role packages refactor

key store dynamo implementation test with contract test technique

Author: mrFlick72

src/main/kotlin/com/vauthenticator/server/config/PermissionConfig.kt

@@ -6,9 +6,9 @@ import com.vauthenticator.server.cache.RedisCacheOperation
 import com.vauthenticator.server.oauth2.clientapp.domain.ClientApplicationRepository
 import com.vauthenticator.server.role.PermissionValidator
 import com.vauthenticator.server.role.RoleCacheContentConverter
-import com.vauthenticator.server.role.repository.CachedRoleRepository
-import com.vauthenticator.server.role.repository.dynamodb.DynamoDbRoleRepository
-import com.vauthenticator.server.role.repository.jdbc.JdbcRoleRepository
+import com.vauthenticator.server.role.adapter.CachedRoleRepository
+import com.vauthenticator.server.role.adapter.dynamodb.DynamoDbRoleRepository
+import com.vauthenticator.server.role.adapter.jdbc.JdbcRoleRepository
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.context.annotation.Bean

src/main/kotlin/com/vauthenticator/server/keys/adapter/jdbc/JdbcKeyStorage.kt

@@ -0,0 +1,37 @@
+package com.vauthenticator.server.keys.adapter.jdbc
+
+import com.vauthenticator.server.keys.domain.*
+import org.slf4j.LoggerFactory
+import java.time.Duration
+
+class JdbcKeyStorage : KeyStorage {
+
+    private val logger = LoggerFactory.getLogger(JdbcKeyStorage::class.java)
+
+    override fun store(
+        masterKid: MasterKid,
+        kid: Kid,
+        dataKey: DataKey,
+        keyType: KeyType,
+        keyPurpose: KeyPurpose
+    ) {
+        TODO()
+    }
+
+    override fun signatureKeys(): Keys {
+        TODO()
+    }
+
+    override fun findOne(kid: Kid, keyPurpose: KeyPurpose): Key {
+        TODO()
+    }
+
+    override fun justDeleteKey(kid: Kid, keyPurpose: KeyPurpose) {
+        TODO()
+    }
+
+    override fun keyDeleteJodPlannedFor(kid: Kid, ttl: Duration, keyPurpose: KeyPurpose) {
+        TODO()
+    }
+
+}

src/main/kotlin/com/vauthenticator/server/role/repository/CachedRoleRepository.kt renamed to src/main/kotlin/com/vauthenticator/server/role/adapter/CachedRoleRepository.kt

@@ -1,4 +1,4 @@
-package com.vauthenticator.server.role.repository
+package com.vauthenticator.server.role.adapter
 
 import com.vauthenticator.server.cache.CacheContentConverter
 import com.vauthenticator.server.cache.CacheOperation

src/main/kotlin/com/vauthenticator/server/role/repository/dynamodb/DynamoDbRoleRepository.kt renamed to src/main/kotlin/com/vauthenticator/server/role/adapter/dynamodb/DynamoDbRoleRepository.kt

@@ -1,4 +1,4 @@
-package com.vauthenticator.server.role.repository.dynamodb
+package com.vauthenticator.server.role.adapter.dynamodb
 
 import com.vauthenticator.server.role.DynamoDbRoleMapper
 import com.vauthenticator.server.role.ProtectedRoleFromDeletionException

src/main/kotlin/com/vauthenticator/server/role/repository/jdbc/JdbcRoleRepository.kt renamed to src/main/kotlin/com/vauthenticator/server/role/adapter/jdbc/JdbcRoleRepository.kt

@@ -1,4 +1,4 @@
-package com.vauthenticator.server.role.repository.jdbc
+package com.vauthenticator.server.role.adapter.jdbc
 
 import com.vauthenticator.server.role.ProtectedRoleFromDeletionException
 import com.vauthenticator.server.role.Role

src/test/kotlin/com/vauthenticator/server/account/repository/dynamodb/DynamoDbAbstractAccountRepositoryTest.kt

@@ -4,7 +4,7 @@ import com.vauthenticator.server.account.repository.AbstractAccountRepositoryTes
 import com.vauthenticator.server.account.repository.AccountRepository
 import com.vauthenticator.server.role.RoleRepository
 import com.vauthenticator.server.role.protectedRoleNames
-import com.vauthenticator.server.role.repository.dynamodb.DynamoDbRoleRepository
+import com.vauthenticator.server.role.adapter.dynamodb.DynamoDbRoleRepository
 import com.vauthenticator.server.support.DynamoDbUtils.dynamoAccountTableName
 import com.vauthenticator.server.support.DynamoDbUtils.dynamoDbClient
 import com.vauthenticator.server.support.DynamoDbUtils.dynamoRoleTableName

src/test/kotlin/com/vauthenticator/server/account/repository/jdbc/JdbcAccountRepositoryTest.kt

@@ -4,7 +4,7 @@ import com.vauthenticator.server.account.repository.AbstractAccountRepositoryTes
 import com.vauthenticator.server.account.repository.AccountRepository
 import com.vauthenticator.server.role.RoleRepository
 import com.vauthenticator.server.role.protectedRoleNames
-import com.vauthenticator.server.role.repository.jdbc.JdbcRoleRepository
+import com.vauthenticator.server.role.adapter.jdbc.JdbcRoleRepository
 import com.vauthenticator.server.support.JdbcUtils.jdbcTemplate
 import com.vauthenticator.server.support.JdbcUtils.resetDb
 

src/test/kotlin/com/vauthenticator/server/keys/adapter/AbstractKeyStorageTest.kt

@@ -0,0 +1,153 @@
+package com.vauthenticator.server.keys.adapter
+
+import com.vauthenticator.server.extentions.encoder
+import com.vauthenticator.server.extentions.valueAsStringFor
+import com.vauthenticator.server.keys.domain.KeyPurpose.MFA
+import com.vauthenticator.server.keys.domain.KeyPurpose.SIGNATURE
+import com.vauthenticator.server.keys.domain.KeyStorage
+import com.vauthenticator.server.keys.domain.KeyType.ASYMMETRIC
+import com.vauthenticator.server.keys.domain.KeyType.SYMMETRIC
+import com.vauthenticator.server.keys.domain.Keys
+import com.vauthenticator.server.keys.domain.Kid
+import com.vauthenticator.server.support.DynamoDbUtils.dynamoMfaKeysTableName
+import com.vauthenticator.server.support.DynamoDbUtils.dynamoSignatureKeysTableName
+import com.vauthenticator.server.support.KeysUtils.aKeyFor
+import com.vauthenticator.server.support.KeysUtils.aKid
+import com.vauthenticator.server.support.KeysUtils.aMasterKey
+import com.vauthenticator.server.support.KeysUtils.aSignatureDataKey
+import com.vauthenticator.server.support.KeysUtils.aSimmetricDataKey
+import com.vauthenticator.server.support.KeysUtils.anotherKid
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import software.amazon.awssdk.services.dynamodb.model.AttributeValue
+import java.time.Duration
+import java.time.Instant
+import kotlin.test.assertNotNull
+
+abstract class AbstractKeyStorageTest {
+
+    private val masterKid = aMasterKey
+    private val now = Instant.now()
+
+    private lateinit var uut: KeyStorage
+
+    abstract fun initKeyStorage(): KeyStorage
+    abstract fun resetDatabase()
+    abstract fun getActual(kid: Kid, tableName: String): MutableMap<String, AttributeValue>
+
+
+    @BeforeEach
+    fun setUp() {
+        resetDatabase()
+        uut = initKeyStorage()
+    }
+
+    @Test
+    fun `when store a new data key pair`() {
+        uut.store(masterKid, aKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+
+        val actual = getActual(aKid, dynamoSignatureKeysTableName)
+        assertEquals(aKid.content(), actual.valueAsStringFor("key_id"))
+        assertEquals(masterKid.content(), actual.valueAsStringFor("master_key_id"))
+        assertEquals(
+            encoder.encode(aSignatureDataKey.encryptedPrivateKey)
+                .decodeToString(), actual.valueAsStringFor("encrypted_private_key")
+        )
+        assertEquals(
+            encoder.encode(aSignatureDataKey.publicKey.get()).decodeToString(),
+            actual.valueAsStringFor("public_key")
+        )
+    }
+
+    @Test
+    fun `when store a new data key for mfa`() {
+        uut.store(masterKid, aKid, aSimmetricDataKey, SYMMETRIC, MFA)
+
+        val actual = getActual(aKid, dynamoMfaKeysTableName)
+        assertEquals(aKid.content(), actual.valueAsStringFor("key_id"))
+        assertEquals(masterKid.content(), actual.valueAsStringFor("master_key_id"))
+        assertEquals(
+            encoder.encode(aSimmetricDataKey.encryptedPrivateKey)
+                .decodeToString(), actual.valueAsStringFor("encrypted_private_key")
+        )
+    }
+
+    @Test
+    fun `when find an mfa key`() {
+        uut.store(masterKid, aKid, aSimmetricDataKey, SYMMETRIC, MFA)
+        val actual = uut.findOne(aKid, MFA)
+        val excpected = aKeyFor(masterKid.content(), aKid.content(), SYMMETRIC, MFA)
+        assertEquals(excpected, actual)
+    }
+
+    @Test
+    fun `when find an signature key`() {
+        uut.store(masterKid, aKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+        val actual = uut.findOne(aKid, SIGNATURE)
+        val excpected = aKeyFor(masterKid.content(), aKid.content(), ASYMMETRIC, SIGNATURE)
+        assertEquals(excpected, actual)
+    }
+
+    @Test
+    fun `when find all signature keys`() {
+        uut.store(masterKid, aKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+        uut.store(masterKid, anotherKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+        val actual = uut.signatureKeys()
+        val excpected = Keys(
+            listOf(
+                aKeyFor(masterKid.content(), aKid.content(), ASYMMETRIC, SIGNATURE),
+                aKeyFor(masterKid.content(), anotherKid.content(), ASYMMETRIC, SIGNATURE)
+            )
+        )
+        assertEquals(excpected, actual)
+    }
+
+    @Test
+    fun `when a signature key is deleted`() {
+        uut.store(masterKid, aKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+        val storedKey = uut.findOne(aKid, SIGNATURE)
+        assertNotNull(storedKey)
+
+        uut.justDeleteKey(aKid, SIGNATURE)
+        val actual = getActual(aKid, dynamoSignatureKeysTableName)
+        assertEquals(emptyMap<String, AttributeValue>(), actual)
+    }
+
+    @Test
+    fun `when a signature key planned  to be deleted`() {
+        uut.store(masterKid, aKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+        val storedKey = uut.findOne(aKid, SIGNATURE)
+        assertNotNull(storedKey)
+
+        val ttl = Duration.ofSeconds(1)
+        uut.keyDeleteJodPlannedFor(aKid, ttl, SIGNATURE)
+
+        val actual = getActual(aKid, dynamoSignatureKeysTableName)
+        val expectedTTl = now.epochSecond + 1
+        assertEquals(false, (actual["enabled"] as AttributeValue).bool())
+        assertEquals(expectedTTl, (actual["key_expiration_date_timestamp"] as AttributeValue).n().toLong())
+    }
+
+    @Test
+    fun `when a signature key deletion planning is ignored`() {
+        uut.store(masterKid, aKid, aSignatureDataKey, ASYMMETRIC, SIGNATURE)
+        val storedKey = uut.findOne(aKid, SIGNATURE)
+        assertNotNull(storedKey)
+
+        uut.keyDeleteJodPlannedFor(aKid, Duration.ofSeconds(1), SIGNATURE)
+
+        val actual = getActual(aKid, dynamoSignatureKeysTableName)
+        val expectedTTl = now.epochSecond + 1
+        assertEquals(false, (actual["enabled"] as AttributeValue).bool())
+        assertEquals(expectedTTl, (actual["key_expiration_date_timestamp"] as AttributeValue).n().toLong())
+
+        uut.keyDeleteJodPlannedFor(aKid, Duration.ofSeconds(10), SIGNATURE)
+
+        val actualAfterReplanning = getActual(aKid, dynamoSignatureKeysTableName)
+        val expectedTTlAfterReplanning = now.epochSecond + 1
+        assertEquals(false, (actualAfterReplanning["enabled"] as AttributeValue).bool())
+        assertEquals(expectedTTlAfterReplanning, (actualAfterReplanning["key_expiration_date_timestamp"] as AttributeValue).n().toLong())
+    }
+
+}