public void simple_crypt_test() { var c = KeyVault.EncryptValuesToString(ReferenceDictionary, "A passphrase"); var read = KeyVault.DecryptValues(c, "A passphrase"); read.Should().BeEquivalentTo(ReferenceDictionary); }
public void read_previous_version(int version) { var fName = PreviousVersionsFolder.AppendPart($"Version{version}.txt"); var read = KeyVault.DecryptValues(File.ReadAllText(fName), "A passphrase"); read.Should().BeEquivalentTo(ReferenceDictionary); }
public void ApplySettings(IActivityMonitor m) { if (!_f.EnsureDirectory(m)) { return; } var s = _driver.GetSolution(m, allowInvalidSolution: true); if (s == null) { return; } if (_driver.BuildRequiredSecrets.Count == 0) { m.Warn("No build secrets collected for this solution. Skipping KeyVault configuration."); return; } var passPhrase = _secretStore.GetSecretKey(m, SolutionDriver.CODECAKEBUILDER_SECRET_KEY, true); // Opens the actual current vault: if more secrets are defined we keep them. Dictionary <string, string> current = KeyVault.DecryptValues(TextContent, passPhrase); current.Clear(); // The central CICDKeyVault is protected with the same CODECAKEBUILDER_SECRET_KEY secret. Dictionary <string, string> centralized = KeyVault.DecryptValues(_sharedState.CICDKeyVault, passPhrase); bool complete = true; foreach (var name in _driver.BuildRequiredSecrets.Select(x => x.SecretKeyName)) { if (!centralized.TryGetValue(name, out var secret)) { m.Error($"Missing required build secret '{name}' in central CICDKeyVault. It must be added."); complete = false; } else { current[name] = secret; } } if (complete) { Updating?.Invoke(this, new CodeCakeBuilderKeyVaultUpdatingArgs(m, _solutionSpec, s, current)); string result = KeyVault.EncryptValuesToString(current, passPhrase); CreateOrUpdate(m, result); } }
/// <summary> /// Opens the key vault. /// </summary> /// <param name="m">The monitor to use.</param> /// <param name="passPhrase">The key vault pass phrase.</param> /// <returns>True on success.</returns> public bool OpenKeyVault(IActivityMonitor m, string passPhrase) { if (!CheckPassPhraseConstraints(m, passPhrase)) { return(false); } if (_passPhrase != null) { m.Info($"Key Vault is already opened."); return(true); } if (KeyVaultFileExists) { try { var keys = KeyVault.DecryptValues(File.ReadAllText(KeyVaultPath), passPhrase); m.OpenInfo($"Opening existing Key Vault with keys: {keys.Keys.Concatenate()}."); _store.ImportSecretKeys(m, keys); _passPhrase = passPhrase; _vaultContent.Clear(); _vaultContent.AddRange(keys); } catch (Exception ex) { m.Error("Unable to open the key vault.", ex); return(false); } } else { _passPhrase = passPhrase; m.OpenInfo($"New Key Vault opened."); } if (_store.Infos.Any(s => !s.IsSecretAvailable)) { using (m.OpenWarn($"Missing secrets:")) { foreach (var s in _store.Infos.Where(s => !s.IsSecretAvailable)) { m.Warn(s.ToString()); } } } m.CloseGroup(); return(true); }
public void simple_crypt_test() { var vals = new Dictionary <string, string> { { "A", "a1" }, { "Hello", "world" }, { "Hi", null }, { "Hi2", "" }, { "It", @"Works! well.." } }; var c = KeyVault.EncryptValuesToString(vals, "A passphrase"); var vals2 = KeyVault.DecryptValues(c, "A passphrase"); vals2.Should().BeEquivalentTo(vals); Assert.Throws <System.Security.Cryptography.CryptographicException>( () => KeyVault.DecryptValues(c, "bad password")); }
public void keys_can_be_removed() { var vals = new Dictionary <string, string> { { "ThisKeyWillBeRemoved", "qsmlk" }, { "Hello", "world" }, { "Hi", null }, { "ThisWillAlsoBeRemoved", "this value will not be here." }, { "It", @"Works! well.." } }; var c = KeyVault.EncryptValuesToString(vals, "A passphrase"); c = c.Replace("ThisKeyWillBeRemoved", "") .Replace("ThisWillAlsoBeRemoved", ""); var vals2 = KeyVault.DecryptValues(c, "A passphrase"); vals.Remove("ThisKeyWillBeRemoved"); vals.Remove("ThisWillAlsoBeRemoved"); vals2.Should().BeEquivalentTo(vals); }
public void keys_can_be_removed() { var vals = new Dictionary <string, string> { { "ThisKeyWillBeRemoved", "qsmlk" }, { "Hello", "world" }, { "Hi", null }, { "ThisWillAlsoBeRemoved", "this value will not be here." }, { "It", @"Works! well.." } }; // We remove the keys from the text crypted file (by emptying the declaration lines). var c = KeyVault.EncryptValuesToString(vals, "A passphrase"); c = c.Replace("ThisKeyWillBeRemoved", "") .Replace("ThisWillAlsoBeRemoved", ""); // Removing the keys from the initial dictionary: vals.Remove("ThisKeyWillBeRemoved"); vals.Remove("ThisWillAlsoBeRemoved"); // Decryption doesn't return these removed lines! var vals2 = KeyVault.DecryptValues(c, "A passphrase"); vals2.Should().BeEquivalentTo(vals); }
public void bad_password_throws_an_InvalidDataException() { var c = KeyVault.EncryptValuesToString(ReferenceDictionary, "A passphrase"); Assert.Throws <InvalidDataException>(() => KeyVault.DecryptValues(c, "bad password")); }
public void ApplySettings(IActivityMonitor m) { if (!this.CheckCurrentBranch(m)) { return; } YamlMapping firstMapping = GetFirstMapping(m, true); if (firstMapping == null) { return; } var solution = _driver.GetSolution(m, allowInvalidSolution: true); if (solution == null) { return; } // We don't use AppVeyor for private repositories. if (!GitFolder.IsPublic) { if (TextContent != null) { m.Log(LogLevel.Info, "The project is private, so we don't use Appveyor and the Appveyor.yml is not needed."); Delete(m); } return; } // We currently always use AppVeyor when the repository is public. YamlMapping env = FindOrCreateYamlElement(m, firstMapping, "environment"); if (env == null) { return; } var passphrase = _keyStore.GetSecretKey(m, SolutionDriver.CODECAKEBUILDER_SECRET_KEY, false); if (passphrase != null) { var central = KeyVault.DecryptValues(_sharedState.CICDKeyVault, passphrase); if (central.TryGetValue(APPVEYOR_ENCRYPTED_CODECAKEBUILDER_SECRET_KEY, out var appveyorSecure)) { env[SolutionDriver.CODECAKEBUILDER_SECRET_KEY] = CreateKeyValue("secure", appveyorSecure); } else { m.Warn($"Update of {SolutionDriver.CODECAKEBUILDER_SECRET_KEY} encrypted secure key has been skipped: {APPVEYOR_ENCRYPTED_CODECAKEBUILDER_SECRET_KEY} key should be defined in CICDKeyVault."); } } else { m.Info($"Update of {SolutionDriver.CODECAKEBUILDER_SECRET_KEY} encrypted secure skipped."); } // Remove obsolete environment variables definitions. env.Remove("NUGET_API_KEY"); env.Remove("MYGET_RELEASE_API_KEY"); env.Remove("MYGET_PREVIEW_API_KEY"); env.Remove("MYGET_CI_API_KEY"); env.Remove("CK_DB_TEST_MASTER_CONNECTION_STRING"); env.Remove("AZURE_FEED_SIGNATURE_OPENSOURCE_PAT"); env.Remove("AZURE_FEED_PAT"); env.Remove("VSS_NUGET_EXTERNAL_FEED_ENDPOINTS"); if (_solutionSpec.SqlServer != null) { env["SqlServer/MasterConnectionString"] = new YamlValue($"Server=(local)\\SQL{_solutionSpec.SqlServer.ToUpperInvariant()};Database=master;User ID=sa;Password=Password12!"); } // firstMapping.Remove(new YamlValue("init")); if (_solutionSpec.SqlServer != null) { firstMapping["services"] = new YamlValue("mssql" + _solutionSpec.SqlServer.ToLowerInvariant()); } var install = new YamlSequence(); // Temporary: installs the 6.9.0 of npm. if (solution.GeneratedArtifacts.Any(g => g.Artifact.Type.Name == "NPM")) { install.Add(CreateKeyValue("cmd", "npm install -g [email protected]")); install.Add(CreateKeyValue("ps", "Install-Product node 12")); } firstMapping["install"] = install; firstMapping["version"] = new YamlValue("build{build}"); firstMapping["image"] = new YamlValue("Visual Studio 2019"); firstMapping["clone_folder"] = new YamlValue("C:\\CKli-World\\" + GitFolder.SubPath.Path.Replace('/', '\\')); EnsureDefaultBranches(firstMapping); SetSequence(firstMapping, "build_script", new YamlValue("dotnet run --project CodeCakeBuilder -nointeraction")); firstMapping["test"] = new YamlValue("off"); firstMapping["artifacts"] = new YamlSequence() { new YamlMapping() { ["path"] = new YamlValue(@"'**\*.log'"), ["name"] = new YamlValue("Log file") }, new YamlMapping() { ["path"] = new YamlValue(@"'**\*.trx'"), ["name"] = new YamlValue("Visual studio test results file") }, new YamlMapping() { ["path"] = new YamlValue(@"'**\Tests\**\TestResult*.xml'"), ["name"] = new YamlValue("NUnit tests result files") }, new YamlMapping() { ["path"] = new YamlValue(@"'**Tests\**\Logs\**\*'"), ["name"] = new YamlValue("Log files") } }; CreateOrUpdate(m, YamlMappingToString(m)); }