Examples with HashicorpVaultKeyPair com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair used on opensource projects

Example 1 with HashicorpVaultKeyPair

use of com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair in project tessera by ConsenSys.

the class KeyPairConverter method convert.

private KeyPair convert(ConfigKeyPair configKeyPair) {
    final String base64PublicKey;
    final String base64PrivateKey;
    if (configKeyPair instanceof AzureVaultKeyPair) {
        KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AZURE);
        KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
        AzureVaultKeyPair akp = (AzureVaultKeyPair) configKeyPair;
        Map<String, String> getPublicKeyData = new HashMap<>(Map.of("secretName", akp.getPublicKeyId()));
        getPublicKeyData.put("secretVersion", akp.getPublicKeyVersion());
        Map<String, String> getPrivateKeyData = new HashMap<>(Map.of("secretName", akp.getPrivateKeyId()));
        getPrivateKeyData.put("secretVersion", akp.getPrivateKeyVersion());
        base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
        base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
    } else if (configKeyPair instanceof HashicorpVaultKeyPair) {
        KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP);
        KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
        HashicorpVaultKeyPair hkp = (HashicorpVaultKeyPair) configKeyPair;
        Map<String, String> getPublicKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPublicKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
        Map<String, String> getPrivateKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPrivateKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
        base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
        base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
    } else if (configKeyPair instanceof AWSKeyPair) {
        KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AWS);
        KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
        AWSKeyPair akp = (AWSKeyPair) configKeyPair;
        Map<String, String> getPublicKeyData = Map.of("secretName", akp.getPublicKeyId());
        Map<String, String> getPrivateKeyData = Map.of("secretName", akp.getPrivateKeyId());
        base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
        base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
    } else {
        base64PublicKey = configKeyPair.getPublicKey();
        base64PrivateKey = configKeyPair.getPrivateKey();
    }
    return new KeyPair(PublicKey.from(Base64.getDecoder().decode(base64PublicKey.trim())), PrivateKey.from(Base64.getDecoder().decode(base64PrivateKey.trim())));
}

Example 2 with HashicorpVaultKeyPair

use of com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair in project tessera by ConsenSys.

the class HashicorpVaultKeyGeneratorTest method generatedKeyPairIsSavedToSpecifiedPathInVaultWithIds.

@Test
public void generatedKeyPairIsSavedToSpecifiedPathInVaultWithIds() {
    String secretEngine = "secretEngine";
    String filename = "secretName";
    KeyVaultOptions keyVaultOptions = mock(KeyVaultOptions.class);
    when(keyVaultOptions.getSecretEngineName()).thenReturn(secretEngine);
    HashicorpVaultKeyPair result = hashicorpVaultKeyGenerator.generate(filename, null, keyVaultOptions);
    HashicorpVaultKeyPair expected = new HashicorpVaultKeyPair("publicKey", "privateKey", secretEngine, filename, null);
    assertThat(result).isEqualToComparingFieldByField(expected);
    final ArgumentCaptor<Map> captor = ArgumentCaptor.forClass(Map.class);
    verify(keyVaultService).setSecret(captor.capture());
    assertThat(captor.getAllValues()).hasSize(1);
    Map capturedArg = captor.getValue();
    Map<String, Object> expectedData = new HashMap<>();
    expectedData.put("publicKey", pub.encodeToBase64());
    expectedData.put("privateKey", priv.encodeToBase64());
    expectedData.put("secretEngineName", secretEngine);
    expectedData.put("secretName", filename);
    assertThat(capturedArg).isEqualTo(expectedData);
    verifyNoMoreInteractions(keyVaultService);
}

Example 3 with HashicorpVaultKeyPair

use of com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair in project tessera by ConsenSys.

the class HashicorpVaultKeyGenerator method generate.

@Override
public HashicorpVaultKeyPair generate(String filename, ArgonOptions encryptionOptions, KeyVaultOptions keyVaultOptions) {
    Objects.requireNonNull(filename);
    Objects.requireNonNull(keyVaultOptions, "-keygenvaultsecretengine must be provided if using the Hashicorp vault type");
    Objects.requireNonNull(keyVaultOptions.getSecretEngineName(), "-keygenvaultsecretengine must be provided if using the Hashicorp vault type");
    final KeyPair keys = this.encryptor.generateNewKeys();
    String pubId = "publicKey";
    String privId = "privateKey";
    Map<String, String> setSecretData = new HashMap<>();
    setSecretData.put(pubId, keys.getPublicKey().encodeToBase64());
    setSecretData.put(privId, keys.getPrivateKey().encodeToBase64());
    setSecretData.put("secretName", filename);
    setSecretData.put("secretEngineName", keyVaultOptions.getSecretEngineName());
    keyVaultService.setSecret(setSecretData);
    LOGGER.info("Key saved to vault secret engine {} with name {} and id {}", keyVaultOptions.getSecretEngineName(), filename, pubId);
    LOGGER.info("Key saved to vault secret engine {} with name {} and id {}", keyVaultOptions.getSecretEngineName(), filename, privId);
    return new HashicorpVaultKeyPair(pubId, privId, keyVaultOptions.getSecretEngineName(), filename, null);
}