[ES-57] Modify EthSigner to use TLS connection to Hashicorp Vault (Consensys#204)

 * Introduced following options to subcommand hashicorp-signer
`--tls-enabled` To enable TLS when connecting to Hashicorp Vault. True by default
`--tls-known-server-file` (Optional) Path to the file containing Hashicorp Vault's host, port and self-signed certificate fingerprint

* Acceptance tests using Dockerized Hashicorp Vault in TLS mode 

Signed-off-by: Sally MacFarlane <sally.macfarlane@consensys.net>

Co-authored-by: Usman Saleem <usman@usmans.info>

Author: macfarla

acceptance-tests/build.gradle

@@ -16,8 +16,10 @@ dependencies {
   testRuntimeOnly 'javax.activation:activation'
   testRuntimeOnly 'org.apache.logging.log4j:log4j-core'
   testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
+  testRuntimeOnly 'org.bouncycastle:bcpkix-jdk15on'
 
   testImplementation project(':ethsigner:core')
+  testImplementation project(path: ':ethsigner:signer:multikey', configuration: 'testSupportArtifacts')
 
   testImplementation 'com.github.docker-java:docker-java'
   testImplementation 'org.junit.jupiter:junit-jupiter-api'
@@ -39,5 +41,7 @@ task acceptanceTest(type: Test) {
   group = 'verification'
 
   useJUnitPlatform()
+  // toggle to show standard out and standard error of the test JVM(s) on the console
+  testLogging.showStandardStreams = false
 }
 acceptanceTest.dependsOn(rootProject.installDist)

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/dsl/hashicorp/HashicorpNode.java

@@ -0,0 +1,102 @@
+/*
+ * Copyright 2020 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.ethsigner.tests.dsl.hashicorp;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Optional;
+
+import com.github.dockerjava.api.DockerClient;
+import org.apache.tuweni.net.tls.TLS;
+
+public class HashicorpNode {
+  private final HashicorpVaultDockerCertificate hashicorpVaultDockerCertificate;
+  private final DockerClient dockerClient;
+  private HashicorpVaultDocker hashicorpVaultDocker;
+  private Optional<Path> knownServerFile = Optional.empty();
+
+  private HashicorpNode(final DockerClient dockerClient) {
+    this(dockerClient, null);
+  }
+
+  private HashicorpNode(
+      final DockerClient dockerClient,
+      final HashicorpVaultDockerCertificate hashicorpVaultDockerCertificate) {
+    this.dockerClient = dockerClient;
+    this.hashicorpVaultDockerCertificate = hashicorpVaultDockerCertificate;
+  }
+
+  public static HashicorpNode createAndStartHashicorp(
+      final DockerClient dockerClient, final boolean withTls) {
+    final HashicorpNode hashicorpNode =
+        withTls
+            ? new HashicorpNode(dockerClient, HashicorpVaultDockerCertificate.create())
+            : new HashicorpNode(dockerClient);
+    hashicorpNode.start();
+    return hashicorpNode;
+  }
+
+  private void start() {
+    hashicorpVaultDocker =
+        HashicorpVaultDocker.createVaultDocker(dockerClient, hashicorpVaultDockerCertificate);
+    Runtime.getRuntime().addShutdownHook(new Thread(this::shutdown));
+
+    if (isTlsEnabled()) {
+      knownServerFile = Optional.of(createKnownServerFile());
+    }
+  }
+
+  public void shutdown() {
+    if (hashicorpVaultDocker != null) {
+      hashicorpVaultDocker.shutdown();
+    }
+  }
+
+  public String getVaultToken() {
+    return hashicorpVaultDocker.getHashicorpRootToken();
+  }
+
+  public String getHost() {
+    return hashicorpVaultDocker.getIpAddress();
+  }
+
+  public String getSigningKeyPath() {
+    return hashicorpVaultDocker.getVaultSigningKeyPath();
+  }
+
+  public int getPort() {
+    return hashicorpVaultDocker.getPort();
+  }
+
+  public boolean isTlsEnabled() {
+    return hashicorpVaultDockerCertificate != null;
+  }
+
+  public Optional<Path> getKnownServerFilePath() {
+    return knownServerFile;
+  }
+
+  private Path createKnownServerFile() {
+    try {
+      final Path tempFile = Files.createTempFile("knownServer", ".txt");
+      final String hexFingerprint =
+          TLS.certificateHexFingerprint(hashicorpVaultDockerCertificate.getTlsCertificate());
+      Files.writeString(tempFile, String.format("%s:%d %s", getHost(), getPort(), hexFingerprint));
+      return tempFile;
+    } catch (final IOException e) {
+      throw new UncheckedIOException(e);
+    }
+  }
+}