fix: sts sample launcher (#4298)

launchers/sts-server/README.md

@@ -16,24 +16,22 @@ directory `aunchers/sts-server/build/libs/sts-server.jar`
 
 ### How to run the STS
 
-Before running the STS we need to generate the local keystore for cert and private key.
+The private key for the `testClient` is already configured in the property `edc.sts.server.vaults.private.value`.
+
+To replace the default value if needed, generate a new key
+
+Example:
 
 ```shell
-mkdir launchers/sts-server/certs
-openssl genrsa 2048 > launchers/sts-server/certs/key.pem
-openssl req -x509 -new -key launchers/sts-server/certs/key.pem -out launchers/sts-server/certs/cert.pem
-openssl pkcs12 -export -in launchers/sts-server/certs/cert.pem -inkey launchers/sts-server/certs/key.pem -out launchers/sts-server/certs/cert.pfx
+openssl genrsa 2048 | awk -v ORS='\\r\\n' '1'
 ```
 
-When exporting in `pkcs12` use the password `123456`.
+And replace the value in the `launchers/sts-server/config.properties` config file
 
 To run the STS, just run the following command:
 
 ```shell
-java -Dedc.keystore=launchers/sts-server/certs/cert.pfx -Dedc.keystore.password=123456 \
- -Dedc.vault=launchers/sts-server/sts-vault.properties \
- -Dedc.fs.config=launchers/sts-server/config.properties \
- -jar launchers/sts-server/build/libs/sts-server.jar
+java -Dedc.fs.config=launchers/sts-server/config.properties -jar launchers/sts-server/build/libs/sts-server.jar
  ```
 
 The STS will be available on `9292` port.

launchers/sts-server/config.properties

@@ -20,5 +20,9 @@ edc.iam.sts.clients.first.id=testClientId
 edc.iam.sts.clients.first.client_id=testClient
 edc.iam.sts.clients.first.did=did:example:first
 edc.iam.sts.clients.first.secret.alias=secretAlias
-edc.iam.sts.clients.first.private-key.alias=1
-edc.iam.sts.clients.first.public-key.reference=public-key
+edc.iam.sts.clients.first.private-key.alias=private-key
+edc.iam.sts.clients.first.public-key.reference=public-key
+edc.sts.server.vaults.private.key=private-key
+edc.sts.server.vaults.private.value=-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCcdt9an3yxdBij\r\nw7rpsQ2OWovjg4IJwdgS99L0tLlOHZS1pmEk0gweiurLLhRlgcYXMofxqE2UNfcE\r\nNSVJefmd9tiTb8nmfGFEivDao1VUvT3i/I1YT4CYCMB6XfKF29G4hDkJVCJ9XzeD\r\nevCIDLuZHgjVYsWwoa+aoUIvxYhA7G9/I08jmRdtoIOiCBK4U4nK+MeGaxArMJxJ\r\nNnq6W/XPNh7yocXsKW7llpgzen274j2p8lJhLd4bjVS4AWyeU59QyC72rXXUYuKv\r\nM3V3uyBV3bYXSsOcfwSgS3x629ijo/pwJV2dii/lNvBjeGi2EicyVtN1X1swnpr+\r\nuwaMrLaBAgMBAAECggEAA5ywbGozEcct+ZuKB/1VrxLAI5MB2GRnLuKVq4nKXzHq\r\nYL+sAt05A6b+GOLx/FkWEpYbbTzPDq6ov/997P/HKhUHPARy3H1EWGsIjf7tjZYL\r\n/36dq5Cz9ak6ZVDK1E7bnSHV+Gp0HIwV+bUdEqz66I6OPRE0ImSMgOURDw3avDHt\r\nNgQxuwmB/SO6ZFQEx3obdoBunlyVV1hc98Yz7lCVpy7AUf0YO2fKTBANxWt94VNw\r\nYotughve2TuhE5ll2IzWAf106lbdVwRjlIAOtyqEiFkPXYQ2xLL8FnqHSCFQ7NEu\r\n2hADr3+1jvGPKUKwsLZS1CJfkCq+wvTykl1MDCE3WQKBgQDVaomqKpbB2Qt5k6fW\r\nVc4NYE40qW1tC99xXQJ+N6jVEtR6zDnsU07Ry5mgofg5VVQIwK3BKbgoRX27VVqe\r\nUBKMeNbRnfdTkd8v6zJocXyKhJpvkw3zCCiZRfpiYpyqculW2awXqXLIP9+cDopH\r\nk2kzURlMFljP0lXfcnvrj/tO+QKBgQC7rzEjxhZjQtVm/xz+drCr8BEgc8DhJBc5\r\nuA1RCFAFgxm/8ZJcUmz6FyTZmGp22sJmH9inqFqm2eD8u8NyMH/wAnuUKUBfQ5xd\r\nV8uhVkRjoOzNyj1fdaInSD+k1Hwc8bP9g488JsWiSrR3T2SJ9dNL3ARo7bul6AYa\r\ndEp8OpWdyQKBgENmxFej370VKVSaV5WPv+Xllo13PQIFj+ojr9fhCEdTDRxDR7/l\r\nh60mmjxrKxQgaMvi3n11CZ5eZBk4GciKDXGj8GR/eU9BcLWXmHH39ZdhzcyTKwKo\r\nfvn5adyMvGHwrNUrJfjLIV8xHRQSW4XDfqQgZtbq792i1lAdvhllfb8xAoGBAJHw\r\nWDWJAj+M6IN+O/1iLV6E/cxONdzbQ3QOOcyYuiCPIKawIS7IqRSOiojoi2CAGklu\r\n2fkEX/j90oSzO/a+37yxMYazzOpGmH+8lQqPGf6eU4Rxjed8gOoqs9Jnp1qaV2r5\r\nsZcETwkzLcDYa0UbcYG7Q3KT6SXIlXZcls6if1SBAoGAZVX8F+lmmcCFIdwq1maU\r\nGgtBGsg2yW0/2JDWFMRieVDUE7dACdNdq28v0/T43YWPjjZymXxjdpxEflz/dpv9\r\noNcZuGRDL3RV8SA/LjASDh9ugAti6OWiGJ+guqqHqvHug9fJdPBMxrCjsgHBO9bm\r\nreshRjgGS9bbXlnkbxh3S0E=\r\n-----END PRIVATE KEY-----
+edc.sts.server.vaults.secret.key=secretAlias
+edc.sts.server.vaults.secret.value=clientSecret

launchers/sts-server/src/main/java/org/eclipse/edc/iam/identitytrust/sts/server/StsVaultSeedExtension.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Contributors:
+ * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.iam.identitytrust.sts.server;
+
+import org.eclipse.edc.runtime.metamodel.annotation.Inject;
+import org.eclipse.edc.spi.security.Vault;
+import org.eclipse.edc.spi.system.ServiceExtension;
+import org.eclipse.edc.spi.system.ServiceExtensionContext;
+
+import java.util.Map;
+
+public class StsVaultSeedExtension implements ServiceExtension {
+
+
+ public static final String VAULT_TESTING_PREFIX = "edc.sts.server.vaults";
+
+ public static final String VAULT_TESTING_KEY = "key";
+ public static final String VAULT_TESTING_VALUE = "value";
+
+ @Inject
+ private Vault vault;
+
+
+ @Override
+ public void initialize(ServiceExtensionContext context) {
+
+ var config = context.getConfig(VAULT_TESTING_PREFIX);
+ var secrets = config.partition().map((partition) -> {
+ var key = partition.getString(VAULT_TESTING_KEY);
+ var value = partition.getString(VAULT_TESTING_VALUE);
+ return Map.entry(key, value);
+ }).toList();
+
+ secrets.forEach(secret -> vault.storeSecret(secret.getKey(), secret.getValue()));
+ }
+}

launchers/sts-server/sts-vault.properties → launchers/sts-server/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at
@@ -11,4 +11,5 @@
 # Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
 #
 #
-secretAlias=clientSecret
+
+org.eclipse.edc.iam.identitytrust.sts.server.StsVaultSeedExtension