allowing to pass encrpytion_key via environment

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
2024-10-19 22:22:07 +02:00
parent 640b49a70b
commit 84791d2deb
1 changed files with 10 additions and 16 deletions
--- a/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java
+++ b/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java
@@ -5,6 +5,7 @@ package de.srsoftware.oidc.app;
 import static de.srsoftware.oidc.api.Constants.*;
 import static de.srsoftware.oidc.api.data.Permission.*;
 import static de.srsoftware.utils.Optionals.emptyIfBlank;
 import static de.srsoftware.utils.Optionals.nullable;
 import static de.srsoftware.utils.Paths.configDir;
 import static de.srsoftware.utils.Strings.uuid;
 import static java.lang.System.Logger.Level.DEBUG;
@@ -58,19 +59,20 @@ public class Application {
 		var            defaultFile = configDir.resolve("data.json");
 		var            configFile  = (argMap.get(CONFIG_PATH) instanceof Path p ? p : configDir.resolve("config.json")).toFile();
 		var            config      = new Configuration(configFile);
 		var encryptionKey = nullable(System.getenv(ENCRYPTION_KEY)).or(() -> config.get(ENCRYPTION_KEY));
 		var            passHasher  = new UuidHasher();
 		var            firstHash   = passHasher.hash(FIRST_USER_PASS, FIRST_UUID);
 		var            firstUser   = new User(FIRST_USER, firstHash, FIRST_USER, "%s@internal".formatted(FIRST_USER), FIRST_UUID).add(MANAGE_CLIENTS, MANAGE_PERMISSIONS, MANAGE_SMTP, MANAGE_USERS);
 		FileStoreProvider fileStoreProvider = new FileStoreProvider(passHasher);
-		var	  userService	    = setupUserService(config, defaultFile, fileStoreProvider, passHasher).init(firstUser);
+		var	  userService	    = setupUserService(config, encryptionKey, defaultFile, fileStoreProvider, passHasher).init(firstUser);
 		var	  sessionService    = setupSessionService(config, defaultFile, fileStoreProvider);
-		var	  mailConfig	    = setupMailConfig(config, defaultFile, fileStoreProvider);
+		var	  mailConfig	    = setupMailConfig(config, encryptionKey, defaultFile, fileStoreProvider);
-		var	  keyStore	    = setupKeyStore(config, configDir);
+		var	  keyStore	    = setupKeyStore(config, encryptionKey, configDir);
 		KeyManager	  keyManager	    = new RotatingKeyManager(keyStore);
 		var	  authService	    = setupAuthService(config, defaultFile, fileStoreProvider);
-		var	  clientService	    = setupClientService(config, defaultFile, fileStoreProvider);
+		var	  clientService	    = setupClientService(config, encryptionKey, defaultFile, fileStoreProvider);
 		HttpServer	  server	    = HttpServer.create(new InetSocketAddress(8080), 0);
 		var	  staticPages	    = (StaticPages) new StaticPages(basePath).bindPath(STATIC_PATH, FAVICON).on(server);
 		new Forward(INDEX).bindPath(ROOT).on(server);
@@ -85,12 +87,10 @@ public class Application {
 		server.start();
 	}
-	private static ClientService setupClientService(Configuration config, Path defaultFile, FileStoreProvider fileStoreProvider) throws SQLException {
+	private static ClientService setupClientService(Configuration config, Optional<String> encryptionKey, Path defaultFile, FileStoreProvider fileStoreProvider) throws SQLException {
 		var           clientStore   = new File(config.getOrDefault("client_store", defaultFile));
 		ClientService clientService = fileStoreProvider.get(clientStore);
 		Optional<String> encryptionKey = config.get(ENCRYPTION_KEY);
 		if (encryptionKey.isPresent()) {
 			var salt      = config.getOrDefault(SALT, uuid());
 			clientService = new EncryptedClientService(encryptionKey.get(), salt, clientService);
@@ -108,12 +108,10 @@ public class Application {
 		return fileStoreProvider.get(sessionStore);
 	}
-	private static MailConfig setupMailConfig(Configuration config, Path defaultFile, FileStoreProvider fileStoreProvider) throws SQLException {
+	private static MailConfig setupMailConfig(Configuration config, Optional<String> encryptionKey, Path defaultFile, FileStoreProvider fileStoreProvider) throws SQLException {
 		var        mailConfigLocation = new File(config.getOrDefault("mail_config_storage", defaultFile));
 		MailConfig mailConfig         = fileStoreProvider.get(mailConfigLocation);
 		Optional<String> encryptionKey = config.get(ENCRYPTION_KEY);
 		if (encryptionKey.isPresent()) {
 			var salt   = config.getOrDefault(SALT, uuid());
 			mailConfig = new EncryptedMailConfig(mailConfig, encryptionKey.get(), salt);
@@ -121,12 +119,10 @@ public class Application {
 		return mailConfig;
 	}
-	private static UserService setupUserService(Configuration config, Path defaultFile, FileStoreProvider fileStoreProvider, UuidHasher passHasher) throws SQLException {
+	private static UserService setupUserService(Configuration config, Optional<String> encryptionKey, Path defaultFile, FileStoreProvider fileStoreProvider, UuidHasher passHasher) throws SQLException {
 		var         userStorageLocation = new File(config.getOrDefault("user_storage", defaultFile));
 		UserService userService	= fileStoreProvider.get(userStorageLocation);
 		Optional<String> encryptionKey = config.get(ENCRYPTION_KEY);
 		if (encryptionKey.isPresent()) {
 			var salt    = config.getOrDefault(SALT, uuid());
 			userService = new EncryptedUserService(userService, encryptionKey.get(), salt, passHasher);
@@ -134,12 +130,10 @@ public class Application {
 		return userService;
 	}
-	private static KeyStorage setupKeyStore(Configuration config, Path defaultConfigDir) throws SQLException {
+	private static KeyStorage setupKeyStore(Configuration config, Optional<String> encryptionKey, Path defaultConfigDir) throws SQLException {
 		var        keyStorageLocation = new File(config.getOrDefault("key_storage", defaultConfigDir.resolve("keys")));
 		KeyStorage keyStore           = new PlaintextKeyStore(keyStorageLocation.toPath());
 		Optional<String> encryptionKey = config.get(ENCRYPTION_KEY);
 		if (encryptionKey.isPresent()) {
 			var salt = config.getOrDefault(SALT, uuid());
 			keyStore = new EncryptedKeyStore(encryptionKey.get(), salt, keyStore);