diff --git a/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveService.java b/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveService.java index ce5557d..a5ed88a 100644 --- a/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveService.java +++ b/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveService.java @@ -138,15 +138,15 @@ private Multi getKeyVersions(String keyName) { /** * - * @param prefix + * @param domain * @param expectedOps {@link JsonWebKeyOperation} * @param expectedKtys {@link JsonWebKeyType} * @return */ - public Multi getKeys(String prefix, List expectedOps, List expectedKtys) { + public Multi getKeys(String domain, List expectedOps, List expectedKtys) { return getKeys() // Multi + .filter(keyItem -> KeyUtils.doesDomainMatch(keyItem, domain)) .map(KeyUtils::getKeyName) // Multi keyName - .filter(keyName -> KeyUtils.doesPrefixMatch(keyName, prefix)) .onItem().transformToMultiAndConcatenate(this::getKeyVersions) // Multi .filter(KeyUtils::isValid) .map(KeyUtils::getKeyNameVersion) // Multi diff --git a/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtService.java b/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtService.java index f41925a..7e5a4ff 100644 --- a/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtService.java +++ b/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtService.java @@ -62,15 +62,15 @@ private Stream getKeyVersions(String keyName) { /** * - * @param prefix + * @param domain * @param expectedOps {@link JsonWebKeyOperation} * @param expectedKtys {@link JsonWebKeyType} * @return */ - public Stream getKeys(String prefix, List expectedOps, List expectedKtys) { + public Stream getKeys(String domain, List expectedOps, List expectedKtys) { return getKeys() // Stream + .filter(keyItem -> KeyUtils.doesDomainMatch(keyItem, domain)) .map(KeyUtils::getKeyName) // Stream keyName - .filter(keyName -> KeyUtils.doesPrefixMatch(keyName, prefix)) .flatMap(this::getKeyVersions) // Stream .filter(KeyUtils::isValid) .map(KeyUtils::getKeyNameVersion) // Stream diff --git a/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtils.java b/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtils.java index 7eac097..71fac13 100644 --- a/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtils.java +++ b/src/main/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtils.java @@ -28,6 +28,11 @@ * @author Antonio Tarricone */ public class KeyUtils { + /* + * + */ + public static final String DOMAIN_KEY = "domain"; + /** * */ @@ -57,18 +62,14 @@ public static String[] getKeyNameVersion(KeyItem keyItem) { /** * - * @param keyName - * @param prefix + * @param keyItem + * @param domain * @return */ - public static boolean doesPrefixMatch(String keyName, String prefix) { - if (prefix == null || keyName.startsWith(prefix)) { - Log.tracef("Prefix matches or is null: keyName = %s, prefix = %s", keyName, prefix); - return true; - } - - Log.debugf("Prefix doesn't match: keyName = %s, prefix = %s", keyName, prefix); - return false; + public static boolean doesDomainMatch(KeyItem keyItem, String domain) { + Map tags = keyItem.getTags(); + return (tags != null && Objects.equals(domain, tags.get(DOMAIN_KEY))) || + (tags == null && domain == null); } /** diff --git a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceTest.java b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceTest.java index b966d7c..8f3994e 100644 --- a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceTest.java @@ -11,6 +11,7 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.List; +import java.util.Map; import java.util.Optional; import org.junit.jupiter.api.AfterEach; @@ -30,6 +31,7 @@ import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyBundle; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyItem; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyListResult; +import it.pagopa.swclient.mil.azureservices.keyvault.keys.util.KeyUtils; import jakarta.inject.Inject; /** @@ -158,146 +160,150 @@ private void setup() { KeyItem item__attr_ok__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_nbf__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_nbf) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_nbf_not_reached__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_nbf_not_reached) - .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_expired__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_expired) - .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_not_enabled__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_not_enabled) - .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_created) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_inconsistent_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_inconsistent_created) - .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); - KeyListResult keyListPage1 = new KeyListResult() + KeyListResult keyList = new KeyListResult() .setValue(List.of( item__wo_prefix, item__attr_ok__key_no_rsa_sign_verify, item__attr_ok__key_rsa_no_sign_verify, - item__attr_ok_longest_exp__key_rsa_sign_verify)) - .setNextLink("https://myvault.vault.azure.net:443/keys?api-version=7.2&$skiptoken=skip_1st_page&maxresults=4"); - - KeyListResult keyListPage2 = new KeyListResult() - .setValue(List.of( + item__attr_ok_longest_exp__key_rsa_sign_verify, item__attr_ok_longest_exp__key_no_rsa_sign_verify, item__attr_ok_longest_exp__key_rsa_no_sign_verify, item__attr_wo_nbf__key_rsa_sign_verify, - item__attr_nbf_not_reached__key_rsa_sign_verify)) - .setNextLink("https://myvault.vault.azure.net:443/keys?api-version=7.2&$skiptoken=skip_2nd_page&maxresults=4"); - - KeyListResult keyListPage3 = new KeyListResult() - .setValue(List.of( + item__attr_nbf_not_reached__key_rsa_sign_verify, item__attr_expired__key_rsa_sign_verify, item__attr_wo_exp__key_rsa_sign_verify, item__attr_not_enabled__key_rsa_sign_verify, - item__attr_wo_created__key_rsa_sign_verify)) - .setNextLink("https://myvault.vault.azure.net:443/keys?api-version=7.2&$skiptoken=skip_3rd_page&maxresults=4"); - - KeyListResult keyListPage4 = new KeyListResult() - .setValue(List.of(item__attr_inconsistent_created__key_rsa_sign_verify)) - .setNextLink(null); + item__attr_wo_created__key_rsa_sign_verify, + item__attr_inconsistent_created__key_rsa_sign_verify)); when(keysService.getKeys()) - .thenReturn(Uni.createFrom().item(keyListPage1)); - - when(keysService.getKeys("skip_1st_page")) - .thenReturn(Uni.createFrom().item(keyListPage2)); - - when(keysService.getKeys("skip_2nd_page")) - .thenReturn(Uni.createFrom().item(keyListPage3)); - - when(keysService.getKeys("skip_3rd_page")) - .thenReturn(Uni.createFrom().item(keyListPage4)); + .thenReturn(Uni.createFrom().item(keyList)); /* * Versions */ KeyItem version__attr_ok__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/shortest_exp"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/shortest_exp") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/longest_exp"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/longest_exp") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_nbf__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_nbf) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_nbf_not_reached__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_nbf_not_reached) - .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_expired__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_expired) - .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_not_enabled__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_not_enabled) - .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_created) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_inconsistent_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_inconsistent_created) - .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyListResult versionList__attr_ok__key_no_rsa_sign_verify = new KeyListResult() .setValue(List.of(version__attr_ok__key_no_rsa_sign_verify)); @@ -305,15 +311,10 @@ private void setup() { KeyListResult versionList__attr_ok__key_rsa_no_sign_verify = new KeyListResult() .setValue(List.of(version__attr_ok__key_rsa_no_sign_verify)); - KeyListResult versionList__attr_ok_longest_exp__key_rsa_sign_verify_page1 = new KeyListResult() + KeyListResult versionList__attr_ok_longest_exp__key_rsa_sign_verify = new KeyListResult() .setValue(List.of( - version__attr_ok__key_rsa_sign_verify)) - .setNextLink("https://myvault.vault.azure.net:443/keys/attr_ok_longest_exp__key_rsa_sign_verify/versions?api-version=7.2&$skiptoken=skip_1st_page&maxresults=1"); - - KeyListResult versionList__attr_ok_longest_exp__key_rsa_sign_verify_page2 = new KeyListResult() - .setValue(List.of( - version__attr_ok_longest_exp__key_rsa_sign_verify)) - .setNextLink(null); + version__attr_ok__key_rsa_sign_verify, + version__attr_ok_longest_exp__key_rsa_sign_verify)); KeyListResult versionList__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyListResult() .setValue(List.of(version__attr_ok_longest_exp__key_no_rsa_sign_verify)); @@ -349,10 +350,7 @@ private void setup() { .thenReturn(Uni.createFrom().item(versionList__attr_ok__key_rsa_no_sign_verify)); when(keysService.getKeyVersions("attr_ok_longest_exp__key_rsa_sign_verify")) - .thenReturn(Uni.createFrom().item(versionList__attr_ok_longest_exp__key_rsa_sign_verify_page1)); - - when(keysService.getKeyVersions("attr_ok_longest_exp__key_rsa_sign_verify", "skip_1st_page")) - .thenReturn(Uni.createFrom().item(versionList__attr_ok_longest_exp__key_rsa_sign_verify_page2)); + .thenReturn(Uni.createFrom().item(versionList__attr_ok_longest_exp__key_rsa_sign_verify)); when(keysService.getKeyVersions("attr_ok_longest_exp__key_no_rsa_sign_verify")) .thenReturn(Uni.createFrom().item(versionList__attr_ok_longest_exp__key_no_rsa_sign_verify)); @@ -568,7 +566,7 @@ void given_setOfKeys_when_getKeysInvoked_then_getRelevantKeys() { * Test */ Iterable actualBundles = extService.getKeys( - "attr", + "my_domain", List.of(JsonWebKeyOperation.SIGN, JsonWebKeyOperation.VERIFY), List.of(JsonWebKeyType.RSA)) .subscribe() @@ -596,7 +594,7 @@ void given_setOfKeys_when_getKeyWithLongestExpInvoked_then_getRelevantKey() { * Test */ extService.getKeyWithLongestExp( - "attr", + "my_domain", List.of(JsonWebKeyOperation.SIGN, JsonWebKeyOperation.VERIFY), List.of(JsonWebKeyType.RSA)) .subscribe() @@ -621,7 +619,7 @@ void given_noKey_when_getKeyWithLongestExpInvoked_then_getEmpty() { * Test */ extService.getKeyWithLongestExp( - "attr", + "my_domain", List.of(JsonWebKeyOperation.SIGN, JsonWebKeyOperation.VERIFY), List.of(JsonWebKeyType.RSA)) .subscribe() @@ -629,4 +627,4 @@ void given_noKey_when_getKeyWithLongestExpInvoked_then_getEmpty() { .awaitItem() .assertItem(Optional.empty()); } -} +} \ No newline at end of file diff --git a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceWithNullSkiptokenTest.java b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceWithNullSkiptokenTest.java index 9689250..ed84e1d 100644 --- a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceWithNullSkiptokenTest.java +++ b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtReactiveServiceWithNullSkiptokenTest.java @@ -11,6 +11,7 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.List; +import java.util.Map; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -28,6 +29,7 @@ import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyBundle; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyItem; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyListResult; +import it.pagopa.swclient.mil.azureservices.keyvault.keys.util.KeyUtils; import jakarta.inject.Inject; /** @@ -156,51 +158,63 @@ private void setupWithNullSkiptoken() { KeyItem item__attr_ok__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_nbf__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_nbf) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_nbf_not_reached__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_nbf_not_reached) - .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_expired__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_expired) - .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_not_enabled__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_not_enabled) - .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_created) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_inconsistent_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_inconsistent_created) - .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyListResult keyListPage1 = new KeyListResult() .setValue(List.of( @@ -247,55 +261,68 @@ private void setupWithNullSkiptoken() { */ KeyItem version__attr_ok__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/shortest_exp"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/shortest_exp") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/longest_exp"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/longest_exp") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_nbf__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_nbf) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_nbf_not_reached__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_nbf_not_reached) - .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_expired__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_expired) - .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_not_enabled__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_not_enabled) - .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_created) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_inconsistent_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_inconsistent_created) - .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyListResult versionList__attr_ok__key_no_rsa_sign_verify = new KeyListResult() .setValue(List.of(version__attr_ok__key_no_rsa_sign_verify)); @@ -566,7 +593,7 @@ void given_setOfKeys_when_getKeysInvoked_then_getRelevantKeys() { * Test */ Iterable actualBundles = extService.getKeys( - "attr", + "my_domain", List.of(JsonWebKeyOperation.SIGN, JsonWebKeyOperation.VERIFY), List.of(JsonWebKeyType.RSA)) .subscribe() diff --git a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtServiceTest.java b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtServiceTest.java index a3ffa1b..01d7580 100644 --- a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtServiceTest.java +++ b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/service/AzureKeyVaultKeysExtServiceTest.java @@ -12,6 +12,7 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.List; +import java.util.Map; import java.util.stream.Stream; import org.junit.jupiter.api.AfterEach; @@ -29,6 +30,7 @@ import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyBundle; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyItem; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyListResult; +import it.pagopa.swclient.mil.azureservices.keyvault.keys.util.KeyUtils; import jakarta.inject.Inject; /** @@ -157,51 +159,63 @@ private void setup() { KeyItem item__attr_ok__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_ok_longest_exp__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_nbf__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_nbf) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_nbf_not_reached__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_nbf_not_reached) - .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_expired__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_expired) - .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_not_enabled__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_not_enabled) - .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_wo_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_created) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem item__attr_inconsistent_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_inconsistent_created) - .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify"); + .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyListResult keyList = new KeyListResult() .setValue(List.of( @@ -227,55 +241,68 @@ private void setup() { */ KeyItem version__attr_ok__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/shortest_exp"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/shortest_exp") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_no_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok) - .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok__key_rsa_no_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/longest_exp"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_sign_verify/longest_exp") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_no_rsa_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_no_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_ok_longest_exp__key_rsa_no_sign_verify = new KeyItem() .setAttributes(attr_ok_longest_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_ok_longest_exp__key_rsa_no_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_nbf__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_nbf) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_nbf__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_nbf_not_reached__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_nbf_not_reached) - .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_nbf_not_reached__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_expired__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_expired) - .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_expired__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_exp__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_exp) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_exp__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_not_enabled__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_not_enabled) - .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_not_enabled__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_wo_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_wo_created) - .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_wo_created__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyItem version__attr_inconsistent_created__key_rsa_sign_verify = new KeyItem() .setAttributes(attr_inconsistent_created) - .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify/dont_care"); + .setKid("https://myvault.vault.azure.net/keys/attr_inconsistent_created__key_rsa_sign_verify/dont_care") + .setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")); KeyListResult versionList__attr_ok__key_no_rsa_sign_verify = new KeyListResult() .setValue(List.of(version__attr_ok__key_no_rsa_sign_verify)); @@ -538,7 +565,7 @@ void given_setOfKeys_when_getKeysInvoked_then_getRelevantKeys() { * Test */ Stream actualBundles = extService.getKeys( - "attr", + "my_domain", List.of(JsonWebKeyOperation.SIGN, JsonWebKeyOperation.VERIFY), List.of(JsonWebKeyType.RSA)); @@ -564,11 +591,11 @@ void given_setOfKeys_when_getKeyWithLongestExpInvoked_then_getRelevantKey() { * Test */ KeyBundle actualKeyBundle = extService.getKeyWithLongestExp( - "attr", + "my_domain", List.of(JsonWebKeyOperation.SIGN, JsonWebKeyOperation.VERIFY), List.of(JsonWebKeyType.RSA)) .orElse(null); assertEquals(bundle__attr_ok_longest_exp__key_rsa_sign_verify, actualKeyBundle); } -} +} \ No newline at end of file diff --git a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtilsTest.java b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtilsTest.java index cac67b4..4ecf9b6 100644 --- a/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtilsTest.java +++ b/src/test/java/it/pagopa/swclient/mil/azureservices/keyvault/keys/util/KeyUtilsTest.java @@ -5,9 +5,11 @@ */ package it.pagopa.swclient.mil.azureservices.keyvault.keys.util; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; import java.util.List; +import java.util.Map; import org.junit.jupiter.api.Test; @@ -16,6 +18,7 @@ import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.JsonWebKeyType; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyAttributes; import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyBundle; +import it.pagopa.swclient.mil.azureservices.keyvault.keys.bean.KeyItem; /** * These added tests are needed to reach expected coverage! @@ -25,12 +28,35 @@ @QuarkusTest class KeyUtilsTest { /** - * Test method for - * {@link it.pagopa.swclient.mil.azureservices.keyvault.keys.util.KeyUtils#doesPrefixMatch(java.lang.String, java.lang.String)}. + * + */ + @Test + void testDoesDomainMatch_ok() { + assertTrue(KeyUtils.doesDomainMatch(new KeyItem().setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")), "my_domain")); + } + + /** + * + */ + @Test + void testDoesDomainMatch_wo_tags() { + assertFalse(KeyUtils.doesDomainMatch(new KeyItem(), "my_domain")); + } + + /** + * + */ + @Test + void testDoesDomainMatch_ko() { + assertFalse(KeyUtils.doesDomainMatch(new KeyItem().setTags(Map.of(KeyUtils.DOMAIN_KEY, "my_domain")), "different_domain")); + } + + /** + * */ @Test - void testDoesPrefixMatch() { - assertTrue(KeyUtils.doesPrefixMatch("key_name", null)); + void testDoesDomainMatch_wo_tag() { + assertFalse(KeyUtils.doesDomainMatch(new KeyItem().setTags(Map.of()), "my_domain")); } /**