Adding fixes after disposable UPS functionality

LMCROSSITXSADEPLOY-2301

Author: karrgov

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/security/encryption/AesEncryptionUtil.java

@@ -21,9 +21,6 @@ public class AesEncryptionUtil {
 
     public static byte[] encrypt(String plainText, byte[] encryptionKey) {
         try {
-            if (plainText == null) {
-                plainText = "";
-            }
             byte[] gcmInitialisationVector = new byte[Constants.INITIALISATION_VECTOR_LENGTH];
             new SecureRandom().nextBytes(gcmInitialisationVector);
 
@@ -67,7 +64,7 @@ private static Cipher setUpCipherObject(byte[] encryptionKey, byte[] gcmInitiali
         Cipher cipherObject = Cipher.getInstance(Constants.CIPHER_TRANSFORMATION_NAME, BouncyCastleFipsProvider.PROVIDER_NAME);
         SecretKeySpec secretKeySpec = new SecretKeySpec(encryptionKey, Constants.ENCRYPTION_DECRYPTION_ALGORITHM_NAME);
         GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(Constants.GCM_AUTHENTICATION_TAG_LENGTH, gcmInitialisationVector);
-        
+
         cipherObject.init(cipherMode, secretKeySpec, gcmParameterSpec);
 
         return cipherObject;

multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/security/encryption/AesEncryptionUtilTest.java

@@ -20,6 +20,7 @@
 public class AesEncryptionUtilTest {
 
     private static final byte[] KEY_FOR_256_32_BYTES = "abcdefghijklmnopqrstuvwxyz123456".getBytes(StandardCharsets.UTF_8);
+    private static final byte[] SECOND_KEY_FOR_256_32_BYTES = "0123456789abcdef0123456789ABCDEF".getBytes(StandardCharsets.UTF_8);
 
     @BeforeAll
     static void addBouncyCastleProvider() throws Exception {
@@ -87,8 +88,7 @@ void testEncryptDecryptFlowWhenWrongEncryptionKey() {
         String plainText = "top secret";
         byte[] encrypted = AesEncryptionUtil.encrypt(plainText, KEY_FOR_256_32_BYTES);
 
-        byte[] differentValidKey = "0123456789abcdef0123456789ABCDEF".getBytes(StandardCharsets.UTF_8);
-        assertThrows(SLException.class, () -> AesEncryptionUtil.decrypt(encrypted, differentValidKey));
+        assertThrows(SLException.class, () -> AesEncryptionUtil.decrypt(encrypted, SECOND_KEY_FOR_256_32_BYTES));
     }
 
     @Test

multiapps-controller-process/src/main/java/module-info.java

@@ -36,7 +36,6 @@
     requires flowable.variable.service.api;
     requires jakarta.annotation;
     requires jakarta.persistence;
-    requires java.annotation;
     requires java.sql;
     requires jakarta.xml.bind;
     requires jakarta.inject;
@@ -52,23 +51,18 @@
     requires org.cloudfoundry.multiapps.controller.persistence;
     requires org.cloudfoundry.multiapps.mta;
     requires org.joda.time;
-    requires org.mybatis;
     requires org.slf4j;
     requires spring.beans;
     requires spring.context;
     requires spring.core;
     requires spring.security.oauth2.core;
     requires spring.web;
-    requires tools.jackson.databind;
     requires reactor.netty;
     requires io.netty.handler;
     requires io.netty.transport;
 
     requires static java.compiler;
     requires static org.immutables.value;
     requires org.cloudfoundry.multiapps.controller.shutdown.client;
-    requires org.checkerframework.checker.qual;
-    requires s3;
-    requires org.eclipse.persistence.jpa;
 
 }

multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/Constants.java

@@ -35,6 +35,7 @@ public class Constants {
     public static final String DOUBLE_APPENDED_STRING = "%s%s";
     public static final String TRIPLE_APPENDED_STRING = "%s%s%s";
     public static final String SECURE_EXTENSION_DESCRIPTOR_ID = "__mta.secure";
+    public static final String STRING_SEPARATOR = "-";
 
     public static final Long UNSET_LAST_LOG_TIMESTAMP_MS = 0L;
     public static final int LOG_STALLED_TASK_MINUTE_INTERVAL = 5;

multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/Messages.java

@@ -84,7 +84,7 @@ public class Messages {
     public static final String SERVICE_INSTANCE_0_TAGS_UPDATE_FAILED_ERROR_1 = "Service instance: \"{0}\" tags update failed, error: \"{1}\"";
     public static final String COULD_NOT_RETRIEVE_USER_PROVIDED_SERVICE_INSTANCE_ENCRYPTION_RELATED = "Could not retrieve service instance (user provided service instance for encryption/decryption related)!";
     public static final String COULD_NOT_RETRIEVE_CREDENTIALS_FROM_USER_PROVIDED_SERVICE_INSTANCE_ENCRYPTION_RELATED = "Could not retrieve credentials from service instance (user provided service instance for encryption/decryption related)!";
-    public static final String JSON_TRANSFORMATION_FAILED_FOR_VARIABLE_0 = "Secret token JSON transformation failed for variable \"{0}\":";
+    public static final String JSON_TRANSFORMATION_FAILED_FOR_VARIABLE_0 = "Secret token JSON transformation failed for variable \"{0}\": \"{1}\"";
     public static final String SECRET_VALUE_NOT_FOUND_FOR_TOKEN_0_PID_1_VARIABLE_2 = "Secret value not found for token \"{0}\" (process instance id=\"{1}\", variable=\"{2}\")";
     public static final String INVALID_ENCRYPTION_KEY_LENGTH = "Length of the encryption key is invalid - it must be 32 characters long!";
     public static final String MISSING_MTA_ID_IN_ENCRYPTION_KEY_RESOLVER = "Missing mtaId in encryption key resolver! Cannot continue from here!";
@@ -801,8 +801,8 @@ public class Messages {
 
     public static final String SECURE_EXTENSION_DESCRIPTOR_CONSTRUCTED_AND_APPLIED_FROM_ENVIRONMENT_VARIABLES = "\n\"SECURE EXTENSION DESCRIPTOR CONSTRUCTED AND APPLIED FROM ENVIRONMENT VARIABLES\"";
     public static final String DISPOSABLE_USER_PROVIDED_SERVICE_0_DELETED = "Disposable user-provided service \"{0}\" deleted";
-    public static final String USING_DISPOSABLE_USER_PROVIDED_SERVICE_0_ = "Using disposable user-provided service \"{0}\"";
-    public static final String USING_DEFAULT_USER_PROVIDED_SERVICE_0_ = "Using default user-provided service \"{0}\"";
+    public static final String USING_DISPOSABLE_USER_PROVIDED_SERVICE_0 = "Using disposable user-provided service \"{0}\"";
+    public static final String USING_DEFAULT_USER_PROVIDED_SERVICE_0 = "Using default user-provided service \"{0}\"";
     public static final String TOTAL_SIZE_OF_ALL_RESOLVED_CONTENT_0 = "Total size for all resolved content {0}";
     public static final String STARTED_SHUTTING_DOWN_APPLICATION_WITH_ID_AND_INDEX = "Started shutting down application with ID: \"{0}\" and index: \"{1}\"";
     public static final String SHUT_DOWN_APPLICATION_WITH_ID_AND_INDEX_FINISHED_SUCCESSFULLY = "Shut down application with ID: \"{0}\" and index: \"{1}\" finished successfully";

multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/security/SecretParametersCollector.java

@@ -28,9 +28,7 @@
 import org.cloudfoundry.multiapps.mta.model.Resource;
 import org.cloudfoundry.multiapps.mta.model.ResourceType;
 import org.cloudfoundry.multiapps.mta.model.Visitor;
-import org.springframework.stereotype.Component;
 
-@Component
 public class SecretParametersCollector extends Visitor {
 
     private final Set<String> secretParameters = new HashSet<>();
@@ -63,15 +61,16 @@ private void addInNestedParameters(Map.Entry<String, Collection<String>> element
                 continue;
             }
 
-            shouldBeAddedInNestedParameters(secretParameters, nestedParameters, value, currentParameterName);
+            determineWhetherToAddInNestedParameters(nestedParameters, value, currentParameterName);
         }
     }
 
-    private void shouldBeAddedInNestedParameters(Set<String> secretParameters, Set<String> nestedParameters, String value,
-                                                 String currentParameterName) {
+    private void determineWhetherToAddInNestedParameters(Set<String> nestedParameters, String value,
+                                                         String currentParameterName) {
         for (String secretParameter : secretParameters) {
             if (!secretParameter.isEmpty() && value.contains(secretParameter)) {
                 nestedParameters.add(currentParameterName);
+                break;
             }
         }
     }

multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/security/SecretTokenSerializer.java

@@ -23,20 +23,16 @@
 import org.cloudfoundry.multiapps.controller.process.security.util.SecretTokenUtil;
 import org.cloudfoundry.multiapps.controller.process.variables.Serializer;
 import org.flowable.common.engine.api.variable.VariableContainer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 public class SecretTokenSerializer<T> implements Serializer<T> {
 
-    private static final Logger LOGGER = LoggerFactory.getLogger(SecretTokenSerializer.class);
-
     private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper().enable(DeserializationFeature.FAIL_ON_TRAILING_TOKENS);
 
     private final Serializer<T> serializer;
 
     private final SecretTokenStore secretTokenStore;
 
-    private final Set<String> secretValues;
+    private final Set<String> secretValueNames;
 
     private final String processInstanceId;
 
@@ -47,7 +43,7 @@ public SecretTokenSerializer(Serializer<T> serializer, SecretTokenStore secretTo
                                  String variableName) {
         this.serializer = serializer;
         this.secretTokenStore = secretTokenStore;
-        this.secretValues = secretValues;
+        this.secretValueNames = secretValues;
         this.processInstanceId = processInstanceId;
         this.variableName = variableName;
     }
@@ -140,19 +136,21 @@ private Object handleBytes(byte[] bytesArray, boolean censor) {
 
     private Object handleList(List<Object> list, boolean censor) {
         return list.stream()
-                   .map(element -> {
-                       if (element instanceof String) {
-                           String transformedJson = transformJson((String) element, censor);
-                           return getResultFromTransformedJson(transformedJson, element, false);
-                       } else if (element instanceof byte[]) {
-                           String transformedJson = transformJson(new String((byte[]) element), censor);
-                           return getResultFromTransformedJson(transformedJson, element, true);
-                       }
-                       return element;
-                   })
+                   .map(element -> transformListElement(element, censor))
                    .collect(Collectors.toList());
     }
 
+    private Object transformListElement(Object element, boolean censor) {
+        if (element instanceof String) {
+            String transformedJson = transformJson((String) element, censor);
+            return getResultFromTransformedJson(transformedJson, element, false);
+        } else if (element instanceof byte[]) {
+            String transformedJson = transformJson(new String((byte[]) element), censor);
+            return getResultFromTransformedJson(transformedJson, element, true);
+        }
+        return element;
+    }
+
     private Object getResultFromTransformedJson(String transformedJson, Object element, boolean isElementInstanceOfByte) {
         if (transformedJson != null) {
             if (!isElementInstanceOfByte) {
@@ -166,43 +164,28 @@ private Object getResultFromTransformedJson(String transformedJson, Object eleme
     }
 
     private String transformJson(String candidate, boolean censor) {
-        if (!isValid(candidate)) {
-            return null;
-        }
-
         try {
             JsonNode rootNode = OBJECT_MAPPER.readTree(candidate);
             AtomicBoolean changed = new AtomicBoolean();
-            JsonNode output = processJsonValue(rootNode, secretValues, censor, changed);
+            JsonNode output = processJsonValue(rootNode, secretValueNames, censor, changed);
 
             if (changed.get()) {
                 return OBJECT_MAPPER.writeValueAsString(output);
             }
             return null;
-        } catch (Exception e) {
-            LOGGER.info("transformJson failed for var {} (more info = {}): {}: {}", variableName, candidate, e.getClass()
-                                                                                                              .getSimpleName(),
-                        e.getMessage());
-            throw new SLException(MessageFormat.format(Messages.JSON_TRANSFORMATION_FAILED_FOR_VARIABLE_0, variableName), e);
-        }
-    }
-
-    public boolean isValid(String json) {
-        try {
-            OBJECT_MAPPER.readTree(json);
         } catch (JacksonException e) {
-            return false;
+            throw new SLException(MessageFormat.format(Messages.JSON_TRANSFORMATION_FAILED_FOR_VARIABLE_0, variableName, e.getMessage()),
+                                  e);
         }
-        return true;
     }
 
-    private JsonNode processJsonValue(JsonNode currentNode, Set<String> keys, boolean censor, AtomicBoolean changed) {
+    private JsonNode processJsonValue(JsonNode currentNode, Set<String> secretValueNames, boolean censor, AtomicBoolean changed) {
         if (currentNode.isObject()) {
-            return processObjectNode(currentNode, keys, censor, changed);
+            return processObjectNode(currentNode, secretValueNames, censor, changed);
         }
 
         if (currentNode.isArray()) {
-            return processArrayNode(currentNode, keys, censor, changed);
+            return processArrayNode(currentNode, secretValueNames, censor, changed);
         }
 
         if (currentNode.isTextual()) {
@@ -212,7 +195,7 @@ private JsonNode processJsonValue(JsonNode currentNode, Set<String> keys, boolea
         return currentNode;
     }
 
-    private JsonNode processObjectNode(JsonNode currentNode, Set<String> keys, boolean censor, AtomicBoolean changed) {
+    private JsonNode processObjectNode(JsonNode currentNode, Set<String> secretValueNames, boolean censor, AtomicBoolean changed) {
         ObjectNode objectNode = currentNode.deepCopy();
 
         List<String> fields = new ArrayList<>();
@@ -221,36 +204,40 @@ private JsonNode processObjectNode(JsonNode currentNode, Set<String> keys, boole
         while (fieldsIterator.hasNext()) {
             fields.add(fieldsIterator.next());
         }
+        processObjectNodeFields(fields, objectNode, changed, censor);
 
+        return objectNode;
+    }
+
+    private void processObjectNodeFields(List<String> fields, ObjectNode objectNode, AtomicBoolean changed, boolean censor) {
         for (String currentField : fields) {
             JsonNode childNode = objectNode.get(currentField);
-            JsonNode processedNode = processJsonValue(childNode, keys, censor, changed);
+            JsonNode processedNode = processJsonValue(childNode, secretValueNames, censor, changed);
 
-            boolean isCurrentKeySecretValue = keys.contains(currentField);
-            determineWhetherToCensorOrUncensor(childNode, processedNode, objectNode, currentField, censor, isCurrentKeySecretValue,
-                                               changed);
+            boolean isCurrentKeySecretValue = secretValueNames.contains(currentField);
+            determineWhetherToEncodeOrDecode(childNode, processedNode, objectNode, currentField, censor, isCurrentKeySecretValue,
+                                             changed);
         }
-        return objectNode;
     }
 
-    private void determineWhetherToCensorOrUncensor(JsonNode childNode, JsonNode processedNode, ObjectNode objectNode, String currentField,
-                                                    boolean censor, boolean isCurrentKeySecretValue, AtomicBoolean changed) {
+    private void determineWhetherToEncodeOrDecode(JsonNode childNode, JsonNode processedNode, ObjectNode objectNode, String currentField,
+                                                  boolean censor, boolean isCurrentKeySecretValue, AtomicBoolean changed) {
         if (isCurrentKeySecretValue && childNode.isValueNode()) {
             String currentValue = convertChildNodeToText(childNode);
             if (censor) {
-                censorValue(objectNode, currentValue, currentField, changed);
+                encodeValue(objectNode, currentValue, currentField, changed);
             } else {
-                uncensorValue(objectNode, currentValue, currentField, changed, processedNode);
+                decodeValue(objectNode, currentValue, currentField, changed, processedNode);
             }
         } else {
             objectNode.set(currentField, processedNode);
         }
     }
 
-    private JsonNode processArrayNode(JsonNode currentNode, Set<String> keys, boolean censor, AtomicBoolean changed) {
+    private JsonNode processArrayNode(JsonNode currentNode, Set<String> secretValueNames, boolean censor, AtomicBoolean changed) {
         ArrayNode arrayNode = currentNode.deepCopy();
         for (int i = 0; i < arrayNode.size(); i++) {
-            arrayNode.set(i, processJsonValue(arrayNode.get(i), keys, censor, changed));
+            arrayNode.set(i, processJsonValue(arrayNode.get(i), secretValueNames, censor, changed));
         }
         return arrayNode;
     }
@@ -265,7 +252,7 @@ private JsonNode processTextualNode(JsonNode currentNode, boolean censor, Atomic
         return currentNode;
     }
 
-    private void censorValue(ObjectNode objectNode, String currentValue, String currentField, AtomicBoolean changed) {
+    private void encodeValue(ObjectNode objectNode, String currentValue, String currentField, AtomicBoolean changed) {
         if (SecretTokenUtil.isSecretToken(currentValue) || isPlaceholder(currentValue)) {
             objectNode.put(currentField, currentValue);
         } else {
@@ -274,8 +261,8 @@ private void censorValue(ObjectNode objectNode, String currentValue, String curr
         }
     }
 
-    private void uncensorValue(ObjectNode objectNode, String currentValue, String currentField, AtomicBoolean changed,
-                               JsonNode processedNode) {
+    private void decodeValue(ObjectNode objectNode, String currentValue, String currentField, AtomicBoolean changed,
+                             JsonNode processedNode) {
         if (SecretTokenUtil.isSecretToken(currentValue)) {
             String detokenizedValue = detokenize(currentValue);
             JsonNode jsonConverted = forceToInteger(detokenizedValue);