Search in sources :

Example 1 with DefaultKeyVaultConfig

use of com.quorum.tessera.config.DefaultKeyVaultConfig in project tessera by ConsenSys.

the class KeyVaultConfigValidator method isValid.

@Override
public boolean isValid(DefaultKeyVaultConfig keyVaultConfig, ConstraintValidatorContext constraintValidatorContext) {
    if (keyVaultConfig == null || keyVaultConfig.getKeyVaultType() == null) {
        return true;
    }
    KeyVaultType keyVaultType = keyVaultConfig.getKeyVaultType();
    List<Boolean> outcomes = new ArrayList<>();
    if (keyVaultType == KeyVaultType.AZURE) {
        if (!keyVaultConfig.getProperties().containsKey("url")) {
            constraintValidatorContext.disableDefaultConstraintViolation();
            constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: is required", URL)).addConstraintViolation();
            outcomes.add(Boolean.FALSE);
        }
    }
    if (keyVaultType == KeyVaultType.HASHICORP) {
        if (!keyVaultConfig.getProperties().containsKey(URL)) {
            constraintValidatorContext.disableDefaultConstraintViolation();
            constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: is required", URL)).addConstraintViolation();
            outcomes.add(Boolean.FALSE);
        }
        final ValidPath validPath = this.getClass().getAnnotation(ValidPath.class);
        final PathValidator pathValidator = new PathValidator();
        pathValidator.initialize(validPath);
        Optional.ofNullable(keyVaultConfig.getProperties().get(TLS_KEY_STORE_PATH)).map(Paths::get).filter(path -> !pathValidator.isValid(path, constraintValidatorContext)).ifPresent(b -> {
            constraintValidatorContext.disableDefaultConstraintViolation();
            constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: %s", TLS_KEY_STORE_PATH, validPath.message())).addConstraintViolation();
            outcomes.add(Boolean.FALSE);
        });
        Optional.ofNullable(keyVaultConfig.getProperties().get(TLS_TRUST_STORE_PATH)).map(Paths::get).filter(path -> !pathValidator.isValid(path, constraintValidatorContext)).ifPresent(b -> {
            constraintValidatorContext.disableDefaultConstraintViolation();
            constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: %s", TLS_TRUST_STORE_PATH, validPath.message())).addConstraintViolation();
            outcomes.add(Boolean.FALSE);
        });
    }
    if (keyVaultType == KeyVaultType.AWS) {
        // we do not require endpoint to be provided as AWS client will fallback to alternate methods
        // (e.g. environment variables or properties files)
        Optional.ofNullable(keyVaultConfig.getProperties().get(ENDPOINT)).filter(endpoint -> !endpoint.matches("^https?://.+$")).ifPresent(b -> {
            constraintValidatorContext.disableDefaultConstraintViolation();
            constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: must be a valid AWS service endpoint URL with scheme", ENDPOINT)).addConstraintViolation();
            outcomes.add(Boolean.FALSE);
        });
    }
    return outcomes.stream().allMatch(Boolean::booleanValue);
}
Also used : KeyVaultType(com.quorum.tessera.config.KeyVaultType) List(java.util.List) DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) Paths(java.nio.file.Paths) Optional(java.util.Optional) ConstraintValidator(jakarta.validation.ConstraintValidator) ConstraintValidatorContext(jakarta.validation.ConstraintValidatorContext) ArrayList(java.util.ArrayList) KeyVaultType(com.quorum.tessera.config.KeyVaultType) ArrayList(java.util.ArrayList) Paths(java.nio.file.Paths)

Example 2 with DefaultKeyVaultConfig

use of com.quorum.tessera.config.DefaultKeyVaultConfig in project tessera by ConsenSys.

the class KeyVaultConfigValidatorTest method validAWSConfigNoEndpoint.

@Test
public void validAWSConfigNoEndpoint() {
    DefaultKeyVaultConfig config = new DefaultKeyVaultConfig();
    config.setKeyVaultType(KeyVaultType.AWS);
    assertThat(keyVaultConfigValidator.isValid(config, context)).isTrue();
}
Also used : DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) Test(org.junit.Test)

Example 3 with DefaultKeyVaultConfig

use of com.quorum.tessera.config.DefaultKeyVaultConfig in project tessera by ConsenSys.

the class KeyGeneratorFactoryTest method awsVaultKeyGeneratorWhenAwsConfigProvided.

@Test
public void awsVaultKeyGeneratorWhenAwsConfigProvided() {
    final DefaultKeyVaultConfig keyVaultConfig = new DefaultKeyVaultConfig();
    keyVaultConfig.setKeyVaultType(KeyVaultType.AWS);
    EncryptorConfig encryptorConfig = mock(EncryptorConfig.class);
    when(encryptorConfig.getType()).thenReturn(EncryptorType.NACL);
    when(encryptorConfig.getProperties()).thenReturn(Collections.EMPTY_MAP);
    KeyGeneratorFactory keyGeneratorFactory = KeyGeneratorFactory.create();
    try (MockedStatic<KeyVaultServiceFactory> mockedKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
        KeyVaultService keyVaultService = mock(KeyVaultService.class);
        KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
        when(keyVaultServiceFactory.create(any(), any())).thenReturn(keyVaultService);
        mockedKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
        final KeyGenerator keyGenerator = keyGeneratorFactory.create(keyVaultConfig, encryptorConfig);
        assertThat(keyGenerator).isNotNull();
        assertThat(keyGenerator).isExactlyInstanceOf(AWSSecretManagerKeyGenerator.class);
    }
}
Also used : DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) EncryptorConfig(com.quorum.tessera.config.EncryptorConfig) Test(org.junit.Test)

Example 4 with DefaultKeyVaultConfig

use of com.quorum.tessera.config.DefaultKeyVaultConfig in project tessera by ConsenSys.

the class AwsKeyVaultHandler method handle.

@Override
public KeyVaultConfig handle(KeyVaultConfigOptions configOptions) {
    DefaultKeyVaultConfig awsKeyVaultConfig = new DefaultKeyVaultConfig();
    awsKeyVaultConfig.setKeyVaultType(KeyVaultType.AWS);
    Optional.ofNullable(configOptions).map(KeyVaultConfigOptions::getVaultUrl).ifPresent(u -> awsKeyVaultConfig.setProperty("endpoint", u));
    return awsKeyVaultConfig;
}
Also used : DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig)

Example 5 with DefaultKeyVaultConfig

use of com.quorum.tessera.config.DefaultKeyVaultConfig in project tessera by ConsenSys.

the class DefaultKeyVaultConfigValidationsTest method validCase.

@Test
public void validCase() {
    KeyConfiguration keyConfiguration = mock(KeyConfiguration.class);
    // Not ideal. Having to use config object in tests to apply validation rules.
    KeyVaultConfig keyVaultConfig = new DefaultKeyVaultConfig() {

        {
            setKeyVaultType(KeyVaultType.AZURE);
        }
    };
    List<KeyVaultConfig> keyVaultConfigList = Arrays.asList(mock(KeyVaultConfig.class));
    when(keyConfiguration.getKeyVaultConfigs()).thenReturn(keyVaultConfigList);
    ConfigKeyPair keyPair = new AzureVaultKeyPair("publicKeyId", "privateKeyId", null, null);
    List<ConfigKeyPair> keyPairs = Arrays.asList(keyPair);
    Set<ConstraintViolation<?>> results = validator.validate(keyConfiguration, keyPairs);
    assertThat(results).isEmpty();
}
Also used : KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) KeyConfiguration(com.quorum.tessera.config.KeyConfiguration) ConstraintViolation(jakarta.validation.ConstraintViolation) ConfigKeyPair(com.quorum.tessera.config.keypairs.ConfigKeyPair) AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair) Test(org.junit.Test)

Aggregations

DefaultKeyVaultConfig (com.quorum.tessera.config.DefaultKeyVaultConfig)12 Test (org.junit.Test)10 Path (java.nio.file.Path)2 EncryptorConfig (com.quorum.tessera.config.EncryptorConfig)1 KeyConfiguration (com.quorum.tessera.config.KeyConfiguration)1 KeyVaultConfig (com.quorum.tessera.config.KeyVaultConfig)1 KeyVaultType (com.quorum.tessera.config.KeyVaultType)1 AzureVaultKeyPair (com.quorum.tessera.config.keypairs.AzureVaultKeyPair)1 ConfigKeyPair (com.quorum.tessera.config.keypairs.ConfigKeyPair)1 KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)1 KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)1 ConstraintValidator (jakarta.validation.ConstraintValidator)1 ConstraintValidatorContext (jakarta.validation.ConstraintValidatorContext)1 ConstraintViolation (jakarta.validation.ConstraintViolation)1 Paths (java.nio.file.Paths)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Optional (java.util.Optional)1