Search in sources :

Example 6 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class SecretCertificateCredentials method getKeyStore.

@NonNull
@Override
public KeyStore getKeyStore() {
    final KeyVaultSecret secret = getKeyVaultSecret();
    KeyStore keyStore;
    try {
        keyStore = KeyStore.getInstance("PKCS12");
    } catch (KeyStoreException e) {
        throw new IllegalStateException("PKCS12 is a keystore type per the JLS spec", e);
    }
    try {
        final byte[] content = Base64.decodeBase64(secret.getValue());
        keyStore.load(new ByteArrayInputStream(content), toCharArray(password));
    } catch (CertificateException | NoSuchAlgorithmException | IOException e) {
        final LogRecord lr = new LogRecord(Level.WARNING, "Credentials ID {0}: Could not load keystore from {1}");
        lr.setParameters(new Object[] { getId(), getSecretIdentifier() });
        lr.setThrown(e);
        LOGGER.log(lr);
    }
    return keyStore;
}
Also used : KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) ByteArrayInputStream(java.io.ByteArrayInputStream) LogRecord(java.util.logging.LogRecord) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) NonNull(edu.umd.cs.findbugs.annotations.NonNull)

Example 7 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class ITSecretCertificateCredentials method getKeyStoreNoPrivateKey.

@Test
public void getKeyStoreNoPrivateKey() throws IOException {
    final String cert = IOUtils.toString(getClass().getResourceAsStream("../cert_no_private.pfx.b64"), StandardCharsets.UTF_8);
    final KeyVaultSecret secretBundle = createSecret("secret-cert-no-private", cert);
    final String secretIdentifier = secretBundle.getId().toString();
    // Verify configuration
    final SecretCertificateCredentials.DescriptorImpl descriptor = new SecretCertificateCredentials.DescriptorImpl();
    final FormValidation result = descriptor.doVerifyConfiguration(jenkinsAzureCredentialsId, secretIdentifier, Secret.fromString(""));
    Assert.assertEquals(FormValidation.Kind.ERROR, result.kind);
    Assert.assertEquals(Messages.Certificate_Credentials_Validation_No_Private_Key(), result.getMessage());
}
Also used : KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) SecretCertificateCredentials(com.microsoft.jenkins.keyvault.SecretCertificateCredentials) FormValidation(hudson.util.FormValidation) Test(org.junit.Test)

Example 8 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-keyvault-plugin by jenkinsci.

the class AzureKeyVaultSecretSource method reveal.

@Override
public Optional<String> reveal(String secret) {
    AzureKeyVaultGlobalConfiguration azureKeyVaultGlobalConfiguration = GlobalConfiguration.all().get(AzureKeyVaultGlobalConfiguration.class);
    if (azureKeyVaultGlobalConfiguration == null) {
        LOGGER.info("No AzureKeyVault url found, skipping jcasc secret resolution");
        return Optional.empty();
    }
    String credentialID = azureKeyVaultGlobalConfiguration.getCredentialID();
    TokenCredential keyVaultCredentials = AzureCredentials.getSystemCredentialById(credentialID);
    if (keyVaultCredentials == null) {
        LOGGER.info("No AzureKeyVault credentials found, skipping jcasc secret resolution");
        return Optional.empty();
    }
    SecretClient client = SecretClientCache.get(credentialID, azureKeyVaultGlobalConfiguration.getKeyVaultURL());
    try {
        KeyVaultSecret secretBundle = client.getSecret(secret);
        return Optional.of(secretBundle.getValue());
    } catch (ResourceNotFoundException ignored) {
        LOGGER.info("Couldn't find secret: " + secret);
        return Optional.empty();
    }
}
Also used : KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) ResourceNotFoundException(com.azure.core.exception.ResourceNotFoundException) TokenCredential(com.azure.core.credential.TokenCredential) SecretClient(com.azure.security.keyvault.secrets.SecretClient)

Example 9 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class SecretStringCredentialsTest method getSecret.

@Test
public void getSecret() {
    final BaseSecretCredentials.SecretGetter secretGetter = new BaseSecretCredentials.SecretGetter() {

        @Override
        public KeyVaultSecret getKeyVaultSecret(String credentialId, String secretIdentifier) {
            Assert.assertEquals("spId", credentialId);
            Assert.assertEquals("secretId", secretIdentifier);
            final KeyVaultSecret secretBundle = new KeyVaultSecret("name", "Secret");
            return secretBundle;
        }
    };
    final SecretStringCredentials c = new SecretStringCredentials(CredentialsScope.SYSTEM, "id", "desc", "spId", "secretId");
    c.setSecretGetter(secretGetter);
    final Secret secret = c.getSecret();
    Assert.assertEquals("Secret", secret.getPlainText());
}
Also used : KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) Secret(hudson.util.Secret) KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) Test(org.junit.Test)

Example 10 with KeyVaultSecret

use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.

the class ITSecretCertificateCredentials method getKeyStore.

@Test
public void getKeyStore() throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
    final String cert = IOUtils.toString(getClass().getResourceAsStream("../cert.pfx.b64"), StandardCharsets.UTF_8);
    final KeyVaultSecret secretBundle = createSecret("secret-cert", cert);
    final String secretIdentifier = secretBundle.getId();
    final Secret password = Secret.fromString("123456");
    // Verify configuration
    final SecretCertificateCredentials.DescriptorImpl descriptor = new SecretCertificateCredentials.DescriptorImpl();
    final FormValidation result = descriptor.doVerifyConfiguration(jenkinsAzureCredentialsId, secretIdentifier, password);
    Assert.assertEquals(FormValidation.Kind.OK, result.kind);
    // Get key store
    final SecretCertificateCredentials credentials = new SecretCertificateCredentials(CredentialsScope.SYSTEM, "", "", jenkinsAzureCredentialsId, secretIdentifier, password);
    final KeyStore keyStore = credentials.getKeyStore();
    Assert.assertTrue(keyStore.containsAlias("msft"));
    Assert.assertEquals(1, keyStore.size());
    final Key key = keyStore.getKey("msft", password.getPlainText().toCharArray());
    Assert.assertEquals("RSA", key.getAlgorithm());
}
Also used : KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) Secret(hudson.util.Secret) KeyVaultSecret(com.azure.security.keyvault.secrets.models.KeyVaultSecret) SecretCertificateCredentials(com.microsoft.jenkins.keyvault.SecretCertificateCredentials) FormValidation(hudson.util.FormValidation) KeyStore(java.security.KeyStore) Key(java.security.Key) Test(org.junit.Test)

Aggregations

KeyVaultSecret (com.azure.security.keyvault.secrets.models.KeyVaultSecret)19 Test (org.junit.Test)6 When (io.cucumber.java.en.When)5 SecretClient (com.azure.security.keyvault.secrets.SecretClient)4 FormValidation (hudson.util.FormValidation)3 Secret (hudson.util.Secret)3 ResourceNotFoundException (com.azure.core.exception.ResourceNotFoundException)2 SecretCertificateCredentials (com.microsoft.jenkins.keyvault.SecretCertificateCredentials)2 KeyStore (java.security.KeyStore)2 TokenCredential (com.azure.core.credential.TokenCredential)1 FixedDelay (com.azure.core.http.policy.FixedDelay)1 RetryPolicy (com.azure.core.http.policy.RetryPolicy)1 ClientSecretCredential (com.azure.identity.ClientSecretCredential)1 ClientSecretCredentialBuilder (com.azure.identity.ClientSecretCredentialBuilder)1 SecretClientBuilder (com.azure.security.keyvault.secrets.SecretClientBuilder)1 DeletedSecret (com.azure.security.keyvault.secrets.models.DeletedSecret)1 SecretProperties (com.azure.security.keyvault.secrets.models.SecretProperties)1 SecretStringCredentials (com.microsoft.jenkins.keyvault.SecretStringCredentials)1 VaultSecretNotFoundException (com.quorum.tessera.key.vault.VaultSecretNotFoundException)1 NonNull (edu.umd.cs.findbugs.annotations.NonNull)1