From f7117c9df81e47cffd869b5398916fa815281edf Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Fri, 1 Nov 2024 10:55:13 +0100 Subject: [PATCH 01/11] WIP plain java key management for non aws environment move from postgres to aws/ non aws profile --- local-environment/readme.md | 9 ++-- .../server/account/AccountConfig.kt | 8 +-- .../config/AuthorizationServerConfig.kt | 4 +- .../server/config/DatabaseConfig.kt | 2 +- .../vauthenticator/server/keys/KeyConfig.kt | 34 +++++++++--- .../adapter/local/BouncyCastleKeyDecrypter.kt | 12 +++++ .../adapter/local/BouncyCastleKeyGenerator.kt | 32 ++++++++++++ ...cyCastleKeyGeneratorMasterKeyRepository.kt | 14 +++++ .../local/KeyCryptographicOperations.kt | 52 +++++++++++++++++++ .../vauthenticator/server/mfa/MfaConfig.kt | 4 +- .../clientapp/ClientApplicationConfig.kt | 8 +-- .../server/role/PermissionConfig.kt | 8 +-- .../server/ticket/TicketConfig.kt | 4 +- .../keys/adapter/kms/KmsKeyGeneratorTest.kt | 8 +++ .../local/BouncyCastleKeyGeneratorTest.kt | 9 ++++ 15 files changed, 177 insertions(+), 31 deletions(-) create mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt create mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt create mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt create mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/kms/KmsKeyGeneratorTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt diff --git a/local-environment/readme.md b/local-environment/readme.md index 30a3bde6..25a87334 100644 --- a/local-environment/readme.md +++ b/local-environment/readme.md @@ -94,11 +94,8 @@ cd ../../../../../communication/default/mail cp * ../../../dist/mail/templates ``` -## Postgres usage +## Installation in a NON AWS Environment -Postgres is an available option as storage, it is experimental right now, and it is supported only for account and roles. +Postgres and plain java key management is an available option -In order to activate it is needed to add the corresponding spring profile '''experimental_database_persistence''' and -for the init process add to the docker run the environment variable '''experimental_database_persistence=true'''with the command like below: - -> docker run --pull=always -e experimental_database_persistence=true -it mrflick72/vauthenticator-local-tenant-installer:latest \ No newline at end of file +In order to activate aws native service usage like KMS, DynamoDB and so on please use the spring profile '''aws''' default otherwise \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt b/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt index 07e98351..6bb6b0d0 100644 --- a/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt @@ -56,7 +56,7 @@ class AccountConfig { @Bean("accountRepository") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbcAccountRepository( jdbcTemplate: JdbcTemplate ) = JdbcAccountRepository(jdbcTemplate) @@ -68,7 +68,7 @@ class AccountConfig { havingValue = "false", matchIfMissing = true ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun dynamoDbAccountRepository( mapper: ObjectMapper, dynamoDbClient: DynamoDbClient, @@ -85,7 +85,7 @@ class AccountConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun cachedDynamoDbAccountRepository( mapper: ObjectMapper, dynamoDbClient: DynamoDbClient, @@ -106,7 +106,7 @@ class AccountConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun accountCacheOperation( redisTemplate: RedisTemplate<*, *>, @Value("\${vauthenticator.dynamo-db.account.cache.ttl}") ttl: Duration, diff --git a/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt b/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt index 99e2002c..61f3dd62 100644 --- a/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt @@ -98,14 +98,14 @@ class AuthorizationServerConfig { } @Bean("oAuth2AuthorizationService") - @Profile("!experimental_database_persistence") + @Profile("!aws") fun redisOAuth2AuthorizationService(redisTemplate: RedisTemplate): OAuth2AuthorizationService { return RedisOAuth2AuthorizationService(redisTemplate) } @Bean("oAuth2AuthorizationService") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbcOAuth2AuthorizationService( jdbcTemplate : JdbcTemplate, registeredClientRepository : RegisteredClientRepository diff --git a/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt b/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt index d67ae8c4..0041d2cb 100644 --- a/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt @@ -10,6 +10,6 @@ import org.springframework.context.annotation.Profile @Configuration @EnableAutoConfiguration(exclude = [DataSourceAutoConfiguration::class, DataSourceTransactionManagerAutoConfiguration::class, HibernateJpaAutoConfiguration::class]) -@Profile("!experimental_database_persistence") +@Profile("!aws") class ExcludeDatabaseConfig diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index c13fb96a..ffdc8aca 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -4,6 +4,10 @@ import com.vauthenticator.server.keys.adapter.dynamo.DynamoDbKeyStorage import com.vauthenticator.server.keys.adapter.jdbc.JdbcKeyStorage import com.vauthenticator.server.keys.adapter.kms.KmsKeyDecrypter import com.vauthenticator.server.keys.adapter.kms.KmsKeyGenerator +import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyDecrypter +import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGenerator +import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGeneratorMasterKeyRepository +import com.vauthenticator.server.keys.adapter.local.KeyCryptographicOperations import com.vauthenticator.server.keys.domain.* import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean @@ -18,14 +22,32 @@ import java.util.* @Configuration(proxyBeanMethods = false) class KeyConfig { - @Bean - fun keyGenerator(kmsClient: KmsClient): KeyGenerator = KmsKeyGenerator(kmsClient) + @Profile("aws") + @Bean("keyGenerator") + fun kmsKeyGenerator(kmsClient: KmsClient): KeyGenerator = KmsKeyGenerator(kmsClient) - @Bean - fun keyDecrypter(kmsClient: KmsClient): KeyDecrypter = KmsKeyDecrypter(kmsClient) + @Profile("!aws") + @Bean("keyGenerator") + fun bouncyCastleKeyGenerator(kmsClient: KmsClient): KeyGenerator = BouncyCastleKeyGenerator( + KeyCryptographicOperations( + BouncyCastleKeyGeneratorMasterKeyRepository() + ) + ) + + @Profile("aws") + @Bean("keyDecrypter") + fun kmsKeyDecrypter(kmsClient: KmsClient): KeyDecrypter = KmsKeyDecrypter(kmsClient) + + @Profile("!aws") + @Bean("keyDecrypter") + fun bouncyCastleKeyDecrypter(): KeyDecrypter = BouncyCastleKeyDecrypter( + KeyCryptographicOperations( + BouncyCastleKeyGeneratorMasterKeyRepository() + ) + ) @Bean("keyStorage") - @Profile("!experimental_database_persistence") + @Profile("!aws") fun dynamoDbKeyStorage( clock: Clock, dynamoDbClient: DynamoDbClient, @@ -34,7 +56,7 @@ class KeyConfig { ) = DynamoDbKeyStorage(clock, dynamoDbClient, signatureTableName, mfaTableName) @Bean("keyStorage") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbcKeyStorage(jdbcTemplate: JdbcTemplate, clock: Clock) = JdbcKeyStorage(jdbcTemplate, clock) @Bean("keyRepository") diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt new file mode 100644 index 00000000..439d4106 --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt @@ -0,0 +1,12 @@ +package com.vauthenticator.server.keys.adapter.local + +import com.vauthenticator.server.extentions.encoder +import com.vauthenticator.server.keys.domain.KeyDecrypter +import com.vauthenticator.server.keys.domain.MasterKid + +class BouncyCastleKeyDecrypter(private val keyCryptographicOperations: KeyCryptographicOperations) : KeyDecrypter { + override fun decryptKey(encrypted: String): String { + return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKid(""), encrypted.toByteArray())) + .decodeToString() + } +} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt new file mode 100644 index 00000000..60854ae4 --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt @@ -0,0 +1,32 @@ +package com.vauthenticator.server.keys.adapter.local + +import com.vauthenticator.server.keys.domain.DataKey +import com.vauthenticator.server.keys.domain.KeyGenerator +import com.vauthenticator.server.keys.domain.MasterKid +import java.util.* + + +class BouncyCastleKeyGenerator( + private val keyCryptographicOperations: KeyCryptographicOperations +) : KeyGenerator { + + + override fun dataKeyPairFor(masterKid: MasterKid): DataKey { + val generateRSAKeyPair = keyCryptographicOperations.generateRSAKeyPair() + return DataKey( + keyCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), + Optional.of(generateRSAKeyPair.public.encoded) + ) + } + + override fun dataKeyFor(masterKid: MasterKid): DataKey { + val generateRSAKeyPair = keyCryptographicOperations.generateRSAKeyPair() + return DataKey( + keyCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), + Optional.empty() + ) + } + + + +} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt new file mode 100644 index 00000000..ccbac96f --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt @@ -0,0 +1,14 @@ +package com.vauthenticator.server.keys.adapter.local + +import com.vauthenticator.server.extentions.toSha256 +import com.vauthenticator.server.keys.domain.MasterKid +val toSha256 = "secret".toSha256() + +class BouncyCastleKeyGeneratorMasterKeyRepository { + + //TODO to improve + fun maskerKeyFor(masterKeyId: MasterKid): String { + return toSha256 + } + +} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt new file mode 100644 index 00000000..e4d7965c --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt @@ -0,0 +1,52 @@ +package com.vauthenticator.server.keys.adapter.local + +import com.vauthenticator.server.extentions.decoder +import com.vauthenticator.server.keys.domain.MasterKid +import org.bouncycastle.jce.provider.BouncyCastleProvider +import java.security.KeyPair +import java.security.KeyPairGenerator +import java.security.Security +import java.security.spec.RSAKeyGenParameterSpec +import javax.crypto.Cipher +import javax.crypto.spec.SecretKeySpec + + +class KeyCryptographicOperations( + private val repository: BouncyCastleKeyGeneratorMasterKeyRepository, +) { + companion object { + init { + Security.addProvider(BouncyCastleProvider()); + } + } + + fun generateRSAKeyPair(): KeyPair { + val keyPair: KeyPair + try { + val keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC") + keyPairGenerator.initialize(RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)) + keyPair = keyPairGenerator.generateKeyPair() + } catch (ex: Exception) { + throw IllegalStateException(ex) + } + return keyPair + } + + fun encryptKeyWith(masterKid: MasterKid, encodedPlainText: ByteArray): ByteArray { + val masterKey = repository.maskerKeyFor(masterKid); + val key = SecretKeySpec(masterKey.toByteArray(), "AES") + val cipher = Cipher.getInstance("AES") + cipher.init(Cipher.ENCRYPT_MODE, key) + return cipher.doFinal(decoder.decode(encodedPlainText)) + } + + fun decryptKeyWith(masterKid: MasterKid, encodedEncryptedText: ByteArray): ByteArray { + val masterKey = repository.maskerKeyFor(masterKid); + val key = SecretKeySpec(masterKey.toByteArray(), "AES") + val cipher = Cipher.getInstance("AES") + cipher.init(Cipher.DECRYPT_MODE, key) + return cipher.doFinal(decoder.decode(encodedEncryptedText)) + } + + +} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt index 24c50c34..70b0aa77 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt @@ -35,7 +35,7 @@ import java.util.* class MfaConfig { @Bean("mfaAccountMethodsRepository") - @Profile("!experimental_database_persistence") + @Profile("!aws") fun dynamoDbMfaAccountMethodsRepository( keyRepository: KeyRepository, dynamoDbClient: DynamoDbClient, @@ -52,7 +52,7 @@ class MfaConfig { ) { MfaDeviceId(UUID.randomUUID().toString()) } @Bean("mfaAccountMethodsRepository") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbcMfaAccountMethodsRepository( keyRepository: KeyRepository, jdbcTemplate: JdbcTemplate, diff --git a/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt b/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt index c829b4c6..a55e5215 100644 --- a/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt @@ -29,7 +29,7 @@ class ClientApplicationConfig { @Bean("clientApplicationRepository") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbcClientApplicationRepository(jdbcTemplate: JdbcTemplate, objectMapper: ObjectMapper) : ClientApplicationRepository = JdbcClientApplicationRepository(jdbcTemplate, objectMapper) @@ -39,7 +39,7 @@ class ClientApplicationConfig { havingValue = "false", matchIfMissing = true ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun dynamoDbClientApplicationRepository( dynamoDbClient: DynamoDbClient, @Value("\${vauthenticator.dynamo-db.client-application.table-name}") clientAppTableName: String @@ -51,7 +51,7 @@ class ClientApplicationConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun cachedClientApplicationRepository( dynamoDbClient: DynamoDbClient, clientApplicationCacheOperation: CacheOperation, @@ -70,7 +70,7 @@ class ClientApplicationConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun clientApplicationCacheOperation( redisTemplate: RedisTemplate<*, *>, @Value("\${vauthenticator.dynamo-db.client-application.cache.ttl}") ttl: Duration, diff --git a/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt b/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt index d0ff5f07..d3461e45 100644 --- a/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt @@ -23,7 +23,7 @@ import java.time.Duration class PermissionConfig { @Bean("roleRepository") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbcRoleRepository( jdbcTemplate: JdbcTemplate, @Value("\${vauthenticator.dynamo-db.role.protected-from-delete}") protectedRoleFromDeletion: List @@ -35,7 +35,7 @@ class PermissionConfig { havingValue = "false", matchIfMissing = true ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun dynamoDbRoleRepository( dynamoDbClient: DynamoDbClient, @Value("\${vauthenticator.dynamo-db.role.table-name}") roleTableName: String, @@ -49,7 +49,7 @@ class PermissionConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun cachedDynamoDbRoleRepository( mapper: ObjectMapper, roleCacheOperation: CacheOperation, @@ -68,7 +68,7 @@ class PermissionConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!experimental_database_persistence") + @Profile("!aws") fun roleCacheOperation( redisTemplate: RedisTemplate<*, *>, @Value("\${vauthenticator.dynamo-db.role.cache.ttl}") ttl: Duration, diff --git a/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt b/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt index 803129cd..916ab68d 100644 --- a/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt @@ -20,7 +20,7 @@ import java.util.* class TicketConfig { @Bean("ticketRepository") - @Profile("!experimental_database_persistence") + @Profile("!aws") fun dynamoDbTicketRepository( @Value("\${vauthenticator.dynamo-db.ticket.table-name}") tableName: String, dynamoDbClient: DynamoDbClient @@ -28,7 +28,7 @@ class TicketConfig { @Bean("ticketRepository") - @Profile("experimental_database_persistence") + @Profile("aws") fun jdbCTicketRepository( jdbcTemplate: JdbcTemplate, objectMapper: ObjectMapper diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/kms/KmsKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/kms/KmsKeyGeneratorTest.kt new file mode 100644 index 00000000..c6309e45 --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/kms/KmsKeyGeneratorTest.kt @@ -0,0 +1,8 @@ +package com.vauthenticator.server.keys.adapter.kms + +import org.junit.jupiter.api.Assertions.* + +class KmsKeyGeneratorTest { + + +} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt new file mode 100644 index 00000000..eae7f8ab --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt @@ -0,0 +1,9 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +class BouncyCastleKeyGeneratorTest { + + + +} \ No newline at end of file From b0d617f1771263a58fcb178720d18d0c833af413 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Fri, 1 Nov 2024 11:00:03 +0100 Subject: [PATCH 02/11] WIP key length error fix --- .../local/BouncyCastleKeyGeneratorMasterKeyRepository.kt | 2 +- .../keys/adapter/local/KeyCryptographicOperations.kt | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt index ccbac96f..0e2c0168 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt @@ -2,7 +2,7 @@ package com.vauthenticator.server.keys.adapter.local import com.vauthenticator.server.extentions.toSha256 import com.vauthenticator.server.keys.domain.MasterKid -val toSha256 = "secret".toSha256() +val toSha256 = "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA=" class BouncyCastleKeyGeneratorMasterKeyRepository { diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt index e4d7965c..7d2e9753 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt @@ -33,16 +33,16 @@ class KeyCryptographicOperations( } fun encryptKeyWith(masterKid: MasterKid, encodedPlainText: ByteArray): ByteArray { - val masterKey = repository.maskerKeyFor(masterKid); - val key = SecretKeySpec(masterKey.toByteArray(), "AES") + val masterKey = decoder.decode(repository.maskerKeyFor(masterKid)); + val key = SecretKeySpec(masterKey, "AES") val cipher = Cipher.getInstance("AES") cipher.init(Cipher.ENCRYPT_MODE, key) return cipher.doFinal(decoder.decode(encodedPlainText)) } fun decryptKeyWith(masterKid: MasterKid, encodedEncryptedText: ByteArray): ByteArray { - val masterKey = repository.maskerKeyFor(masterKid); - val key = SecretKeySpec(masterKey.toByteArray(), "AES") + val masterKey = decoder.decode(repository.maskerKeyFor(masterKid)); + val key = SecretKeySpec(masterKey, "AES") val cipher = Cipher.getInstance("AES") cipher.init(Cipher.DECRYPT_MODE, key) return cipher.doFinal(decoder.decode(encodedEncryptedText)) From 6f31c0d5b49338fa901f69fbac96d969bb47ed5a Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sat, 16 Nov 2024 18:46:21 +0100 Subject: [PATCH 03/11] WIP key length error fix --- local-environment/application.yml | 2 +- .../server/config/DatabaseConfig.kt | 2 +- .../vauthenticator/server/keys/KeyConfig.kt | 4 ++-- .../adapter/local/BouncyCastleKeyDecrypter.kt | 2 +- ...cyCastleKeyGeneratorMasterKeyRepository.kt | 1 - .../local/KeyCryptographicOperations.kt | 2 +- .../server/keys/adapter/local/KeyInitJob.kt | 24 +++++++++++++++++++ .../keys/adapter/local/MasterKeyGenrator.kt | 8 +++++++ 8 files changed, 38 insertions(+), 7 deletions(-) create mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt create mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt diff --git a/local-environment/application.yml b/local-environment/application.yml index 0ec0a463..e69d34a2 100644 --- a/local-environment/application.yml +++ b/local-environment/application.yml @@ -141,4 +141,4 @@ spring: password: postgres config: activate: - on-profile: experimental_database_persistence \ No newline at end of file + on-profile: default \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt b/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt index 0041d2cb..a787859d 100644 --- a/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/config/DatabaseConfig.kt @@ -10,6 +10,6 @@ import org.springframework.context.annotation.Profile @Configuration @EnableAutoConfiguration(exclude = [DataSourceAutoConfiguration::class, DataSourceTransactionManagerAutoConfiguration::class, HibernateJpaAutoConfiguration::class]) -@Profile("!aws") +@Profile("aws") class ExcludeDatabaseConfig diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index ffdc8aca..d32bc435 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -47,7 +47,7 @@ class KeyConfig { ) @Bean("keyStorage") - @Profile("!aws") + @Profile("aws") fun dynamoDbKeyStorage( clock: Clock, dynamoDbClient: DynamoDbClient, @@ -56,7 +56,7 @@ class KeyConfig { ) = DynamoDbKeyStorage(clock, dynamoDbClient, signatureTableName, mfaTableName) @Bean("keyStorage") - @Profile("aws") + @Profile("!aws") fun jdbcKeyStorage(jdbcTemplate: JdbcTemplate, clock: Clock) = JdbcKeyStorage(jdbcTemplate, clock) @Bean("keyRepository") diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt index 439d4106..3c2a11ac 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt @@ -6,7 +6,7 @@ import com.vauthenticator.server.keys.domain.MasterKid class BouncyCastleKeyDecrypter(private val keyCryptographicOperations: KeyCryptographicOperations) : KeyDecrypter { override fun decryptKey(encrypted: String): String { - return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKid(""), encrypted.toByteArray())) + return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKeyGenrator.aMasterKey, encrypted.toByteArray())) .decodeToString() } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt index 0e2c0168..5f2ae0d8 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt @@ -1,6 +1,5 @@ package com.vauthenticator.server.keys.adapter.local -import com.vauthenticator.server.extentions.toSha256 import com.vauthenticator.server.keys.domain.MasterKid val toSha256 = "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA=" diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt index 7d2e9753..fc8ebff2 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt @@ -37,7 +37,7 @@ class KeyCryptographicOperations( val key = SecretKeySpec(masterKey, "AES") val cipher = Cipher.getInstance("AES") cipher.init(Cipher.ENCRYPT_MODE, key) - return cipher.doFinal(decoder.decode(encodedPlainText)) + return cipher.doFinal(encodedPlainText) } fun decryptKeyWith(masterKid: MasterKid, encodedEncryptedText: ByteArray): ByteArray { diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt new file mode 100644 index 00000000..90c5f9c4 --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt @@ -0,0 +1,24 @@ +package com.vauthenticator.server.keys.adapter.local + +import com.vauthenticator.server.keys.domain.KeyPurpose +import com.vauthenticator.server.keys.domain.KeyRepository +import com.vauthenticator.server.keys.domain.KeyType +import org.springframework.boot.ApplicationArguments +import org.springframework.boot.ApplicationRunner +import org.springframework.context.annotation.Profile +import org.springframework.stereotype.Service + +@Service +@Profile("!aws") +class KeyInitJob(private val keyRepository: KeyRepository) : ApplicationRunner { + + override fun run(args: ApplicationArguments?) { + val kid = keyRepository.createKeyFrom( + masterKid = MasterKeyGenrator.aMasterKey, + keyPurpose = KeyPurpose.SIGNATURE, + keyType = KeyType.ASYMMETRIC, + ) + println(kid) + } + +} \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt new file mode 100644 index 00000000..7f371042 --- /dev/null +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt @@ -0,0 +1,8 @@ +package com.vauthenticator.server.keys.adapter.local + +import com.vauthenticator.server.keys.domain.MasterKid + +object MasterKeyGenrator { + + val aMasterKey = MasterKid("") +} \ No newline at end of file From 55752205f1d8f9023bba385985b6dd7cea6385cb Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sat, 16 Nov 2024 18:58:31 +0100 Subject: [PATCH 04/11] profile configuration fix --- local-environment/application.yml | 2 +- .../vauthenticator/server/account/AccountConfig.kt | 8 ++++---- .../server/config/AuthorizationServerConfig.kt | 4 ++-- .../com/vauthenticator/server/keys/KeyConfig.kt | 12 ++++++------ .../server/keys/adapter/local/KeyInitJob.kt | 2 +- .../com/vauthenticator/server/mfa/MfaConfig.kt | 4 ++-- .../oauth2/clientapp/ClientApplicationConfig.kt | 8 ++++---- .../vauthenticator/server/role/PermissionConfig.kt | 8 ++++---- .../com/vauthenticator/server/ticket/TicketConfig.kt | 4 ++-- 9 files changed, 26 insertions(+), 26 deletions(-) diff --git a/local-environment/application.yml b/local-environment/application.yml index e69d34a2..b850596d 100644 --- a/local-environment/application.yml +++ b/local-environment/application.yml @@ -141,4 +141,4 @@ spring: password: postgres config: activate: - on-profile: default \ No newline at end of file + on-profile: database \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt b/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt index 6bb6b0d0..a8e18a28 100644 --- a/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/account/AccountConfig.kt @@ -56,7 +56,7 @@ class AccountConfig { @Bean("accountRepository") - @Profile("aws") + @Profile("database") fun jdbcAccountRepository( jdbcTemplate: JdbcTemplate ) = JdbcAccountRepository(jdbcTemplate) @@ -68,7 +68,7 @@ class AccountConfig { havingValue = "false", matchIfMissing = true ) - @Profile("!aws") + @Profile("dynamo") fun dynamoDbAccountRepository( mapper: ObjectMapper, dynamoDbClient: DynamoDbClient, @@ -85,7 +85,7 @@ class AccountConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!aws") + @Profile("dynamo") fun cachedDynamoDbAccountRepository( mapper: ObjectMapper, dynamoDbClient: DynamoDbClient, @@ -106,7 +106,7 @@ class AccountConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!aws") + @Profile("dynamo") fun accountCacheOperation( redisTemplate: RedisTemplate<*, *>, @Value("\${vauthenticator.dynamo-db.account.cache.ttl}") ttl: Duration, diff --git a/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt b/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt index 61f3dd62..64517074 100644 --- a/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/config/AuthorizationServerConfig.kt @@ -98,14 +98,14 @@ class AuthorizationServerConfig { } @Bean("oAuth2AuthorizationService") - @Profile("!aws") + @Profile("!database") fun redisOAuth2AuthorizationService(redisTemplate: RedisTemplate): OAuth2AuthorizationService { return RedisOAuth2AuthorizationService(redisTemplate) } @Bean("oAuth2AuthorizationService") - @Profile("aws") + @Profile("database") fun jdbcOAuth2AuthorizationService( jdbcTemplate : JdbcTemplate, registeredClientRepository : RegisteredClientRepository diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index d32bc435..d02d1e91 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -22,11 +22,11 @@ import java.util.* @Configuration(proxyBeanMethods = false) class KeyConfig { - @Profile("aws") + @Profile("kms") @Bean("keyGenerator") fun kmsKeyGenerator(kmsClient: KmsClient): KeyGenerator = KmsKeyGenerator(kmsClient) - @Profile("!aws") + @Profile("!kms") @Bean("keyGenerator") fun bouncyCastleKeyGenerator(kmsClient: KmsClient): KeyGenerator = BouncyCastleKeyGenerator( KeyCryptographicOperations( @@ -34,11 +34,11 @@ class KeyConfig { ) ) - @Profile("aws") + @Profile("kms") @Bean("keyDecrypter") fun kmsKeyDecrypter(kmsClient: KmsClient): KeyDecrypter = KmsKeyDecrypter(kmsClient) - @Profile("!aws") + @Profile("!kms") @Bean("keyDecrypter") fun bouncyCastleKeyDecrypter(): KeyDecrypter = BouncyCastleKeyDecrypter( KeyCryptographicOperations( @@ -47,7 +47,7 @@ class KeyConfig { ) @Bean("keyStorage") - @Profile("aws") + @Profile("dynamo") fun dynamoDbKeyStorage( clock: Clock, dynamoDbClient: DynamoDbClient, @@ -56,7 +56,7 @@ class KeyConfig { ) = DynamoDbKeyStorage(clock, dynamoDbClient, signatureTableName, mfaTableName) @Bean("keyStorage") - @Profile("!aws") + @Profile("database") fun jdbcKeyStorage(jdbcTemplate: JdbcTemplate, clock: Clock) = JdbcKeyStorage(jdbcTemplate, clock) @Bean("keyRepository") diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt index 90c5f9c4..dd7f6459 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt @@ -9,7 +9,7 @@ import org.springframework.context.annotation.Profile import org.springframework.stereotype.Service @Service -@Profile("!aws") +@Profile("!kms") class KeyInitJob(private val keyRepository: KeyRepository) : ApplicationRunner { override fun run(args: ApplicationArguments?) { diff --git a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt index 70b0aa77..b7f8d048 100644 --- a/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/mfa/MfaConfig.kt @@ -35,7 +35,7 @@ import java.util.* class MfaConfig { @Bean("mfaAccountMethodsRepository") - @Profile("!aws") + @Profile("dynamo") fun dynamoDbMfaAccountMethodsRepository( keyRepository: KeyRepository, dynamoDbClient: DynamoDbClient, @@ -52,7 +52,7 @@ class MfaConfig { ) { MfaDeviceId(UUID.randomUUID().toString()) } @Bean("mfaAccountMethodsRepository") - @Profile("aws") + @Profile("database") fun jdbcMfaAccountMethodsRepository( keyRepository: KeyRepository, jdbcTemplate: JdbcTemplate, diff --git a/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt b/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt index a55e5215..6ecdfda8 100644 --- a/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/oauth2/clientapp/ClientApplicationConfig.kt @@ -29,7 +29,7 @@ class ClientApplicationConfig { @Bean("clientApplicationRepository") - @Profile("aws") + @Profile("database") fun jdbcClientApplicationRepository(jdbcTemplate: JdbcTemplate, objectMapper: ObjectMapper) : ClientApplicationRepository = JdbcClientApplicationRepository(jdbcTemplate, objectMapper) @@ -39,7 +39,7 @@ class ClientApplicationConfig { havingValue = "false", matchIfMissing = true ) - @Profile("!aws") + @Profile("dynamo") fun dynamoDbClientApplicationRepository( dynamoDbClient: DynamoDbClient, @Value("\${vauthenticator.dynamo-db.client-application.table-name}") clientAppTableName: String @@ -51,7 +51,7 @@ class ClientApplicationConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!aws") + @Profile("dynamo") fun cachedClientApplicationRepository( dynamoDbClient: DynamoDbClient, clientApplicationCacheOperation: CacheOperation, @@ -70,7 +70,7 @@ class ClientApplicationConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!aws") + @Profile("dynamo") fun clientApplicationCacheOperation( redisTemplate: RedisTemplate<*, *>, @Value("\${vauthenticator.dynamo-db.client-application.cache.ttl}") ttl: Duration, diff --git a/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt b/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt index d3461e45..d6780781 100644 --- a/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/role/PermissionConfig.kt @@ -23,7 +23,7 @@ import java.time.Duration class PermissionConfig { @Bean("roleRepository") - @Profile("aws") + @Profile("database") fun jdbcRoleRepository( jdbcTemplate: JdbcTemplate, @Value("\${vauthenticator.dynamo-db.role.protected-from-delete}") protectedRoleFromDeletion: List @@ -35,7 +35,7 @@ class PermissionConfig { havingValue = "false", matchIfMissing = true ) - @Profile("!aws") + @Profile("dynamo") fun dynamoDbRoleRepository( dynamoDbClient: DynamoDbClient, @Value("\${vauthenticator.dynamo-db.role.table-name}") roleTableName: String, @@ -49,7 +49,7 @@ class PermissionConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!aws") + @Profile("dynamo") fun cachedDynamoDbRoleRepository( mapper: ObjectMapper, roleCacheOperation: CacheOperation, @@ -68,7 +68,7 @@ class PermissionConfig { havingValue = "true", matchIfMissing = false ) - @Profile("!aws") + @Profile("dynamo") fun roleCacheOperation( redisTemplate: RedisTemplate<*, *>, @Value("\${vauthenticator.dynamo-db.role.cache.ttl}") ttl: Duration, diff --git a/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt b/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt index 916ab68d..3e501db3 100644 --- a/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/ticket/TicketConfig.kt @@ -20,7 +20,7 @@ import java.util.* class TicketConfig { @Bean("ticketRepository") - @Profile("!aws") + @Profile("dynamo") fun dynamoDbTicketRepository( @Value("\${vauthenticator.dynamo-db.ticket.table-name}") tableName: String, dynamoDbClient: DynamoDbClient @@ -28,7 +28,7 @@ class TicketConfig { @Bean("ticketRepository") - @Profile("aws") + @Profile("database") fun jdbCTicketRepository( jdbcTemplate: JdbcTemplate, objectMapper: ObjectMapper From f85410ebe812a8965a6e4d50161a764d1984cf62 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sat, 16 Nov 2024 23:28:40 +0100 Subject: [PATCH 05/11] WIP getting rid to hardcoded key in the code. Now it is in the local sample config --- local-environment/application.yml | 5 ++++ .../vauthenticator/server/keys/KeyConfig.kt | 20 ++++++++----- .../adapter/local/BouncyCastleKeyDecrypter.kt | 8 +++-- ...cyCastleKeyGeneratorMasterKeyRepository.kt | 25 +++++++++++++--- .../server/keys/adapter/local/KeyInitJob.kt | 29 ++++++++++++------- .../keys/adapter/local/MasterKeyGenrator.kt | 8 ----- .../local/BouncyCastleKeyDecrypterTest.kt | 8 +++++ ...stleKeyGeneratorMasterKeyRepositoryTest.kt | 6 ++++ .../local/BouncyCastleKeyGeneratorTest.kt | 7 ++--- .../local/KeyCryptographicOperationsTest.kt | 6 ++++ 10 files changed, 84 insertions(+), 38 deletions(-) delete mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt diff --git a/local-environment/application.yml b/local-environment/application.yml index b850596d..fe1a62dc 100644 --- a/local-environment/application.yml +++ b/local-environment/application.yml @@ -19,6 +19,11 @@ mfa: otp: length: 6 timeToLiveInSeconds: 600 +key: + master-key: + storage: + content: + key : "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA=" document: engine: file-system diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index d02d1e91..530154c9 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -4,10 +4,7 @@ import com.vauthenticator.server.keys.adapter.dynamo.DynamoDbKeyStorage import com.vauthenticator.server.keys.adapter.jdbc.JdbcKeyStorage import com.vauthenticator.server.keys.adapter.kms.KmsKeyDecrypter import com.vauthenticator.server.keys.adapter.kms.KmsKeyGenerator -import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyDecrypter -import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGenerator -import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGeneratorMasterKeyRepository -import com.vauthenticator.server.keys.adapter.local.KeyCryptographicOperations +import com.vauthenticator.server.keys.adapter.local.* import com.vauthenticator.server.keys.domain.* import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean @@ -28,9 +25,12 @@ class KeyConfig { @Profile("!kms") @Bean("keyGenerator") - fun bouncyCastleKeyGenerator(kmsClient: KmsClient): KeyGenerator = BouncyCastleKeyGenerator( + fun bouncyCastleKeyGenerator( + kmsClient: KmsClient, + storage: BouncyCastleKeyGeneratorMasterKeyStorage + ): KeyGenerator = BouncyCastleKeyGenerator( KeyCryptographicOperations( - BouncyCastleKeyGeneratorMasterKeyRepository() + BouncyCastleKeyGeneratorMasterKeyRepository(storage) ) ) @@ -40,9 +40,13 @@ class KeyConfig { @Profile("!kms") @Bean("keyDecrypter") - fun bouncyCastleKeyDecrypter(): KeyDecrypter = BouncyCastleKeyDecrypter( + fun bouncyCastleKeyDecrypter( + @Value("\${key.master-key}") maserKid: String, + storage: BouncyCastleKeyGeneratorMasterKeyStorage + ): KeyDecrypter = BouncyCastleKeyDecrypter( + maserKid, KeyCryptographicOperations( - BouncyCastleKeyGeneratorMasterKeyRepository() + BouncyCastleKeyGeneratorMasterKeyRepository(storage) ) ) diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt index 3c2a11ac..536a35dc 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt @@ -3,10 +3,14 @@ package com.vauthenticator.server.keys.adapter.local import com.vauthenticator.server.extentions.encoder import com.vauthenticator.server.keys.domain.KeyDecrypter import com.vauthenticator.server.keys.domain.MasterKid +import org.springframework.beans.factory.annotation.Value -class BouncyCastleKeyDecrypter(private val keyCryptographicOperations: KeyCryptographicOperations) : KeyDecrypter { +class BouncyCastleKeyDecrypter( + private val maserKid: String, + private val keyCryptographicOperations: KeyCryptographicOperations +) : KeyDecrypter { override fun decryptKey(encrypted: String): String { - return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKeyGenrator.aMasterKey, encrypted.toByteArray())) + return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray())) .decodeToString() } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt index 5f2ae0d8..7ef66262 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt @@ -1,13 +1,30 @@ package com.vauthenticator.server.keys.adapter.local import com.vauthenticator.server.keys.domain.MasterKid -val toSha256 = "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA=" +import org.springframework.boot.context.properties.ConfigurationProperties +import org.springframework.boot.context.properties.EnableConfigurationProperties +import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.Profile -class BouncyCastleKeyGeneratorMasterKeyRepository { - //TODO to improve +class BouncyCastleKeyGeneratorMasterKeyRepository( + val storage: BouncyCastleKeyGeneratorMasterKeyStorage +) { + fun maskerKeyFor(masterKeyId: MasterKid): String { - return toSha256 + return storage.content[masterKeyId.content()]!! } +} + +@Profile("!kms") +@Configuration(proxyBeanMethods = false) +@EnableConfigurationProperties(BouncyCastleKeyGeneratorMasterKeyStorage::class) +class BouncyCastleKeyGeneratorMasterKeyRepositoryConfig { + +} + +@ConfigurationProperties(prefix = "key.master-key.storage") +data class BouncyCastleKeyGeneratorMasterKeyStorage(val content: Map) { + } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt index dd7f6459..32be45b8 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt @@ -1,8 +1,7 @@ package com.vauthenticator.server.keys.adapter.local -import com.vauthenticator.server.keys.domain.KeyPurpose -import com.vauthenticator.server.keys.domain.KeyRepository -import com.vauthenticator.server.keys.domain.KeyType +import com.vauthenticator.server.keys.domain.* +import org.springframework.beans.factory.annotation.Value import org.springframework.boot.ApplicationArguments import org.springframework.boot.ApplicationRunner import org.springframework.context.annotation.Profile @@ -10,15 +9,23 @@ import org.springframework.stereotype.Service @Service @Profile("!kms") -class KeyInitJob(private val keyRepository: KeyRepository) : ApplicationRunner { +class KeyInitJob( + @Value("\${key.master-key}") private val maserKid: String, + private val keyStorage: KeyStorage, + private val keyRepository: KeyRepository +) : ApplicationRunner { + + override fun run(args: ApplicationArguments) { + + if (keyStorage.signatureKeys().keys.isEmpty()) { + val kid = keyRepository.createKeyFrom( + masterKid = MasterKid(maserKid), + keyPurpose = KeyPurpose.SIGNATURE, + keyType = KeyType.ASYMMETRIC, + ) + println(kid) + } - override fun run(args: ApplicationArguments?) { - val kid = keyRepository.createKeyFrom( - masterKid = MasterKeyGenrator.aMasterKey, - keyPurpose = KeyPurpose.SIGNATURE, - keyType = KeyType.ASYMMETRIC, - ) - println(kid) } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt deleted file mode 100644 index 7f371042..00000000 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt +++ /dev/null @@ -1,8 +0,0 @@ -package com.vauthenticator.server.keys.adapter.local - -import com.vauthenticator.server.keys.domain.MasterKid - -object MasterKeyGenrator { - - val aMasterKey = MasterKid("") -} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt new file mode 100644 index 00000000..1ee6533f --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt @@ -0,0 +1,8 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +// TODO +class BouncyCastleKeyDecrypterTest { + +} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt new file mode 100644 index 00000000..fcca4002 --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt @@ -0,0 +1,6 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +//todo +class BouncyCastleKeyGeneratorMasterKeyRepositoryTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt index eae7f8ab..9a531bfe 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt @@ -2,8 +2,5 @@ package com.vauthenticator.server.keys.adapter.local import org.junit.jupiter.api.Assertions.* -class BouncyCastleKeyGeneratorTest { - - - -} \ No newline at end of file +//todo +class BouncyCastleKeyGeneratorTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt new file mode 100644 index 00000000..5bbb1b5c --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt @@ -0,0 +1,6 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +//todo +class KeyCryptographicOperationsTest \ No newline at end of file From 2d55c1291f9b16c90cdb509aa486ad0c15252ec9 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 17 Nov 2024 22:08:34 +0100 Subject: [PATCH 06/11] renaming unite test coverage --- .../vauthenticator/server/keys/KeyConfig.kt | 18 +++++----- .../JavaSecurityKeyDecrypter.kt} | 5 ++- .../JavaSecurityKeyGenerator.kt} | 4 +-- .../KeyCryptographicOperations.kt | 6 ++-- .../KeyGeneratorMasterKeyRepository.kt} | 12 +++---- .../adapter/{local => java}/KeyInitJob.kt | 2 +- .../java/JavaSecurityKeyDecrypterTest.kt | 33 +++++++++++++++++++ .../java/JavaSecurityKeyGeneratorTest.kt | 4 +++ .../java/KeyCryptographicOperationsTest.kt | 4 +++ .../KeyGeneratorMasterKeyRepositoryTest.kt | 4 +++ .../local/BouncyCastleKeyDecrypterTest.kt | 8 ----- ...stleKeyGeneratorMasterKeyRepositoryTest.kt | 6 ---- .../local/BouncyCastleKeyGeneratorTest.kt | 6 ---- .../local/KeyCryptographicOperationsTest.kt | 6 ---- 14 files changed, 68 insertions(+), 50 deletions(-) rename src/main/kotlin/com/vauthenticator/server/keys/adapter/{local/BouncyCastleKeyDecrypter.kt => java/JavaSecurityKeyDecrypter.kt} (77%) rename src/main/kotlin/com/vauthenticator/server/keys/adapter/{local/BouncyCastleKeyGenerator.kt => java/JavaSecurityKeyGenerator.kt} (91%) rename src/main/kotlin/com/vauthenticator/server/keys/adapter/{local => java}/KeyCryptographicOperations.kt (89%) rename src/main/kotlin/com/vauthenticator/server/keys/adapter/{local/BouncyCastleKeyGeneratorMasterKeyRepository.kt => java/KeyGeneratorMasterKeyRepository.kt} (59%) rename src/main/kotlin/com/vauthenticator/server/keys/adapter/{local => java}/KeyInitJob.kt (94%) create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt delete mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt delete mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt delete mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt delete mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index 530154c9..78155565 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -4,7 +4,7 @@ import com.vauthenticator.server.keys.adapter.dynamo.DynamoDbKeyStorage import com.vauthenticator.server.keys.adapter.jdbc.JdbcKeyStorage import com.vauthenticator.server.keys.adapter.kms.KmsKeyDecrypter import com.vauthenticator.server.keys.adapter.kms.KmsKeyGenerator -import com.vauthenticator.server.keys.adapter.local.* +import com.vauthenticator.server.keys.adapter.java.* import com.vauthenticator.server.keys.domain.* import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean @@ -25,12 +25,12 @@ class KeyConfig { @Profile("!kms") @Bean("keyGenerator") - fun bouncyCastleKeyGenerator( + fun JavaSecurityKeyGenerator( kmsClient: KmsClient, - storage: BouncyCastleKeyGeneratorMasterKeyStorage - ): KeyGenerator = BouncyCastleKeyGenerator( + storage: KeyGeneratorMasterKeyStorage + ): KeyGenerator = JavaSecurityKeyGenerator( KeyCryptographicOperations( - BouncyCastleKeyGeneratorMasterKeyRepository(storage) + KeyGeneratorMasterKeyRepository(storage) ) ) @@ -40,13 +40,13 @@ class KeyConfig { @Profile("!kms") @Bean("keyDecrypter") - fun bouncyCastleKeyDecrypter( + fun JavaSecurityKeyDecrypter( @Value("\${key.master-key}") maserKid: String, - storage: BouncyCastleKeyGeneratorMasterKeyStorage - ): KeyDecrypter = BouncyCastleKeyDecrypter( + storage: KeyGeneratorMasterKeyStorage + ): KeyDecrypter = JavaSecurityKeyDecrypter( maserKid, KeyCryptographicOperations( - BouncyCastleKeyGeneratorMasterKeyRepository(storage) + KeyGeneratorMasterKeyRepository(storage) ) ) diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt similarity index 77% rename from src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt rename to src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt index 536a35dc..a3ed3ccb 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt @@ -1,11 +1,10 @@ -package com.vauthenticator.server.keys.adapter.local +package com.vauthenticator.server.keys.adapter.java import com.vauthenticator.server.extentions.encoder import com.vauthenticator.server.keys.domain.KeyDecrypter import com.vauthenticator.server.keys.domain.MasterKid -import org.springframework.beans.factory.annotation.Value -class BouncyCastleKeyDecrypter( +class JavaSecurityKeyDecrypter( private val maserKid: String, private val keyCryptographicOperations: KeyCryptographicOperations ) : KeyDecrypter { diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt similarity index 91% rename from src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt rename to src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt index 60854ae4..746b05a2 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGenerator.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.keys.adapter.local +package com.vauthenticator.server.keys.adapter.java import com.vauthenticator.server.keys.domain.DataKey import com.vauthenticator.server.keys.domain.KeyGenerator @@ -6,7 +6,7 @@ import com.vauthenticator.server.keys.domain.MasterKid import java.util.* -class BouncyCastleKeyGenerator( +class JavaSecurityKeyGenerator( private val keyCryptographicOperations: KeyCryptographicOperations ) : KeyGenerator { diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperations.kt similarity index 89% rename from src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt rename to src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperations.kt index fc8ebff2..9b65acfe 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperations.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperations.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.keys.adapter.local +package com.vauthenticator.server.keys.adapter.java import com.vauthenticator.server.extentions.decoder import com.vauthenticator.server.keys.domain.MasterKid @@ -12,11 +12,11 @@ import javax.crypto.spec.SecretKeySpec class KeyCryptographicOperations( - private val repository: BouncyCastleKeyGeneratorMasterKeyRepository, + private val repository: KeyGeneratorMasterKeyRepository ) { companion object { init { - Security.addProvider(BouncyCastleProvider()); + Security.addProvider(BouncyCastleProvider()) } } diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepository.kt similarity index 59% rename from src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt rename to src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepository.kt index 7ef66262..e5596f15 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepository.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.keys.adapter.local +package com.vauthenticator.server.keys.adapter.java import com.vauthenticator.server.keys.domain.MasterKid import org.springframework.boot.context.properties.ConfigurationProperties @@ -7,8 +7,8 @@ import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Profile -class BouncyCastleKeyGeneratorMasterKeyRepository( - val storage: BouncyCastleKeyGeneratorMasterKeyStorage +class KeyGeneratorMasterKeyRepository( + val storage: KeyGeneratorMasterKeyStorage ) { fun maskerKeyFor(masterKeyId: MasterKid): String { @@ -19,12 +19,12 @@ class BouncyCastleKeyGeneratorMasterKeyRepository( @Profile("!kms") @Configuration(proxyBeanMethods = false) -@EnableConfigurationProperties(BouncyCastleKeyGeneratorMasterKeyStorage::class) -class BouncyCastleKeyGeneratorMasterKeyRepositoryConfig { +@EnableConfigurationProperties(KeyGeneratorMasterKeyStorage::class) +class KeyGeneratorMasterKeyRepositoryConfig { } @ConfigurationProperties(prefix = "key.master-key.storage") -data class BouncyCastleKeyGeneratorMasterKeyStorage(val content: Map) { +data class KeyGeneratorMasterKeyStorage(val content: Map) { } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyInitJob.kt similarity index 94% rename from src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt rename to src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyInitJob.kt index 32be45b8..58077ddc 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyInitJob.kt @@ -1,4 +1,4 @@ -package com.vauthenticator.server.keys.adapter.local +package com.vauthenticator.server.keys.adapter.java import com.vauthenticator.server.keys.domain.* import org.springframework.beans.factory.annotation.Value diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt new file mode 100644 index 00000000..320e38aa --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt @@ -0,0 +1,33 @@ +package com.vauthenticator.server.keys.adapter.java + +import com.vauthenticator.server.extentions.encoder +import com.vauthenticator.server.keys.domain.MasterKid +import io.mockk.every +import io.mockk.impl.annotations.MockK +import io.mockk.junit5.MockKExtension +import org.junit.jupiter.api.Assertions +import org.junit.jupiter.api.Test +import org.junit.jupiter.api.extension.ExtendWith + +@ExtendWith(MockKExtension::class) +class JavaSecurityKeyDecrypterTest { + + @MockK + lateinit var keyCryptographicOperations: KeyCryptographicOperations + + @Test + fun `happy path`() { + val encrypted = "AN_ENCRYPTED_VALUE" + val decrypted = "AN_UNENCRYPTED_VALUE".toByteArray() + val maserKid = "A_MASTER_KEY" + + val uut = JavaSecurityKeyDecrypter(maserKid, keyCryptographicOperations) + + every { keyCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray()) } returns decrypted + + val actual = uut.decryptKey(encrypted) + val expected = encoder.encode(decrypted).decodeToString() + + Assertions.assertEquals(expected, actual) + } +} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt new file mode 100644 index 00000000..7515e171 --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt @@ -0,0 +1,4 @@ +package com.vauthenticator.server.keys.adapter.java + +//todo +class JavaSecurityKeyGeneratorTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt new file mode 100644 index 00000000..2f7be0e3 --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt @@ -0,0 +1,4 @@ +package com.vauthenticator.server.keys.adapter.java + +//todo +class KeyCryptographicOperationsTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt new file mode 100644 index 00000000..55bd414f --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt @@ -0,0 +1,4 @@ +package com.vauthenticator.server.keys.adapter.java + +//todo +class KeyGeneratorMasterKeyRepositoryTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt deleted file mode 100644 index 1ee6533f..00000000 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt +++ /dev/null @@ -1,8 +0,0 @@ -package com.vauthenticator.server.keys.adapter.local - -import org.junit.jupiter.api.Assertions.* - -// TODO -class BouncyCastleKeyDecrypterTest { - -} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt deleted file mode 100644 index fcca4002..00000000 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt +++ /dev/null @@ -1,6 +0,0 @@ -package com.vauthenticator.server.keys.adapter.local - -import org.junit.jupiter.api.Assertions.* - -//todo -class BouncyCastleKeyGeneratorMasterKeyRepositoryTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt deleted file mode 100644 index 9a531bfe..00000000 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt +++ /dev/null @@ -1,6 +0,0 @@ -package com.vauthenticator.server.keys.adapter.local - -import org.junit.jupiter.api.Assertions.* - -//todo -class BouncyCastleKeyGeneratorTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt deleted file mode 100644 index 5bbb1b5c..00000000 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt +++ /dev/null @@ -1,6 +0,0 @@ -package com.vauthenticator.server.keys.adapter.local - -import org.junit.jupiter.api.Assertions.* - -//todo -class KeyCryptographicOperationsTest \ No newline at end of file From e9195736846a0cc102e0e9e3aacf5117683e2b4e Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 17 Nov 2024 23:06:46 +0100 Subject: [PATCH 07/11] WIP --- .../java/JavaSecurityKeyGeneratorTest.kt | 44 ++++++++++++++++++- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt index 7515e171..36f97c35 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt @@ -1,4 +1,44 @@ package com.vauthenticator.server.keys.adapter.java -//todo -class JavaSecurityKeyGeneratorTest \ No newline at end of file +import com.vauthenticator.server.extentions.encoder +import com.vauthenticator.server.keys.domain.DataKey +import com.vauthenticator.server.keys.domain.MasterKid +import io.mockk.every +import io.mockk.impl.annotations.MockK +import io.mockk.junit5.MockKExtension +import io.mockk.mockk +import org.junit.jupiter.api.Test +import org.junit.jupiter.api.extension.ExtendWith +import java.security.KeyPair + +@ExtendWith(MockKExtension::class) +class JavaSecurityKeyGeneratorTest { + + @MockK + lateinit var keyCryptographicOperations: KeyCryptographicOperations + + /* + * + val generateRSAKeyPair = keyCryptographicOperations.generateRSAKeyPair() + return DataKey( + keyCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), + Optional.empty() + ) + * */ + @Test + fun `when a new data key is created`() { + val uut = JavaSecurityKeyGenerator(keyCryptographicOperations) + val masterKid = MasterKid("A_MASTER_KEY") + val keyPair = mockk() + val anEncryptedValueAsByteArray = "AN_ENCRYPTED_VALUE".toByteArray() + + every { keyCryptographicOperations.generateRSAKeyPair() } returns keyPair + every { keyPair.private } returns mockk { + every { keyPair.private.encoded } returns anEncryptedValueAsByteArray + } + every { keyCryptographicOperations.encryptKeyWith(masterKid, anEncryptedValueAsByteArray) } returns anEncryptedValueAsByteArray + + val actual = uut.dataKeyFor(masterKid) + val expected = DataKey.from() + } +} \ No newline at end of file From 13ad188eefffd8af74f23f499b959c16c1e2fdef Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sun, 17 Nov 2024 23:17:43 +0100 Subject: [PATCH 08/11] test coverage --- .../java/JavaSecurityKeyGeneratorTest.kt | 72 ++++++++++++++----- 1 file changed, 56 insertions(+), 16 deletions(-) diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt index 36f97c35..008d81d1 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt @@ -7,9 +7,13 @@ import io.mockk.every import io.mockk.impl.annotations.MockK import io.mockk.junit5.MockKExtension import io.mockk.mockk +import org.junit.jupiter.api.Assertions +import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Test import org.junit.jupiter.api.extension.ExtendWith import java.security.KeyPair +import java.security.PrivateKey +import java.security.PublicKey @ExtendWith(MockKExtension::class) class JavaSecurityKeyGeneratorTest { @@ -17,28 +21,64 @@ class JavaSecurityKeyGeneratorTest { @MockK lateinit var keyCryptographicOperations: KeyCryptographicOperations - /* - * - val generateRSAKeyPair = keyCryptographicOperations.generateRSAKeyPair() - return DataKey( - keyCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), - Optional.empty() - ) - * */ + private val masterKid = MasterKid("A_MASTER_KEY") + private val anEncryptedPrivateKEyValueAsByteArray = "AN_ENCRYPTED_PRIVATE_KEY_VALUE".toByteArray() + private val aPublicKeyValueAsByteArray = "A_PUBLIC_KEY_VALUE".toByteArray() + + lateinit var uut: JavaSecurityKeyGenerator + + @BeforeEach + fun setUp() { + uut = JavaSecurityKeyGenerator(keyCryptographicOperations) + } + @Test fun `when a new data key is created`() { - val uut = JavaSecurityKeyGenerator(keyCryptographicOperations) - val masterKid = MasterKid("A_MASTER_KEY") val keyPair = mockk() - val anEncryptedValueAsByteArray = "AN_ENCRYPTED_VALUE".toByteArray() + val privateKey = mockk() every { keyCryptographicOperations.generateRSAKeyPair() } returns keyPair - every { keyPair.private } returns mockk { - every { keyPair.private.encoded } returns anEncryptedValueAsByteArray - } - every { keyCryptographicOperations.encryptKeyWith(masterKid, anEncryptedValueAsByteArray) } returns anEncryptedValueAsByteArray + every { keyPair.private } returns privateKey + every { privateKey.encoded } returns anEncryptedPrivateKEyValueAsByteArray + + every { + keyCryptographicOperations.encryptKeyWith( + masterKid, + anEncryptedPrivateKEyValueAsByteArray + ) + } returns anEncryptedPrivateKEyValueAsByteArray val actual = uut.dataKeyFor(masterKid) - val expected = DataKey.from() + val expected = DataKey.from(encoder.encode(anEncryptedPrivateKEyValueAsByteArray).decodeToString(), "") + Assertions.assertEquals(expected, actual) + } + + + @Test + fun `when a new data key pair is created`() { + val keyPair = mockk() + val privateKey = mockk() + val publicKey = mockk() + + every { keyCryptographicOperations.generateRSAKeyPair() } returns keyPair + every { keyPair.private } returns privateKey + every { privateKey.encoded } returns anEncryptedPrivateKEyValueAsByteArray + + every { keyPair.public } returns publicKey + every { publicKey.encoded } returns aPublicKeyValueAsByteArray + + every { + keyCryptographicOperations.encryptKeyWith( + masterKid, + anEncryptedPrivateKEyValueAsByteArray + ) + } returns anEncryptedPrivateKEyValueAsByteArray + + val actual = uut.dataKeyPairFor(masterKid) + val expected = DataKey.from( + encoder.encode(anEncryptedPrivateKEyValueAsByteArray).decodeToString(), + encoder.encode(aPublicKeyValueAsByteArray).decodeToString() + ) + Assertions.assertEquals(expected, actual) } } \ No newline at end of file From df4fe43b5063050b89fa2474e46375f7be504967 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Mon, 18 Nov 2024 23:19:34 +0100 Subject: [PATCH 09/11] test coverage --- .../vauthenticator/server/keys/KeyConfig.kt | 4 +- ...=> JavaSecurityCryptographicOperations.kt} | 2 +- .../adapter/java/JavaSecurityKeyDecrypter.kt | 4 +- .../adapter/java/JavaSecurityKeyGenerator.kt | 10 +-- ...JavaSecurityCryptographicOperationsTest.kt | 81 +++++++++++++++++++ .../java/JavaSecurityKeyDecrypterTest.kt | 6 +- .../java/JavaSecurityKeyGeneratorTest.kt | 12 +-- .../java/KeyCryptographicOperationsTest.kt | 4 - 8 files changed, 100 insertions(+), 23 deletions(-) rename src/main/kotlin/com/vauthenticator/server/keys/adapter/java/{KeyCryptographicOperations.kt => JavaSecurityCryptographicOperations.kt} (97%) create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperationsTest.kt delete mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index 78155565..ce7a88c4 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -29,7 +29,7 @@ class KeyConfig { kmsClient: KmsClient, storage: KeyGeneratorMasterKeyStorage ): KeyGenerator = JavaSecurityKeyGenerator( - KeyCryptographicOperations( + JavaSecurityCryptographicOperations( KeyGeneratorMasterKeyRepository(storage) ) ) @@ -45,7 +45,7 @@ class KeyConfig { storage: KeyGeneratorMasterKeyStorage ): KeyDecrypter = JavaSecurityKeyDecrypter( maserKid, - KeyCryptographicOperations( + JavaSecurityCryptographicOperations( KeyGeneratorMasterKeyRepository(storage) ) ) diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperations.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperations.kt similarity index 97% rename from src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperations.kt rename to src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperations.kt index 9b65acfe..32f65301 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperations.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperations.kt @@ -11,7 +11,7 @@ import javax.crypto.Cipher import javax.crypto.spec.SecretKeySpec -class KeyCryptographicOperations( +class JavaSecurityCryptographicOperations( private val repository: KeyGeneratorMasterKeyRepository ) { companion object { diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt index a3ed3ccb..570019d4 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypter.kt @@ -6,10 +6,10 @@ import com.vauthenticator.server.keys.domain.MasterKid class JavaSecurityKeyDecrypter( private val maserKid: String, - private val keyCryptographicOperations: KeyCryptographicOperations + private val javaSecurityCryptographicOperations: JavaSecurityCryptographicOperations ) : KeyDecrypter { override fun decryptKey(encrypted: String): String { - return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray())) + return encoder.encode(javaSecurityCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray())) .decodeToString() } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt index 746b05a2..5f541e93 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGenerator.kt @@ -7,22 +7,22 @@ import java.util.* class JavaSecurityKeyGenerator( - private val keyCryptographicOperations: KeyCryptographicOperations + private val javaSecurityCryptographicOperations: JavaSecurityCryptographicOperations ) : KeyGenerator { override fun dataKeyPairFor(masterKid: MasterKid): DataKey { - val generateRSAKeyPair = keyCryptographicOperations.generateRSAKeyPair() + val generateRSAKeyPair = javaSecurityCryptographicOperations.generateRSAKeyPair() return DataKey( - keyCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), + javaSecurityCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), Optional.of(generateRSAKeyPair.public.encoded) ) } override fun dataKeyFor(masterKid: MasterKid): DataKey { - val generateRSAKeyPair = keyCryptographicOperations.generateRSAKeyPair() + val generateRSAKeyPair = javaSecurityCryptographicOperations.generateRSAKeyPair() return DataKey( - keyCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), + javaSecurityCryptographicOperations.encryptKeyWith(masterKid, generateRSAKeyPair.private.encoded), Optional.empty() ) } diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperationsTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperationsTest.kt new file mode 100644 index 00000000..352eecfc --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityCryptographicOperationsTest.kt @@ -0,0 +1,81 @@ +package com.vauthenticator.server.keys.adapter.java + +import com.vauthenticator.server.extentions.decoder +import com.vauthenticator.server.support.KeysUtils +import io.mockk.* +import io.mockk.impl.annotations.MockK +import io.mockk.junit5.MockKExtension +import org.junit.jupiter.api.Assertions +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.Test +import org.junit.jupiter.api.extension.ExtendWith +import java.security.KeyPair +import java.security.KeyPairGenerator +import java.security.spec.RSAKeyGenParameterSpec +import javax.crypto.Cipher +import javax.crypto.spec.SecretKeySpec + +@ExtendWith(MockKExtension::class) +class JavaSecurityCryptographicOperationsTest { + + @MockK + lateinit var repository: KeyGeneratorMasterKeyRepository + + lateinit var uut: JavaSecurityCryptographicOperations + + @BeforeEach + fun setUp() { + uut = JavaSecurityCryptographicOperations(repository) + } + + @Test + fun `when a new rsa key pair is created`() { + mockkStatic(KeyPairGenerator::class) + val expected = mockk() + val generator = mockk(relaxed = true) + every { KeyPairGenerator.getInstance("RSA", "BC") } returns generator + every { generator.initialize(RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)) } just runs + every { generator.generateKeyPair() } returns expected + + val actual = uut.generateRSAKeyPair() + Assertions.assertEquals(expected, actual) + } + + @Test + fun `when an encoded plain text is encrypted with some master key`() { + val expected = "ENCRYPTED_DATA".toByteArray() + val encodedPlainText = "INPUT_TEXT".toByteArray() + val masterKeyValue = "QV9LRVk=" + val key = SecretKeySpec(decoder.decode(masterKeyValue), "AES") + val cipher = mockk(relaxed = true) + mockkStatic(Cipher::class) + + every { repository.maskerKeyFor(KeysUtils.aMasterKey) } returns masterKeyValue + every { Cipher.getInstance("AES") } returns cipher + every { cipher.init(Cipher.ENCRYPT_MODE, key) } just runs + every { cipher.doFinal(encodedPlainText) } returns expected + + val actual = uut.encryptKeyWith(KeysUtils.aMasterKey, encodedPlainText) + Assertions.assertEquals(expected, actual) + } + + @Test + fun `when an encoded encrypted text is decrypted with some master key`() { + val expected = "DECRYPTED_DATA".toByteArray() + val encodedEncryptedText = "RU5DUllQVEVEX0lOUFVUX1RFWFQ=".toByteArray() + val masterKeyValue = "QV9LRVk=" + val key = SecretKeySpec(decoder.decode(masterKeyValue), "AES") + val cipher = mockk(relaxed = true) + mockkStatic(Cipher::class) + + every { repository.maskerKeyFor(KeysUtils.aMasterKey) } returns masterKeyValue + every { Cipher.getInstance("AES") } returns cipher + every { cipher.init(Cipher.DECRYPT_MODE, key) } just runs + every { cipher.doFinal(decoder.decode(encodedEncryptedText)) } returns expected + + val actual = uut.decryptKeyWith(KeysUtils.aMasterKey, encodedEncryptedText) + Assertions.assertEquals(expected, actual) + } + + +} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt index 320e38aa..b043eb40 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyDecrypterTest.kt @@ -13,7 +13,7 @@ import org.junit.jupiter.api.extension.ExtendWith class JavaSecurityKeyDecrypterTest { @MockK - lateinit var keyCryptographicOperations: KeyCryptographicOperations + lateinit var javaSecurityCryptographicOperations: JavaSecurityCryptographicOperations @Test fun `happy path`() { @@ -21,9 +21,9 @@ class JavaSecurityKeyDecrypterTest { val decrypted = "AN_UNENCRYPTED_VALUE".toByteArray() val maserKid = "A_MASTER_KEY" - val uut = JavaSecurityKeyDecrypter(maserKid, keyCryptographicOperations) + val uut = JavaSecurityKeyDecrypter(maserKid, javaSecurityCryptographicOperations) - every { keyCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray()) } returns decrypted + every { javaSecurityCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray()) } returns decrypted val actual = uut.decryptKey(encrypted) val expected = encoder.encode(decrypted).decodeToString() diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt index 008d81d1..026f578a 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/JavaSecurityKeyGeneratorTest.kt @@ -19,7 +19,7 @@ import java.security.PublicKey class JavaSecurityKeyGeneratorTest { @MockK - lateinit var keyCryptographicOperations: KeyCryptographicOperations + lateinit var javaSecurityCryptographicOperations: JavaSecurityCryptographicOperations private val masterKid = MasterKid("A_MASTER_KEY") private val anEncryptedPrivateKEyValueAsByteArray = "AN_ENCRYPTED_PRIVATE_KEY_VALUE".toByteArray() @@ -29,7 +29,7 @@ class JavaSecurityKeyGeneratorTest { @BeforeEach fun setUp() { - uut = JavaSecurityKeyGenerator(keyCryptographicOperations) + uut = JavaSecurityKeyGenerator(javaSecurityCryptographicOperations) } @Test @@ -37,12 +37,12 @@ class JavaSecurityKeyGeneratorTest { val keyPair = mockk() val privateKey = mockk() - every { keyCryptographicOperations.generateRSAKeyPair() } returns keyPair + every { javaSecurityCryptographicOperations.generateRSAKeyPair() } returns keyPair every { keyPair.private } returns privateKey every { privateKey.encoded } returns anEncryptedPrivateKEyValueAsByteArray every { - keyCryptographicOperations.encryptKeyWith( + javaSecurityCryptographicOperations.encryptKeyWith( masterKid, anEncryptedPrivateKEyValueAsByteArray ) @@ -60,7 +60,7 @@ class JavaSecurityKeyGeneratorTest { val privateKey = mockk() val publicKey = mockk() - every { keyCryptographicOperations.generateRSAKeyPair() } returns keyPair + every { javaSecurityCryptographicOperations.generateRSAKeyPair() } returns keyPair every { keyPair.private } returns privateKey every { privateKey.encoded } returns anEncryptedPrivateKEyValueAsByteArray @@ -68,7 +68,7 @@ class JavaSecurityKeyGeneratorTest { every { publicKey.encoded } returns aPublicKeyValueAsByteArray every { - keyCryptographicOperations.encryptKeyWith( + javaSecurityCryptographicOperations.encryptKeyWith( masterKid, anEncryptedPrivateKEyValueAsByteArray ) diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt deleted file mode 100644 index 2f7be0e3..00000000 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyCryptographicOperationsTest.kt +++ /dev/null @@ -1,4 +0,0 @@ -package com.vauthenticator.server.keys.adapter.java - -//todo -class KeyCryptographicOperationsTest \ No newline at end of file From c01669f2ff31c882da7430a5006b561b64268903 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Mon, 18 Nov 2024 23:24:02 +0100 Subject: [PATCH 10/11] test coverage --- .../KeyGeneratorMasterKeyRepositoryTest.kt | 31 +++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt index 55bd414f..3d999894 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/java/KeyGeneratorMasterKeyRepositoryTest.kt @@ -1,4 +1,31 @@ package com.vauthenticator.server.keys.adapter.java -//todo -class KeyGeneratorMasterKeyRepositoryTest \ No newline at end of file +import com.vauthenticator.server.keys.domain.MasterKid +import org.junit.jupiter.api.Assertions.assertEquals +import org.junit.jupiter.api.Assertions.assertThrows +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.Test + +class KeyGeneratorMasterKeyRepositoryTest { + + lateinit var uut: KeyGeneratorMasterKeyRepository + + @BeforeEach + fun setUp() { + uut = KeyGeneratorMasterKeyRepository(KeyGeneratorMasterKeyStorage(mapOf("a_key" to "a_value"))) + } + + + @Test + fun `when a key is retrieved`() { + val expected = "a_value" + val actual = uut.maskerKeyFor(MasterKid("a_key")) + assertEquals(expected, actual) + } + + + @Test + fun `when get a key from the storage fails`() { + assertThrows(NullPointerException::class.java) { uut.maskerKeyFor(MasterKid("a_key_2")) } + } +} \ No newline at end of file From 03bf7b0be3b71b5a878d87cba253e05f4fe82d5d Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Wed, 20 Nov 2024 21:30:00 +0100 Subject: [PATCH 11/11] docs --- README.md | 7 ++++++- docs/profiles.md | 28 ++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 docs/profiles.md diff --git a/README.md b/README.md index e58ddd9a..606ce865 100644 --- a/README.md +++ b/README.md @@ -43,4 +43,9 @@ Right now it is based, as said before to the latest version on spring oauth2/ope ### local environment -For more details please follow to this link [readme.md](local-environment%2Freadme.md) \ No newline at end of file +For more details please follow to this link [readme.md](local-environment%2Freadme.md) + +### profiling + +The application configuration is very versatile and you can decide what persistence and key management provider to use AWS or not AWS native. +For more details please refer to the detailed page [here](docs/profiles.md) \ No newline at end of file diff --git a/docs/profiles.md b/docs/profiles.md new file mode 100644 index 00000000..11ee38a9 --- /dev/null +++ b/docs/profiles.md @@ -0,0 +1,28 @@ +# Profile + +VAuthenticator can be configured to be strongly AWS integrated using DynamoDB for the persistence layer and KMS for Key management. + +If your organization or for you run VAuthenticator so tiny integrated with AWS does not is suitable you can decide to switch postgresql instead dynamodb for the persistence +and plain java security key management instead of KMS + +All what you need is enable the relative spring profile as below: + +use ```spring.profiles.active``` with + +- ```database```: to use PostgresSQL +- ```dynamo```: to use DyanamoDB +- ```kms``` to use KMS +- omitting ```kms``` to use plain java security api + +in case of plain java security implementation the follow configuration is required: + + +```yaml +key: + master-key: + storage: + content: + key : value + key2 : value2 +``` +