diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index f7e76b744d4b699bceb908c9cafbdd12c9a5ef4c..3f9d1f66fcaa068ea0293e62e78d885c37a79ae6 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -50,7 +50,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.3.12-SNAPSHOT</version>
+ <version>0.3.12-deshruch-SNAPSHOT</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
diff --git a/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java b/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
index 6f9dfbc2c6d121cabca3d720e79a5046e7d487a9..6b59c6be24caddfb279ffd408e60c100200a566f 100644
--- a/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
+++ b/provider/notification-aws/src/main/java/org/opengroup/osdu/notification/provider/aws/impl/ServiceAccountJwtAwsClientImpl.java
@@ -12,39 +12,15 @@
// limitations under the License.
package org.opengroup.osdu.notification.provider.aws.impl;
-import com.amazonaws.auth.AWSCredentialsProvider;
-import com.amazonaws.services.secretsmanager.AWSSecretsManager;
-import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;
-import com.amazonaws.services.secretsmanager.model.*;
-import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
-import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClientBuilder;
-import com.amazonaws.services.simplesystemsmanagement.model.*;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.gson.JsonSyntaxException;
+
import lombok.AccessLevel;
import lombok.Getter;
import lombok.Setter;
-import org.opengroup.osdu.core.aws.entitlements.AccessToken;
-import org.opengroup.osdu.core.aws.iam.IAMConfig;
-import org.opengroup.osdu.core.common.http.HttpClient;
-import org.opengroup.osdu.core.common.http.HttpRequest;
-import org.opengroup.osdu.core.common.http.HttpResponse;
-import org.opengroup.osdu.core.common.http.IHttpClient;
-import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
-import org.opengroup.osdu.core.common.model.entitlements.EntitlementsException;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
-
-import java.io.IOException;
-
-import java.util.*;
@Component
public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient {
@@ -69,172 +45,14 @@ public class ServiceAccountJwtAwsClientImpl implements IServiceAccountJwtClient
public String environment;
- @Value("${aws.tokenUrl}")
- @Getter()
- public String tokenUrl;
-
- @Value("${aws.oauth.custom.scope}")
- private String awsOauthCustomScope;
-
- @Autowired
- private JaxRsDpsLog log;
-
-
- String client_credentials_secret;
- String client_credentials_clientid;
-
- private AWSCredentialsProvider amazonAWSCredentials;
- private AWSSimpleSystemsManagement ssmManager;
-
- @PostConstruct
- public void init() {
- if (ssmEnabled) {
- String client_credentials_client_id = "/osdu/" + environment + "/client-credentials-client-id";
- String client_secret_key = "client_credentials_client_secret";
- String client_secret_secretName = "/osdu/" + environment + "/client_credentials_secret";
-
- amazonAWSCredentials = IAMConfig.amazonAWSCredentials();
- ssmManager = AWSSimpleSystemsManagementClientBuilder.standard()
- .withCredentials(amazonAWSCredentials)
- .withRegion(amazonRegion)
- .build();
-
- GetParameterRequest paramRequest = new GetParameterRequest()
- .withName(client_credentials_client_id)
- .withWithDecryption(true);
- GetParameterResult paramResult = ssmManager.getParameter(paramRequest);
- Parameter paramsResult = paramResult.getParameter();
- client_credentials_clientid = paramsResult.getValue();
- client_credentials_secret = getSecret(client_secret_secretName,amazonRegion,client_secret_key);
-
- }
- }
-
@Override
public String getIdToken(String s) {
- String token= getServicePrincipalCredentials();
+ ServicePrincipal sp = new ServicePrincipal(amazonRegion,environment);
+ String token= sp.getServicePrincipalAccessToken();
return token;
}
- public String getServicePrincipalCredentials()
- {
- String token=null;
-
- Map<String,String> headers = new HashMap<>();
- String authorizationHeaderContents=getEncodedAuthorization(client_credentials_clientid,client_credentials_secret);
- headers.put("Authorization","Basic "+authorizationHeaderContents);
- headers.put("Content-Type", "application/x-www-form-urlencoded");
- IHttpClient httpClient = new HttpClient();
- String url = tokenUrl+"?grant_type=client_credentials&client_id="+client_credentials_clientid+"&scope="+awsOauthCustomScope;
- HttpRequest rq = HttpRequest.post().url(url).headers(headers).build();
-
-
- HttpResponse result = httpClient.send(rq);
- try {
- AccessToken accessToken = this.getResult(result, AccessToken.class);
-
- token = accessToken.getAccess_token();
-
- }catch(Exception e)
- {
- System.out.println("Could not parse AccessToken result to get access_token");
- }
- return "Bearer "+token;
- }
-
- public String getSecret(String secretName, String region,String secretKey) {
-
-
- String secretVaue="";
- // Create a Secrets Manager client
- AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard()
- .withRegion(region)
- .build();
-
- String secret="", decodedBinarySecret="";
- GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
- .withSecretId(secretName);
- GetSecretValueResult getSecretValueResult = null;
-
- try {
- getSecretValueResult = client.getSecretValue(getSecretValueRequest);
- } catch (DecryptionFailureException e) {
- // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (InternalServiceErrorException e) {
- // An error occurred on the server side.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (InvalidParameterException e) {
- // You provided an invalid value for a parameter.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (InvalidRequestException e) {
- // You provided a parameter value that is not valid for the current state of the resource.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- } catch (ResourceNotFoundException e) {
- // We can't find the resource that you asked for.
- // Deal with the exception here, and/or rethrow at your discretion.
- log.error("Error while setting up ServicePrincipalAccount"+e.getMessage());
- throw e;
- }
-
- // Decrypts secret using the associated KMS CMK.
- // Depending on whether the secret is a string or binary, one of these fields will be populated.
- if (getSecretValueResult.getSecretString() != null) {
- secret = getSecretValueResult.getSecretString();
- Map<String, String> secretMap=null;
-
- try
- {
- secretMap = new ObjectMapper().readValue(secret.getBytes(), Map.class);
-
- } catch (JsonParseException e) {
- log.error(e.getMessage());
- } catch (JsonMappingException e) {
- log.error(e.getMessage());
- } catch (IOException e) {
- log.error(e.getMessage());
- }
-
- secretVaue = secretMap.get(secretKey);
- }
-
-
- return secretVaue;
- }
-
-
- public String getEncodedAuthorization(String clientID, String clientSecret)
- {
- String base64Auth = Base64.getEncoder().encodeToString((clientID+":"+ clientSecret).getBytes());
- return base64Auth;
- }
-
- private <T> T getResult(HttpResponse result, Class<T> type) throws EntitlementsException {
- if (result.isSuccessCode()) {
- try {
- return result.parseBody(type);
- } catch (JsonSyntaxException e) {
- throw new EntitlementsException("Error parsing response. Check the inner HttpResponse for more info.",
- result);
- }
- } else {
- throw this.generateEntitlementsException(result);
- }
- }
-
- private EntitlementsException generateEntitlementsException(HttpResponse result) {
- return new EntitlementsException(
- "Could not generate accessToken in Notification Service with client_credentials flow.", result);
- }
}
diff --git a/testing/notification-test-aws/pom.xml b/testing/notification-test-aws/pom.xml
index 6b180e62eba58e20cf0eff968fff417d964541ec..834593efc730e5c59c7258f559e46cd44f70d4be 100644
--- a/testing/notification-test-aws/pom.xml
+++ b/testing/notification-test-aws/pom.xml
@@ -44,7 +44,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.3.12-SNAPSHOT</version>
+ <version>0.3.12-deshruch-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>