazon.awssdk.services.iam.IamClientBuilder;
import software.amazon.awssdk.services.sts.StsClient;
@@ -45,8 +44,6 @@
import static com.yahoo.athenz.instance.provider.InstanceProvider.ZTS_INSTANCE_SAN_DNS;
import static com.yahoo.athenz.instance.provider.impl.IdTokenTestsHelper.createToken;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.when;
import static org.testng.Assert.*;
import static org.testng.Assert.assertFalse;