use of com.thoughtworks.go.security.CipherProvider in project gocd by gocd.
the class BackupServiceIntegrationTest method shouldPerformConfigBackupForAllConfigFiles.
@Test
public void shouldPerformConfigBackupForAllConfigFiles() throws Exception {
try {
HttpLocalizedOperationResult result = new HttpLocalizedOperationResult();
createConfigFile("foo", "foo_foo");
createConfigFile("bar", "bar_bar");
createConfigFile("baz", "hazar_bar");
createConfigFile("hello/world/file", "hello world!");
createConfigFile("some_dir/cruise-config.xml", "some-other-cruise-config");
createConfigFile("some_dir/cipher", "some-cipher");
backupService.startBackup(admin, result);
assertThat(result.isSuccessful(), is(true));
assertThat(result.message(localizer), is("Backup completed successfully."));
File configZip = backedUpFile("config-dir.zip");
assertThat(fileContents(configZip, "foo"), is("foo_foo"));
assertThat(fileContents(configZip, "bar"), is("bar_bar"));
assertThat(fileContents(configZip, "baz"), is("hazar_bar"));
assertThat(fileContents(configZip, FilenameUtils.separatorsToSystem("hello/world/file")), is("hello world!"));
assertThat(fileContents(configZip, FilenameUtils.separatorsToSystem("some_dir/cruise-config.xml")), is("some-other-cruise-config"));
assertThat(fileContents(configZip, FilenameUtils.separatorsToSystem("some_dir/cipher")), is("some-cipher"));
assertThat(fileContents(configZip, "cruise-config.xml"), is(goConfigService.xml()));
byte[] realCipher = (byte[]) ReflectionUtil.invoke(new CipherProvider(systemEnvironment), "getKey");
assertThat(fileContents(configZip, "cipher").getBytes(), is(realCipher));
} finally {
deleteConfigFileIfExists("foo", "bar", "baz", "hello", "some_dir");
}
}
use of com.thoughtworks.go.security.CipherProvider in project gocd by gocd.
the class BackupServiceH2IntegrationTest method setUp.
@Before
public void setUp() throws Exception {
configHelper.onSetUp();
dbHelper.onSetUp();
admin = new Username(new CaseInsensitiveString("admin"));
configHelper.addSecurityWithPasswordFile();
configHelper.addAdmins(CaseInsensitiveString.str(admin.getUsername()));
goConfigDao.forceReload();
backupsDirectory = new File(artifactsDirHolder.getArtifactsDir(), ServerConfig.SERVER_BACKUPS);
FileUtils.deleteQuietly(backupsDirectory);
tempFiles = new TempFiles();
originalCipher = new CipherProvider(systemEnvironment).getKey();
FileUtil.writeContentToFile("invalid crapy config", new File(systemEnvironment.getConfigDir(), "cruise-config.xml"));
FileUtil.writeContentToFile("invalid crapy cipher", new File(systemEnvironment.getConfigDir(), "cipher"));
}
use of com.thoughtworks.go.security.CipherProvider in project gocd by gocd.
the class DirectoryStructureWalker method backupConfig.
private void backupConfig(File backupDir) throws IOException {
String configDirectory = systemEnvironment.getConfigDir();
try (ZipOutputStream configZip = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(new File(backupDir, CONFIG_BACKUP_ZIP))))) {
File cruiseConfigFile = new File(systemEnvironment.getCruiseConfigFile());
File cipherFile = systemEnvironment.getCipherFile();
new DirectoryStructureWalker(configDirectory, configZip, cruiseConfigFile, cipherFile).walk();
configZip.putNextEntry(new ZipEntry(cruiseConfigFile.getName()));
IOUtils.write(goConfigService.xml(), configZip);
configZip.putNextEntry(new ZipEntry(cipherFile.getName()));
IOUtils.write(new CipherProvider(systemEnvironment).getKey(), configZip);
}
}
use of com.thoughtworks.go.security.CipherProvider in project gocd by gocd.
the class ConfigCipherUpdater method migrate.
public void migrate() {
File cipherFile = systemEnvironment.getCipherFile();
String timestamp = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(timeProvider.currentTime());
File backupCipherFile = new File(systemEnvironment.getConfigDir(), "cipher.original." + timestamp);
File configFile = new File(systemEnvironment.getCruiseConfigFile());
File backupConfigFile = new File(configFile.getParentFile(), configFile.getName() + ".original." + timestamp);
try {
if (!cipherFile.exists() || !FileUtils.readFileToString(cipherFile).equals(FLAWED_VALUE)) {
return;
}
LOGGER.info("Found unsafe cipher {} on server, Go will make an attempt to rekey", FLAWED_VALUE);
FileUtils.copyFile(cipherFile, backupCipherFile);
LOGGER.info("Old cipher was successfully backed up to {}", backupCipherFile.getAbsoluteFile());
FileUtils.copyFile(configFile, backupConfigFile);
LOGGER.info("Old config was successfully backed up to {}", backupConfigFile.getAbsoluteFile());
byte[] oldCipher = FileUtils.readFileToByteArray(backupCipherFile);
new CipherProvider(systemEnvironment).resetCipher();
byte[] newCipher = FileUtils.readFileToByteArray(cipherFile);
if (new String(newCipher).equals(new String(oldCipher))) {
LOGGER.warn("Unable to generate a new safe cipher. Your cipher is unsafe.");
FileUtils.deleteQuietly(backupCipherFile);
FileUtils.deleteQuietly(backupConfigFile);
return;
}
Document document = new SAXBuilder().build(configFile);
List<String> encryptedAttributes = Arrays.asList("encryptedPassword", "encryptedManagerPassword");
List<String> encryptedNodes = Arrays.asList("encryptedValue");
XPathFactory xPathFactory = XPathFactory.instance();
for (String attributeName : encryptedAttributes) {
XPathExpression<Element> xpathExpression = xPathFactory.compile(String.format("//*[@%s]", attributeName), Filters.element());
List<Element> encryptedPasswordElements = xpathExpression.evaluate(document);
for (Element element : encryptedPasswordElements) {
Attribute encryptedPassword = element.getAttribute(attributeName);
encryptedPassword.setValue(reEncryptUsingNewKey(oldCipher, newCipher, encryptedPassword.getValue()));
LOGGER.debug("Replaced encrypted value at {}", element.toString());
}
}
for (String nodeName : encryptedNodes) {
XPathExpression<Element> xpathExpression = xPathFactory.compile(String.format("//%s", nodeName), Filters.element());
List<Element> encryptedNode = xpathExpression.evaluate(document);
for (Element element : encryptedNode) {
element.setText(reEncryptUsingNewKey(oldCipher, newCipher, element.getValue()));
LOGGER.debug("Replaced encrypted value at {}", element.toString());
}
}
try (FileOutputStream fileOutputStream = new FileOutputStream(configFile)) {
XmlUtils.writeXml(document, fileOutputStream);
}
LOGGER.info("Successfully re-encrypted config");
} catch (Exception e) {
LOGGER.error("Re-keying of cipher failed with error: [{}]", e.getMessage(), e);
if (backupCipherFile.exists()) {
try {
FileUtils.copyFile(backupCipherFile, cipherFile);
} catch (IOException e1) {
LOGGER.error("Could not replace the cipher file [{}] with original one [{}], please do so manually. Error: [{}]", cipherFile.getAbsolutePath(), backupCipherFile.getAbsolutePath(), e.getMessage(), e);
bomb(e1);
}
}
}
}
use of com.thoughtworks.go.security.CipherProvider in project gocd by gocd.
the class BackupServiceIntegrationTest method setUp.
@Before
public void setUp() throws Exception {
configHelper.onSetUp();
dbHelper.onSetUp();
admin = new Username(new CaseInsensitiveString("admin"));
configHelper.addSecurityWithPasswordFile();
configHelper.addAdmins(CaseInsensitiveString.str(admin.getUsername()));
goConfigDao.forceReload();
backupsDirectory = new File(artifactsDirHolder.getArtifactsDir(), ServerConfig.SERVER_BACKUPS);
cleanupBackups();
tempFiles = new TempFiles();
originalCipher = new CipherProvider(systemEnvironment).getKey();
FileUtil.writeContentToFile("invalid crapy config", new File(systemEnvironment.getConfigDir(), "cruise-config.xml"));
FileUtil.writeContentToFile("invalid crapy cipher", new File(systemEnvironment.getConfigDir(), "cipher"));
}
Aggregations