public void simple_crypt_test()
{
var c = KeyVault.EncryptValuesToString(ReferenceDictionary, "A passphrase");
var read = KeyVault.DecryptValues(c, "A passphrase");
read.Should().BeEquivalentTo(ReferenceDictionary);
}
public void invalid_keys(string k)
{
var vals = new Dictionary <string, string> {
{ "A", "a1" },
{ k, "a2" }
};
Assert.Throws <ArgumentException>(() => KeyVault.EncryptValuesToString(vals, "A passphrase"));
}
void DoSaveKeyVault(IActivityMonitor m)
{
foreach (var e in _store.OptimalAvailableInfos)
{
_vaultContent[e.Name] = e.Secret;
}
m?.Info($"Saved Key Vault with keys: {_vaultContent.Keys.Concatenate()}.");
File.WriteAllText(KeyVaultPath, KeyVault.EncryptValuesToString(_vaultContent, _passPhrase));
}
public void ApplySettings(IActivityMonitor m)
{
if (!_f.EnsureDirectory(m))
{
return;
}
var s = _driver.GetSolution(m, allowInvalidSolution: true);
if (s == null)
{
return;
}
if (_driver.BuildRequiredSecrets.Count == 0)
{
m.Warn("No build secrets collected for this solution. Skipping KeyVault configuration.");
return;
}
var passPhrase = _secretStore.GetSecretKey(m, SolutionDriver.CODECAKEBUILDER_SECRET_KEY, true);
// Opens the actual current vault: if more secrets are defined we keep them.
Dictionary <string, string> current = KeyVault.DecryptValues(TextContent, passPhrase);
current.Clear();
// The central CICDKeyVault is protected with the same CODECAKEBUILDER_SECRET_KEY secret.
Dictionary <string, string> centralized = KeyVault.DecryptValues(_sharedState.CICDKeyVault, passPhrase);
bool complete = true;
foreach (var name in _driver.BuildRequiredSecrets.Select(x => x.SecretKeyName))
{
if (!centralized.TryGetValue(name, out var secret))
{
m.Error($"Missing required build secret '{name}' in central CICDKeyVault. It must be added.");
complete = false;
}
else
{
current[name] = secret;
}
}
if (complete)
{
Updating?.Invoke(this, new CodeCakeBuilderKeyVaultUpdatingArgs(m, _solutionSpec, s, current));
string result = KeyVault.EncryptValuesToString(current, passPhrase);
CreateOrUpdate(m, result);
}
}
public void simple_crypt_test()
{
var vals = new Dictionary <string, string> {
{ "A", "a1" },
{ "Hello", "world" },
{ "Hi", null },
{ "Hi2", "" },
{ "It", @"Works!
well.." }
};
var c = KeyVault.EncryptValuesToString(vals, "A passphrase");
var vals2 = KeyVault.DecryptValues(c, "A passphrase");
vals2.Should().BeEquivalentTo(vals);
Assert.Throws <System.Security.Cryptography.CryptographicException>(
() => KeyVault.DecryptValues(c, "bad password"));
}
public void keys_can_be_removed()
{
var vals = new Dictionary <string, string> {
{ "ThisKeyWillBeRemoved", "qsmlk" },
{ "Hello", "world" },
{ "Hi", null },
{ "ThisWillAlsoBeRemoved", "this value will not be here." },
{ "It", @"Works!
well.." }
};
var c = KeyVault.EncryptValuesToString(vals, "A passphrase");
c = c.Replace("ThisKeyWillBeRemoved", "")
.Replace("ThisWillAlsoBeRemoved", "");
var vals2 = KeyVault.DecryptValues(c, "A passphrase");
vals.Remove("ThisKeyWillBeRemoved");
vals.Remove("ThisWillAlsoBeRemoved");
vals2.Should().BeEquivalentTo(vals);
}
public void keys_can_be_removed()
{
var vals = new Dictionary <string, string> {
{ "ThisKeyWillBeRemoved", "qsmlk" },
{ "Hello", "world" },
{ "Hi", null },
{ "ThisWillAlsoBeRemoved", "this value will not be here." },
{ "It", @"Works! well.." }
};
// We remove the keys from the text crypted file (by emptying the declaration lines).
var c = KeyVault.EncryptValuesToString(vals, "A passphrase");
c = c.Replace("ThisKeyWillBeRemoved", "")
.Replace("ThisWillAlsoBeRemoved", "");
// Removing the keys from the initial dictionary:
vals.Remove("ThisKeyWillBeRemoved");
vals.Remove("ThisWillAlsoBeRemoved");
// Decryption doesn't return these removed lines!
var vals2 = KeyVault.DecryptValues(c, "A passphrase");
vals2.Should().BeEquivalentTo(vals);
}
public void bad_password_throws_an_InvalidDataException()
{
var c = KeyVault.EncryptValuesToString(ReferenceDictionary, "A passphrase");
Assert.Throws <InvalidDataException>(() => KeyVault.DecryptValues(c, "bad password"));
}
