use of com.quorum.tessera.key.generation.KeyVaultOptions in project tessera by ConsenSys.
the class KeyGenCommand method call.
@Override
public CliResult call() throws IOException {
if (Objects.nonNull(fileUpdateOptions) && Objects.isNull(fileUpdateOptions.getConfig())) {
throw new CliException("Missing required argument(s): --configfile=<config>");
}
final EncryptorConfig encryptorConfig = Optional.ofNullable(fileUpdateOptions).map(KeyGenFileUpdateOptions::getConfig).map(Config::getEncryptor).orElseGet(() -> Optional.ofNullable(encryptorOptions).map(EncryptorOptions::parseEncryptorConfig).orElse(EncryptorConfig.getDefault()));
final KeyVaultOptions keyVaultOptions = Optional.ofNullable(keyVaultConfigOptions).map(KeyVaultConfigOptions::getHashicorpSecretEnginePath).map(KeyVaultOptions::new).orElse(null);
final KeyVaultConfig keyVaultConfig;
if (keyVaultConfigOptions == null) {
keyVaultConfig = null;
} else if (keyVaultConfigOptions.getVaultType() == null) {
throw new CliException("Key vault type either not provided or not recognised");
} else if (fileUpdateOptions != null) {
keyVaultConfig = Optional.of(fileUpdateOptions).map(KeyGenFileUpdateOptions::getConfig).map(Config::getKeys).flatMap(c -> c.getKeyVaultConfig(keyVaultConfigOptions.getVaultType())).orElse(null);
} else {
final KeyVaultHandler keyVaultHandler = new DispatchingKeyVaultHandler();
keyVaultConfig = keyVaultHandler.handle(keyVaultConfigOptions);
if (keyVaultConfig.getKeyVaultType() == KeyVaultType.HASHICORP) {
if (Objects.isNull(keyOut)) {
throw new CliException("At least one -filename must be provided when saving generated keys in a Hashicorp Vault");
}
}
final Set<ConstraintViolation<KeyVaultConfig>> violations = validator.validate(keyVaultConfig);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
final KeyGenerator keyGenerator = keyGeneratorFactory.create(keyVaultConfig, encryptorConfig);
final List<String> newKeyNames = Optional.ofNullable(keyOut).filter(Predicate.not(List::isEmpty)).map(List::copyOf).orElseGet(() -> List.of(""));
final List<ConfigKeyPair> newConfigKeyPairs = newKeyNames.stream().map(name -> keyGenerator.generate(name, argonOptions, keyVaultOptions)).collect(Collectors.toList());
final List<char[]> newPasswords = newConfigKeyPairs.stream().filter(Objects::nonNull).map(ConfigKeyPair::getPassword).collect(Collectors.toList());
final List<KeyData> newKeyData = newConfigKeyPairs.stream().map(keyDataMarshaller::marshal).collect(Collectors.toList());
if (Objects.isNull(fileUpdateOptions)) {
return new CliResult(0, true, null);
}
// prepare config for addition of new keys if required
prepareConfigForNewKeys(fileUpdateOptions.getConfig());
if (Objects.nonNull(fileUpdateOptions.getConfigOut())) {
if (Objects.nonNull(fileUpdateOptions.getPwdOut())) {
passwordFileUpdaterWriter.updateAndWrite(newPasswords, fileUpdateOptions.getConfig(), fileUpdateOptions.getPwdOut());
fileUpdateOptions.getConfig().getKeys().setPasswordFile(fileUpdateOptions.getPwdOut());
}
configFileUpdaterWriter.updateAndWrite(newKeyData, keyVaultConfig, fileUpdateOptions.getConfig(), fileUpdateOptions.getConfigOut());
} else {
configFileUpdaterWriter.updateAndWriteToCLI(newKeyData, keyVaultConfig, fileUpdateOptions.getConfig());
}
return new CliResult(0, true, fileUpdateOptions.getConfig());
}
Aggregations