Feature/implement 1password secrets (#9)

* injects secrets from 1Password CLI

removed some secrets from the text java files

Signed-off-by: Andres LeonRangel <[email protected]>

* Adds HTTPS to URLS

Signed-off-by: Andres LeonRangel <[email protected]>

* enables injection iof 1Password secrets

Signed-off-by: Andres LeonRangel <[email protected]>

* 1Password general secrets file

use of a general secrets file.
I have a scope of LDAP property file
.env for docker-compose

Signed-off-by: Andres LeonRangel <[email protected]>

---------

Signed-off-by: Andres LeonRangel <[email protected]>

.env.tpl

@@ -0,0 +1,2 @@
+# https://developer.1password.com/docs/cli/secrets-config-files/
+LDAP_ADMIN_PASS="op://Professional-IT Projects/multi-cloud-WebApp-Attendance/password"

.gitignore

@@ -45,4 +45,9 @@ gradle-app.setting
 *.rar
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
-hs_err_pid*
+hs_err_pid*
+
+# secrets 1Password locally generated auth
+*.env
+# avoid the jwt injected file
+token_auth.properties

README.md

@@ -1,6 +1,8 @@
 - [Attendance WebApp](#attendance-webapp)
   - [Introduction](#introduction)
-  - [Security warnings](#security-warnings)
+  - [GitHub Reports](#github-reports)
+    - [Security warnings](#security-warnings)
+    - [GitHub Vulnerability report](#github-vulnerability-report)
   - [Attendance WebApp Architecture (re-architected)](#attendance-webapp-architecture-re-architected)
     - [2018-Attendance WebApp high level Architecture](#2018-attendance-webapp-high-level-architecture)
     - [Attendance WebApp UI](#attendance-webapp-ui)
@@ -10,15 +12,16 @@
   - [Build WebApp](#build-webapp)
     - [Gradle Build Web Package](#gradle-build-web-package)
     - [Maven Build](#maven-build)
-  - [Package WebApp](#package-webapp)
+    - [Gradle Test suite](#gradle-test-suite)
+      - [Use 1Password CLI to inject the secrets](#use-1password-cli-to-inject-the-secrets)
+  - [Package/Run WebApp](#packagerun-webapp)
     - [Docker Image Build](#docker-image-build)
       - [Available Tomcat versions](#available-tomcat-versions)
-  - [Run WebApp](#run-webapp)
+  - [Execute WebApp](#execute-webapp)
     - [Container Execution](#container-execution)
       - [Docker execution](#docker-execution)
       - [Docker-compose](#docker-compose)
   - [Editing project diagrams](#editing-project-diagrams)
-  - [GitHub Vulnerability report](#github-vulnerability-report)
 
 # Attendance WebApp
 
@@ -36,11 +39,14 @@ The idea is that you have a short timeframe to submit a random generated code by
 
 The application is a proof of concept for Service orientation and Service interoperability in the cloud
 
-## Security warnings
+## GitHub Reports
+### Security warnings
 > Security Warnings to check
 GitHub found 2 vulnerabilities on aleon1220/multi-cloud-WebApp-Attendance's default branch (2 moderate).
 To find out more, visit:
 [This project security report](https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security)
+### GitHub Vulnerability report
+https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security/dependabot
 
 ## Attendance WebApp Architecture (re-architected)
 
@@ -98,7 +104,30 @@ gradle clean build --console plain --warning-mode all
 ### Maven Build
 > maven has been deprecated and moved to [maven](./maven)
 
-## Package WebApp
+### Gradle Test suite
+#### Use 1Password CLI to inject the secrets
+- as a pre-requisite you must have access to the shared vault
+- login in the CLI
+```bash
+# Linux Ubuntu tested 2023-12-10
+op signin
+```
+- inject the secrets for testing Authentication property file
+```bash
+op inject -i token_auth.properties.tpl -o token_auth.properties
+```
+
+- inject the secrets for Testing property file
+```bash
+op inject -i secrets.env.tpl -o secrets.env
+```
+
+- inject the secrets for Testing docker-compose
+```bash
+op inject -i .env.tpl -o .env
+```
+
+## Package/Run WebApp
 ### Docker Image Build
 - Build the app image with Docker. Deploy .WAR file in Tomcat
 refer to https://hub.docker.com/_/tomcat
@@ -111,7 +140,7 @@ Use the tag latest or a particular version e.g. aleon1220/soa:v2 or aleon1220/so
 - 7.0.109 = `TOMCAT_VERSION_DOCKER_TAG="7.0.109-jdk8-openjdk"`
 - 9.0.78  = `TOMCAT_VERSION_DOCKER_TAG="9.0.78-jre8"`
 
-## Run WebApp
+## Execute WebApp
 ### Container Execution
 #### Docker execution
 
@@ -131,23 +160,27 @@ Run the tomcat server with the pre-built WAR web Archive file
 ```bash
 docker run -itd --publish 8080:8080 aleon1220/soa:latest
 ```
-- get the name of the running container in port 8888
+- get the name of the running container
 ``` bash
-CONTAINER_NAME=$(docker container ls --all --filter publish=8888 --format "{{.Names}}")
+CONTAINER_NAME=$(docker container ls --all --filter publish=8080 --format "{{.Names}}")
 ```
 - Access the Docker container via CLI
 ```bash
 docker container exec -it $CONTAINER_NAME /bin/bash
 ```
-- The URl is URL:8888/Attendance-0.0.1 [AttendanceWebApp](http://localhost:8888/Attendance-0.0.1)
+- The URl is URL:8080/Attendance-0.0.1 [AttendanceWebApp](http://localhost:8080/AttendanceWebApp)
 - clean up docker container environment
 ``` bash
 docker stop $(docker ps --quiet)
 docker rm $(docker container ls --all --quiet)
 ```
 
 #### Docker-compose
-
+- inject the secrets for Testing docker-compose
+```bash
+op inject -i .env.tpl -o .env
+```
+- single variable
 ```bash
 export LDAP_ADMIN_PASS=$(op read "op://uqbpxejq7gifvi6mg3c7xxokre/jvuj7juvlxlg7delckucvidqhi/password")
 ```
@@ -156,6 +189,3 @@ export LDAP_ADMIN_PASS=$(op read "op://uqbpxejq7gifvi6mg3c7xxokre/jvuj7juvlxlg7d
 - go to [diagrams.net](https://app.diagrams.net/?src=about)
 - open the file [project-diagrams.drawio](./project-diagrams.drawio) XML file with the diagrams
 - Explore > export images to convinience and update this README
-## GitHub Vulnerability report
-
-https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security/dependabot

build.gradle.kts

@@ -81,21 +81,29 @@ tasks {
     }
 }
 
-tasks.register<Test>("singleTest") {
+tasks.register<Test>("singleTestQRFunctionality") {
     group = "Verification"
     description = "Runs a test to create a local QR code"
     filter {
         includeTestsMatching("utilities.TestQRFunctions.createQRCodeLocally")
     }
 }
 
-tasks.register<Test>("openLDAP") {
-    description = "Runs openLDAP authentication testing"
+tasks.register<Test>("mockOpenLDAP") {
+    description = "Runs openLDAP mock authentication testing"
+    group = "LDAP_Testing"
     filter {
         includeTestsMatching("TestLDAPAuthentication.testMockOpenLDAPAdminSearch") 
     }
 }
 
+tasks.register<Test>("searchOpenLDAP") {
+    description = "Runs openLDAP search"
+    group = "LDAP_Testing"
+    filter {
+        includeTestsMatching("TestLDAPAuthentication.testOpenLDAPAdminSearch_withOpenLDAP")
+    }
+}
 // https://plugins.gradle.org/plugin/com.github.bjornvester.wsdl2java
 // https://www.w3schools.com/xml/tempconvert.asmx?WSDL
 wsdl2java {

maven/pom.xml

@@ -1,17 +1,17 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="https://maven.apache.org/POM/4.0.0" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.soa</groupId>
     <artifactId>AttendWebApp</artifactId>
     <packaging>war</packaging>
     <version>0.0.1-SNAPSHOT</version>
     <name>Class Attendance WebApp</name>
-    <url>http://maven.apache.org</url>
+    <url>https://maven.apache.org</url>
 
     <repositories>
         <repository>
             <id>prime-repo</id>
             <name>PrimeFaces Maven Repository</name>
-            <url>http://repository.primefaces.org</url>
+            <url>https://repository.primefaces.org</url>
             <layout>default</layout>
         </repository>
     </repositories>
@@ -119,7 +119,7 @@
                 <artifactId>tomcat7-maven-plugin</artifactId>
                 <version>2.2</version>
                 <configuration>
-                    <url>http://localhost:8080/manager/text</url>
+                    <url>https://itlatinos.net:8080/manager/text</url>
                     <server>TomcatServer</server>
                     <path>/AttendWebApp</path>
                 </configuration>

secrets.env.tpl

@@ -0,0 +1,2 @@
+# General Secrets File
+# https://developer.1password.com/docs/cli/secrets-config-files

src/main/java/entity/LoginReply.java

@@ -33,10 +33,9 @@ public void setAuthenticationResult(AuthenticationResult authenticationResult) {
     this.authenticationResult = authenticationResult;
     }
 
-
     @Override
       public String toString() {
         //return getClass()+"challenge"+challengeParameters+"data in authent"+authenticationResult.getIdToken();
-        return getClass()+" Not obtaining really much";
+        return getClass()+" Overriding method";
       }
 }

src/main/java/service/UserService.java

@@ -82,13 +82,9 @@ public String obtainIdToken(String id, String password) {
             conn.disconnect();
 
         } catch (MalformedURLException e) {
-
             e.printStackTrace();
 
         } catch (IOException e) {
-
-            //System.out.println("UserService: inside 2nd catch");
-
             e.printStackTrace();
         }
 

src/main/java/util/AuthenticateOpenLDAP.java

@@ -1,14 +1,16 @@
 package util;
 
-import com.unboundid.ldap.sdk.*;
-import com.unboundid.util.ssl.SSLUtil;
-import com.unboundid.util.ssl.TrustAllTrustManager;
-import javax.net.ssl.SSLSocketFactory;
+import com.unboundid.ldap.sdk.LDAPConnection;
+import com.unboundid.ldap.sdk.LDAPException;
+import com.unboundid.ldap.sdk.SearchResult;
+import com.unboundid.ldap.sdk.SearchResultEntry;
+import com.unboundid.ldap.sdk.SearchScope;
 
 public class AuthenticateOpenLDAP {
     public void openLDAPAdminSearch() {
         // LDAP connection parameters
         String ldapURL = "ldap://localhost";
+        String ldapHost = "localhost";
         String bindDN = "cn=admin,dc=my-company,dc=com";
         String bindPassword = System.getenv("LDAP_ADMIN_PASS");
         String baseDN = "dc=my-company,dc=com";
@@ -23,7 +25,7 @@ public void openLDAPAdminSearch() {
             // connection = new LDAPConnection(socketFactory, "localhost", 636);
 
             // For non-SSL connection
-            connection = new LDAPConnection("localhost", 389);
+            connection = new LDAPConnection(ldapHost, 389);
             connection.bind(bindDN, bindPassword);
 
             // Perform the search

src/test/java/attendance/student/TestStudent.java

@@ -2,11 +2,13 @@
 
 import javax.faces.bean.ManagedBean;
 
-@ManagedBean
+import org.junit.jupiter.api.Test;
+
 public class TestStudent {
 
     private String name;
 
+    @Test
     public String sayHello() {
         if (name != null && !name.trim().equals("")) {
             return "Hello, " + name + "!";

src/test/java/auth/ldap/TestLDAPAuthentication.java

@@ -64,16 +64,17 @@ public void testMockOpenLDAPAdminSearch() throws LDAPSearchException {
     @Test
     public void testOpenLDAPAdminSearch_withOpenLDAP() {
         // Test parameters
-        String ldapURL = "ldap://localhost";
+        String ldapURL = "ldap://localhost:389";
         String ldapHost = "localhost";
         int ldapPort = 389;
         String bindDN = "cn=admin,dc=my-company,dc=com";
-        var bindPassword = "adminpassword";
+        String bindPassword = System.getenv("LDAP_ADMIN_PASS");
+        // var bindPassword = "adminpassword";
         String baseDN = "dc=my-company,dc=com";
         String searchFilter = "(objectClass=*)";
 
-        // Connect to OpenLDAP
-        // Establishing a connection to the LDAP server
+        // Establish connection to OpenLDAP server
+        System.out.println("My variable value: " + bindPassword);
         try (LDAPConnection connection = new LDAPConnection(ldapHost, ldapPort, bindDN, bindPassword)) {
             System.out.println("Connected to the LDAP server.");
 
@@ -96,7 +97,7 @@ public void testOpenLDAPAdminSearch_withOpenLDAP() {
             // Close connection
             connection.close();
         } catch (LDAPException e) {
-            System.err.println("Error connecting to the LDAP server: " + e.getMessage());
+            System.err.println("LDAP Error connecting: " + e.getMessage());
             e.printStackTrace();
         }
 

src/test/java/json/TestConversionJSON2Object.java

@@ -1,21 +1,60 @@
 package json;
 
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
 import com.google.gson.Gson;
 
+import org.junit.jupiter.api.Test;
 import entity.LoginReply;
 
 public class TestConversionJSON2Object {
-
-    public static void main(String[] args) {
-        String replyJson = "{\"ChallengeParameters\":{},\"AuthenticationResult\":{\"AccessToken\":\"eyJraWQiOiJ6M2pWR1lscDVsS2VHVzRXMkwrU3BtdjN4UzIwWGFCU1FvZFlvdWg1WkU4PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2MWI5ZTI4NC1kMzVhLTQ0M2YtOTlhNy04MGY0OWE4YTI4NmQiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfMEhkMUtvTTVhIiwiZXhwIjoxNTA1MTIwNzM1LCJpYXQiOjE1MDUxMTcxMzUsImp0aSI6ImNiMjdkZjJiLTIwOWQtNGU1MC05ZTI4LThjYTAyOGY1MTc5MyIsImNsaWVudF9pZCI6IjFlOHRlZm1sY2wyaDI5MHZuaDlyY2VmbnZyIiwidXNlcm5hbWUiOiIxMDI5NTc2NSJ9.ZGB_kCYoU4vDREr6teZQyIyRT2MZkpmGyleAgsgzMRIauq7RpqgL_HUZukqSK6E5mtNxux6hihzl5CaP9jcY26u4zJTnYASBJwE4iqqggNqhp82PtFdxipf5ZvYAyF3uVTPCeiRGrxJSyoQpEWVUPDYaqj1ak1b2oTExH8sG1oOmYcaACAWY4mkjueFJCrgcWov3SyWDyMKCE7ZhaloJkcJ2uZypztB42XQ67z96bxTvRozzEVEVT4_4szpMjEj3Nmxy9kIv8H7kNMUrb5tE4vTfG-kzctCq7YxU2FfJhDTR_feoRohcjWZp-Zyl2BYFjNXl42ZZEk-TlLHov73izA\",\"ExpiresIn\":3600,\"TokenType\":\"Bearer\",\"RefreshToken\":\"eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.Wa12tUlCQHIjWvDx8BdhyQdftCwlFXb5W99N8njK3vBTNiP2vUfCGgdbWTWCCg4Z9_4RkHRy9e9m2oQnLqWRju4pLDBQvhsd0XhGg43T6yalnH7vXpqmzDnsBS270CsN0briBlBiCTvmU2eVeauPxCKlW_-fFZFXJRmXdFCit-dhufODi08-SpZOnHKFSq9W4kjk3OjUxUONKCMAZh0oWgMKC-46Kh1j02NGej9vW-Dc7yaqAzMn3JcdQtjC8w9syqD3qJOo0eMbXoJz3cje7b-ujIlknsfmmy6rewoYIusxV_ZVP6QJH09k0QbVqbzZguE38hnbSMtrCnMAMr2Pzw.2T_M51x_qvo2s2Kg.gIpF-UmqE2-g9TuyypFAQwp7DsUNRBdqzwaaVlkUTpcX6Ni2YH-7fd9GOlzna_ET7pDbGCT4NL8xomo6hq_nOEQJvRdexvBc9Hpy_l_mIEG91W7wKzvDzjEben6ZnaxFg3XkRVL1o8nnjVswmrImuUqSJlisa2eSrf1wM7pK7l8l-CwbEZ-kutdCZGJU0EHk4_12D_0D9tJYppfM63SmNsTyTZkpHO4z1nmhxNuEPL0Jo2ClbxDDWALzvdee193x-d7KeCJw75gVLd64rhaUPATnW3JznhHlg2ZjTtwK1PBDRRMjd7gblgtOif6QXCAeUPGqmd7V2MtRw5pmcEgSF9kqRByvt9p1RPyBDkZw9K84LG0U1kuyA4_TIxvCX35wwUlBmF6UPO7AcM__zCxi7pKuAcOgfCsongWnjX97DZuT5INT3gnDz48GG3qguiEFuq1WSzJOQrkFFrVCJcjwfIbuxPJ6OTt6f6NKhwZqTMHgRpvtvNgSh7qARszqj2-HqkmrEgKdjUdLGEc-toS0mj9aTH8GOG6Xu4poEoIElDx8BjZGz4cOyT2VWL4BDFg3OzXfafEIu1F1SnhI9K4A59G8JR1H2UKZV7iGS2zMeMROWvtIzWrZ3M2BwWLlkM80BzpK1Xb2ZnQXfmY_-tVOojimji4z-hrLAKwvfbgEpGd9vLfItRZn2ivmsBSlc2da7zCqP7bHbtCHXpR5F-ssxP2G_UbIYraBr9m6GQPo1BXvveJFTFxd976hjbY5VyNwHFa0aR2a-sVDUDdPzoaBJQqA-xRQllwQYCGIcb-daBg4IDah_qthMPvDN9bblUpO4AJs8951wSCmaz3VqFnBAk9IHFSO1MRY5eMgH7cHn6vbzsScyb8S8C4hhdgx9uu9Kr30DaHrSZF8dYK0Y9n8K8sD-ZBXtKwhJL7F3tVdcnmFcGKLToV6xJnJnZ5irnOODMJMBPmOY5G3RYPd8lGvzlOfPDe0_lwUX8O1oCVOtiA2C9rOmrRTcaNKlP8R7uIVBOlFOypPMnwyqV233kGVE1Rp6RgCsw7ZIwOUNJmgLGZDLePocCBgZVrGE2GLVG78q6Z_agKjxjAOXEbtVOrk3QIycdyTVN2DEjzt88CW-fHeSqc6K4H5BiBf_zmlVaiSciPXsqg.zouwNDBSKRVFp88zPU2pUA\",\"IdToken\":\"eyJraWQiOiJKQWJRaHNlTTVldFRBMk1vMlpoNGs5Mlp2ZmFHaU5zWWtVQlFNbG1cL1Mybz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2MWI5ZTI4NC1kMzVhLTQ0M2YtOTlhNy04MGY0OWE4YTI4NmQiLCJhdWQiOiIxZTh0ZWZtbGNsMmgyOTB2bmg5cmNlZm52ciIsImNvZ25pdG86Z3JvdXBzIjpbImFkbWluaXN0cmF0b3IiXSwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTUwNTExNzEzNSwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfMEhkMUtvTTVhIiwiY29nbml0bzp1c2VybmFtZSI6IjEwMjk1NzY1IiwiZXhwIjoxNTA1MTIwNzM1LCJpYXQiOjE1MDUxMTcxMzUsImVtYWlsIjoiam9uYXRoYW4udEB4dHJhLmNvLm56In0.gGcx2YYcjWzNvzlpPklry4Jt59GwDQuDRRIFfJGaf06hMKi0Cin31Ox7AD4CaRUmbUXzxh395Bb6bPS9cGdh5oa2hIveC27bwHpO7Eij6voEXdifS98_CTk_zKrAfH1U4qAHapemHA9eQqNnrGm0PtNHTo9Nh7ptrU_04Fc9askTjUnj3fOuDQTp1bLEJwwHbV7oBeQQlA6pYXvWvRwpj0col8N904w4QxoNNNEtYxIYbLtJkj3w-ZogJ9VPkKL_B3ayKTfle3nQ-PHrXyzYpBK89h39Hp2IiOddY-Ihl8iVuj8RziTUiMZ-0jTOToCAa8gQ813DGAtca0i4ffw3hg\"}}";
+    /**
+     * examine JSON objects with gson
+     *
+     */
+    @Test
+    public void testJWTOutputToken() {
+        var jwt_Token = readTokenFromProperties();
+        System.out.println("Got the Token from readTokenFromProperties()");
+        String replyJson = "";
+        try {
+            // https://www.baeldung.com/java-text-blocks
+            replyJson = """
+            {
+              "ChallengeParameters": {}, 
+              "AuthenticationResult": {
+                "AccessToken": %s
+              }
+            }
+            """.formatted(jwt_Token);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
         Gson gson = new Gson();
+        // import com.google.gson.Gson;
+        // import com.google.gson.GsonBuilder;
+        // JSON Printing
+        System.out.println("Java Text Block FormattedJson " + replyJson);
+        String formattedJson = gson.toJson(replyJson);
+        System.out.println("gsonFormattedJson " + formattedJson);
+    }
 
-        // Restaurant restaurantObject = gson.fromJson(restaurantJson,
-        // Restaurant.class);
-        LoginReply loginReplyObject = gson.fromJson(replyJson, LoginReply.class);
+    public static String readTokenFromProperties() {
+        Properties prop = new Properties();
+        var jwtToken = "";
 
-        // Object loginReplyObject = gson.fromJson(replyJson, Object.class);
-        System.out.println("value " + loginReplyObject.getAuthenticationResult().getIdToken());
-        // System.out.println("obtain token "+ loginReplyObject.authenticationResult);
+        try {
+            String propFileName = "token_auth.properties";
+            FileInputStream fileInputStream = new FileInputStream(propFileName);
+            prop.load(fileInputStream);
+            // get the property value and print it out
+            jwtToken = prop.getProperty("jwt_Token");
+            System.out.println("Got the Token from local property file "+ propFileName);
+        } catch (IOException ex) {
+            ex.printStackTrace();
+        }
+        return jwtToken;
     }
 }