Search in sources :

Example 11 with KeyPair

use of com.quorum.tessera.encryption.KeyPair in project tessera by ConsenSys.

the class HashicorpVaultKeyGenerator method generate.

@Override
public HashicorpVaultKeyPair generate(String filename, ArgonOptions encryptionOptions, KeyVaultOptions keyVaultOptions) {
    Objects.requireNonNull(filename);
    Objects.requireNonNull(keyVaultOptions, "-keygenvaultsecretengine must be provided if using the Hashicorp vault type");
    Objects.requireNonNull(keyVaultOptions.getSecretEngineName(), "-keygenvaultsecretengine must be provided if using the Hashicorp vault type");
    final KeyPair keys = this.encryptor.generateNewKeys();
    String pubId = "publicKey";
    String privId = "privateKey";
    Map<String, String> setSecretData = new HashMap<>();
    setSecretData.put(pubId, keys.getPublicKey().encodeToBase64());
    setSecretData.put(privId, keys.getPrivateKey().encodeToBase64());
    setSecretData.put("secretName", filename);
    setSecretData.put("secretEngineName", keyVaultOptions.getSecretEngineName());
    keyVaultService.setSecret(setSecretData);
    LOGGER.info("Key saved to vault secret engine {} with name {} and id {}", keyVaultOptions.getSecretEngineName(), filename, pubId);
    LOGGER.info("Key saved to vault secret engine {} with name {} and id {}", keyVaultOptions.getSecretEngineName(), filename, privId);
    return new HashicorpVaultKeyPair(pubId, privId, keyVaultOptions.getSecretEngineName(), filename, null);
}
Also used : HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair) KeyPair(com.quorum.tessera.encryption.KeyPair) HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair) HashMap(java.util.HashMap)

Example 12 with KeyPair

use of com.quorum.tessera.encryption.KeyPair in project tessera by ConsenSys.

the class KaliumTest method generateNewKeysSodiumSuccess.

@Test
public void generateNewKeysSodiumSuccess() {
    when(sodium.crypto_box_curve25519xsalsa20poly1305_keypair(any(byte[].class), any(byte[].class))).thenReturn(1);
    final KeyPair result = kalium.generateNewKeys();
    assertThat(result).isNotNull();
    assertThat(result.getPrivateKey()).isNotNull();
    assertThat(result.getPublicKey()).isNotNull();
    verify(sodium).crypto_box_curve25519xsalsa20poly1305_keypair(any(byte[].class), any(byte[].class));
}
Also used : KeyPair(com.quorum.tessera.encryption.KeyPair) Test(org.junit.Test)

Example 13 with KeyPair

use of com.quorum.tessera.encryption.KeyPair in project tessera by ConsenSys.

the class FileKeyGenerator method generate.

@Override
public FilesystemKeyPair generate(final String filename, final ArgonOptions encryptionOptions, final KeyVaultOptions keyVaultOptions) {
    final char[] password = this.passwordReader.requestUserPassword();
    final KeyPair generated = this.encryptor.generateNewKeys();
    final String publicKeyBase64 = Base64.getEncoder().encodeToString(generated.getPublicKey().getKeyBytes());
    final KeyData finalKeys = new KeyData();
    final KeyDataConfig keyDataConfig;
    if (password.length > 0) {
        final PrivateKeyData encryptedPrivateKey = this.keyEncryptor.encryptPrivateKey(generated.getPrivateKey(), password, encryptionOptions);
        keyDataConfig = new KeyDataConfig(new PrivateKeyData(null, encryptedPrivateKey.getSnonce(), encryptedPrivateKey.getAsalt(), encryptedPrivateKey.getSbox(), encryptedPrivateKey.getArgonOptions()), LOCKED);
        LOGGER.info("Newly generated private key has been encrypted");
    } else {
        String keyData = Base64.getEncoder().encodeToString(generated.getPrivateKey().getKeyBytes());
        keyDataConfig = new KeyDataConfig(new PrivateKeyData(keyData, null, null, null, null), UNLOCKED);
    }
    finalKeys.setConfig(keyDataConfig);
    finalKeys.setPrivateKey(generated.getPrivateKey().encodeToBase64());
    finalKeys.setPublicKey(publicKeyBase64);
    final String privateKeyJson = JaxbUtil.marshalToString(finalKeys.getConfig());
    final Path resolvedPath = Paths.get(filename).toAbsolutePath();
    final Path parentPath;
    if (EMPTY_FILENAME.equals(filename)) {
        parentPath = resolvedPath;
    } else {
        parentPath = resolvedPath.getParent();
    }
    final Path publicKeyPath = parentPath.resolve(filename + ".pub");
    final Path privateKeyPath = parentPath.resolve(filename + ".key");
    IOCallback.execute(() -> Files.write(publicKeyPath, publicKeyBase64.getBytes(UTF_8), CREATE_NEW));
    IOCallback.execute(() -> Files.write(privateKeyPath, privateKeyJson.getBytes(UTF_8), CREATE_NEW));
    LOGGER.info("Saved public key to {}", publicKeyPath.toAbsolutePath().toString());
    LOGGER.info("Saved private key to {}", privateKeyPath.toAbsolutePath().toString());
    final FilesystemKeyPair keyPair = new FilesystemKeyPair(publicKeyPath, privateKeyPath, keyEncryptor);
    keyPair.withPassword(password);
    return keyPair;
}
Also used : Path(java.nio.file.Path) KeyDataConfig(com.quorum.tessera.config.KeyDataConfig) KeyPair(com.quorum.tessera.encryption.KeyPair) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) KeyData(com.quorum.tessera.config.KeyData) PrivateKeyData(com.quorum.tessera.config.PrivateKeyData)

Example 14 with KeyPair

use of com.quorum.tessera.encryption.KeyPair in project tessera by ConsenSys.

the class AWSSecretManagerKeyGeneratorTest method setUp.

@Before
public void setUp() {
    final Encryptor encryptor = mock(Encryptor.class);
    this.keyVaultService = mock(KeyVaultService.class);
    final KeyPair keyPair = new KeyPair(pub, priv);
    when(encryptor.generateNewKeys()).thenReturn(keyPair);
    awsSecretManagerKeyGenerator = new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
}
Also used : KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) KeyPair(com.quorum.tessera.encryption.KeyPair) AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair) Encryptor(com.quorum.tessera.encryption.Encryptor) Before(org.junit.Before)

Example 15 with KeyPair

use of com.quorum.tessera.encryption.KeyPair in project tessera by ConsenSys.

the class FileKeyGeneratorTest method init.

@Before
public void init() {
    this.keyPair = new KeyPair(PublicKey.from(PUBLIC_KEY.getBytes(UTF_8)), PrivateKey.from(PRIVATE_KEY.getBytes(UTF_8)));
    this.encryptor = mock(Encryptor.class);
    this.keyEncryptor = mock(KeyEncryptor.class);
    this.passwordReader = mock(PasswordReader.class);
    when(passwordReader.requestUserPassword()).thenReturn(new char[0]);
    this.generator = new FileKeyGenerator(encryptor, keyEncryptor, passwordReader);
}
Also used : KeyPair(com.quorum.tessera.encryption.KeyPair) FilesystemKeyPair(com.quorum.tessera.config.keypairs.FilesystemKeyPair) PasswordReader(com.quorum.tessera.passwords.PasswordReader) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) Encryptor(com.quorum.tessera.encryption.Encryptor) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) Before(org.junit.Before)

Aggregations

KeyPair (com.quorum.tessera.encryption.KeyPair)21 Test (org.junit.Test)11 KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)7 Encryptor (com.quorum.tessera.encryption.Encryptor)5 KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)4 Before (org.junit.Before)4 Config (com.quorum.tessera.config.Config)3 AWSKeyPair (com.quorum.tessera.config.keypairs.AWSKeyPair)3 AzureVaultKeyPair (com.quorum.tessera.config.keypairs.AzureVaultKeyPair)3 HashicorpVaultKeyPair (com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)3 EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)3 Path (java.nio.file.Path)3 FilesystemKeyPair (com.quorum.tessera.config.keypairs.FilesystemKeyPair)2 UnsupportedCharsetException (java.nio.charset.UnsupportedCharsetException)2 KeyData (com.quorum.tessera.config.KeyData)1 KeyDataConfig (com.quorum.tessera.config.KeyDataConfig)1 PrivateKeyData (com.quorum.tessera.config.PrivateKeyData)1 ConfigKeyPair (com.quorum.tessera.config.keypairs.ConfigKeyPair)1 KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)1 SharedKey (com.quorum.tessera.encryption.SharedKey)1