cert-signer.git

ref: d003e6bafeed23bd7f1c05d0b550a79505e0b053

src/main/java/net/lulli/certsigner/strategy/vault/VaultCaSetup.java

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

/* 
 * This file is part of cert-signer
 * Copyright (c) 2024 Paolo Lulli.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

package net.lulli.certsigner.strategy.vault;

import net.lulli.certsigner.network.VaultLocal;
import net.lulli.certsigner.strategy.CASetupStrategy;
import net.lulli.certsigner.ca.CaData;

import java.util.Base64;
import java.util.HashMap;
import java.util.Objects;

public class VaultCaSetup implements CASetupStrategy {
    private static String vaultEndpoint = System.getenv("VAULT_ENDPOINT");
    private static String vaultToken = System.getenv("VAULT_TOKEN");

    private static final String VAULT_PATH = "cert-auth";

    private final VaultLocal vaultLocal;
    private final String serviceName;

    public VaultCaSetup(String serviceName) {
        Objects.requireNonNull(serviceName);

        this.serviceName = serviceName;
        this.vaultLocal = new VaultLocal(vaultEndpoint, vaultToken);
    }

    @Override
    public void initialize() {
        var rootSubject = "CN=root-cert, O=" + serviceName;
        var data = new HashMap<String, String>();

        CaData caData = CaData.withSubject(rootSubject);
        data.put("certificate", Base64.getEncoder().encodeToString(caData.certificate().getBytes()));
        data.put("privateKey", Base64.getEncoder().encodeToString(caData.privateKey().getBytes()));

        vaultLocal.storeSecret(VAULT_PATH + "/" + serviceName, data);
    }
}