Search in sources :

Example 1 with KeyVaultServiceFactory

use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.

the class KeyPairConverterTest method convertSingleAwsVaultKeyPair.

@Test
public void convertSingleAwsVaultKeyPair() {
    try (var staticKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
        KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
        KeyVaultService keyVaultService = mock(KeyVaultService.class);
        when(keyVaultService.getSecret(any(Map.class))).thenReturn("publicSecret").thenReturn("privSecret");
        when(keyVaultServiceFactory.create(any(Config.class), any(EnvironmentVariableProvider.class))).thenReturn(keyVaultService);
        staticKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
        final AWSKeyPair keyPair = new AWSKeyPair("pub", "priv");
        Collection<KeyPair> result = converter.convert(Collections.singletonList(keyPair));
        assertThat(result).hasSize(1);
        KeyPair resultKeyPair = result.iterator().next();
        KeyPair expected = new KeyPair(PublicKey.from(decodeBase64("publicSecret")), PrivateKey.from(decodeBase64("privSecret")));
        assertThat(resultKeyPair).isEqualToComparingFieldByField(expected);
        verify(keyVaultService, times(2)).getSecret(any(Map.class));
        verify(keyVaultServiceFactory).create(any(Config.class), any(EnvironmentVariableProvider.class));
        staticKeyVaultServiceFactory.verify(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS));
        staticKeyVaultServiceFactory.verifyNoMoreInteractions();
        verifyNoMoreInteractions(keyVaultService);
        verifyNoMoreInteractions(keyVaultServiceFactory);
    }
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) KeyPair(com.quorum.tessera.encryption.KeyPair) Config(com.quorum.tessera.config.Config) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) Test(org.junit.Test)

Example 2 with KeyVaultServiceFactory

use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.

the class KeyPairConverterTest method convertSingleHashicorpVaultKeyPair.

@Test
public void convertSingleHashicorpVaultKeyPair() {
    try (var staticKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
        KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
        KeyVaultService keyVaultService = mock(KeyVaultService.class);
        when(keyVaultService.getSecret(any(Map.class))).thenReturn("publicSecret").thenReturn("privSecret");
        when(keyVaultServiceFactory.create(any(Config.class), any(EnvironmentVariableProvider.class))).thenReturn(keyVaultService);
        staticKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP)).thenReturn(keyVaultServiceFactory);
        final HashicorpVaultKeyPair keyPair = new HashicorpVaultKeyPair("pub", "priv", "engine", "secretName", 10);
        Collection<KeyPair> result = converter.convert(Collections.singletonList(keyPair));
        assertThat(result).hasSize(1);
        KeyPair resultKeyPair = result.iterator().next();
        KeyPair expected = new KeyPair(PublicKey.from(decodeBase64("publicSecret")), PrivateKey.from(decodeBase64("privSecret")));
        assertThat(resultKeyPair).isEqualToComparingFieldByField(expected);
        verify(keyVaultService, times(2)).getSecret(any(Map.class));
        verify(keyVaultServiceFactory).create(any(Config.class), any(EnvironmentVariableProvider.class));
        staticKeyVaultServiceFactory.verify(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP));
        staticKeyVaultServiceFactory.verifyNoMoreInteractions();
        verifyNoMoreInteractions(keyVaultService);
        verifyNoMoreInteractions(keyVaultServiceFactory);
    }
}
Also used : EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) KeyPair(com.quorum.tessera.encryption.KeyPair) Config(com.quorum.tessera.config.Config) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) Test(org.junit.Test)

Example 3 with KeyVaultServiceFactory

use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.

the class KeyPairConverter method convert.

private KeyPair convert(ConfigKeyPair configKeyPair) {
    final String base64PublicKey;
    final String base64PrivateKey;
    if (configKeyPair instanceof AzureVaultKeyPair) {
        KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AZURE);
        KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
        AzureVaultKeyPair akp = (AzureVaultKeyPair) configKeyPair;
        Map<String, String> getPublicKeyData = new HashMap<>(Map.of("secretName", akp.getPublicKeyId()));
        getPublicKeyData.put("secretVersion", akp.getPublicKeyVersion());
        Map<String, String> getPrivateKeyData = new HashMap<>(Map.of("secretName", akp.getPrivateKeyId()));
        getPrivateKeyData.put("secretVersion", akp.getPrivateKeyVersion());
        base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
        base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
    } else if (configKeyPair instanceof HashicorpVaultKeyPair) {
        KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.HASHICORP);
        KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
        HashicorpVaultKeyPair hkp = (HashicorpVaultKeyPair) configKeyPair;
        Map<String, String> getPublicKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPublicKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
        Map<String, String> getPrivateKeyData = Map.of("secretEngineName", hkp.getSecretEngineName(), "secretName", hkp.getSecretName(), "secretId", hkp.getPrivateKeyId(), "secretVersion", Objects.toString(hkp.getSecretVersion()));
        base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
        base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
    } else if (configKeyPair instanceof AWSKeyPair) {
        KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(KeyVaultType.AWS);
        KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, envProvider);
        AWSKeyPair akp = (AWSKeyPair) configKeyPair;
        Map<String, String> getPublicKeyData = Map.of("secretName", akp.getPublicKeyId());
        Map<String, String> getPrivateKeyData = Map.of("secretName", akp.getPrivateKeyId());
        base64PublicKey = keyVaultService.getSecret(getPublicKeyData);
        base64PrivateKey = keyVaultService.getSecret(getPrivateKeyData);
    } else {
        base64PublicKey = configKeyPair.getPublicKey();
        base64PrivateKey = configKeyPair.getPrivateKey();
    }
    return new KeyPair(PublicKey.from(Base64.getDecoder().decode(base64PublicKey.trim())), PrivateKey.from(Base64.getDecoder().decode(base64PrivateKey.trim())));
}
Also used : HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) ConfigKeyPair(com.quorum.tessera.config.keypairs.ConfigKeyPair) KeyPair(com.quorum.tessera.encryption.KeyPair) AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair) AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair) HashicorpVaultKeyPair(com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair) AWSKeyPair(com.quorum.tessera.config.keypairs.AWSKeyPair) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) AzureVaultKeyPair(com.quorum.tessera.config.keypairs.AzureVaultKeyPair)

Example 4 with KeyVaultServiceFactory

use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.

the class KeyGeneratorFactoryTest method awsVaultKeyGeneratorWhenAwsConfigProvided.

@Test
public void awsVaultKeyGeneratorWhenAwsConfigProvided() {
    final DefaultKeyVaultConfig keyVaultConfig = new DefaultKeyVaultConfig();
    keyVaultConfig.setKeyVaultType(KeyVaultType.AWS);
    EncryptorConfig encryptorConfig = mock(EncryptorConfig.class);
    when(encryptorConfig.getType()).thenReturn(EncryptorType.NACL);
    when(encryptorConfig.getProperties()).thenReturn(Collections.EMPTY_MAP);
    KeyGeneratorFactory keyGeneratorFactory = KeyGeneratorFactory.create();
    try (MockedStatic<KeyVaultServiceFactory> mockedKeyVaultServiceFactory = mockStatic(KeyVaultServiceFactory.class)) {
        KeyVaultService keyVaultService = mock(KeyVaultService.class);
        KeyVaultServiceFactory keyVaultServiceFactory = mock(KeyVaultServiceFactory.class);
        when(keyVaultServiceFactory.create(any(), any())).thenReturn(keyVaultService);
        mockedKeyVaultServiceFactory.when(() -> KeyVaultServiceFactory.getInstance(KeyVaultType.AWS)).thenReturn(keyVaultServiceFactory);
        final KeyGenerator keyGenerator = keyGeneratorFactory.create(keyVaultConfig, encryptorConfig);
        assertThat(keyGenerator).isNotNull();
        assertThat(keyGenerator).isExactlyInstanceOf(AWSSecretManagerKeyGenerator.class);
    }
}
Also used : DefaultKeyVaultConfig(com.quorum.tessera.config.DefaultKeyVaultConfig) KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) EncryptorConfig(com.quorum.tessera.config.EncryptorConfig) Test(org.junit.Test)

Example 5 with KeyVaultServiceFactory

use of com.quorum.tessera.key.vault.KeyVaultServiceFactory in project tessera by ConsenSys.

the class DefaultKeyGeneratorFactory method create.

@Override
public KeyGenerator create(KeyVaultConfig keyVaultConfig, EncryptorConfig encryptorConfig) {
    Objects.requireNonNull(encryptorConfig, "No encryptor config defined. ");
    final EncryptorFactory encryptorFactory = EncryptorFactory.newFactory(encryptorConfig.getType().name());
    final Encryptor encryptor = encryptorFactory.create(encryptorConfig.getProperties());
    if (keyVaultConfig != null) {
        final KeyVaultServiceFactory keyVaultServiceFactory = KeyVaultServiceFactory.getInstance(keyVaultConfig.getKeyVaultType());
        final Config config = new Config();
        final KeyConfiguration keyConfiguration = new KeyConfiguration();
        if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AZURE)) {
            keyConfiguration.addKeyVaultConfig(keyVaultConfig);
            config.setKeys(keyConfiguration);
            final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
            return new AzureVaultKeyGenerator(encryptor, keyVaultService);
        } else if (keyVaultConfig.getKeyVaultType().equals(KeyVaultType.AWS)) {
            if (!(keyVaultConfig instanceof DefaultKeyVaultConfig)) {
                throw new IllegalArgumentException("AWS key vault config not instance of DefaultKeyVaultConfig");
            }
            keyConfiguration.addKeyVaultConfig(keyVaultConfig);
            config.setKeys(keyConfiguration);
            final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
            return new AWSSecretManagerKeyGenerator(encryptor, keyVaultService);
        } else {
            keyConfiguration.addKeyVaultConfig(keyVaultConfig);
            config.setKeys(keyConfiguration);
            final KeyVaultService keyVaultService = keyVaultServiceFactory.create(config, new EnvironmentVariableProvider());
            return new HashicorpVaultKeyGenerator(encryptor, keyVaultService);
        }
    }
    KeyEncryptor keyEncyptor = KeyEncryptorFactory.newFactory().create(encryptorConfig);
    return new FileKeyGenerator(encryptor, keyEncyptor, PasswordReaderFactory.create());
}
Also used : KeyVaultService(com.quorum.tessera.key.vault.KeyVaultService) Encryptor(com.quorum.tessera.encryption.Encryptor) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) EnvironmentVariableProvider(com.quorum.tessera.config.util.EnvironmentVariableProvider) KeyEncryptor(com.quorum.tessera.config.keys.KeyEncryptor) KeyVaultServiceFactory(com.quorum.tessera.key.vault.KeyVaultServiceFactory) KeyEncryptorFactory(com.quorum.tessera.config.keys.KeyEncryptorFactory) EncryptorFactory(com.quorum.tessera.encryption.EncryptorFactory)

Aggregations

KeyVaultServiceFactory (com.quorum.tessera.key.vault.KeyVaultServiceFactory)8 KeyVaultService (com.quorum.tessera.key.vault.KeyVaultService)7 Test (org.junit.Test)6 EnvironmentVariableProvider (com.quorum.tessera.config.util.EnvironmentVariableProvider)4 KeyPair (com.quorum.tessera.encryption.KeyPair)4 Config (com.quorum.tessera.config.Config)3 DefaultKeyVaultConfig (com.quorum.tessera.config.DefaultKeyVaultConfig)1 EncryptorConfig (com.quorum.tessera.config.EncryptorConfig)1 AWSKeyPair (com.quorum.tessera.config.keypairs.AWSKeyPair)1 AzureVaultKeyPair (com.quorum.tessera.config.keypairs.AzureVaultKeyPair)1 ConfigKeyPair (com.quorum.tessera.config.keypairs.ConfigKeyPair)1 HashicorpVaultKeyPair (com.quorum.tessera.config.keypairs.HashicorpVaultKeyPair)1 KeyEncryptor (com.quorum.tessera.config.keys.KeyEncryptor)1 KeyEncryptorFactory (com.quorum.tessera.config.keys.KeyEncryptorFactory)1 Encryptor (com.quorum.tessera.encryption.Encryptor)1 EncryptorFactory (com.quorum.tessera.encryption.EncryptorFactory)1