Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: permit to configure fs vault with configuration file #3307

Merged
merged 1 commit into from
Jul 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@ public class ConfigurationFunctions {
* <p>Naming conventions for keys are '[qualifier].[value]' in lower case. When checking for env variables, keys will be converted to uppercase and '.' replaced by '_'.</p>
*/
public static String propOrEnv(String key, String defaultValue) {
String value = System.getProperty(key);
var value = System.getProperty(key);
if (!StringUtils.isNullOrBlank(value)) {
return value;
}
String upperKey = key.toUpperCase().replace('.', '_');
var upperKey = key.toUpperCase().replace('.', '_');
value = System.getenv(upperKey);
if (!StringUtils.isNullOrBlank(value)) {
return value;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,13 @@ public void cleanUp() {
@SetSystemProperty(key = SYS_PROP_2, value = "")
@SetSystemProperty(key = SYS_PROP_3, value = " ")
public void returnSystemProperty(String key, String expected) {
String resultValue = ConfigurationFunctions.propOrEnv(key, DEFAULT);
var resultValue = ConfigurationFunctions.propOrEnv(key, DEFAULT);
assertThat(resultValue).isEqualTo(expected);
}

@Test
public void returnDefaultEnv_NullValue() {
String resultValue = ConfigurationFunctions.propOrEnv("nonexistent", DEFAULT);
var resultValue = ConfigurationFunctions.propOrEnv("nonexistent", DEFAULT);
assertThat(resultValue).isEqualTo(DEFAULT);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

import org.eclipse.edc.runtime.metamodel.annotation.BaseExtension;
import org.eclipse.edc.runtime.metamodel.annotation.Extension;
import org.eclipse.edc.runtime.metamodel.annotation.Provider;
import org.eclipse.edc.runtime.metamodel.annotation.Provides;
import org.eclipse.edc.spi.EdcException;
import org.eclipse.edc.spi.security.CertificateResolver;
Expand All @@ -25,13 +26,11 @@
import org.eclipse.edc.spi.system.ServiceExtensionContext;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;

import static org.eclipse.edc.util.configuration.ConfigurationFunctions.propOrEnv;
import static org.eclipse.edc.vault.filesystem.FsConfiguration.KEYSTORE_LOCATION;
import static org.eclipse.edc.vault.filesystem.FsConfiguration.KEYSTORE_PASSWORD;
import static org.eclipse.edc.vault.filesystem.FsConfiguration.PERSISTENT_VAULT;
Expand All @@ -41,7 +40,7 @@
* Bootstraps the file system-based vault extension.
*/
@BaseExtension
@Provides({ Vault.class, PrivateKeyResolver.class, CertificateResolver.class })
@Provides({ PrivateKeyResolver.class, CertificateResolver.class })
@Extension(value = FsVaultExtension.NAME)
public class FsVaultExtension implements ServiceExtension {

Expand All @@ -54,42 +53,40 @@ public String name() {

@Override
public void initialize(ServiceExtensionContext context) {
var vault = initializeVault();
context.registerService(Vault.class, vault);

KeyStore keyStore = loadKeyStore();
var keystorePassword = propOrEnv(KEYSTORE_PASSWORD, null);
var keyStore = loadKeyStore(context);
var keystorePassword = context.getSetting(KEYSTORE_PASSWORD, null);
var privateKeyResolver = new FsPrivateKeyResolver(keystorePassword, keyStore);
context.registerService(PrivateKeyResolver.class, privateKeyResolver);

var certificateResolver = new FsCertificateResolver(keyStore);
context.registerService(CertificateResolver.class, certificateResolver);
}

private Vault initializeVault() {
var vaultLocation = propOrEnv(VAULT_LOCATION, "dataspaceconnector-vault.properties");
@Provider
public Vault vault(ServiceExtensionContext context) {
var vaultLocation = context.getSetting(VAULT_LOCATION, "dataspaceconnector-vault.properties");
var vaultPath = Paths.get(vaultLocation);
if (!Files.exists(vaultPath)) {
throw new EdcException("Vault file does not exist: " + vaultLocation);
}
var persistentVault = Boolean.parseBoolean(propOrEnv(PERSISTENT_VAULT, "true"));
var persistentVault = context.getSetting(PERSISTENT_VAULT, true);
return new FsVault(vaultPath, persistentVault);
}

private KeyStore loadKeyStore() {
var keyStoreLocation = propOrEnv(KEYSTORE_LOCATION, "dataspaceconnector-keystore.jks");
private KeyStore loadKeyStore(ServiceExtensionContext context) {
var keyStoreLocation = context.getSetting(KEYSTORE_LOCATION, "dataspaceconnector-keystore.jks");
var keyStorePath = Paths.get(keyStoreLocation);
if (!Files.exists(keyStorePath)) {
throw new EdcException("Key store does not exist: " + keyStoreLocation);
}

var keystorePassword = propOrEnv(KEYSTORE_PASSWORD, null);
var keystorePassword = context.getSetting(KEYSTORE_PASSWORD, null);
if (keystorePassword == null) {
throw new EdcException("Key store password was not specified");
}

try (InputStream stream = Files.newInputStream(keyStorePath)) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (var stream = Files.newInputStream(keyStorePath)) {
var keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(stream, keystorePassword.toCharArray());
return keyStore;
} catch (IOException | GeneralSecurityException e) {
Expand Down