| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.nifi.properties; |
| |
| import org.junit.AfterClass; |
| import org.junit.Assert; |
| import org.junit.BeforeClass; |
| import org.junit.Test; |
| import org.mockito.internal.util.io.IOUtil; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.nio.file.Files; |
| import java.nio.file.Path; |
| import java.util.Properties; |
| |
| /** |
| * For the purposes of running this test, if you have a key, first make sure you have configured |
| * credential information as in the following link |
| * https://docs.microsoft.com/en-us/java/api/overview/azure/security-keyvault-keys-readme?view=azure-java-stable |
| * |
| * Then simply set the system property -Dazure.keyvault.key.id to the key identifier |
| * when running the integration test. |
| * The key identifier takes the form: "https://keyvault-name.vault.azure.net/keys/key-name/keyID" |
| * |
| * Otherwise, to create a key, it will be simplest through the Azure web portal. First create a resource group, |
| * then a key vault tied to that resource group. Then you can create a key through the key vault. |
| * |
| * Then simply set the system property -Dazure.keyvault.key.id to the key identifier |
| * when running the integration test. |
| * The key identifier takes the form: "https://keyvault-name.vault.azure.net/keys/key-name/keyID" |
| * |
| * Another system property that needs to be set is the algorithm: set it as |
| * -Dazure.keyvault.encryption.algorithm=algorithm |
| * Available algorithms can be found in: |
| * https://docs.microsoft.com/en-us/java/api/com.azure.security.keyvault.keys.cryptography.models.encryptionalgorithm |
| */ |
| |
| public class AzureKeyVaultKeySensitivePropertyProviderIT { |
| private static final String SAMPLE_PLAINTEXT = "AzureKeyVaultKeySensitivePropertyProviderIT SAMPLE-PLAINTEXT"; |
| private static final String KEYVAULT_KEY_PROPS_NAME = "azure.keyvault.key.id"; |
| private static final String ENCRYPTION_ALGORITHM_PROPS_NAME = "azure.keyvault.encryption.algorithm"; |
| |
| private static final String BOOTSTRAP_AZURE_FILE_PROPS_NAME = "nifi.bootstrap.protection.azure.keyvault.conf"; |
| |
| private static final String EMPTY_PROPERTY = ""; |
| |
| private static AzureKeyVaultKeySensitivePropertyProvider spp; |
| |
| private static BootstrapProperties props; |
| |
| private static Path mockBootstrapConf, mockAzureBootstrapConf; |
| |
| private static final Logger logger = LoggerFactory.getLogger(AzureKeyVaultKeySensitivePropertyProviderIT.class); |
| |
| private static void initializeBootstrapProperties() throws IOException { |
| mockBootstrapConf = Files.createTempFile("bootstrap", ".conf").toAbsolutePath(); |
| mockAzureBootstrapConf = Files.createTempFile("bootstrap-azure", ".conf").toAbsolutePath(); |
| IOUtil.writeText(BOOTSTRAP_AZURE_FILE_PROPS_NAME + "=" + mockAzureBootstrapConf.toAbsolutePath(), mockBootstrapConf.toFile()); |
| |
| final Properties bootstrapProperties = new Properties(); |
| try (final InputStream inputStream = Files.newInputStream(mockBootstrapConf)) { |
| bootstrapProperties.load(inputStream); |
| props = new BootstrapProperties("nifi", bootstrapProperties, mockBootstrapConf); |
| } |
| |
| String keyId = System.getProperty(KEYVAULT_KEY_PROPS_NAME, EMPTY_PROPERTY); |
| String algorithm = System.getProperty(ENCRYPTION_ALGORITHM_PROPS_NAME, EMPTY_PROPERTY); |
| |
| StringBuilder bootstrapConfText = new StringBuilder(); |
| String lineSeparator = System.getProperty("line.separator"); |
| bootstrapConfText.append(KEYVAULT_KEY_PROPS_NAME + "=" + keyId); |
| bootstrapConfText.append(lineSeparator + ENCRYPTION_ALGORITHM_PROPS_NAME + "=" + algorithm); |
| IOUtil.writeText(bootstrapConfText.toString(), mockAzureBootstrapConf.toFile()); |
| } |
| |
| @BeforeClass |
| public static void initOnce() throws IOException { |
| initializeBootstrapProperties(); |
| Assert.assertNotNull(props); |
| spp = new AzureKeyVaultKeySensitivePropertyProvider(props); |
| Assert.assertNotNull(spp); |
| } |
| |
| @AfterClass |
| public static void tearDownOnce() throws IOException { |
| Files.deleteIfExists(mockBootstrapConf); |
| Files.deleteIfExists(mockAzureBootstrapConf); |
| |
| spp.cleanUp(); |
| } |
| |
| @Test |
| public void testEncryptDecrypt() { |
| logger.info("Running testEncryptDecrypt of Azure Key Vault Key SPP integration test"); |
| this.runEncryptDecryptTest(); |
| logger.info("testEncryptDecrypt of Azure Key Vault Key SPP integration test completed"); |
| } |
| |
| private static void runEncryptDecryptTest() { |
| logger.info("Plaintext: " + SAMPLE_PLAINTEXT); |
| String protectedValue = spp.protect(SAMPLE_PLAINTEXT, ProtectedPropertyContext.defaultContext("property")); |
| logger.info("Protected Value: " + protectedValue); |
| String unprotectedValue = spp.unprotect(protectedValue, ProtectedPropertyContext.defaultContext("property")); |
| logger.info("Unprotected Value: " + unprotectedValue); |
| |
| Assert.assertEquals(SAMPLE_PLAINTEXT, unprotectedValue); |
| Assert.assertNotEquals(SAMPLE_PLAINTEXT, protectedValue); |
| Assert.assertNotEquals(protectedValue, unprotectedValue); |
| } |
| } |