use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.
the class DefaultKeyGeneratorFactory method create.
@Override
public KeyGenerator create(KeyVaultConfig keyVaultConfig, EncryptorConfig encryptorConfig) {
Objects.requireNonNull(encryptorConfig, "No encryptor config defined. ");
final EncryptorFactory encryptorFactory = EncryptorFactory.newFactory(encryptorConfig.getType().name());
final Encryptor encryptor = encryptorFactory.create(encryptorConfig.getProperties());
if (keyVaultConfig != null) {
final KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(keyVaultConfig.getKeyVaultType());
final Config config = new Config();
final KeyConfiguration keyConfiguration = new KeyConfiguration();
if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AZURE)) {
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new AzureVaultKeyGenerator(encryptor, keyVaultService);
} else if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AWS)) {
if (!(keyVaultConfig instanceof DefaultKeyVaultConfig)) {
throw new IllegalArgumentException("AWS key vault config not instance of DefaultKeyVaultConfig");
}
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
} else {
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new HashicorpVaultKeyGenerator(encryptor, keyVaultService);
}
}
KeyEncryptor keyEncyptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
return new FileKeyGenerator(encryptor, keyEncyptor, PasswordReaderFactory.create());
}
use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.
the class HashicorpKeyVaultServiceFactory method create.
// This method should not be called directly. It has been left package-private to enable injection
// of util during
// testing
KeyVaultService create(Config config, EnvironmentVariableProvider envProvider, HashicorpKeyVaultServiceFactoryUtil util) {
Objects.requireNonNull(config);
Objects.requireNonNull(envProvider);
Objects.requireNonNull(util);
final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
final String authToken = envProvider.getEnv(HASHICORP_TOKEN);
if (roleId == null && secretId == null && authToken == null) {
throw new HashicorpCredentialNotSetException("Environment variables must be set to authenticate with Hashicorp Vault. Set the " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables if using the AppRole authentication method. Set the " + HASHICORP_TOKEN + " environment variable if using another authentication method.");
} else if (isOnlyOneInputNull(roleId, secretId)) {
throw new HashicorpCredentialNotSetException("Only one of the " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables to authenticate with Hashicorp Vault using the AppRole method has been set");
}
KeyVaultConfig keyVaultConfig = Optional.ofNullable(config.getKeys()).flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP)).orElseThrow(() -> new ConfigException(new RuntimeException("Trying to create Hashicorp Vault connection but no Vault configuration provided")));
VaultEndpoint vaultEndpoint;
try {
URI uri = new URI(keyVaultConfig.getProperty("url").get());
vaultEndpoint = VaultEndpoint.from(uri);
} catch (URISyntaxException | NoSuchElementException | IllegalArgumentException e) {
throw new ConfigException(new RuntimeException("Provided Hashicorp Vault url is incorrectly formatted", e));
}
SslConfiguration sslConfiguration = util.configureSsl(keyVaultConfig, envProvider);
ClientOptions clientOptions = new ClientOptions();
ClientHttpRequestFactory clientHttpRequestFactory = util.createClientHttpRequestFactory(clientOptions, sslConfiguration);
ClientAuthentication clientAuthentication = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
SessionManager sessionManager = new SimpleSessionManager(clientAuthentication);
VaultOperations vaultOperations = new VaultTemplate(vaultEndpoint, clientHttpRequestFactory, sessionManager);
return new HashicorpKeyVaultService(vaultOperations, () -> new VaultVersionedKeyValueTemplateFactory() {
});
}
use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.
the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod.
@Test
public void configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod() {
KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("approle"));
ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.
the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlySecretIdSetThenException.
@Test
public void configureClientAuthenticationIfOnlySecretIdSetThenException() {
KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");
}
use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.
the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlyTokenSetThenTokenMethod.
@Test
public void configureClientAuthenticationIfOnlyTokenSetThenTokenMethod() {
KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
assertThat(result).isInstanceOf(TokenAuthentication.class);
}
Aggregations