Search in sources :

Example 6 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class DefaultKeyGeneratorFactory method create.

@Override
public KeyGenerator create(KeyVaultConfig keyVaultConfig, EncryptorConfig encryptorConfig) {
    Objects.requireNonNull(encryptorConfig, "No encryptor config defined. ");
    final EncryptorFactory encryptorFactory = EncryptorFactory.newFactory(encryptorConfig.getType().name());
    final Encryptor encryptor = encryptorFactory.create(encryptorConfig.getProperties());
    if (keyVaultConfig != null) {
        final KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(keyVaultConfig.getKeyVaultType());
        final Config config = new Config();
        final KeyConfiguration keyConfiguration = new KeyConfiguration();
        if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AZURE)) {
            keyConfiguration.addKeyVaultConfig(keyVaultConfig);
            config.setKeys(keyConfiguration);
            final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
            return new AzureVaultKeyGenerator(encryptor, keyVaultService);
        } else if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AWS)) {
            if (!(keyVaultConfig instanceof DefaultKeyVaultConfig)) {
                throw new IllegalArgumentException("AWS key vault config not instance of DefaultKeyVaultConfig");
            }
            keyConfiguration.addKeyVaultConfig(keyVaultConfig);
            config.setKeys(keyConfiguration);
            final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
            return new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
        } else {
            keyConfiguration.addKeyVaultConfig(keyVaultConfig);
            config.setKeys(keyConfiguration);
            final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
            return new HashicorpVaultKeyGenerator(encryptor, keyVaultService);
        }
    }
    KeyEncryptor keyEncyptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
    return new FileKeyGenerator(encryptor, keyEncyptor, PasswordReaderFactory.create());
}
Also used : KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) Encryptor(com.quorum.tessera.encryption.Encryptor) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) KeyEncryptorFactory(com.quorum.tessera.config.keys.KeyEncryptorFactory) EncryptorFactory(com.quorum.tessera.encryption.EncryptorFactory)

Example 7 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactory method create.

// This method should not be called directly. It has been left package-private to enable injection
// of util during
// testing
KeyVaultService create(Config config, EnvironmentVariableProvider envProvider, HashicorpKeyVaultServiceFactoryUtil util) {
    Objects.requireNonNull(config);
    Objects.requireNonNull(envProvider);
    Objects.requireNonNull(util);
    final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
    final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
    final String authToken = envProvider.getEnv(HASHICORP_TOKEN);
    if (roleId == null && secretId == null && authToken == null) {
        throw new HashicorpCredentialNotSetException("Environment variables must be set to authenticate with Hashicorp Vault.  Set the " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables if using the AppRole authentication method.  Set the " + HASHICORP_TOKEN + " environment variable if using another authentication method.");
    } else if (isOnlyOneInputNull(roleId, secretId)) {
        throw new HashicorpCredentialNotSetException("Only one of the " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables to authenticate with Hashicorp Vault using the AppRole method has been set");
    }
    KeyVaultConfig keyVaultConfig = Optional.ofNullable(config.getKeys()).flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP)).orElseThrow(() -> new ConfigException(new RuntimeException("Trying to create Hashicorp Vault connection but no Vault configuration provided")));
    VaultEndpoint vaultEndpoint;
    try {
        URI uri = new URI(keyVaultConfig.getProperty("url").get());
        vaultEndpoint = VaultEndpoint.from(uri);
    } catch (URISyntaxException | NoSuchElementException | IllegalArgumentException e) {
        throw new ConfigException(new RuntimeException("Provided Hashicorp Vault url is incorrectly formatted", e));
    }
    SslConfiguration sslConfiguration = util.configureSsl(keyVaultConfig, envProvider);
    ClientOptions clientOptions = new ClientOptions();
    ClientHttpRequestFactory clientHttpRequestFactory = util.createClientHttpRequestFactory(clientOptions, sslConfiguration);
    ClientAuthentication clientAuthentication = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
    SessionManager sessionManager = new SimpleSessionManager(clientAuthentication);
    VaultOperations vaultOperations = new VaultTemplate(vaultEndpoint, clientHttpRequestFactory, sessionManager);
    return new HashicorpKeyVaultService(vaultOperations, () -> new VaultVersionedKeyValueTemplateFactory() {
    });
}
Also used : ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication) URISyntaxException(java.net.URISyntaxException) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) ClientOptions(org.springframework.vault.support.ClientOptions) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) SslConfiguration(org.springframework.vault.support.SslConfiguration) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) Objects(java.util.Objects) SimpleSessionManager(org.springframework.vault.authentication.SimpleSessionManager) EnvironmentVariables(com.quorum.tessera.config.util.EnvironmentVariables) com.quorum.tessera.config(com.quorum.tessera.config) Optional(java.util.Optional) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) SessionManager(org.springframework.vault.authentication.SessionManager) URI(java.net.URI) NoSuchElementException(java.util.NoSuchElementException) VaultOperations(org.springframework.vault.core.VaultOperations) VaultTemplate(org.springframework.vault.core.VaultTemplate) VaultTemplate(org.springframework.vault.core.VaultTemplate) ClientOptions(org.springframework.vault.support.ClientOptions) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) SimpleSessionManager(org.springframework.vault.authentication.SimpleSessionManager) SessionManager(org.springframework.vault.authentication.SessionManager) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) SslConfiguration(org.springframework.vault.support.SslConfiguration) VaultOperations(org.springframework.vault.core.VaultOperations) SimpleSessionManager(org.springframework.vault.authentication.SimpleSessionManager) ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) NoSuchElementException(java.util.NoSuchElementException)

Example 8 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod.

@Test
public void configureClientAuthenticationIfAllEnvVarsSetThenAppRoleMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn("role-id");
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
    when(keyVaultConfig.getProperty("approlePath")).thenReturn(Optional.of("approle"));
    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
    assertThat(result).isInstanceOf(AppRoleAuthentication.class);
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 9 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlySecretIdSetThenException.

@Test
public void configureClientAuthenticationIfOnlySecretIdSetThenException() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn("secret-id");
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn(null);
    Throwable ex = catchThrowable(() -> util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint));
    assertThat(ex).isExactlyInstanceOf(HashicorpCredentialNotSetException.class);
    assertThat(ex.getMessage()).isEqualTo("Both " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables must be set to use the AppRole authentication method");
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) Assertions.catchThrowable(org.assertj.core.api.Assertions.catchThrowable) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Example 10 with EnvironmentVariableProvider

use of com.quorum.tessera.config.util.EnvironmentVariableProvider in project tessera by ConsenSys.

the class HashicorpKeyVaultServiceFactoryUtilTest method configureClientAuthenticationIfOnlyTokenSetThenTokenMethod.

@Test
public void configureClientAuthenticationIfOnlyTokenSetThenTokenMethod() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);
    ClientHttpRequestFactory clientHttpRequestFactory = mock(ClientHttpRequestFactory.class);
    VaultEndpoint vaultEndpoint = mock(VaultEndpoint.class);
    when(envProvider.getEnv(HASHICORP_ROLE_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_SECRET_ID)).thenReturn(null);
    when(envProvider.getEnv(HASHICORP_TOKEN)).thenReturn("token");
    ClientAuthentication result = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
    assertThat(result).isInstanceOf(TokenAuthentication.class);
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultConfig(com.quorum.tessera.config.KeyVaultConfig) ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory) OkHttp3ClientHttpRequestFactory(org.springframework.http.client.OkHttp3ClientHttpRequestFactory) ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication) VaultEndpoint(org.springframework.vault.client.VaultEndpoint) Test(org.junit.Test)

Aggregations

EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)14 KeyVaultConfig (com.quorum.tessera.config.KeyVaultConfig)10 Test (org.junit.Test)10 ClientHttpRequestFactory (org.springframework.http.client.ClientHttpRequestFactory)7 VaultEndpoint (org.springframework.vault.client.VaultEndpoint)7 OkHttp3ClientHttpRequestFactory (org.springframework.http.client.OkHttp3ClientHttpRequestFactory)6 ClientAuthentication (org.springframework.vault.authentication.ClientAuthentication)4 SslConfiguration (org.springframework.vault.support.SslConfiguration)4 KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)3 KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)3 Assertions.catchThrowable (org.assertj.core.api.Assertions.catchThrowable)3 EncryptorConfig (com.quorum.tessera.config.EncryptorConfig)2 KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)2 KeyEncryptorFactory (com.quorum.tessera.config.keys.KeyEncryptorFactory)2 Path (java.nio.file.Path)2 Objects (java.util.Objects)2 Optional (java.util.Optional)2 HttpLogDetailLevel (com.azure.core.http.policy.HttpLogDetailLevel)1 HttpLogOptions (com.azure.core.http.policy.HttpLogOptions)1 DefaultAzureCredentialBuilder (com.azure.identity.DefaultAzureCredentialBuilder)1