Merge pull request #56 from dvsa/feat-secrets-manager

fix: added secrets amanger implementation

.github/workflows/ci.yaml

@@ -14,6 +14,4 @@ jobs:
     uses: ./.github/workflows/maven.yaml
     with:
         maven-goal: package
-    needs: security
-
-
+    needs: security

.snyk

@@ -5,31 +5,31 @@ ignore:
   SNYK-JAVA-ORGYAML-6056527:
     - '*':
         reason: None Given
-        expires: 2024-06-07T14:31:51.386Z
+        expires: 2024-07-07T14:31:51.386Z
         created: 2024-05-08T14:31:51.388Z
   SNYK-JAVA-SOFTWAREAMAZONION-6153869:
     - '*':
         reason: None Given
-        expires: 2024-06-07T14:34:11.840Z
+        expires: 2024-07-07T14:34:11.840Z
         created: 2024-05-08T14:34:11.846Z
   SNYK-JAVA-DOM4J-2812975:
     - '*':
         reason: None Given
-        expires: 2024-06-07T14:38:10.419Z
+        expires: 2024-07-07T14:38:10.419Z
         created: 2024-05-08T14:38:10.424Z
   SNYK-JAVA-DOM4J-174153:
     - '*':
         reason: None Given
-        expires: 2024-06-07T14:38:48.420Z
+        expires: 2024-07-07T14:38:48.420Z
         created: 2024-05-08T14:38:48.425Z
   SNYK-JAVA-ORGYAML-2806360:
     - '*':
         reason: None Given
-        expires: 2024-06-07T14:51:31.152Z
+        expires: 2024-07-07T14:51:31.152Z
         created: 2024-05-08T14:51:31.158Z
   SNYK-JAVA-ORGYAML-537645:
     - '*':
         reason: None Given
-        expires: 2024-06-30T15:24:50.162Z
+        expires: 2024-07-30T15:24:50.162Z
         created: 2024-05-31T15:24:50.169Z
 patch: {}

pom.xml

@@ -6,8 +6,6 @@
     <artifactId>vol-api-calls</artifactId>
     <version>2.4.1-SNAPSHOT</version>
 
-
-
 
     <properties>
         <active-support.version>2.2.1</active-support.version>
@@ -18,6 +16,8 @@
         <apache-http.version>5.3.1</apache-http.version>
         <maven.compiler.version>3.8.1</maven.compiler.version>
         <github.url>https://maven.pkg.github.com/dvsa/vol-api-calls</github.url>
+        <aws-java-sdk-s3.version>1.12.610</aws-java-sdk-s3.version>
+        <aws-secrets-manager.version>1.12.610</aws-secrets-manager.version>
     </properties>
 
     <profiles>
@@ -108,5 +108,15 @@
             <artifactId>snakeyaml</artifactId>
             <version>2.2</version>
         </dependency>
+         <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-secretsmanager</artifactId>
+            <version>${aws-secrets-manager.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk</artifactId>
+            <version>${aws-java-sdk-s3.version}</version>
+        </dependency>
     </dependencies>
 </project>

src/main/java/apiCalls/Utils/generic/BaseAPI.java

@@ -11,11 +11,20 @@
 
 public class BaseAPI extends Token {
     protected static EnvironmentType env = EnvironmentType.getEnum(Properties.get("env", true));
+    protected SecretsManager secrets;
+
+
+    public BaseAPI() {
+        secrets= new SecretsManager();
+    }
+
     static Headers headers = new Headers();
 
     public synchronized String adminJWT() throws HttpException {
+        String adminUser =secrets.getSecret("adminUser");
+        String adminPassword = secrets.getSecret("adminPassword");
         if(getAdminToken() == null){
-            generateAdminToken();
+            generateAdminToken(adminUser, adminPassword);
         }
         return getAdminToken();
     }

src/main/java/apiCalls/Utils/generic/SecretsManager.java

@@ -0,0 +1,55 @@
+package apiCalls.Utils.generic;
+
+import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
+import com.amazonaws.regions.Regions;
+import com.amazonaws.services.secretsmanager.AWSSecretsManager;
+import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
+import com.amazonaws.services.secretsmanager.model.*;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.json.JSONObject;
+
+public class SecretsManager {
+
+    public static String secretsId = "OLCS-DEVAPPCI-DEVCI-BATCHTESTRUNNER-MAIN-APPLICATION";
+
+    private static final Logger LOGGER = LogManager.getLogger(SecretsManager.class);
+
+    public static AWSSecretsManager awsClientSetup(){
+        Regions region = Regions.EU_WEST_1;
+        return AWSSecretsManagerClientBuilder
+                .standard()
+                .withCredentials(new DefaultAWSCredentialsProviderChain())
+                .withRegion(region)
+                .build();
+    }
+
+    public static String getSecret(String secretKey) {
+        String secret = null;
+
+        GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
+                .withSecretId(secretsId);
+        GetSecretValueResult getSecretValueResult = null;
+
+        try {
+            getSecretValueResult = awsClientSetup().getSecretValue(getSecretValueRequest);
+
+        } catch (ResourceNotFoundException e) {
+            LOGGER.info("The requested secret " + secretKey + " was not found");
+        } catch (InvalidRequestException e) {
+            LOGGER.info("The request was invalid due to: " + e.getMessage());
+        } catch (InvalidParameterException e) {
+            LOGGER.info("The request had invalid params: " + e.getMessage());
+        }
+
+        assert getSecretValueResult != null;
+
+        if (getSecretValueResult != null && getSecretValueResult.getSecretString() != null) {
+            secret = getSecretValueResult.getSecretString();
+            JSONObject jsonObject = new JSONObject(secret);
+            secret = jsonObject.getString(secretKey);
+        }
+        return secret;
+    }
+
+}

src/main/java/apiCalls/actions/Token.java

@@ -15,14 +15,16 @@
 
 public class Token {
     private String adminToken;
+
     EnvironmentType env = EnvironmentType.getEnum(Properties.get("env", true));
     HashMap<String, String> header = new HashMap<>();
     TokenRequestBuilder tokenBody = new TokenRequestBuilder();
+
 
-    public synchronized String generateAdminToken() throws HttpException {
+    public synchronized String generateAdminToken(String adminUser, String adminPassword) throws HttpException {
         String adminToken = null;
         if (getAdminToken() == null) {
-            adminToken = getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserType.INTERNAL.asString());
+            adminToken = getToken(adminUser, adminPassword, UserType.INTERNAL.asString());
             setToken(adminToken);
         }
         return adminToken;

src/main/java/apiCalls/eupaActions/BaseAPI.java

@@ -1,6 +1,7 @@
 package apiCalls.eupaActions;
 
 import activesupport.system.Properties;
+import apiCalls.Utils.generic.SecretsManager;
 import apiCalls.Utils.generic.Utils;
 import apiCalls.actions.Token;
 import apiCalls.enums.UserRoles;
@@ -18,12 +19,13 @@
 public abstract class BaseAPI {
 
     private static final Map<String, String> headers = new HashMap<>();
-
+    protected static SecretsManager secrets;
     static {
+         secrets = new SecretsManager();
         Token token = new Token();
         URL.build(EnvironmentType.getEnum(Properties.get("env", true)));
         try {
-            setHeader( "Authorization", "Bearer " + token.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+            setHeader( "Authorization", "Bearer " + token.getToken(SecretsManager.getSecret("adminUser"), SecretsManager.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
         } catch (HttpException e) {
             throw new RuntimeException(e);
         }

src/main/java/apiCalls/eupaActions/external/UserAPI.java

@@ -31,7 +31,7 @@ public class UserAPI extends BaseAPI {
      */
     public static PersonModel register(@NotNull UserRegistrationDetailsModel userRegistrationDetailsModel) throws HttpException {
         Token accessToken = new Token();
-        BaseAPI.setHeader("Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+        BaseAPI.setHeader("Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
         URL.build(EnvironmentType.getEnum(Properties.get("env", true)), baseResource + "register");
         int maxTries = 5;
 
@@ -71,7 +71,7 @@ public static PersonModel register(@NotNull UserRegistrationDetailsModel userReg
      * @return the information associated with the person passed in as an argument.
      */
     public static UserModel get(@NotNull PersonModel personModel) {
-        BaseAPI.getHeaders().put("x-pid", Utils.config.getString("apiHeader"));
+        BaseAPI.getHeaders().put("x-pid", secrets.getSecret("apiHeader"));
         URL.build(EnvironmentType.getEnum(Properties.get("env", true)), baseResource + personModel.getUserId());
 
         response = RestUtils.get(String.valueOf(URL.getURL()), getHeaders());

src/main/java/apiCalls/eupaActions/internal/CaseWorkerAPI.java

@@ -22,7 +22,7 @@ public class CaseWorkerAPI extends BaseAPI {
     private static Token accessToken = new Token();
 
     public static void overview(@NotNull OverviewModel overview) throws HttpException {
-        updateHeader("Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+        updateHeader("Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
         URL.build(EnvironmentType.getEnum(Properties.get("env", true)), String.format("application/%s/overview/", overview.getApplicationId()));
         int version = 1;
 
@@ -43,7 +43,7 @@ public static void overview(@NotNull OverviewModel overview) throws HttpExceptio
     }
 
     public static StandardResponseModel grantApplication(@NotNull GrantApplicationModel grantApplication) throws HttpException {
-        updateHeader( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+        updateHeader( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
         URL.build(EnvironmentType.getEnum(Properties.get("env", true)), String.format("application/%s/grant/", grantApplication.getId()));
 
         response = RestUtils.put(grantApplication, String.valueOf(URL.getURL()), getHeaders());

src/main/java/apiCalls/eupaActions/internal/IrhpPermitStockAPI.java

@@ -19,7 +19,7 @@ public class IrhpPermitStockAPI extends BaseAPI {
 
     public static AvailableCountriesModel availableCountries() throws HttpException {
         Token accessToken = new Token();
-        updateHeader( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+        updateHeader( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
 
         URL.build(EnvironmentType.getEnum(Properties.get("env", true)), baseResource.concat("available-countries/?dto=Dvsa%5COlcs%5CTransfer%5CQuery%5CIrhpPermitStock%5CAvailableCountries"));
 

src/main/java/apiCalls/eupaActions/internal/IrhpPermitWindowAPI.java

@@ -4,6 +4,7 @@
 import activesupport.system.Properties;
 import apiCalls.Utils.eupaBuilders.internal.irhp.permit.stock.OpenByCountryModel;
 import apiCalls.Utils.generic.Headers;
+import apiCalls.Utils.generic.SecretsManager;
 import apiCalls.Utils.generic.Utils;
 import apiCalls.actions.Token;
 import apiCalls.enums.UserRoles;
@@ -25,7 +26,7 @@ public class IrhpPermitWindowAPI {
 
     public static OpenByCountryModel openByCountry(String[] countryIds) throws HttpException {
         Token accessToken = new Token();
-        apiHeaders.apiHeader.put( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+        apiHeaders.apiHeader.put( "Authorization", "Bearer " + accessToken.getToken(SecretsManager.getSecret("adminUser"), SecretsManager.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
         String openCountries = URL.build(env,"irhp-permit-window/open-by-country").toString();
 
         Map<String, String> map = new HashMap<>();

src/main/java/apiCalls/eupaActions/internal/LicenceAPI.java

@@ -19,7 +19,7 @@ public class LicenceAPI extends BaseAPI {
 
     public static String licenceNumber(@NotNull String licenceId) throws HttpException {
         Token accessToken = new Token();
-        updateHeader( "Authorization", "Bearer " + accessToken.getToken(Utils.config.getString("adminUser"), Utils.config.getString("adminPassword"), UserRoles.INTERNAL.asString()));
+        updateHeader( "Authorization", "Bearer " + accessToken.getToken(secrets.getSecret("adminUser"), secrets.getSecret("adminPassword"), UserRoles.INTERNAL.asString()));
 
         String env = Properties.get("env", true);
         URL.build(EnvironmentType.getEnum(env), baseResource.concat(licenceId));