From 60c1b1b73e2d54eb259b3024d538550006dc5d0e Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Fri, 21 Jun 2024 14:10:44 +0200 Subject: [PATCH] fix: sts sample launcher --- launchers/sts-server/README.md | 18 ++++--- launchers/sts-server/config.properties | 8 +++- .../sts/server/StsVaultSeedExtension.java | 48 +++++++++++++++++++ ...g.eclipse.edc.spi.system.ServiceExtension} | 5 +- 4 files changed, 65 insertions(+), 14 deletions(-) create mode 100644 launchers/sts-server/src/main/java/org/eclipse/edc/iam/identitytrust/sts/server/StsVaultSeedExtension.java rename launchers/sts-server/{sts-vault.properties => src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension} (73%) diff --git a/launchers/sts-server/README.md b/launchers/sts-server/README.md index 8ab9010c2ed..f199303f724 100644 --- a/launchers/sts-server/README.md +++ b/launchers/sts-server/README.md @@ -16,24 +16,22 @@ directory `aunchers/sts-server/build/libs/sts-server.jar` ### How to run the STS -Before running the STS we need to generate the local keystore for cert and private key. +The private key for the `testClient` is already configured in the property `edc.sts.server.vaults.private.value`. + +To replace the default value if needed, generate a new key + +Example: ```shell -mkdir launchers/sts-server/certs -openssl genrsa 2048 > launchers/sts-server/certs/key.pem -openssl req -x509 -new -key launchers/sts-server/certs/key.pem -out launchers/sts-server/certs/cert.pem -openssl pkcs12 -export -in launchers/sts-server/certs/cert.pem -inkey launchers/sts-server/certs/key.pem -out launchers/sts-server/certs/cert.pfx +openssl genrsa 2048 | awk -v ORS='\\r\\n' '1' ``` -When exporting in `pkcs12` use the password `123456`. +And replace the value in the `launchers/sts-server/config.properties` config file To run the STS, just run the following command: ```shell -java -Dedc.keystore=launchers/sts-server/certs/cert.pfx -Dedc.keystore.password=123456 \ - -Dedc.vault=launchers/sts-server/sts-vault.properties \ - -Dedc.fs.config=launchers/sts-server/config.properties \ - -jar launchers/sts-server/build/libs/sts-server.jar +java -Dedc.fs.config=launchers/sts-server/config.properties -jar launchers/sts-server/build/libs/sts-server.jar ``` The STS will be available on `9292` port. diff --git a/launchers/sts-server/config.properties b/launchers/sts-server/config.properties index dfc9361585b..9f49bd31ef6 100644 --- a/launchers/sts-server/config.properties +++ b/launchers/sts-server/config.properties @@ -20,5 +20,9 @@ edc.iam.sts.clients.first.id=testClientId edc.iam.sts.clients.first.client_id=testClient edc.iam.sts.clients.first.did=did:example:first edc.iam.sts.clients.first.secret.alias=secretAlias -edc.iam.sts.clients.first.private-key.alias=1 -edc.iam.sts.clients.first.public-key.reference=public-key \ No newline at end of file +edc.iam.sts.clients.first.private-key.alias=private-key +edc.iam.sts.clients.first.public-key.reference=public-key +edc.sts.server.vaults.private.key=private-key +edc.sts.server.vaults.private.value=-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCcdt9an3yxdBij\r\nw7rpsQ2OWovjg4IJwdgS99L0tLlOHZS1pmEk0gweiurLLhRlgcYXMofxqE2UNfcE\r\nNSVJefmd9tiTb8nmfGFEivDao1VUvT3i/I1YT4CYCMB6XfKF29G4hDkJVCJ9XzeD\r\nevCIDLuZHgjVYsWwoa+aoUIvxYhA7G9/I08jmRdtoIOiCBK4U4nK+MeGaxArMJxJ\r\nNnq6W/XPNh7yocXsKW7llpgzen274j2p8lJhLd4bjVS4AWyeU59QyC72rXXUYuKv\r\nM3V3uyBV3bYXSsOcfwSgS3x629ijo/pwJV2dii/lNvBjeGi2EicyVtN1X1swnpr+\r\nuwaMrLaBAgMBAAECggEAA5ywbGozEcct+ZuKB/1VrxLAI5MB2GRnLuKVq4nKXzHq\r\nYL+sAt05A6b+GOLx/FkWEpYbbTzPDq6ov/997P/HKhUHPARy3H1EWGsIjf7tjZYL\r\n/36dq5Cz9ak6ZVDK1E7bnSHV+Gp0HIwV+bUdEqz66I6OPRE0ImSMgOURDw3avDHt\r\nNgQxuwmB/SO6ZFQEx3obdoBunlyVV1hc98Yz7lCVpy7AUf0YO2fKTBANxWt94VNw\r\nYotughve2TuhE5ll2IzWAf106lbdVwRjlIAOtyqEiFkPXYQ2xLL8FnqHSCFQ7NEu\r\n2hADr3+1jvGPKUKwsLZS1CJfkCq+wvTykl1MDCE3WQKBgQDVaomqKpbB2Qt5k6fW\r\nVc4NYE40qW1tC99xXQJ+N6jVEtR6zDnsU07Ry5mgofg5VVQIwK3BKbgoRX27VVqe\r\nUBKMeNbRnfdTkd8v6zJocXyKhJpvkw3zCCiZRfpiYpyqculW2awXqXLIP9+cDopH\r\nk2kzURlMFljP0lXfcnvrj/tO+QKBgQC7rzEjxhZjQtVm/xz+drCr8BEgc8DhJBc5\r\nuA1RCFAFgxm/8ZJcUmz6FyTZmGp22sJmH9inqFqm2eD8u8NyMH/wAnuUKUBfQ5xd\r\nV8uhVkRjoOzNyj1fdaInSD+k1Hwc8bP9g488JsWiSrR3T2SJ9dNL3ARo7bul6AYa\r\ndEp8OpWdyQKBgENmxFej370VKVSaV5WPv+Xllo13PQIFj+ojr9fhCEdTDRxDR7/l\r\nh60mmjxrKxQgaMvi3n11CZ5eZBk4GciKDXGj8GR/eU9BcLWXmHH39ZdhzcyTKwKo\r\nfvn5adyMvGHwrNUrJfjLIV8xHRQSW4XDfqQgZtbq792i1lAdvhllfb8xAoGBAJHw\r\nWDWJAj+M6IN+O/1iLV6E/cxONdzbQ3QOOcyYuiCPIKawIS7IqRSOiojoi2CAGklu\r\n2fkEX/j90oSzO/a+37yxMYazzOpGmH+8lQqPGf6eU4Rxjed8gOoqs9Jnp1qaV2r5\r\nsZcETwkzLcDYa0UbcYG7Q3KT6SXIlXZcls6if1SBAoGAZVX8F+lmmcCFIdwq1maU\r\nGgtBGsg2yW0/2JDWFMRieVDUE7dACdNdq28v0/T43YWPjjZymXxjdpxEflz/dpv9\r\noNcZuGRDL3RV8SA/LjASDh9ugAti6OWiGJ+guqqHqvHug9fJdPBMxrCjsgHBO9bm\r\nreshRjgGS9bbXlnkbxh3S0E=\r\n-----END PRIVATE KEY----- +edc.sts.server.vaults.secret.key=secretAlias +edc.sts.server.vaults.secret.value=clientSecret \ No newline at end of file diff --git a/launchers/sts-server/src/main/java/org/eclipse/edc/iam/identitytrust/sts/server/StsVaultSeedExtension.java b/launchers/sts-server/src/main/java/org/eclipse/edc/iam/identitytrust/sts/server/StsVaultSeedExtension.java new file mode 100644 index 00000000000..e23077fafc4 --- /dev/null +++ b/launchers/sts-server/src/main/java/org/eclipse/edc/iam/identitytrust/sts/server/StsVaultSeedExtension.java @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation + * + */ + +package org.eclipse.edc.iam.identitytrust.sts.server; + +import org.eclipse.edc.runtime.metamodel.annotation.Inject; +import org.eclipse.edc.spi.security.Vault; +import org.eclipse.edc.spi.system.ServiceExtension; +import org.eclipse.edc.spi.system.ServiceExtensionContext; + +import java.util.Map; + +public class StsVaultSeedExtension implements ServiceExtension { + + + public static final String VAULT_TESTING_PREFIX = "edc.sts.server.vaults"; + + public static final String VAULT_TESTING_KEY = "key"; + public static final String VAULT_TESTING_VALUE = "value"; + + @Inject + private Vault vault; + + + @Override + public void initialize(ServiceExtensionContext context) { + + var config = context.getConfig(VAULT_TESTING_PREFIX); + var secrets = config.partition().map((partition) -> { + var key = partition.getString(VAULT_TESTING_KEY); + var value = partition.getString(VAULT_TESTING_VALUE); + return Map.entry(key, value); + }).toList(); + + secrets.forEach(secret -> vault.storeSecret(secret.getKey(), secret.getValue())); + } +} \ No newline at end of file diff --git a/launchers/sts-server/sts-vault.properties b/launchers/sts-server/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension similarity index 73% rename from launchers/sts-server/sts-vault.properties rename to launchers/sts-server/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension index 90219518531..9c24e3528de 100644 --- a/launchers/sts-server/sts-vault.properties +++ b/launchers/sts-server/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -1,5 +1,5 @@ # -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at @@ -11,4 +11,5 @@ # Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation # # -secretAlias=clientSecret \ No newline at end of file + +org.eclipse.edc.iam.identitytrust.sts.server.StsVaultSeedExtension