Search in sources :

Example 11 with KeyEncryptor

use of com.quorum.tessera.config.keys.KeyEncryptor in project tessera by ConsenSys.

the class PicoCliDelegateTest method keygenOutputToCLI.

@Test
public void keygenOutputToCLI() throws Exception {
    Path publicKeyPath = Files.createTempFile(UUID.randomUUID().toString(), "");
    Path privateKeyPath = Files.createTempFile(UUID.randomUUID().toString(), "");
    Files.write(privateKeyPath, Arrays.asList("SOMEDATA"));
    Files.write(publicKeyPath, Arrays.asList("SOMEDATA"));
    KeyEncryptor keyEncryptor = mock(KeyEncryptor.class);
    FilesystemKeyPair keypair = new FilesystemKeyPair(publicKeyPath, privateKeyPath, keyEncryptor);
    when(keyGenerator.generate(anyString(), eq(null), eq(null))).thenReturn(keypair);
    Path unixSocketPath = Files.createTempFile(UUID.randomUUID().toString(), ".ipc");
    Map<String, Object> params = new HashMap<>();
    params.put("unixSocketPath", unixSocketPath.toString());
    Path configFile = Paths.get(getClass().getResource("/keygen-sample.json").toURI());
    Path keyOutputPath = configFile.resolveSibling(UUID.randomUUID().toString());
    CliResult result = cliDelegate.execute("-keygen", "-filename", keyOutputPath.toString(), "-configfile", configFile.toString());
    assertThat(result).isNotNull();
    assertThat(result.getStatus()).isEqualTo(0);
    assertThat(result.getConfig()).isNotNull();
    assertThat(result.isSuppressStartup()).isTrue();
    verify(keyGenerator).generate(anyString(), eq(null), eq(null));
    verifyNoMoreInteractions(keyGenerator);
}
Also used : Path(java.nio.file.Path) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) HashMap(java.util.HashMap) CliResult(com.quorum.tessera.cli.CliResult) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.Test)

Example 12 with KeyEncryptor

use of com.quorum.tessera.config.keys.KeyEncryptor in project tessera by ConsenSys.

the class PicoCliDelegateTest method keygenUpdateConfigAndPasswordFile.

@Test
public void keygenUpdateConfigAndPasswordFile() throws Exception {
    Path publicKeyPath = Files.createTempFile(UUID.randomUUID().toString(), "");
    Path privateKeyPath = Files.createTempFile(UUID.randomUUID().toString(), "");
    Files.write(privateKeyPath, Arrays.asList("SOMEDATA"));
    Files.write(publicKeyPath, Arrays.asList("SOMEDATA"));
    KeyEncryptor keyEncryptor = mock(KeyEncryptor.class);
    FilesystemKeyPair keypair = new FilesystemKeyPair(publicKeyPath, privateKeyPath, keyEncryptor);
    when(keyGenerator.generate(anyString(), eq(null), eq(null))).thenReturn(keypair);
    Path unixSocketPath = Files.createTempFile(UUID.randomUUID().toString(), ".ipc");
    Map<String, Object> params = new HashMap<>();
    params.put("unixSocketPath", unixSocketPath.toString());
    Path configFile = Paths.get(getClass().getResource("/keygen-sample.json").toURI());
    Path keyOutputPath = configFile.resolveSibling(UUID.randomUUID().toString());
    Path configOutputPath = configFile.resolveSibling(UUID.randomUUID().toString() + ".json");
    Path pwdOutputPath = configFile.resolveSibling(UUID.randomUUID().toString() + ".pwds");
    assertThat(Files.exists(configOutputPath)).isFalse();
    assertThat(Files.exists(pwdOutputPath)).isFalse();
    CliResult result = cliDelegate.execute("-keygen", "-filename", keyOutputPath.toString(), "-output", configOutputPath.toString(), "-configfile", configFile.toString(), "--pwdout", pwdOutputPath.toString());
    assertThat(result).isNotNull();
    assertThat(result.getStatus()).isEqualTo(0);
    assertThat(result.getConfig()).isNotNull();
    assertThat(result.isSuppressStartup()).isTrue();
    assertThat(Files.exists(configOutputPath)).isTrue();
    configOutputPath.toFile().deleteOnExit();
    assertThat(Files.exists(pwdOutputPath)).isTrue();
    pwdOutputPath.toFile().deleteOnExit();
    verify(keyGenerator).generate(anyString(), eq(null), eq(null));
    verifyNoMoreInteractions(keyGenerator);
    try {
        cliDelegate.execute("-keygen", "-filename", UUID.randomUUID().toString(), "-output", configOutputPath.toString(), "-configfile", configFile.toString());
        failBecauseExceptionWasNotThrown(Exception.class);
    } catch (Exception ex) {
        assertThat(ex).isInstanceOf(UncheckedIOException.class);
        assertThat(ex.getCause()).isExactlyInstanceOf(FileAlreadyExistsException.class);
    }
}
Also used : Path(java.nio.file.Path) FileAlreadyExistsException(java.nio.file.FileAlreadyExistsException) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) HashMap(java.util.HashMap) CliResult(com.quorum.tessera.cli.CliResult) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) UncheckedIOException(java.io.UncheckedIOException) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CliException(com.quorum.tessera.cli.CliException) ConstraintViolationException(jakarta.validation.ConstraintViolationException) FileAlreadyExistsException(java.nio.file.FileAlreadyExistsException) UncheckedIOException(java.io.UncheckedIOException) Test(org.junit.Test)

Example 13 with KeyEncryptor

use of com.quorum.tessera.config.keys.KeyEncryptor in project tessera by ConsenSys.

the class CliKeyPasswordResolver method resolveKeyPasswords.

@Override
public void resolveKeyPasswords(final Config config) {
    final KeyConfiguration keyConfiguration = config.getKeys();
    if (keyConfiguration == null) {
        // invalid config, but gets picked up by validation later
        return;
    }
    final List<char[]> allPasswords = new ArrayList<>();
    if (keyConfiguration.getPasswords() != null) {
        allPasswords.addAll(keyConfiguration.getPasswords().stream().map(String::toCharArray).collect(Collectors.toList()));
    } else if (keyConfiguration.getPasswordFile() != null) {
        try {
            allPasswords.addAll(Files.readAllLines(keyConfiguration.getPasswordFile(), StandardCharsets.UTF_8).stream().map(String::toCharArray).collect(Collectors.toList()));
        } catch (final IOException ex) {
            // don't do anything, if any keys are locked validation will complain that
            // locked keys were provided without passwords
            System.err.println("Could not read the password file");
        }
    }
    List<KeyData> keyPairs = keyConfiguration.getKeyData();
    IntStream.range(0, keyConfiguration.getKeyData().size()).forEachOrdered(i -> {
        if (i < allPasswords.size()) {
            keyPairs.get(i).setPassword(allPasswords.get(i));
        }
    });
    // decrypt the keys, either using provided passwords or read from CLI
    EncryptorConfig encryptorConfig = Optional.ofNullable(config.getEncryptor()).orElse(new EncryptorConfig() {

        {
            setType(EncryptorType.NACL);
        }
    });
    final KeyEncryptor keyEncryptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
    IntStream.range(0, keyConfiguration.getKeyData().size()).forEachOrdered(keyNumber -> getSingleKeyPassword(keyNumber, keyConfiguration.getKeyData().get(keyNumber), keyEncryptor));
}
Also used : KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) ArrayList(java.util.ArrayList) IOException(java.io.IOException)

Example 14 with KeyEncryptor

use of com.quorum.tessera.config.keys.KeyEncryptor in project tessera by ConsenSys.

the class FileKeyGeneratorTest method init.

@Before
public void init() {
    this.keyPair = new KeyPair(PublicKey.from(PUBLIC_KEY.getBytes(UTF_8)), PrivateKey.from(PRIVATE_KEY.getBytes(UTF_8)));
    this.encryptor = mock(Encryptor.class);
    this.keyEncryptor = mock(KeyEncryptor.class);
    this.passwordReader = mock(PasswordReader.class);
    when(passwordReader.requestUserPassword()).thenReturn(new char[0]);
    this.generator = new FileKeyGenerator(encryptor, keyEncryptor, passwordReader);
}
Also used : KeyPair(com.quorum.tessera.encryption.KeyPair) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) PasswordReader(com.quorum.tessera.passwords.PasswordReader) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) Encryptor(com.quorum.tessera.encryption.Encryptor) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) Before(org.junit.Before)

Example 15 with KeyEncryptor

use of com.quorum.tessera.config.keys.KeyEncryptor in project tessera by ConsenSys.

the class KeyDataUtilTest method unmarshalAzureVaultKeyPair.

@Test
public void unmarshalAzureVaultKeyPair() {
    KeyEncryptor keyEncryptor = mock(KeyEncryptor.class);
    KeyData keyData = new KeyData();
    keyData.setAzureVaultPrivateKeyId("AzureVaultPrivateKeyId");
    keyData.setAzureVaultPublicKeyId("AzureVaultPublicKeyId");
    KeyDataConfig config = mock(KeyDataConfig.class);
    keyData.setConfig(config);
    AzureVaultKeyPair result = (AzureVaultKeyPair) KeyDataUtil.unmarshal(keyData, keyEncryptor);
    assertThat(result).isNotNull();
    assertThat(result.getPrivateKeyId()).isEqualTo("AzureVaultPrivateKeyId");
    assertThat(result.getPublicKeyId()).isEqualTo("AzureVaultPublicKeyId");
    verifyZeroInteractions(keyEncryptor);
}
Also used : KeyDataConfig(com.quorum.tessera.config.KeyDataConfig) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) KeyData(com.quorum.tessera.config.KeyData) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) Test(org.junit.Test)

Aggregations

KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)20 Test (org.junit.Test)15 KeyData (com.quorum.tessera.config.KeyData)10 PrivateKeyData (com.quorum.tessera.config.PrivateKeyData)10 Path (java.nio.file.Path)5 FilesystemKeyPair (com.quorum.tessera.config.keypairs.FilesystemKeyPair)4 KeyEncryptorFactory (com.quorum.tessera.config.keys.KeyEncryptorFactory)4 CliResult (com.quorum.tessera.cli.CliResult)3 KeyDataConfig (com.quorum.tessera.config.KeyDataConfig)3 ConstraintViolationException (jakarta.validation.ConstraintViolationException)3 HashMap (java.util.HashMap)3 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)3 CliException (com.quorum.tessera.cli.CliException)2 EncryptorConfig (com.quorum.tessera.config.EncryptorConfig)2 ConfigKeyPair (com.quorum.tessera.config.keypairs.ConfigKeyPair)2 EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)2 KeyDataUtil (com.quorum.tessera.config.util.KeyDataUtil)2 Encryptor (com.quorum.tessera.encryption.Encryptor)2 PublicKey (com.quorum.tessera.encryption.PublicKey)2 Client (jakarta.ws.rs.client.Client)2