use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.
the class SecretCertificateCredentials method getKeyStore.
@NonNull
@Override
public KeyStore getKeyStore() {
final KeyVaultSecret secret = getKeyVaultSecret();
KeyStore keyStore;
try {
keyStore = KeyStore.getInstance("PKCS12");
} catch (KeyStoreException e) {
throw new IllegalStateException("PKCS12 is a keystore type per the JLS spec", e);
}
try {
final byte[] content = Base64.decodeBase64(secret.getValue());
keyStore.load(new ByteArrayInputStream(content), toCharArray(password));
} catch (CertificateException | NoSuchAlgorithmException | IOException e) {
final LogRecord lr = new LogRecord(Level.WARNING, "Credentials ID {0}: Could not load keystore from {1}");
lr.setParameters(new Object[] { getId(), getSecretIdentifier() });
lr.setThrown(e);
LOGGER.log(lr);
}
return keyStore;
}
use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.
the class ITSecretCertificateCredentials method getKeyStoreNoPrivateKey.
@Test
public void getKeyStoreNoPrivateKey() throws IOException {
final String cert = IOUtils.toString(getClass().getResourceAsStream("../cert_no_private.pfx.b64"), StandardCharsets.UTF_8);
final KeyVaultSecret secretBundle = createSecret("secret-cert-no-private", cert);
final String secretIdentifier = secretBundle.getId().toString();
// Verify configuration
final SecretCertificateCredentials.DescriptorImpl descriptor = new SecretCertificateCredentials.DescriptorImpl();
final FormValidation result = descriptor.doVerifyConfiguration(jenkinsAzureCredentialsId, secretIdentifier, Secret.fromString(""));
Assert.assertEquals(FormValidation.Kind.ERROR, result.kind);
Assert.assertEquals(Messages.Certificate_Credentials_Validation_No_Private_Key(), result.getMessage());
}
use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-keyvault-plugin by jenkinsci.
the class AzureKeyVaultSecretSource method reveal.
@Override
public Optional<String> reveal(String secret) {
AzureKeyVaultGlobalConfiguration azureKeyVaultGlobalConfiguration = GlobalConfiguration.all().get(AzureKeyVaultGlobalConfiguration.class);
if (azureKeyVaultGlobalConfiguration == null) {
LOGGER.info("No AzureKeyVault url found, skipping jcasc secret resolution");
return Optional.empty();
}
String credentialID = azureKeyVaultGlobalConfiguration.getCredentialID();
TokenCredential keyVaultCredentials = AzureCredentials.getSystemCredentialById(credentialID);
if (keyVaultCredentials == null) {
LOGGER.info("No AzureKeyVault credentials found, skipping jcasc secret resolution");
return Optional.empty();
}
SecretClient client = SecretClientCache.get(credentialID, azureKeyVaultGlobalConfiguration.getKeyVaultURL());
try {
KeyVaultSecret secretBundle = client.getSecret(secret);
return Optional.of(secretBundle.getValue());
} catch (ResourceNotFoundException ignored) {
LOGGER.info("Couldn't find secret: " + secret);
return Optional.empty();
}
}
use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.
the class SecretStringCredentialsTest method getSecret.
@Test
public void getSecret() {
final BaseSecretCredentials.SecretGetter secretGetter = new BaseSecretCredentials.SecretGetter() {
@Override
public KeyVaultSecret getKeyVaultSecret(String credentialId, String secretIdentifier) {
Assert.assertEquals("spId", credentialId);
Assert.assertEquals("secretId", secretIdentifier);
final KeyVaultSecret secretBundle = new KeyVaultSecret("name", "Secret");
return secretBundle;
}
};
final SecretStringCredentials c = new SecretStringCredentials(CredentialsScope.SYSTEM, "id", "desc", "spId", "secretId");
c.setSecretGetter(secretGetter);
final Secret secret = c.getSecret();
Assert.assertEquals("Secret", secret.getPlainText());
}
use of com.azure.security.keyvault.secrets.models.KeyVaultSecret in project azure-credentials-plugin by jenkinsci.
the class ITSecretCertificateCredentials method getKeyStore.
@Test
public void getKeyStore() throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
final String cert = IOUtils.toString(getClass().getResourceAsStream("../cert.pfx.b64"), StandardCharsets.UTF_8);
final KeyVaultSecret secretBundle = createSecret("secret-cert", cert);
final String secretIdentifier = secretBundle.getId();
final Secret password = Secret.fromString("123456");
// Verify configuration
final SecretCertificateCredentials.DescriptorImpl descriptor = new SecretCertificateCredentials.DescriptorImpl();
final FormValidation result = descriptor.doVerifyConfiguration(jenkinsAzureCredentialsId, secretIdentifier, password);
Assert.assertEquals(FormValidation.Kind.OK, result.kind);
// Get key store
final SecretCertificateCredentials credentials = new SecretCertificateCredentials(CredentialsScope.SYSTEM, "", "", jenkinsAzureCredentialsId, secretIdentifier, password);
final KeyStore keyStore = credentials.getKeyStore();
Assert.assertTrue(keyStore.containsAlias("msft"));
Assert.assertEquals(1, keyStore.size());
final Key key = keyStore.getKey("msft", password.getPlainText().toCharArray());
Assert.assertEquals("RSA", key.getAlgorithm());
}
Aggregations