Pr comments

provider/register-azure/src/main/java/org/opengroup/osdu/register/provider/azure/di/AzureBootstrapConfig.java

@@ -84,7 +84,6 @@ public class AzureBootstrapConfig {
     }
 
     @Bean
-    @Named("CRYPTOGRAPHY_CLIENT")
     public CryptographyClient getCryptographyClient() {
         return new CryptographyClientBuilder()
                 .keyIdentifier(keyIdentifier)
@@ -93,7 +92,6 @@ public class AzureBootstrapConfig {
     }
 
     @Bean
-    @Named("EVENT_GRID_MANAGER")
     public EventGridManager eventGridManager() {
         AzureTokenCredentials azureTokenCredentials = getAzureTokenCredentials();
         return EventGridManager

provider/register-azure/src/main/java/org/opengroup/osdu/register/provider/azure/subscriber/SubscriptionDoc.java

@@ -38,6 +38,8 @@ public class SubscriptionDoc {
     private String secretType;
     private String secretValue;
     private String dataPartitionId;
+    private String keyName;
+    private String keyVersion;
 
     public SubscriptionDoc(Subscription subscription, String dataPartitionId){
         this.id = subscription.getId();

provider/register-azure/src/main/java/org/opengroup/osdu/register/provider/azure/subscriber/SubscriptionRepository.java

@@ -73,15 +73,25 @@ public class SubscriptionRepository implements ISubscriptionRepository {
         try {
             mutex.lock();
 
-            if(exists(input.getId())) {
-                logger.error("A subscriber already exists with the same topic and endpoint combination");
-                throw new AppException(409, "Conflict", "A subscriber already exists with the same topic and endpoint combination");
-            }
-
             SubscriptionDoc doc = new SubscriptionDoc(input, dpsHeaders.getPartitionId());
             String encryptedSecret = cryptographyUtil.encryptData(input.getSecret().toString());
             doc.setSecretValue(encryptedSecret);
-            cosmosStore.upsertItem(dpsHeaders.getPartitionId(), azureBootstrapConfig.getCosmosDBName(), cosmosContainerConfig.getSubscriptionContainerName(), doc);
+            doc.setKeyName(cryptographyUtil.getKeyName());
+            doc.setKeyVersion(cryptographyUtil.getKeyVersion());
+
+            try {
+                cosmosStore.createItem(dpsHeaders.getPartitionId(), azureBootstrapConfig.getCosmosDBName(), cosmosContainerConfig.getSubscriptionContainerName(), doc);
+            }
+            catch (AppException e) {
+                if(e.getError().getCode() == 409) {
+                    logger.error("A subscriber already exists with the same topic and endpoint combination");
+                    throw new AppException(409, "Conflict", "A subscriber already exists with the same topic and endpoint combination");
+                }
+                else {
+                    logger.error(e.getMessage());
+                    throw new AppException(e.getError().getCode(), e.getError().getReason(), e.getMessage());
+                }
+            }
 
             boolean isSubscriptionCreated = pushSubscription.createPushSubscription(input);
 
@@ -181,16 +191,12 @@ public class SubscriptionRepository implements ISubscriptionRepository {
     private boolean updateSecret(Subscription subscription, Secret secret) {
         SubscriptionDoc doc = new SubscriptionDoc(subscription, dpsHeaders.getPartitionId());
         doc.setSecretType(secret.getSecretType());
-        doc.setSecretValue(secret.toString());
+        doc.setSecretValue(cryptographyUtil.encryptData(secret.toString()));
 
         cosmosStore.upsertItem(dpsHeaders.getPartitionId(), azureBootstrapConfig.getCosmosDBName(), cosmosContainerConfig.getSubscriptionContainerName(), doc);
         return true;
     }
 
-    private boolean exists(String id) {
-        return cosmosStore.findItem(dpsHeaders.getPartitionId(), azureBootstrapConfig.getCosmosDBName(), cosmosContainerConfig.getSubscriptionContainerName(), id, dpsHeaders.getPartitionId(), SubscriptionDoc.class).isPresent();
-    }
-
     private Subscription convertToSubscriptionClass(SubscriptionDoc doc) {
 
         String secretValue = cryptographyUtil.decryptData(doc.getSecretValue());

provider/register-azure/src/main/java/org/opengroup/osdu/register/provider/azure/util/CryptographyUtil.java

@@ -4,6 +4,7 @@ import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
 import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
 import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
+import org.opengroup.osdu.register.provider.azure.di.AzureBootstrapConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -15,6 +16,9 @@ public class CryptographyUtil {
     @Autowired
     private CryptographyClient cryptographyClient;
 
+    @Autowired
+    private AzureBootstrapConfig azureBootstrapConfig;
+
     public String encryptData(String plainText) {
         EncryptResult encryptResult = cryptographyClient.encrypt(EncryptionAlgorithm.RSA_OAEP, plainText.getBytes());
         byte[] val = encryptResult.getCipherText();
@@ -26,4 +30,16 @@ public class CryptographyUtil {
         return new String(decryptResult.getPlainText(), StandardCharsets.UTF_8);
     }
 
+    public String getKeyName() {
+        String keyIdentifier = azureBootstrapConfig.getKeyIdentifier();
+        String[] stringArray = keyIdentifier.split("/");
+        return stringArray[stringArray.length-2];
+    }
+
+    public String getKeyVersion() {
+        String keyIdentifier = azureBootstrapConfig.getKeyIdentifier();
+        String[] stringArray = keyIdentifier.split("/");
+        return stringArray[stringArray.length-1];
+    }
+
 }

provider/register-azure/src/test/java/org/opengroup/osdu/register/provider/azure/subscriber/SubscriptionDocTest.java

@@ -26,21 +26,26 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
 @ExtendWith(MockitoExtension.class)
 public class SubscriptionDocTest {
 
+    private final static String id = "test-id";
+    private final static String name = "test-action";
+    private final static String description = "test-description";
+    private final static String topic = "test-topic";
+    private final static String pushEndpoint = "https://mycdn.com/img.png";
+    private final static String createdBy = "test-creator";
+    private final static Timestamp createdOnEpoch = new Timestamp(System.currentTimeMillis());
+    private final static String notificationId = "test-notification-id";
+    private final static String secretType = "HMAC";
+    private final static String secretValue = "test-secret-value";
+    private final static String dataPartitionId = "opendes";
+    private final static String keyName = "key-name";
+    private final static String keyVersion = "key-version";
+
+
     @Test
     public void shouldCreateActionDocWithAllArgsConstructorAndValidateSetters() {
-        String id = "test-id";
-        String name = "test-action";
-        String description = "test-description";
-        String topic = "test-topic";
-        String pushEndpoint = "https://mycdn.com/img.png";
-        String createdBy = "test-creator";
-        Timestamp createdOnEpoch = new Timestamp(System.currentTimeMillis());
-        String notificationId = "test-notification-id";
-        String secretType = "HMAC";
-        String secretValue = "test-secret-value";
-        String dataPartitionId = "opendes";
-
-        SubscriptionDoc doc = new SubscriptionDoc(id, name, description, topic, pushEndpoint, createdBy, createdOnEpoch, notificationId, secretType, secretValue,dataPartitionId);
+
+
+        SubscriptionDoc doc = new SubscriptionDoc(id, name, description, topic, pushEndpoint, createdBy, createdOnEpoch, notificationId, secretType, secretValue, dataPartitionId, keyName, keyVersion);
 
         assertNotNull(doc);
         assertEquals(id, doc.getId());
@@ -54,6 +59,8 @@ public class SubscriptionDocTest {
         assertEquals(secretType, doc.getSecretType());
         assertEquals(secretValue, doc.getSecretValue());
         assertEquals(dataPartitionId, doc.getDataPartitionId());
+        assertEquals(keyName, doc.getKeyName());
+        assertEquals(keyVersion, doc.getKeyVersion());
 
         String testParams = "new-param";
         Timestamp newTimestamp = new Timestamp(System.currentTimeMillis());
@@ -67,6 +74,8 @@ public class SubscriptionDocTest {
         doc.setCreatedOnEpoch(newTimestamp);
         doc.setNotificationId(doc.getNotificationId() + testParams);
         doc.setDataPartitionId(doc.getDataPartitionId() + testParams);
+        doc.setKeyName(doc.getKeyName() + testParams);
+        doc.setKeyVersion(doc.getKeyVersion() + testParams);
 
         assertEquals(id + testParams, doc.getId());
         assertEquals(name + testParams, doc.getName());
@@ -77,6 +86,8 @@ public class SubscriptionDocTest {
         assertEquals(newTimestamp, doc.getCreatedOnEpoch());
         assertEquals(notificationId + testParams, doc.getNotificationId());
         assertEquals(dataPartitionId + testParams, doc.getDataPartitionId());
+        assertEquals(keyName + testParams, doc.getKeyName());
+        assertEquals(keyVersion + testParams, doc.getKeyVersion());
 
     }
 

provider/register-azure/src/test/java/org/opengroup/osdu/register/provider/azure/subscriber/SubscriptionRepositoryTest.java

@@ -48,6 +48,7 @@ import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
@@ -112,9 +113,8 @@ public class SubscriptionRepositoryTest {
 
     @Test
     public void createSubscriptionThrows409WhenIdExists() {
-        Optional<SubscriptionDoc> cosmosItem = Optional.of(new SubscriptionDoc());
 
-        doReturn(cosmosItem).when(cosmosStore).findItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), eq(subscriptionId), eq(dataPartitionId), any());
+        doThrow(new AppException(409, "Reason", "Message")).when(cosmosStore).createItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), any());
 
         AppException exception = assertThrows(AppException.class, () -> {
             repo.create(subscription);
@@ -123,7 +123,8 @@ public class SubscriptionRepositoryTest {
         assertEquals(409, exception.getError().getCode());
         assertEquals("Conflict", exception.getError().getReason());
         assertEquals("A subscriber already exists with the same topic and endpoint combination", exception.getError().getMessage());
-        verify(cosmosStore, times(1)).findItem(dataPartitionId, cosmosDatabase, subscriptionContainer, subscriptionId, dataPartitionId, SubscriptionDoc.class);
+        verify(cryptographyUtil, times(1)).getKeyName();
+        verify(cryptographyUtil, times(1)).getKeyVersion();
         verify(cosmosContainerConfig, times(1)).getSubscriptionContainerName();
         verify(subscription, times(1)).getId();
         verify(dpsHeaders, times(2)).getPartitionId();
@@ -131,34 +132,31 @@ public class SubscriptionRepositoryTest {
     }
 
     @Test
-    public void createSubscriptionDocumentInsertedSuccessfullyAndPushSubscriptionCreated() throws Exception {
+    public void createSubscriptionDocumentInsertedSuccessfullyAndPushSubscriptionCreated() {
 
-        Optional<SubscriptionDoc> cosmosItem = Optional.empty();
-        doReturn(cosmosItem).when(cosmosStore).findItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), eq(subscriptionId), eq(dataPartitionId), any());
-        doNothing().when(cosmosStore).upsertItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), any());
+        doNothing().when(cosmosStore).createItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), any());
         doReturn(true).when(pushSubscription).createPushSubscription(subscription);
         when(cryptographyUtil.encryptData(secretValue)).thenReturn("some-string");
 
         Subscription output = repo.create(subscription);
 
         assertEquals(subscription, output);
-        verify(cosmosStore, times(1)).findItem(dataPartitionId, cosmosDatabase, subscriptionContainer, subscriptionId, dataPartitionId, SubscriptionDoc.class);
-        verify(azureBootstrapConfig, times(2)).getCosmosDBName();
-        verify(cosmosContainerConfig, times(2)).getSubscriptionContainerName();
-        verify(dpsHeaders, times(4)).getPartitionId();
+        verify(azureBootstrapConfig, times(1)).getCosmosDBName();
+        verify(cosmosContainerConfig, times(1)).getSubscriptionContainerName();
+        verify(dpsHeaders, times(2)).getPartitionId();
         verify(cryptographyUtil, times(1)).encryptData(secretValue);
+        verify(cryptographyUtil, times(1)).getKeyName();
+        verify(cryptographyUtil, times(1)).getKeyVersion();
         verify(pushSubscription, times(1)).createPushSubscription(subscription);
         verify(subscription, times(3)).getSecret();
-        verify(subscription, times(2)).getId();
+        verify(subscription, times(1)).getId();
         verifyCallsToSubscriptionMock();
     }
 
     @Test
     public void createSubscriptionDocumentInsertedSuccessfullyButPushSubscriptionCreationFailed() throws Exception {
 
-        Optional<SubscriptionDoc> cosmosItem = Optional.empty();
-        doReturn(cosmosItem).when(cosmosStore).findItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), eq(subscriptionId), eq(dataPartitionId), any());
-        doNothing().when(cosmosStore).upsertItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), any());
+        doNothing().when(cosmosStore).createItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), any());
         doNothing().when(cosmosStore).deleteItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), eq(subscriptionId), eq(dataPartitionId));
         doReturn(false).when(pushSubscription).createPushSubscription(subscription);
         when(cryptographyUtil.encryptData(secretValue)).thenReturn("some-string");
@@ -173,13 +171,14 @@ public class SubscriptionRepositoryTest {
         assertEquals("Unexpected error creating subscription", exception.getError().getMessage());
 
         verify(cosmosStore, times(1)).deleteItem(dataPartitionId, cosmosDatabase, subscriptionContainer, subscriptionId, dataPartitionId);
-        verify(cosmosStore, times(1)).findItem(dataPartitionId, cosmosDatabase, subscriptionContainer, subscriptionId, dataPartitionId, SubscriptionDoc.class);
-        verify(azureBootstrapConfig, times(3)).getCosmosDBName();
-        verify(cosmosContainerConfig, times(3)).getSubscriptionContainerName();
-        verify(subscription, times(3)).getId();
+        verify(azureBootstrapConfig, times(2)).getCosmosDBName();
+        verify(cosmosContainerConfig, times(2)).getSubscriptionContainerName();
+        verify(subscription, times(2)).getId();
         verify(subscription, times(3)).getSecret();
-        verify(dpsHeaders, times(6)).getPartitionId();
+        verify(dpsHeaders, times(4)).getPartitionId();
         verify(cryptographyUtil, times(1)).encryptData(secretValue);
+        verify(cryptographyUtil, times(1)).getKeyName();
+        verify(cryptographyUtil, times(1)).getKeyVersion();
         verify(pushSubscription, times(1)).createPushSubscription(subscription);
         verify(logger, times(1)).error("Unexpected error creating subscription");
         verifyCallsToSubscriptionMock();
@@ -331,6 +330,7 @@ public class SubscriptionRepositoryTest {
         Secret secret = Mockito.mock(Secret.class);
         when(secret.getSecretType()).thenReturn(secretType);
         when(secret.toString()).thenReturn(secretValue);
+        when(cryptographyUtil.encryptData(secretValue)).thenReturn(secretValue);
         doNothing().when(cosmosStore).upsertItem(eq(dataPartitionId), eq(cosmosDatabase), eq(subscriptionContainer), any());
 
         boolean output = repo.patch(subscription, secret);
@@ -339,6 +339,7 @@ public class SubscriptionRepositoryTest {
         verify(secret, times(1)).getSecretType();
         verify(subscription, times(1)).getId();
         verify(subscription, times(2)).getSecret();
+        verify(cryptographyUtil, times(1)).encryptData(secretValue);
         verifyCallsToSubscriptionMock();
     }
 

provider/register-azure/src/test/java/org/opengroup/osdu/register/provider/azure/util/CryptographyUtilTest.java

@@ -23,6 +23,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import org.opengroup.osdu.register.provider.azure.di.AzureBootstrapConfig;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.Mockito.doReturn;
@@ -36,6 +37,7 @@ public class CryptographyUtilTest {
     private static final String plainText = "plain-text";
     private static final byte[] bytesArray = new byte[] {1,2,3,4};
     private static final String encodedData = "AQIDBA==";
+    private static final String keyIdentifier = "https://haaggarw-test-vault.vault.azure.net/keys/test-key/key-version";
 
     @InjectMocks
     private CryptographyUtil cryptographyUtil;
@@ -49,6 +51,9 @@ public class CryptographyUtilTest {
     @Mock
     private DecryptResult decryptResult;
 
+    @Mock
+    private AzureBootstrapConfig azureBootstrapConfig;
+
     @Test
     public void shouldSuccessfullyReturnEncryptedData() {
         when(encryptResult.getCipherText()).thenReturn(bytesArray);
@@ -73,4 +78,22 @@ public class CryptographyUtilTest {
         verify(decryptResult, times(1)).getPlainText();
     }
 
+    @Test
+    public void shouldReturnKeyName() {
+        when(azureBootstrapConfig.getKeyIdentifier()).thenReturn(keyIdentifier);
+        String result = cryptographyUtil.getKeyName();
+
+        assertEquals("test-key", result);
+        verify(azureBootstrapConfig, times(1)).getKeyIdentifier();
+    }
+
+    @Test
+    public void shouldReturnKeyVersion() {
+        when(azureBootstrapConfig.getKeyIdentifier()).thenReturn(keyIdentifier);
+
+        String result = cryptographyUtil.getKeyVersion();
+        assertEquals("key-version", result);
+        verify(azureBootstrapConfig, times(1)).getKeyIdentifier();
+    }
+
 }