Example 1 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class KeyPairConverterTest method convertSingleAwsVaultKeyPair.
@Test
public void convertSingleAwsVaultKeyPair() {
try (var staticKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
KeyVaultService keyVaultService = mock(KeyVaultService.class);
when(keyVaultService.getSecret(any(Map.class))).thenReturn("publicSecret").thenReturn("privSecret");
when(keyVaultServiceFactory.create(any(Config.class), any(EnvironmentVariableProvider.class))).thenReturn(keyVaultService);
staticKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
final AWSKeyPair keyPair = new AWSKeyPair("pub", "priv");
Collection<KeyPair> result = converter.convert(Collections.singletonList(keyPair));
assertThat(result).hasSize(1);
KeyPair resultKeyPair = result.iterator().next();
KeyPair expected = new KeyPair(PublicKey.from(decodeBase64("publicSecret")), PrivateKey.from(decodeBase64("privSecret")));
assertThat(resultKeyPair).isEqualToComparingFieldByField(expected);
verify(keyVaultService, times(2)).getSecret(any(Map.class));
verify(keyVaultServiceFactory).create(any(Config.class), any(EnvironmentVariableProvider.class));
staticKeyVaultServiceFactory.verify(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS));
staticKeyVaultServiceFactory.verifyNoMoreInteractions();
verifyNoMoreInteractions(keyVaultService);
verifyNoMoreInteractions(keyVaultServiceFactory);
}
}
Also used :
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
Config(com.quorum.tessera.config.Config)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
Test(org.junit.Test)
Example 2 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class KeyPairConverterTest method convertSingleHashicorpVaultKeyPair.
@Test
public void convertSingleHashicorpVaultKeyPair() {
try (var staticKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
KeyVaultService keyVaultService = mock(KeyVaultService.class);
when(keyVaultService.getSecret(any(Map.class))).thenReturn("publicSecret").thenReturn("privSecret");
when(keyVaultServiceFactory.create(any(Config.class), any(EnvironmentVariableProvider.class))).thenReturn(keyVaultService);
staticKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP)).thenReturn(keyVaultServiceFactory);
final HashicorpVaultKeyPair keyPair = new HashicorpVaultKeyPair("pub", "priv", "engine", "secretName", 10);
Collection<KeyPair> result = converter.convert(Collections.singletonList(keyPair));
assertThat(result).hasSize(1);
KeyPair resultKeyPair = result.iterator().next();
KeyPair expected = new KeyPair(PublicKey.from(decodeBase64("publicSecret")), PrivateKey.from(decodeBase64("privSecret")));
assertThat(resultKeyPair).isEqualToComparingFieldByField(expected);
verify(keyVaultService, times(2)).getSecret(any(Map.class));
verify(keyVaultServiceFactory).create(any(Config.class), any(EnvironmentVariableProvider.class));
staticKeyVaultServiceFactory.verify(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP));
staticKeyVaultServiceFactory.verifyNoMoreInteractions();
verifyNoMoreInteractions(keyVaultService);
verifyNoMoreInteractions(keyVaultServiceFactory);
}
}
Also used :
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
Config(com.quorum.tessera.config.Config)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
Test(org.junit.Test)
Example 3 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class KeyPairConverter method convert.
private KeyPair convert(ConfigKeyPair configKeyPair) {
final String base64PublicKey;
final String base64PrivateKey;
if (configKeyPair instanceof AzureVaultKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AZURE);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
AzureVaultKeyPair akp = (AzureVaultKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = new HashMap<>(Map.of("secretName", akp.getPublicKeyId()));
getPublicKeyData.put("secretVersion", akp.getPublicKeyVersion());
Map<String, String> getPrivateKeyData = new HashMap<>(Map.of("secretName", akp.getPrivateKeyId()));
getPrivateKeyData.put("secretVersion", akp.getPrivateKeyVersion());
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else if (configKeyPair instanceof HashicorpVaultKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
HashicorpVaultKeyPair hkp = (HashicorpVaultKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPublicKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
Map<String, String> getPrivateKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPrivateKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else if (configKeyPair instanceof AWSKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AWS);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
AWSKeyPair akp = (AWSKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = Map.of("secretName", akp.getPublicKeyId());
Map<String, String> getPrivateKeyData = Map.of("secretName", akp.getPrivateKeyId());
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else {
base64PublicKey = configKeyPair.getPublicKey();
base64PrivateKey = configKeyPair.getPrivateKey();
}
return new KeyPair(PublicKey.from(Base64.getDecoder().decode(base64PublicKey.trim())), PrivateKey.from(Base64.getDecoder().decode(base64PrivateKey.trim())));
}
Also used :
HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
ConfigKeyPair(com.quorum.tessera.config.keypairs.ConfigKeyPair)
KeyPair(com.quorum.tessera.encryption.KeyPair)
AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair)
AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair)
HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)
AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair)
Example 4 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class AzureVaultKeyGeneratorTest method setUp.
@Before
public void setUp() {
this.encryptor = mock(Encryptor.class);
this.keyVaultService = mock(KeyVaultService.class);
final KeyPair keyPair = new KeyPair(pub, priv);
when(encryptor.generateNewKeys()).thenReturn(keyPair);
azureVaultKeyGenerator = new AzureVaultKeyGenerator(encryptor, keyVaultService);
}
Also used :
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair)
Encryptor(com.quorum.tessera.encryption.Encryptor)
Before(org.junit.Before)
Example 5 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class HashicorpVaultKeyGeneratorTest method setUp.
@Before
public void setUp() {
this.encryptor = mock(Encryptor.class);
this.keyVaultService = mock(KeyVaultService.class);
final KeyPair keyPair = new KeyPair(pub, priv);
when(encryptor.generateNewKeys()).thenReturn(keyPair);
this.hashicorpVaultKeyGenerator = new HashicorpVaultKeyGenerator(encryptor, keyVaultService);
}
Also used :
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)
Encryptor(com.quorum.tessera.encryption.Encryptor)
Before(org.junit.Before)
Aggregations
KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)16
Test (org.junit.Test)9
KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)8
KeyPair (com.quorum.tessera.encryption.KeyPair)7
EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)6
Config (com.quorum.tessera.config.Config)4
Encryptor (com.quorum.tessera.encryption.Encryptor)4
Before (org.junit.Before)3
AWSKeyPair (com.quorum.tessera.config.keypairs.AWSKeyPair)2
AzureVaultKeyPair (com.quorum.tessera.config.keypairs.AzureVaultKeyPair)2
HashicorpVaultKeyPair (com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)2
Objects (java.util.Objects)2
Optional (java.util.Optional)2
HttpLogDetailLevel (com.azure.core.http.policy.HttpLogDetailLevel)1
HttpLogOptions (com.azure.core.http.policy.HttpLogOptions)1
DefaultAzureCredentialBuilder (com.azure.identity.DefaultAzureCredentialBuilder)1
SecretClient (com.azure.security.keyvault.secrets.SecretClient)1
SecretClientBuilder (com.azure.security.keyvault.secrets.SecretClientBuilder)1
com.quorum.tessera.config (com.quorum.tessera.config)1
ConfigException (com.quorum.tessera.config.ConfigException)1
