From 5d5c63e6d4d44325a4a07a622ec84a4a2afcba3a Mon Sep 17 00:00:00 2001
From: Graeme Connell <gram@signal.org>
Date: Fri, 11 Jun 2021 15:37:27 -0600
Subject: [PATCH] Update profile controller to S3 AWSv2.

---
 .../textsecuregcm/WhisperServerService.java   | 19 ++++++++++++++-----
 .../controllers/ProfileController.java        | 17 ++++++++++++-----
 .../controllers/ProfileControllerTest.java    |  9 +++++----
 3 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
index 3d1be00a3..2e7182363 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -10,8 +10,6 @@ import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.AWSCredentialsProvider;
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicAWSCredentials;
-import com.amazonaws.services.s3.AmazonS3;
-import com.amazonaws.services.s3.AmazonS3Client;
 import com.codahale.metrics.SharedMetricRegistries;
 import com.codahale.metrics.jdbi3.strategies.DefaultNameStrategy;
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
@@ -205,8 +203,14 @@ import org.whispersystems.textsecuregcm.workers.VacuumCommand;
 import org.whispersystems.textsecuregcm.workers.ZkParamsCommand;
 import org.whispersystems.websocket.WebSocketResourceProviderFactory;
 import org.whispersystems.websocket.setup.WebSocketEnvironment;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.dynamodb.DynamoDbAsyncClient;
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
+import software.amazon.awssdk.services.s3.S3Client;
 
 public class WhisperServerService extends Application<WhisperServerConfiguration> {
 
@@ -504,9 +508,14 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     environment.lifecycle().manage(torExitNodeManager);
     environment.lifecycle().manage(asnManager);
 
-    AWSCredentials         credentials               = new BasicAWSCredentials(config.getCdnConfiguration().getAccessKey(), config.getCdnConfiguration().getAccessSecret());
-    AWSCredentialsProvider credentialsProvider       = new AWSStaticCredentialsProvider(credentials);
-    AmazonS3               cdnS3Client               = AmazonS3Client.builder().withCredentials(credentialsProvider).withRegion(config.getCdnConfiguration().getRegion()).build();
+    StaticCredentialsProvider cdnCredentialsProvider = StaticCredentialsProvider
+        .create(AwsBasicCredentials.create(
+            config.getCdnConfiguration().getAccessKey(),
+            config.getCdnConfiguration().getAccessSecret()));
+    S3Client cdnS3Client               = S3Client.builder()
+        .credentialsProvider(cdnCredentialsProvider)
+        .region(Region.of(config.getCdnConfiguration().getRegion()))
+        .build();
     PostPolicyGenerator    profileCdnPolicyGenerator = new PostPolicyGenerator(config.getCdnConfiguration().getRegion(), config.getCdnConfiguration().getBucket(), config.getCdnConfiguration().getAccessKey());
     PolicySigner           profileCdnPolicySigner    = new PolicySigner(config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion());
 
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProfileController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProfileController.java
index 6d6ed59a3..f18de2fb6 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProfileController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProfileController.java
@@ -5,7 +5,6 @@
 
 package org.whispersystems.textsecuregcm.controllers;
 
-import com.amazonaws.services.s3.AmazonS3;
 import com.codahale.metrics.annotation.Timed;
 import io.dropwizard.auth.Auth;
 import java.security.SecureRandom;
@@ -60,6 +59,8 @@ import org.whispersystems.textsecuregcm.storage.VersionedProfile;
 import org.whispersystems.textsecuregcm.util.ExactlySize;
 import org.whispersystems.textsecuregcm.util.Pair;
 import org.whispersystems.textsecuregcm.util.Util;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.DeleteObjectRequest;
 
 @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
 @Path("/v1/profile")
@@ -78,7 +79,7 @@ public class ProfileController {
   private final ServerZkProfileOperations zkProfileOperations;
   private final boolean                   isZkEnabled;
 
-  private final AmazonS3            s3client;
+  private final S3Client            s3client;
   private final String              bucket;
 
   public ProfileController(RateLimiters rateLimiters,
@@ -86,7 +87,7 @@ public class ProfileController {
       ProfilesManager profilesManager,
       UsernamesManager usernamesManager,
       DynamicConfigurationManager dynamicConfigurationManager,
-      AmazonS3 s3client,
+      S3Client s3client,
       PostPolicyGenerator policyGenerator,
       PolicySigner policySigner,
       String bucket,
@@ -147,7 +148,10 @@ public class ProfileController {
         currentAvatar = Optional.of(account.getAvatar());
       }
 
-      currentAvatar.ifPresent(s -> s3client.deleteObject(bucket, s));
+      currentAvatar.ifPresent(s -> s3client.deleteObject(DeleteObjectRequest.builder()
+              .bucket(bucket)
+              .key(s)
+              .build()));
 
       response = Optional.of(generateAvatarUploadForm(avatar));
     }
@@ -372,7 +376,10 @@ public class ProfileController {
     ProfileAvatarUploadAttributes profileAvatarUploadAttributes = generateAvatarUploadForm(objectName);
 
     if (previousAvatar != null && previousAvatar.startsWith("profiles/")) {
-      s3client.deleteObject(bucket, previousAvatar);
+      s3client.deleteObject(DeleteObjectRequest.builder()
+          .bucket(bucket)
+          .key(previousAvatar)
+          .build());
     }
 
     account.setAvatar(objectName);
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/ProfileControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/ProfileControllerTest.java
index 34898c3d1..17fa52d79 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/ProfileControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/ProfileControllerTest.java
@@ -18,7 +18,6 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 
-import com.amazonaws.services.s3.AmazonS3;
 import com.google.common.collect.ImmutableSet;
 import io.dropwizard.auth.PolymorphicAuthValueFactoryProvider;
 import io.dropwizard.testing.junit.ResourceTestRule;
@@ -61,6 +60,8 @@ import org.whispersystems.textsecuregcm.storage.VersionedProfile;
 import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
 import org.whispersystems.textsecuregcm.util.SystemMapper;
 import org.whispersystems.textsecuregcm.util.Util;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.DeleteObjectRequest;
 
 public class ProfileControllerTest {
 
@@ -71,7 +72,7 @@ public class ProfileControllerTest {
   private static RateLimiter      rateLimiter         = mock(RateLimiter.class     );
   private static RateLimiter      usernameRateLimiter = mock(RateLimiter.class     );
 
-  private static AmazonS3                  s3client            = mock(AmazonS3.class);
+  private static S3Client                  s3client            = mock(S3Client.class);
   private static PostPolicyGenerator       postPolicyGenerator = new PostPolicyGenerator("us-west-1", "profile-bucket", "accessKey");
   private static PolicySigner              policySigner        = new PolicySigner("accessSecret", "us-west-1");
   private static ServerZkProfileOperations zkProfileOperations = mock(ServerZkProfileOperations.class);
@@ -419,7 +420,7 @@ public class ProfileControllerTest {
 
     verify(profilesManager, times(1)).get(eq(AuthHelper.VALID_UUID_TWO), eq("validversion"));
     verify(profilesManager, times(1)).set(eq(AuthHelper.VALID_UUID_TWO), profileArgumentCaptor.capture());
-    verify(s3client, times(1)).deleteObject(eq("profilesBucket"), eq("profiles/validavatar"));
+    verify(s3client, times(1)).deleteObject(eq(DeleteObjectRequest.builder().bucket("profilesBucket").key("profiles/validavatar").build()));
 
     assertThat(profileArgumentCaptor.getValue().getCommitment()).isEqualTo(commitment.serialize());
     assertThat(profileArgumentCaptor.getValue().getAvatar()).startsWith("profiles/");
@@ -444,7 +445,7 @@ public class ProfileControllerTest {
 
     verify(profilesManager, times(1)).get(eq(AuthHelper.VALID_UUID_TWO), eq("validversion"));
     verify(profilesManager, times(1)).set(eq(AuthHelper.VALID_UUID_TWO), profileArgumentCaptor.capture());
-    verify(s3client, times(1)).deleteObject(eq("profilesBucket"), eq("profiles/validavatar"));
+    verify(s3client, times(1)).deleteObject(eq(DeleteObjectRequest.builder().bucket("profilesBucket").key("profiles/validavatar").build()));
 
     assertThat(profileArgumentCaptor.getValue().getCommitment()).isEqualTo(commitment.serialize());
     assertThat(profileArgumentCaptor.getValue().getAvatar()).startsWith("profiles/");