use of com.quorum.tessera.config.keypairs.ConfigKeyPair in project tessera by ConsenSys.
the class KeyPairConverter method convert.
private KeyPair convert(ConfigKeyPair configKeyPair) {
final String base64PublicKey;
final String base64PrivateKey;
if (configKeyPair instanceof AzureVaultKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AZURE);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
AzureVaultKeyPair akp = (AzureVaultKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = new HashMap<>(Map.of("secretName", akp.getPublicKeyId()));
getPublicKeyData.put("secretVersion", akp.getPublicKeyVersion());
Map<String, String> getPrivateKeyData = new HashMap<>(Map.of("secretName", akp.getPrivateKeyId()));
getPrivateKeyData.put("secretVersion", akp.getPrivateKeyVersion());
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else if (configKeyPair instanceof HashicorpVaultKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
HashicorpVaultKeyPair hkp = (HashicorpVaultKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPublicKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
Map<String, String> getPrivateKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPrivateKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else if (configKeyPair instanceof AWSKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AWS);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
AWSKeyPair akp = (AWSKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = Map.of("secretName", akp.getPublicKeyId());
Map<String, String> getPrivateKeyData = Map.of("secretName", akp.getPrivateKeyId());
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else {
base64PublicKey = configKeyPair.getPublicKey();
base64PrivateKey = configKeyPair.getPrivateKey();
}
return new KeyPair(PublicKey.from(Base64.getDecoder().decode(base64PublicKey.trim())), PrivateKey.from(Base64.getDecoder().decode(base64PrivateKey.trim())));
}
use of com.quorum.tessera.config.keypairs.ConfigKeyPair in project tessera by ConsenSys.
the class ThirdPartyIT method partyInfoKeys.
@Test
public void partyInfoKeys() {
Response partyinfoResponse = client.target(thirdPartyServerConfig.getServerUri()).path("partyinfo").path("keys").request().get();
JsonObject partyinfokeysJson = partyinfoResponse.readEntity(JsonObject.class);
assertThat(partyinfoResponse).isNotNull();
assertThat(partyinfoResponse.getStatus()).isEqualTo(200);
List<JsonObject> keys = Stream.of(firstNodeExecManager, secondNodeExecManager).map(NodeExecManager::getConfigDescriptor).map(ConfigDescriptor::getKey).map(ConfigKeyPair::getPublicKey).map(k -> Json.createObjectBuilder().add("key", k).build()).collect(Collectors.toUnmodifiableList());
assertThat(partyinfokeysJson.getJsonArray("keys")).describedAs("partyInfo response that caused failure %s", partyinfokeysJson.toString()).containsAnyElementsOf(keys);
}
use of com.quorum.tessera.config.keypairs.ConfigKeyPair in project tessera by ConsenSys.
the class SendIT method sendToMultipleRecipientsOnSameNode.
@Test
public void sendToMultipleRecipientsOnSameNode() throws UnsupportedEncodingException {
// Node C has 2 keys, use them both
final String[] recipientPublicKeys = ExecutionContext.currentContext().getConfigs().stream().filter(c -> c.getAlias() == NodeAlias.C).findFirst().map(ConfigDescriptor::getAllKeys).get().stream().map(ConfigKeyPair::getPublicKey).toArray(String[]::new);
final Party sendingParty = partyHelper.findByAlias(NodeAlias.A);
final Party recipientParty = partyHelper.findByAlias(NodeAlias.C);
final byte[] transactionData = utils.createTransactionData();
final SendRequest sendRequest = new SendRequest();
sendRequest.setFrom(sendingParty.getPublicKey());
sendRequest.setTo(recipientPublicKeys);
sendRequest.setPayload(transactionData);
final Response response = sendingParty.getRestClient().target(sendingParty.getQ2TUri()).path(SEND_PATH).request().post(Entity.entity(sendRequest, MIME_TYPE_JSON_2_1));
final SendResponse result = response.readEntity(SendResponse.class);
assertThat(result.getKey()).isNotNull().isNotBlank();
assertThat(result.getManagedParties()).containsExactlyInAnyOrder(sendingParty.getPublicKey());
assertThat(result.getSenderKey()).isEqualTo(sendingParty.getPublicKey());
assertThat(response).isNotNull();
assertThat(response.getStatus()).isEqualTo(201);
URI location = response.getLocation();
{
final Response checkPersistedTxnResponse = recipientParty.getRestClient().target(location).request().get();
assertThat(checkPersistedTxnResponse.getStatus()).isEqualTo(200);
ReceiveResponse receiveResponse = checkPersistedTxnResponse.readEntity(ReceiveResponse.class);
assertThat(receiveResponse.getPayload()).isEqualTo(transactionData);
assertThat(result.getManagedParties()).containsExactlyInAnyOrder(sendingParty.getPublicKey());
assertThat(result.getSenderKey()).isEqualTo(sendingParty.getPublicKey());
}
{
String encodedId = URLEncoder.encode(result.getKey(), StandardCharsets.UTF_8.toString());
Stream.of(recipientParty).map(Party::getRestClientWebTarget).map(target -> target.path("transaction")).map(target -> target.path(encodedId)).map(target -> target.request().accept(MIME_TYPE_JSON_2_1).get()).forEach(r -> {
assertThat(r.getStatus()).isEqualTo(200);
ReceiveResponse receiveResponse = r.readEntity(ReceiveResponse.class);
assertThat(receiveResponse.getManagedParties()).containsExactlyInAnyOrder(recipientPublicKeys);
assertThat(receiveResponse.getSenderKey()).isEqualTo(sendingParty.getPublicKey());
});
}
}
use of com.quorum.tessera.config.keypairs.ConfigKeyPair in project tessera by ConsenSys.
the class KeyGenCommandTest method onlySingleOutputFileProvided.
@Test
public void onlySingleOutputFileProvided() throws Exception {
List<String> optionVariations = List.of("--keyout", "-filename");
ConfigKeyPair configKeyPair = mock(ConfigKeyPair.class);
when(keyGenerator.generate("myfile", null, null)).thenReturn(configKeyPair);
when(keyGeneratorFactory.create(refEq(null), any(EncryptorConfig.class))).thenReturn(keyGenerator);
for (String option : optionVariations) {
String arg = option.concat("=myfile");
int exitCode = commandLine.execute(arg);
assertThat(exitCode).isZero();
CommandLine.ParseResult parseResult = commandLine.getParseResult();
assertThat(parseResult).isNotNull();
assertThat(parseResult.matchedArgs()).hasSize(1);
assertThat(parseResult.hasMatchedOption("--keyout"));
assertThat(parseResult.unmatched()).isEmpty();
CliResult result = commandLine.getExecutionResult();
assertThat(result).isNotNull();
assertThat(result.isSuppressStartup()).isTrue();
assertThat(result.getConfig()).isNotPresent();
assertThat(result.getStatus()).isEqualTo(0);
}
verify(keyDataMarshaller, times(optionVariations.size())).marshal(configKeyPair);
verify(keyGeneratorFactory, times(optionVariations.size())).create(refEq(null), any(EncryptorConfig.class));
verify(keyGenerator, times(optionVariations.size())).generate("myfile", null, null);
}
use of com.quorum.tessera.config.keypairs.ConfigKeyPair in project tessera by ConsenSys.
the class KeyGenCommand method call.
@Override
public CliResult call() throws IOException {
if (Objects.nonNull(fileUpdateOptions) && Objects.isNull(fileUpdateOptions.getConfig())) {
throw new CliException("Missing required argument(s): --configfile=<config>");
}
final EncryptorConfig encryptorConfig = Optional.ofNullable(fileUpdateOptions).map(KeyGenFileUpdateOptions::getConfig).map(Config::getEncryptor).orElseGet(() -> Optional.ofNullable(encryptorOptions).map(EncryptorOptions::parseEncryptorConfig).orElse(EncryptorConfig.getDefault()));
final KeyVaultOptions keyVaultOptions = Optional.ofNullable(keyVaultConfigOptions).map(KeyVaultConfigOptions::getHashicorpSecretEnginePath).map(KeyVaultOptions::new).orElse(null);
final KeyVaultConfig keyVaultConfig;
if (keyVaultConfigOptions == null) {
keyVaultConfig = null;
} else if (keyVaultConfigOptions.getVaultType() == null) {
throw new CliException("Key vault type either not provided or not recognised");
} else if (fileUpdateOptions != null) {
keyVaultConfig = Optional.of(fileUpdateOptions).map(KeyGenFileUpdateOptions::getConfig).map(Config::getKeys).flatMap(c -> c.getKeyVaultConfig(keyVaultConfigOptions.getVaultType())).orElse(null);
} else {
final KeyVaultHandler keyVaultHandler = new DispatchingKeyVaultHandler();
keyVaultConfig = keyVaultHandler.handle(keyVaultConfigOptions);
if (keyVaultConfig.getKeyVaultType() == KeyVaultType.HASHICORP) {
if (Objects.isNull(keyOut)) {
throw new CliException("At least one -filename must be provided when saving generated keys in a Hashicorp Vault");
}
}
final Set<ConstraintViolation<KeyVaultConfig>> violations = validator.validate(keyVaultConfig);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
final KeyGenerator keyGenerator = keyGeneratorFactory.create(keyVaultConfig, encryptorConfig);
final List<String> newKeyNames = Optional.ofNullable(keyOut).filter(Predicate.not(List::isEmpty)).map(List::copyOf).orElseGet(() -> List.of(""));
final List<ConfigKeyPair> newConfigKeyPairs = newKeyNames.stream().map(name -> keyGenerator.generate(name, argonOptions, keyVaultOptions)).collect(Collectors.toList());
final List<char[]> newPasswords = newConfigKeyPairs.stream().filter(Objects::nonNull).map(ConfigKeyPair::getPassword).collect(Collectors.toList());
final List<KeyData> newKeyData = newConfigKeyPairs.stream().map(keyDataMarshaller::marshal).collect(Collectors.toList());
if (Objects.isNull(fileUpdateOptions)) {
return new CliResult(0, true, null);
}
// prepare config for addition of new keys if required
prepareConfigForNewKeys(fileUpdateOptions.getConfig());
if (Objects.nonNull(fileUpdateOptions.getConfigOut())) {
if (Objects.nonNull(fileUpdateOptions.getPwdOut())) {
passwordFileUpdaterWriter.updateAndWrite(newPasswords, fileUpdateOptions.getConfig(), fileUpdateOptions.getPwdOut());
fileUpdateOptions.getConfig().getKeys().setPasswordFile(fileUpdateOptions.getPwdOut());
}
configFileUpdaterWriter.updateAndWrite(newKeyData, keyVaultConfig, fileUpdateOptions.getConfig(), fileUpdateOptions.getConfigOut());
} else {
configFileUpdaterWriter.updateAndWriteToCLI(newKeyData, keyVaultConfig, fileUpdateOptions.getConfig());
}
return new CliResult(0, true, fileUpdateOptions.getConfig());
}
Aggregations