Example 1 with KeyVaultServiceFactory
use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.
the class KeyPairConverterTest method convertSingleAwsVaultKeyPair.
@Test
public void convertSingleAwsVaultKeyPair() {
try (var staticKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
KeyVaultService keyVaultService = mock(KeyVaultService.class);
when(keyVaultService.getSecret(any(Map.class))).thenReturn("publicSecret").thenReturn("privSecret");
when(keyVaultServiceFactory.create(any(Config.class), any(EnvironmentVariableProvider.class))).thenReturn(keyVaultService);
staticKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
final AWSKeyPair keyPair = new AWSKeyPair("pub", "priv");
Collection<KeyPair> result = converter.convert(Collections.singletonList(keyPair));
assertThat(result).hasSize(1);
KeyPair resultKeyPair = result.iterator().next();
KeyPair expected = new KeyPair(PublicKey.from(decodeBase64("publicSecret")), PrivateKey.from(decodeBase64("privSecret")));
assertThat(resultKeyPair).isEqualToComparingFieldByField(expected);
verify(keyVaultService, times(2)).getSecret(any(Map.class));
verify(keyVaultServiceFactory).create(any(Config.class), any(EnvironmentVariableProvider.class));
staticKeyVaultServiceFactory.verify(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS));
staticKeyVaultServiceFactory.verifyNoMoreInteractions();
verifyNoMoreInteractions(keyVaultService);
verifyNoMoreInteractions(keyVaultServiceFactory);
}
}
Also used :
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
Config(com.quorum.tessera.config.Config)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
Test(org.junit.Test)
Example 2 with KeyVaultServiceFactory
use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.
the class KeyPairConverterTest method convertSingleHashicorpVaultKeyPair.
@Test
public void convertSingleHashicorpVaultKeyPair() {
try (var staticKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
KeyVaultService keyVaultService = mock(KeyVaultService.class);
when(keyVaultService.getSecret(any(Map.class))).thenReturn("publicSecret").thenReturn("privSecret");
when(keyVaultServiceFactory.create(any(Config.class), any(EnvironmentVariableProvider.class))).thenReturn(keyVaultService);
staticKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP)).thenReturn(keyVaultServiceFactory);
final HashicorpVaultKeyPair keyPair = new HashicorpVaultKeyPair("pub", "priv", "engine", "secretName", 10);
Collection<KeyPair> result = converter.convert(Collections.singletonList(keyPair));
assertThat(result).hasSize(1);
KeyPair resultKeyPair = result.iterator().next();
KeyPair expected = new KeyPair(PublicKey.from(decodeBase64("publicSecret")), PrivateKey.from(decodeBase64("privSecret")));
assertThat(resultKeyPair).isEqualToComparingFieldByField(expected);
verify(keyVaultService, times(2)).getSecret(any(Map.class));
verify(keyVaultServiceFactory).create(any(Config.class), any(EnvironmentVariableProvider.class));
staticKeyVaultServiceFactory.verify(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP));
staticKeyVaultServiceFactory.verifyNoMoreInteractions();
verifyNoMoreInteractions(keyVaultService);
verifyNoMoreInteractions(keyVaultServiceFactory);
}
}
Also used :
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyPair(com.quorum.tessera.encryption.KeyPair)
Config(com.quorum.tessera.config.Config)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
Test(org.junit.Test)
Example 3 with KeyVaultServiceFactory
use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.
the class KeyPairConverter method convert.
private KeyPair convert(ConfigKeyPair configKeyPair) {
final String base64PublicKey;
final String base64PrivateKey;
if (configKeyPair instanceof AzureVaultKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AZURE);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
AzureVaultKeyPair akp = (AzureVaultKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = new HashMap<>(Map.of("secretName", akp.getPublicKeyId()));
getPublicKeyData.put("secretVersion", akp.getPublicKeyVersion());
Map<String, String> getPrivateKeyData = new HashMap<>(Map.of("secretName", akp.getPrivateKeyId()));
getPrivateKeyData.put("secretVersion", akp.getPrivateKeyVersion());
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else if (configKeyPair instanceof HashicorpVaultKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
HashicorpVaultKeyPair hkp = (HashicorpVaultKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPublicKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
Map<String, String> getPrivateKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPrivateKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else if (configKeyPair instanceof AWSKeyPair) {
KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AWS);
KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
AWSKeyPair akp = (AWSKeyPair) configKeyPair;
Map<String, String> getPublicKeyData = Map.of("secretName", akp.getPublicKeyId());
Map<String, String> getPrivateKeyData = Map.of("secretName", akp.getPrivateKeyId());
base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
} else {
base64PublicKey = configKeyPair.getPublicKey();
base64PrivateKey = configKeyPair.getPrivateKey();
}
return new KeyPair(PublicKey.from(Base64.getDecoder().decode(base64PublicKey.trim())), PrivateKey.from(Base64.getDecoder().decode(base64PrivateKey.trim())));
}
Also used :
HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
ConfigKeyPair(com.quorum.tessera.config.keypairs.ConfigKeyPair)
KeyPair(com.quorum.tessera.encryption.KeyPair)
AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair)
AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair)
HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)
AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair)
Example 4 with KeyVaultServiceFactory
use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.
the class KeyGeneratorFactoryTest method awsVaultKeyGeneratorWhenAwsConfigProvided.
@Test
public void awsVaultKeyGeneratorWhenAwsConfigProvided() {
final DefaultKeyVaultConfig keyVaultConfig = new DefaultKeyVaultConfig();
keyVaultConfig.setKeyVaultType(KeyVaultType.AWS);
EncryptorConfig encryptorConfig = mock(EncryptorConfig.class);
when(encryptorConfig.getType()).thenReturn(EncryptorType.NACL);
when(encryptorConfig.getProperties()).thenReturn(Collections.EMPTY_MAP);
KeyGeneratorFactory keyGeneratorFactory = KeyGeneratorFactory.create();
try (MockedStatic<KeyVaultServiceFactory> mockedKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
KeyVaultService keyVaultService = mock(KeyVaultService.class);
KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
when(keyVaultServiceFactory.create(any(), any())).thenReturn(keyVaultService);
mockedKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
final KeyGenerator keyGenerator = keyGeneratorFactory.create(keyVaultConfig, encryptorConfig);
assertThat(keyGenerator).isNotNull();
assertThat(keyGenerator).isExactlyInstanceOf(AWSSecretManagerKeyGenerator.class);
}
}
Also used :
DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig)
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
EncryptorConfig(com.quorum.tessera.config.EncryptorConfig)
Test(org.junit.Test)
Example 5 with KeyVaultServiceFactory
use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.
the class DefaultKeyGeneratorFactory method create.
@Override
public KeyGenerator create(KeyVaultConfig keyVaultConfig, EncryptorConfig encryptorConfig) {
Objects.requireNonNull(encryptorConfig, "No encryptor config defined. ");
final EncryptorFactory encryptorFactory = EncryptorFactory.newFactory(encryptorConfig.getType().name());
final Encryptor encryptor = encryptorFactory.create(encryptorConfig.getProperties());
if (keyVaultConfig != null) {
final KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(keyVaultConfig.getKeyVaultType());
final Config config = new Config();
final KeyConfiguration keyConfiguration = new KeyConfiguration();
if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AZURE)) {
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new AzureVaultKeyGenerator(encryptor, keyVaultService);
} else if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AWS)) {
if (!(keyVaultConfig instanceof DefaultKeyVaultConfig)) {
throw new IllegalArgumentException("AWS key vault config not instance of DefaultKeyVaultConfig");
}
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
} else {
keyConfiguration.addKeyVaultConfig(keyVaultConfig);
config.setKeys(keyConfiguration);
final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
return new HashicorpVaultKeyGenerator(encryptor, keyVaultService);
}
}
KeyEncryptor keyEncyptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
return new FileKeyGenerator(encryptor, keyEncyptor, PasswordReaderFactory.create());
}
Also used :
KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService)
Encryptor(com.quorum.tessera.encryption.Encryptor)
KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor)
EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider)
KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor)
KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory)
KeyEncryptorFactory(com.quorum.tessera.config.keys.KeyEncryptorFactory)
EncryptorFactory(com.quorum.tessera.encryption.EncryptorFactory)
Aggregations
KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)8
KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)7
Test (org.junit.Test)6
EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)4
KeyPair (com.quorum.tessera.encryption.KeyPair)4
Config (com.quorum.tessera.config.Config)3
DefaultKeyVaultConfig (com.quorum.tessera.config.DefaultKeyVaultConfig)1
EncryptorConfig (com.quorum.tessera.config.EncryptorConfig)1
AWSKeyPair (com.quorum.tessera.config.keypairs.AWSKeyPair)1
AzureVaultKeyPair (com.quorum.tessera.config.keypairs.AzureVaultKeyPair)1
ConfigKeyPair (com.quorum.tessera.config.keypairs.ConfigKeyPair)1
HashicorpVaultKeyPair (com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)1
KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)1
KeyEncryptorFactory (com.quorum.tessera.config.keys.KeyEncryptorFactory)1
Encryptor (com.quorum.tessera.encryption.Encryptor)1
EncryptorFactory (com.quorum.tessera.encryption.EncryptorFactory)1
