Example 6 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class KeyGeneratorFactoryTest method awsVaultKeyGeneratorWhenAwsConfigProvided.
@Test
public void awsVaultKeyGeneratorWhenAwsConfigProvided() {
final DefaultKeyVaultConfig keyVaultConfig = new DefaultKeyVaultConfig();
keyVaultConfig.setKeyVaultType(KeyVaultType.AWS);
EncryptorConfig encryptorConfig = mock(EncryptorConfig.class);
when(encryptorConfig.getType()).thenReturn(EncryptorType.NACL);
when(encryptorConfig.getProperties()).thenReturn(Collections.EMPTY_MAP);
KeyGeneratorFactory keyGeneratorFactory = KeyGeneratorFactory.create();
try (MockedStatic<KeyVaultServiceFactory> mockedKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
KeyVaultService keyVaultService = mock(KeyVaultService.class);
KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
when(keyVaultServiceFactory.create(any(), any())).thenReturn(keyVaultService);
mockedKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
final KeyGenerator keyGenerator = keyGeneratorFactory.create(keyVaultConfig, encryptorConfig);
assertThat(keyGenerator).isNotNull();
assertThat(keyGenerator).isExactlyInstanceOf(AWSSecretManagerKeyGenerator.class);
}
}
Also used :
DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
EncryptorConfig(com.quorum.tessera.config.EncryptorConfig)
Test(org.junit.Test)
Example 7 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class AzureKeyVaultServiceFactoryTest method create.
@Test
public void create() {
final KeyConfiguration keyConfiguration = mock(KeyConfiguration.class);
final DefaultKeyVaultConfig keyVaultConfig = mock(DefaultKeyVaultConfig.class);
when(config.getKeys()).thenReturn(keyConfiguration);
when(keyConfiguration.getKeyVaultConfig(KeyVaultType.AZURE)).thenReturn(Optional.of(keyVaultConfig));
when(keyVaultConfig.getProperty("url")).thenReturn(Optional.of("http://vaulturl"));
KeyVaultService result = keyVaultServiceFactory.create(config, envProvider);
assertThat(result).isInstanceOf(AzureKeyVaultService.class);
}
Also used :
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
Test(org.junit.Test)
Example 8 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class DefaultKeyGeneratorFactory method create.
@Override
public KeyGenerator create(KeyVaultConfig keyVaultConfig, EncryptorConfig encryptorConfig) {
Objects.requireNonNull(encryptorConfig, "No encryptor config defined. ");
final EncryptorFactory encryptorFactory = EncryptorFactory.newFactory(encryptorConfig.getType().name());
final Encryptor encryptor = encryptorFactory.create(encryptorConfig.getProperties());
if (keyVaultConfig != null) {
final KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(keyVaultConfig.getKeyVaultType());
final Config config = new Config();
final KeyConfiguration keyConfiguration = new KeyConfiguration();
if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AZURE)) {
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new AzureVaultKeyGenerator(encryptor, keyVaultService);
} else if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AWS)) {
if (!(keyVaultConfig instanceof DefaultKeyVaultConfig)) {
throw new IllegalArgumentException("AWS key vault config not instance of DefaultKeyVaultConfig");
}
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
} else {
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new HashicorpVaultKeyGenerator(encryptor, keyVaultService);
}
}
KeyEncryptor keyEncyptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
return new FileKeyGenerator(encryptor, keyEncyptor, PasswordReaderFactory.create());
}
Also used :
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
Encryptor(com.quorum.tessera.encryption.Encryptor)
KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor)
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
KeyEncryptorFactory(com.quorum.tessera.config.keys.KeyEncryptorFactory)
EncryptorFactory(com.quorum.tessera.encryption.EncryptorFactory)
Example 9 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class AWSSecretManagerKeyGeneratorTest method setUp.
@Before
public void setUp() {
final Encryptor encryptor = mock(Encryptor.class);
this.keyVaultService = mock(KeyVaultService.class);
final KeyPair keyPair = new KeyPair(pub, priv);
when(encryptor.generateNewKeys()).thenReturn(keyPair);
awsSecretManagerKeyGenerator = new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
}
Also used :
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair)
Encryptor(com.quorum.tessera.encryption.Encryptor)
Before(org.junit.Before)
Example 10 with KeyVaultService
use of com.quorum.tessera.key.vault.KeyVaultService in project tessera by ConsenSys.
the class HashicorpKeyVaultServiceFactory method create.
// This method should not be called directly. It has been left package-private to enable injection
// of util during
// testing
KeyVaultService create(Config config, EnvironmentVariableProvider envProvider, HashicorpKeyVaultServiceFactoryUtil util) {
Objects.requireNonNull(config);
Objects.requireNonNull(envProvider);
Objects.requireNonNull(util);
final String roleId = envProvider.getEnv(HASHICORP_ROLE_ID);
final String secretId = envProvider.getEnv(HASHICORP_SECRET_ID);
final String authToken = envProvider.getEnv(HASHICORP_TOKEN);
if (roleId == null && secretId == null && authToken == null) {
throw new HashicorpCredentialNotSetException("Environment variables must be set to authenticate with Hashicorp Vault. Set the " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables if using the AppRole authentication method. Set the " + HASHICORP_TOKEN + " environment variable if using another authentication method.");
} else if (isOnlyOneInputNull(roleId, secretId)) {
throw new HashicorpCredentialNotSetException("Only one of the " + HASHICORP_ROLE_ID + " and " + HASHICORP_SECRET_ID + " environment variables to authenticate with Hashicorp Vault using the AppRole method has been set");
}
KeyVaultConfig keyVaultConfig = Optional.ofNullable(config.getKeys()).flatMap(k -> k.getKeyVaultConfig(KeyVaultType.HASHICORP)).orElseThrow(() -> new ConfigException(new RuntimeException("Trying to create Hashicorp Vault connection but no Vault configuration provided")));
VaultEndpoint vaultEndpoint;
try {
URI uri = new URI(keyVaultConfig.getProperty("url").get());
vaultEndpoint = VaultEndpoint.from(uri);
} catch (URISyntaxException | NoSuchElementException | IllegalArgumentException e) {
throw new ConfigException(new RuntimeException("Provided Hashicorp Vault url is incorrectly formatted", e));
}
SslConfiguration sslConfiguration = util.configureSsl(keyVaultConfig, envProvider);
ClientOptions clientOptions = new ClientOptions();
ClientHttpRequestFactory clientHttpRequestFactory = util.createClientHttpRequestFactory(clientOptions, sslConfiguration);
ClientAuthentication clientAuthentication = util.configureClientAuthentication(keyVaultConfig, envProvider, clientHttpRequestFactory, vaultEndpoint);
SessionManager sessionManager = new SimpleSessionManager(clientAuthentication);
VaultOperations vaultOperations = new VaultTemplate(vaultEndpoint, clientHttpRequestFactory, sessionManager);
return new HashicorpKeyVaultService(vaultOperations, () -> new VaultVersionedKeyValueTemplateFactory() {
});
}
Also used :
ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication)
URISyntaxException(java.net.URISyntaxException)
ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory)
VaultEndpoint(org.springframework.vault.client.VaultEndpoint)
ClientOptions(org.springframework.vault.support.ClientOptions)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
SslConfiguration(org.springframework.vault.support.SslConfiguration)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
Objects(java.util.Objects)
SimpleSessionManager(org.springframework.vault.authentication.SimpleSessionManager)
EnvironmentVariables(com.quorum.tessera.config.util.EnvironmentVariables)
com.quorum.tessera.config(com.quorum.tessera.config)
Optional(java.util.Optional)
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
SessionManager(org.springframework.vault.authentication.SessionManager)
URI(java.net.URI)
NoSuchElementException(java.util.NoSuchElementException)
VaultOperations(org.springframework.vault.core.VaultOperations)
VaultTemplate(org.springframework.vault.core.VaultTemplate)
VaultTemplate(org.springframework.vault.core.VaultTemplate)
ClientOptions(org.springframework.vault.support.ClientOptions)
ClientHttpRequestFactory(org.springframework.http.client.ClientHttpRequestFactory)
SimpleSessionManager(org.springframework.vault.authentication.SimpleSessionManager)
SessionManager(org.springframework.vault.authentication.SessionManager)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
SslConfiguration(org.springframework.vault.support.SslConfiguration)
VaultOperations(org.springframework.vault.core.VaultOperations)
SimpleSessionManager(org.springframework.vault.authentication.SimpleSessionManager)
ClientAuthentication(org.springframework.vault.authentication.ClientAuthentication)
VaultEndpoint(org.springframework.vault.client.VaultEndpoint)
NoSuchElementException(java.util.NoSuchElementException)
Aggregations
KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)16
Test (org.junit.Test)9
KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)8
KeyPair (com.quorum.tessera.encryption.KeyPair)7
EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)6
Config (com.quorum.tessera.config.Config)4
Encryptor (com.quorum.tessera.encryption.Encryptor)4
Before (org.junit.Before)3
AWSKeyPair (com.quorum.tessera.config.keypairs.AWSKeyPair)2
AzureVaultKeyPair (com.quorum.tessera.config.keypairs.AzureVaultKeyPair)2
HashicorpVaultKeyPair (com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)2
Objects (java.util.Objects)2
Optional (java.util.Optional)2
HttpLogDetailLevel (com.azure.core.http.policy.HttpLogDetailLevel)1
HttpLogOptions (com.azure.core.http.policy.HttpLogOptions)1
DefaultAzureCredentialBuilder (com.azure.identity.DefaultAzureCredentialBuilder)1
SecretClient (com.azure.security.keyvault.secrets.SecretClient)1
SecretClientBuilder (com.azure.security.keyvault.secrets.SecretClientBuilder)1
com.quorum.tessera.config (com.quorum.tessera.config)1
ConfigException (com.quorum.tessera.config.ConfigException)1
