From f85410ebe812a8965a6e4d50161a764d1984cf62 Mon Sep 17 00:00:00 2001 From: mrflick72 Date: Sat, 16 Nov 2024 23:28:40 +0100 Subject: [PATCH] WIP getting rid to hardcoded key in the code. Now it is in the local sample config --- local-environment/application.yml | 5 ++++ .../vauthenticator/server/keys/KeyConfig.kt | 20 ++++++++----- .../adapter/local/BouncyCastleKeyDecrypter.kt | 8 +++-- ...cyCastleKeyGeneratorMasterKeyRepository.kt | 25 +++++++++++++--- .../server/keys/adapter/local/KeyInitJob.kt | 29 ++++++++++++------- .../keys/adapter/local/MasterKeyGenrator.kt | 8 ----- .../local/BouncyCastleKeyDecrypterTest.kt | 8 +++++ ...stleKeyGeneratorMasterKeyRepositoryTest.kt | 6 ++++ .../local/BouncyCastleKeyGeneratorTest.kt | 7 ++--- .../local/KeyCryptographicOperationsTest.kt | 6 ++++ 10 files changed, 84 insertions(+), 38 deletions(-) delete mode 100644 src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt create mode 100644 src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt diff --git a/local-environment/application.yml b/local-environment/application.yml index b850596d..fe1a62dc 100644 --- a/local-environment/application.yml +++ b/local-environment/application.yml @@ -19,6 +19,11 @@ mfa: otp: length: 6 timeToLiveInSeconds: 600 +key: + master-key: + storage: + content: + key : "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA=" document: engine: file-system diff --git a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt index d02d1e91..530154c9 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/KeyConfig.kt @@ -4,10 +4,7 @@ import com.vauthenticator.server.keys.adapter.dynamo.DynamoDbKeyStorage import com.vauthenticator.server.keys.adapter.jdbc.JdbcKeyStorage import com.vauthenticator.server.keys.adapter.kms.KmsKeyDecrypter import com.vauthenticator.server.keys.adapter.kms.KmsKeyGenerator -import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyDecrypter -import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGenerator -import com.vauthenticator.server.keys.adapter.local.BouncyCastleKeyGeneratorMasterKeyRepository -import com.vauthenticator.server.keys.adapter.local.KeyCryptographicOperations +import com.vauthenticator.server.keys.adapter.local.* import com.vauthenticator.server.keys.domain.* import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean @@ -28,9 +25,12 @@ class KeyConfig { @Profile("!kms") @Bean("keyGenerator") - fun bouncyCastleKeyGenerator(kmsClient: KmsClient): KeyGenerator = BouncyCastleKeyGenerator( + fun bouncyCastleKeyGenerator( + kmsClient: KmsClient, + storage: BouncyCastleKeyGeneratorMasterKeyStorage + ): KeyGenerator = BouncyCastleKeyGenerator( KeyCryptographicOperations( - BouncyCastleKeyGeneratorMasterKeyRepository() + BouncyCastleKeyGeneratorMasterKeyRepository(storage) ) ) @@ -40,9 +40,13 @@ class KeyConfig { @Profile("!kms") @Bean("keyDecrypter") - fun bouncyCastleKeyDecrypter(): KeyDecrypter = BouncyCastleKeyDecrypter( + fun bouncyCastleKeyDecrypter( + @Value("\${key.master-key}") maserKid: String, + storage: BouncyCastleKeyGeneratorMasterKeyStorage + ): KeyDecrypter = BouncyCastleKeyDecrypter( + maserKid, KeyCryptographicOperations( - BouncyCastleKeyGeneratorMasterKeyRepository() + BouncyCastleKeyGeneratorMasterKeyRepository(storage) ) ) diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt index 3c2a11ac..536a35dc 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypter.kt @@ -3,10 +3,14 @@ package com.vauthenticator.server.keys.adapter.local import com.vauthenticator.server.extentions.encoder import com.vauthenticator.server.keys.domain.KeyDecrypter import com.vauthenticator.server.keys.domain.MasterKid +import org.springframework.beans.factory.annotation.Value -class BouncyCastleKeyDecrypter(private val keyCryptographicOperations: KeyCryptographicOperations) : KeyDecrypter { +class BouncyCastleKeyDecrypter( + private val maserKid: String, + private val keyCryptographicOperations: KeyCryptographicOperations +) : KeyDecrypter { override fun decryptKey(encrypted: String): String { - return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKeyGenrator.aMasterKey, encrypted.toByteArray())) + return encoder.encode(keyCryptographicOperations.decryptKeyWith(MasterKid(maserKid), encrypted.toByteArray())) .decodeToString() } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt index 5f2ae0d8..7ef66262 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepository.kt @@ -1,13 +1,30 @@ package com.vauthenticator.server.keys.adapter.local import com.vauthenticator.server.keys.domain.MasterKid -val toSha256 = "CrZKwm8YWGN5xYeKlaC9vXUBAFFzKYsqfaOFSrrqQgA=" +import org.springframework.boot.context.properties.ConfigurationProperties +import org.springframework.boot.context.properties.EnableConfigurationProperties +import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.Profile -class BouncyCastleKeyGeneratorMasterKeyRepository { - //TODO to improve +class BouncyCastleKeyGeneratorMasterKeyRepository( + val storage: BouncyCastleKeyGeneratorMasterKeyStorage +) { + fun maskerKeyFor(masterKeyId: MasterKid): String { - return toSha256 + return storage.content[masterKeyId.content()]!! } +} + +@Profile("!kms") +@Configuration(proxyBeanMethods = false) +@EnableConfigurationProperties(BouncyCastleKeyGeneratorMasterKeyStorage::class) +class BouncyCastleKeyGeneratorMasterKeyRepositoryConfig { + +} + +@ConfigurationProperties(prefix = "key.master-key.storage") +data class BouncyCastleKeyGeneratorMasterKeyStorage(val content: Map) { + } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt index dd7f6459..32be45b8 100644 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt +++ b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/KeyInitJob.kt @@ -1,8 +1,7 @@ package com.vauthenticator.server.keys.adapter.local -import com.vauthenticator.server.keys.domain.KeyPurpose -import com.vauthenticator.server.keys.domain.KeyRepository -import com.vauthenticator.server.keys.domain.KeyType +import com.vauthenticator.server.keys.domain.* +import org.springframework.beans.factory.annotation.Value import org.springframework.boot.ApplicationArguments import org.springframework.boot.ApplicationRunner import org.springframework.context.annotation.Profile @@ -10,15 +9,23 @@ import org.springframework.stereotype.Service @Service @Profile("!kms") -class KeyInitJob(private val keyRepository: KeyRepository) : ApplicationRunner { +class KeyInitJob( + @Value("\${key.master-key}") private val maserKid: String, + private val keyStorage: KeyStorage, + private val keyRepository: KeyRepository +) : ApplicationRunner { + + override fun run(args: ApplicationArguments) { + + if (keyStorage.signatureKeys().keys.isEmpty()) { + val kid = keyRepository.createKeyFrom( + masterKid = MasterKid(maserKid), + keyPurpose = KeyPurpose.SIGNATURE, + keyType = KeyType.ASYMMETRIC, + ) + println(kid) + } - override fun run(args: ApplicationArguments?) { - val kid = keyRepository.createKeyFrom( - masterKid = MasterKeyGenrator.aMasterKey, - keyPurpose = KeyPurpose.SIGNATURE, - keyType = KeyType.ASYMMETRIC, - ) - println(kid) } } \ No newline at end of file diff --git a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt b/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt deleted file mode 100644 index 7f371042..00000000 --- a/src/main/kotlin/com/vauthenticator/server/keys/adapter/local/MasterKeyGenrator.kt +++ /dev/null @@ -1,8 +0,0 @@ -package com.vauthenticator.server.keys.adapter.local - -import com.vauthenticator.server.keys.domain.MasterKid - -object MasterKeyGenrator { - - val aMasterKey = MasterKid("") -} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt new file mode 100644 index 00000000..1ee6533f --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyDecrypterTest.kt @@ -0,0 +1,8 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +// TODO +class BouncyCastleKeyDecrypterTest { + +} \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt new file mode 100644 index 00000000..fcca4002 --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorMasterKeyRepositoryTest.kt @@ -0,0 +1,6 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +//todo +class BouncyCastleKeyGeneratorMasterKeyRepositoryTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt index eae7f8ab..9a531bfe 100644 --- a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/BouncyCastleKeyGeneratorTest.kt @@ -2,8 +2,5 @@ package com.vauthenticator.server.keys.adapter.local import org.junit.jupiter.api.Assertions.* -class BouncyCastleKeyGeneratorTest { - - - -} \ No newline at end of file +//todo +class BouncyCastleKeyGeneratorTest \ No newline at end of file diff --git a/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt new file mode 100644 index 00000000..5bbb1b5c --- /dev/null +++ b/src/test/kotlin/com/vauthenticator/server/keys/adapter/local/KeyCryptographicOperationsTest.kt @@ -0,0 +1,6 @@ +package com.vauthenticator.server.keys.adapter.local + +import org.junit.jupiter.api.Assertions.* + +//todo +class KeyCryptographicOperationsTest \ No newline at end of file