[AFP 001] Implementation For Azure Vault

pom.xml

@@ -28,6 +28,18 @@
             <artifactId>azure-storage</artifactId>
             <version>8.6.4</version>
         </dependency>
+
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-security-keyvault-secrets</artifactId>
+            <version>4.2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-identity</artifactId>
+            <version>1.2.0</version>
+        </dependency>
+
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpg-jdk16</artifactId>

src/main/java/com/nisum/demo/blobStorage/BlobTriggerFunction.java

@@ -2,16 +2,13 @@ package com.nisum.demo.blobStorage;
 
 import com.microsoft.azure.functions.annotation.*;
 import com.microsoft.azure.functions.*;
-import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPPublicKey;
-import org.bouncycastle.openpgp.PGPSecretKey;
+import com.nisum.demo.blobStorage.pgp.PGPService;
+import com.nisum.demo.blobStorage.pgp.PGPUtils;
+import java.io.IOException;
 
 import java.io.*;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SignatureException;
 import java.util.PropertyResourceBundle;
 import java.util.ResourceBundle;
 import java.util.regex.Pattern;
@@ -25,11 +22,13 @@ public class BlobTriggerFunction {
      */
     @FunctionName("BlobTriggerFunc")
     public void run(
-        @BlobTrigger(name = "file", path = "test/{name}", dataType = "binary", connection = "AzureWebJobsStorage") byte[] content,
-        @BindingName("name") String name,
-        final ExecutionContext context
+            @BlobTrigger(name = "file", path = "test/{name}", dataType = "binary", connection = "AzureWebJobsStorage")
+                    byte[] content,
+            @BindingName("name") String name,
+            final ExecutionContext context
     ) throws IOException {
-        ResourceBundle resourceBundle = new PropertyResourceBundle(new FileInputStream("/Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/application.properties"));
+        ResourceBundle resourceBundle = new PropertyResourceBundle(new FileInputStream(
+                "/Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/application.properties"));
         if (Pattern.matches("[a-z|A-Z]*.csv", name)) {
             String directoryPath = resourceBundle.getString("files.directory.path") + name;
             if (!Files.exists(Paths.get(directoryPath))) {
@@ -40,38 +39,12 @@ public class BlobTriggerFunction {
                 fileOutputStream.write(content);
             }
 
-            InputStream inputStreamSecretKey = new FileInputStream(resourceBundle.getString("gpg.keychain.secret.key"));
-            InputStream inputStreamPublicKey = new FileInputStream(resourceBundle.getString("gpg.keychain.public.key"));
-            char[] pass = {'n', 'i', 's', 'u', 'm', '1', '2', '3', '4'};
+            PGPService pgpService = new PGPService();
+            pgpService.encryptFile(name);
 
-            // Writes data to the output stream
-            OutputStream outbound = new FileOutputStream(resourceBundle.getString("encrypted.files.directory.path") + name.replaceFirst(".csv",".asc"));
-            String inbound= resourceBundle.getString("files.directory.path") + name;
-
-            try {
-//            use it when using only public key
-//            PGPPublicKey key = PGPUtils.readPublicKey(inputStream);
-
-//            use it to get secret key when using public + private key
-//            PGPSecretKey pgpSecretKey = PGPUtils.readSecretKey(inputStream);
-
-//                for encryption
-                PGPUtils.encryptAndSignFile(outbound, inbound, inputStreamPublicKey, inputStreamSecretKey, true, true, pass);
-                context.getLogger().info("---File Encrypted---");
-
-
-//                for decryption
-//                InputStream fileToBeDecrypt = new FileInputStream(resourceBundle.getString("encrypted.files.directory.path") + name.replaceFirst(".csv", ".asc"));
-//                OutputStream inboundN = new FileOutputStream(resourceBundle.getString("decrypted.files.directory.path"));
-//                PGPUtils.decryptFile(fileToBeDecrypt, inboundN, inputStreamSecretKey, pass, inputStreamPublicKey);
-
-
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-            // Closes the output stream
+            context.getLogger()
+                    .info("Java Blob trigger function processed a blob. Name: " + name + "\n  Size: " + content.length +
+                            " Bytes");
         }
-
-        context.getLogger().info("Java Blob trigger function processed a blob. Name: " + name + "\n  Size: " + content.length + " Bytes");
     }
 }

src/main/java/com/nisum/demo/blobStorage/DecryptService.java

-package com.nisum.demo.blobStorage;
-
-import java.io.IOException;
-import java.security.NoSuchProviderException;
-import java.security.SignatureException;
-
-import org.bouncycastle.openpgp.PGPException;
-
-public abstract class DecryptService {
-
-    /**
-     * Decrypt the input file and move it to output folder.
-     *
-     * @param inputPath encrypted file path
-     * @param outputPath destination file path
-     * @param secretKeyPath secret key file path
-     * @param partnerPublicKeyPath partner public key file path
-     * @param passPhrase pass phrase use to generate secret key
-     * @throws NoSuchProviderException thrown when security provider not found
-     * @throws IOException throws when unable accessing file path.
-     * @throws PGPException thrown when error performing PGP decryption
-     * @throws SignatureException when error performing verification of signature
-     */
-    abstract void decrypt(String inputPath, String outputPath, String secretKeyPath, String partnerPublicKeyPath, String passPhrase)
-            throws NoSuchProviderException, IOException, PGPException, SignatureException;
-
-}

src/main/java/com/nisum/demo/blobStorage/pgp/PGPService.java

+package com.nisum.demo.blobStorage.pgp;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.PropertyResourceBundle;
+import java.util.ResourceBundle;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PGPService {
+    Logger logger = LoggerFactory.getLogger(PGPService.class);
+
+    public void encryptFile(String name) throws IOException {
+        ResourceBundle resourceBundle = new PropertyResourceBundle(new FileInputStream("/Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/application.properties"));
+
+        InputStream inputStreamSecretKey = new FileInputStream(resourceBundle.getString("gpg.keychain.secret.key"));
+        InputStream inputStreamPublicKey = new FileInputStream(resourceBundle.getString("gpg.keychain.public.key"));
+        char[] pass = {'n', 'i', 's', 'u', 'm', '1', '2', '3', '4'};
+
+        // Writes data to the output stream
+        OutputStream
+                outbound = new FileOutputStream(resourceBundle.getString("encrypted.files.directory.path") + name.replaceFirst(".csv",".asc"));
+        String inbound= resourceBundle.getString("files.directory.path") + name;
+
+        try {
+//            use it when using only public key
+//            PGPPublicKey key = PGPUtils.readPublicKey(inputStream);
+
+//            use it to get secret key when using public + private key
+//            PGPSecretKey pgpSecretKey = PGPUtils.readSecretKey(inputStream);
+
+//                for encryption
+            PGPUtils.encryptAndSignFile(outbound, inbound, inputStreamPublicKey, inputStreamSecretKey, true, true, pass);
+            logger.info("---File Encrypted---");
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+    }
+
+    public void decryptFile(String name) throws IOException {
+        ResourceBundle resourceBundle = new PropertyResourceBundle(new FileInputStream("/Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/application.properties"));
+
+        InputStream inputStreamSecretKey = new FileInputStream(resourceBundle.getString("gpg.keychain.secret.key"));
+        InputStream inputStreamPublicKey = new FileInputStream(resourceBundle.getString("gpg.keychain.public.key"));
+        char[] pass = {'n', 'i', 's', 'u', 'm', '1', '2', '3', '4'};
+
+        // Writes data to the output stream
+        OutputStream
+                outbound = new FileOutputStream(resourceBundle.getString("encrypted.files.directory.path") + name.replaceFirst(".csv",".asc"));
+        String inbound= resourceBundle.getString("files.directory.path") + name;
+
+        try {
+//            use it when using only public key
+//            PGPPublicKey key = PGPUtils.readPublicKey(inputStream);
+
+//            use it to get secret key when using public + private key
+//            PGPSecretKey pgpSecretKey = PGPUtils.readSecretKey(inputStream);
+
+//                for decryption
+            InputStream fileToBeDecrypt = new FileInputStream(resourceBundle.getString
+                    ("encrypted.files.directory.path") + name.replaceFirst(".csv", ".asc"));
+            OutputStream inboundN = new FileOutputStream(resourceBundle.getString("decrypted.files.directory.path"));
+            PGPUtils.decryptFile(fileToBeDecrypt, inboundN, inputStreamSecretKey, pass, inputStreamPublicKey);
+            logger.info("---File Decrypted---");
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+    }
+
+}

src/main/java/com/nisum/demo/blobStorage/PGPUtils.java → src/main/java/com/nisum/demo/blobStorage/pgp/PGPUtils.java

-package com.nisum.demo.blobStorage;
+package com.nisum.demo.blobStorage.pgp;
 
 import java.io.ByteArrayOutputStream;
 import java.io.File;

src/main/java/com/nisum/demo/blobStorage/vault/VaultService.java

+package com.nisum.demo.blobStorage.vault;
+
+import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
+
+public interface VaultService {
+
+    KeyVaultSecret getSecret(String secretName);
+
+
+}

src/main/java/com/nisum/demo/blobStorage/vault/VaultServiceImpl.java

+package com.nisum.demo.blobStorage.vault;
+
+import com.azure.identity.ClientSecretCredential;
+import com.azure.identity.ClientSecretCredentialBuilder;
+import com.azure.identity.DefaultAzureCredentialBuilder;
+import com.azure.identity.IntelliJCredentialBuilder;
+import com.azure.security.keyvault.secrets.SecretClient;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
+import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
+
+public class VaultServiceImpl implements VaultService{
+
+
+    @Override
+    public KeyVaultSecret getSecret(String secretName) {
+        String keyVaultName = System.getenv("KEY_VAULT_NAME");
+        String keyVaultUri = "https://" + keyVaultName + ".vault.azure.net";
+
+        SecretClient secretClient = new SecretClientBuilder()
+                .vaultUrl(keyVaultUri)
+                .credential(new DefaultAzureCredentialBuilder().tenantId("9d5e236a-3d55-4026-932a-054f975852e0").build())
+                .buildClient();
+        return secretClient.getSecret(secretName);
+    }
+}

src/main/resources/application.properties

+
 files.directory.path = /Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/files/
 encrypted.files.directory.path = /Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/encrypted/
 decrypted.files.directory.path = /Users/eali/Projects/azure/myazurefunctionsdemo/src/main/resources/decrypted/a.csv