use of com.quorum.tessera.config.KeyVaultType in project tessera by ConsenSys.
the class KeyVaultConfigValidator method isValid.
@Override
public boolean isValid(DefaultKeyVaultConfig keyVaultConfig, ConstraintValidatorContext constraintValidatorContext) {
if (keyVaultConfig == null || keyVaultConfig.getKeyVaultType() == null) {
return true;
}
KeyVaultType keyVaultType = keyVaultConfig.getKeyVaultType();
List<Boolean> outcomes = new ArrayList<>();
if (keyVaultType == KeyVaultType.AZURE) {
if (!keyVaultConfig.getProperties().containsKey("url")) {
constraintValidatorContext.disableDefaultConstraintViolation();
constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: is required", URL)).addConstraintViolation();
outcomes.add(Boolean.FALSE);
}
}
if (keyVaultType == KeyVaultType.HASHICORP) {
if (!keyVaultConfig.getProperties().containsKey(URL)) {
constraintValidatorContext.disableDefaultConstraintViolation();
constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: is required", URL)).addConstraintViolation();
outcomes.add(Boolean.FALSE);
}
final ValidPath validPath = this.getClass().getAnnotation(ValidPath.class);
final PathValidator pathValidator = new PathValidator();
pathValidator.initialize(validPath);
Optional.ofNullable(keyVaultConfig.getProperties().get(TLS_KEY_STORE_PATH)).map(Paths::get).filter(path -> !pathValidator.isValid(path, constraintValidatorContext)).ifPresent(b -> {
constraintValidatorContext.disableDefaultConstraintViolation();
constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: %s", TLS_KEY_STORE_PATH, validPath.message())).addConstraintViolation();
outcomes.add(Boolean.FALSE);
});
Optional.ofNullable(keyVaultConfig.getProperties().get(TLS_TRUST_STORE_PATH)).map(Paths::get).filter(path -> !pathValidator.isValid(path, constraintValidatorContext)).ifPresent(b -> {
constraintValidatorContext.disableDefaultConstraintViolation();
constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: %s", TLS_TRUST_STORE_PATH, validPath.message())).addConstraintViolation();
outcomes.add(Boolean.FALSE);
});
}
if (keyVaultType == KeyVaultType.AWS) {
// we do not require endpoint to be provided as AWS client will fallback to alternate methods
// (e.g. environment variables or properties files)
Optional.ofNullable(keyVaultConfig.getProperties().get(ENDPOINT)).filter(endpoint -> !endpoint.matches("^https?://.+$")).ifPresent(b -> {
constraintValidatorContext.disableDefaultConstraintViolation();
constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("%s: must be a valid AWS service endpoint URL with scheme", ENDPOINT)).addConstraintViolation();
outcomes.add(Boolean.FALSE);
});
}
return outcomes.stream().allMatch(Boolean::booleanValue);
}
use of com.quorum.tessera.config.KeyVaultType in project tessera by ConsenSys.
the class KeyVaultServiceFactoryTest method getInstance.
@Test
public void getInstance() {
for (KeyVaultType keyVaultType : KeyVaultType.values()) {
KeyVaultServiceFactory otherKeyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
when(otherKeyVaultServiceFactory.getType()).thenReturn(Stream.of(KeyVaultType.values()).filter(k -> k != keyVaultType).findAny().get());
KeyVaultServiceFactory expected = mock(KeyVaultServiceFactory.class);
when(expected.getType()).thenReturn(keyVaultType);
KeyVaultServiceFactory keyVaultServiceFactory;
try (var mockedStaticServiceLoader = mockStatic(ServiceLoader.class)) {
ServiceLoader<KeyVaultServiceFactory> serviceLoader = mock(ServiceLoader.class);
ServiceLoader.Provider<KeyVaultServiceFactory> provider = mock(ServiceLoader.Provider.class);
when(provider.get()).thenReturn(expected);
ServiceLoader.Provider<KeyVaultServiceFactory> otherProvider = mock(ServiceLoader.Provider.class);
when(otherProvider.get()).thenReturn(otherKeyVaultServiceFactory);
when(serviceLoader.stream()).thenReturn(Stream.of(provider, otherProvider).unordered());
mockedStaticServiceLoader.when(() -> ServiceLoader.load(KeyVaultServiceFactory.class)).thenReturn(serviceLoader);
keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(keyVaultType);
verify(serviceLoader).stream();
verifyNoMoreInteractions(serviceLoader);
verify(provider).get();
verifyNoMoreInteractions(provider);
mockedStaticServiceLoader.verify(() -> ServiceLoader.load(KeyVaultServiceFactory.class));
mockedStaticServiceLoader.verifyNoMoreInteractions();
}
assertThat(keyVaultServiceFactory).isSameAs(expected);
}
}
Aggregations