Package it.pagopa.swclient.mil.azureservices.keyvault.keys.service

Class AzureKeyVaultKeysReactiveServiceImpl

java.lang.Object

it.pagopa.swclient.mil.azureservices.keyvault.keys.service.AzureKeyVaultKeysReactiveServiceImpl

All Implemented Interfaces:

AzureKeyVaultKeysReactiveService

@ApplicationScoped
public class AzureKeyVaultKeysReactiveServiceImpl
extends Object
implements AzureKeyVaultKeysReactiveService

This service is a kind of wrapper of AzureKeyVaultKeysReactiveClient which implements:

• the retrieving, caching (done by means of AzureIdentityReactiveService) and renewal (when it expires or when used the resource API returns 401 or 403) of the access token from Microsoft Entra ID that will be used with Azure Key Vault (by means of AzureKeyVaultKeysReactiveClient);
• the retrying with exponential back-off in case of 429 from Azure Key Vault.

To use this service, the application.properties should have the definition of the following properties to control the back-off policy:

• azure-key-vault-keys.backoff.initial-duration
• azure-key-vault-keys.backoff.jitter
• azure-key-vault-keys.backoff.number-of-attempts

For production profile, be sure that application.properties has azure-key-vault-keys.emulator.enabled=false or azure-key-vault-keys.emulator.enabled isn't present at all, otherwise the Azure Key Vault emulator will be use

Author:

Antonio Tarricone

Field Summary

Fields

Modifier and Type	Field	Description
private String	accessTokenValue	Cached access token.
private AzureIdentityReactiveService	identityService	Service to retrieve the access token from Microsoft Entra ID.
(package private) int	initialBackoff	Initial back-off duration in seconds.
(package private) double	jitter	Jitter of back-off policy: it must be in [0; 1]
(package private) AzureKeyVaultKeysReactiveClient	keysClient	REST client to use Azure Key Vault.
(package private) int	numberOfAttempts	Number of retries.

Constructor Summary

Constructors

Constructor	Description
AzureKeyVaultKeysReactiveServiceImpl(AzureIdentityReactiveService identityService)	Constructor.

Method Summary

Modifier and Type	Method	Description
(package private) Object	authenticate(jakarta.interceptor.InvocationContext context)	This method decorates the others:
io.smallrye.mutiny.Uni<KeyBundle>	createKey(String keyName, KeyCreateParameters keyCreateParameters)	Creates a new key, stores it, then returns key parameters and attributes to the client.
io.smallrye.mutiny.Uni<KeyOperationResult>	decrypt(String keyName, String keyVersion, KeyOperationParameters keyOperationParameters)	Decrypts a single block of encrypted data.
io.smallrye.mutiny.Uni<DeletedKeyBundle>	deleteKey(String keyName)	Deletes a key of any type from storage in Azure Key Vault.
io.smallrye.mutiny.Uni<KeyOperationResult>	encrypt(String keyName, String keyVersion, KeyOperationParameters keyOperationParameters)	Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault.
io.smallrye.mutiny.Uni<KeyBundle>	getKey(String keyName, String keyVersion)	Returns the public part of a stored key.
io.smallrye.mutiny.Uni<KeyListResult>	getKeys()	Lists keys in the specified vault.
io.smallrye.mutiny.Uni<KeyListResult>	getKeys(String skiptoken)	Lists keys in the specified vault.
io.smallrye.mutiny.Uni<KeyListResult>	getKeyVersions(String keyName)	Returns a list of individual key versions with the same key name.
io.smallrye.mutiny.Uni<KeyListResult>	getKeyVersions(String keyName, String skiptoken)	Returns a list of individual key versions with the same key name.
private io.smallrye.mutiny.Uni<Object>	proceed(jakarta.interceptor.InvocationContext context)	Transforms Exception in RuntimeException to allow handling with Mutiny.
io.smallrye.mutiny.Uni<KeyOperationResult>	sign(String keyName, String keyVersion, KeySignParameters keySignParameters)	Creates a signature from a digest using the specified key.
io.smallrye.mutiny.Uni<KeyVerifyResult>	verify(String keyName, String keyVersion, KeyVerifyParameters keyVerifyParameters)	Verifies a signature using a specified key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

initialBackoff

int initialBackoff

Initial back-off duration in seconds.

jitter

double jitter

Jitter of back-off policy: it must be in [0; 1]

numberOfAttempts

int numberOfAttempts

Number of retries.

identityService

private AzureIdentityReactiveService identityService

Service to retrieve the access token from Microsoft Entra ID.

See Also:

• AzureIdentityReactiveService

keysClient

@RestClient
AzureKeyVaultKeysReactiveClient keysClient

REST client to use Azure Key Vault.

See Also:

• AzureKeyVaultKeysReactiveClient

accessTokenValue

private String accessTokenValue

Cached access token.

Constructor Details

AzureKeyVaultKeysReactiveServiceImpl

@Inject
AzureKeyVaultKeysReactiveServiceImpl(AzureIdentityReactiveService identityService)

Constructor.

Parameters:

identityService - AzureIdentityReactiveService

Method Details

proceed

private io.smallrye.mutiny.Uni<Object> proceed(jakarta.interceptor.InvocationContext context)

Transforms Exception in RuntimeException to allow handling with Mutiny.

Parameters:

context - InvocationContext

Returns:

Object returned by the target method.

authenticate

Object authenticate(jakarta.interceptor.InvocationContext context)

This method decorates the others:

• retrieving the access token from Microsoft Entra ID by means of AzureIdentityReactiveService;
• renewing of the access token from Microsoft Entra ID the invoked target API returns 401 or 403;
• retrying with exponential back-off in case of 429 from Azure Key Vault.

Parameters:

context - InvocationContext

Returns:

Object returned by the target method.

createKey

public io.smallrye.mutiny.Uni<KeyBundle> createKey(String keyName,
 KeyCreateParameters keyCreateParameters)

Creates a new key, stores it, then returns key parameters and attributes to the client.

Specified by:

createKey in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name for the new key. Regex pattern: ^[0-9a-zA-Z-]+$

keyCreateParameters - KeyCreateParameters

Returns:

KeyBundle

getKeys

public io.smallrye.mutiny.Uni<KeyListResult> getKeys()

Lists keys in the specified vault.

Specified by:

getKeys in interface AzureKeyVaultKeysReactiveService

Returns:

KeyListResult

getKeys

public io.smallrye.mutiny.Uni<KeyListResult> getKeys(String skiptoken)

Lists keys in the specified vault.

Specified by:

getKeys in interface AzureKeyVaultKeysReactiveService

Parameters:

skiptoken - Token to handle paging.

Returns:

KeyListResult

getKey

public io.smallrye.mutiny.Uni<KeyBundle> getKey(String keyName,
 String keyVersion)

Returns the public part of a stored key.

Specified by:

getKey in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key to get.

keyVersion - The version of the key.

Returns:

KeyBundle

getKeyVersions

public io.smallrye.mutiny.Uni<KeyListResult> getKeyVersions(String keyName)

Returns a list of individual key versions with the same key name.

Specified by:

getKeyVersions in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key.

Returns:

KeyListResult

getKeyVersions

public io.smallrye.mutiny.Uni<KeyListResult> getKeyVersions(String keyName,
 String skiptoken)

Returns a list of individual key versions with the same key name.

Specified by:

getKeyVersions in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key.

skiptoken - Token to handle paging.

Returns:

KeyListResult

sign

public io.smallrye.mutiny.Uni<KeyOperationResult> sign(String keyName,
 String keyVersion,
 KeySignParameters keySignParameters)

Creates a signature from a digest using the specified key.

Specified by:

sign in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key.

keyVersion - The version of the key.

keySignParameters - KeySignParameters

Returns:

KeyOperationResult

verify

public io.smallrye.mutiny.Uni<KeyVerifyResult> verify(String keyName,
 String keyVersion,
 KeyVerifyParameters keyVerifyParameters)

Verifies a signature using a specified key.

Specified by:

verify in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key.

keyVersion - The version of the key.

keyVerifyParameters - KeyVerifyParameters

Returns:

KeyVerifyResult

encrypt

public io.smallrye.mutiny.Uni<KeyOperationResult> encrypt(String keyName,
 String keyVersion,
 KeyOperationParameters keyOperationParameters)

Encrypts an arbitrary sequence of bytes using an encryption key that is stored in a key vault.

Specified by:

encrypt in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key.

keyVersion - The version of the key.

keyOperationParameters - KeyOperationParameters

Returns:

KeyOperationResult

decrypt

public io.smallrye.mutiny.Uni<KeyOperationResult> decrypt(String keyName,
 String keyVersion,
 KeyOperationParameters keyOperationParameters)

Decrypts a single block of encrypted data.

Specified by:

decrypt in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key.

keyVersion - The version of the key.

keyOperationParameters - KeyOperationParameters

Returns:

KeyOperationResult

deleteKey

public io.smallrye.mutiny.Uni<DeletedKeyBundle> deleteKey(String keyName)

Deletes a key of any type from storage in Azure Key Vault.

Specified by:

deleteKey in interface AzureKeyVaultKeysReactiveService

Parameters:

keyName - The name of the key to delete.

Returns:

DeletedKeyBundle