Furhtor Refactroing

.sdkmanrc

@@ -4,4 +4,4 @@
 
 # Enable auto-env through the sdkman_auto_env config
 # Add key=value pairs of SDKs to use below
-java=17.0.7-tem
+java=17.0.10-tem

README.md

@@ -32,6 +32,7 @@ The client is supposed to be compatible with DefectDojo 1.10 and later, older ve
 
 ```java
 import com.fasterxml.jackson.core.JsonProcessingException;
+import io.securecodebox.persistence.defectdojo.config.ClientConfig;
 import io.securecodebox.persistence.defectdojo.config.Config;
 import io.securecodebox.persistence.defectdojo.service.ProductTypeService;
 
@@ -41,7 +42,7 @@ public class DefectDojoClientTest {
     public static void main(String[] args) throws URISyntaxException, JsonProcessingException {
 
         // Configure DefectDojo URl and APIv2 Key
-        var conf = new Config("https://defectdojo.example.com", "f8....");
+        var conf = new ClientConfig("https://defectdojo.example.com", "f8....");
 
         var productTypeService = new ProductTypeService(conf);
         var productTypes = productTypeService.search();

src/main/java/io/securecodebox/persistence/defectdojo/config/Config.java → src/main/java/io/securecodebox/persistence/defectdojo/config/ClientConfig.java

@@ -4,7 +4,7 @@
 
 package io.securecodebox.persistence.defectdojo.config;
 
-import io.securecodebox.persistence.defectdojo.exception.ConfigException;
+import io.securecodebox.persistence.defectdojo.exception.ClientConfigException;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.NonNull;
@@ -16,15 +16,19 @@
 @Getter
 @ToString
 @EqualsAndHashCode
-public final class Config {
+public final class ClientConfig {
+  /**
+   * Path prefix for the Defectdojo REST API
+   */
+  public static final String API_PREFIX = "/api/v2/";
   /**
    * Default for {@link #maxPageCountForGets}
    */
   static final int DEFAULT_MAX_PAGE_COUNT_FOR_GETS = 100;
   /**
    * Null pattern object.
    */
-  public static final Config NULL = new Config("", "", DEFAULT_MAX_PAGE_COUNT_FOR_GETS);
+  public static final ClientConfig NULL = new ClientConfig("", "", DEFAULT_MAX_PAGE_COUNT_FOR_GETS);
 
   /**
    * URL of the host which serves the DefectDojo API.
@@ -59,7 +63,7 @@ public final class Config {
    * @param url    not {@code null}
    * @param apiKey not {@code null}
    */
-  public Config(final @NonNull String url, final @NonNull String apiKey) {
+  public ClientConfig(final @NonNull String url, final @NonNull String apiKey) {
     this(url, apiKey, DEFAULT_MAX_PAGE_COUNT_FOR_GETS);
   }
 
@@ -70,7 +74,7 @@ public Config(final @NonNull String url, final @NonNull String apiKey) {
    * @param apiKey              not {@code null}
    * @param maxPageCountForGets not less than 1
    */
-  public Config(final @NonNull String url, final @NonNull String apiKey, final int maxPageCountForGets) {
+  public ClientConfig(final @NonNull String url, final @NonNull String apiKey, final int maxPageCountForGets) {
     super();
     this.url = url;
     this.apiKey = apiKey;
@@ -90,7 +94,7 @@ private static int validateIsGreaterZero(final int number, final String name) {
    *
    * @return never {@code null}
    */
-  public static Config fromEnv() {
+  public static ClientConfig fromEnv() {
     final var url = findRequiredEnvVar(EnvVars.DEFECTDOJO_URL);
     final var apiKey = findRequiredEnvVar(EnvVars.DEFECTDOJO_APIKEY);
     final int maxPageCountForGets;
@@ -99,14 +103,14 @@ public static Config fromEnv() {
       try {
         maxPageCountForGets = Integer.parseInt(findEnvVar(EnvVars.DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS));
       } catch (final NumberFormatException e) {
-        throw new ConfigException(String.format("Given value for environment variable '%s' is not a valid number! Given was '%s'.", EnvVars.DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS.literal, findEnvVar(EnvVars.DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS)),
+        throw new ClientConfigException(String.format("Given value for environment variable '%s' is not a valid number! Given was '%s'.", EnvVars.DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS.literal, findEnvVar(EnvVars.DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS)),
           e);
       }
     } else {
       maxPageCountForGets = DEFAULT_MAX_PAGE_COUNT_FOR_GETS;
     }
 
-    return new Config(url, apiKey, maxPageCountForGets);
+    return new ClientConfig(url, apiKey, maxPageCountForGets);
   }
 
   private static boolean hasEnvVar(final @NonNull EnvVars name) {
@@ -121,7 +125,7 @@ private static String findRequiredEnvVar(final @NonNull EnvVars name) {
     final var envVar = System.getenv(name.literal);
 
     if (envVar == null) {
-      throw new ConfigException(String.format("Missing environment variable '%s'!", name.literal));
+      throw new ClientConfigException(String.format("Missing environment variable '%s'!", name.literal));
     }
     return envVar;
   }

src/main/java/io/securecodebox/persistence/defectdojo/exception/ClientConfigException.java

@@ -0,0 +1,21 @@
+// Copyright 2021 iteratec GmbH
+// SPDX-FileCopyrightText: 2023 iteratec GmbH
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package io.securecodebox.persistence.defectdojo.exception;
+
+import io.securecodebox.persistence.defectdojo.config.ClientConfig;
+
+/**
+ * Indicates a missing/bad {@link ClientConfig config property}
+ */
+public final class ClientConfigException extends PersistenceException {
+  public ClientConfigException(final String message) {
+    super(message);
+  }
+
+  public ClientConfigException(final String message, final Throwable cause) {
+    super(message, cause);
+  }
+}

src/main/java/io/securecodebox/persistence/defectdojo/exception/PersistenceException.java

@@ -4,7 +4,10 @@
 
 package io.securecodebox.persistence.defectdojo.exception;
 
-public final class PersistenceException extends RuntimeException {
+/**
+ * Generic exception which is thrown for any unforeseen error at runtime
+ */
+public class PersistenceException extends RuntimeException {
   public PersistenceException(String message) {
     super(message);
   }

src/main/java/io/securecodebox/persistence/defectdojo/exception/TooManyResponsesException.java

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package io.securecodebox.persistence.defectdojo.exception;
+
+import io.securecodebox.persistence.defectdojo.config.ClientConfig;
+
+/**
+ * Thrown if we receive more objects than {@link ClientConfig configured}
+ */
+public final class TooManyResponsesException extends PersistenceException {
+  public TooManyResponsesException(String message) {
+    super(message);
+  }
+}

src/main/java/io/securecodebox/persistence/defectdojo/http/AuthHeaderFactory.java

@@ -0,0 +1,50 @@
+package io.securecodebox.persistence.defectdojo.http;
+
+import io.securecodebox.persistence.defectdojo.config.ClientConfig;
+import lombok.NonNull;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpHeaders;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+
+/**
+ * Utility class to create HTTP authorization headers
+ */
+@Slf4j
+public final class AuthHeaderFactory {
+  private final ClientConfig clientConfig;
+  @Setter
+  @NonNull
+  private ProxyConfig proxyConfig = ProxyConfig.NULL;
+
+  public AuthHeaderFactory(@NonNull ClientConfig clientConfig) {
+    super();
+    this.clientConfig = clientConfig;
+  }
+
+  /**
+   * This method generates appropriate authorization headers
+   *
+   * @return never {@code null}
+   */
+  public HttpHeaders generateAuthorizationHeaders() {
+    final var headers = new HttpHeaders();
+    log.debug("Add Authorization header.");
+    headers.set(HttpHeaders.AUTHORIZATION, "Token " + this.clientConfig.getApiKey());
+
+    if (proxyConfig.isComplete()) {
+      log.debug("Add Proxy-Authorization header.");
+      headers.set(HttpHeaders.PROXY_AUTHORIZATION, "Basic " + encodeProxyCredentials(proxyConfig));
+    }
+
+    return headers;
+  }
+
+  String encodeProxyCredentials(@NonNull final ProxyConfig cfg) {
+    final var credential = String.format("%s:%s", cfg.getUser(), cfg.getPassword());
+    return Base64.getEncoder().encodeToString(credential.getBytes(StandardCharsets.UTF_8));
+  }
+
+}

src/main/java/io/securecodebox/persistence/defectdojo/http/ProxyCredentialFactory.java

@@ -0,0 +1,34 @@
+package io.securecodebox.persistence.defectdojo.http;
+
+import lombok.NonNull;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+
+/**
+ * Utility class to create credentials to authenticate against a HTTP proxy
+ */
+final class ProxyCredentialFactory {
+  private final ProxyConfig proxyConfig;
+
+  ProxyCredentialFactory(@NonNull ProxyConfig proxyConfig) {
+    super();
+    this.proxyConfig = proxyConfig;
+  }
+
+  CredentialsProvider createCredentialsProvider() {
+    final var provider = new BasicCredentialsProvider();
+    provider.setCredentials(createAuthScope(), createCredentials());
+    return provider;
+  }
+
+  AuthScope createAuthScope() {
+    return new AuthScope(proxyConfig.getHost(), proxyConfig.getPort());
+  }
+
+  Credentials createCredentials() {
+    return new UsernamePasswordCredentials(proxyConfig.getUser(), proxyConfig.getPassword());
+  }
+}