Search in sources :

Example 1 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class EnclaveFactoryImpl method createServer.

static Enclave createServer(Config config) {
    LOGGER.info("Creating enclave server");
    EncryptorConfig encryptorConfig = config.getEncryptor();
    EncryptorFactory encryptorFactory = EncryptorFactory.newFactory(encryptorConfig.getType().name());
    Encryptor encryptor = encryptorFactory.create(encryptorConfig.getProperties());
    KeyEncryptor keyEncryptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
    final KeyPairConverter keyPairConverter = new KeyPairConverter(config, new EnvironmentVariableProvider());
    final Collection<KeyPair> keys = keyPairConverter.convert(config.getKeys().getKeyData().stream().map(kd -> KeyDataUtil.unmarshal(kd, keyEncryptor)).collect(Collectors.toList()));
    final Collection<PublicKey> forwardKeys = keyPairConverter.convert(config.getAlwaysSendTo());
    LOGGER.debug("Creating enclave");
    Enclave enclave = new EnclaveImpl(encryptor, new KeyManagerImpl(keys, forwardKeys));
    LOGGER.debug("Created enclave {}", enclave);
    return enclave;
}
Also used : EncryptorConfig(com.quorum.tessera.config.EncryptorConfig) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) KeyEncryptorFactory(com.quorum.tessera.config.keys.KeyEncryptorFactory)

Example 2 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfNoEnvVarSetThenException.

@Test
public void configureClientAuthenticationIfNoEnvVarSetThenException() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
    assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
    assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method.  Alternatively set " + HASHICORP_TOKEN + " to authenticate using the Token method");
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 3 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureSslUsesKeyStoreAndTrustStoreIfBothProvided.

@Test
public void configureSslUsesKeyStoreAndTrustStoreIfBothProvided() throws Exception {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    Path path = Files.createTempFile(UUID.randomUUID().toString(), ".tmp");
    path.toFile().deleteOnExit();
    when(keyVaultConfig.hasProperty("tlsKeyStorePath", "tlsTrustStorePath")).thenReturn(true);
    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.of(path.toString()));
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.of(path.toString()));
    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);
    assertThat(result.getKeyStoreConfiguration().isPresent()).isTrue();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isTrue();
}
Also used : Path(java.nio.file.Path) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) SslConfiguration(org.springframework.vault.support.SslConfiguration) Test(org.junit.Test)

Example 4 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureSslUsesTrustStoreOnlyIfProvided.

@Test
public void configureSslUsesTrustStoreOnlyIfProvided() throws Exception {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    Path path = Files.createTempFile(UUID.randomUUID().toString(), ".tmp");
    path.toFile().deleteOnExit();
    when(keyVaultConfig.hasProperty("tlsTrustStorePath")).thenReturn(true);
    when(keyVaultConfig.hasProperty("tlsKeyStorePath")).thenReturn(false);
    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.empty());
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.of(path.toString()));
    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);
    assertThat(result.getKeyStoreConfiguration().isPresent()).isFalse();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isTrue();
}
Also used : Path(java.nio.file.Path) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) SslConfiguration(org.springframework.vault.support.SslConfiguration) Test(org.junit.Test)

Example 5 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlyRoleIdSetThenException.

@Test
public void configureClientAuthenticationIfOnlyRoleIdSetThenException() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
    assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
    assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Aggregations

EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)14 KeyVaultConfig (com.quorum.tessera.config.KeyVaultConfig)10 Test (org.junit.Test)10 ClientHttpRequestFactory (org.springframework.http.client.ClientHttpRequestFactory)7 VaultEndpoint (org.springframework.vault.client.VaultEndpoint)7 OkHttp3ClientHttpRequestFactory (org.springframework.http.client.OkHttp3ClientHttpRequestFactory)6 ClientAuthentication (org.springframework.vault.authentication.ClientAuthentication)4 SslConfiguration (org.springframework.vault.support.SslConfiguration)4 KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)3 KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)3 Assertions.catchThrowable (org.assertj.core.api.Assertions.catchThrowable)3 EncryptorConfig (com.quorum.tessera.config.EncryptorConfig)2 KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)2 KeyEncryptorFactory (com.quorum.tessera.config.keys.KeyEncryptorFactory)2 Path (java.nio.file.Path)2 Objects (java.util.Objects)2 Optional (java.util.Optional)2 HttpLogDetailLevel (com.azure.core.http.policy.HttpLogDetailLevel)1 HttpLogOptions (com.azure.core.http.policy.HttpLogOptions)1 DefaultAzureCredentialBuilder (com.azure.identity.DefaultAzureCredentialBuilder)1