communitybridge · nickmango · Oct 12, 2023 · Oct 12, 2023
diff --git a/cla-backend-go/cmd/server.go b/cla-backend-go/cmd/server.go
@@ -318,7 +318,7 @@ func server(localMode bool) http.Handler {
 	v2GithubActivityService := v2GithubActivity.NewService(gitV1Repository, githubOrganizationsRepo, eventsService, autoEnableService, emailService)
 
 	v2ClaGroupService := cla_groups.NewService(v1ProjectService, templateService, v1ProjectClaGroupRepo, v1ClaManagerService, v1SignaturesService, metricsRepo, gerritService, v1RepositoriesService, eventsService)
-	v2SignService := sign.NewService(configFile.ClaV1ApiURL, v1CompanyRepo, v1CLAGroupRepo, v1ProjectClaGroupRepo, v1CompanyService, v2ClaGroupService)
+	v2SignService := sign.NewService(configFile.ClaV1ApiURL, v1CompanyRepo, v1CLAGroupRepo, v1ProjectClaGroupRepo, v1CompanyService, v2ClaGroupService, configFile.DocuSignPrivateKey)
 
 	sessionStore, err := dynastore.New(dynastore.Path("/"), dynastore.HTTPOnly(), dynastore.TableName(configFile.SessionStoreTableName), dynastore.DynamoDB(dynamodb.New(awsSession)))
 	if err != nil {

diff --git a/cla-backend-go/config/config.go b/cla-backend-go/config/config.go
@@ -96,6 +96,9 @@ type Config struct {
 
 	// MetricsReport has the transport config to send the metrics data
 	MetricsReport MetricsReport `json:"metrics_report"`
+
+	// DocuSignPrivateKey is the private key for the DocuSign API
+	DocuSignPrivateKey string `json:"docuSignPrivateKey"`
 }
 
 // Auth0 model

diff --git a/cla-backend-go/config/ssm.go b/cla-backend-go/config/ssm.go
@@ -106,6 +106,7 @@ func loadSSMConfig(awsSession *session.Session, stage string) Config { //nolint
 		fmt.Sprintf("cla-api-v4-base-%s", stage),
 		fmt.Sprintf("cla-landing-page-%s", stage),
 		fmt.Sprintf("cla-logo-url-%s", stage),
+		fmt.Sprintf("cla-docusign-private-key-%s", stage),
 	}
 
 	// For each key to lookup
@@ -263,6 +264,8 @@ func loadSSMConfig(awsSession *session.Session, stage string) Config { //nolint
 			} else {
 				config.SignatureQueryDefault = resp.value
 			}
+		case fmt.Sprintf("cla-docusign-private-key-%s", stage):
+			config.DocuSignPrivateKey = resp.value
 		}
 	}
 

diff --git a/cla-backend-go/serverless.yml b/cla-backend-go/serverless.yml
@@ -238,7 +238,6 @@ provider:
     DOCUSIGN_PASSWORD: ${file(./env.json):docusign-password, ssm:/cla-docusign-password-${opt:stage}}
     DOCUSIGN_INTEGRATOR_KEY: ${file(./env.json):docusign-integrator-key, ssm:/cla-docusign-integrator-key-${opt:stage}}
     DOCUSIGN_AUTH_SERVER: ${file(./env.json):docusign-auth-server, ssm:/cla-docusign-auth-server-${opt:stage}}
-    DOCUSIGN_PRIVATE_KEY: ${file(./env.json):docusign-auth-server, ssm:/cla-docusign-private-key-${opt:stage}}
     DOCUSIGN_USER_ID: ${file(./env.json):docusign-auth-server, ssm:/cla-docusign-user-id-${opt:stage}}
     CLA_API_BASE: ${file(./env.json):cla-api-base, ssm:/cla-api-base-${opt:stage}}
     CLA_CONTRIBUTOR_BASE: ${file(./env.json):cla-contributor-base, ssm:/cla-contributor-base-${opt:stage}}

diff --git a/cla-backend-go/v2/sign/docusign.go b/cla-backend-go/v2/sign/docusign.go
@@ -23,7 +23,7 @@ func (s *service) getAccessToken(ctx context.Context) (string, error) {
 		utils.XREQUESTID: ctx.Value(utils.XREQUESTID),
 	}
 
-	jwtAssertion, err := jwtToken()
+	jwtAssertion, err := jwtToken(s.docsignPrivateKey)
 	if err != nil {
 		log.WithFields(f).WithError(err).Warnf("problem generating the JWT token")
 		return "", err

diff --git a/cla-backend-go/v2/sign/jwt.go b/cla-backend-go/v2/sign/jwt.go
@@ -12,7 +12,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func jwtToken() (string, error) {
+func jwtToken(docusignPrivateKey string) (string, error) {
 	f := logrus.Fields{
 		"functionName": "v2.sign.jwtToken",
 	}
@@ -29,21 +29,10 @@ func jwtToken() (string, error) {
 
 	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 
-	// DEBUG - remove
-	// log.WithFields(f).Debugf("integration key (iss)  : %s", utils.GetProperty("DOCUSIGN_INTEGRATION_KEY"))
-	// log.WithFields(f).Debugf("integration user (sub) : %s", utils.GetProperty("DOCUSIGN_INTEGRATION_USER_ID"))
-	// log.WithFields(f).Debugf("integration host       : %s", getDocuSignAccountHost())
-
 	token.Header["alg"] = "RS256"
 	token.Header["typ"] = "JWT"
 
-	//publicKey, publicKeyErr := jwt.ParseRSAPublicKeyFromPEM([]byte(utils.GetProperty("DOCUSIGN_RSA_PUBLIC_KEY")))
-	//if publicKeyErr != nil {
-	//	log.WithFields(f).WithError(publicKeyErr).Warnf("problem decoding docusign public key")
-	//	return "", publicKeyErr
-	//}
-	privateKey, privateKeyErr := jwt.ParseRSAPrivateKeyFromPEM([]byte(utils.GetProperty("DOCUSIGN_RSA_PRIVATE_KEY")))
-	// privateKey, privateKeyErr := jwt.ParseRSAPrivateKeyFromPEM([]byte(docusignPrivateKey))
+	privateKey, privateKeyErr := jwt.ParseRSAPrivateKeyFromPEM([]byte(docusignPrivateKey))
 	if privateKeyErr != nil {
 		log.WithFields(f).WithError(privateKeyErr).Warnf("problem decoding docusign private key")
 		return "", privateKeyErr

diff --git a/cla-backend-go/v2/sign/service.go b/cla-backend-go/v2/sign/service.go
@@ -65,17 +65,19 @@ type service struct {
 	projectClaGroupsRepo projects_cla_groups.Repository
 	companyService       company.IService
 	claGroupService      cla_groups.Service
+	docsignPrivateKey    string
 }
 
 // NewService returns an instance of v2 project service
-func NewService(apiURL string, compRepo company.IRepository, projectRepo ProjectRepo, pcgRepo projects_cla_groups.Repository, compService company.IService, claGroupService cla_groups.Service) Service {
+func NewService(apiURL string, compRepo company.IRepository, projectRepo ProjectRepo, pcgRepo projects_cla_groups.Repository, compService company.IService, claGroupService cla_groups.Service, docsignPrivateKey string) Service {
 	return &service{
 		ClaV1ApiURL:          apiURL,
 		companyRepo:          compRepo,
 		projectRepo:          projectRepo,
 		projectClaGroupsRepo: pcgRepo,
 		companyService:       compService,
 		claGroupService:      claGroupService,
+		docsignPrivateKey:    docsignPrivateKey,
 	}
 }