Пример #1
0
        /// <inheritdoc/>
        public override async Task RunAsync(CommandLine commandLine)
        {
            if (commandLine.HasHelpOption)
            {
                Console.WriteLine(usage);
                Program.Exit(0);
            }

            var path         = commandLine.Arguments.ElementAtOrDefault(0);
            var passwordName = commandLine.Arguments.ElementAtOrDefault(1);

            if (string.IsNullOrEmpty(path))
            {
                Console.Error.WriteLine("*** ERROR: The PATH argument is required.");
                Program.Exit(1);
            }

            if (string.IsNullOrEmpty(passwordName))
            {
                passwordName = Program.GetDefaultPasswordName(path);
            }

            if (string.IsNullOrEmpty(passwordName))
            {
                Console.Error.WriteLine("*** ERROR: A PASSWORD-NAME argument or [.password-name] file is required.");
                Program.Exit(1);
            }

            var vault    = new NeonVault(Program.LookupPassword);
            var fileName = Path.GetFileName(path);

            using (var tempFolder = new TempFolder())
            {
                var tempPath = Path.Combine(tempFolder.Path, fileName);

                // Create an empty temporary file, encrypt it to the target
                // file, and then launch the editor on the temporary file.

                File.WriteAllBytes(tempPath, Array.Empty<byte>());
                vault.Encrypt(tempPath, path, passwordName);
                NeonHelper.OpenEditor(tempPath);

                // Re-encrypt the just edited temporary file to the target.

                vault.Encrypt(tempPath, path, passwordName);
            }

            Program.Exit(0);
            await Task.CompletedTask;
        }
Пример #2
0
        public void BadPasswordNames()
        {
            // Verify the proper exception when a password name is invalid.

            var vault = new NeonVault(passwordName => NeonHelper.GetCryptoRandomPassword(20));

            using (var source = new MemoryStream(unencryptedBytes))
            {
                Assert.Throws <CryptographicException>(() => vault.Encrypt(source, null));
                Assert.Throws <CryptographicException>(() => vault.Encrypt(source, string.Empty));
                Assert.Throws <CryptographicException>(() => vault.Encrypt(source, "bad\\name"));
                Assert.Throws <CryptographicException>(() => vault.Encrypt(source, "bad/name"));
                Assert.Throws <CryptographicException>(() => vault.Encrypt(source, "bad.name!"));
            }
        }
Пример #3
0
        public void GoodPasswordNames()
        {
            // Verify valid password names.

            var vault = new NeonVault(passwordName => NeonHelper.GetCryptoRandomPassword(20));

            using (var source = new MemoryStream(unencryptedBytes))
            {
                vault.Encrypt(source, "a");
                vault.Encrypt(source, "a_b");
                vault.Encrypt(source, "a.b");
                vault.Encrypt(source, "a-b");
                vault.Encrypt(source, "a1");
            }
        }
Пример #4
0
        public async Task EncryptedFileConfig()
        {
            // Restart the service specifying the configuration via
            // an encrypted physical configuration file.

            var password = "******";
            var vault    = new NeonVault(passwordName => password);

            using (var tempFolder = new TempFolder())
            {
                var decryptedPath = Path.Combine(tempFolder.Path, "decrypted");
                var encryptedPath = Path.Combine(tempFolder.Path, "encrypted");

                File.WriteAllText(decryptedPath, "From: ENCRYPTED FILE");
                vault.Encrypt(decryptedPath, encryptedPath, "foo");
                Assert.True(NeonVault.IsEncrypted(encryptedPath));

                var service = CreateService();

                service.SetConfigFilePath("/etc/web/response", encryptedPath, passwordName => password);

                fixture.Restart(() => service);
                Assert.True(fixture.IsRunning);

                var client = fixture.GetHttpClient();

                Assert.Equal("From: ENCRYPTED FILE", await client.GetStringAsync("/"));
            }
        }
Пример #5
0
        public async Task VariableInjectEncrypted()
        {
            var orgDirectory = Environment.CurrentDirectory;

            try
            {
                using (var testManager = new KubeTestManager())
                {
                    using (var runner = new ProgramRunner())
                    {
                        using (var tempFolder = new TempFolder())
                        {
                            Environment.CurrentDirectory = tempFolder.Path;

                            var vault = new NeonVault(Program.LookupPassword);

                            // Create a test password and a [.password-name] file in the
                            // temp test folder.

                            var result = await runner.ExecuteAsync(Program.Main, "tool", "password", "set", "test");

                            Assert.Equal(0, result.ExitCode);

                            //-------------------------------------------------
                            // Verify that we can inject variables into an
                            // ENCRYPTED file.

                            File.WriteAllText("test.cmd", "type %1 > output.txt");

                            File.WriteAllText("file.txt",
                                              @"
$<<TEST_A>>
$<<TEST_B>>
$<<TEST_C>>
$<<TEST_D>>
");
                            File.WriteAllBytes("file.txt", vault.Encrypt("file.txt", "test"));
                            Assert.True(NeonVault.IsEncrypted("file.txt"));

                            result = await runner.ExecuteAsync(Program.Main, "tool", "run", "--TEST_A=A-VALUE", "--TEST_B=B-VALUE", "--TEST_C=C-VALUE", "--TEST_D=D-VALUE", "--", "test.cmd", "_..file.txt");

                            Assert.Equal(0, result.ExitCode);

                            var output = File.ReadAllText("output.txt");

                            Assert.Contains("A-VALUE", output);
                            Assert.Contains("B-VALUE", output);
                            Assert.Contains("C-VALUE", output);
                            Assert.Contains("D-VALUE", output);
                            File.Delete("output.txt");
                            File.Delete("file.txt");
                        }
                    }
                }
            }
            finally
            {
                Environment.CurrentDirectory = orgDirectory;
            }
        }
Пример #6
0
        public async Task EncryptedEnvironmentFileConfig()
        {
            // Restart the service specifying by loading an encrypted file with
            // the environment variable assignment.

            var password = "******";
            var vault    = new NeonVault(passwordName => password);

            using (var tempFolder = new TempFolder())
            {
                var decryptedPath = Path.Combine(tempFolder.Path, "decrypted");
                var encryptedPath = Path.Combine(tempFolder.Path, "encrypted");

                File.WriteAllText(decryptedPath,
                                  @"# This is a comment.

WEB_RESULT=HELLO WORLD! (encrypted)
");

                var service = CreateService();

                service.LoadEnvironmentVariableFile(decryptedPath);
                vault.Encrypt(decryptedPath, encryptedPath, "foo");
                Assert.True(NeonVault.IsEncrypted(encryptedPath));

                fixture.Restart(() => service);
                Assert.True(fixture.IsRunning);

                var client = fixture.GetHttpClient();

                Assert.Equal("HELLO WORLD! (encrypted)", await client.GetStringAsync("/"));
            }
        }
Пример #7
0
        public void StreamToStream()
        {
            var vault = new NeonVault(GetPassword);

            using (var tempFolder = new TempFolder())
            {
                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath = Path.Combine(tempFolder.Path, "target.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                using (var source = new FileStream(sourcePath, FileMode.Open, FileAccess.Read))
                {
                    using (var target = new FileStream(targetPath, FileMode.Create, FileAccess.ReadWrite))
                    {
                        vault.Encrypt(source, target, "password-1");
                    }
                }

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }
            }
        }
Пример #8
0
        public void WrongPassword()
        {
            // Verify that we can detect that the wrong password was used.

            using (var tempFolder = new TempFolder())
            {
                var vault      = new NeonVault(passwordName => password1);
                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath = Path.Combine(tempFolder.Path, "target.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }

                vault = new NeonVault(passwordName => password2);   // This uses the wrong password.

                Assert.Throws <CryptographicException>(
                    () =>
                {
                    using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                    {
                        vault.Decrypt(target);
                    }
                });
            }
        }
Пример #9
0
        public void NoPassword()
        {
            // Verify the proper exception when a named password cannot be found.

            var vault = new NeonVault(passwordName => throw new KeyNotFoundException());

            using (var source = new MemoryStream(unencryptedBytes))
            {
                Assert.Throws <CryptographicException>(() => vault.Encrypt(source, "password-1"));
            }

            // Verify the exception when an encrypted file references a password
            // that doesn't exist.

            using (var tempFolder = new TempFolder())
            {
                vault = new NeonVault(passwordName => password1);

                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                var encrypted = vault.Encrypt(sourcePath, "password-1");

                vault = new NeonVault(passwordName => throw new KeyNotFoundException());

                using (var source = new MemoryStream(encrypted))
                {
                    Assert.Throws <CryptographicException>(() => vault.Decrypt(source));
                }
            }
        }
Пример #10
0
        public void TamperDetect()
        {
            // Verify that we can detect that the data has been tampered with.

            var vault = new NeonVault(GetPassword);

            using (var tempFolder = new TempFolder())
            {
                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath = Path.Combine(tempFolder.Path, "target.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }

                // Modify the last HEX digit in the target file and verify
                // that decryption fails.

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.ReadWrite))
                {
                    var encrypted = new byte[(int)target.Length];

                    target.Read(encrypted, 0, encrypted.Length);

                    var lastHexDigit = (char)encrypted[encrypted.Length - 1];

                    if (lastHexDigit == '0')
                    {
                        lastHexDigit = '1';
                    }
                    else
                    {
                        lastHexDigit = '0';
                    }

                    encrypted[encrypted.Length - 1] = (byte)lastHexDigit;

                    target.Position = 0;
                    target.Write(encrypted);
                }

                Assert.Throws <CryptographicException>(
                    () =>
                {
                    using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                    {
                        var decrypted = vault.Decrypt(target);

                        Assert.Equal(unencryptedBytes, decrypted);
                    }
                });
            }
        }
Пример #11
0
        public void LoadEnvironmentEncrypted()
        {
            // Verify that we can load an encryoted settings file into the
            // environment variables.

            using (var testManager = new KubeTestManager())
            {
                try
                {
                    using (var tempFile = new TempFile())
                    {
                        // Initialze the file.

                        using (var writer = new StreamWriter(tempFile.Path))
                        {
                            foreach (var item in testSettings)
                            {
                                writer.WriteLine($"{item.Key}={item.Value}");
                            }
                        }

                        var passwordPath = Path.Combine(KubeHelper.PasswordsFolder, "test");

                        File.WriteAllText(passwordPath, password);

                        var vault = new NeonVault(KubeHelper.LookupPassword);

                        File.WriteAllBytes(tempFile.Path, vault.Encrypt(tempFile.Path, "test"));
                        Assert.True(NeonVault.IsEncrypted(tempFile.Path));

                        // Perform the test.

                        Assert.Null(TestContext.Current);

                        using (var testContext = new TestContext())
                        {
                            Assert.Same(testContext, TestContext.Current);

                            testContext.LoadEnvironment(tempFile.Path, KubeHelper.LookupPassword);

                            foreach (var item in testSettings)
                            {
                                Assert.Equal(item.Value, Environment.GetEnvironmentVariable(item.Key));
                            }
                        }
                    }
                }
                finally
                {
                    // Be sure to remove the test enmvironment variables.

                    foreach (var item in testSettings)
                    {
                        Environment.SetEnvironmentVariable(item.Key, null);
                    }
                }
            }
        }
Пример #12
0
        public void LowercaseHEX()
        {
            // Verify that we can process lower-case HEX digits.

            var vault = new NeonVault(GetPassword);

            using (var tempFolder = new TempFolder())
            {
                var sourcePath  = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath  = Path.Combine(tempFolder.Path, "target.txt");
                var target2Path = Path.Combine(tempFolder.Path, "target2.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var targetReader = new StreamReader(targetPath))
                {
                    using (var target2Writer = new StreamWriter(target2Path))
                    {
                        // Copy the first line as-is and then write the remaining lines
                        // as lowercase.

                        var first = true;

                        foreach (var line in targetReader.Lines())
                        {
                            if (first)
                            {
                                target2Writer.WriteLine(line);
                                first = false;
                            }
                            else
                            {
                                target2Writer.WriteLine(line.ToUpperInvariant());
                            }
                        }
                    }
                }

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }
            }
        }
Пример #13
0
        public void LoadSettingsEncrypted()
        {
            // Verify that we can load an encrypted settings file into the
            // [TestContext.Settings] dictionary.

            using (var testManager = new KubeTestManager())
            {
                using (var tempFile = new TempFile())
                {
                    // Initialze the file.

                    using (var writer = new StreamWriter(tempFile.Path))
                    {
                        foreach (var item in testSettings)
                        {
                            writer.WriteLine($"{item.Key}={item.Value}");
                        }
                    }

                    var passwordPath = Path.Combine(KubeHelper.PasswordsFolder, "test");

                    File.WriteAllText(passwordPath, password);

                    var vault = new NeonVault(KubeHelper.LookupPassword);

                    File.WriteAllBytes(tempFile.Path, vault.Encrypt(tempFile.Path, "test"));
                    Assert.True(NeonVault.IsEncrypted(tempFile.Path));

                    // Perform the test.

                    Assert.Null(TestContext.Current);

                    using (var testContext = new TestContext())
                    {
                        Assert.Same(testContext, TestContext.Current);

                        testContext.LoadSettings(tempFile.Path, KubeHelper.LookupPassword);

                        foreach (var item in testSettings)
                        {
                            Assert.Equal(item.Value, testContext.Settings[item.Key]);
                        }
                    }
                }
            }
        }
Пример #14
0
        public void StreamToBytes()
        {
            var vault     = new NeonVault(GetPassword);
            var encrypted = (byte[])null;

            using (var source = new MemoryStream(unencryptedBytes))
            {
                encrypted = vault.Encrypt(source, "password-1");
            }

            using (var source = new MemoryStream(encrypted))
            {
                var decrypted = vault.Decrypt(source);

                Assert.Equal(unencryptedBytes, decrypted);
            }
        }
Пример #15
0
        public void FileToBytes()
        {
            var vault     = new NeonVault(GetPassword);
            var encrypted = (byte[])null;

            using (var tempFolder = new TempFolder())
            {
                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                encrypted = vault.Encrypt(sourcePath, "password-1");

                using (var source = new MemoryStream(encrypted))
                {
                    var decrypted = vault.Decrypt(source);

                    Assert.Equal(unencryptedBytes, decrypted);
                }
            }
        }
Пример #16
0
        /// <inheritdoc/>
        public override async Task RunAsync(CommandLine commandLine)
        {
            if (commandLine.HasHelpOption)
            {
                Console.WriteLine(usage);
                Program.Exit(0);
            }

            var path = commandLine.Arguments.ElementAtOrDefault(0);

            if (string.IsNullOrEmpty(path))
            {
                Console.Error.WriteLine("*** ERROR: The PATH argument is required.");
                Program.Exit(1);
            }

            if (!NeonVault.IsEncrypted(path, out var passwordName))
            {
                Console.Error.WriteLine($"*** ERROR: The [{path}] file is not encrypted.");
                Program.Exit(1);
            }

            var vault    = new NeonVault(Program.LookupPassword);
            var fileName = Path.GetFileName(path);

            using (var tempFolder = new TempFolder())
            {
                var tempPath = Path.Combine(tempFolder.Path, fileName);

                // Decrypt the file to a secure temporary folder, launch the
                // editor and re-encrypt the file after the editor returns.

                vault.Decrypt(path, tempPath);
                NeonHelper.OpenEditor(tempPath);
                vault.Encrypt(tempPath, path, passwordName);
            }

            Program.Exit(0);
            await Task.CompletedTask;
        }
Пример #17
0
        public void BOM()
        {
            // Verify that [NeonVault] can ignore UTF-8 BOM markers.

            var vault = new NeonVault(GetPassword);

            using (var tempFolder = new TempFolder())
            {
                var sourcePath  = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath  = Path.Combine(tempFolder.Path, "target.txt");
                var target2Path = Path.Combine(tempFolder.Path, "target2.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var targetReader = new StreamReader(targetPath))
                {
                    using (var target2 = new FileStream(target2Path, FileMode.Create, FileAccess.ReadWrite))
                    {
                        // Write the BOM followed by the unmodified encrypted file lines.

                        target2.Write(new byte[] { 0xEF, 0xBB, 0xBF });  // The BOM

                        foreach (var line in targetReader.Lines())
                        {
                            target2.Write(Encoding.ASCII.GetBytes(line + "\r\n"));
                        }
                    }
                }

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }
            }
        }
Пример #18
0
        public void FileToFile()
        {
            var vault = new NeonVault(GetPassword);

            using (var tempFolder = new TempFolder())
            {
                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath = Path.Combine(tempFolder.Path, "target.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }

                Assert.False(NeonVault.IsEncrypted(sourcePath));
                Assert.True(NeonVault.IsEncrypted(targetPath));
            }
        }
Пример #19
0
        public void SwitchLineEndings()
        {
            // Verify that we can still decrypt en encrypted file after
            // changing the line endings from CRLF --> LF:

            var vault = new NeonVault(GetPassword, lineEnding: "\r\n");

            using (var tempFolder = new TempFolder())
            {
                var sourcePath  = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath  = Path.Combine(tempFolder.Path, "target.txt");
                var target2Path = Path.Combine(tempFolder.Path, "target2.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var targetReader = new StreamReader(targetPath))
                {
                    using (var target2Writer = new StreamWriter(target2Path))
                    {
                        foreach (var line in targetReader.Lines())
                        {
                            target2Writer.WriteLine(line + "\n");
                        }
                    }
                }

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }
            }

            // Verify that we can still decrypt en encrypted file after
            // changing the line endings from LF --> CRLF:

            vault = new NeonVault(GetPassword, lineEnding: "\n");

            using (var tempFolder = new TempFolder())
            {
                var sourcePath  = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath  = Path.Combine(tempFolder.Path, "target.txt");
                var target2Path = Path.Combine(tempFolder.Path, "target2.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var targetReader = new StreamReader(targetPath))
                {
                    using (var target2Writer = new StreamWriter(target2Path))
                    {
                        foreach (var line in targetReader.Lines())
                        {
                            target2Writer.WriteLine(line + "\r\n");
                        }
                    }
                }

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }
            }
        }
Пример #20
0
        public void BadHEX()
        {
            var vault = new NeonVault(GetPassword);

            using (var tempFolder = new TempFolder())
            {
                // Verify that an invalid character in the HEX part is detected.

                var sourcePath = Path.Combine(tempFolder.Path, "source.txt");
                var targetPath = Path.Combine(tempFolder.Path, "target.txt");

                File.WriteAllText(sourcePath, unencryptedText);

                vault.Encrypt(sourcePath, targetPath, "password-1");

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                {
                    var decrypted = vault.Decrypt(target);

                    Assert.Equal(unencryptedBytes, decrypted);
                }

                // Modify the last HEX digit to be the invalid HEX digit 'Z'.

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.ReadWrite))
                {
                    var encrypted = new byte[(int)target.Length];

                    target.Read(encrypted, 0, encrypted.Length);

                    encrypted[encrypted.Length - 1] = (byte)'Z';

                    target.Position = 0;
                    target.Write(encrypted);
                }

                Assert.Throws <CryptographicException>(
                    () =>
                {
                    using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                    {
                        var decrypted = vault.Decrypt(target);

                        Assert.Equal(unencryptedBytes, decrypted);
                    }
                });

                // Verify that an odd number of HEX digits is detected by removing
                // the last character of the file.

                using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.ReadWrite))
                {
                    var encrypted = new byte[(int)target.Length];

                    target.Read(encrypted, 0, encrypted.Length);

                    target.Position = 0;
                    target.Write(encrypted, 0, encrypted.Length - 1);
                }

                Assert.Throws <CryptographicException>(
                    () =>
                {
                    using (var target = new FileStream(targetPath, FileMode.Open, FileAccess.Read))
                    {
                        var decrypted = vault.Decrypt(target);

                        Assert.Equal(unencryptedBytes, decrypted);
                    }
                });
            }
        }
Пример #21
0
        /// <inheritdoc/>
        public override void Run(CommandLine commandLine)
        {
            if (commandLine.HasHelpOption)
            {
                Console.WriteLine(usage);
                Program.Exit(0);
            }

            var sourcePath   = commandLine.Arguments.ElementAtOrDefault(0);
            var targetPath   = commandLine.Arguments.ElementAtOrDefault(1);
            var passwordName = commandLine.Arguments.ElementAtOrDefault(2);
            var inPlace      = false;

            if (string.IsNullOrEmpty(sourcePath))
            {
                Console.Error.WriteLine("*** ERROR: The PATH argument is required.");
                Program.Exit(1);
            }

            if (string.IsNullOrEmpty(targetPath))
            {
                targetPath = sourcePath;
                inPlace    = true;
            }

            if (string.IsNullOrEmpty(targetPath) || string.IsNullOrEmpty(passwordName))
            {
                passwordName = commandLine.GetOption("--password-name");

                if (passwordName != null && string.IsNullOrWhiteSpace(passwordName))
                {
                    Console.Error.WriteLine("*** ERROR: [--password-name] specifies a blank password.");
                    Program.Exit(1);
                }

                if (passwordName == null)
                {
                    passwordName = commandLine.GetOption("-p");

                    if (passwordName != null && string.IsNullOrWhiteSpace(passwordName))
                    {
                        Console.Error.WriteLine("*** ERROR: [-p] specifies a blank password.");
                        Program.Exit(1);
                    }
                }
            }

            if (NeonVault.IsEncrypted(sourcePath))
            {
                Console.Error.WriteLine($"*** ERROR: The [{sourcePath}] file is already encrypted.");
                Program.Exit(1);
            }

            if (string.IsNullOrEmpty(passwordName))
            {
                passwordName = Program.GetDefaultPasswordName(targetPath);
            }

            if (string.IsNullOrEmpty(passwordName))
            {
                Console.Error.WriteLine("*** ERROR: A PASSWORD-NAME argument or [.password-name] file is required.");
                Program.Exit(1);
            }

            var vault = new NeonVault(Program.LookupPassword);

            if (inPlace)
            {
                // For in-place encryption, we'll first copy the file to
                // a secure folder and then encrypt from there to overwrite
                // the original file.

                using (var tempFile = new TempFile())
                {
                    File.Copy(sourcePath, tempFile.Path);
                    vault.Encrypt(tempFile.Path, sourcePath, passwordName);
                }
            }
            else
            {
                // Otherwise, we can simply encrypt from the source to the target.

                vault.Encrypt(sourcePath, targetPath, passwordName);
            }

            Program.Exit(0);
        }
Пример #22
0
        public async Task ReadVariables_Ecrypted()
        {
            var orgDirectory = Environment.CurrentDirectory;

            try
            {
                using (var testManager = new KubeTestManager())
                {
                    using (var runner = new ProgramRunner())
                    {
                        using (var tempFolder = new TempFolder())
                        {
                            Environment.CurrentDirectory = tempFolder.Path;

                            var vault = new NeonVault(Program.LookupPassword);

                            // Create a test password and a [.password-name] file in the
                            // temp test folder.

                            var result = await runner.ExecuteAsync(Program.Main, "tool", "password", "set", "test");

                            Assert.Equal(0, result.ExitCode);

                            File.WriteAllText(".password-name", "test");

                            //-------------------------------------------------
                            // Verify that we can read settings from a couple of
                            // ENCRYPTED variable files.

                            File.WriteAllText("test.cmd", "echo %* > output.txt");

                            File.WriteAllText("var1.txt",
                                              @"# This is a comment.

TEST_A=A-VALUE
TEST_B=B-VALUE
");
                            File.WriteAllBytes("var1.txt", vault.Encrypt("var1.txt", "test"));
                            Assert.True(NeonVault.IsEncrypted("var1.txt"));

                            File.WriteAllText("var2.txt",
                                              @"# This is a comment.

TEST_C=C-VALUE
TEST_D=D-VALUE
");
                            File.WriteAllBytes("var2.txt", vault.Encrypt("var2.txt", "test"));
                            Assert.True(NeonVault.IsEncrypted("var2.txt"));

                            result = await runner.ExecuteAsync(Program.Main, "tool", "run", "var1.txt", "var2.txt", "--", "test.cmd", "_.TEST_A", "_.TEST_B", "_.TEST_C", "_.TEST_D");

                            Assert.Equal(0, result.ExitCode);

                            var output = File.ReadAllText("output.txt");

                            Assert.Contains("A-VALUE", output);
                            Assert.Contains("B-VALUE", output);
                            Assert.Contains("C-VALUE", output);
                            Assert.Contains("D-VALUE", output);
                            File.Delete("output.txt");
                            File.Delete("var1.txt");
                            File.Delete("var2.txt");
                        }
                    }
                }
            }
            finally
            {
                Environment.CurrentDirectory = orgDirectory;
            }
        }
Пример #23
0
        public async Task DecryptFile()
        {
            var orgDirectory = Environment.CurrentDirectory;

            try
            {
                using (var testManager = new KubeTestManager())
                {
                    using (var runner = new ProgramRunner())
                    {
                        using (var tempFolder = new TempFolder())
                        {
                            Environment.CurrentDirectory = tempFolder.Path;

                            var vault = new NeonVault(Program.LookupPassword);

                            // Create a test password and a [.password-name] file in the
                            // temp test folder.

                            var result = await runner.ExecuteAsync(Program.Main, "tool", "password", "set", "test");

                            Assert.Equal(0, result.ExitCode);

                            //-------------------------------------------------
                            // Verify that we can decrypt a file.

                            File.WriteAllText("test.cmd", "type %1 > output.txt");

                            const string plainText = "The quick brown fox jumped over the lazy dog.";

                            File.WriteAllText("file.txt", plainText);
                            File.WriteAllBytes("file.txt", vault.Encrypt("file.txt", "test"));
                            Assert.True(NeonVault.IsEncrypted("file.txt"));

                            result = await runner.ExecuteAsync(Program.Main, "tool", "run", "--", "test.cmd", "_...file.txt");

                            Assert.Equal(0, result.ExitCode);

                            var output = File.ReadAllText("output.txt");

                            Assert.Contains(plainText, output);
                            File.Delete("output.txt");
                            File.Delete("file.txt");

                            //-------------------------------------------------
                            // Try this again calling a command directly (batch files seem to have different behavior).

                            File.WriteAllText("type", "%1");

                            File.WriteAllText("file.txt", plainText);
                            File.WriteAllBytes("file.txt", vault.Encrypt("file.txt", "test"));
                            Assert.True(NeonVault.IsEncrypted("file.txt"));

                            result = await runner.ExecuteAsync(Program.Main, "tool", "run", "--", "cat", "_...file.txt");

                            Assert.Equal(0, result.ExitCode);

                            Assert.Contains(plainText, result.OutputText);
                            File.Delete("output.txt");
                            File.Delete("file.txt");
                        }
                    }
                }
            }
            finally
            {
                Environment.CurrentDirectory = orgDirectory;
            }
        }