Search in sources :

Example 6 with PrivateKeyData

use of com.quorum.tessera.config.PrivateKeyData in project tessera by ConsenSys.

the class FileKeyGeneratorTest method generateFromKeyDataLockedPrivateKey.

@Test
public void generateFromKeyDataLockedPrivateKey() throws IOException {
    when(passwordReader.requestUserPassword()).thenReturn("PASSWORD".toCharArray());
    final Path tempFolder = Files.createTempDirectory(UUID.randomUUID().toString());
    final String keyFilesName = tempFolder.resolve(UUID.randomUUID().toString()).toString();
    doReturn(keyPair).when(encryptor).generateNewKeys();
    final ArgonOptions argonOptions = new ArgonOptions("id", 1, 1, 1);
    final PrivateKeyData encryptedPrivateKey = new PrivateKeyData(null, null, null, null, argonOptions);
    doReturn(encryptedPrivateKey).when(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
    final PrivateKeyData encryptedKey = new PrivateKeyData(null, "snonce", "salt", "sbox", argonOptions);
    doReturn(encryptedKey).when(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
    final FilesystemKeyPair generated = generator.generate(keyFilesName, null, null);
    final KeyDataConfig pkd = generated.getInlineKeypair().getPrivateKeyConfig();
    assertThat(generated.getPublicKey()).isEqualTo("cHVibGljS2V5");
    assertThat(pkd.getSbox()).isEqualTo("sbox");
    assertThat(pkd.getSnonce()).isEqualTo("snonce");
    assertThat(pkd.getAsalt()).isEqualTo("salt");
    assertThat(pkd.getType()).isEqualTo(PrivateKeyType.LOCKED);
    verify(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
    verify(encryptor).generateNewKeys();
}
Also used : Path(java.nio.file.Path) KeyDataConfig(com.quorum.tessera.config.KeyDataConfig) ArgonOptions(com.quorum.tessera.config.ArgonOptions) PrivateKey(com.quorum.tessera.encryption.PrivateKey) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) Test(org.junit.Test)

Example 7 with PrivateKeyData

use of com.quorum.tessera.config.PrivateKeyData in project tessera by ConsenSys.

the class FileKeyGenerator method generate.

@Override
public FilesystemKeyPair generate(final String filename, final ArgonOptions encryptionOptions, final KeyVaultOptions keyVaultOptions) {
    final char[] password = this.passwordReader.requestUserPassword();
    final KeyPair generated = this.encryptor.generateNewKeys();
    final String publicKeyBase64 = Base64.getEncoder().encodeToString(generated.getPublicKey().getKeyBytes());
    final KeyData finalKeys = new KeyData();
    final KeyDataConfig keyDataConfig;
    if (password.length > 0) {
        final PrivateKeyData encryptedPrivateKey = this.keyEncryptor.encryptPrivateKey(generated.getPrivateKey(), password, encryptionOptions);
        keyDataConfig = new KeyDataConfig(new PrivateKeyData(null, encryptedPrivateKey.getSnonce(), encryptedPrivateKey.getAsalt(), encryptedPrivateKey.getSbox(), encryptedPrivateKey.getArgonOptions()), LOCKED);
        LOGGER.info("Newly generated private key has been encrypted");
    } else {
        String keyData = Base64.getEncoder().encodeToString(generated.getPrivateKey().getKeyBytes());
        keyDataConfig = new KeyDataConfig(new PrivateKeyData(keyData, null, null, null, null), UNLOCKED);
    }
    finalKeys.setConfig(keyDataConfig);
    finalKeys.setPrivateKey(generated.getPrivateKey().encodeToBase64());
    finalKeys.setPublicKey(publicKeyBase64);
    final String privateKeyJson = JaxbUtil.marshalToString(finalKeys.getConfig());
    final Path resolvedPath = Paths.get(filename).toAbsolutePath();
    final Path parentPath;
    if (EMPTY_FILENAME.equals(filename)) {
        parentPath = resolvedPath;
    } else {
        parentPath = resolvedPath.getParent();
    }
    final Path publicKeyPath = parentPath.resolve(filename + ".pub");
    final Path privateKeyPath = parentPath.resolve(filename + ".key");
    IOCallback.execute(() -> Files.write(publicKeyPath, publicKeyBase64.getBytes(UTF_8), CREATE_NEW));
    IOCallback.execute(() -> Files.write(privateKeyPath, privateKeyJson.getBytes(UTF_8), CREATE_NEW));
    LOGGER.info("Saved public key to {}", publicKeyPath.toAbsolutePath().toString());
    LOGGER.info("Saved private key to {}", privateKeyPath.toAbsolutePath().toString());
    final FilesystemKeyPair keyPair = new FilesystemKeyPair(publicKeyPath, privateKeyPath, keyEncryptor);
    keyPair.withPassword(password);
    return keyPair;
}
Also used : Path(java.nio.file.Path) KeyDataConfig(com.quorum.tessera.config.KeyDataConfig) KeyPair(com.quorum.tessera.encryption.KeyPair) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) KeyData(com.quorum.tessera.config.KeyData) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData)

Example 8 with PrivateKeyData

use of com.quorum.tessera.config.PrivateKeyData in project tessera by ConsenSys.

the class InlineKeypair method getPrivateKey.

@Override
@NotNull
@Size(min = 1)
@ValidBase64(message = "Invalid Base64 key provided")
@Pattern(regexp = "^((?!NACL_FAILURE).)*$", message = "Could not decrypt the private key with the provided password, please double check the passwords provided")
public String getPrivateKey() {
    final PrivateKeyData pkd = privateKeyConfig.getPrivateKeyData();
    if (privateKeyConfig.getType() == UNLOCKED) {
        return privateKeyConfig.getValue();
    }
    if (this.cachedValue == null || !Objects.equals(this.cachedPassword, this.password)) {
        if (password != null) {
            try {
                this.cachedValue = keyEncryptor.decryptPrivateKey(pkd, password).encodeToBase64();
            } catch (final EncryptorException ex) {
                this.cachedValue = "NACL_FAILURE";
            }
        }
    }
    this.cachedPassword = this.password;
    return this.cachedValue;
}
Also used : PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) EncryptorException(com.quorum.tessera.encryption.EncryptorException) Pattern(jakarta.validation.constraints.Pattern) Size(jakarta.validation.constraints.Size) ValidBase64(com.quorum.tessera.config.constraints.ValidBase64) NotNull(jakarta.validation.constraints.NotNull)

Example 9 with PrivateKeyData

use of com.quorum.tessera.config.PrivateKeyData in project tessera by ConsenSys.

the class FileKeyGeneratorTest method providingPathThatExistsThrowsError.

@Test
public void providingPathThatExistsThrowsError() throws IOException {
    final Path tempFolder = Files.createTempDirectory(UUID.randomUUID().toString());
    final String keyFilesName = tempFolder.resolve("key").toString();
    tempFolder.toFile().setWritable(false);
    doReturn(keyPair).when(encryptor).generateNewKeys();
    doReturn(new PrivateKeyData("", "", "", "", new ArgonOptions("", 1, 1, 1))).when(keyEncryptor).encryptPrivateKey(any(PrivateKey.class), any(), eq(null));
    final Throwable throwable = catchThrowable(() -> generator.generate(keyFilesName, null, null));
    assertThat(throwable).isInstanceOf(UncheckedIOException.class);
    assertThat(Files.exists(tempFolder.resolve("key.pub"))).isFalse();
    assertThat(Files.exists(tempFolder.resolve("key.key"))).isFalse();
    verify(encryptor).generateNewKeys();
}
Also used : Path(java.nio.file.Path) ArgonOptions(com.quorum.tessera.config.ArgonOptions) PrivateKey(com.quorum.tessera.encryption.PrivateKey) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) Test(org.junit.Test)

Example 10 with PrivateKeyData

use of com.quorum.tessera.config.PrivateKeyData in project tessera by ConsenSys.

the class InlineKeypairTest method unlockedKeyGetsValue.

@Test
public void unlockedKeyGetsValue() {
    PrivateKeyData privateKeyData = mock(PrivateKeyData.class);
    final KeyDataConfig privKeyDataConfig = mock(KeyDataConfig.class);
    when(privKeyDataConfig.getPrivateKeyData()).thenReturn(privateKeyData);
    when(privKeyDataConfig.getType()).thenReturn(PrivateKeyType.UNLOCKED);
    String value = "I love sparrows";
    when(privKeyDataConfig.getValue()).thenReturn(value);
    final InlineKeypair result = new InlineKeypair("public", privKeyDataConfig, keyEncryptor);
    assertThat(result.getPrivateKey()).isEqualTo(value);
    verifyZeroInteractions(keyEncryptor);
}
Also used : KeyDataConfig(com.quorum.tessera.config.KeyDataConfig) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) Test(org.junit.Test)

Aggregations

PrivateKeyData (com.quorum.tessera.config.PrivateKeyData)15 Test (org.junit.Test)12 KeyDataConfig (com.quorum.tessera.config.KeyDataConfig)8 PrivateKey (com.quorum.tessera.encryption.PrivateKey)8 ArgonOptions (com.quorum.tessera.config.ArgonOptions)7 ArgonResult (com.quorum.tessera.argon2.ArgonResult)4 Nonce (com.quorum.tessera.encryption.Nonce)4 Path (java.nio.file.Path)4 EncryptorException (com.quorum.tessera.encryption.EncryptorException)3 SharedKey (com.quorum.tessera.encryption.SharedKey)3 FilesystemKeyPair (com.quorum.tessera.config.keypairs.FilesystemKeyPair)2 KeyData (com.quorum.tessera.config.KeyData)1 ValidBase64 (com.quorum.tessera.config.constraints.ValidBase64)1 KeyPair (com.quorum.tessera.encryption.KeyPair)1 NotNull (jakarta.validation.constraints.NotNull)1 Pattern (jakarta.validation.constraints.Pattern)1 Size (jakarta.validation.constraints.Size)1 Assertions.catchThrowable (org.assertj.core.api.Assertions.catchThrowable)1