Examples with KeyVaultSecret com.azure.security.keyvault.secrets.models.KeyVaultSecret used on opensource projects

Example 6 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class SecretCertificateCredentials method getKeyStore.

@NonNull
@Override
public KeyStore getKeyStore() {
    final KeyVaultSecret secret = getKeyVaultSecret();
    KeyStore keyStore;
    try {
        keyStore = KeyStore.getInstance("PKCS12");
    } catch (KeyStoreException e) {
        throw new IllegalStateException("PKCS12 is a keystore type per the JLS spec", e);
    }
    try {
        final byte[] content = Base64.decodeBase64(secret.getValue());
        keyStore.load(new ByteArrayInputStream(content), toCharArray(password));
    } catch (CertificateException | NoSuchAlgorithmException | IOException e) {
        final LogRecord lr = new LogRecord(Level.WARNING, "Credentials ID {0}: Could not load keystore from {1}");
        lr.setParameters(new Object[] { getId(), getSecretIdentifier() });
        lr.setThrown(e);
        LOGGER.log(lr);
    }
    return keyStore;
}

Example 7 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class ITSecretCertificateCredentials method getKeyStoreNoPrivateKey.

@Test
public void getKeyStoreNoPrivateKey() throws IOException {
    final String cert = IOUtils.toString(getClass().getResourceAsStream("../cert_no_private.pfx.b64"), StandardCharsets.UTF_8);
    final KeyVaultSecret secretBundle = createSecret("secret-cert-no-private", cert);
    final String secretIdentifier = secretBundle.getId().toString();
    // Verify configuration
    final SecretCertificateCredentials.DescriptorImpl descriptor = new SecretCertificateCredentials.DescriptorImpl();
    final FormValidation result = descriptor.doVerifyConfiguration(jenkinsAzureCredentialsId, secretIdentifier, Secret.fromString(""));
    Assert.assertEquals(FormValidation.Kind.ERROR, result.kind);
    Assert.assertEquals(Messages.Certificate_Credentials_Validation_No_Private_Key(), result.getMessage());
}

Example 8 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-keyvault-plugin by jenkinsci.

the class AzureKeyVaultSecretSource method reveal.

@Override
public Optional<String> reveal(String secret) {
    AzureKeyVaultGlobalConfiguration azureKeyVaultGlobalConfiguration = GlobalConfiguration.all().get(AzureKeyVaultGlobalConfiguration.class);
    if (azureKeyVaultGlobalConfiguration == null) {
        LOGGER.info("No AzureKeyVault url found, skipping jcasc secret resolution");
        return Optional.empty();
    }
    String credentialID = azureKeyVaultGlobalConfiguration.getCredentialID();
    TokenCredential keyVaultCredentials = AzureCredentials.getSystemCredentialById(credentialID);
    if (keyVaultCredentials == null) {
        LOGGER.info("No AzureKeyVault credentials found, skipping jcasc secret resolution");
        return Optional.empty();
    }
    SecretClient client = SecretClientCache.get(credentialID, azureKeyVaultGlobalConfiguration.getKeyVaultURL());
    try {
        KeyVaultSecret secretBundle = client.getSecret(secret);
        return Optional.of(secretBundle.getValue());
    } catch (ResourceNotFoundException ignored) {
        LOGGER.info("Couldn't find secret: " + secret);
        return Optional.empty();
    }
}

Example 9 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class SecretStringCredentialsTest method getSecret.

@Test
public void getSecret() {
    final BaseSecretCredentials.SecretGetter secretGetter = new BaseSecretCredentials.SecretGetter() {

        @Override
        public KeyVaultSecret getKeyVaultSecret(String credentialId, String secretIdentifier) {
            Assert.assertEquals("spId", credentialId);
            Assert.assertEquals("secretId", secretIdentifier);
            final KeyVaultSecret secretBundle = new KeyVaultSecret("name", "Secret");
            return secretBundle;
        }
    };
    final SecretStringCredentials c = new SecretStringCredentials(CredentialsScope.SYSTEM, "id", "desc", "spId", "secretId");
    c.setSecretGetter(secretGetter);
    final Secret secret = c.getSecret();
    Assert.assertEquals("Secret", secret.getPlainText());
}

Example 10 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class ITSecretCertificateCredentials method getKeyStore.

@Test
public void getKeyStore() throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
    final String cert = IOUtils.toString(getClass().getResourceAsStream("../cert.pfx.b64"), StandardCharsets.UTF_8);
    final KeyVaultSecret secretBundle = createSecret("secret-cert", cert);
    final String secretIdentifier = secretBundle.getId();
    final Secret password = Secret.fromString("123456");
    // Verify configuration
    final SecretCertificateCredentials.DescriptorImpl descriptor = new SecretCertificateCredentials.DescriptorImpl();
    final FormValidation result = descriptor.doVerifyConfiguration(jenkinsAzureCredentialsId, secretIdentifier, password);
    Assert.assertEquals(FormValidation.Kind.OK, result.kind);
    // Get key store
    final SecretCertificateCredentials credentials = new SecretCertificateCredentials(CredentialsScope.SYSTEM, "", "", jenkinsAzureCredentialsId, secretIdentifier, password);
    final KeyStore keyStore = credentials.getKeyStore();
    Assert.assertTrue(keyStore.containsAlias("msft"));
    Assert.assertEquals(1, keyStore.size());
    final Key key = keyStore.getKey("msft", password.getPlainText().toCharArray());
    Assert.assertEquals("RSA", key.getAlgorithm());
}