Lookup user keys only once when iterating vaults.

Author: dkocher

hub/src/main/java/ch/iterate/hub/protocols/hub/HubStorageVaultSyncSchedulerService.java

@@ -30,6 +30,7 @@
 import ch.iterate.hub.client.model.VaultDto;
 import ch.iterate.hub.core.FirstLoginDeviceSetupCallback;
 import ch.iterate.hub.core.FirstLoginDeviceSetupCallbackFactory;
+import ch.iterate.hub.crypto.UserKeys;
 import ch.iterate.hub.crypto.uvf.VaultMetadataJWEBackendDto;
 import ch.iterate.hub.protocols.hub.exceptions.HubExceptionMappingService;
 import ch.iterate.hub.workflows.UserKeysServiceImpl;
@@ -62,6 +63,7 @@ public List<VaultDto> operate(final PasswordCallback callback) throws Background
         final FirstLoginDeviceSetupCallback prompt = FirstLoginDeviceSetupCallbackFactory.get();
         log.info("Bookmark sync for {}", session.getHost());
         try {
+            final UserKeys userKeys = new UserKeysServiceImpl(session).getUserKeys(session.getHost(), prompt);
             final List<VaultDto> vaults = new VaultResourceApi(session.getClient()).apiVaultsAccessibleGet(null);
             for(final VaultDto vaultDto : vaults) {
                 try {
@@ -79,7 +81,9 @@ public List<VaultDto> operate(final PasswordCallback callback) throws Background
                     }
                     else {
                         log.info("Adding bookmark for vault {} in hub {}", vaultDto, session.getHost());
-                        final Host bookmark = this.toBookmark(vaultId, prompt);
+                        // Find storage configuration in vault metadata
+                        final VaultMetadataJWEBackendDto vaultMetadata = new VaultServiceImpl(session).getVaultMetadataJWE(vaultId, userKeys).storage();
+                        final Host bookmark = toBookmark(session.getHost(), vaultId, vaultMetadata);
                         if(bookmark.getCredentials().isPasswordAuthentication()) {
                             log.warn("Save static access tokens for {} in keychain", vaultDto);
                             final HostPasswordStore keychain = PasswordStoreFactory.get();
@@ -93,29 +97,15 @@ public List<VaultDto> operate(final PasswordCallback callback) throws Background
                 catch(AccessDeniedException e) {
                     log.info("Access not granted yet, ignoring vault {} ({}) for hub {}", vaultDto.getName(), vaultDto.getId(), session.getHost(), e);
                 }
-                catch(AccessException | SecurityFailure e) {
-                    throw new InteroperabilityException(LocaleFactory.localizedString("Login failed", "Credentials"), e);
-                }
             }
             return vaults;
         }
         catch(ApiException e) {
             log.error("Scheduler for {}: Syncing vaults failed.", session, e);
             throw new HubExceptionMappingService().map(e);
         }
-    }
-
-    public Host toBookmark(final UUID vaultId, final FirstLoginDeviceSetupCallback prompt) throws AccessException, BackgroundException, SecurityFailure {
-        final UserKeysServiceImpl userKeysService = new UserKeysServiceImpl(session);
-        final VaultServiceImpl vaultService = new VaultServiceImpl(session);
-        // Find storage configuration in vault metadata
-        try {
-            final VaultMetadataJWEBackendDto vaultMetadata = vaultService.getVaultMetadataJWE(vaultId,
-                    userKeysService.getUserKeys(session.getHost(), prompt)).storage();
-            return toBookmark(session.getHost(), vaultId, vaultMetadata);
-        }
-        catch(ApiException e) {
-            throw new HubExceptionMappingService().map(e);
+        catch(AccessException | SecurityFailure e) {
+            throw new InteroperabilityException(LocaleFactory.localizedString("Login failed", "Credentials"), e);
         }
     }
 

hub/src/main/java/ch/iterate/hub/workflows/CreateVaultService.java

@@ -34,7 +34,6 @@
 import ch.iterate.hub.client.model.CreateS3STSBucketDto;
 import ch.iterate.hub.client.model.UserDto;
 import ch.iterate.hub.client.model.VaultDto;
-import ch.iterate.hub.core.FirstLoginDeviceSetupCallbackFactory;
 import ch.iterate.hub.crypto.UserKeys;
 import ch.iterate.hub.crypto.uvf.UvfMetadataPayload;
 import ch.iterate.hub.crypto.uvf.VaultMetadataJWEAutomaticAccessGrantDto;
@@ -67,24 +66,21 @@ public CreateVaultService(final HubSession hubSession) {
         this.hubSession = hubSession;
     }
 
-    public void createVault(final StorageProfileDtoWrapper storageProfileWrapper, final CreateVaultModel vaultModel) throws ApiException, AccessException, SecurityFailure, BackgroundException {
+    public void createVault(final UserKeys userKeys, final StorageProfileDtoWrapper storageProfileWrapper, final CreateVaultModel vaultModel) throws ApiException, AccessException, SecurityFailure, BackgroundException {
         try {
-            // prepare vault creation
-            final UserKeys userKeys = new UserKeysServiceImpl(hubSession).getUserKeys(
-                    hubSession.getHost(), FirstLoginDeviceSetupCallbackFactory.get());
-
             final UvfMetadataPayload.UniversalVaultFormatJWKS jwks = UvfMetadataPayload.createKeys();
+            final VaultMetadataJWEBackendDto backendDto = new VaultMetadataJWEBackendDto()
+                    .provider(storageProfileWrapper.getId().toString())
+                    .defaultPath(storageProfileWrapper.getStsEndpoint() != null ? storageProfileWrapper.getBucketPrefix() + vaultModel.vaultId() : vaultModel.bucketName())
+                    .nickname(vaultModel.vaultName())
+                    .username(vaultModel.accessKeyId())
+                    .password(vaultModel.secretKey());
+            final VaultMetadataJWEAutomaticAccessGrantDto accessGrantDto = new VaultMetadataJWEAutomaticAccessGrantDto()
+                    .enabled(vaultModel.automaticAccessGrant())
+                    .maxWotDepth(vaultModel.maxWotLevel());
             final UvfMetadataPayload metadataJWE = UvfMetadataPayload.create()
-                    .withStorage(new VaultMetadataJWEBackendDto()
-                            .provider(storageProfileWrapper.getId().toString())
-                            .defaultPath(storageProfileWrapper.getStsEndpoint() != null ? storageProfileWrapper.getBucketPrefix() + vaultModel.vaultId() : vaultModel.bucketName())
-                            .nickname(vaultModel.vaultName())
-                            .username(vaultModel.accessKeyId())
-                            .password(vaultModel.secretKey()))
-                    .withAutomaticAccessGrant(new VaultMetadataJWEAutomaticAccessGrantDto()
-                            .enabled(vaultModel.automaticAccessGrant())
-                            .maxWotDepth(vaultModel.maxWotLevel())
-                    );
+                    .withStorage(backendDto)
+                    .withAutomaticAccessGrant(accessGrantDto);
             log.debug("Created metadata JWE {}", metadataJWE);
             final String uvfMetadataFile = metadataJWE.encrypt(
                     String.format("%s/api", new HostUrlProvider(false, true).get(hubSession.getHost())),

hub/src/test/java/ch/iterate/hub/core/AbstractHubSynchronizeTest.java

@@ -29,7 +29,6 @@
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.openapitools.jackson.nullable.JsonNullableModule;
 
@@ -45,6 +44,7 @@
 import ch.iterate.hub.client.model.StorageProfileDto;
 import ch.iterate.hub.client.model.StorageProfileS3Dto;
 import ch.iterate.hub.client.model.StorageProfileS3STSDto;
+import ch.iterate.hub.crypto.UserKeys;
 import ch.iterate.hub.model.StorageProfileDtoWrapper;
 import ch.iterate.hub.protocols.hub.HubSession;
 import ch.iterate.hub.protocols.hub.HubStorageProfileListService;
@@ -55,6 +55,8 @@
 import ch.iterate.hub.testsetup.HubTestConfig;
 import ch.iterate.hub.testsetup.MethodIgnorableSource;
 import ch.iterate.hub.workflows.CreateVaultService;
+import ch.iterate.hub.workflows.UserKeysServiceImpl;
+import ch.iterate.hub.workflows.VaultServiceImpl;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
@@ -176,7 +178,7 @@ public void test02AddStorageProfile(final HubTestConfig hubTestConfig) throws Ex
             final int numProtocols = ProtocolFactory.get().find().size();
 
             log.info("Add storage profile for UUID {}", uuid);
-            Assertions.assertNull(ProtocolFactory.get().forName(uuid.toString().toLowerCase()));
+            assertNull(ProtocolFactory.get().forName(uuid.toString().toLowerCase()));
 
             final StorageProfileDto storageProfile = storageProfiles.get(0);
             // client-generated code is not subclassed...
@@ -226,11 +228,13 @@ public void test03AddVault(final HubTestConfig config) throws Exception {
 
             log.info("Creating vault in {}", hubSession);
             final UUID vaultId = UUID.randomUUID();
-            new CreateVaultService(hubSession).createVault(storageProfileWrapper, new CreateVaultService.CreateVaultModel(
+            final UserKeys userKeys = new UserKeysServiceImpl(hubSession).getUserKeys(hubSession.getHost(), FirstLoginDeviceSetupCallback.disabled);
+            new CreateVaultService(hubSession).createVault(userKeys, storageProfileWrapper, new CreateVaultService.CreateVaultModel(
                     vaultId, "vault", null,
                     config.vault.storageProfileId, config.vault.username, config.vault.password, config.vault.bucketName, config.vault.region, true, 3));
             log.info("Getting vault bookmark for vault {}", vaultId);
-            final Host vaultBookmark = new HubStorageVaultSyncSchedulerService(hubSession).toBookmark(vaultId, FirstLoginDeviceSetupCallback.disabled);
+            final Host vaultBookmark = HubStorageVaultSyncSchedulerService.toBookmark(hubSession.getHost(), vaultId,
+                    new VaultServiceImpl(hubSession).getVaultMetadataJWE(vaultId, userKeys).storage());
             log.info("Using vault bookmark {}", vaultBookmark);
 
             final DefaultVaultRegistry vaultRegistry = new DefaultVaultRegistry(new DisabledPasswordCallback());

hub/src/test/java/ch/iterate/hub/workflows/AbstractHubWorkflowTest.java

@@ -65,7 +65,8 @@ public void testHubWorkflow(final HubTestConfig config) throws Exception {
             // upload template (STS: create bucket first, static: existing bucket)
             // TODO test with multiple wot levels?
 
-            new CreateVaultService(hubSession).createVault(storageProfileWrapper,
+            final UserKeys userKeys = new UserKeysServiceImpl(hubSession).getUserKeys(hubSession.getHost(), FirstLoginDeviceSetupCallback.disabled);
+            new CreateVaultService(hubSession).createVault(userKeys, storageProfileWrapper,
                     new CreateVaultService.CreateVaultModel(vaultId,
                             "vault", null,
                             config.vault.storageProfileId, config.vault.username, config.vault.password, config.vault.bucketName,