WIP getting rid to hardcoded key in the code. Now it is in the local …

…sample config

local-environment/application.yml

@@ -19,6 +19,11 @@ mfa:
   otp:
     length: 6
     timeToLiveInSeconds: 600
+key:
+  master-key:
+    storage:
+      content:
+        key : "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA="
 
 document:
   engine: file-system

src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt

@@ -4,10 +4,7 @@ import com.vauthenticator.server.keys.adapter.dynamo.DynamoDbKeyStorage
 import com.vauthenticator.server.keys.adapter.jdbc.JdbcKeyStorage
 import com.vauthenticator.server.keys.adapter.kms.KmsKeyDecrypter
 import com.vauthenticator.server.keys.adapter.kms.KmsKeyGenerator
-import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyDecrypter
-import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGenerator
-import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGeneratorMasterKeyRepository
-import com.vauthenticator.server.keys.adapter.local.KeyCryptographicOperations
+import com.vauthenticator.server.keys.adapter.local.*
 import com.vauthenticator.server.keys.domain.*
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Bean
@@ -28,9 +25,12 @@ class KeyConfig {
 
     @Profile("!kms")
     @Bean("keyGenerator")
-    fun bouncyCastleKeyGenerator(kmsClient: KmsClient): KeyGenerator = BouncyCastleKeyGenerator(
+    fun bouncyCastleKeyGenerator(
+        kmsClient: KmsClient,
+        storage: BouncyCastleKeyGeneratorMasterKeyStorage
+    ): KeyGenerator = BouncyCastleKeyGenerator(
         KeyCryptographicOperations(
-            BouncyCastleKeyGeneratorMasterKeyRepository()
+            BouncyCastleKeyGeneratorMasterKeyRepository(storage)
         )
     )
 
@@ -40,9 +40,13 @@ class KeyConfig {
 
     @Profile("!kms")
     @Bean("keyDecrypter")
-    fun bouncyCastleKeyDecrypter(): KeyDecrypter = BouncyCastleKeyDecrypter(
+    fun bouncyCastleKeyDecrypter(
+        @Value("\${key.master-key}") maserKid: String,
+        storage: BouncyCastleKeyGeneratorMasterKeyStorage
+    ): KeyDecrypter = BouncyCastleKeyDecrypter(
+        maserKid,
         KeyCryptographicOperations(
-            BouncyCastleKeyGeneratorMasterKeyRepository()
+            BouncyCastleKeyGeneratorMasterKeyRepository(storage)
         )
     )
 

src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt

@@ -3,10 +3,14 @@ package com.vauthenticator.server.keys.adapter.local
 import com.vauthenticator.server.extentions.encoder
 import com.vauthenticator.server.keys.domain.KeyDecrypter
 import com.vauthenticator.server.keys.domain.MasterKid
+import org.springframework.beans.factory.annotation.Value
 
-class BouncyCastleKeyDecrypter(private val keyCryptographicOperations: KeyCryptographicOperations) : KeyDecrypter {
+class BouncyCastleKeyDecrypter(
+    private val maserKid: String,
+    private val keyCryptographicOperations: KeyCryptographicOperations
+) : KeyDecrypter {
     override fun decryptKey(encrypted: String): String {
-        return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKeyGenrator.aMasterKey, encrypted.toByteArray()))
+        return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray()))
             .decodeToString()
     }
 }

src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt

@@ -1,13 +1,30 @@
 package com.vauthenticator.server.keys.adapter.local
 
 import com.vauthenticator.server.keys.domain.MasterKid
-val toSha256 = "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA="
+import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.boot.context.properties.EnableConfigurationProperties
+import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Profile
 
-class BouncyCastleKeyGeneratorMasterKeyRepository {
 
-    //TODO to improve
+class BouncyCastleKeyGeneratorMasterKeyRepository(
+    val storage: BouncyCastleKeyGeneratorMasterKeyStorage
+) {
+
     fun maskerKeyFor(masterKeyId: MasterKid): String {
-        return toSha256
+        return storage.content[masterKeyId.content()]!!
     }
 
+}
+
+@Profile("!kms")
+@Configuration(proxyBeanMethods = false)
+@EnableConfigurationProperties(BouncyCastleKeyGeneratorMasterKeyStorage::class)
+class BouncyCastleKeyGeneratorMasterKeyRepositoryConfig {
+
+}
+
+@ConfigurationProperties(prefix = "key.master-key.storage")
+data class BouncyCastleKeyGeneratorMasterKeyStorage(val content: Map<String, String>) {
+
 }

src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt

@@ -1,24 +1,31 @@
 package com.vauthenticator.server.keys.adapter.local
 
-import com.vauthenticator.server.keys.domain.KeyPurpose
-import com.vauthenticator.server.keys.domain.KeyRepository
-import com.vauthenticator.server.keys.domain.KeyType
+import com.vauthenticator.server.keys.domain.*
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.boot.ApplicationArguments
 import org.springframework.boot.ApplicationRunner
 import org.springframework.context.annotation.Profile
 import org.springframework.stereotype.Service
 
 @Service
 @Profile("!kms")
-class KeyInitJob(private val keyRepository: KeyRepository) : ApplicationRunner {
+class KeyInitJob(
+    @Value("\${key.master-key}") private val maserKid: String,
+    private val keyStorage: KeyStorage,
+    private val keyRepository: KeyRepository
+) : ApplicationRunner {
+
+    override fun run(args: ApplicationArguments) {
+
+        if (keyStorage.signatureKeys().keys.isEmpty()) {
+            val kid = keyRepository.createKeyFrom(
+                masterKid = MasterKid(maserKid),
+                keyPurpose = KeyPurpose.SIGNATURE,
+                keyType = KeyType.ASYMMETRIC,
+            )
+            println(kid)
+        }
 
-    override fun run(args: ApplicationArguments?) {
-        val kid = keyRepository.createKeyFrom(
-            masterKid = MasterKeyGenrator.aMasterKey,
-            keyPurpose = KeyPurpose.SIGNATURE,
-            keyType = KeyType.ASYMMETRIC,
-        )
-        println(kid)
     }
 
 }

src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt

@@ -0,0 +1,8 @@
+package com.vauthenticator.server.keys.adapter.local
+
+import org.junit.jupiter.api.Assertions.*
+
+// TODO
+class BouncyCastleKeyDecrypterTest {
+
+}

src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt

@@ -0,0 +1,6 @@
+package com.vauthenticator.server.keys.adapter.local
+
+import org.junit.jupiter.api.Assertions.*
+
+//todo
+class BouncyCastleKeyGeneratorMasterKeyRepositoryTest

src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt

@@ -2,8 +2,5 @@ package com.vauthenticator.server.keys.adapter.local
 
 import org.junit.jupiter.api.Assertions.*
 
-class BouncyCastleKeyGeneratorTest {
-
-
-
-}
+//todo
+class BouncyCastleKeyGeneratorTest

src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt

@@ -0,0 +1,6 @@
+package com.vauthenticator.server.keys.adapter.local
+
+import org.junit.jupiter.api.Assertions.*
+
+//todo
+class KeyCryptographicOperationsTest