add logic to handle azure operator key load

IABTechLab · Oct 26, 2023 · d1e66ea · d1e66ea
1 parent 7522a25
commit d1e66ea
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -36,14 +36,34 @@
         <dependency>
             <groupId>com.uid2</groupId>
             <artifactId>uid2-attestation-api</artifactId>
-            <version>1.1.0</version>
+            <version>1.5.0-676519b018</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
             <version>2.10</version>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-security-keyvault-secrets</artifactId>
+            <version>4.7.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-identity</artifactId>
+            <version>1.10.1</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.3.5</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.3.5</version>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

diff --git a/src/main/java/com/uid2/attestation/azure/AzureVaultOperatorKeyRetriever.java b/src/main/java/com/uid2/attestation/azure/AzureVaultOperatorKeyRetriever.java
@@ -0,0 +1,37 @@
+package com.uid2.attestation.azure;
+
+import com.azure.identity.ManagedIdentityCredentialBuilder;
+import com.azure.security.keyvault.secrets.SecretClientBuilder;
+import com.uid2.enclave.IOperatorKeyRetriever;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AzureVaultOperatorKeyRetriever implements IOperatorKeyRetriever {
+    private static final Logger LOGGER = LoggerFactory.getLogger(AzureVaultOperatorKeyRetriever.class);
+
+    private final String vaultName;
+    private final String secretName;
+
+
+    public AzureVaultOperatorKeyRetriever(String vaultName, String secretName) {
+        this.vaultName = vaultName;
+        this.secretName = secretName;
+    }
+
+    // ManagedIdentityCredential is used here.
+    @Override
+    public String retrieve() {
+        String vaultUrl = "https://" + this.vaultName + ".vault.azure.net";
+        LOGGER.info(String.format("Load OperatorKey secret (%s) from %s", this.secretName, vaultUrl));
+        // Use default ExponentialBackoff retry policy
+        var secretClient = new SecretClientBuilder()
+                .vaultUrl(vaultUrl)
+                .credential(new ManagedIdentityCredentialBuilder().build())
+                .buildClient();
+
+        var retrievedSecret = secretClient.getSecret(secretName);
+
+        LOGGER.info("OperatorKey secret is loaded.");
+        return retrievedSecret.getValue();
+    }
+}